From 8017172d5cd16235bd818ef1138b0e0f987f3b98 Mon Sep 17 00:00:00 2001 From: charile_Lu Date: Wed, 22 Jul 2020 15:09:49 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=B2=A1=E6=9C=89?= =?UTF-8?q?=E6=94=B9=E5=90=8D=E7=9A=84fine-bcprov-old=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fine-bcprov-old/.gitignore | 6 - fine-bcprov-old/README.md | 3 - fine-bcprov-old/pom.xml | 25 - .../main/java/org/bouncycastle/LICENSE.java | 63 - .../asn1/ASN1ApplicationSpecificParser.java | 10 - .../org/bouncycastle/asn1/ASN1Boolean.java | 15 - .../org/bouncycastle/asn1/ASN1Choice.java | 14 - .../org/bouncycastle/asn1/ASN1Encodable.java | 102 - .../asn1/ASN1EncodableVector.java | 32 - .../org/bouncycastle/asn1/ASN1Enumerated.java | 22 - .../org/bouncycastle/asn1/ASN1Exception.java | 25 - .../asn1/ASN1GeneralizedTime.java | 22 - .../org/bouncycastle/asn1/ASN1Generator.java | 15 - .../bouncycastle/asn1/ASN1InputStream.java | 401 --- .../org/bouncycastle/asn1/ASN1Integer.java | 22 - .../java/org/bouncycastle/asn1/ASN1Null.java | 38 - .../org/bouncycastle/asn1/ASN1Object.java | 45 - .../asn1/ASN1ObjectIdentifier.java | 26 - .../bouncycastle/asn1/ASN1OctetString.java | 135 - .../asn1/ASN1OctetStringParser.java | 9 - .../bouncycastle/asn1/ASN1OutputStream.java | 36 - .../asn1/ASN1ParsingException.java | 23 - .../org/bouncycastle/asn1/ASN1Sequence.java | 247 -- .../bouncycastle/asn1/ASN1SequenceParser.java | 10 - .../java/org/bouncycastle/asn1/ASN1Set.java | 345 --- .../org/bouncycastle/asn1/ASN1SetParser.java | 10 - .../bouncycastle/asn1/ASN1StreamParser.java | 245 -- .../org/bouncycastle/asn1/ASN1String.java | 6 - .../bouncycastle/asn1/ASN1TaggedObject.java | 215 -- .../asn1/ASN1TaggedObjectParser.java | 12 - .../org/bouncycastle/asn1/ASN1UTCTime.java | 22 - .../asn1/BERApplicationSpecific.java | 10 - .../asn1/BERApplicationSpecificParser.java | 41 - .../asn1/BERConstructedOctetString.java | 157 - .../org/bouncycastle/asn1/BERFactory.java | 22 - .../org/bouncycastle/asn1/BERGenerator.java | 100 - .../java/org/bouncycastle/asn1/BERNull.java | 30 - .../asn1/BEROctetStringGenerator.java | 102 - .../asn1/BEROctetStringParser.java | 41 - .../bouncycastle/asn1/BEROutputStream.java | 36 - .../org/bouncycastle/asn1/BERSequence.java | 59 - .../asn1/BERSequenceGenerator.java | 41 - .../bouncycastle/asn1/BERSequenceParser.java | 38 - .../java/org/bouncycastle/asn1/BERSet.java | 69 - .../org/bouncycastle/asn1/BERSetParser.java | 38 - .../bouncycastle/asn1/BERTaggedObject.java | 107 - .../asn1/BERTaggedObjectParser.java | 78 - .../asn1/ConstructedOctetStream.java | 111 - .../asn1/DERApplicationSpecific.java | 225 -- .../org/bouncycastle/asn1/DERBMPString.java | 125 - .../org/bouncycastle/asn1/DERBitString.java | 277 -- .../org/bouncycastle/asn1/DERBoolean.java | 117 - .../org/bouncycastle/asn1/DEREncodable.java | 6 - .../bouncycastle/asn1/DEREncodableVector.java | 38 - .../org/bouncycastle/asn1/DEREnumerated.java | 101 - .../org/bouncycastle/asn1/DERExternal.java | 283 -- .../bouncycastle/asn1/DERExternalParser.java | 52 - .../org/bouncycastle/asn1/DERFactory.java | 22 - .../bouncycastle/asn1/DERGeneralString.java | 94 - .../bouncycastle/asn1/DERGeneralizedTime.java | 329 --- .../org/bouncycastle/asn1/DERGenerator.java | 119 - .../org/bouncycastle/asn1/DERIA5String.java | 173 -- .../org/bouncycastle/asn1/DERInteger.java | 122 - .../java/org/bouncycastle/asn1/DERNull.java | 25 - .../bouncycastle/asn1/DERNumericString.java | 176 -- .../java/org/bouncycastle/asn1/DERObject.java | 20 - .../asn1/DERObjectIdentifier.java | 268 -- .../org/bouncycastle/asn1/DEROctetString.java | 37 - .../asn1/DEROctetStringParser.java | 39 - .../bouncycastle/asn1/DEROutputStream.java | 134 - .../bouncycastle/asn1/DERPrintableString.java | 203 -- .../org/bouncycastle/asn1/DERSequence.java | 80 - .../asn1/DERSequenceGenerator.java | 45 - .../bouncycastle/asn1/DERSequenceParser.java | 38 - .../java/org/bouncycastle/asn1/DERSet.java | 100 - .../org/bouncycastle/asn1/DERSetParser.java | 38 - .../java/org/bouncycastle/asn1/DERString.java | 10 - .../org/bouncycastle/asn1/DERT61String.java | 125 - .../bouncycastle/asn1/DERTaggedObject.java | 85 - .../java/org/bouncycastle/asn1/DERTags.java | 36 - .../org/bouncycastle/asn1/DERUTCTime.java | 258 -- .../org/bouncycastle/asn1/DERUTF8String.java | 115 - .../bouncycastle/asn1/DERUniversalString.java | 124 - .../org/bouncycastle/asn1/DERUnknownTag.java | 79 - .../bouncycastle/asn1/DERVisibleString.java | 126 - .../asn1/DefiniteLengthInputStream.java | 105 - .../asn1/InMemoryRepresentable.java | 9 - .../asn1/IndefiniteLengthInputStream.java | 111 - .../asn1/LazyDERConstructionEnumeration.java | 43 - .../bouncycastle/asn1/LazyDERSequence.java | 75 - .../bouncycastle/asn1/LimitedInputStream.java | 32 - .../org/bouncycastle/asn1/OIDTokenizer.java | 48 - .../asn1/bc/BCObjectIdentifiers.java | 51 - .../asn1/cmp/CAKeyUpdAnnContent.java | 73 - .../bouncycastle/asn1/cmp/CMPCertificate.java | 92 - .../asn1/cmp/CMPObjectIdentifiers.java | 106 - .../bouncycastle/asn1/cmp/CRLAnnContent.java | 55 - .../asn1/cmp/CertConfirmContent.java | 54 - .../bouncycastle/asn1/cmp/CertOrEncCert.java | 96 - .../bouncycastle/asn1/cmp/CertRepMessage.java | 123 - .../bouncycastle/asn1/cmp/CertResponse.java | 139 - .../org/bouncycastle/asn1/cmp/CertStatus.java | 102 - .../asn1/cmp/CertifiedKeyPair.java | 127 - .../org/bouncycastle/asn1/cmp/Challenge.java | 96 - .../asn1/cmp/ErrorMsgContent.java | 120 - .../bouncycastle/asn1/cmp/GenMsgContent.java | 71 - .../bouncycastle/asn1/cmp/GenRepContent.java | 71 - .../asn1/cmp/InfoTypeAndValue.java | 131 - .../asn1/cmp/KeyRecRepContent.java | 141 - .../bouncycastle/asn1/cmp/OOBCertHash.java | 99 - .../bouncycastle/asn1/cmp/PBMParameter.java | 117 - .../org/bouncycastle/asn1/cmp/PKIBody.java | 193 -- .../asn1/cmp/PKIConfirmContent.java | 48 - .../bouncycastle/asn1/cmp/PKIFailureInfo.java | 126 - .../bouncycastle/asn1/cmp/PKIFreeText.java | 112 - .../org/bouncycastle/asn1/cmp/PKIHeader.java | 256 -- .../asn1/cmp/PKIHeaderBuilder.java | 243 -- .../org/bouncycastle/asn1/cmp/PKIMessage.java | 162 -- .../bouncycastle/asn1/cmp/PKIMessages.java | 71 - .../org/bouncycastle/asn1/cmp/PKIStatus.java | 64 - .../bouncycastle/asn1/cmp/PKIStatusInfo.java | 177 -- .../asn1/cmp/POPODecKeyChallContent.java | 54 - .../asn1/cmp/POPODecKeyRespContent.java | 55 - .../bouncycastle/asn1/cmp/PollRepContent.java | 82 - .../bouncycastle/asn1/cmp/PollReqContent.java | 69 - .../bouncycastle/asn1/cmp/ProtectedPart.java | 70 - .../bouncycastle/asn1/cmp/RevAnnContent.java | 103 - .../org/bouncycastle/asn1/cmp/RevDetails.java | 87 - .../bouncycastle/asn1/cmp/RevRepContent.java | 136 - .../asn1/cmp/RevRepContentBuilder.java | 59 - .../bouncycastle/asn1/cmp/RevReqContent.java | 73 - .../org/bouncycastle/asn1/cmp/package.html | 5 - .../org/bouncycastle/asn1/cms/Attribute.java | 82 - .../bouncycastle/asn1/cms/AttributeTable.java | 232 -- .../org/bouncycastle/asn1/cms/Attributes.java | 49 - .../asn1/cms/AuthEnvelopedData.java | 218 -- .../asn1/cms/AuthEnvelopedDataParser.java | 157 - .../asn1/cms/AuthenticatedData.java | 293 -- .../asn1/cms/AuthenticatedDataParser.java | 197 -- .../bouncycastle/asn1/cms/CMSAttributes.java | 13 - .../asn1/cms/CMSObjectIdentifiers.java | 18 - .../bouncycastle/asn1/cms/CompressedData.java | 110 - .../asn1/cms/CompressedDataParser.java | 48 - .../bouncycastle/asn1/cms/ContentInfo.java | 97 - .../asn1/cms/ContentInfoParser.java | 48 - .../asn1/cms/EncryptedContentInfo.java | 106 - .../asn1/cms/EncryptedContentInfoParser.java | 51 - .../bouncycastle/asn1/cms/EncryptedData.java | 94 - .../bouncycastle/asn1/cms/EnvelopedData.java | 179 -- .../asn1/cms/EnvelopedDataParser.java | 118 - .../org/bouncycastle/asn1/cms/Evidence.java | 56 - .../asn1/cms/IssuerAndSerialNumber.java | 92 - .../bouncycastle/asn1/cms/KEKIdentifier.java | 139 - .../asn1/cms/KEKRecipientInfo.java | 121 - .../asn1/cms/KeyAgreeRecipientIdentifier.java | 103 - .../asn1/cms/KeyAgreeRecipientInfo.java | 153 - .../asn1/cms/KeyTransRecipientInfo.java | 114 - .../org/bouncycastle/asn1/cms/MetaData.java | 120 - .../asn1/cms/OriginatorIdentifierOrKey.java | 165 -- .../bouncycastle/asn1/cms/OriginatorInfo.java | 129 - .../asn1/cms/OriginatorPublicKey.java | 100 - .../asn1/cms/OtherKeyAttribute.java | 82 - .../asn1/cms/OtherRecipientInfo.java | 98 - .../asn1/cms/PasswordRecipientInfo.java | 143 - .../asn1/cms/RecipientEncryptedKey.java | 99 - .../asn1/cms/RecipientIdentifier.java | 98 - .../bouncycastle/asn1/cms/RecipientInfo.java | 154 - .../asn1/cms/RecipientKeyIdentifier.java | 156 - .../org/bouncycastle/asn1/cms/SignedData.java | 302 -- .../asn1/cms/SignedDataParser.java | 139 - .../asn1/cms/SignerIdentifier.java | 98 - .../org/bouncycastle/asn1/cms/SignerInfo.java | 183 -- .../java/org/bouncycastle/asn1/cms/Time.java | 128 - .../asn1/cms/TimeStampAndCRL.java | 76 - .../asn1/cms/TimeStampTokenEvidence.java | 84 - .../asn1/cms/TimeStampedData.java | 121 - .../asn1/cms/TimeStampedDataParser.java | 126 - .../asn1/cms/ecc/MQVuserKeyingMaterial.java | 112 - .../org/bouncycastle/asn1/cms/package.html | 5 - .../asn1/crmf/AttributeTypeAndValue.java | 79 - .../asn1/crmf/CRMFObjectIdentifiers.java | 21 - .../org/bouncycastle/asn1/crmf/CertId.java | 71 - .../asn1/crmf/CertReqMessages.java | 72 - .../bouncycastle/asn1/crmf/CertReqMsg.java | 142 - .../bouncycastle/asn1/crmf/CertRequest.java | 97 - .../bouncycastle/asn1/crmf/CertTemplate.java | 168 -- .../asn1/crmf/CertTemplateBuilder.java | 141 - .../org/bouncycastle/asn1/crmf/Controls.java | 70 - .../bouncycastle/asn1/crmf/EncKeyWithID.java | 116 - .../bouncycastle/asn1/crmf/EncryptedKey.java | 80 - .../asn1/crmf/EncryptedValue.java | 163 -- .../asn1/crmf/OptionalValidity.java | 77 - .../asn1/crmf/PKIArchiveOptions.java | 115 - .../asn1/crmf/PKIPublicationInfo.java | 81 - .../bouncycastle/asn1/crmf/PKMACValue.java | 104 - .../bouncycastle/asn1/crmf/POPOPrivKey.java | 89 - .../asn1/crmf/POPOSigningKey.java | 122 - .../asn1/crmf/POPOSigningKeyInput.java | 125 - .../asn1/crmf/ProofOfPossession.java | 107 - .../bouncycastle/asn1/crmf/SinglePubInfo.java | 72 - .../asn1/crmf/SubsequentMessage.java | 29 - .../cryptopro/CryptoProObjectIdentifiers.java | 45 - .../asn1/cryptopro/ECGOST3410NamedCurves.java | 168 -- .../ECGOST3410ParamSetParameters.java | 99 - .../asn1/cryptopro/GOST28147Parameters.java | 72 - .../cryptopro/GOST3410NamedParameters.java | 116 - .../cryptopro/GOST3410ParamSetParameters.java | 105 - .../GOST3410PublicKeyAlgParameters.java | 101 - .../bouncycastle/asn1/cryptopro/package.html | 5 - .../asn1/eac/EACObjectIdentifiers.java | 55 - .../asn1/esf/CommitmentTypeIdentifier.java | 14 - .../asn1/esf/CommitmentTypeIndication.java | 83 - .../asn1/esf/CommitmentTypeQualifier.java | 108 - .../asn1/esf/CompleteRevocationRefs.java | 65 - .../bouncycastle/asn1/esf/CrlIdentifier.java | 106 - .../org/bouncycastle/asn1/esf/CrlListID.java | 66 - .../org/bouncycastle/asn1/esf/CrlOcspRef.java | 106 - .../bouncycastle/asn1/esf/CrlValidatedID.java | 82 - .../bouncycastle/asn1/esf/ESFAttributes.java | 22 - .../bouncycastle/asn1/esf/OcspIdentifier.java | 73 - .../org/bouncycastle/asn1/esf/OcspListID.java | 72 - .../asn1/esf/OcspResponsesID.java | 83 - .../org/bouncycastle/asn1/esf/OtherHash.java | 81 - .../asn1/esf/OtherHashAlgAndValue.java | 81 - .../bouncycastle/asn1/esf/OtherRevRefs.java | 81 - .../bouncycastle/asn1/esf/OtherRevVals.java | 70 - .../asn1/esf/RevocationValues.java | 151 - .../bouncycastle/asn1/esf/SPUserNotice.java | 94 - .../java/org/bouncycastle/asn1/esf/SPuri.java | 47 - .../asn1/esf/SigPolicyQualifierInfo.java | 78 - .../asn1/esf/SigPolicyQualifiers.java | 75 - .../asn1/esf/SignaturePolicyId.java | 106 - .../asn1/esf/SignaturePolicyIdentifier.java | 74 - .../asn1/esf/SignerAttribute.java | 97 - .../bouncycastle/asn1/esf/SignerLocation.java | 162 -- .../org/bouncycastle/asn1/esf/package.html | 6 - .../bouncycastle/asn1/ess/ContentHints.java | 96 - .../asn1/ess/ContentIdentifier.java | 65 - .../org/bouncycastle/asn1/ess/ESSCertID.java | 97 - .../bouncycastle/asn1/ess/ESSCertIDv2.java | 144 - .../bouncycastle/asn1/ess/OtherCertID.java | 138 - .../asn1/ess/OtherSigningCertificate.java | 111 - .../asn1/ess/SigningCertificate.java | 111 - .../asn1/ess/SigningCertificateV2.java | 132 - .../org/bouncycastle/asn1/ess/package.html | 5 - .../asn1/gnu/GNUObjectIdentifiers.java | 30 - .../asn1/iana/IANAObjectIdentifiers.java | 20 - .../asn1/icao/CscaMasterList.java | 111 - .../bouncycastle/asn1/icao/DataGroupHash.java | 97 - .../asn1/icao/ICAOObjectIdentifiers.java | 33 - .../asn1/icao/LDSSecurityObject.java | 159 - .../asn1/icao/LDSVersionInfo.java | 75 - .../org/bouncycastle/asn1/icao/package.html | 5 - .../isismtt/ISISMTTObjectIdentifiers.java | 180 -- .../asn1/isismtt/ocsp/CertHash.java | 124 - .../isismtt/ocsp/RequestedCertificate.java | 183 -- .../x509/AdditionalInformationSyntax.java | 70 - .../asn1/isismtt/x509/AdmissionSyntax.java | 280 -- .../asn1/isismtt/x509/Admissions.java | 188 -- .../isismtt/x509/DeclarationOfMajority.java | 164 -- .../asn1/isismtt/x509/MonetaryLimit.java | 131 - .../asn1/isismtt/x509/NamingAuthority.java | 225 -- .../asn1/isismtt/x509/ProcurationSyntax.java | 240 -- .../asn1/isismtt/x509/ProfessionInfo.java | 407 --- .../asn1/isismtt/x509/Restriction.java | 82 - .../asn1/kisa/KISAObjectIdentifiers.java | 9 - .../microsoft/MicrosoftObjectIdentifiers.java | 17 - .../asn1/misc/CAST5CBCParameters.java | 71 - .../bouncycastle/asn1/misc/IDEACBCPar.java | 75 - .../asn1/misc/MiscObjectIdentifiers.java | 47 - .../asn1/misc/NetscapeCertType.java | 54 - .../asn1/misc/NetscapeRevocationURL.java | 18 - .../asn1/misc/VerisignCzagExtension.java | 18 - .../org/bouncycastle/asn1/misc/package.html | 5 - .../asn1/mozilla/PublicKeyAndChallenge.java | 63 - .../bouncycastle/asn1/mozilla/package.html | 5 - .../asn1/nist/NISTNamedCurves.java | 96 - .../asn1/nist/NISTObjectIdentifiers.java | 56 - .../org/bouncycastle/asn1/nist/package.html | 5 - .../asn1/ntt/NTTObjectIdentifiers.java | 17 - .../asn1/ocsp/BasicOCSPResponse.java | 112 - .../org/bouncycastle/asn1/ocsp/CertID.java | 105 - .../bouncycastle/asn1/ocsp/CertStatus.java | 105 - .../org/bouncycastle/asn1/ocsp/CrlID.java | 86 - .../asn1/ocsp/OCSPObjectIdentifiers.java | 22 - .../bouncycastle/asn1/ocsp/OCSPRequest.java | 90 - .../bouncycastle/asn1/ocsp/OCSPResponse.java | 92 - .../asn1/ocsp/OCSPResponseStatus.java | 40 - .../org/bouncycastle/asn1/ocsp/Request.java | 91 - .../bouncycastle/asn1/ocsp/ResponderID.java | 104 - .../bouncycastle/asn1/ocsp/ResponseBytes.java | 82 - .../bouncycastle/asn1/ocsp/ResponseData.java | 164 -- .../bouncycastle/asn1/ocsp/RevokedInfo.java | 92 - .../asn1/ocsp/ServiceLocator.java | 36 - .../org/bouncycastle/asn1/ocsp/Signature.java | 111 - .../asn1/ocsp/SingleResponse.java | 143 - .../bouncycastle/asn1/ocsp/TBSRequest.java | 154 - .../org/bouncycastle/asn1/ocsp/package.html | 5 - .../asn1/oiw/ElGamalParameter.java | 49 - .../asn1/oiw/OIWObjectIdentifiers.java | 31 - .../org/bouncycastle/asn1/oiw/package.html | 5 - .../java/org/bouncycastle/asn1/package.html | 5 - .../org/bouncycastle/asn1/pkcs/Attribute.java | 82 - .../asn1/pkcs/AuthenticatedSafe.java | 47 - .../org/bouncycastle/asn1/pkcs/CertBag.java | 53 - .../asn1/pkcs/CertificationRequest.java | 91 - .../asn1/pkcs/CertificationRequestInfo.java | 145 - .../bouncycastle/asn1/pkcs/ContentInfo.java | 90 - .../bouncycastle/asn1/pkcs/DHParameter.java | 88 - .../bouncycastle/asn1/pkcs/EncryptedData.java | 114 - .../asn1/pkcs/EncryptedPrivateKeyInfo.java | 86 - .../asn1/pkcs/EncryptionScheme.java | 55 - .../asn1/pkcs/IssuerAndSerialNumber.java | 76 - .../asn1/pkcs/KeyDerivationFunc.java | 23 - .../org/bouncycastle/asn1/pkcs/MacData.java | 106 - .../bouncycastle/asn1/pkcs/PBEParameter.java | 73 - .../asn1/pkcs/PBES2Algorithms.java | 77 - .../asn1/pkcs/PBES2Parameters.java | 72 - .../bouncycastle/asn1/pkcs/PBKDF2Params.java | 98 - .../asn1/pkcs/PKCS12PBEParams.java | 69 - .../asn1/pkcs/PKCSObjectIdentifiers.java | 252 -- .../java/org/bouncycastle/asn1/pkcs/Pfx.java | 71 - .../asn1/pkcs/PrivateKeyInfo.java | 144 - .../asn1/pkcs/RC2CBCParameter.java | 89 - .../asn1/pkcs/RSAESOAEPparams.java | 151 - .../asn1/pkcs/RSAPrivateKeyStructure.java | 186 -- .../asn1/pkcs/RSASSAPSSparams.java | 170 -- .../org/bouncycastle/asn1/pkcs/SafeBag.java | 78 - .../bouncycastle/asn1/pkcs/SignedData.java | 166 -- .../bouncycastle/asn1/pkcs/SignerInfo.java | 168 -- .../org/bouncycastle/asn1/pkcs/package.html | 5 - .../asn1/sec/ECPrivateKeyStructure.java | 128 - .../bouncycastle/asn1/sec/SECNamedCurves.java | 1029 ------- .../asn1/sec/SECObjectIdentifiers.java | 50 - .../org/bouncycastle/asn1/sec/package.html | 5 - .../asn1/smime/SMIMEAttributes.java | 10 - .../asn1/smime/SMIMECapabilities.java | 115 - .../smime/SMIMECapabilitiesAttribute.java | 16 - .../asn1/smime/SMIMECapability.java | 103 - .../asn1/smime/SMIMECapabilityVector.java | 50 - ...SMIMEEncryptionKeyPreferenceAttribute.java | 48 - .../org/bouncycastle/asn1/smime/package.html | 5 - .../asn1/teletrust/TeleTrusTNamedCurves.java | 351 --- .../teletrust/TeleTrusTObjectIdentifiers.java | 42 - .../bouncycastle/asn1/teletrust/package.html | 5 - .../org/bouncycastle/asn1/tsp/Accuracy.java | 174 -- .../bouncycastle/asn1/tsp/MessageImprint.java | 77 - .../org/bouncycastle/asn1/tsp/TSTInfo.java | 254 -- .../bouncycastle/asn1/tsp/TimeStampReq.java | 181 -- .../bouncycastle/asn1/tsp/TimeStampResp.java | 86 - .../org/bouncycastle/asn1/tsp/package.html | 5 - .../org/bouncycastle/asn1/util/ASN1Dump.java | 432 --- .../org/bouncycastle/asn1/util/DERDump.java | 41 - .../java/org/bouncycastle/asn1/util/Dump.java | 22 - .../org/bouncycastle/asn1/util/package.html | 5 - .../asn1/x500/AttributeTypeAndValue.java | 71 - .../asn1/x500/DirectoryString.java | 125 - .../java/org/bouncycastle/asn1/x500/RDN.java | 106 - .../org/bouncycastle/asn1/x500/X500Name.java | 274 -- .../asn1/x500/X500NameBuilder.java | 81 - .../bouncycastle/asn1/x500/X500NameStyle.java | 34 - .../asn1/x500/style/BCStrictStyle.java | 33 - .../bouncycastle/asn1/x500/style/BCStyle.java | 544 ---- .../asn1/x500/style/IETFUtils.java | 294 -- .../asn1/x500/style/RFC4519Style.java | 443 --- .../asn1/x500/style/X500NameTokenizer.java | 99 - .../asn1/x509/AccessDescription.java | 98 - .../asn1/x509/AlgorithmIdentifier.java | 144 - .../bouncycastle/asn1/x509/AttCertIssuer.java | 90 - .../asn1/x509/AttCertValidityPeriod.java | 84 - .../org/bouncycastle/asn1/x509/Attribute.java | 93 - .../asn1/x509/AttributeCertificate.java | 94 - .../asn1/x509/AttributeCertificateInfo.java | 165 -- .../asn1/x509/AuthorityInformationAccess.java | 106 - .../asn1/x509/AuthorityKeyIdentifier.java | 231 -- .../asn1/x509/BasicConstraints.java | 181 -- .../bouncycastle/asn1/x509/CRLDistPoint.java | 100 - .../org/bouncycastle/asn1/x509/CRLNumber.java | 32 - .../org/bouncycastle/asn1/x509/CRLReason.java | 111 - .../bouncycastle/asn1/x509/CertPolicyId.java | 20 - .../asn1/x509/CertificateList.java | 126 - .../asn1/x509/CertificatePair.java | 169 -- .../asn1/x509/CertificatePolicies.java | 147 - .../bouncycastle/asn1/x509/DSAParameter.java | 92 - .../bouncycastle/asn1/x509/DigestInfo.java | 86 - .../bouncycastle/asn1/x509/DisplayText.java | 165 -- .../asn1/x509/DistributionPoint.java | 158 - .../asn1/x509/DistributionPointName.java | 149 - .../asn1/x509/ExtendedKeyUsage.java | 128 - .../bouncycastle/asn1/x509/GeneralName.java | 446 --- .../bouncycastle/asn1/x509/GeneralNames.java | 95 - .../asn1/x509/GeneralSubtree.java | 218 -- .../org/bouncycastle/asn1/x509/Holder.java | 242 -- .../asn1/x509/IetfAttrSyntax.java | 174 -- .../bouncycastle/asn1/x509/IssuerSerial.java | 106 - .../asn1/x509/IssuingDistributionPoint.java | 256 -- .../bouncycastle/asn1/x509/KeyPurposeId.java | 119 - .../org/bouncycastle/asn1/x509/KeyUsage.java | 77 - .../asn1/x509/NameConstraints.java | 104 - .../asn1/x509/NoticeReference.java | 155 - .../asn1/x509/ObjectDigestInfo.java | 192 -- .../asn1/x509/PolicyInformation.java | 87 - .../asn1/x509/PolicyMappings.java | 68 - .../asn1/x509/PolicyQualifierId.java | 31 - .../asn1/x509/PolicyQualifierInfo.java | 114 - .../asn1/x509/PrivateKeyUsagePeriod.java | 89 - .../asn1/x509/RSAPublicKeyStructure.java | 95 - .../bouncycastle/asn1/x509/ReasonFlags.java | 85 - .../bouncycastle/asn1/x509/RoleSyntax.java | 237 -- .../asn1/x509/SubjectDirectoryAttributes.java | 144 - .../asn1/x509/SubjectKeyIdentifier.java | 137 - .../asn1/x509/SubjectPublicKeyInfo.java | 126 - .../bouncycastle/asn1/x509/TBSCertList.java | 266 -- .../asn1/x509/TBSCertificateStructure.java | 193 -- .../org/bouncycastle/asn1/x509/Target.java | 138 - .../asn1/x509/TargetInformation.java | 121 - .../org/bouncycastle/asn1/x509/Targets.java | 122 - .../java/org/bouncycastle/asn1/x509/Time.java | 133 - .../bouncycastle/asn1/x509/UserNotice.java | 117 - .../asn1/x509/V1TBSCertificateGenerator.java | 138 - .../V2AttributeCertificateInfoGenerator.java | 148 - .../org/bouncycastle/asn1/x509/V2Form.java | 130 - .../asn1/x509/V2TBSCertListGenerator.java | 219 -- .../asn1/x509/V3TBSCertificateGenerator.java | 196 -- .../asn1/x509/X509Attributes.java | 8 - .../asn1/x509/X509CertificateStructure.java | 127 - .../asn1/x509/X509DefaultEntryConverter.java | 65 - .../bouncycastle/asn1/x509/X509Extension.java | 249 -- .../asn1/x509/X509Extensions.java | 479 --- .../asn1/x509/X509ExtensionsGenerator.java | 93 - .../org/bouncycastle/asn1/x509/X509Name.java | 1267 -------- .../asn1/x509/X509NameEntryConverter.java | 113 - .../asn1/x509/X509NameTokenizer.java | 99 - .../asn1/x509/X509ObjectIdentifiers.java | 62 - .../org/bouncycastle/asn1/x509/package.html | 5 - .../asn1/x509/qualified/BiometricData.java | 124 - .../qualified/ETSIQCObjectIdentifiers.java | 16 - .../x509/qualified/Iso4217CurrencyCode.java | 93 - .../asn1/x509/qualified/MonetaryValue.java | 92 - .../asn1/x509/qualified/QCStatement.java | 95 - .../qualified/RFC3739QCObjectIdentifiers.java | 14 - .../x509/qualified/SemanticsInformation.java | 130 - .../x509/qualified/TypeOfBiometricData.java | 90 - .../asn1/x509/qualified/package.html | 5 - .../asn1/x509/sigi/NameOrPseudonym.java | 191 -- .../asn1/x509/sigi/PersonalData.java | 214 -- .../asn1/x509/sigi/SigIObjectIdentifiers.java | 45 - .../asn1/x9/DHDomainParameters.java | 139 - .../org/bouncycastle/asn1/x9/DHPublicKey.java | 52 - .../asn1/x9/DHValidationParms.java | 80 - .../bouncycastle/asn1/x9/KeySpecificInfo.java | 68 - .../org/bouncycastle/asn1/x9/OtherInfo.java | 96 - .../bouncycastle/asn1/x9/X962NamedCurves.java | 621 ---- .../bouncycastle/asn1/x9/X962Parameters.java | 86 - .../org/bouncycastle/asn1/x9/X9Curve.java | 161 -- .../bouncycastle/asn1/x9/X9ECParameters.java | 161 -- .../asn1/x9/X9ECParametersHolder.java | 18 - .../org/bouncycastle/asn1/x9/X9ECPoint.java | 48 - .../bouncycastle/asn1/x9/X9FieldElement.java | 64 - .../org/bouncycastle/asn1/x9/X9FieldID.java | 109 - .../asn1/x9/X9IntegerConverter.java | 47 - .../asn1/x9/X9ObjectIdentifiers.java | 132 - .../org/bouncycastle/asn1/x9/package.html | 5 - .../org/bouncycastle/bcpg/attr/package.html | 5 - .../java/org/bouncycastle/bcpg/package.html | 9 - .../org/bouncycastle/bcpg/sig/package.html | 5 - .../cert/AttributeCertificateHolder.java | 358 --- .../cert/AttributeCertificateIssuer.java | 148 - .../org/bouncycastle/cert/CertException.java | 27 - .../bouncycastle/cert/CertIOException.java | 29 - .../java/org/bouncycastle/cert/CertUtils.java | 196 -- .../cert/X509AttributeCertificateHolder.java | 354 --- .../bouncycastle/cert/X509CRLEntryHolder.java | 106 - .../org/bouncycastle/cert/X509CRLHolder.java | 259 -- .../cert/X509CertificateHolder.java | 313 -- .../cert/X509v1CertificateBuilder.java | 66 - .../X509v2AttributeCertificateBuilder.java | 108 - .../bouncycastle/cert/X509v2CRLBuilder.java | 164 -- .../cert/X509v3CertificateBuilder.java | 141 - .../bouncycastle/cert/cmp/CMPException.java | 24 - .../cert/cmp/CMPRuntimeException.java | 19 - .../org/bouncycastle/cert/cmp/CMPUtil.java | 26 - .../cmp/CertificateConfirmationContent.java | 41 - ...CertificateConfirmationContentBuilder.java | 78 - .../cert/cmp/CertificateStatus.java | 60 - .../cert/cmp/GeneralPKIMessage.java | 82 - .../cert/cmp/ProtectedPKIMessage.java | 197 -- .../cert/cmp/ProtectedPKIMessageBuilder.java | 305 -- .../cert/cmp/RevocationDetails.java | 36 - .../cert/cmp/RevocationDetailsBuilder.java | 59 - .../org/bouncycastle/cert/cmp/package.html | 7 - .../cert/crmf/AuthenticatorControl.java | 57 - .../bouncycastle/cert/crmf/CRMFException.java | 19 - .../cert/crmf/CRMFRuntimeException.java | 19 - .../org/bouncycastle/cert/crmf/CRMFUtil.java | 26 - .../cert/crmf/CertificateRequestMessage.java | 302 -- .../CertificateRequestMessageBuilder.java | 238 -- .../org/bouncycastle/cert/crmf/Control.java | 24 - .../cert/crmf/EncryptedValueBuilder.java | 133 - .../cert/crmf/EncryptedValuePadder.java | 24 - .../cert/crmf/EncryptedValueParser.java | 103 - .../cert/crmf/FixedLengthMGF1Padder.java | 122 - .../cert/crmf/PKIArchiveControl.java | 91 - .../cert/crmf/PKIArchiveControlBuilder.java | 78 - .../bouncycastle/cert/crmf/PKMACBuilder.java | 199 -- .../cert/crmf/PKMACValueGenerator.java | 40 - .../cert/crmf/PKMACValueVerifier.java | 42 - .../cert/crmf/PKMACValuesCalculator.java | 15 - .../ProofOfPossessionSigningKeyBuilder.java | 59 - .../cert/crmf/RegTokenControl.java | 57 - .../cert/crmf/ValueDecryptorGenerator.java | 10 - .../cert/crmf/jcajce/CRMFHelper.java | 450 --- .../jcajce/JcaCertificateRequestMessage.java | 70 - .../JcaCertificateRequestMessageBuilder.java | 57 - .../crmf/jcajce/JcaEncryptedValueBuilder.java | 26 - .../jcajce/JcaPKIArchiveControlBuilder.java | 29 - .../JceAsymmetricValueDecryptorGenerator.java | 120 - .../crmf/jcajce/JceCRMFEncryptorBuilder.java | 135 - .../crmf/jcajce/JcePKMACValuesCalculator.java | 69 - .../cert/crmf/jcajce/package.html | 7 - .../org/bouncycastle/cert/crmf/package.html | 7 - .../bouncycastle/cert/jcajce/CertHelper.java | 17 - .../cert/jcajce/DefaultCertHelper.java | 14 - .../cert/jcajce/JcaAttrCertStore.java | 62 - .../bouncycastle/cert/jcajce/JcaCRLStore.java | 63 - .../cert/jcajce/JcaCertStore.java | 64 - .../JcaX509AttributeCertificateHolder.java | 26 - .../cert/jcajce/JcaX509CRLConverter.java | 103 - .../cert/jcajce/JcaX509CRLHolder.java | 26 - .../jcajce/JcaX509CertificateConverter.java | 116 - .../cert/jcajce/JcaX509CertificateHolder.java | 26 - .../jcajce/JcaX509v1CertificateBuilder.java | 48 - .../cert/jcajce/JcaX509v2CRLBuilder.java | 17 - .../jcajce/JcaX509v3CertificateBuilder.java | 87 - .../cert/jcajce/NamedCertHelper.java | 22 - .../cert/jcajce/ProviderCertHelper.java | 22 - .../org/bouncycastle/cert/jcajce/package.html | 7 - .../bouncycastle/cert/ocsp/BasicOCSPResp.java | 204 -- .../cert/ocsp/BasicOCSPRespBuilder.java | 263 -- .../bouncycastle/cert/ocsp/CertificateID.java | 155 - .../cert/ocsp/CertificateStatus.java | 6 - .../bouncycastle/cert/ocsp/OCSPException.java | 27 - .../org/bouncycastle/cert/ocsp/OCSPReq.java | 249 -- .../cert/ocsp/OCSPReqBuilder.java | 198 -- .../org/bouncycastle/cert/ocsp/OCSPResp.java | 109 - .../cert/ocsp/OCSPRespBuilder.java | 59 - .../org/bouncycastle/cert/ocsp/OCSPUtils.java | 64 - .../java/org/bouncycastle/cert/ocsp/Req.java | 25 - .../org/bouncycastle/cert/ocsp/RespData.java | 52 - .../org/bouncycastle/cert/ocsp/RespID.java | 89 - .../bouncycastle/cert/ocsp/RevokedStatus.java | 55 - .../bouncycastle/cert/ocsp/SingleResp.java | 102 - .../bouncycastle/cert/ocsp/UnknownStatus.java | 12 - .../ocsp/jcajce/JcaBasicOCSPRespBuilder.java | 18 - .../cert/ocsp/jcajce/JcaCertificateID.java | 20 - .../cert/ocsp/jcajce/JcaRespID.java | 26 - .../cert/ocsp/jcajce/package.html | 7 - .../org/bouncycastle/cert/ocsp/package.html | 7 - .../java/org/bouncycastle/cert/package.html | 5 - .../X509AttributeCertificateSelector.java | 269 -- ...09AttributeCertificateSelectorBuilder.java | 194 -- .../bouncycastle/cert/selector/package.html | 7 - .../cms/AuthAttributesProvider.java | 8 - .../cms/BaseDigestCalculator.java | 19 - .../bouncycastle/cms/CMSAbsentContent.java | 49 - .../org/bouncycastle/cms/CMSAlgorithm.java | 36 - .../CMSAttributeTableGenerationException.java | 32 - .../cms/CMSAttributeTableGenerator.java | 19 - .../cms/CMSAuthEnvelopedData.java | 111 - .../cms/CMSAuthEnvelopedGenerator.java | 13 - .../cms/CMSAuthenticatedData.java | 268 -- .../cms/CMSAuthenticatedDataGenerator.java | 340 --- .../cms/CMSAuthenticatedDataParser.java | 355 --- .../CMSAuthenticatedDataStreamGenerator.java | 595 ---- .../cms/CMSAuthenticatedGenerator.java | 99 - .../bouncycastle/cms/CMSCompressedData.java | 152 - .../cms/CMSCompressedDataGenerator.java | 115 - .../cms/CMSCompressedDataParser.java | 94 - .../cms/CMSCompressedDataStreamGenerator.java | 214 -- .../java/org/bouncycastle/cms/CMSConfig.java | 34 - .../cms/CMSContentInfoParser.java | 45 - .../bouncycastle/cms/CMSEnvelopedData.java | 196 -- .../cms/CMSEnvelopedDataGenerator.java | 343 --- .../cms/CMSEnvelopedDataParser.java | 213 -- .../cms/CMSEnvelopedDataStreamGenerator.java | 523 ---- .../cms/CMSEnvelopedGenerator.java | 355 --- .../bouncycastle/cms/CMSEnvelopedHelper.java | 737 ----- .../org/bouncycastle/cms/CMSException.java | 32 - .../java/org/bouncycastle/cms/CMSPBEKey.java | 73 - .../org/bouncycastle/cms/CMSProcessable.java | 21 - .../cms/CMSProcessableByteArray.java | 54 - .../bouncycastle/cms/CMSProcessableFile.java | 80 - .../cms/CMSProcessableInputStream.java | 50 - .../org/bouncycastle/cms/CMSReadable.java | 10 - .../bouncycastle/cms/CMSRuntimeException.java | 32 - .../bouncycastle/cms/CMSSecureReadable.java | 19 - .../org/bouncycastle/cms/CMSSignedData.java | 715 ----- .../cms/CMSSignedDataGenerator.java | 957 ------ .../bouncycastle/cms/CMSSignedDataParser.java | 942 ------ .../cms/CMSSignedDataStreamGenerator.java | 1201 -------- .../bouncycastle/cms/CMSSignedGenerator.java | 318 -- .../org/bouncycastle/cms/CMSSignedHelper.java | 476 --- .../cms/CMSSignerDigestMismatchException.java | 11 - .../bouncycastle/cms/CMSStreamException.java | 26 - .../org/bouncycastle/cms/CMSTypedData.java | 9 - .../org/bouncycastle/cms/CMSTypedStream.java | 86 - .../java/org/bouncycastle/cms/CMSUtils.java | 363 --- ...SVerifierCertificateNotValidException.java | 11 - .../cms/CounterSignatureDigestCalculator.java | 29 - ...tAuthenticatedAttributeTableGenerator.java | 91 - .../DefaultSignedAttributeTableGenerator.java | 106 - .../org/bouncycastle/cms/DigOutputStream.java | 25 - .../bouncycastle/cms/IntDigestCalculator.java | 9 - .../cms/IntRecipientInfoGenerator.java | 23 - .../cms/KEKIntRecipientInfoGenerator.java | 134 - .../org/bouncycastle/cms/KEKRecipient.java | 10 - .../org/bouncycastle/cms/KEKRecipientId.java | 53 - .../cms/KEKRecipientInfoGenerator.java | 39 - .../cms/KEKRecipientInformation.java | 89 - .../KeyAgreeIntRecipientInfoGenerator.java | 181 -- .../bouncycastle/cms/KeyAgreeRecipient.java | 14 - .../bouncycastle/cms/KeyAgreeRecipientId.java | 145 - .../cms/KeyAgreeRecipientInfoGenerator.java | 71 - .../cms/KeyAgreeRecipientInformation.java | 273 -- .../KeyTransIntRecipientInfoGenerator.java | 118 - .../bouncycastle/cms/KeyTransRecipient.java | 10 - .../bouncycastle/cms/KeyTransRecipientId.java | 145 - .../cms/KeyTransRecipientInfoGenerator.java | 58 - .../cms/KeyTransRecipientInformation.java | 172 -- .../org/bouncycastle/cms/MacOutputStream.java | 26 - .../bouncycastle/cms/NullOutputStream.java | 28 - .../org/bouncycastle/cms/OriginatorId.java | 49 - .../bouncycastle/cms/PKCS5Scheme2PBEKey.java | 35 - .../cms/PKCS5Scheme2UTF8PBEKey.java | 35 - .../PasswordIntRecipientInfoGenerator.java | 65 - .../bouncycastle/cms/PasswordRecipient.java | 17 - .../bouncycastle/cms/PasswordRecipientId.java | 39 - .../cms/PasswordRecipientInfoGenerator.java | 138 - .../cms/PasswordRecipientInformation.java | 239 -- .../java/org/bouncycastle/cms/Recipient.java | 5 - .../org/bouncycastle/cms/RecipientId.java | 32 - .../cms/RecipientInfoGenerator.java | 10 - .../cms/RecipientInformation.java | 311 -- .../cms/RecipientInformationStore.java | 86 - .../bouncycastle/cms/RecipientOperator.java | 48 - .../org/bouncycastle/cms/SigOutputStream.java | 40 - .../java/org/bouncycastle/cms/SignerId.java | 156 - .../bouncycastle/cms/SignerInfoGenerator.java | 312 -- .../cms/SignerInfoGeneratorBuilder.java | 89 - .../bouncycastle/cms/SignerInformation.java | 1122 ------- .../cms/SignerInformationStore.java | 117 - .../cms/SignerInformationVerifier.java | 43 - .../cms/SignerIntInfoGenerator.java | 11 - .../cms/SimpleAttributeTableGenerator.java | 25 - .../bc/BcKeyTransRecipientInfoGenerator.java | 19 - .../BcRSAKeyTransRecipientInfoGenerator.java | 23 - .../bc/BcRSASignerInfoVerifierBuilder.java | 35 - .../org/bouncycastle/cms/jcajce/CMSUtils.java | 45 - .../cms/jcajce/EnvelopedDataHelper.java | 616 ---- .../jcajce/JcaSignerInfoGeneratorBuilder.java | 54 - .../JcaSimpleSignerInfoGeneratorBuilder.java | 202 -- .../JcaSimpleSignerInfoVerifierBuilder.java | 148 - .../jcajce/JceCMSContentEncryptorBuilder.java | 135 - .../jcajce/JceCMSMacCalculatorBuilder.java | 158 - .../jcajce/JceKEKAuthenticatedRecipient.java | 60 - .../cms/jcajce/JceKEKEnvelopedRecipient.java | 43 - .../cms/jcajce/JceKEKRecipient.java | 98 - .../jcajce/JceKEKRecipientInfoGenerator.java | 45 - .../JceKeyAgreeAuthenticatedRecipient.java | 56 - .../jcajce/JceKeyAgreeEnvelopedRecipient.java | 45 - .../cms/jcajce/JceKeyAgreeRecipient.java | 185 -- .../cms/jcajce/JceKeyAgreeRecipientId.java | 23 - .../JceKeyAgreeRecipientInfoGenerator.java | 219 -- .../JceKeyTransAuthenticatedRecipient.java | 60 - .../jcajce/JceKeyTransEnvelopedRecipient.java | 43 - .../cms/jcajce/JceKeyTransRecipient.java | 97 - .../cms/jcajce/JceKeyTransRecipientId.java | 23 - .../JceKeyTransRecipientInfoGenerator.java | 42 - .../JcePasswordAuthenticatedRecipient.java | 53 - .../jcajce/JcePasswordEnvelopedRecipient.java | 42 - .../cms/jcajce/JcePasswordRecipient.java | 85 - .../JcePasswordRecipientInfoGenerator.java | 64 - .../cms/jcajce/ZlibCompressor.java | 24 - .../cms/jcajce/ZlibExpanderProvider.java | 113 - .../java/org/bouncycastle/cms/package.html | 5 - .../crypto/AsymmetricBlockCipher.java | 45 - .../crypto/AsymmetricCipherKeyPair.java | 44 - .../AsymmetricCipherKeyPairGenerator.java | 22 - .../bouncycastle/crypto/BasicAgreement.java | 21 - .../org/bouncycastle/crypto/BlockCipher.java | 56 - .../crypto/BufferedAsymmetricBlockCipher.java | 171 -- .../crypto/BufferedBlockCipher.java | 313 -- .../crypto/CipherKeyGenerator.java | 38 - .../bouncycastle/crypto/CipherParameters.java | 8 - .../bouncycastle/crypto/CryptoException.java | 26 - .../java/org/bouncycastle/crypto/DSA.java | 36 - .../crypto/DataLengthException.java | 29 - .../crypto/DerivationFunction.java | 17 - .../crypto/DerivationParameters.java | 8 - .../java/org/bouncycastle/crypto/Digest.java | 51 - .../bouncycastle/crypto/ExtendedDigest.java | 13 - .../crypto/InvalidCipherTextException.java | 27 - .../crypto/KeyGenerationParameters.java | 48 - .../java/org/bouncycastle/crypto/Mac.java | 71 - .../crypto/MaxBytesExceededException.java | 27 - .../crypto/PBEParametersGenerator.java | 157 - .../crypto/RuntimeCryptoException.java | 26 - .../java/org/bouncycastle/crypto/Signer.java | 43 - .../crypto/SignerWithRecovery.java | 34 - .../crypto/StreamBlockCipher.java | 108 - .../org/bouncycastle/crypto/StreamCipher.java | 53 - .../java/org/bouncycastle/crypto/Wrapper.java | 18 - .../crypto/agreement/DHAgreement.java | 94 - .../crypto/agreement/DHBasicAgreement.java | 66 - .../crypto/agreement/ECDHBasicAgreement.java | 47 - .../crypto/agreement/ECDHCBasicAgreement.java | 54 - .../crypto/agreement/ECMQVBasicAgreement.java | 86 - .../crypto/agreement/kdf/DHKDFParameters.java | 56 - .../crypto/agreement/kdf/DHKEKGenerator.java | 132 - .../agreement/kdf/ECDHKEKGenerator.java | 75 - .../crypto/agreement/package.html | 5 - .../crypto/agreement/srp/SRP6Client.java | 93 - .../crypto/agreement/srp/SRP6Server.java | 90 - .../crypto/agreement/srp/SRP6Util.java | 91 - .../agreement/srp/SRP6VerifierGenerator.java | 47 - .../crypto/digests/GOST3411Digest.java | 349 --- .../crypto/digests/GeneralDigest.java | 135 - .../crypto/digests/LongDigest.java | 354 --- .../crypto/digests/MD2Digest.java | 237 -- .../crypto/digests/MD4Digest.java | 270 -- .../crypto/digests/MD5Digest.java | 302 -- .../crypto/digests/NullDigest.java | 48 - .../crypto/digests/RIPEMD128Digest.java | 461 --- .../crypto/digests/RIPEMD160Digest.java | 422 --- .../crypto/digests/RIPEMD256Digest.java | 476 --- .../crypto/digests/RIPEMD320Digest.java | 461 --- .../crypto/digests/SHA1Digest.java | 290 -- .../crypto/digests/SHA224Digest.java | 292 -- .../crypto/digests/SHA256Digest.java | 295 -- .../crypto/digests/SHA384Digest.java | 87 - .../crypto/digests/SHA512Digest.java | 89 - .../crypto/digests/ShortenedDigest.java | 80 - .../crypto/digests/TigerDigest.java | 866 ------ .../crypto/digests/WhirlpoolDigest.java | 396 --- .../bouncycastle/crypto/digests/package.html | 5 - .../crypto/encodings/ISO9796d1Encoding.java | 287 -- .../crypto/encodings/OAEPEncoding.java | 348 --- .../crypto/encodings/PKCS1Encoding.java | 247 -- .../crypto/encodings/package.html | 5 - .../crypto/engines/AESEngine.java | 547 ---- .../crypto/engines/AESFastEngine.java | 876 ------ .../crypto/engines/AESLightEngine.java | 440 --- .../crypto/engines/AESWrapEngine.java | 16 - .../crypto/engines/BlowfishEngine.java | 576 ---- .../crypto/engines/CAST5Engine.java | 830 ------ .../crypto/engines/CAST6Engine.java | 296 -- .../crypto/engines/CamelliaEngine.java | 683 ----- .../crypto/engines/CamelliaLightEngine.java | 591 ---- .../crypto/engines/CamelliaWrapEngine.java | 15 - .../crypto/engines/DESEngine.java | 494 ---- .../crypto/engines/DESedeEngine.java | 126 - .../crypto/engines/DESedeWrapEngine.java | 348 --- .../crypto/engines/ElGamalEngine.java | 217 -- .../crypto/engines/GOST28147Engine.java | 371 --- .../crypto/engines/Grain128Engine.java | 302 -- .../crypto/engines/Grainv1Engine.java | 288 -- .../crypto/engines/HC128Engine.java | 256 -- .../crypto/engines/HC256Engine.java | 243 -- .../crypto/engines/IDEAEngine.java | 366 --- .../crypto/engines/IESEngine.java | 257 -- .../crypto/engines/ISAACEngine.java | 245 -- .../crypto/engines/NaccacheSternEngine.java | 437 --- .../crypto/engines/NoekeonEngine.java | 262 -- .../crypto/engines/NullEngine.java | 84 - .../crypto/engines/RC2Engine.java | 316 -- .../crypto/engines/RC2WrapEngine.java | 383 --- .../crypto/engines/RC4Engine.java | 143 - .../crypto/engines/RC532Engine.java | 287 -- .../crypto/engines/RC564Engine.java | 288 -- .../crypto/engines/RC6Engine.java | 362 --- .../crypto/engines/RFC3211WrapEngine.java | 175 -- .../crypto/engines/RFC3394WrapEngine.java | 177 -- .../crypto/engines/RSABlindedEngine.java | 126 - .../crypto/engines/RSABlindingEngine.java | 137 - .../crypto/engines/RSACoreEngine.java | 203 -- .../crypto/engines/RSAEngine.java | 78 - .../crypto/engines/RijndaelEngine.java | 724 ----- .../crypto/engines/SEEDEngine.java | 345 --- .../crypto/engines/SEEDWrapEngine.java | 15 - .../crypto/engines/Salsa20Engine.java | 362 --- .../crypto/engines/SerpentEngine.java | 782 ----- .../crypto/engines/SkipjackEngine.java | 259 -- .../crypto/engines/TEAEngine.java | 178 -- .../crypto/engines/TwofishEngine.java | 677 ----- .../crypto/engines/VMPCEngine.java | 138 - .../crypto/engines/VMPCKSA3Engine.java | 45 - .../crypto/engines/XTEAEngine.java | 182 -- .../bouncycastle/crypto/engines/package.html | 5 - .../crypto/examples/DESExample.java | 419 --- .../bouncycastle/crypto/examples/package.html | 5 - .../generators/BaseKDFBytesGenerator.java | 142 - .../crypto/generators/DESKeyGenerator.java | 48 - .../crypto/generators/DESedeKeyGenerator.java | 56 - .../generators/DHBasicKeyPairGenerator.java | 42 - .../generators/DHKeyGeneratorHelper.java | 51 - .../crypto/generators/DHKeyPairGenerator.java | 42 - .../generators/DHParametersGenerator.java | 52 - .../crypto/generators/DHParametersHelper.java | 73 - .../generators/DSAKeyPairGenerator.java | 61 - .../generators/DSAParametersGenerator.java | 337 --- .../crypto/generators/ECKeyPairGenerator.java | 53 - .../generators/ElGamalKeyPairGenerator.java | 44 - .../ElGamalParametersGenerator.java | 43 - .../generators/GOST3410KeyPairGenerator.java | 57 - .../GOST3410ParametersGenerator.java | 541 ---- .../crypto/generators/KDF1BytesGenerator.java | 23 - .../crypto/generators/KDF2BytesGenerator.java | 24 - .../crypto/generators/MGF1BytesGenerator.java | 114 - .../NaccacheSternKeyPairGenerator.java | 365 --- .../OpenSSLPBEParametersGenerator.java | 131 - .../generators/PKCS12ParametersGenerator.java | 221 -- .../PKCS5S1ParametersGenerator.java | 119 - .../PKCS5S2ParametersGenerator.java | 151 - .../RSABlindingFactorGenerator.java | 77 - .../generators/RSAKeyPairGenerator.java | 147 - .../crypto/generators/package.html | 5 - .../crypto/io/DigestInputStream.java | 52 - .../crypto/io/DigestOutputStream.java | 43 - .../crypto/io/MacInputStream.java | 52 - .../crypto/io/MacOutputStream.java | 44 - .../crypto/io/SignerInputStream.java | 52 - .../crypto/io/SignerOutputStream.java | 43 - .../org/bouncycastle/crypto/io/package.html | 5 - .../crypto/macs/BlockCipherMac.java | 174 -- .../crypto/macs/CBCBlockCipherMac.java | 229 -- .../crypto/macs/CFBBlockCipherMac.java | 388 --- .../org/bouncycastle/crypto/macs/CMac.java | 237 -- .../crypto/macs/GOST28147Mac.java | 298 -- .../org/bouncycastle/crypto/macs/HMac.java | 199 -- .../crypto/macs/ISO9797Alg3Mac.java | 305 -- .../org/bouncycastle/crypto/macs/OldHMac.java | 138 - .../org/bouncycastle/crypto/macs/VMPCMac.java | 186 -- .../org/bouncycastle/crypto/macs/package.html | 5 - .../crypto/modes/AEADBlockCipher.java | 108 - .../crypto/modes/CBCBlockCipher.java | 235 -- .../crypto/modes/CCMBlockCipher.java | 338 --- .../crypto/modes/CFBBlockCipher.java | 250 -- .../crypto/modes/CTSBlockCipher.java | 265 -- .../crypto/modes/EAXBlockCipher.java | 304 -- .../crypto/modes/GCMBlockCipher.java | 416 --- .../crypto/modes/GOFBBlockCipher.java | 226 -- .../crypto/modes/OFBBlockCipher.java | 179 -- .../crypto/modes/OpenPGPCFBBlockCipher.java | 312 -- .../crypto/modes/PGPCFBBlockCipher.java | 450 --- .../crypto/modes/PaddedBlockCipher.java | 253 -- .../crypto/modes/SICBlockCipher.java | 119 - .../modes/gcm/BasicGCMExponentiator.java | 36 - .../crypto/modes/gcm/BasicGCMMultiplier.java | 18 - .../crypto/modes/gcm/GCMExponentiator.java | 7 - .../crypto/modes/gcm/GCMMultiplier.java | 7 - .../crypto/modes/gcm/GCMUtil.java | 129 - .../modes/gcm/Tables1kGCMExponentiator.java | 44 - .../modes/gcm/Tables64kGCMMultiplier.java | 75 - .../modes/gcm/Tables8kGCMMultiplier.java | 102 - .../bouncycastle/crypto/modes/package.html | 5 - .../java/org/bouncycastle/crypto/package.html | 5 - .../crypto/paddings/BlockCipherPadding.java | 48 - .../crypto/paddings/ISO10126d2Padding.java | 79 - .../crypto/paddings/ISO7816d4Padding.java | 77 - .../crypto/paddings/PKCS7Padding.java | 76 - .../paddings/PaddedBufferedBlockCipher.java | 298 -- .../crypto/paddings/TBCPadding.java | 89 - .../crypto/paddings/X923Padding.java | 80 - .../crypto/paddings/ZeroBytePadding.java | 73 - .../bouncycastle/crypto/paddings/package.html | 5 - .../crypto/params/AEADParameters.java | 48 - .../crypto/params/AsymmetricKeyParameter.java | 20 - .../crypto/params/CCMParameters.java | 18 - .../crypto/params/DESParameters.java | 107 - .../crypto/params/DESedeParameters.java | 57 - .../params/DHKeyGenerationParameters.java | 30 - .../crypto/params/DHKeyParameters.java | 54 - .../crypto/params/DHParameters.java | 188 -- .../crypto/params/DHPrivateKeyParameters.java | 41 - .../crypto/params/DHPublicKeyParameters.java | 41 - .../crypto/params/DHValidationParameters.java | 50 - .../params/DSAKeyGenerationParameters.java | 25 - .../crypto/params/DSAKeyParameters.java | 21 - .../crypto/params/DSAParameters.java | 74 - .../params/DSAPrivateKeyParameters.java | 23 - .../crypto/params/DSAPublicKeyParameters.java | 23 - .../params/DSAValidationParameters.java | 50 - .../crypto/params/ECDomainParameters.java | 81 - .../params/ECKeyGenerationParameters.java | 25 - .../crypto/params/ECKeyParameters.java | 21 - .../crypto/params/ECPrivateKeyParameters.java | 22 - .../crypto/params/ECPublicKeyParameters.java | 22 - .../ElGamalKeyGenerationParameters.java | 30 - .../crypto/params/ElGamalKeyParameters.java | 47 - .../crypto/params/ElGamalParameters.java | 69 - .../params/ElGamalPrivateKeyParameters.java | 46 - .../params/ElGamalPublicKeyParameters.java | 41 - .../GOST3410KeyGenerationParameters.java | 25 - .../crypto/params/GOST3410KeyParameters.java | 21 - .../crypto/params/GOST3410Parameters.java | 74 - .../params/GOST3410PrivateKeyParameters.java | 23 - .../params/GOST3410PublicKeyParameters.java | 23 - .../params/GOST3410ValidationParameters.java | 84 - .../crypto/params/IESParameters.java | 44 - .../params/IESWithCipherParameters.java | 30 - .../crypto/params/ISO18033KDFParameters.java | 23 - .../crypto/params/KDFParameters.java | 31 - .../crypto/params/KeyParameter.java | 30 - .../crypto/params/MGFParameters.java | 32 - .../crypto/params/MQVPrivateParameters.java | 43 - .../crypto/params/MQVPublicParameters.java | 28 - .../NaccacheSternKeyGenerationParameters.java | 97 - .../params/NaccacheSternKeyParameters.java | 53 - .../NaccacheSternPrivateKeyParameters.java | 50 - .../crypto/params/ParametersWithIV.java | 39 - .../crypto/params/ParametersWithRandom.java | 36 - .../crypto/params/ParametersWithSBox.java | 28 - .../crypto/params/ParametersWithSalt.java | 42 - .../crypto/params/RC2Parameters.java | 36 - .../crypto/params/RC5Parameters.java | 35 - .../crypto/params/RSABlindingParameters.java | 35 - .../params/RSAKeyGenerationParameters.java | 48 - .../crypto/params/RSAKeyParameters.java | 31 - .../params/RSAPrivateCrtKeyParameters.java | 67 - .../bouncycastle/crypto/params/package.html | 5 - .../crypto/prng/DigestRandomGenerator.java | 123 - .../crypto/prng/RandomGenerator.java | 38 - .../crypto/prng/ReversedWindowGenerator.java | 111 - .../crypto/prng/ThreadedSeedGenerator.java | 95 - .../crypto/prng/VMPCRandomGenerator.java | 131 - .../org/bouncycastle/crypto/prng/package.html | 5 - .../crypto/signers/DSADigestSigner.java | 154 - .../crypto/signers/DSASigner.java | 138 - .../crypto/signers/ECDSASigner.java | 164 -- .../crypto/signers/ECGOST3410Signer.java | 152 - .../crypto/signers/ECNRSigner.java | 182 -- .../crypto/signers/GOST3410Signer.java | 127 - .../crypto/signers/GenericSigner.java | 136 - .../crypto/signers/ISO9796d2PSSSigner.java | 621 ---- .../crypto/signers/ISO9796d2Signer.java | 614 ---- .../crypto/signers/PSSSigner.java | 348 --- .../crypto/signers/RSADigestSigner.java | 230 -- .../bouncycastle/crypto/signers/package.html | 5 - .../crypto/tls/AlertDescription.java | 46 - .../bouncycastle/crypto/tls/AlertLevel.java | 10 - .../crypto/tls/AlwaysValidVerifyer.java | 25 - .../bouncycastle/crypto/tls/ByteQueue.java | 123 - .../bouncycastle/crypto/tls/Certificate.java | 122 - .../crypto/tls/CertificateRequest.java | 28 - .../crypto/tls/CertificateVerifyer.java | 18 - .../bouncycastle/crypto/tls/CipherSuite.java | 135 - .../crypto/tls/ClientCertificateType.java | 19 - .../bouncycastle/crypto/tls/CombinedHash.java | 80 - .../crypto/tls/CompressionMethod.java | 19 - .../bouncycastle/crypto/tls/ContentType.java | 12 - .../tls/DefaultTlsAgreementCredentials.java | 68 - .../crypto/tls/DefaultTlsCipherFactory.java | 70 - .../crypto/tls/DefaultTlsClient.java | 238 -- .../tls/DefaultTlsSignerCredentials.java | 79 - .../crypto/tls/DigestAlgorithm.java | 18 - .../bouncycastle/crypto/tls/ECCurveType.java | 28 - .../crypto/tls/ECPointFormat.java | 15 - .../crypto/tls/EncryptionAlgorithm.java | 29 - .../crypto/tls/ExtensionType.java | 30 - .../crypto/tls/HandshakeType.java | 18 - .../crypto/tls/KeyExchangeAlgorithm.java | 33 - .../crypto/tls/LegacyTlsAuthentication.java | 32 - .../crypto/tls/LegacyTlsClient.java | 29 - .../bouncycastle/crypto/tls/NamedCurve.java | 100 - .../bouncycastle/crypto/tls/RecordStream.java | 158 - .../bouncycastle/crypto/tls/SRPTlsClient.java | 188 -- .../crypto/tls/SecurityParameters.java | 23 - .../crypto/tls/TlsAgreementCredentials.java | 10 - .../crypto/tls/TlsAuthentication.java | 24 - .../crypto/tls/TlsBlockCipher.java | 219 -- .../bouncycastle/crypto/tls/TlsCipher.java | 10 - .../crypto/tls/TlsCipherFactory.java | 11 - .../bouncycastle/crypto/tls/TlsClient.java | 35 - .../crypto/tls/TlsClientContext.java | 14 - .../crypto/tls/TlsClientContextImpl.java | 37 - .../crypto/tls/TlsCompression.java | 10 - .../crypto/tls/TlsCredentials.java | 6 - .../crypto/tls/TlsDHEKeyExchange.java | 57 - .../crypto/tls/TlsDHKeyExchange.java | 250 -- .../bouncycastle/crypto/tls/TlsDSASigner.java | 34 - .../bouncycastle/crypto/tls/TlsDSSSigner.java | 19 - .../crypto/tls/TlsECDHEKeyExchange.java | 112 - .../crypto/tls/TlsECDHKeyExchange.java | 245 -- .../crypto/tls/TlsECDSASigner.java | 19 - .../crypto/tls/TlsFatalAlert.java | 20 - .../crypto/tls/TlsInputStream.java | 37 - .../crypto/tls/TlsKeyExchange.java | 30 - .../org/bouncycastle/crypto/tls/TlsMac.java | 78 - .../crypto/tls/TlsNullCipher.java | 24 - .../crypto/tls/TlsNullCompression.java | 16 - .../crypto/tls/TlsOutputStream.java | 39 - .../crypto/tls/TlsProtocolHandler.java | 1210 -------- .../crypto/tls/TlsRSAKeyExchange.java | 191 -- .../bouncycastle/crypto/tls/TlsRSASigner.java | 37 - .../crypto/tls/TlsRuntimeException.java | 25 - .../crypto/tls/TlsSRPKeyExchange.java | 204 -- .../bouncycastle/crypto/tls/TlsSigner.java | 17 - .../crypto/tls/TlsSignerCredentials.java | 8 - .../org/bouncycastle/crypto/tls/TlsUtils.java | 319 -- .../org/bouncycastle/crypto/tls/package.html | 5 - .../org/bouncycastle/crypto/util/Pack.java | 64 - .../crypto/util/PrivateKeyFactory.java | 175 -- .../crypto/util/PublicKeyFactory.java | 215 -- .../org/bouncycastle/crypto/util/package.html | 5 - .../org/bouncycastle/i18n/ErrorBundle.java | 120 - .../org/bouncycastle/i18n/LocaleString.java | 24 - .../bouncycastle/i18n/LocalizedException.java | 49 - .../bouncycastle/i18n/LocalizedMessage.java | 476 --- .../org/bouncycastle/i18n/MessageBundle.java | 92 - .../i18n/MissingEntryException.java | 73 - .../org/bouncycastle/i18n/TextBundle.java | 92 - .../org/bouncycastle/i18n/filter/Filter.java | 21 - .../bouncycastle/i18n/filter/HTMLFilter.java | 68 - .../bouncycastle/i18n/filter/SQLFilter.java | 69 - .../i18n/filter/TrustedInput.java | 23 - .../i18n/filter/UntrustedInput.java | 44 - .../i18n/filter/UntrustedUrlInput.java | 14 - .../jcajce/DefaultJcaJceHelper.java | 106 - .../org/bouncycastle/jcajce/JcaJceHelper.java | 65 - .../jcajce/NamedJcaJceHelper.java | 114 - .../jcajce/ProviderJcaJceHelper.java | 114 - .../jcajce/io/MacOutputStream.java | 38 - .../jce/ECGOST3410NamedCurveTable.java | 61 - .../java/org/bouncycastle/jce/ECKeyUtil.java | 230 -- .../bouncycastle/jce/ECNamedCurveTable.java | 119 - .../jce/MultiCertStoreParameters.java | 51 - .../jce/PKCS10CertificationRequest.java | 634 ---- .../java/org/bouncycastle/jce/PKCS12Util.java | 128 - .../org/bouncycastle/jce/PrincipalUtil.java | 76 - .../jce/ProviderConfigurationPermission.java | 133 - .../org/bouncycastle/jce/X509KeyUsage.java | 57 - .../jce/X509LDAPCertStoreParameters.java | 1258 -------- .../org/bouncycastle/jce/X509Principal.java | 154 - .../jce/examples/PKCS12Example.java | 379 --- .../bouncycastle/jce/examples/package.html | 5 - .../ExtCertPathBuilderException.java | 29 - .../ExtCertPathValidatorException.java | 30 - .../ExtCertificateEncodingException.java | 21 - .../jce/exception/ExtException.java | 21 - .../jce/exception/ExtIOException.java | 21 - .../jce/interfaces/BCKeyStore.java | 14 - .../jce/interfaces/ConfigurableProvider.java | 13 - .../bouncycastle/jce/interfaces/ECKey.java | 22 - .../jce/interfaces/ECPointEncoder.java | 20 - .../jce/interfaces/ECPrivateKey.java | 16 - .../jce/interfaces/ECPublicKey.java | 17 - .../jce/interfaces/ElGamalKey.java | 8 - .../jce/interfaces/ElGamalPrivateKey.java | 10 - .../jce/interfaces/ElGamalPublicKey.java | 10 - .../jce/interfaces/GOST3410Key.java | 11 - .../jce/interfaces/GOST3410Params.java | 15 - .../jce/interfaces/GOST3410PrivateKey.java | 9 - .../jce/interfaces/GOST3410PublicKey.java | 10 - .../bouncycastle/jce/interfaces/IESKey.java | 22 - .../jce/interfaces/MQVPrivateKey.java | 27 - .../jce/interfaces/MQVPublicKey.java | 20 - .../interfaces/PKCS12BagAttributeCarrier.java | 21 - .../bouncycastle/jce/interfaces/package.html | 5 - .../jce/netscape/NetscapeCertRequest.java | 295 -- .../java/org/bouncycastle/jce/package.html | 10 - .../jce/provider/AnnotatedException.java | 32 - .../jce/provider/BouncyCastleProvider.java | 900 ------ .../jce/provider/BrokenJCEBlockCipher.java | 620 ---- .../provider/BrokenKDF2BytesGenerator.java | 127 - .../bouncycastle/jce/provider/BrokenPBE.java | 440 --- .../provider/CertPathValidatorUtilities.java | 1404 --------- .../bouncycastle/jce/provider/CertStatus.java | 46 - .../jce/provider/CertStoreCollectionSpi.java | 104 - .../org/bouncycastle/jce/provider/DHUtil.java | 50 - .../bouncycastle/jce/provider/DSABase.java | 128 - .../bouncycastle/jce/provider/DSAEncoder.java | 13 - .../bouncycastle/jce/provider/DSAUtil.java | 49 - .../jce/provider/ElGamalUtil.java | 66 - .../jce/provider/ExtCRLException.java | 20 - .../jce/provider/GOST3410Util.java | 52 - .../jce/provider/JCEBlockCipher.java | 1070 ------- .../jce/provider/JCEDHKeyAgreement.java | 210 -- .../jce/provider/JCEDHPrivateKey.java | 177 -- .../jce/provider/JCEDHPublicKey.java | 179 -- .../jce/provider/JCEDigestUtil.java | 131 - .../jce/provider/JCEECPrivateKey.java | 380 --- .../jce/provider/JCEECPublicKey.java | 448 --- .../jce/provider/JCEElGamalCipher.java | 330 --- .../jce/provider/JCEElGamalPrivateKey.java | 164 -- .../jce/provider/JCEElGamalPublicKey.java | 141 - .../jce/provider/JCEIESCipher.java | 400 --- .../jce/provider/JCEKeyGenerator.java | 256 -- .../org/bouncycastle/jce/provider/JCEMac.java | 426 --- .../bouncycastle/jce/provider/JCEPBEKey.java | 151 - .../jce/provider/JCERSACipher.java | 495 ---- .../jce/provider/JCERSAPrivateCrtKey.java | 241 -- .../jce/provider/JCERSAPrivateKey.java | 148 - .../jce/provider/JCERSAPublicKey.java | 132 - .../jce/provider/JCESecretKeyFactory.java | 552 ---- .../jce/provider/JCEStreamCipher.java | 516 ---- .../JDKAlgorithmParameterGenerator.java | 340 --- .../jce/provider/JDKAlgorithmParameters.java | 1316 --------- .../jce/provider/JDKDSAPrivateKey.java | 169 -- .../jce/provider/JDKDSAPublicKey.java | 169 -- .../jce/provider/JDKDSASigner.java | 279 -- .../jce/provider/JDKDigestSignature.java | 366 --- .../jce/provider/JDKECDSAAlgParameters.java | 72 - .../jce/provider/JDKGOST3410PrivateKey.java | 158 - .../jce/provider/JDKGOST3410PublicKey.java | 170 -- .../jce/provider/JDKGOST3410Signer.java | 248 -- .../jce/provider/JDKISOSignature.java | 142 - .../jce/provider/JDKKeyFactory.java | 532 ---- .../jce/provider/JDKKeyPairGenerator.java | 398 --- .../jce/provider/JDKKeyStore.java | 1013 ------- .../jce/provider/JDKMessageDigest.java | 336 --- .../jce/provider/JDKPKCS12KeyStore.java | 1564 ---------- .../jce/provider/JDKPSSSigner.java | 234 -- .../provider/JDKX509CertificateFactory.java | 377 --- .../jce/provider/MultiCertStoreSpi.java | 85 - .../org/bouncycastle/jce/provider/PBE.java | 281 -- .../bouncycastle/jce/provider/PEMUtil.java | 94 - .../PKCS12BagAttributeCarrierImpl.java | 124 - .../provider/PKIXAttrCertPathBuilderSpi.java | 303 -- .../PKIXAttrCertPathValidatorSpi.java | 99 - .../jce/provider/PKIXCRLUtil.java | 155 - .../jce/provider/PKIXCertPath.java | 369 --- .../jce/provider/PKIXCertPathBuilderSpi.java | 261 -- .../provider/PKIXCertPathValidatorSpi.java | 431 --- .../provider/PKIXNameConstraintValidator.java | 1922 ------------ .../PKIXNameConstraintValidatorException.java | 10 - .../jce/provider/PKIXPolicyNode.java | 168 -- .../jce/provider/ProviderUtil.java | 80 - .../provider/RFC3280CertPathUtilities.java | 2570 ----------------- .../provider/RFC3281CertPathUtilities.java | 703 ----- .../bouncycastle/jce/provider/RSAUtil.java | 53 - .../jce/provider/ReasonsMask.java | 96 - .../jce/provider/WrapCipherSpi.java | 431 --- .../jce/provider/X509AttrCertParser.java | 156 - .../jce/provider/X509CRLEntryObject.java | 289 -- .../jce/provider/X509CRLObject.java | 530 ---- .../jce/provider/X509CRLParser.java | 150 - .../jce/provider/X509CertPairParser.java | 77 - .../jce/provider/X509CertParser.java | 159 - .../jce/provider/X509CertificateObject.java | 794 ----- .../jce/provider/X509LDAPCertStoreSpi.java | 477 --- .../jce/provider/X509SignatureUtil.java | 128 - .../provider/X509StoreAttrCertCollection.java | 34 - .../jce/provider/X509StoreCRLCollection.java | 34 - .../jce/provider/X509StoreCertCollection.java | 34 - .../provider/X509StoreCertPairCollection.java | 64 - .../jce/provider/X509StoreLDAPAttrCerts.java | 79 - .../jce/provider/X509StoreLDAPCRLs.java | 87 - .../jce/provider/X509StoreLDAPCertPairs.java | 75 - .../jce/provider/X509StoreLDAPCerts.java | 128 - .../jce/provider/asymmetric/EC.java | 101 - .../jce/provider/asymmetric/ec/ECUtil.java | 216 -- .../provider/asymmetric/ec/KeyAgreement.java | 316 -- .../provider/asymmetric/ec/KeyFactory.java | 132 - .../asymmetric/ec/KeyPairGenerator.java | 195 -- .../jce/provider/asymmetric/ec/Signature.java | 378 --- .../jce/provider/symmetric/AES.java | 262 -- .../jce/provider/symmetric/ARC4.java | 48 - .../jce/provider/symmetric/Blowfish.java | 67 - .../jce/provider/symmetric/CAST5.java | 212 -- .../jce/provider/symmetric/CAST6.java | 43 - .../jce/provider/symmetric/Camellia.java | 189 -- .../jce/provider/symmetric/DESede.java | 293 -- .../jce/provider/symmetric/Grain128.java | 43 - .../jce/provider/symmetric/Grainv1.java | 43 - .../jce/provider/symmetric/HC128.java | 43 - .../jce/provider/symmetric/HC256.java | 43 - .../jce/provider/symmetric/IDEA.java | 252 -- .../jce/provider/symmetric/Noekeon.java | 104 - .../jce/provider/symmetric/RC5.java | 168 -- .../jce/provider/symmetric/RC6.java | 131 - .../jce/provider/symmetric/Rijndael.java | 54 - .../jce/provider/symmetric/SEED.java | 134 - .../jce/provider/symmetric/Salsa20.java | 43 - .../jce/provider/symmetric/Serpent.java | 54 - .../jce/provider/symmetric/Skipjack.java | 79 - .../jce/provider/symmetric/TEA.java | 54 - .../jce/provider/symmetric/Twofish.java | 54 - .../jce/provider/symmetric/VMPC.java | 57 - .../jce/provider/symmetric/VMPCKSA3.java | 43 - .../jce/provider/symmetric/XTEA.java | 54 - .../org/bouncycastle/jce/spec/ECKeySpec.java | 26 - .../jce/spec/ECNamedCurveParameterSpec.java | 62 - .../jce/spec/ECParameterSpec.java | 121 - .../jce/spec/ECPrivateKeySpec.java | 35 - .../jce/spec/ECPublicKeySpec.java | 35 - .../jce/spec/ElGamalGenParameterSpec.java | 28 - .../bouncycastle/jce/spec/ElGamalKeySpec.java | 20 - .../jce/spec/ElGamalParameterSpec.java | 46 - .../jce/spec/ElGamalPrivateKeySpec.java | 33 - .../jce/spec/ElGamalPublicKeySpec.java | 33 - .../jce/spec/GOST28147ParameterSpec.java | 73 - .../jce/spec/GOST3410ParameterSpec.java | 133 - .../jce/spec/GOST3410PrivateKeySpec.java | 70 - .../GOST3410PublicKeyParameterSetSpec.java | 78 - .../jce/spec/GOST3410PublicKeySpec.java | 78 - .../org/bouncycastle/jce/spec/IEKeySpec.java | 70 - .../jce/spec/IESParameterSpec.java | 52 - .../jce/spec/MQVPrivateKeySpec.java | 93 - .../jce/spec/MQVPublicKeySpec.java | 68 - .../org/bouncycastle/jce/spec/package.html | 5 - .../mail/smime/CMSProcessableBodyPart.java | 44 - .../smime/CMSProcessableBodyPartInbound.java | 66 - .../smime/CMSProcessableBodyPartOutbound.java | 73 - .../mail/smime/SMIMECompressed.java | 59 - .../mail/smime/SMIMECompressedGenerator.java | 141 - .../mail/smime/SMIMECompressedParser.java | 100 - .../mail/smime/SMIMEEnveloped.java | 59 - .../mail/smime/SMIMEEnvelopedGenerator.java | 624 ---- .../mail/smime/SMIMEEnvelopedParser.java | 100 - .../mail/smime/SMIMEException.java | 32 - .../mail/smime/SMIMEGenerator.java | 221 -- .../bouncycastle/mail/smime/SMIMESigned.java | 230 -- .../mail/smime/SMIMESignedGenerator.java | 1020 ------- .../mail/smime/SMIMESignedParser.java | 345 --- .../mail/smime/SMIMEStreamingProcessor.java | 10 - .../bouncycastle/mail/smime/SMIMEUtil.java | 623 ---- .../smime/examples/CreateCompressedMail.java | 56 - .../smime/examples/CreateEncryptedMail.java | 118 - .../examples/CreateLargeCompressedMail.java | 62 - .../examples/CreateLargeEncryptedMail.java | 102 - .../smime/examples/CreateLargeSignedMail.java | 225 -- .../mail/smime/examples/CreateSignedMail.java | 220 -- .../examples/CreateSignedMultipartMail.java | 240 -- .../mail/smime/examples/ExampleUtils.java | 77 - .../smime/examples/ReadCompressedMail.java | 40 - .../smime/examples/ReadEncryptedMail.java | 94 - .../examples/ReadLargeCompressedMail.java | 37 - .../examples/ReadLargeEncryptedMail.java | 71 - .../smime/examples/ReadLargeSignedMail.java | 124 - .../mail/smime/examples/ReadSignedMail.java | 176 -- .../examples/SendSignedAndEncryptedMail.java | 192 -- .../mail/smime/examples/package.html | 5 - .../smime/handlers/PKCS7ContentHandler.java | 110 - .../mail/smime/handlers/multipart_signed.java | 280 -- .../mail/smime/handlers/package.html | 5 - .../mail/smime/handlers/pkcs7_mime.java | 18 - .../mail/smime/handlers/pkcs7_signature.java | 18 - .../mail/smime/handlers/x_pkcs7_mime.java | 18 - .../smime/handlers/x_pkcs7_signature.java | 90 - .../org/bouncycastle/mail/smime/package.html | 11 - .../mail/smime/util/CRLFOutputStream.java | 67 - .../smime/util/FileBackedMimeBodyPart.java | 162 -- .../smime/util/SharedFileInputStream.java | 241 -- .../smime/validator/SignedMailValidator.java | 953 ------ .../SignedMailValidatorException.java | 19 - .../SignedMailValidatorMessages.properties | 172 -- .../SignedMailValidatorMessages_de.properties | 172 -- .../bouncycastle/math/ec/ECAlgorithms.java | 92 - .../org/bouncycastle/math/ec/ECConstants.java | 12 - .../org/bouncycastle/math/ec/ECCurve.java | 668 ----- .../bouncycastle/math/ec/ECFieldElement.java | 1196 -------- .../bouncycastle/math/ec/ECMultiplier.java | 19 - .../org/bouncycastle/math/ec/ECPoint.java | 588 ---- .../bouncycastle/math/ec/FpNafMultiplier.java | 39 - .../org/bouncycastle/math/ec/IntArray.java | 518 ---- .../org/bouncycastle/math/ec/PreCompInfo.java | 10 - .../math/ec/ReferenceMultiplier.java | 30 - .../math/ec/SimpleBigDecimal.java | 253 -- .../java/org/bouncycastle/math/ec/Tnaf.java | 844 ------ .../bouncycastle/math/ec/WNafMultiplier.java | 240 -- .../bouncycastle/math/ec/WNafPreCompInfo.java | 44 - .../math/ec/WTauNafMultiplier.java | 119 - .../math/ec/WTauNafPreCompInfo.java | 39 - .../org/bouncycastle/math/ec/ZTauElement.java | 37 - .../org/bouncycastle/math/ec/package.html | 5 - .../mozilla/SignedPublicKeyAndChallenge.java | 134 - .../org/bouncycastle/mozilla/package.html | 5 - .../org/bouncycastle/ocsp/BasicOCSPResp.java | 363 --- .../ocsp/BasicOCSPRespGenerator.java | 341 --- .../org/bouncycastle/ocsp/CertificateID.java | 170 -- .../bouncycastle/ocsp/CertificateStatus.java | 6 - .../org/bouncycastle/ocsp/OCSPException.java | 32 - .../java/org/bouncycastle/ocsp/OCSPReq.java | 414 --- .../bouncycastle/ocsp/OCSPReqGenerator.java | 290 -- .../java/org/bouncycastle/ocsp/OCSPResp.java | 116 - .../bouncycastle/ocsp/OCSPRespGenerator.java | 54 - .../org/bouncycastle/ocsp/OCSPRespStatus.java | 14 - .../java/org/bouncycastle/ocsp/OCSPUtil.java | 198 -- .../main/java/org/bouncycastle/ocsp/Req.java | 108 - .../java/org/bouncycastle/ocsp/RespData.java | 142 - .../java/org/bouncycastle/ocsp/RespID.java | 80 - .../org/bouncycastle/ocsp/RevokedStatus.java | 63 - .../org/bouncycastle/ocsp/SingleResp.java | 164 -- .../org/bouncycastle/ocsp/UnknownStatus.java | 12 - .../java/org/bouncycastle/ocsp/package.html | 5 - .../openpgp/examples/package.html | 5 - .../org/bouncycastle/openpgp/package.html | 16 - .../openssl/EncryptionException.java | 25 - .../openssl/MiscPEMGenerator.java | 335 --- .../bouncycastle/openssl/PEMException.java | 34 - .../org/bouncycastle/openssl/PEMReader.java | 804 ------ .../bouncycastle/openssl/PEMUtilities.java | 278 -- .../org/bouncycastle/openssl/PEMWriter.java | 81 - .../bouncycastle/openssl/PKCS8Generator.java | 252 -- .../openssl/PasswordException.java | 12 - .../bouncycastle/openssl/PasswordFinder.java | 9 - .../org/bouncycastle/openssl/package.html | 5 - .../operator/AsymmetricKeyUnwrapper.java | 19 - .../operator/AsymmetricKeyWrapper.java | 19 - .../bouncycastle/operator/ContentSigner.java | 27 - .../operator/ContentVerifier.java | 31 - .../operator/ContentVerifierProvider.java | 34 - ...efaultDigestAlgorithmIdentifierFinder.java | 75 - ...ultSignatureAlgorithmIdentifierFinder.java | 212 -- .../DigestAlgorithmIdentifierFinder.java | 15 - .../operator/DigestCalculator.java | 36 - .../operator/DigestCalculatorProvider.java | 9 - .../org/bouncycastle/operator/GenericKey.java | 16 - .../bouncycastle/operator/InputDecryptor.java | 29 - .../bouncycastle/operator/InputExpander.java | 29 - .../operator/InputExpanderProvider.java | 8 - .../bouncycastle/operator/KeyUnwrapper.java | 11 - .../org/bouncycastle/operator/KeyWrapper.java | 11 - .../bouncycastle/operator/MacCalculator.java | 34 - .../operator/OperatorCreationException.java | 15 - .../operator/OperatorException.java | 24 - .../operator/OperatorStreamException.java | 21 - .../operator/OutputCompressor.java | 29 - .../operator/OutputEncryptor.java | 36 - .../operator/RawContentVerifier.java | 17 - .../operator/RuntimeOperatorException.java | 19 - .../SignatureAlgorithmIdentifierFinder.java | 15 - .../operator/SymmetricKeyUnwrapper.java | 19 - .../operator/SymmetricKeyWrapper.java | 19 - .../operator/bc/BcAsymmetricKeyWrapper.java | 60 - .../operator/bc/BcContentSignerBuilder.java | 78 - .../bc/BcContentVerifierProviderBuilder.java | 141 - .../bc/BcDigestCalculatorProvider.java | 80 - .../bc/BcRSAAsymmetricKeyWrapper.java | 32 - .../bc/BcRSAContentSignerBuilder.java | 24 - .../BcRSAContentVerifierProviderBuilder.java | 39 - .../operator/bc/BcSignerOutputStream.java | 47 - .../org/bouncycastle/operator/bc/BcUtil.java | 58 - .../operator/bc/OperatorUtils.java | 23 - .../jcajce/JcaContentSignerBuilder.java | 160 - .../JcaContentVerifierProviderBuilder.java | 302 -- .../JcaDigestCalculatorProviderBuilder.java | 114 - .../jcajce/JceAsymmetricKeyUnwrapper.java | 99 - .../jcajce/JceAsymmetricKeyWrapper.java | 100 - .../jcajce/JceSymmetricKeyUnwrapper.java | 65 - .../jcajce/JceSymmetricKeyWrapper.java | 154 - .../operator/jcajce/OperatorHelper.java | 332 --- .../operator/jcajce/OperatorUtils.java | 25 - .../org/bouncycastle/operator/package.html | 5 - .../pkcs/EncryptedPrivateKeyInfoBuilder.java | 54 - .../pkcs/EncryptedPrivateKeyInfoHolder.java | 29 - .../PKCS10CertificationRequestBuilder.java | 133 - .../PKCS10CertificationRequestHolder.java | 235 -- .../org/bouncycastle/pkcs/PKCSException.java | 27 - .../bouncycastle/pkcs/PKCSIOException.java | 29 - .../JcaPKCS10CertificationRequestBuilder.java | 38 - .../JcaPKCS10CertificationRequestHolder.java | 115 - .../org/bouncycastle/pkcs/jcajce/package.html | 7 - .../java/org/bouncycastle/pkcs/package.html | 7 - .../org/bouncycastle/tsp/GenTimeAccuracy.java | 49 - .../org/bouncycastle/tsp/TSPAlgorithms.java | 34 - .../org/bouncycastle/tsp/TSPException.java | 28 - .../java/org/bouncycastle/tsp/TSPUtil.java | 365 --- .../tsp/TSPValidationException.java | 34 - .../bouncycastle/tsp/TimeStampRequest.java | 308 -- .../tsp/TimeStampRequestGenerator.java | 151 - .../bouncycastle/tsp/TimeStampResponse.java | 186 -- .../tsp/TimeStampResponseGenerator.java | 288 -- .../org/bouncycastle/tsp/TimeStampToken.java | 480 --- .../tsp/TimeStampTokenGenerator.java | 459 --- .../bouncycastle/tsp/TimeStampTokenInfo.java | 111 - .../tsp/cms/CMSTimeStampedData.java | 204 -- .../tsp/cms/CMSTimeStampedDataGenerator.java | 70 - .../tsp/cms/CMSTimeStampedDataParser.java | 207 -- .../tsp/cms/CMSTimeStampedGenerator.java | 88 - .../cms/ImprintDigestInvalidException.java | 21 - .../bouncycastle/tsp/cms/MetaDataUtil.java | 75 - .../tsp/cms/TimeStampDataUtil.java | 254 -- .../java/org/bouncycastle/tsp/package.html | 5 - .../java/org/bouncycastle/util/Arrays.java | 244 -- .../org/bouncycastle/util/BigIntegers.java | 78 - .../bouncycastle/util/CollectionStore.java | 57 - .../java/org/bouncycastle/util/IPAddress.java | 188 -- .../java/org/bouncycastle/util/Selector.java | 9 - .../java/org/bouncycastle/util/Store.java | 9 - .../org/bouncycastle/util/StoreException.java | 18 - .../org/bouncycastle/util/StreamParser.java | 10 - .../util/StreamParsingException.java | 18 - .../java/org/bouncycastle/util/Strings.java | 258 -- .../bouncycastle/util/encoders/Base64.java | 121 - .../util/encoders/Base64Encoder.java | 298 -- .../util/encoders/BufferedDecoder.java | 96 - .../util/encoders/BufferedEncoder.java | 96 - .../bouncycastle/util/encoders/Encoder.java | 17 - .../org/bouncycastle/util/encoders/Hex.java | 131 - .../util/encoders/HexEncoder.java | 172 -- .../util/encoders/HexTranslator.java | 87 - .../util/encoders/Translator.java | 23 - .../bouncycastle/util/encoders/UrlBase64.java | 129 - .../util/encoders/UrlBase64Encoder.java | 25 - .../bouncycastle/util/encoders/package.html | 5 - .../util/io/StreamOverflowException.java | 12 - .../org/bouncycastle/util/io/Streams.java | 87 - .../bouncycastle/util/io/TeeInputStream.java | 57 - .../bouncycastle/util/io/TeeOutputStream.java | 52 - .../util/io/pem/PemGenerationException.java | 25 - .../bouncycastle/util/io/pem/PemHeader.java | 66 - .../bouncycastle/util/io/pem/PemObject.java | 61 - .../util/io/pem/PemObjectGenerator.java | 7 - .../util/io/pem/PemObjectParser.java | 9 - .../bouncycastle/util/io/pem/PemReader.java | 79 - .../bouncycastle/util/io/pem/PemWriter.java | 137 - .../org/bouncycastle/voms/VOMSAttribute.java | 245 -- .../x509/AttributeCertificateHolder.java | 419 --- .../x509/AttributeCertificateIssuer.java | 208 -- .../x509/CertPathReviewerException.java | 72 - .../x509/CertPathReviewerMessages.properties | 616 ---- .../CertPathReviewerMessages_de.properties | 621 ---- .../x509/ExtCertificateEncodingException.java | 20 - .../x509/ExtendedPKIXBuilderParameters.java | 210 -- .../x509/ExtendedPKIXParameters.java | 651 ----- .../x509/NoSuchParserException.java | 10 - .../x509/NoSuchStoreException.java | 10 - .../x509/PKIXAttrCertChecker.java | 56 - .../x509/PKIXCertPathReviewer.java | 2547 ---------------- .../org/bouncycastle/x509/X509Attribute.java | 78 - .../x509/X509AttributeCertStoreSelector.java | 484 ---- .../x509/X509AttributeCertificate.java | 101 - .../x509/X509CRLStoreSelector.java | 330 --- .../x509/X509CertPairStoreSelector.java | 155 - .../x509/X509CertStoreSelector.java | 86 - .../x509/X509CertificatePair.java | 166 -- .../x509/X509CollectionStoreParameters.java | 70 - .../java/org/bouncycastle/x509/X509Store.java | 79 - .../x509/X509StoreParameters.java | 5 - .../org/bouncycastle/x509/X509StoreSpi.java | 12 - .../bouncycastle/x509/X509StreamParser.java | 161 -- .../x509/X509StreamParserSpi.java | 45 - .../java/org/bouncycastle/x509/X509Util.java | 412 --- .../x509/X509V1CertificateGenerator.java | 377 --- .../x509/X509V2AttributeCertificate.java | 349 --- .../X509V2AttributeCertificateGenerator.java | 268 -- .../bouncycastle/x509/X509V2CRLGenerator.java | 449 --- .../x509/X509V3CertificateGenerator.java | 527 ---- .../x509/examples/AttrCertExample.java | 314 -- .../bouncycastle/x509/examples/package.html | 7 - .../AuthorityKeyIdentifierStructure.java | 138 - .../SubjectKeyIdentifierStructure.java | 52 - .../x509/extension/X509ExtensionUtil.java | 100 - .../bouncycastle/x509/extension/package.html | 5 - .../java/org/bouncycastle/x509/package.html | 7 - .../x509/util/LDAPStoreHelper.java | 1117 ------- .../bouncycastle/x509/util/StreamParser.java | 10 - .../x509/util/StreamParsingException.java | 18 - .../src/main/resources/cmp/sample_cr.der | Bin 489 -> 0 bytes .../src/main/resources/rfc4134/4.8.eml | 39 - .../src/main/resources/rfc4134/4.9.eml | 28 - .../src/main/resources/rfc4134/5.3.eml | 19 - 1463 files changed, 203445 deletions(-) delete mode 100644 fine-bcprov-old/.gitignore delete mode 100644 fine-bcprov-old/README.md delete mode 100644 fine-bcprov-old/pom.xml delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/LICENSE.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Choice.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Exception.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Generator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Integer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Null.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Object.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Set.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1String.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecific.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERNull.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequence.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSet.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSetParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBMPString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBitString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBoolean.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREnumerated.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternal.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternalParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERIA5String.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERInteger.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNull.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNumericString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERPrintableString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequence.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSet.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSetParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERT61String.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTags.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTCTime.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTF8String.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUniversalString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERVisibleString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERConstructionEnumeration.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CAKeyUpdAnnContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CRLAnnContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertConfirmContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertOrEncCert.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertRepMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertResponse.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertifiedKeyPair.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/Challenge.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ErrorMsgContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenMsgContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenRepContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/InfoTypeAndValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/KeyRecRepContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/OOBCertHash.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PBMParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIBody.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIConfirmContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessages.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyChallContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyRespContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollRepContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollReqContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ProtectedPart.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevAnnContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevDetails.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContentBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevReqContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attributes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfoParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfoParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Evidence.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/MetaData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientEncryptedKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Time.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampAndCRL.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ecc/MQVuserKeyingMaterial.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/Controls.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST28147Parameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CompleteRevocationRefs.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlListID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlOcspRef.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlValidatedID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspListID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspResponsesID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHash.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHashAlgAndValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevRefs.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevVals.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/RevocationValues.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPUserNotice.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPuri.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifierInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerAttribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertIDv2.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificateV2.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSVersionInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/CAST5CBCParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ntt/NTTObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Request.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEAttributes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilities.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilitiesAttribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapability.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilityVector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/DERDump.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/Dump.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/RDN.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500Name.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Attribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Holder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Target.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TargetInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Targets.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Time.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2Form.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Name.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/KeySpecificInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/OtherInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/attr/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/sig/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateIssuer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertIOException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v1CertificateBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2CRLBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v3CertificateBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPRuntimeException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContentBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/GeneralPKIMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetails.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetailsBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/Control.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/CertHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/DefaultCertHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaAttrCertStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCRLStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCertStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509AttributeCertificateHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLConverter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateConverter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v1CertificateBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v2CRLBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v3CertificateBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/NamedCertHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/ProviderCertHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPRespBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReq.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReqBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPRespBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/Req.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RevokedStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/SingleResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/UnknownStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaBasicOCSPRespBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaCertificateID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaRespID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelectorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/BaseDigestCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSConfig.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSPBEKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSReadable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSStreamException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/CounterSignatureDigestCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/DigOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntDigestCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKIntRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeIntRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransIntRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/MacOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/NullOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/OriginatorId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordIntRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/Recipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientOperator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SigOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformation.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerIntInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/cms/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BasicAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CryptoException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DSA.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DataLengthException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationFunction.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Mac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/MaxBytesExceededException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Signer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Wrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST5Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST6Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaLightEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/GOST28147Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NoekeonEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC6Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3211WrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindedEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindingEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSACoreEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RijndaelEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SkipjackEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TEAEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCKSA3Engine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/XTEAEngine.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/DESExample.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/HMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMExponentiator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AEADParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410Parameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410ValidationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPrivateParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPublicParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSABlindingParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/DigestRandomGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/RandomGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ReversedWindowGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ThreadedSeedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/Certificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ContentType.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsAgreementCredentials.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECCurveType.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECPointFormat.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/HandshakeType.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAuthentication.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContext.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContextImpl.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCompression.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCredentials.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCompression.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSignerCredentials.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/Pack.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/ErrorBundle.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocaleString.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MessageBundle.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MissingEntryException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/TextBundle.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/Filter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/TrustedInput.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedUrlInput.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECKeyUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS12Util.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/PrincipalUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/ProviderConfigurationPermission.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509KeyUsage.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509Principal.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DHUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSABase.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ElGamalUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/GOST3410Util.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEMac.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PrivateKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PublicKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410Signer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PBE.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST5.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST6.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Camellia.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grain128.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grainv1.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC128.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC256.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/IDEA.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Noekeon.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC5.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC6.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Rijndael.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/SEED.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Salsa20.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Serpent.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Skipjack.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/TEA.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Twofish.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPC.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/XTEA.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPart.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartInbound.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartOutbound.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressed.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnveloped.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESigned.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEStreamingProcessor.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateCompressedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateEncryptedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeCompressedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeEncryptedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeSignedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMultipartMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ExampleUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadCompressedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadEncryptedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeCompressedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeEncryptedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeSignedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadSignedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/SendSignedAndEncryptedMail.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/PKCS7ContentHandler.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/multipart_signed.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_mime.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_signature.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_mime.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_signature.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/CRLFOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/FileBackedMimeBodyPart.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/SharedFileInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages.properties delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages_de.properties delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECConstants.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECCurve.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECPoint.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/IntArray.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/Tnaf.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ZTauElement.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReq.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/Req.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespID.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/SingleResp.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/examples/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/EncryptionException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMReader.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMUtilities.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMWriter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PKCS8Generator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordFinder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/openssl/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyUnwrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentSigner.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifierProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestAlgorithmIdentifierFinder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculatorProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/GenericKey.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputDecryptor.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpander.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpanderProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyUnwrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/MacCalculator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorCreationException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorStreamException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputCompressor.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputEncryptor.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/RawContentVerifier.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/SignatureAlgorithmIdentifierFinder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyUnwrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcAsymmetricKeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentSignerBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentVerifierProviderBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAAsymmetricKeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentSignerBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentVerifierProviderBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcSignerOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/OperatorUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyUnwrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyWrapper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorUtils.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/operator/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPValidationException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampToken.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/tsp/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/Arrays.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/BigIntegers.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/CollectionStore.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/IPAddress.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/Selector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/Store.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/StoreException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParsingException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/Strings.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Encoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Hex.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Translator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/Streams.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeInputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObject.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemReader.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/voms/VOMSAttribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages_de.properties delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchParserException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Attribute.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertificatePair.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Store.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreParameters.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Util.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/package.html delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParser.java delete mode 100644 fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java delete mode 100644 fine-bcprov-old/src/main/resources/cmp/sample_cr.der delete mode 100644 fine-bcprov-old/src/main/resources/rfc4134/4.8.eml delete mode 100644 fine-bcprov-old/src/main/resources/rfc4134/4.9.eml delete mode 100644 fine-bcprov-old/src/main/resources/rfc4134/5.3.eml diff --git a/fine-bcprov-old/.gitignore b/fine-bcprov-old/.gitignore deleted file mode 100644 index 5d453cd8b..000000000 --- a/fine-bcprov-old/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -*.iml -.idea/ -.DS_Store -.project -.classpath -*.gradle \ No newline at end of file diff --git a/fine-bcprov-old/README.md b/fine-bcprov-old/README.md deleted file mode 100644 index 787fac891..000000000 --- a/fine-bcprov-old/README.md +++ /dev/null @@ -1,3 +0,0 @@ -1.`fine-bcprov-old`是为了与`fine-bouncycastle`区别开,
-2.`fine-itext`与`fine-itext-old`都ä¾èµ–`fine-bcprov-old`与`fine-bouncycastle`,两个库的内容归属于ä¸åŒçš„版本所以暂时无法åˆå¹¶ï¼Œ
-3.æºç åœ°å€https://cloud.finedevelop.com/projects/PF/repos/thirdtools/browse \ No newline at end of file diff --git a/fine-bcprov-old/pom.xml b/fine-bcprov-old/pom.xml deleted file mode 100644 index 621acfb47..000000000 --- a/fine-bcprov-old/pom.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - 4.0.0 - - - com.fr.third - step2 - ${revision} - ../base-third-project/base-third-step2 - - - fine-bcprov-old - ${revision} - - - - com.fr.third - fine-mail - ${revision} - - - - \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/LICENSE.java b/fine-bcprov-old/src/main/java/org/bouncycastle/LICENSE.java deleted file mode 100644 index eef611ea2..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/LICENSE.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle; - -/** - * The Bouncy Castle License - * - * Copyright (c) 2000-2008 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) - *

- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software - * and associated documentation files (the "Software"), to deal in the Software without restriction, - * including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, - * and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - *

- * The above copyright notice and this permission notice shall be included in all copies or substantial - * portions of the Software. - *

- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, - * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE - * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - */ -public class LICENSE -{ - public static String licenseText = - "Copyright (c) 2000-2010 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) " - + System.getProperty("line.separator") - + System.getProperty("line.separator") - + "Permission is hereby granted, free of charge, to any person obtaining a copy of this software " - + System.getProperty("line.separator") - + "and associated documentation files (the \"Software\"), to deal in the Software without restriction, " - + System.getProperty("line.separator") - + "including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, " - + System.getProperty("line.separator") - + "and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so," - + System.getProperty("line.separator") - + "subject to the following conditions:" - + System.getProperty("line.separator") - + System.getProperty("line.separator") - + "The above copyright notice and this permission notice shall be included in all copies or substantial" - + System.getProperty("line.separator") - + "portions of the Software." - + System.getProperty("line.separator") - + System.getProperty("line.separator") - + "THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED," - + System.getProperty("line.separator") - + "INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR" - + System.getProperty("line.separator") - + "PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE" - + System.getProperty("line.separator") - + "LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR" - + System.getProperty("line.separator") - + "OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER" - + System.getProperty("line.separator") - + "DEALINGS IN THE SOFTWARE."; - - public static void main( - String[] args) - { - System.out.println(licenseText); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java deleted file mode 100644 index f87064f2c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public interface ASN1ApplicationSpecificParser - extends DEREncodable, InMemoryRepresentable -{ - DEREncodable readObject() - throws IOException; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java deleted file mode 100644 index 1360e8b5c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.asn1; - -public class ASN1Boolean - extends DERBoolean -{ - public ASN1Boolean(boolean value) - { - super(value); - } - - ASN1Boolean(byte[] value) - { - super(value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Choice.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Choice.java deleted file mode 100644 index 603131d1e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Choice.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * Marker interface for CHOICE objects - if you implement this in a role your - * own object any attempt to tag the object implicitly will convert the tag to - * an explicit one as the encoding rules require. - *

- * If you use this interface your class should also implement the getInstance - * pattern which takes a tag object and the tagging mode used. - */ -public interface ASN1Choice -{ - // marker interface -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java deleted file mode 100644 index 77573a28b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * Base class for objects which can be written directly to ASN.1 output streams. - */ -public abstract class ASN1Encodable - implements DEREncodable -{ - public static final String DER = "DER"; - public static final String BER = "BER"; - - /** - * Return the default BER or DER encoding for this object. - * - * @return BER/DER byte encoded object. - * @throws IOException on encoding error. - */ - public byte[] getEncoded() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(this); - - return bOut.toByteArray(); - } - - /** - * Return either the default for "BER" or a DER encoding if "DER" is specified. - * - * @param encoding name of encoding to use. - * @return byte encoded object. - * @throws IOException on encoding error. - */ - public byte[] getEncoded( - String encoding) - throws IOException - { - if (encoding.equals(DER)) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(this); - - return bOut.toByteArray(); - } - - return this.getEncoded(); - } - - /** - * Return the DER encoding of the object, null if the DER encoding can not be made. - * - * @return a DER byte array, null otherwise. - */ - public byte[] getDEREncoded() - { - try - { - return this.getEncoded(DER); - } - catch (IOException e) - { - return null; - } - } - - public int hashCode() - { - return this.toASN1Object().hashCode(); - } - - public boolean equals( - Object o) - { - if (this == o) - { - return true; - } - - if (!(o instanceof DEREncodable)) - { - return false; - } - - DEREncodable other = (DEREncodable)o; - - return this.toASN1Object().equals(other.getDERObject()); - } - - public DERObject getDERObject() - { - return this.toASN1Object(); - } - - public abstract DERObject toASN1Object(); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java deleted file mode 100644 index 3f736e4b9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Vector; - -/** - * the parent class for this will eventually disappear. Use this one! - */ -public class ASN1EncodableVector - extends DEREncodableVector -{ - Vector v = new Vector(); - - public ASN1EncodableVector() - { - - } - - public void add(DEREncodable obj) - { - v.addElement(obj); - } - - public DEREncodable get(int i) - { - return (DEREncodable)v.elementAt(i); - } - - public int size() - { - return v.size(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java deleted file mode 100644 index d93fd912b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1; - -import java.math.BigInteger; - -public class ASN1Enumerated - extends DEREnumerated -{ - ASN1Enumerated(byte[] bytes) - { - super(bytes); - } - - public ASN1Enumerated(BigInteger value) - { - super(value); - } - - public ASN1Enumerated(int value) - { - super(value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Exception.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Exception.java deleted file mode 100644 index dc0ee2030..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Exception.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class ASN1Exception - extends IOException -{ - private Throwable cause; - - ASN1Exception(String message) - { - super(message); - } - - ASN1Exception(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java deleted file mode 100644 index 0088a5360..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Date; - -public class ASN1GeneralizedTime - extends DERGeneralizedTime -{ - ASN1GeneralizedTime(byte[] bytes) - { - super(bytes); - } - - public ASN1GeneralizedTime(Date time) - { - super(time); - } - - public ASN1GeneralizedTime(String time) - { - super(time); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Generator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Generator.java deleted file mode 100644 index 50cb7054d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Generator.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.OutputStream; - -public abstract class ASN1Generator -{ - protected OutputStream _out; - - public ASN1Generator(OutputStream out) - { - _out = out; - } - - public abstract OutputStream getRawOutputStream(); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java deleted file mode 100644 index c73f4af92..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java +++ /dev/null @@ -1,401 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayInputStream; -import java.io.EOFException; -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.util.io.Streams; - -/** - * a general purpose ASN.1 decoder - note: this class differs from the - * others in that it returns null after it has read the last object in - * the stream. If an ASN.1 NULL is encountered a DER/BER Null object is - * returned. - */ -public class ASN1InputStream - extends FilterInputStream - implements DERTags -{ - private final int limit; - private final boolean lazyEvaluate; - - static int findLimit(InputStream in) - { - if (in instanceof LimitedInputStream) - { - return ((LimitedInputStream)in).getRemaining(); - } - else if (in instanceof ByteArrayInputStream) - { - return ((ByteArrayInputStream)in).available(); - } - - return Integer.MAX_VALUE; - } - - public ASN1InputStream( - InputStream is) - { - this(is, findLimit(is)); - } - - /** - * Create an ASN1InputStream based on the input byte array. The length of DER objects in - * the stream is automatically limited to the length of the input array. - * - * @param input array containing ASN.1 encoded data. - */ - public ASN1InputStream( - byte[] input) - { - this(new ByteArrayInputStream(input), input.length); - } - - /** - * Create an ASN1InputStream based on the input byte array. The length of DER objects in - * the stream is automatically limited to the length of the input array. - * - * @param input array containing ASN.1 encoded data. - * @param lazyEvaluate true if parsing inside constructed objects can be delayed. - */ - public ASN1InputStream( - byte[] input, - boolean lazyEvaluate) - { - this(new ByteArrayInputStream(input), input.length, lazyEvaluate); - } - - /** - * Create an ASN1InputStream where no DER object will be longer than limit. - * - * @param input stream containing ASN.1 encoded data. - * @param limit maximum size of a DER encoded object. - */ - public ASN1InputStream( - InputStream input, - int limit) - { - this(input, limit, false); - } - - /** - * Create an ASN1InputStream where no DER object will be longer than limit, and constructed - * objects such as sequences will be parsed lazily. - * - * @param input stream containing ASN.1 encoded data. - * @param limit maximum size of a DER encoded object. - * @param lazyEvaluate true if parsing inside constructed objects can be delayed. - */ - public ASN1InputStream( - InputStream input, - int limit, - boolean lazyEvaluate) - { - super(input); - this.limit = limit; - this.lazyEvaluate = lazyEvaluate; - } - - protected int readLength() - throws IOException - { - return readLength(this, limit); - } - - protected void readFully( - byte[] bytes) - throws IOException - { - if (Streams.readFully(this, bytes) != bytes.length) - { - throw new EOFException("EOF encountered in middle of object"); - } - } - - /** - * build an object given its tag and the number of bytes to construct it from. - */ - protected DERObject buildObject( - int tag, - int tagNo, - int length) - throws IOException - { - boolean isConstructed = (tag & CONSTRUCTED) != 0; - - DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length); - - if ((tag & APPLICATION) != 0) - { - return new DERApplicationSpecific(isConstructed, tagNo, defIn.toByteArray()); - } - - if ((tag & TAGGED) != 0) - { - return new ASN1StreamParser(defIn).readTaggedObject(isConstructed, tagNo); - } - - if (isConstructed) - { - // TODO There are other tags that may be constructed (e.g. BIT_STRING) - switch (tagNo) - { - case OCTET_STRING: - // - // yes, people actually do this... - // - return new BERConstructedOctetString(buildDEREncodableVector(defIn).v); - case SEQUENCE: - if (lazyEvaluate) - { - return new LazyDERSequence(defIn.toByteArray()); - } - else - { - return DERFactory.createSequence(buildDEREncodableVector(defIn)); - } - case SET: - return DERFactory.createSet(buildDEREncodableVector(defIn), false); - case EXTERNAL: - return new DERExternal(buildDEREncodableVector(defIn)); - default: - return new DERUnknownTag(true, tagNo, defIn.toByteArray()); - } - } - - return createPrimitiveDERObject(tagNo, defIn.toByteArray()); - } - - ASN1EncodableVector buildEncodableVector() - throws IOException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - DERObject o; - - while ((o = readObject()) != null) - { - v.add(o); - } - - return v; - } - - ASN1EncodableVector buildDEREncodableVector( - DefiniteLengthInputStream dIn) throws IOException - { - return new ASN1InputStream(dIn).buildEncodableVector(); - } - - public DERObject readObject() - throws IOException - { - int tag = read(); - if (tag <= 0) - { - if (tag == 0) - { - throw new IOException("unexpected end-of-contents marker"); - } - - return null; - } - - // - // calculate tag number - // - int tagNo = readTagNumber(this, tag); - - boolean isConstructed = (tag & CONSTRUCTED) != 0; - - // - // calculate length - // - int length = readLength(); - - if (length < 0) // indefinite length method - { - if (!isConstructed) - { - throw new IOException("indefinite length primitive encoding encountered"); - } - - IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(this, limit); - ASN1StreamParser sp = new ASN1StreamParser(indIn, limit); - - if ((tag & APPLICATION) != 0) - { - return new BERApplicationSpecificParser(tagNo, sp).getLoadedObject(); - } - - if ((tag & TAGGED) != 0) - { - return new BERTaggedObjectParser(true, tagNo, sp).getLoadedObject(); - } - - // TODO There are other tags that may be constructed (e.g. BIT_STRING) - switch (tagNo) - { - case OCTET_STRING: - return new BEROctetStringParser(sp).getLoadedObject(); - case SEQUENCE: - return new BERSequenceParser(sp).getLoadedObject(); - case SET: - return new BERSetParser(sp).getLoadedObject(); - case EXTERNAL: - return new DERExternalParser(sp).getLoadedObject(); - default: - throw new IOException("unknown BER object encountered"); - } - } - else - { - try - { - return buildObject(tag, tagNo, length); - } - catch (IllegalArgumentException e) - { - throw new ASN1Exception("corrupted stream detected", e); - } - } - } - - static int readTagNumber(InputStream s, int tag) - throws IOException - { - int tagNo = tag & 0x1f; - - // - // with tagged object tag number is bottom 5 bits, or stored at the start of the content - // - if (tagNo == 0x1f) - { - tagNo = 0; - - int b = s.read(); - - // X.690-0207 8.1.2.4.2 - // "c) bits 7 to 1 of the first subsequent octet shall not all be zero." - if ((b & 0x7f) == 0) // Note: -1 will pass - { - throw new IOException("corrupted stream - invalid high tag number found"); - } - - while ((b >= 0) && ((b & 0x80) != 0)) - { - tagNo |= (b & 0x7f); - tagNo <<= 7; - b = s.read(); - } - - if (b < 0) - { - throw new EOFException("EOF found inside tag value."); - } - - tagNo |= (b & 0x7f); - } - - return tagNo; - } - - static int readLength(InputStream s, int limit) - throws IOException - { - int length = s.read(); - if (length < 0) - { - throw new EOFException("EOF found when length expected"); - } - - if (length == 0x80) - { - return -1; // indefinite-length encoding - } - - if (length > 127) - { - int size = length & 0x7f; - - // Note: The invalid long form "0xff" (see X.690 8.1.3.5c) will be caught here - if (size > 4) - { - throw new IOException("DER length more than 4 bytes: " + size); - } - - length = 0; - for (int i = 0; i < size; i++) - { - int next = s.read(); - - if (next < 0) - { - throw new EOFException("EOF found reading length"); - } - - length = (length << 8) + next; - } - - if (length < 0) - { - throw new IOException("corrupted stream - negative length found"); - } - - if (length >= limit) // after all we must have read at least 1 byte - { - throw new IOException("corrupted stream - out of bounds length found"); - } - } - - return length; - } - - static DERObject createPrimitiveDERObject( - int tagNo, - byte[] bytes) - { - switch (tagNo) - { - case BIT_STRING: - return DERBitString.fromOctetString(bytes); - case BMP_STRING: - return new DERBMPString(bytes); - case BOOLEAN: - return new ASN1Boolean(bytes); - case ENUMERATED: - return new ASN1Enumerated(bytes); - case GENERALIZED_TIME: - return new ASN1GeneralizedTime(bytes); - case GENERAL_STRING: - return new DERGeneralString(bytes); - case IA5_STRING: - return new DERIA5String(bytes); - case INTEGER: - return new ASN1Integer(bytes); - case NULL: - return DERNull.INSTANCE; // actual content is ignored (enforce 0 length?) - case NUMERIC_STRING: - return new DERNumericString(bytes); - case OBJECT_IDENTIFIER: - return new ASN1ObjectIdentifier(bytes); - case OCTET_STRING: - return new DEROctetString(bytes); - case PRINTABLE_STRING: - return new DERPrintableString(bytes); - case T61_STRING: - return new DERT61String(bytes); - case UNIVERSAL_STRING: - return new DERUniversalString(bytes); - case UTC_TIME: - return new ASN1UTCTime(bytes); - case UTF8_STRING: - return new DERUTF8String(bytes); - case VISIBLE_STRING: - return new DERVisibleString(bytes); - default: - return new DERUnknownTag(false, tagNo, bytes); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Integer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Integer.java deleted file mode 100644 index 71009a039..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Integer.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1; - -import java.math.BigInteger; - -public class ASN1Integer - extends DERInteger -{ - ASN1Integer(byte[] bytes) - { - super(bytes); - } - - public ASN1Integer(BigInteger value) - { - super(value); - } - - public ASN1Integer(int value) - { - super(value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Null.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Null.java deleted file mode 100644 index b9b849d26..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Null.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * A NULL object. - */ -public abstract class ASN1Null - extends ASN1Object -{ - public ASN1Null() - { - } - - public int hashCode() - { - return -1; - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof ASN1Null)) - { - return false; - } - - return true; - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return "NULL"; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Object.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Object.java deleted file mode 100644 index 7e9860a51..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Object.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public abstract class ASN1Object - extends DERObject -{ - /** - * Create a base ASN.1 object from a byte stream. - * - * @param data the byte stream to parse. - * @return the base ASN.1 object represented by the byte stream. - * @exception IOException if there is a problem parsing the data. - */ - public static ASN1Object fromByteArray(byte[] data) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(data); - - try - { - return (ASN1Object)aIn.readObject(); - } - catch (ClassCastException e) - { - throw new IOException("cannot recognise object in stream"); - } - } - - public final boolean equals(Object o) - { - if (this == o) - { - return true; - } - - return (o instanceof DEREncodable) && asn1Equals(((DEREncodable)o).getDERObject()); - } - - public abstract int hashCode(); - - abstract void encode(DEROutputStream out) throws IOException; - - abstract boolean asn1Equals(DERObject o); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java deleted file mode 100644 index 83b7c8604..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.asn1; - -public class ASN1ObjectIdentifier - extends DERObjectIdentifier -{ - public ASN1ObjectIdentifier(String identifier) - { - super(identifier); - } - - ASN1ObjectIdentifier(byte[] bytes) - { - super(bytes); - } - - /** - * Return an OID that creates a branch under the current one. - * - * @param branchID node numbers for the new branch. - * @return - */ - public ASN1ObjectIdentifier branch(String branchID) - { - return new ASN1ObjectIdentifier(getId() + "." + branchID); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java deleted file mode 100644 index 7d334d7ab..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java +++ /dev/null @@ -1,135 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.encoders.Hex; - -public abstract class ASN1OctetString - extends ASN1Object - implements ASN1OctetStringParser -{ - byte[] string; - - /** - * return an Octet String from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static ASN1OctetString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof ASN1OctetString) - { - return getInstance(o); - } - else - { - return BERConstructedOctetString.fromSequence(ASN1Sequence.getInstance(o)); - } - } - - /** - * return an Octet String from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static ASN1OctetString getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1OctetString) - { - return (ASN1OctetString)obj; - } - - // TODO: this needs to be deleted in V2 - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * @param string the octets making up the octet string. - */ - public ASN1OctetString( - byte[] string) - { - if (string == null) - { - throw new NullPointerException("string cannot be null"); - } - this.string = string; - } - - public ASN1OctetString( - DEREncodable obj) - { - try - { - this.string = obj.getDERObject().getEncoded(ASN1Encodable.DER); - } - catch (IOException e) - { - throw new IllegalArgumentException("Error processing object : " + e.toString()); - } - } - - public InputStream getOctetStream() - { - return new ByteArrayInputStream(string); - } - - public ASN1OctetStringParser parser() - { - return this; - } - - public byte[] getOctets() - { - return string; - } - - public int hashCode() - { - return Arrays.hashCode(this.getOctets()); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof ASN1OctetString)) - { - return false; - } - - ASN1OctetString other = (ASN1OctetString)o; - - return Arrays.areEqual(string, other.string); - } - - public DERObject getLoadedObject() - { - return this.getDERObject(); - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return "#"+new String(Hex.encode(string)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java deleted file mode 100644 index 21a394112..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.InputStream; - -public interface ASN1OctetStringParser - extends DEREncodable, InMemoryRepresentable -{ - public InputStream getOctetStream(); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java deleted file mode 100644 index 5897d09f8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.OutputStream; - -public class ASN1OutputStream - extends DEROutputStream -{ - public ASN1OutputStream( - OutputStream os) - { - super(os); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not ASN1Encodable"); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java deleted file mode 100644 index 2abdb1838..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.asn1; - -public class ASN1ParsingException - extends IllegalStateException -{ - private Throwable cause; - - ASN1ParsingException(String message) - { - super(message); - } - - ASN1ParsingException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java deleted file mode 100644 index b4a8072f7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java +++ /dev/null @@ -1,247 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; - -public abstract class ASN1Sequence - extends ASN1Object -{ - private Vector seq = new Vector(); - - /** - * return an ASN1Sequence from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static ASN1Sequence getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1Sequence) - { - return (ASN1Sequence)obj; - } - else if (obj instanceof byte[]) - { - try - { - return ASN1Sequence.getInstance(ASN1Object.fromByteArray((byte[])obj)); - } - catch (IOException e) - { - throw new IllegalArgumentException("failed to construct sequence from byte[]: " + e.getMessage()); - } - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - /** - * Return an ASN1 sequence from a tagged object. There is a special - * case here, if an object appears to have been explicitly tagged on - * reading but we were expecting it to be implicitly tagged in the - * normal course of events it indicates that we lost the surrounding - * sequence - so we need to add it back (this will happen if the tagged - * object is a sequence that contains other sequences). If you are - * dealing with implicitly tagged sequences you really should - * be using this method. - * - * @param obj the tagged object. - * @param explicit true if the object is meant to be explicitly tagged, - * false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static ASN1Sequence getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - if (explicit) - { - if (!obj.isExplicit()) - { - throw new IllegalArgumentException("object implicit - explicit expected."); - } - - return (ASN1Sequence)obj.getObject(); - } - else - { - // - // constructed object which appears to be explicitly tagged - // when it should be implicit means we have to add the - // surrounding sequence. - // - if (obj.isExplicit()) - { - if (obj instanceof BERTaggedObject) - { - return new BERSequence(obj.getObject()); - } - else - { - return new DERSequence(obj.getObject()); - } - } - else - { - if (obj.getObject() instanceof ASN1Sequence) - { - return (ASN1Sequence)obj.getObject(); - } - } - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - public Enumeration getObjects() - { - return seq.elements(); - } - - public ASN1SequenceParser parser() - { - final ASN1Sequence outer = this; - - return new ASN1SequenceParser() - { - private final int max = size(); - - private int index; - - public DEREncodable readObject() throws IOException - { - if (index == max) - { - return null; - } - - DEREncodable obj = getObjectAt(index++); - if (obj instanceof ASN1Sequence) - { - return ((ASN1Sequence)obj).parser(); - } - if (obj instanceof ASN1Set) - { - return ((ASN1Set)obj).parser(); - } - - return obj; - } - - public DERObject getLoadedObject() - { - return outer; - } - - public DERObject getDERObject() - { - return outer; - } - }; - } - - /** - * return the object at the sequence position indicated by index. - * - * @param index the sequence number (starting at zero) of the object - * @return the object at the sequence position indicated by index. - */ - public DEREncodable getObjectAt( - int index) - { - return (DEREncodable)seq.elementAt(index); - } - - /** - * return the number of objects in this sequence. - * - * @return the number of objects in this sequence. - */ - public int size() - { - return seq.size(); - } - - public int hashCode() - { - Enumeration e = this.getObjects(); - int hashCode = size(); - - while (e.hasMoreElements()) - { - Object o = getNext(e); - hashCode *= 17; - - hashCode ^= o.hashCode(); - } - - return hashCode; - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof ASN1Sequence)) - { - return false; - } - - ASN1Sequence other = (ASN1Sequence)o; - - if (this.size() != other.size()) - { - return false; - } - - Enumeration s1 = this.getObjects(); - Enumeration s2 = other.getObjects(); - - while (s1.hasMoreElements()) - { - DEREncodable obj1 = getNext(s1); - DEREncodable obj2 = getNext(s2); - - DERObject o1 = obj1.getDERObject(); - DERObject o2 = obj2.getDERObject(); - - if (o1 == o2 || o1.equals(o2)) - { - continue; - } - - return false; - } - - return true; - } - - private DEREncodable getNext(Enumeration e) - { - DEREncodable encObj = (DEREncodable)e.nextElement(); - - // unfortunately null was allowed as a substitute for DER null - if (encObj == null) - { - return DERNull.INSTANCE; - } - - return encObj; - } - - protected void addObject( - DEREncodable obj) - { - seq.addElement(obj); - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return seq.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java deleted file mode 100644 index 49dde79db..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public interface ASN1SequenceParser - extends DEREncodable, InMemoryRepresentable -{ - DEREncodable readObject() - throws IOException; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Set.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Set.java deleted file mode 100644 index c395b8b9d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1Set.java +++ /dev/null @@ -1,345 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; - -abstract public class ASN1Set - extends ASN1Object -{ - protected Vector set = new Vector(); - - /** - * return an ASN1Set from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static ASN1Set getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1Set) - { - return (ASN1Set)obj; - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - /** - * Return an ASN1 set from a tagged object. There is a special - * case here, if an object appears to have been explicitly tagged on - * reading but we were expecting it to be implicitly tagged in the - * normal course of events it indicates that we lost the surrounding - * set - so we need to add it back (this will happen if the tagged - * object is a sequence that contains other sequences). If you are - * dealing with implicitly tagged sets you really should - * be using this method. - * - * @param obj the tagged object. - * @param explicit true if the object is meant to be explicitly tagged - * false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static ASN1Set getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - if (explicit) - { - if (!obj.isExplicit()) - { - throw new IllegalArgumentException("object implicit - explicit expected."); - } - - return (ASN1Set)obj.getObject(); - } - else - { - // - // constructed object which appears to be explicitly tagged - // and it's really implicit means we have to add the - // surrounding sequence. - // - if (obj.isExplicit()) - { - ASN1Set set = new DERSet(obj.getObject()); - - return set; - } - else - { - if (obj.getObject() instanceof ASN1Set) - { - return (ASN1Set)obj.getObject(); - } - - // - // in this case the parser returns a sequence, convert it - // into a set. - // - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (obj.getObject() instanceof ASN1Sequence) - { - ASN1Sequence s = (ASN1Sequence)obj.getObject(); - Enumeration e = s.getObjects(); - - while (e.hasMoreElements()) - { - v.add((DEREncodable)e.nextElement()); - } - - return new DERSet(v, false); - } - } - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - public ASN1Set() - { - } - - public Enumeration getObjects() - { - return set.elements(); - } - - /** - * return the object at the set position indicated by index. - * - * @param index the set number (starting at zero) of the object - * @return the object at the set position indicated by index. - */ - public DEREncodable getObjectAt( - int index) - { - return (DEREncodable)set.elementAt(index); - } - - /** - * return the number of objects in this set. - * - * @return the number of objects in this set. - */ - public int size() - { - return set.size(); - } - - public ASN1Encodable[] toArray() - { - ASN1Encodable[] values = new ASN1Encodable[this.size()]; - - for (int i = 0; i != this.size(); i++) - { - values[i] = (ASN1Encodable)this.getObjectAt(i); - } - - return values; - } - - public ASN1SetParser parser() - { - final ASN1Set outer = this; - - return new ASN1SetParser() - { - private final int max = size(); - - private int index; - - public DEREncodable readObject() throws IOException - { - if (index == max) - { - return null; - } - - DEREncodable obj = getObjectAt(index++); - if (obj instanceof ASN1Sequence) - { - return ((ASN1Sequence)obj).parser(); - } - if (obj instanceof ASN1Set) - { - return ((ASN1Set)obj).parser(); - } - - return obj; - } - - public DERObject getLoadedObject() - { - return outer; - } - - public DERObject getDERObject() - { - return outer; - } - }; - } - - public int hashCode() - { - Enumeration e = this.getObjects(); - int hashCode = size(); - - while (e.hasMoreElements()) - { - Object o = getNext(e); - hashCode *= 17; - - hashCode ^= o.hashCode(); - } - - return hashCode; - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof ASN1Set)) - { - return false; - } - - ASN1Set other = (ASN1Set)o; - - if (this.size() != other.size()) - { - return false; - } - - Enumeration s1 = this.getObjects(); - Enumeration s2 = other.getObjects(); - - while (s1.hasMoreElements()) - { - DEREncodable obj1 = getNext(s1); - DEREncodable obj2 = getNext(s2); - - DERObject o1 = obj1.getDERObject(); - DERObject o2 = obj2.getDERObject(); - - if (o1 == o2 || o1.equals(o2)) - { - continue; - } - - return false; - } - - return true; - } - - private DEREncodable getNext(Enumeration e) - { - DEREncodable encObj = (DEREncodable)e.nextElement(); - - // unfortunately null was allowed as a substitute for DER null - if (encObj == null) - { - return DERNull.INSTANCE; - } - - return encObj; - } - - /** - * return true if a <= b (arrays are assumed padded with zeros). - */ - private boolean lessThanOrEqual( - byte[] a, - byte[] b) - { - int len = Math.min(a.length, b.length); - for (int i = 0; i != len; ++i) - { - if (a[i] != b[i]) - { - return (a[i] & 0xff) < (b[i] & 0xff); - } - } - return len == a.length; - } - - private byte[] getEncoded( - DEREncodable obj) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - try - { - aOut.writeObject(obj); - } - catch (IOException e) - { - throw new IllegalArgumentException("cannot encode object added to SET"); - } - - return bOut.toByteArray(); - } - - protected void sort() - { - if (set.size() > 1) - { - boolean swapped = true; - int lastSwap = set.size() - 1; - - while (swapped) - { - int index = 0; - int swapIndex = 0; - byte[] a = getEncoded((DEREncodable)set.elementAt(0)); - - swapped = false; - - while (index != lastSwap) - { - byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1)); - - if (lessThanOrEqual(a, b)) - { - a = b; - } - else - { - Object o = set.elementAt(index); - - set.setElementAt(set.elementAt(index + 1), index); - set.setElementAt(o, index + 1); - - swapped = true; - swapIndex = index; - } - - index++; - } - - lastSwap = swapIndex; - } - } - } - - protected void addObject( - DEREncodable obj) - { - set.addElement(obj); - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return set.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java deleted file mode 100644 index 9dc99b509..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public interface ASN1SetParser - extends DEREncodable, InMemoryRepresentable -{ - public DEREncodable readObject() - throws IOException; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java deleted file mode 100644 index fbcb787f1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java +++ /dev/null @@ -1,245 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -public class ASN1StreamParser -{ - private final InputStream _in; - private final int _limit; - - public ASN1StreamParser( - InputStream in) - { - this(in, ASN1InputStream.findLimit(in)); - } - - public ASN1StreamParser( - InputStream in, - int limit) - { - this._in = in; - this._limit = limit; - } - - public ASN1StreamParser( - byte[] encoding) - { - this(new ByteArrayInputStream(encoding), encoding.length); - } - - DEREncodable readIndef(int tagValue) throws IOException - { - // Note: INDEF => CONSTRUCTED - - // TODO There are other tags that may be constructed (e.g. BIT_STRING) - switch (tagValue) - { - case DERTags.EXTERNAL: - return new DERExternalParser(this); - case DERTags.OCTET_STRING: - return new BEROctetStringParser(this); - case DERTags.SEQUENCE: - return new BERSequenceParser(this); - case DERTags.SET: - return new BERSetParser(this); - default: - throw new ASN1Exception("unknown BER object encountered: 0x" + Integer.toHexString(tagValue)); - } - } - - DEREncodable readImplicit(boolean constructed, int tag) throws IOException - { - if (_in instanceof IndefiniteLengthInputStream) - { - if (!constructed) - { - throw new IOException("indefinite length primitive encoding encountered"); - } - - return readIndef(tag); - } - - if (constructed) - { - switch (tag) - { - case DERTags.SET: - return new DERSetParser(this); - case DERTags.SEQUENCE: - return new DERSequenceParser(this); - case DERTags.OCTET_STRING: - return new BEROctetStringParser(this); - } - } - else - { - switch (tag) - { - case DERTags.SET: - throw new ASN1Exception("sequences must use constructed encoding (see X.690 8.9.1/8.10.1)"); - case DERTags.SEQUENCE: - throw new ASN1Exception("sets must use constructed encoding (see X.690 8.11.1/8.12.1)"); - case DERTags.OCTET_STRING: - return new DEROctetStringParser((DefiniteLengthInputStream)_in); - } - } - - // TODO ASN1Exception - throw new RuntimeException("implicit tagging not implemented"); - } - - DERObject readTaggedObject(boolean constructed, int tag) throws IOException - { - if (!constructed) - { - // Note: !CONSTRUCTED => IMPLICIT - DefiniteLengthInputStream defIn = (DefiniteLengthInputStream)_in; - return new DERTaggedObject(false, tag, new DEROctetString(defIn.toByteArray())); - } - - ASN1EncodableVector v = readVector(); - - if (_in instanceof IndefiniteLengthInputStream) - { - return v.size() == 1 - ? new BERTaggedObject(true, tag, v.get(0)) - : new BERTaggedObject(false, tag, BERFactory.createSequence(v)); - } - - return v.size() == 1 - ? new DERTaggedObject(true, tag, v.get(0)) - : new DERTaggedObject(false, tag, DERFactory.createSequence(v)); - } - - public DEREncodable readObject() - throws IOException - { - int tag = _in.read(); - if (tag == -1) - { - return null; - } - - // - // turn of looking for "00" while we resolve the tag - // - set00Check(false); - - // - // calculate tag number - // - int tagNo = ASN1InputStream.readTagNumber(_in, tag); - - boolean isConstructed = (tag & DERTags.CONSTRUCTED) != 0; - - // - // calculate length - // - int length = ASN1InputStream.readLength(_in, _limit); - - if (length < 0) // indefinite length method - { - if (!isConstructed) - { - throw new IOException("indefinite length primitive encoding encountered"); - } - - IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in, _limit); - ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit); - - if ((tag & DERTags.APPLICATION) != 0) - { - return new BERApplicationSpecificParser(tagNo, sp); - } - - if ((tag & DERTags.TAGGED) != 0) - { - return new BERTaggedObjectParser(true, tagNo, sp); - } - - return sp.readIndef(tagNo); - } - else - { - DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length); - - if ((tag & DERTags.APPLICATION) != 0) - { - return new DERApplicationSpecific(isConstructed, tagNo, defIn.toByteArray()); - } - - if ((tag & DERTags.TAGGED) != 0) - { - return new BERTaggedObjectParser(isConstructed, tagNo, new ASN1StreamParser(defIn)); - } - - if (isConstructed) - { - // TODO There are other tags that may be constructed (e.g. BIT_STRING) - switch (tagNo) - { - case DERTags.OCTET_STRING: - // - // yes, people actually do this... - // - return new BEROctetStringParser(new ASN1StreamParser(defIn)); - case DERTags.SEQUENCE: - return new DERSequenceParser(new ASN1StreamParser(defIn)); - case DERTags.SET: - return new DERSetParser(new ASN1StreamParser(defIn)); - case DERTags.EXTERNAL: - return new DERExternalParser(new ASN1StreamParser(defIn)); - default: - // TODO Add DERUnknownTagParser class? - return new DERUnknownTag(true, tagNo, defIn.toByteArray()); - } - } - - // Some primitive encodings can be handled by parsers too... - switch (tagNo) - { - case DERTags.OCTET_STRING: - return new DEROctetStringParser(defIn); - } - - try - { - return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn.toByteArray()); - } - catch (IllegalArgumentException e) - { - throw new ASN1Exception("corrupted stream detected", e); - } - } - } - - private void set00Check(boolean enabled) - { - if (_in instanceof IndefiniteLengthInputStream) - { - ((IndefiniteLengthInputStream)_in).setEofOn00(enabled); - } - } - - ASN1EncodableVector readVector() throws IOException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - DEREncodable obj; - while ((obj = readObject()) != null) - { - if (obj instanceof InMemoryRepresentable) - { - v.add(((InMemoryRepresentable)obj).getLoadedObject()); - } - else - { - v.add(obj.getDERObject()); - } - } - - return v; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1String.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1String.java deleted file mode 100644 index fde4e239b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1String.java +++ /dev/null @@ -1,6 +0,0 @@ -package org.bouncycastle.asn1; - -public interface ASN1String -{ - public String getString(); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java deleted file mode 100644 index 8ee79607a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java +++ /dev/null @@ -1,215 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * ASN.1 TaggedObject - in ASN.1 notation this is any object preceded by - * a [n] where n is some number - these are assumed to follow the construction - * rules (as with sequences). - */ -public abstract class ASN1TaggedObject - extends ASN1Object - implements ASN1TaggedObjectParser -{ - int tagNo; - boolean empty = false; - boolean explicit = true; - DEREncodable obj = null; - - static public ASN1TaggedObject getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - if (explicit) - { - return (ASN1TaggedObject)obj.getObject(); - } - - throw new IllegalArgumentException("implicitly tagged tagged object"); - } - - static public ASN1TaggedObject getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1TaggedObject) - { - return (ASN1TaggedObject)obj; - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - /** - * Create a tagged object in the explicit style. - * - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public ASN1TaggedObject( - int tagNo, - DEREncodable obj) - { - this.explicit = true; - this.tagNo = tagNo; - this.obj = obj; - } - - /** - * Create a tagged object with the style given by the value of explicit. - *

- * If the object implements ASN1Choice the tag style will always be changed - * to explicit in accordance with the ASN.1 encoding rules. - *

- * @param explicit true if the object is explicitly tagged. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public ASN1TaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) - { - if (obj instanceof ASN1Choice) - { - this.explicit = true; - } - else - { - this.explicit = explicit; - } - - this.tagNo = tagNo; - this.obj = obj; - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof ASN1TaggedObject)) - { - return false; - } - - ASN1TaggedObject other = (ASN1TaggedObject)o; - - if (tagNo != other.tagNo || empty != other.empty || explicit != other.explicit) - { - return false; - } - - if(obj == null) - { - if (other.obj != null) - { - return false; - } - } - else - { - if (!(obj.getDERObject().equals(other.obj.getDERObject()))) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - int code = tagNo; - - // TODO: actually this is wrong - the problem is that a re-encoded - // object may end up with a different hashCode due to implicit - // tagging. As implicit tagging is ambiguous if a sequence is involved - // it seems the only correct method for both equals and hashCode is to - // compare the encodings... - if (obj != null) - { - code ^= obj.hashCode(); - } - - return code; - } - - public int getTagNo() - { - return tagNo; - } - - /** - * return whether or not the object may be explicitly tagged. - *

- * Note: if the object has been read from an input stream, the only - * time you can be sure if isExplicit is returning the true state of - * affairs is if it returns false. An implicitly tagged object may appear - * to be explicitly tagged, so you need to understand the context under - * which the reading was done as well, see getObject below. - */ - public boolean isExplicit() - { - return explicit; - } - - public boolean isEmpty() - { - return empty; - } - - /** - * return whatever was following the tag. - *

- * Note: tagged objects are generally context dependent if you're - * trying to extract a tagged object you should be going via the - * appropriate getInstance method. - */ - public DERObject getObject() - { - if (obj != null) - { - return obj.getDERObject(); - } - - return null; - } - - /** - * Return the object held in this tagged object as a parser assuming it has - * the type of the passed in tag. If the object doesn't have a parser - * associated with it, the base object is returned. - */ - public DEREncodable getObjectParser( - int tag, - boolean isExplicit) - { - switch (tag) - { - case DERTags.SET: - return ASN1Set.getInstance(this, isExplicit).parser(); - case DERTags.SEQUENCE: - return ASN1Sequence.getInstance(this, isExplicit).parser(); - case DERTags.OCTET_STRING: - return ASN1OctetString.getInstance(this, isExplicit).parser(); - } - - if (isExplicit) - { - return getObject(); - } - - throw new RuntimeException("implicit tagging not implemented for tag: " + tag); - } - - public DERObject getLoadedObject() - { - return this.getDERObject(); - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return "[" + tagNo + "]" + obj; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java deleted file mode 100644 index 52f6087e5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public interface ASN1TaggedObjectParser - extends DEREncodable, InMemoryRepresentable -{ - public int getTagNo(); - - public DEREncodable getObjectParser(int tag, boolean isExplicit) - throws IOException; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java deleted file mode 100644 index d3816f221..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Date; - -public class ASN1UTCTime - extends DERUTCTime -{ - ASN1UTCTime(byte[] bytes) - { - super(bytes); - } - - public ASN1UTCTime(Date time) - { - super(time); - } - - public ASN1UTCTime(String time) - { - super(time); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecific.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecific.java deleted file mode 100644 index 8bc8a4ebc..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecific.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -public class BERApplicationSpecific - extends DERApplicationSpecific -{ - public BERApplicationSpecific(int tagNo, ASN1EncodableVector vec) - { - super(tagNo, vec); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java deleted file mode 100644 index 7b6aaafb7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class BERApplicationSpecificParser - implements ASN1ApplicationSpecificParser -{ - private final int tag; - private final ASN1StreamParser parser; - - BERApplicationSpecificParser(int tag, ASN1StreamParser parser) - { - this.tag = tag; - this.parser = parser; - } - - public DEREncodable readObject() - throws IOException - { - return parser.readObject(); - } - - public DERObject getLoadedObject() - throws IOException - { - return new BERApplicationSpecific(tag, parser.readVector()); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException(e.getMessage(), e); - } - } - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java deleted file mode 100644 index cceb241cf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java +++ /dev/null @@ -1,157 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; - -public class BERConstructedOctetString - extends DEROctetString -{ - private static final int MAX_LENGTH = 1000; - - /** - * convert a vector of octet strings into a single byte string - */ - static private byte[] toBytes( - Vector octs) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - for (int i = 0; i != octs.size(); i++) - { - try - { - DEROctetString o = (DEROctetString)octs.elementAt(i); - - bOut.write(o.getOctets()); - } - catch (ClassCastException e) - { - throw new IllegalArgumentException(octs.elementAt(i).getClass().getName() + " found in input should only contain DEROctetString"); - } - catch (IOException e) - { - throw new IllegalArgumentException("exception converting octets " + e.toString()); - } - } - - return bOut.toByteArray(); - } - - private Vector octs; - - /** - * @param string the octets making up the octet string. - */ - public BERConstructedOctetString( - byte[] string) - { - super(string); - } - - public BERConstructedOctetString( - Vector octs) - { - super(toBytes(octs)); - - this.octs = octs; - } - - public BERConstructedOctetString( - DERObject obj) - { - super(obj); - } - - public BERConstructedOctetString( - DEREncodable obj) - { - super(obj.getDERObject()); - } - - public byte[] getOctets() - { - return string; - } - - /** - * return the DER octets that make up this string. - */ - public Enumeration getObjects() - { - if (octs == null) - { - return generateOcts().elements(); - } - - return octs.elements(); - } - - private Vector generateOcts() - { - Vector vec = new Vector(); - for (int i = 0; i < string.length; i += MAX_LENGTH) - { - int end; - - if (i + MAX_LENGTH > string.length) - { - end = string.length; - } - else - { - end = i + MAX_LENGTH; - } - - byte[] nStr = new byte[end - i]; - - System.arraycopy(string, i, nStr, 0, nStr.length); - - vec.addElement(new DEROctetString(nStr)); - } - - return vec; - } - - public void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(CONSTRUCTED | OCTET_STRING); - - out.write(0x80); - - // - // write out the octet array - // - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } - - public static BERConstructedOctetString fromSequence(ASN1Sequence seq) - { - Vector v = new Vector(); - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - v.addElement(e.nextElement()); - } - - return new BERConstructedOctetString(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERFactory.java deleted file mode 100644 index 82f101c73..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERFactory.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1; - -class BERFactory -{ - static final BERSequence EMPTY_SEQUENCE = new BERSequence(); - static final BERSet EMPTY_SET = new BERSet(); - - static BERSequence createSequence(ASN1EncodableVector v) - { - return v.size() < 1 ? EMPTY_SEQUENCE : new BERSequence(v); - } - - static BERSet createSet(ASN1EncodableVector v) - { - return v.size() < 1 ? EMPTY_SET : new BERSet(v); - } - - static BERSet createSet(ASN1EncodableVector v, boolean needsSorting) - { - return v.size() < 1 ? EMPTY_SET : new BERSet(v, needsSorting); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERGenerator.java deleted file mode 100644 index 6b3274193..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERGenerator.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -public class BERGenerator - extends ASN1Generator -{ - private boolean _tagged = false; - private boolean _isExplicit; - private int _tagNo; - - protected BERGenerator( - OutputStream out) - { - super(out); - } - - public BERGenerator( - OutputStream out, - int tagNo, - boolean isExplicit) - { - super(out); - - _tagged = true; - _isExplicit = isExplicit; - _tagNo = tagNo; - } - - public OutputStream getRawOutputStream() - { - return _out; - } - - private void writeHdr( - int tag) - throws IOException - { - _out.write(tag); - _out.write(0x80); - } - - protected void writeBERHeader( - int tag) - throws IOException - { - if (_tagged) - { - int tagNum = _tagNo | DERTags.TAGGED; - - if (_isExplicit) - { - writeHdr(tagNum | DERTags.CONSTRUCTED); - writeHdr(tag); - } - else - { - if ((tag & DERTags.CONSTRUCTED) != 0) - { - writeHdr(tagNum | DERTags.CONSTRUCTED); - } - else - { - writeHdr(tagNum); - } - } - } - else - { - writeHdr(tag); - } - } - - protected void writeBERBody( - InputStream contentStream) - throws IOException - { - int ch; - - while ((ch = contentStream.read()) >= 0) - { - _out.write(ch); - } - } - - protected void writeBEREnd() - throws IOException - { - _out.write(0x00); - _out.write(0x00); - - if (_tagged && _isExplicit) // write extra end for tag header - { - _out.write(0x00); - _out.write(0x00); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERNull.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERNull.java deleted file mode 100644 index 92bc10da7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERNull.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * A BER NULL object. - */ -public class BERNull - extends DERNull -{ - public static final BERNull INSTANCE = new BERNull(); - - public BERNull() - { - } - - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(NULL); - } - else - { - super.encode(out); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java deleted file mode 100644 index 61ef8245d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.OutputStream; - -public class BEROctetStringGenerator - extends BERGenerator -{ - public BEROctetStringGenerator(OutputStream out) - throws IOException - { - super(out); - - writeBERHeader(DERTags.CONSTRUCTED | DERTags.OCTET_STRING); - } - - public BEROctetStringGenerator( - OutputStream out, - int tagNo, - boolean isExplicit) - throws IOException - { - super(out, tagNo, isExplicit); - - writeBERHeader(DERTags.CONSTRUCTED | DERTags.OCTET_STRING); - } - - public OutputStream getOctetOutputStream() - { - return getOctetOutputStream(new byte[1000]); // limit for CER encoding. - } - - public OutputStream getOctetOutputStream( - byte[] buf) - { - return new BufferedBEROctetStream(buf); - } - - private class BufferedBEROctetStream - extends OutputStream - { - private byte[] _buf; - private int _off; - private DEROutputStream _derOut; - - BufferedBEROctetStream( - byte[] buf) - { - _buf = buf; - _off = 0; - _derOut = new DEROutputStream(_out); - } - - public void write( - int b) - throws IOException - { - _buf[_off++] = (byte)b; - - if (_off == _buf.length) - { - DEROctetString.encode(_derOut, _buf); - _off = 0; - } - } - - public void write(byte[] b, int off, int len) throws IOException - { - while (len > 0) - { - int numToCopy = Math.min(len, _buf.length - _off); - System.arraycopy(b, off, _buf, _off, numToCopy); - - _off += numToCopy; - if (_off < _buf.length) - { - break; - } - - DEROctetString.encode(_derOut, _buf); - _off = 0; - - off += numToCopy; - len -= numToCopy; - } - } - - public void close() - throws IOException - { - if (_off != 0) - { - byte[] bytes = new byte[_off]; - System.arraycopy(_buf, 0, bytes, 0, _off); - - DEROctetString.encode(_derOut, bytes); - } - - writeBEREnd(); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java deleted file mode 100644 index 1118a5688..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.util.io.Streams; - -public class BEROctetStringParser - implements ASN1OctetStringParser -{ - private ASN1StreamParser _parser; - - BEROctetStringParser( - ASN1StreamParser parser) - { - _parser = parser; - } - - public InputStream getOctetStream() - { - return new ConstructedOctetStream(_parser); - } - - public DERObject getLoadedObject() - throws IOException - { - return new BERConstructedOctetString(Streams.readAll(getOctetStream())); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException("IOException converting stream to byte array: " + e.getMessage(), e); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROutputStream.java deleted file mode 100644 index c2e8da454..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BEROutputStream.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.OutputStream; - -public class BEROutputStream - extends DEROutputStream -{ - public BEROutputStream( - OutputStream os) - { - super(os); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not BEREncodable"); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequence.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequence.java deleted file mode 100644 index aec6fd681..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequence.java +++ /dev/null @@ -1,59 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -public class BERSequence - extends DERSequence -{ - /** - * create an empty sequence - */ - public BERSequence() - { - } - - /** - * create a sequence containing one object - */ - public BERSequence( - DEREncodable obj) - { - super(obj); - } - - /** - * create a sequence containing a vector of objects. - */ - public BERSequence( - ASN1EncodableVector v) - { - super(v); - } - - /* - */ - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(SEQUENCE | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceGenerator.java deleted file mode 100644 index bc6342053..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceGenerator.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.OutputStream; - -public class BERSequenceGenerator - extends BERGenerator -{ - public BERSequenceGenerator( - OutputStream out) - throws IOException - { - super(out); - - writeBERHeader(DERTags.CONSTRUCTED | DERTags.SEQUENCE); - } - - public BERSequenceGenerator( - OutputStream out, - int tagNo, - boolean isExplicit) - throws IOException - { - super(out, tagNo, isExplicit); - - writeBERHeader(DERTags.CONSTRUCTED | DERTags.SEQUENCE); - } - - public void addObject( - DEREncodable object) - throws IOException - { - object.getDERObject().encode(new BEROutputStream(_out)); - } - - public void close() - throws IOException - { - writeBEREnd(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java deleted file mode 100644 index 4f3b7ec4a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class BERSequenceParser - implements ASN1SequenceParser -{ - private ASN1StreamParser _parser; - - BERSequenceParser(ASN1StreamParser parser) - { - this._parser = parser; - } - - public DEREncodable readObject() - throws IOException - { - return _parser.readObject(); - } - - public DERObject getLoadedObject() - throws IOException - { - return new BERSequence(_parser.readVector()); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new IllegalStateException(e.getMessage()); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSet.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSet.java deleted file mode 100644 index a5a2633ef..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSet.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -public class BERSet - extends DERSet -{ - /** - * create an empty sequence - */ - public BERSet() - { - } - - /** - * create a set containing one object - */ - public BERSet( - DEREncodable obj) - { - super(obj); - } - - /** - * @param v - a vector of objects making up the set. - */ - public BERSet( - ASN1EncodableVector v) - { - super(v, false); - } - - /** - * @param v - a vector of objects making up the set. - */ - BERSet( - ASN1EncodableVector v, - boolean needsSorting) - { - super(v, needsSorting); - } - - /* - */ - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(SET | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSetParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSetParser.java deleted file mode 100644 index e345f3f2d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERSetParser.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class BERSetParser - implements ASN1SetParser -{ - private ASN1StreamParser _parser; - - BERSetParser(ASN1StreamParser parser) - { - this._parser = parser; - } - - public DEREncodable readObject() - throws IOException - { - return _parser.readObject(); - } - - public DERObject getLoadedObject() - throws IOException - { - return new BERSet(_parser.readVector(), false); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException(e.getMessage(), e); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java deleted file mode 100644 index e09c9100c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java +++ /dev/null @@ -1,107 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -/** - * BER TaggedObject - in ASN.1 notation this is any object preceded by - * a [n] where n is some number - these are assumed to follow the construction - * rules (as with sequences). - */ -public class BERTaggedObject - extends DERTaggedObject -{ - /** - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public BERTaggedObject( - int tagNo, - DEREncodable obj) - { - super(tagNo, obj); - } - - /** - * @param explicit true if an explicitly tagged object. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public BERTaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) - { - super(explicit, tagNo, obj); - } - - /** - * create an implicitly tagged object that contains a zero - * length sequence. - */ - public BERTaggedObject( - int tagNo) - { - super(false, tagNo, new BERSequence()); - } - - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.writeTag(CONSTRUCTED | TAGGED, tagNo); - out.write(0x80); - - if (!empty) - { - if (!explicit) - { - Enumeration e; - if (obj instanceof ASN1OctetString) - { - if (obj instanceof BERConstructedOctetString) - { - e = ((BERConstructedOctetString)obj).getObjects(); - } - else - { - ASN1OctetString octs = (ASN1OctetString)obj; - BERConstructedOctetString berO = new BERConstructedOctetString(octs.getOctets()); - e = berO.getObjects(); - } - } - else if (obj instanceof ASN1Sequence) - { - e = ((ASN1Sequence)obj).getObjects(); - } - else if (obj instanceof ASN1Set) - { - e = ((ASN1Set)obj).getObjects(); - } - else - { - throw new RuntimeException("not implemented: " + obj.getClass().getName()); - } - - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - } - else - { - out.writeObject(obj); - } - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java deleted file mode 100644 index 40333fb94..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.InputStream; - -public class BERTaggedObjectParser - implements ASN1TaggedObjectParser -{ - private boolean _constructed; - private int _tagNumber; - private ASN1StreamParser _parser; - - /** - * @deprecated - */ - protected BERTaggedObjectParser( - int baseTag, - int tagNumber, - InputStream contentStream) - { - this((baseTag & DERTags.CONSTRUCTED) != 0, tagNumber, new ASN1StreamParser(contentStream)); - } - - BERTaggedObjectParser( - boolean constructed, - int tagNumber, - ASN1StreamParser parser) - { - _constructed = constructed; - _tagNumber = tagNumber; - _parser = parser; - } - - public boolean isConstructed() - { - return _constructed; - } - - public int getTagNo() - { - return _tagNumber; - } - - public DEREncodable getObjectParser( - int tag, - boolean isExplicit) - throws IOException - { - if (isExplicit) - { - if (!_constructed) - { - throw new IOException("Explicit tags must be constructed (see X.690 8.14.2)"); - } - return _parser.readObject(); - } - - return _parser.readImplicit(_constructed, tag); - } - - public DERObject getLoadedObject() - throws IOException - { - return _parser.readTaggedObject(_constructed, _tagNumber); - } - - public DERObject getDERObject() - { - try - { - return this.getLoadedObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException(e.getMessage()); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java deleted file mode 100644 index 045cffda5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ConstructedOctetStream.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.InputStream; -import java.io.IOException; - -class ConstructedOctetStream - extends InputStream -{ - private final ASN1StreamParser _parser; - - private boolean _first = true; - private InputStream _currentStream; - - ConstructedOctetStream( - ASN1StreamParser parser) - { - _parser = parser; - } - - public int read(byte[] b, int off, int len) throws IOException - { - if (_currentStream == null) - { - if (!_first) - { - return -1; - } - - ASN1OctetStringParser s = (ASN1OctetStringParser)_parser.readObject(); - - if (s == null) - { - return -1; - } - - _first = false; - _currentStream = s.getOctetStream(); - } - - int totalRead = 0; - - for (;;) - { - int numRead = _currentStream.read(b, off + totalRead, len - totalRead); - - if (numRead >= 0) - { - totalRead += numRead; - - if (totalRead == len) - { - return totalRead; - } - } - else - { - ASN1OctetStringParser aos = (ASN1OctetStringParser)_parser.readObject(); - - if (aos == null) - { - _currentStream = null; - return totalRead < 1 ? -1 : totalRead; - } - - _currentStream = aos.getOctetStream(); - } - } - } - - public int read() - throws IOException - { - if (_currentStream == null) - { - if (!_first) - { - return -1; - } - - ASN1OctetStringParser s = (ASN1OctetStringParser)_parser.readObject(); - - if (s == null) - { - return -1; - } - - _first = false; - _currentStream = s.getOctetStream(); - } - - for (;;) - { - int b = _currentStream.read(); - - if (b >= 0) - { - return b; - } - - ASN1OctetStringParser s = (ASN1OctetStringParser)_parser.readObject(); - - if (s == null) - { - _currentStream = null; - return -1; - } - - _currentStream = s.getOctetStream(); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java deleted file mode 100644 index 7ca06d6ae..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java +++ /dev/null @@ -1,225 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -import org.bouncycastle.util.Arrays; - -/** - * Base class for an application specific object - */ -public class DERApplicationSpecific - extends ASN1Object -{ - private final boolean isConstructed; - private final int tag; - private final byte[] octets; - - DERApplicationSpecific( - boolean isConstructed, - int tag, - byte[] octets) - { - this.isConstructed = isConstructed; - this.tag = tag; - this.octets = octets; - } - - public DERApplicationSpecific( - int tag, - byte[] octets) - { - this(false, tag, octets); - } - - public DERApplicationSpecific( - int tag, - DEREncodable object) - throws IOException - { - this(true, tag, object); - } - - public DERApplicationSpecific( - boolean explicit, - int tag, - DEREncodable object) - throws IOException - { - byte[] data = object.getDERObject().getDEREncoded(); - - this.isConstructed = explicit; - this.tag = tag; - - if (explicit) - { - this.octets = data; - } - else - { - int lenBytes = getLengthOfLength(data); - byte[] tmp = new byte[data.length - lenBytes]; - System.arraycopy(data, lenBytes, tmp, 0, tmp.length); - this.octets = tmp; - } - } - - public DERApplicationSpecific(int tagNo, ASN1EncodableVector vec) - { - this.tag = tagNo; - this.isConstructed = true; - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - for (int i = 0; i != vec.size(); i++) - { - try - { - bOut.write(((ASN1Encodable)vec.get(i)).getEncoded()); - } - catch (IOException e) - { - throw new ASN1ParsingException("malformed object: " + e, e); - } - } - this.octets = bOut.toByteArray(); - } - - private int getLengthOfLength(byte[] data) - { - int count = 2; // TODO: assumes only a 1 byte tag number - - while((data[count - 1] & 0x80) != 0) - { - count++; - } - - return count; - } - - public boolean isConstructed() - { - return isConstructed; - } - - public byte[] getContents() - { - return octets; - } - - public int getApplicationTag() - { - return tag; - } - - /** - * Return the enclosed object assuming explicit tagging. - * - * @return the resulting object - * @throws IOException if reconstruction fails. - */ - public DERObject getObject() - throws IOException - { - return new ASN1InputStream(getContents()).readObject(); - } - - /** - * Return the enclosed object assuming implicit tagging. - * - * @param derTagNo the type tag that should be applied to the object's contents. - * @return the resulting object - * @throws IOException if reconstruction fails. - */ - public DERObject getObject(int derTagNo) - throws IOException - { - if (derTagNo >= 0x1f) - { - throw new IOException("unsupported tag number"); - } - - byte[] orig = this.getEncoded(); - byte[] tmp = replaceTagNumber(derTagNo, orig); - - if ((orig[0] & DERTags.CONSTRUCTED) != 0) - { - tmp[0] |= DERTags.CONSTRUCTED; - } - - return new ASN1InputStream(tmp).readObject(); - } - - /* (non-Javadoc) - * @see org.bouncycastle.asn1.DERObject#encode(org.bouncycastle.asn1.DEROutputStream) - */ - void encode(DEROutputStream out) throws IOException - { - int classBits = DERTags.APPLICATION; - if (isConstructed) - { - classBits |= DERTags.CONSTRUCTED; - } - - out.writeEncoded(classBits, tag, octets); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERApplicationSpecific)) - { - return false; - } - - DERApplicationSpecific other = (DERApplicationSpecific)o; - - return isConstructed == other.isConstructed - && tag == other.tag - && Arrays.areEqual(octets, other.octets); - } - - public int hashCode() - { - return (isConstructed ? 1 : 0) ^ tag ^ Arrays.hashCode(octets); - } - - private byte[] replaceTagNumber(int newTag, byte[] input) - throws IOException - { - int tagNo = input[0] & 0x1f; - int index = 1; - // - // with tagged object tag number is bottom 5 bits, or stored at the start of the content - // - if (tagNo == 0x1f) - { - tagNo = 0; - - int b = input[index++] & 0xff; - - // X.690-0207 8.1.2.4.2 - // "c) bits 7 to 1 of the first subsequent octet shall not all be zero." - if ((b & 0x7f) == 0) // Note: -1 will pass - { - throw new ASN1ParsingException("corrupted stream - invalid high tag number found"); - } - - while ((b >= 0) && ((b & 0x80) != 0)) - { - tagNo |= (b & 0x7f); - tagNo <<= 7; - b = input[index++] & 0xff; - } - - tagNo |= (b & 0x7f); - } - - byte[] tmp = new byte[input.length - index + 1]; - - System.arraycopy(input, index, tmp, 1, tmp.length - 1); - - tmp[0] = (byte)newTag; - - return tmp; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBMPString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBMPString.java deleted file mode 100644 index 1ff72de3d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBMPString.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER BMPString object. - */ -public class DERBMPString - extends ASN1Object - implements DERString -{ - String string; - - /** - * return a BMP String from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERBMPString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERBMPString) - { - return (DERBMPString)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a BMP String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERBMPString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERBMPString) - { - return getInstance(o); - } - else - { - return new DERBMPString(ASN1OctetString.getInstance(o).getOctets()); - } - } - - - /** - * basic constructor - byte encoded string. - */ - public DERBMPString( - byte[] string) - { - char[] cs = new char[string.length / 2]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)((string[2 * i] << 8) | (string[2 * i + 1] & 0xff)); - } - - this.string = new String(cs); - } - - /** - * basic constructor - */ - public DERBMPString( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - protected boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERBMPString)) - { - return false; - } - - DERBMPString s = (DERBMPString)o; - - return this.getString().equals(s.getString()); - } - - void encode( - DEROutputStream out) - throws IOException - { - char[] c = string.toCharArray(); - byte[] b = new byte[c.length * 2]; - - for (int i = 0; i != c.length; i++) - { - b[2 * i] = (byte)(c[i] >> 8); - b[2 * i + 1] = (byte)c[i]; - } - - out.writeEncoded(BMP_STRING, b); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBitString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBitString.java deleted file mode 100644 index efca7d337..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBitString.java +++ /dev/null @@ -1,277 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -import org.bouncycastle.util.Arrays; - -public class DERBitString - extends ASN1Object - implements DERString -{ - private static final char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - - protected byte[] data; - protected int padBits; - - /** - * return the correct number of pad bits for a bit string defined in - * a 32 bit constant - */ - static protected int getPadBits( - int bitString) - { - int val = 0; - for (int i = 3; i >= 0; i--) - { - // - // this may look a little odd, but if it isn't done like this pre jdk1.2 - // JVM's break! - // - if (i != 0) - { - if ((bitString >> (i * 8)) != 0) - { - val = (bitString >> (i * 8)) & 0xFF; - break; - } - } - else - { - if (bitString != 0) - { - val = bitString & 0xFF; - break; - } - } - } - - if (val == 0) - { - return 7; - } - - - int bits = 1; - - while (((val <<= 1) & 0xFF) != 0) - { - bits++; - } - - return 8 - bits; - } - - /** - * return the correct number of bytes for a bit string defined in - * a 32 bit constant - */ - static protected byte[] getBytes(int bitString) - { - int bytes = 4; - for (int i = 3; i >= 1; i--) - { - if ((bitString & (0xFF << (i * 8))) != 0) - { - break; - } - bytes--; - } - - byte[] result = new byte[bytes]; - for (int i = 0; i < bytes; i++) - { - result[i] = (byte) ((bitString >> (i * 8)) & 0xFF); - } - - return result; - } - - /** - * return a Bit String from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERBitString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERBitString) - { - return (DERBitString)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Bit String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERBitString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERBitString) - { - return getInstance(o); - } - else - { - return fromOctetString(((ASN1OctetString)o).getOctets()); - } - } - - protected DERBitString( - byte data, - int padBits) - { - this.data = new byte[1]; - this.data[0] = data; - this.padBits = padBits; - } - - /** - * @param data the octets making up the bit string. - * @param padBits the number of extra bits at the end of the string. - */ - public DERBitString( - byte[] data, - int padBits) - { - this.data = data; - this.padBits = padBits; - } - - public DERBitString( - byte[] data) - { - this(data, 0); - } - - public DERBitString( - DEREncodable obj) - { - try - { - this.data = obj.getDERObject().getEncoded(ASN1Encodable.DER); - this.padBits = 0; - } - catch (IOException e) - { - throw new IllegalArgumentException("Error processing object : " + e.toString()); - } - } - - public byte[] getBytes() - { - return data; - } - - public int getPadBits() - { - return padBits; - } - - - /** - * @return the value of the bit string as an int (truncating if necessary) - */ - public int intValue() - { - int value = 0; - - for (int i = 0; i != data.length && i != 4; i++) - { - value |= (data[i] & 0xff) << (8 * i); - } - - return value; - } - - void encode( - DEROutputStream out) - throws IOException - { - byte[] bytes = new byte[getBytes().length + 1]; - - bytes[0] = (byte)getPadBits(); - System.arraycopy(getBytes(), 0, bytes, 1, bytes.length - 1); - - out.writeEncoded(BIT_STRING, bytes); - } - - public int hashCode() - { - return padBits ^ Arrays.hashCode(data); - } - - protected boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERBitString)) - { - return false; - } - - DERBitString other = (DERBitString)o; - - return this.padBits == other.padBits - && Arrays.areEqual(this.data, other.data); - } - - public String getString() - { - StringBuffer buf = new StringBuffer("#"); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - try - { - aOut.writeObject(this); - } - catch (IOException e) - { - throw new RuntimeException("internal error encoding BitString"); - } - - byte[] string = bOut.toByteArray(); - - for (int i = 0; i != string.length; i++) - { - buf.append(table[(string[i] >>> 4) & 0xf]); - buf.append(table[string[i] & 0xf]); - } - - return buf.toString(); - } - - public String toString() - { - return getString(); - } - - static DERBitString fromOctetString(byte[] bytes) - { - if (bytes.length < 1) - { - throw new IllegalArgumentException("truncated BIT STRING detected"); - } - - int padBits = bytes[0]; - byte[] data = new byte[bytes.length - 1]; - - if (data.length != 0) - { - System.arraycopy(bytes, 1, data, 0, bytes.length - 1); - } - - return new DERBitString(data, padBits); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBoolean.java deleted file mode 100644 index a172c4ea2..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERBoolean.java +++ /dev/null @@ -1,117 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERBoolean - extends ASN1Object -{ - byte value; - - public static final DERBoolean FALSE = new DERBoolean(false); - public static final DERBoolean TRUE = new DERBoolean(true); - - /** - * return a boolean from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERBoolean getInstance( - Object obj) - { - if (obj == null || obj instanceof DERBoolean) - { - return (DERBoolean)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a DERBoolean from the passed in boolean. - */ - public static DERBoolean getInstance( - boolean value) - { - return (value ? TRUE : FALSE); - } - - /** - * return a Boolean from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERBoolean getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERBoolean) - { - return getInstance(o); - } - else - { - return new DERBoolean(((ASN1OctetString)o).getOctets()); - } - } - - public DERBoolean( - byte[] value) - { - if (value.length != 1) - { - throw new IllegalArgumentException("byte value should have 1 byte in it"); - } - - this.value = value[0]; - } - - public DERBoolean( - boolean value) - { - this.value = (value) ? (byte)0xff : (byte)0; - } - - public boolean isTrue() - { - return (value != 0); - } - - void encode( - DEROutputStream out) - throws IOException - { - byte[] bytes = new byte[1]; - - bytes[0] = value; - - out.writeEncoded(BOOLEAN, bytes); - } - - protected boolean asn1Equals( - DERObject o) - { - if ((o == null) || !(o instanceof DERBoolean)) - { - return false; - } - - return (value == ((DERBoolean)o).value); - } - - public int hashCode() - { - return value; - } - - - public String toString() - { - return (value != 0) ? "TRUE" : "FALSE"; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodable.java deleted file mode 100644 index d89305a12..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodable.java +++ /dev/null @@ -1,6 +0,0 @@ -package org.bouncycastle.asn1; - -public interface DEREncodable -{ - public DERObject getDERObject(); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java deleted file mode 100644 index 68d63eb98..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Vector; - -/** - * a general class for building up a vector of DER encodable objects - - * this will eventually be superceded by ASN1EncodableVector so you should - * use that class in preference. - */ -public class DEREncodableVector -{ - Vector v = new Vector(); - - /** - * @deprecated use ASN1EncodableVector instead. - */ - public DEREncodableVector() - { - - } - - public void add( - DEREncodable obj) - { - v.addElement(obj); - } - - public DEREncodable get( - int i) - { - return (DEREncodable)v.elementAt(i); - } - - public int size() - { - return v.size(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREnumerated.java deleted file mode 100644 index 440744ec0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEREnumerated.java +++ /dev/null @@ -1,101 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.math.BigInteger; - -import org.bouncycastle.util.Arrays; - -public class DEREnumerated - extends ASN1Object -{ - byte[] bytes; - - /** - * return an integer from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DEREnumerated getInstance( - Object obj) - { - if (obj == null || obj instanceof DEREnumerated) - { - return (DEREnumerated)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Enumerated from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DEREnumerated getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DEREnumerated) - { - return getInstance(o); - } - else - { - return new DEREnumerated(((ASN1OctetString)o).getOctets()); - } - } - - public DEREnumerated( - int value) - { - bytes = BigInteger.valueOf(value).toByteArray(); - } - - public DEREnumerated( - BigInteger value) - { - bytes = value.toByteArray(); - } - - public DEREnumerated( - byte[] bytes) - { - this.bytes = bytes; - } - - public BigInteger getValue() - { - return new BigInteger(bytes); - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(ENUMERATED, bytes); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DEREnumerated)) - { - return false; - } - - DEREnumerated other = (DEREnumerated)o; - - return Arrays.areEqual(this.bytes, other.bytes); - } - - public int hashCode() - { - return Arrays.hashCode(bytes); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternal.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternal.java deleted file mode 100644 index 769c9451d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternal.java +++ /dev/null @@ -1,283 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * Class representing the DER-type External - */ -public class DERExternal - extends ASN1Object -{ - private DERObjectIdentifier directReference; - private DERInteger indirectReference; - private ASN1Object dataValueDescriptor; - private int encoding; - private DERObject externalContent; - - public DERExternal(ASN1EncodableVector vector) - { - int offset = 0; - - DERObject enc = getObjFromVector(vector, offset); - if (enc instanceof DERObjectIdentifier) - { - directReference = (DERObjectIdentifier)enc; - offset++; - enc = getObjFromVector(vector, offset); - } - if (enc instanceof DERInteger) - { - indirectReference = (DERInteger) enc; - offset++; - enc = getObjFromVector(vector, offset); - } - if (!(enc instanceof DERTaggedObject)) - { - dataValueDescriptor = (ASN1Object) enc; - offset++; - enc = getObjFromVector(vector, offset); - } - - if (vector.size() != offset + 1) - { - throw new IllegalArgumentException("input vector too large"); - } - - if (!(enc instanceof DERTaggedObject)) - { - throw new IllegalArgumentException("No tagged object found in vector. Structure doesn't seem to be of type External"); - } - DERTaggedObject obj = (DERTaggedObject)enc; - setEncoding(obj.getTagNo()); - externalContent = obj.getObject(); - } - - private DERObject getObjFromVector(ASN1EncodableVector v, int index) - { - if (v.size() <= index) - { - throw new IllegalArgumentException("too few objects in input vector"); - } - - return v.get(index).getDERObject(); - } - /** - * Creates a new instance of DERExternal - * See X.690 for more informations about the meaning of these parameters - * @param directReference The direct reference or null if not set. - * @param indirectReference The indirect reference or null if not set. - * @param dataValueDescriptor The data value descriptor or null if not set. - * @param externalData The external data in its encoded form. - */ - public DERExternal(DERObjectIdentifier directReference, DERInteger indirectReference, ASN1Object dataValueDescriptor, DERTaggedObject externalData) - { - this(directReference, indirectReference, dataValueDescriptor, externalData.getTagNo(), externalData.getDERObject()); - } - - /** - * Creates a new instance of DERExternal. - * See X.690 for more informations about the meaning of these parameters - * @param directReference The direct reference or null if not set. - * @param indirectReference The indirect reference or null if not set. - * @param dataValueDescriptor The data value descriptor or null if not set. - * @param encoding The encoding to be used for the external data - * @param externalData The external data - */ - public DERExternal(DERObjectIdentifier directReference, DERInteger indirectReference, ASN1Object dataValueDescriptor, int encoding, DERObject externalData) - { - setDirectReference(directReference); - setIndirectReference(indirectReference); - setDataValueDescriptor(dataValueDescriptor); - setEncoding(encoding); - setExternalContent(externalData.getDERObject()); - } - - /* (non-Javadoc) - * @see java.lang.Object#hashCode() - */ - public int hashCode() - { - int ret = 0; - if (directReference != null) - { - ret = directReference.hashCode(); - } - if (indirectReference != null) - { - ret ^= indirectReference.hashCode(); - } - if (dataValueDescriptor != null) - { - ret ^= dataValueDescriptor.hashCode(); - } - ret ^= externalContent.hashCode(); - return ret; - } - - /* (non-Javadoc) - * @see org.bouncycastle.asn1.DERObject#encode(org.bouncycastle.asn1.DEROutputStream) - */ - void encode(DEROutputStream out) - throws IOException - { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - if (directReference != null) - { - baos.write(directReference.getDEREncoded()); - } - if (indirectReference != null) - { - baos.write(indirectReference.getDEREncoded()); - } - if (dataValueDescriptor != null) - { - baos.write(dataValueDescriptor.getDEREncoded()); - } - DERTaggedObject obj = new DERTaggedObject(encoding, externalContent); - baos.write(obj.getDEREncoded()); - out.writeEncoded(DERTags.CONSTRUCTED, DERTags.EXTERNAL, baos.toByteArray()); - } - - /* (non-Javadoc) - * @see org.bouncycastle.asn1.ASN1Object#asn1Equals(org.bouncycastle.asn1.DERObject) - */ - boolean asn1Equals(DERObject o) - { - if (!(o instanceof DERExternal)) - { - return false; - } - if (this == o) - { - return true; - } - DERExternal other = (DERExternal)o; - if (directReference != null) - { - if (other.directReference == null || !other.directReference.equals(directReference)) - { - return false; - } - } - if (indirectReference != null) - { - if (other.indirectReference == null || !other.indirectReference.equals(indirectReference)) - { - return false; - } - } - if (dataValueDescriptor != null) - { - if (other.dataValueDescriptor == null || !other.dataValueDescriptor.equals(dataValueDescriptor)) - { - return false; - } - } - return externalContent.equals(other.externalContent); - } - - /** - * Returns the data value descriptor - * @return The descriptor - */ - public ASN1Object getDataValueDescriptor() - { - return dataValueDescriptor; - } - - /** - * Returns the direct reference of the external element - * @return The reference - */ - public DERObjectIdentifier getDirectReference() - { - return directReference; - } - - /** - * Returns the encoding of the content. Valid values are - *

- * @return The encoding - */ - public int getEncoding() - { - return encoding; - } - - /** - * Returns the content of this element - * @return The content - */ - public DERObject getExternalContent() - { - return externalContent; - } - - /** - * Returns the indirect reference of this element - * @return The reference - */ - public DERInteger getIndirectReference() - { - return indirectReference; - } - - /** - * Sets the data value descriptor - * @param dataValueDescriptor The descriptor - */ - private void setDataValueDescriptor(ASN1Object dataValueDescriptor) - { - this.dataValueDescriptor = dataValueDescriptor; - } - - /** - * Sets the direct reference of the external element - * @param directReferemce The reference - */ - private void setDirectReference(DERObjectIdentifier directReferemce) - { - this.directReference = directReferemce; - } - - /** - * Sets the encoding of the content. Valid values are - * - * @param encoding The encoding - */ - private void setEncoding(int encoding) - { - if (encoding < 0 || encoding > 2) - { - throw new IllegalArgumentException("invalid encoding value: " + encoding); - } - this.encoding = encoding; - } - - /** - * Sets the content of this element - * @param externalContent The content - */ - private void setExternalContent(DERObject externalContent) - { - this.externalContent = externalContent; - } - - /** - * Sets the indirect reference of this element - * @param indirectReference The reference - */ - private void setIndirectReference(DERInteger indirectReference) - { - this.indirectReference = indirectReference; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternalParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternalParser.java deleted file mode 100644 index 059908f6a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERExternalParser.java +++ /dev/null @@ -1,52 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERExternalParser - implements DEREncodable, InMemoryRepresentable -{ - private ASN1StreamParser _parser; - - /** - * - */ - public DERExternalParser(ASN1StreamParser parser) - { - this._parser = parser; - } - - public DEREncodable readObject() - throws IOException - { - return _parser.readObject(); - } - - public DERObject getLoadedObject() - throws IOException - { - try - { - return new DERExternal(_parser.readVector()); - } - catch (IllegalArgumentException e) - { - throw new ASN1Exception(e.getMessage(), e); - } - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException ioe) - { - throw new ASN1ParsingException("unable to get DER object", ioe); - } - catch (IllegalArgumentException ioe) - { - throw new ASN1ParsingException("unable to get DER object", ioe); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERFactory.java deleted file mode 100644 index 7364282ef..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERFactory.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1; - -class DERFactory -{ - static final DERSequence EMPTY_SEQUENCE = new DERSequence(); - static final DERSet EMPTY_SET = new DERSet(); - - static DERSequence createSequence(ASN1EncodableVector v) - { - return v.size() < 1 ? EMPTY_SEQUENCE : new DERSequence(v); - } - - static DERSet createSet(ASN1EncodableVector v) - { - return v.size() < 1 ? EMPTY_SET : new DERSet(v); - } - - static DERSet createSet(ASN1EncodableVector v, boolean needsSorting) - { - return v.size() < 1 ? EMPTY_SET : new DERSet(v, needsSorting); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralString.java deleted file mode 100644 index 51d465861..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralString.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERGeneralString - extends ASN1Object implements DERString -{ - private String string; - - public static DERGeneralString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERGeneralString) - { - return (DERGeneralString) obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - public static DERGeneralString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERGeneralString) - { - return getInstance(o); - } - else - { - return new DERGeneralString(((ASN1OctetString)o).getOctets()); - } - } - - public DERGeneralString(byte[] string) - { - char[] cs = new char[string.length]; - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - this.string = new String(cs); - } - - public DERGeneralString(String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte) cs[i]; - } - return bs; - } - - void encode(DEROutputStream out) - throws IOException - { - out.writeEncoded(GENERAL_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - boolean asn1Equals(DERObject o) - { - if (!(o instanceof DERGeneralString)) - { - return false; - } - DERGeneralString s = (DERGeneralString) o; - return this.getString().equals(s.getString()); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java deleted file mode 100644 index 728cb22c7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java +++ /dev/null @@ -1,329 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; -import java.util.TimeZone; - -/** - * Generalized time object. - */ -public class DERGeneralizedTime - extends ASN1Object -{ - String time; - - /** - * return a generalized time from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERGeneralizedTime getInstance( - Object obj) - { - if (obj == null || obj instanceof DERGeneralizedTime) - { - return (DERGeneralizedTime)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Generalized Time object from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERGeneralizedTime getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERGeneralizedTime) - { - return getInstance(o); - } - else - { - return new DERGeneralizedTime(((ASN1OctetString)o).getOctets()); - } - } - - /** - * The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z - * for local time, or Z+-HHMM on the end, for difference between local - * time and UTC time. The fractional second amount f must consist of at - * least one number with trailing zeroes removed. - * - * @param time the time string. - * @exception IllegalArgumentException if String is an illegal format. - */ - public DERGeneralizedTime( - String time) - { - this.time = time; - try - { - this.getDate(); - } - catch (ParseException e) - { - throw new IllegalArgumentException("invalid date string: " + e.getMessage()); - } - } - - /** - * base constructer from a java.util.date object - */ - public DERGeneralizedTime( - Date time) - { - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'"); - - dateF.setTimeZone(new SimpleTimeZone(0,"Z")); - - this.time = dateF.format(time); - } - - DERGeneralizedTime( - byte[] bytes) - { - // - // explicitly convert to characters - // - char[] dateC = new char[bytes.length]; - - for (int i = 0; i != dateC.length; i++) - { - dateC[i] = (char)(bytes[i] & 0xff); - } - - this.time = new String(dateC); - } - - /** - * Return the time. - * @return The time string as it appeared in the encoded object. - */ - public String getTimeString() - { - return time; - } - - /** - * return the time - always in the form of - * YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm). - *

- * Normally in a certificate we would expect "Z" rather than "GMT", - * however adding the "GMT" means we can just use: - * 

-     *     dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
-     *
- * To read in the time and get a date which is compatible with our local - * time zone. - */ - public String getTime() - { - // - // standardise the format. - // - if (time.charAt(time.length() - 1) == 'Z') - { - return time.substring(0, time.length() - 1) + "GMT+00:00"; - } - else - { - int signPos = time.length() - 5; - char sign = time.charAt(signPos); - if (sign == '-' || sign == '+') - { - return time.substring(0, signPos) - + "GMT" - + time.substring(signPos, signPos + 3) - + ":" - + time.substring(signPos + 3); - } - else - { - signPos = time.length() - 3; - sign = time.charAt(signPos); - if (sign == '-' || sign == '+') - { - return time.substring(0, signPos) - + "GMT" - + time.substring(signPos) - + ":00"; - } - } - } - return time + calculateGMTOffset(); - } - - private String calculateGMTOffset() - { - String sign = "+"; - TimeZone timeZone = TimeZone.getDefault(); - int offset = timeZone.getRawOffset(); - if (offset < 0) - { - sign = "-"; - offset = -offset; - } - int hours = offset / (60 * 60 * 1000); - int minutes = (offset - (hours * 60 * 60 * 1000)) / (60 * 1000); - - try - { - if (timeZone.useDaylightTime() && timeZone.inDaylightTime(this.getDate())) - { - hours += sign.equals("+") ? 1 : -1; - } - } - catch (ParseException e) - { - // we'll do our best and ignore daylight savings - } - - return "GMT" + sign + convert(hours) + ":" + convert(minutes); - } - - private String convert(int time) - { - if (time < 10) - { - return "0" + time; - } - - return Integer.toString(time); - } - - public Date getDate() - throws ParseException - { - SimpleDateFormat dateF; - String d = time; - - if (time.endsWith("Z")) - { - if (hasFractionalSeconds()) - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'"); - } - else - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'"); - } - - dateF.setTimeZone(new SimpleTimeZone(0, "Z")); - } - else if (time.indexOf('-') > 0 || time.indexOf('+') > 0) - { - d = this.getTime(); - if (hasFractionalSeconds()) - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz"); - } - else - { - dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); - } - - dateF.setTimeZone(new SimpleTimeZone(0, "Z")); - } - else - { - if (hasFractionalSeconds()) - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS"); - } - else - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss"); - } - - dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID())); - } - - if (hasFractionalSeconds()) - { - // java misinterprets extra digits as being milliseconds... - String frac = d.substring(14); - int index; - for (index = 1; index < frac.length(); index++) - { - char ch = frac.charAt(index); - if (!('0' <= ch && ch <= '9')) - { - break; - } - } - - if (index - 1 > 3) - { - frac = frac.substring(0, 4) + frac.substring(index); - d = d.substring(0, 14) + frac; - } - else if (index - 1 == 1) - { - frac = frac.substring(0, index) + "00" + frac.substring(index); - d = d.substring(0, 14) + frac; - } - else if (index - 1 == 2) - { - frac = frac.substring(0, index) + "0" + frac.substring(index); - d = d.substring(0, 14) + frac; - } - } - - return dateF.parse(d); - } - - private boolean hasFractionalSeconds() - { - return time.indexOf('.') == 14; - } - - private byte[] getOctets() - { - char[] cs = time.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(GENERALIZED_TIME, this.getOctets()); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERGeneralizedTime)) - { - return false; - } - - return time.equals(((DERGeneralizedTime)o).time); - } - - public int hashCode() - { - return time.hashCode(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGenerator.java deleted file mode 100644 index 8aef7a741..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERGenerator.java +++ /dev/null @@ -1,119 +0,0 @@ -package org.bouncycastle.asn1; - -import org.bouncycastle.util.io.Streams; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -public abstract class DERGenerator - extends ASN1Generator -{ - private boolean _tagged = false; - private boolean _isExplicit; - private int _tagNo; - - protected DERGenerator( - OutputStream out) - { - super(out); - } - - public DERGenerator( - OutputStream out, - int tagNo, - boolean isExplicit) - { - super(out); - - _tagged = true; - _isExplicit = isExplicit; - _tagNo = tagNo; - } - - private void writeLength( - OutputStream out, - int length) - throws IOException - { - if (length > 127) - { - int size = 1; - int val = length; - - while ((val >>>= 8) != 0) - { - size++; - } - - out.write((byte)(size | 0x80)); - - for (int i = (size - 1) * 8; i >= 0; i -= 8) - { - out.write((byte)(length >> i)); - } - } - else - { - out.write((byte)length); - } - } - - void writeDEREncoded( - OutputStream out, - int tag, - byte[] bytes) - throws IOException - { - out.write(tag); - writeLength(out, bytes.length); - out.write(bytes); - } - - void writeDEREncoded( - int tag, - byte[] bytes) - throws IOException - { - if (_tagged) - { - int tagNum = _tagNo | DERTags.TAGGED; - - if (_isExplicit) - { - int newTag = _tagNo | DERTags.CONSTRUCTED | DERTags.TAGGED; - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - writeDEREncoded(bOut, tag, bytes); - - writeDEREncoded(_out, newTag, bOut.toByteArray()); - } - else - { - if ((tag & DERTags.CONSTRUCTED) != 0) - { - writeDEREncoded(_out, tagNum | DERTags.CONSTRUCTED, bytes); - } - else - { - writeDEREncoded(_out, tagNum, bytes); - } - } - } - else - { - writeDEREncoded(_out, tag, bytes); - } - } - - void writeDEREncoded( - OutputStream out, - int tag, - InputStream in) - throws IOException - { - writeDEREncoded(out, tag, Streams.readAll(in)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERIA5String.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERIA5String.java deleted file mode 100644 index e94c62bf1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERIA5String.java +++ /dev/null @@ -1,173 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER IA5String object - this is an ascii string. - */ -public class DERIA5String - extends ASN1Object - implements DERString -{ - String string; - - /** - * return a IA5 string from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERIA5String getInstance( - Object obj) - { - if (obj == null || obj instanceof DERIA5String) - { - return (DERIA5String)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an IA5 String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERIA5String getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERIA5String) - { - return getInstance(o); - } - else - { - return new DERIA5String(((ASN1OctetString)o).getOctets()); - } - } - - /** - * basic constructor - with bytes. - */ - public DERIA5String( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - without validation. - */ - public DERIA5String( - String string) - { - this(string, false); - } - - /** - * Constructor with optional validation. - * - * @param string the base string to wrap. - * @param validate whether or not to check the string. - * @throws IllegalArgumentException if validate is true and the string - * contains characters that should not be in an IA5String. - */ - public DERIA5String( - String string, - boolean validate) - { - if (string == null) - { - throw new NullPointerException("string cannot be null"); - } - if (validate && !isIA5String(string)) - { - throw new IllegalArgumentException("string contains illegal characters"); - } - - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(IA5_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERIA5String)) - { - return false; - } - - DERIA5String s = (DERIA5String)o; - - return this.getString().equals(s.getString()); - } - - /** - * return true if the passed in String can be represented without - * loss as an IA5String, false otherwise. - * - * @return true if in printable set, false otherwise. - */ - public static boolean isIA5String( - String str) - { - for (int i = str.length() - 1; i >= 0; i--) - { - char ch = str.charAt(i); - - if (ch > 0x007f) - { - return false; - } - } - - return true; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERInteger.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERInteger.java deleted file mode 100644 index c72a6cb22..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERInteger.java +++ /dev/null @@ -1,122 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.math.BigInteger; - -import org.bouncycastle.util.Arrays; - -public class DERInteger - extends ASN1Object -{ - byte[] bytes; - - /** - * return an integer from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERInteger getInstance( - Object obj) - { - if (obj == null || obj instanceof DERInteger) - { - return (DERInteger)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Integer from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERInteger getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERInteger) - { - return getInstance(o); - } - else - { - return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets()); - } - } - - public DERInteger( - int value) - { - bytes = BigInteger.valueOf(value).toByteArray(); - } - - public DERInteger( - BigInteger value) - { - bytes = value.toByteArray(); - } - - public DERInteger( - byte[] bytes) - { - this.bytes = bytes; - } - - public BigInteger getValue() - { - return new BigInteger(bytes); - } - - /** - * in some cases positive values get crammed into a space, - * that's not quite big enough... - */ - public BigInteger getPositiveValue() - { - return new BigInteger(1, bytes); - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(INTEGER, bytes); - } - - public int hashCode() - { - int value = 0; - - for (int i = 0; i != bytes.length; i++) - { - value ^= (bytes[i] & 0xff) << (i % 4); - } - - return value; - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERInteger)) - { - return false; - } - - DERInteger other = (DERInteger)o; - - return Arrays.areEqual(bytes, other.bytes); - } - - public String toString() - { - return getValue().toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNull.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNull.java deleted file mode 100644 index 5d020c7d1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNull.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * A NULL object. - */ -public class DERNull - extends ASN1Null -{ - public static final DERNull INSTANCE = new DERNull(); - - byte[] zeroBytes = new byte[0]; - - public DERNull() - { - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(NULL, zeroBytes); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNumericString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNumericString.java deleted file mode 100644 index 23314a6eb..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERNumericString.java +++ /dev/null @@ -1,176 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }. - */ -public class DERNumericString - extends ASN1Object - implements DERString -{ - String string; - - /** - * return a Numeric string from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERNumericString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERNumericString) - { - return (DERNumericString)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Numeric String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERNumericString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERNumericString) - { - return getInstance(o); - } - else - { - return new DERNumericString(ASN1OctetString.getInstance(o).getOctets()); - } - } - - /** - * basic constructor - with bytes. - */ - public DERNumericString( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - without validation.. - */ - public DERNumericString( - String string) - { - this(string, false); - } - - /** - * Constructor with optional validation. - * - * @param string the base string to wrap. - * @param validate whether or not to check the string. - * @throws IllegalArgumentException if validate is true and the string - * contains characters that should not be in a NumericString. - */ - public DERNumericString( - String string, - boolean validate) - { - if (validate && !isNumericString(string)) - { - throw new IllegalArgumentException("string contains illegal characters"); - } - - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(NUMERIC_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERNumericString)) - { - return false; - } - - DERNumericString s = (DERNumericString)o; - - return this.getString().equals(s.getString()); - } - - /** - * Return true if the string can be represented as a NumericString ('0'..'9', ' ') - * - * @param str string to validate. - * @return true if numeric, fale otherwise. - */ - public static boolean isNumericString( - String str) - { - for (int i = str.length() - 1; i >= 0; i--) - { - char ch = str.charAt(i); - - if (ch > 0x007f) - { - return false; - } - - if (('0' <= ch && ch <= '9') || ch == ' ') - { - continue; - } - - return false; - } - - return true; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObject.java deleted file mode 100644 index 42e24878c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObject.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public abstract class DERObject - extends ASN1Encodable - implements DERTags -{ - public DERObject toASN1Object() - { - return this; - } - - public abstract int hashCode(); - - public abstract boolean equals(Object o); - - abstract void encode(DEROutputStream out) - throws IOException; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java deleted file mode 100644 index b55ec0247..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java +++ /dev/null @@ -1,268 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.math.BigInteger; - -public class DERObjectIdentifier - extends ASN1Object -{ - String identifier; - - /** - * return an OID from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERObjectIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof DERObjectIdentifier) - { - return (DERObjectIdentifier)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Object Identifier from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERObjectIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERObjectIdentifier) - { - return getInstance(o); - } - else - { - return new ASN1ObjectIdentifier(ASN1OctetString.getInstance(obj.getObject()).getOctets()); - } - } - - - DERObjectIdentifier( - byte[] bytes) - { - StringBuffer objId = new StringBuffer(); - long value = 0; - BigInteger bigValue = null; - boolean first = true; - - for (int i = 0; i != bytes.length; i++) - { - int b = bytes[i] & 0xff; - - if (value < 0x80000000000000L) - { - value = value * 128 + (b & 0x7f); - if ((b & 0x80) == 0) // end of number reached - { - if (first) - { - switch ((int)value / 40) - { - case 0: - objId.append('0'); - break; - case 1: - objId.append('1'); - value -= 40; - break; - default: - objId.append('2'); - value -= 80; - } - first = false; - } - - objId.append('.'); - objId.append(value); - value = 0; - } - } - else - { - if (bigValue == null) - { - bigValue = BigInteger.valueOf(value); - } - bigValue = bigValue.shiftLeft(7); - bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f)); - if ((b & 0x80) == 0) - { - objId.append('.'); - objId.append(bigValue); - bigValue = null; - value = 0; - } - } - } - - this.identifier = objId.toString(); - } - - public DERObjectIdentifier( - String identifier) - { - if (!isValidIdentifier(identifier)) - { - throw new IllegalArgumentException("string " + identifier + " not an OID"); - } - - this.identifier = identifier; - } - - public String getId() - { - return identifier; - } - - private void writeField( - OutputStream out, - long fieldValue) - throws IOException - { - byte[] result = new byte[9]; - int pos = 8; - result[pos] = (byte)((int)fieldValue & 0x7f); - while (fieldValue >= (1L << 7)) - { - fieldValue >>= 7; - result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80); - } - out.write(result, pos, 9 - pos); - } - - private void writeField( - OutputStream out, - BigInteger fieldValue) - throws IOException - { - int byteCount = (fieldValue.bitLength()+6)/7; - if (byteCount == 0) - { - out.write(0); - } - else - { - BigInteger tmpValue = fieldValue; - byte[] tmp = new byte[byteCount]; - for (int i = byteCount-1; i >= 0; i--) - { - tmp[i] = (byte) ((tmpValue.intValue() & 0x7f) | 0x80); - tmpValue = tmpValue.shiftRight(7); - } - tmp[byteCount-1] &= 0x7f; - out.write(tmp); - } - - } - - void encode( - DEROutputStream out) - throws IOException - { - OIDTokenizer tok = new OIDTokenizer(identifier); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - writeField(bOut, - Integer.parseInt(tok.nextToken()) * 40 - + Integer.parseInt(tok.nextToken())); - - while (tok.hasMoreTokens()) - { - String token = tok.nextToken(); - if (token.length() < 18) - { - writeField(bOut, Long.parseLong(token)); - } - else - { - writeField(bOut, new BigInteger(token)); - } - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(OBJECT_IDENTIFIER, bytes); - } - - public int hashCode() - { - return identifier.hashCode(); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERObjectIdentifier)) - { - return false; - } - - return identifier.equals(((DERObjectIdentifier)o).identifier); - } - - public String toString() - { - return getId(); - } - - private static boolean isValidIdentifier( - String identifier) - { - if (identifier.length() < 3 - || identifier.charAt(1) != '.') - { - return false; - } - - char first = identifier.charAt(0); - if (first < '0' || first > '2') - { - return false; - } - - boolean periodAllowed = false; - for (int i = identifier.length() - 1; i >= 2; i--) - { - char ch = identifier.charAt(i); - - if ('0' <= ch && ch <= '9') - { - periodAllowed = true; - continue; - } - - if (ch == '.') - { - if (!periodAllowed) - { - return false; - } - - periodAllowed = false; - continue; - } - - return false; - } - - return periodAllowed; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetString.java deleted file mode 100644 index cadd60c80..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetString.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DEROctetString - extends ASN1OctetString -{ - /** - * @param string the octets making up the octet string. - */ - public DEROctetString( - byte[] string) - { - super(string); - } - - public DEROctetString( - DEREncodable obj) - { - super(obj); - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(OCTET_STRING, string); - } - - static void encode( - DEROutputStream derOut, - byte[] bytes) - throws IOException - { - derOut.writeEncoded(DERTags.OCTET_STRING, bytes); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java deleted file mode 100644 index 2318f5cef..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java +++ /dev/null @@ -1,39 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.InputStream; - -public class DEROctetStringParser - implements ASN1OctetStringParser -{ - private DefiniteLengthInputStream stream; - - DEROctetStringParser( - DefiniteLengthInputStream stream) - { - this.stream = stream; - } - - public InputStream getOctetStream() - { - return stream; - } - - public DERObject getLoadedObject() - throws IOException - { - return new DEROctetString(stream.toByteArray()); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException("IOException converting stream to byte array: " + e.getMessage(), e); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROutputStream.java deleted file mode 100644 index b78f7caf3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DEROutputStream.java +++ /dev/null @@ -1,134 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -public class DEROutputStream - extends FilterOutputStream implements DERTags -{ - public DEROutputStream( - OutputStream os) - { - super(os); - } - - private void writeLength( - int length) - throws IOException - { - if (length > 127) - { - int size = 1; - int val = length; - - while ((val >>>= 8) != 0) - { - size++; - } - - write((byte)(size | 0x80)); - - for (int i = (size - 1) * 8; i >= 0; i -= 8) - { - write((byte)(length >> i)); - } - } - else - { - write((byte)length); - } - } - - void writeEncoded( - int tag, - byte[] bytes) - throws IOException - { - write(tag); - writeLength(bytes.length); - write(bytes); - } - - void writeTag(int flags, int tagNo) - throws IOException - { - if (tagNo < 31) - { - write(flags | tagNo); - } - else - { - write(flags | 0x1f); - if (tagNo < 128) - { - write(tagNo); - } - else - { - byte[] stack = new byte[5]; - int pos = stack.length; - - stack[--pos] = (byte)(tagNo & 0x7F); - - do - { - tagNo >>= 7; - stack[--pos] = (byte)(tagNo & 0x7F | 0x80); - } - while (tagNo > 127); - - write(stack, pos, stack.length - pos); - } - } - } - - void writeEncoded(int flags, int tagNo, byte[] bytes) - throws IOException - { - writeTag(flags, tagNo); - writeLength(bytes.length); - write(bytes); - } - - protected void writeNull() - throws IOException - { - write(NULL); - write(0x00); - } - - public void write(byte[] buf) - throws IOException - { - out.write(buf, 0, buf.length); - } - - public void write(byte[] buf, int offSet, int len) - throws IOException - { - out.write(buf, offSet, len); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not DEREncodable"); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERPrintableString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERPrintableString.java deleted file mode 100644 index e9872232c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERPrintableString.java +++ /dev/null @@ -1,203 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER PrintableString object. - */ -public class DERPrintableString - extends ASN1Object - implements DERString -{ - String string; - - /** - * return a printable string from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERPrintableString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERPrintableString) - { - return (DERPrintableString)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Printable String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERPrintableString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERPrintableString) - { - return getInstance(o); - } - else - { - return new DERPrintableString(ASN1OctetString.getInstance(o).getOctets()); - } - } - - /** - * basic constructor - byte encoded string. - */ - public DERPrintableString( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - this does not validate the string - */ - public DERPrintableString( - String string) - { - this(string, false); - } - - /** - * Constructor with optional validation. - * - * @param string the base string to wrap. - * @param validate whether or not to check the string. - * @throws IllegalArgumentException if validate is true and the string - * contains characters that should not be in a PrintableString. - */ - public DERPrintableString( - String string, - boolean validate) - { - if (validate && !isPrintableString(string)) - { - throw new IllegalArgumentException("string contains illegal characters"); - } - - this.string = string; - } - - public String getString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(PRINTABLE_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERPrintableString)) - { - return false; - } - - DERPrintableString s = (DERPrintableString)o; - - return this.getString().equals(s.getString()); - } - - public String toString() - { - return string; - } - - /** - * return true if the passed in String can be represented without - * loss as a PrintableString, false otherwise. - * - * @return true if in printable set, false otherwise. - */ - public static boolean isPrintableString( - String str) - { - for (int i = str.length() - 1; i >= 0; i--) - { - char ch = str.charAt(i); - - if (ch > 0x007f) - { - return false; - } - - if ('a' <= ch && ch <= 'z') - { - continue; - } - - if ('A' <= ch && ch <= 'Z') - { - continue; - } - - if ('0' <= ch && ch <= '9') - { - continue; - } - - switch (ch) - { - case ' ': - case '\'': - case '(': - case ')': - case '+': - case '-': - case '.': - case ':': - case '=': - case '?': - case '/': - case ',': - continue; - } - - return false; - } - - return true; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequence.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequence.java deleted file mode 100644 index bb7f7fbe7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequence.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; - -public class DERSequence - extends ASN1Sequence -{ - /** - * create an empty sequence - */ - public DERSequence() - { - } - - /** - * create a sequence containing one object - */ - public DERSequence( - DEREncodable obj) - { - this.addObject(obj); - } - - /** - * create a sequence containing a vector of objects. - */ - public DERSequence( - ASN1EncodableVector v) - { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } - } - - /** - * create a sequence containing an array of objects. - */ - public DERSequence( - ASN1Encodable[] a) - { - for (int i = 0; i != a.length; i++) - { - this.addObject(a[i]); - } - } - - /* - * A note on the implementation: - *

- * As DER requires the constructed, definite-length model to - * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SEQUENCE, - * we also have to specify CONSTRUCTED, and the objects length. - */ - void encode( - DEROutputStream out) - throws IOException - { - // TODO Intermediate buffer could be avoided if we could calculate expected length - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); - - while (e.hasMoreElements()) - { - Object obj = e.nextElement(); - - dOut.writeObject(obj); - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceGenerator.java deleted file mode 100644 index 458dcdc88..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceGenerator.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -public class DERSequenceGenerator - extends DERGenerator -{ - private final ByteArrayOutputStream _bOut = new ByteArrayOutputStream(); - - public DERSequenceGenerator( - OutputStream out) - throws IOException - { - super(out); - } - - public DERSequenceGenerator( - OutputStream out, - int tagNo, - boolean isExplicit) - throws IOException - { - super(out, tagNo, isExplicit); - } - - public void addObject( - DEREncodable object) - throws IOException - { - object.getDERObject().encode(new DEROutputStream(_bOut)); - } - - public OutputStream getRawOutputStream() - { - return _bOut; - } - - public void close() - throws IOException - { - writeDEREncoded(DERTags.CONSTRUCTED | DERTags.SEQUENCE, _bOut.toByteArray()); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java deleted file mode 100644 index b91dfa0f6..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERSequenceParser - implements ASN1SequenceParser -{ - private ASN1StreamParser _parser; - - DERSequenceParser(ASN1StreamParser parser) - { - this._parser = parser; - } - - public DEREncodable readObject() - throws IOException - { - return _parser.readObject(); - } - - public DERObject getLoadedObject() - throws IOException - { - return new DERSequence(_parser.readVector()); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new IllegalStateException(e.getMessage()); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSet.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSet.java deleted file mode 100644 index c4acc828d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSet.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; - -/** - * A DER encoded set object - */ -public class DERSet - extends ASN1Set -{ - /** - * create an empty set - */ - public DERSet() - { - } - - /** - * @param obj - a single object that makes up the set. - */ - public DERSet( - DEREncodable obj) - { - this.addObject(obj); - } - - /** - * @param v - a vector of objects making up the set. - */ - public DERSet( - ASN1EncodableVector v) - { - this(v, true); - } - - /** - * create a set from an array of objects. - */ - public DERSet( - ASN1Encodable[] a) - { - for (int i = 0; i != a.length; i++) - { - this.addObject(a[i]); - } - - this.sort(); - } - - /** - * @param v - a vector of objects making up the set. - */ - DERSet( - ASN1EncodableVector v, - boolean needsSorting) - { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } - - if (needsSorting) - { - this.sort(); - } - } - - /* - * A note on the implementation: - *

- * As DER requires the constructed, definite-length model to - * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SET, - * we also have to specify CONSTRUCTED, and the objects length. - */ - void encode( - DEROutputStream out) - throws IOException - { - // TODO Intermediate buffer could be avoided if we could calculate expected length - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); - - while (e.hasMoreElements()) - { - Object obj = e.nextElement(); - - dOut.writeObject(obj); - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SET | CONSTRUCTED, bytes); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSetParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSetParser.java deleted file mode 100644 index 44ddb8009..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERSetParser.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERSetParser - implements ASN1SetParser -{ - private ASN1StreamParser _parser; - - DERSetParser(ASN1StreamParser parser) - { - this._parser = parser; - } - - public DEREncodable readObject() - throws IOException - { - return _parser.readObject(); - } - - public DERObject getLoadedObject() - throws IOException - { - return new DERSet(_parser.readVector(), false); - } - - public DERObject getDERObject() - { - try - { - return getLoadedObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException(e.getMessage(), e); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERString.java deleted file mode 100644 index 37dc90597..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERString.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * basic interface for DER string objects. - */ -public interface DERString - extends ASN1String -{ - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERT61String.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERT61String.java deleted file mode 100644 index 519a950d1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER T61String (also the teletex string) - */ -public class DERT61String - extends ASN1Object - implements DERString -{ - String string; - - /** - * return a T61 string from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERT61String getInstance( - Object obj) - { - if (obj == null || obj instanceof DERT61String) - { - return (DERT61String)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an T61 String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERT61String getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit) - { - return getInstance(o); - } - else - { - return new DERT61String(ASN1OctetString.getInstance(o).getOctets()); - } - } - - /** - * basic constructor - with bytes. - */ - public DERT61String( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - with string. - */ - public DERT61String( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(T61_STRING, this.getOctets()); - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERT61String)) - { - return false; - } - - return this.getString().equals(((DERT61String)o).getString()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java deleted file mode 100644 index a1d368784..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java +++ /dev/null @@ -1,85 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER TaggedObject - in ASN.1 notation this is any object preceded by - * a [n] where n is some number - these are assumed to follow the construction - * rules (as with sequences). - */ -public class DERTaggedObject - extends ASN1TaggedObject -{ - private static final byte[] ZERO_BYTES = new byte[0]; - - /** - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public DERTaggedObject( - int tagNo, - DEREncodable obj) - { - super(tagNo, obj); - } - - /** - * @param explicit true if an explicitly tagged object. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public DERTaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) - { - super(explicit, tagNo, obj); - } - - /** - * create an implicitly tagged object that contains a zero - * length sequence. - */ - public DERTaggedObject( - int tagNo) - { - super(false, tagNo, new DERSequence()); - } - - void encode( - DEROutputStream out) - throws IOException - { - if (!empty) - { - byte[] bytes = obj.getDERObject().getEncoded(DER); - - if (explicit) - { - out.writeEncoded(CONSTRUCTED | TAGGED, tagNo, bytes); - } - else - { - // - // need to mark constructed types... - // - int flags; - if ((bytes[0] & CONSTRUCTED) != 0) - { - flags = CONSTRUCTED | TAGGED; - } - else - { - flags = TAGGED; - } - - out.writeTag(flags, tagNo); - out.write(bytes, 1, bytes.length - 1); - } - } - else - { - out.writeEncoded(CONSTRUCTED | TAGGED, tagNo, ZERO_BYTES); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTags.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTags.java deleted file mode 100644 index ef441ef62..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERTags.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1; - -public interface DERTags -{ - public static final int BOOLEAN = 0x01; - public static final int INTEGER = 0x02; - public static final int BIT_STRING = 0x03; - public static final int OCTET_STRING = 0x04; - public static final int NULL = 0x05; - public static final int OBJECT_IDENTIFIER = 0x06; - public static final int EXTERNAL = 0x08; - public static final int ENUMERATED = 0x0a; - public static final int SEQUENCE = 0x10; - public static final int SEQUENCE_OF = 0x10; // for completeness - public static final int SET = 0x11; - public static final int SET_OF = 0x11; // for completeness - - - public static final int NUMERIC_STRING = 0x12; - public static final int PRINTABLE_STRING = 0x13; - public static final int T61_STRING = 0x14; - public static final int VIDEOTEX_STRING = 0x15; - public static final int IA5_STRING = 0x16; - public static final int UTC_TIME = 0x17; - public static final int GENERALIZED_TIME = 0x18; - public static final int GRAPHIC_STRING = 0x19; - public static final int VISIBLE_STRING = 0x1a; - public static final int GENERAL_STRING = 0x1b; - public static final int UNIVERSAL_STRING = 0x1c; - public static final int BMP_STRING = 0x1e; - public static final int UTF8_STRING = 0x0c; - - public static final int CONSTRUCTED = 0x20; - public static final int APPLICATION = 0x40; - public static final int TAGGED = 0x80; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTCTime.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTCTime.java deleted file mode 100644 index f183d7292..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTCTime.java +++ /dev/null @@ -1,258 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -/** - * UTC time object. - */ -public class DERUTCTime - extends ASN1Object -{ - String time; - - /** - * return an UTC Time from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERUTCTime getInstance( - Object obj) - { - if (obj == null || obj instanceof DERUTCTime) - { - return (DERUTCTime)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an UTC Time from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERUTCTime getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERUTCTime) - { - return getInstance(o); - } - else - { - return new DERUTCTime(((ASN1OctetString)o).getOctets()); - } - } - - /** - * The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were - * never encoded. When you're creating one of these objects from scratch, that's - * what you want to use, otherwise we'll try to deal with whatever gets read from - * the input stream... (this is why the input format is different from the getTime() - * method output). - *

- * - * @param time the time string. - */ - public DERUTCTime( - String time) - { - this.time = time; - try - { - this.getDate(); - } - catch (ParseException e) - { - throw new IllegalArgumentException("invalid date string: " + e.getMessage()); - } - } - - /** - * base constructer from a java.util.date object - */ - public DERUTCTime( - Date time) - { - SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'"); - - dateF.setTimeZone(new SimpleTimeZone(0,"Z")); - - this.time = dateF.format(time); - } - - DERUTCTime( - byte[] bytes) - { - // - // explicitly convert to characters - // - char[] dateC = new char[bytes.length]; - - for (int i = 0; i != dateC.length; i++) - { - dateC[i] = (char)(bytes[i] & 0xff); - } - - this.time = new String(dateC); - } - - /** - * return the time as a date based on whatever a 2 digit year will return. For - * standardised processing use getAdjustedDate(). - * - * @return the resulting date - * @exception ParseException if the date string cannot be parsed. - */ - public Date getDate() - throws ParseException - { - SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz"); - - return dateF.parse(getTime()); - } - - /** - * return the time as an adjusted date - * in the range of 1950 - 2049. - * - * @return a date in the range of 1950 to 2049. - * @exception ParseException if the date string cannot be parsed. - */ - public Date getAdjustedDate() - throws ParseException - { - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); - - dateF.setTimeZone(new SimpleTimeZone(0, "Z")); - - return dateF.parse(getAdjustedTime()); - } - - /** - * return the time - always in the form of - * YYMMDDhhmmssGMT(+hh:mm|-hh:mm). - *

- * Normally in a certificate we would expect "Z" rather than "GMT", - * however adding the "GMT" means we can just use: - * 

-     *     dateF = new SimpleDateFormat("yyMMddHHmmssz");
-     *
- * To read in the time and get a date which is compatible with our local - * time zone. - *

- * Note: In some cases, due to the local date processing, this - * may lead to unexpected results. If you want to stick the normal - * convention of 1950 to 2049 use the getAdjustedTime() method. - */ - public String getTime() - { - // - // standardise the format. - // - if (time.indexOf('-') < 0 && time.indexOf('+') < 0) - { - if (time.length() == 11) - { - return time.substring(0, 10) + "00GMT+00:00"; - } - else - { - return time.substring(0, 12) + "GMT+00:00"; - } - } - else - { - int index = time.indexOf('-'); - if (index < 0) - { - index = time.indexOf('+'); - } - String d = time; - - if (index == time.length() - 3) - { - d += "00"; - } - - if (index == 10) - { - return d.substring(0, 10) + "00GMT" + d.substring(10, 13) + ":" + d.substring(13, 15); - } - else - { - return d.substring(0, 12) + "GMT" + d.substring(12, 15) + ":" + d.substring(15, 17); - } - } - } - - /** - * return a time string as an adjusted date with a 4 digit year. This goes - * in the range of 1950 - 2049. - */ - public String getAdjustedTime() - { - String d = this.getTime(); - - if (d.charAt(0) < '5') - { - return "20" + d; - } - else - { - return "19" + d; - } - } - - private byte[] getOctets() - { - char[] cs = time.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(UTC_TIME, this.getOctets()); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERUTCTime)) - { - return false; - } - - return time.equals(((DERUTCTime)o).time); - } - - public int hashCode() - { - return time.hashCode(); - } - - public String toString() - { - return time; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTF8String.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTF8String.java deleted file mode 100644 index 06d6fe985..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUTF8String.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -import org.bouncycastle.util.Strings; - -/** - * DER UTF8String object. - */ -public class DERUTF8String - extends ASN1Object - implements DERString -{ - String string; - - /** - * return an UTF8 string from the passed in object. - * - * @exception IllegalArgumentException - * if the object cannot be converted. - */ - public static DERUTF8String getInstance(Object obj) - { - if (obj == null || obj instanceof DERUTF8String) - { - return (DERUTF8String)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * return an UTF8 String from a tagged object. - * - * @param obj - * the tagged object holding the object we want - * @param explicit - * true if the object is meant to be explicitly tagged false - * otherwise. - * @exception IllegalArgumentException - * if the tagged object cannot be converted. - */ - public static DERUTF8String getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERUTF8String) - { - return getInstance(o); - } - else - { - return new DERUTF8String(ASN1OctetString.getInstance(o).getOctets()); - } - } - - /** - * basic constructor - byte encoded string. - */ - public DERUTF8String(byte[] string) - { - try - { - this.string = Strings.fromUTF8ByteArray(string); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IllegalArgumentException("UTF8 encoding invalid"); - } - } - - /** - * basic constructor - */ - public DERUTF8String(String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - boolean asn1Equals(DERObject o) - { - if (!(o instanceof DERUTF8String)) - { - return false; - } - - DERUTF8String s = (DERUTF8String)o; - - return this.getString().equals(s.getString()); - } - - void encode(DEROutputStream out) - throws IOException - { - out.writeEncoded(UTF8_STRING, Strings.toUTF8ByteArray(string)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUniversalString.java deleted file mode 100644 index 6e54934f6..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUniversalString.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * DER UniversalString object. - */ -public class DERUniversalString - extends ASN1Object - implements DERString -{ - private static final char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - private byte[] string; - - /** - * return a Universal String from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERUniversalString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERUniversalString) - { - return (DERUniversalString)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Universal String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERUniversalString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - DERObject o = obj.getObject(); - - if (explicit || o instanceof DERUniversalString) - { - return getInstance(o); - } - else - { - return new DERUniversalString(((ASN1OctetString)o).getOctets()); - } - } - - /** - * basic constructor - byte encoded string. - */ - public DERUniversalString( - byte[] string) - { - this.string = string; - } - - public String getString() - { - StringBuffer buf = new StringBuffer("#"); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - try - { - aOut.writeObject(this); - } - catch (IOException e) - { - throw new RuntimeException("internal error encoding BitString"); - } - - byte[] string = bOut.toByteArray(); - - for (int i = 0; i != string.length; i++) - { - buf.append(table[(string[i] >>> 4) & 0xf]); - buf.append(table[string[i] & 0xf]); - } - - return buf.toString(); - } - - public String toString() - { - return getString(); - } - - public byte[] getOctets() - { - return string; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(UNIVERSAL_STRING, this.getOctets()); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERUniversalString)) - { - return false; - } - - return this.getString().equals(((DERUniversalString)o).getString()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java deleted file mode 100644 index 1feed40fe..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -import org.bouncycastle.util.Arrays; - -/** - * We insert one of these when we find a tag we don't recognise. - */ -public class DERUnknownTag - extends DERObject -{ - private boolean isConstructed; - private int tag; - private byte[] data; - - /** - * @param tag the tag value. - * @param data the contents octets. - */ - public DERUnknownTag( - int tag, - byte[] data) - { - this(false, tag, data); - } - - public DERUnknownTag( - boolean isConstructed, - int tag, - byte[] data) - { - this.isConstructed = isConstructed; - this.tag = tag; - this.data = data; - } - - public boolean isConstructed() - { - return isConstructed; - } - - public int getTag() - { - return tag; - } - - public byte[] getData() - { - return data; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(isConstructed ? DERTags.CONSTRUCTED : 0, tag, data); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERUnknownTag)) - { - return false; - } - - DERUnknownTag other = (DERUnknownTag)o; - - return isConstructed == other.isConstructed - && tag == other.tag - && Arrays.areEqual(data, other.data); - } - - public int hashCode() - { - return (isConstructed ? ~0 : 0) ^ tag ^ Arrays.hashCode(data); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERVisibleString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERVisibleString.java deleted file mode 100644 index 9d0c99151..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DERVisibleString.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER VisibleString object. - */ -public class DERVisibleString - extends ASN1Object - implements DERString -{ - String string; - - /** - * return a Visible String from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERVisibleString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERVisibleString) - { - return (DERVisibleString)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERVisibleString(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Visible String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERVisibleString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - byte encoded string. - */ - public DERVisibleString( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - */ - public DERVisibleString( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public String toString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(VISIBLE_STRING, this.getOctets()); - } - - boolean asn1Equals( - DERObject o) - { - if (!(o instanceof DERVisibleString)) - { - return false; - } - - return this.getString().equals(((DERVisibleString)o).getString()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java deleted file mode 100644 index 37851748b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.EOFException; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.util.io.Streams; - -class DefiniteLengthInputStream - extends LimitedInputStream -{ - private static final byte[] EMPTY_BYTES = new byte[0]; - - private final int _originalLength; - private int _remaining; - - DefiniteLengthInputStream( - InputStream in, - int length) - { - super(in, length); - - if (length < 0) - { - throw new IllegalArgumentException("negative lengths not allowed"); - } - - this._originalLength = length; - this._remaining = length; - - if (length == 0) - { - setParentEofDetect(true); - } - } - - int getRemaining() - { - return _remaining; - } - - public int read() - throws IOException - { - if (_remaining == 0) - { - return -1; - } - - int b = _in.read(); - - if (b < 0) - { - throw new EOFException("DEF length " + _originalLength + " object truncated by " + _remaining); - } - - if (--_remaining == 0) - { - setParentEofDetect(true); - } - - return b; - } - - public int read(byte[] buf, int off, int len) - throws IOException - { - if (_remaining == 0) - { - return -1; - } - - int toRead = Math.min(len, _remaining); - int numRead = _in.read(buf, off, toRead); - - if (numRead < 0) - { - throw new EOFException("DEF length " + _originalLength + " object truncated by " + _remaining); - } - - if ((_remaining -= numRead) == 0) - { - setParentEofDetect(true); - } - - return numRead; - } - - byte[] toByteArray() - throws IOException - { - if (_remaining == 0) - { - return EMPTY_BYTES; - } - - byte[] bytes = new byte[_remaining]; - if ((_remaining -= Streams.readFully(_in, bytes)) != 0) - { - throw new EOFException("DEF length " + _originalLength + " object truncated by " + _remaining); - } - setParentEofDetect(true); - return bytes; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java deleted file mode 100644 index 981ee1b63..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public interface InMemoryRepresentable -{ - DERObject getLoadedObject() - throws IOException; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java deleted file mode 100644 index 353da3b07..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.EOFException; -import java.io.IOException; -import java.io.InputStream; - -class IndefiniteLengthInputStream - extends LimitedInputStream -{ - private int _b1; - private int _b2; - private boolean _eofReached = false; - private boolean _eofOn00 = true; - - IndefiniteLengthInputStream( - InputStream in, - int limit) - throws IOException - { - super(in, limit); - - _b1 = in.read(); - _b2 = in.read(); - - if (_b2 < 0) - { - // Corrupted stream - throw new EOFException(); - } - - checkForEof(); - } - - void setEofOn00( - boolean eofOn00) - { - _eofOn00 = eofOn00; - checkForEof(); - } - - private boolean checkForEof() - { - if (!_eofReached && _eofOn00 && (_b1 == 0x00 && _b2 == 0x00)) - { - _eofReached = true; - setParentEofDetect(true); - } - return _eofReached; - } - - public int read(byte[] b, int off, int len) - throws IOException - { - // Only use this optimisation if we aren't checking for 00 - if (_eofOn00 || len < 3) - { - return super.read(b, off, len); - } - - if (_eofReached) - { - return -1; - } - - int numRead = _in.read(b, off + 2, len - 2); - - if (numRead < 0) - { - // Corrupted stream - throw new EOFException(); - } - - b[off] = (byte)_b1; - b[off + 1] = (byte)_b2; - - _b1 = _in.read(); - _b2 = _in.read(); - - if (_b2 < 0) - { - // Corrupted stream - throw new EOFException(); - } - - return numRead + 2; - } - - public int read() - throws IOException - { - if (checkForEof()) - { - return -1; - } - - int b = _in.read(); - - if (b < 0) - { - // Corrupted stream - throw new EOFException(); - } - - int v = _b1; - - _b1 = _b2; - _b2 = b; - - return v; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERConstructionEnumeration.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERConstructionEnumeration.java deleted file mode 100644 index c5dfbc17e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERConstructionEnumeration.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Enumeration; -import java.io.IOException; - -class LazyDERConstructionEnumeration - implements Enumeration -{ - private ASN1InputStream aIn; - private Object nextObj; - - public LazyDERConstructionEnumeration(byte[] encoded) - { - aIn = new ASN1InputStream(encoded, true); - nextObj = readObject(); - } - - public boolean hasMoreElements() - { - return nextObj != null; - } - - public Object nextElement() - { - Object o = nextObj; - - nextObj = readObject(); - - return o; - } - - private Object readObject() - { - try - { - return aIn.readObject(); - } - catch (IOException e) - { - throw new ASN1ParsingException("malformed DER construction: " + e, e); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java deleted file mode 100644 index 91074a648..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -public class LazyDERSequence - extends DERSequence -{ - private byte[] encoded; - private boolean parsed = false; - private int size = -1; - - LazyDERSequence( - byte[] encoded) - throws IOException - { - this.encoded = encoded; - } - - private void parse() - { - Enumeration en = new LazyDERConstructionEnumeration(encoded); - - while (en.hasMoreElements()) - { - addObject((DEREncodable)en.nextElement()); - } - - parsed = true; - } - - public synchronized DEREncodable getObjectAt(int index) - { - if (!parsed) - { - parse(); - } - - return super.getObjectAt(index); - } - - public synchronized Enumeration getObjects() - { - if (parsed) - { - return super.getObjects(); - } - - return new LazyDERConstructionEnumeration(encoded); - } - - public int size() - { - if (size < 0) - { - Enumeration en = new LazyDERConstructionEnumeration(encoded); - - size = 0; - while (en.hasMoreElements()) - { - en.nextElement(); - size++; - } - } - - return size; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(SEQUENCE | CONSTRUCTED, encoded); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java deleted file mode 100644 index d94b0bd8d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.InputStream; - -abstract class LimitedInputStream - extends InputStream -{ - protected final InputStream _in; - private int _limit; - - LimitedInputStream( - InputStream in, - int limit) - { - this._in = in; - this._limit = limit; - } - - int getRemaining() - { - // TODO: maybe one day this can become more accurate - return _limit; - } - - protected void setParentEofDetect(boolean on) - { - if (_in instanceof IndefiniteLengthInputStream) - { - ((IndefiniteLengthInputStream)_in).setEofOn00(on); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java deleted file mode 100644 index 54679447b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * class for breaking up an OID into it's component tokens, ala - * java.util.StringTokenizer. We need this class as some of the - * lightweight Java environment don't support classes like - * StringTokenizer. - */ -public class OIDTokenizer -{ - private String oid; - private int index; - - public OIDTokenizer( - String oid) - { - this.oid = oid; - this.index = 0; - } - - public boolean hasMoreTokens() - { - return (index != -1); - } - - public String nextToken() - { - if (index == -1) - { - return null; - } - - String token; - int end = oid.indexOf('.', index); - - if (end == -1) - { - token = oid.substring(index); - index = -1; - return token; - } - - token = oid.substring(index, end); - - index = end + 1; - return token; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java deleted file mode 100644 index 38a91fef1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.asn1.bc; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface BCObjectIdentifiers -{ - /** - * iso.org.dod.internet.private.enterprise.legion-of-the-bouncy-castle - * - * 1.3.6.1.4.1.22554 - */ - public static final DERObjectIdentifier bc = new DERObjectIdentifier("1.3.6.1.4.1.22554"); - - /** - * pbe(1) algorithms - */ - public static final DERObjectIdentifier bc_pbe = new DERObjectIdentifier(bc.getId() + ".1"); - - /** - * SHA-1(1) - */ - public static final DERObjectIdentifier bc_pbe_sha1 = new DERObjectIdentifier(bc_pbe.getId() + ".1"); - - /** - * SHA-2(2) . (SHA-256(1)|SHA-384(2)|SHA-512(3)|SHA-224(4)) - */ - public static final DERObjectIdentifier bc_pbe_sha256 = new DERObjectIdentifier(bc_pbe.getId() + ".2.1"); - public static final DERObjectIdentifier bc_pbe_sha384 = new DERObjectIdentifier(bc_pbe.getId() + ".2.2"); - public static final DERObjectIdentifier bc_pbe_sha512 = new DERObjectIdentifier(bc_pbe.getId() + ".2.3"); - public static final DERObjectIdentifier bc_pbe_sha224 = new DERObjectIdentifier(bc_pbe.getId() + ".2.4"); - - /** - * PKCS-5(1)|PKCS-12(2) - */ - public static final DERObjectIdentifier bc_pbe_sha1_pkcs5 = new DERObjectIdentifier(bc_pbe_sha1.getId() + ".1"); - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12 = new DERObjectIdentifier(bc_pbe_sha1.getId() + ".2"); - - public static final DERObjectIdentifier bc_pbe_sha256_pkcs5 = new DERObjectIdentifier(bc_pbe_sha256.getId() + ".1"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12 = new DERObjectIdentifier(bc_pbe_sha256.getId() + ".2"); - - /** - * AES(1) . (CBC-128(2)|CBC-192(22)|CBC-256(42)) - */ - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12_aes128_cbc = new DERObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.2"); - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12_aes192_cbc = new DERObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.22"); - public static final DERObjectIdentifier bc_pbe_sha1_pkcs12_aes256_cbc = new DERObjectIdentifier(bc_pbe_sha1_pkcs12.getId() + ".1.42"); - - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12_aes128_cbc = new DERObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.2"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12_aes192_cbc = new DERObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.22"); - public static final DERObjectIdentifier bc_pbe_sha256_pkcs12_aes256_cbc = new DERObjectIdentifier(bc_pbe_sha256_pkcs12.getId() + ".1.42"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CAKeyUpdAnnContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CAKeyUpdAnnContent.java deleted file mode 100644 index 995006d9e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CAKeyUpdAnnContent.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CAKeyUpdAnnContent - extends ASN1Encodable -{ - private CMPCertificate oldWithNew; - private CMPCertificate newWithOld; - private CMPCertificate newWithNew; - - private CAKeyUpdAnnContent(ASN1Sequence seq) - { - oldWithNew = CMPCertificate.getInstance(seq.getObjectAt(0)); - newWithOld = CMPCertificate.getInstance(seq.getObjectAt(1)); - newWithNew = CMPCertificate.getInstance(seq.getObjectAt(2)); - } - - public static CAKeyUpdAnnContent getInstance(Object o) - { - if (o instanceof CAKeyUpdAnnContent) - { - return (CAKeyUpdAnnContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new CAKeyUpdAnnContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CMPCertificate getOldWithNew() - { - return oldWithNew; - } - - public CMPCertificate getNewWithOld() - { - return newWithOld; - } - - public CMPCertificate getNewWithNew() - { - return newWithNew; - } - - /** - * 

-     * CAKeyUpdAnnContent ::= SEQUENCE {
-     *                             oldWithNew   CMPCertificate, -- old pub signed with new priv
-     *                             newWithOld   CMPCertificate, -- new pub signed with old priv
-     *                             newWithNew   CMPCertificate  -- new pub signed with new priv
-     *  }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oldWithNew); - v.add(newWithOld); - v.add(newWithNew); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java deleted file mode 100644 index fccda03b0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.X509CertificateStructure; - -public class CMPCertificate - extends ASN1Encodable - implements ASN1Choice -{ - private X509CertificateStructure x509v3PKCert; - private AttributeCertificate x509v2AttrCert; - - /** - * Note: the addition of attribute certificates is a BC extension. - */ - public CMPCertificate(AttributeCertificate x509v2AttrCert) - { - this.x509v2AttrCert = x509v2AttrCert; - } - - public CMPCertificate(X509CertificateStructure x509v3PKCert) - { - if (x509v3PKCert.getVersion() != 3) - { - throw new IllegalArgumentException("only version 3 certificates allowed"); - } - - this.x509v3PKCert = x509v3PKCert; - } - - public static CMPCertificate getInstance(Object o) - { - if (o instanceof CMPCertificate) - { - return (CMPCertificate)o; - } - - if (o instanceof ASN1Sequence) - { - return new CMPCertificate(X509CertificateStructure.getInstance(o)); - } - - if (o instanceof ASN1TaggedObject) - { - return new CMPCertificate(AttributeCertificate.getInstance(((ASN1TaggedObject)o).getObject())); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public boolean isX509v3PKCert() - { - return x509v3PKCert != null; - } - - public X509CertificateStructure getX509v3PKCert() - { - return x509v3PKCert; - } - - public AttributeCertificate getX509v2AttrCert() - { - return x509v2AttrCert; - } - - /** - * 
-     * CMPCertificate ::= CHOICE {
-     *            x509v3PKCert        Certificate
-     *            x509v2AttrCert      [1] AttributeCertificate
-     *  }
-     *
- * Note: the addition of attribute certificates is a BC extension. - * - * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - if (x509v2AttrCert != null) - { // explicit following CMP conventions - return new DERTaggedObject(true, 1, x509v2AttrCert); - } - - return x509v3PKCert.toASN1Object(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPObjectIdentifiers.java deleted file mode 100644 index 737320911..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CMPObjectIdentifiers.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface CMPObjectIdentifiers -{ - // RFC 4210 - - // id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} - static final DERObjectIdentifier passwordBasedMac = new DERObjectIdentifier("1.2.840.113533.7.66.13"); - - // id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} - static final DERObjectIdentifier dhBasedMac = new DERObjectIdentifier("1.2.840.113533.7.66.30"); - - // Example InfoTypeAndValue contents include, but are not limited - // to, the following (un-comment in this ASN.1 module and use as - // appropriate for a given environment): - // - // id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1} - // CAProtEncCertValue ::= CMPCertificate - // id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2} - // SignKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier - // id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3} - // EncKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier - // id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4} - // PreferredSymmAlgValue ::= AlgorithmIdentifier - // id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5} - // CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent - // id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6} - // CurrentCRLValue ::= CertificateList - // id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7} - // UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER - // id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10} - // KeyPairParamReqValue ::= OBJECT IDENTIFIER - // id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11} - // KeyPairParamRepValue ::= AlgorithmIdentifer - // id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12} - // RevPassphraseValue ::= EncryptedValue - // id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13} - // ImplicitConfirmValue ::= NULL - // id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} - // ConfirmWaitTimeValue ::= GeneralizedTime - // id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} - // OrigPKIMessageValue ::= PKIMessages - // id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} - // SuppLangTagsValue ::= SEQUENCE OF UTF8String - // - // where - // - // id-pkix OBJECT IDENTIFIER ::= { - // iso(1) identified-organization(3) - // dod(6) internet(1) security(5) mechanisms(5) pkix(7)} - // and - // id-it OBJECT IDENTIFIER ::= {id-pkix 4} - static final DERObjectIdentifier it_caProtEncCert = new DERObjectIdentifier("1.3.6.1.5.5.7.4.1"); - static final DERObjectIdentifier it_signKeyPairTypes = new DERObjectIdentifier("1.3.6.1.5.5.7.4.2"); - static final DERObjectIdentifier it_encKeyPairTypes = new DERObjectIdentifier("1.3.6.1.5.5.7.4.3"); - static final DERObjectIdentifier it_preferredSymAlg = new DERObjectIdentifier("1.3.6.1.5.5.7.4.4"); - static final DERObjectIdentifier it_caKeyUpdateInfo = new DERObjectIdentifier("1.3.6.1.5.5.7.4.5"); - static final DERObjectIdentifier it_currentCRL = new DERObjectIdentifier("1.3.6.1.5.5.7.4.6"); - static final DERObjectIdentifier it_unsupportedOIDs = new DERObjectIdentifier("1.3.6.1.5.5.7.4.7"); - static final DERObjectIdentifier it_keyPairParamReq = new DERObjectIdentifier("1.3.6.1.5.5.7.4.10"); - static final DERObjectIdentifier it_keyPairParamRep = new DERObjectIdentifier("1.3.6.1.5.5.7.4.11"); - static final DERObjectIdentifier it_revPassphrase = new DERObjectIdentifier("1.3.6.1.5.5.7.4.12"); - static final DERObjectIdentifier it_implicitConfirm = new DERObjectIdentifier("1.3.6.1.5.5.7.4.13"); - static final DERObjectIdentifier it_confirmWaitTime = new DERObjectIdentifier("1.3.6.1.5.5.7.4.14"); - static final DERObjectIdentifier it_origPKIMessage = new DERObjectIdentifier("1.3.6.1.5.5.7.4.15"); - static final DERObjectIdentifier it_suppLangTags = new DERObjectIdentifier("1.3.6.1.5.5.7.4.16"); - - // RFC 4211 - - // id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) - // dod(6) internet(1) security(5) mechanisms(5) pkix(7) } - // - // arc for Internet X.509 PKI protocols and their components - // id-pkip OBJECT IDENTIFIER :: { id-pkix pkip(5) } - // - // arc for Registration Controls in CRMF - // id-regCtrl OBJECT IDENTIFIER ::= { id-pkip regCtrl(1) } - // - // arc for Registration Info in CRMF - // id-regInfo OBJECT IDENTIFIER ::= { id-pkip id-regInfo(2) } - - static final DERObjectIdentifier regCtrl_regToken = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.1"); - static final DERObjectIdentifier regCtrl_authenticator = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.2"); - static final DERObjectIdentifier regCtrl_pkiPublicationInfo = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.3"); - static final DERObjectIdentifier regCtrl_pkiArchiveOptions = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.4"); - static final DERObjectIdentifier regCtrl_oldCertID = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.5"); - static final DERObjectIdentifier regCtrl_protocolEncrKey = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.6"); - - // From RFC4210: - // id-regCtrl-altCertTemplate OBJECT IDENTIFIER ::= {id-regCtrl 7} - static final DERObjectIdentifier regCtrl_altCertTemplate = new DERObjectIdentifier("1.3.6.1.5.5.7.5.1.7"); - - static final DERObjectIdentifier regInfo_utf8Pairs = new DERObjectIdentifier("1.3.6.1.5.5.7.5.2.1"); - static final DERObjectIdentifier regInfo_certReq = new DERObjectIdentifier("1.3.6.1.5.5.7.5.2.2"); - - // id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) - // us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } - // - // id-ct OBJECT IDENTIFIER ::= { id-smime 1 } -- content types - // - // id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21} - static final DERObjectIdentifier ct_encKeyWithID = new DERObjectIdentifier("1.2.840.113549.1.9.16.1.21"); - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CRLAnnContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CRLAnnContent.java deleted file mode 100644 index 9167082eb..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CRLAnnContent.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x509.CertificateList; - -public class CRLAnnContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private CRLAnnContent(ASN1Sequence seq) - { - content = seq; - } - - public static CRLAnnContent getInstance(Object o) - { - if (o instanceof CRLAnnContent) - { - return (CRLAnnContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new CRLAnnContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertificateList[] toCertificateListArray() - { - CertificateList[] result = new CertificateList[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = CertificateList.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * CRLAnnContent ::= SEQUENCE OF CertificateList
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertConfirmContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertConfirmContent.java deleted file mode 100644 index d4af116a7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertConfirmContent.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; - -public class CertConfirmContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private CertConfirmContent(ASN1Sequence seq) - { - content = seq; - } - - public static CertConfirmContent getInstance(Object o) - { - if (o instanceof CertConfirmContent) - { - return (CertConfirmContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertConfirmContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertStatus[] toCertStatusArray() - { - CertStatus[] result = new CertStatus[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = CertStatus.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * CertConfirmContent ::= SEQUENCE OF CertStatus
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertOrEncCert.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertOrEncCert.java deleted file mode 100644 index 160c509d3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertOrEncCert.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.crmf.EncryptedValue; - -public class CertOrEncCert - extends ASN1Encodable - implements ASN1Choice -{ - private CMPCertificate certificate; - private EncryptedValue encryptedCert; - - private CertOrEncCert(ASN1TaggedObject tagged) - { - if (tagged.getTagNo() == 0) - { - certificate = CMPCertificate.getInstance(tagged.getObject()); - } - else if (tagged.getTagNo() == 1) - { - encryptedCert = EncryptedValue.getInstance(tagged.getObject()); - } - else - { - throw new IllegalArgumentException("unknown tag: " + tagged.getTagNo()); - } - } - - public static CertOrEncCert getInstance(Object o) - { - if (o instanceof CertOrEncCert) - { - return (CertOrEncCert)o; - } - - if (o instanceof ASN1TaggedObject) - { - return new CertOrEncCert((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertOrEncCert(CMPCertificate certificate) - { - if (certificate == null) - { - throw new IllegalArgumentException("'certificate' cannot be null"); - } - - this.certificate = certificate; - } - - public CertOrEncCert(EncryptedValue encryptedCert) - { - if (encryptedCert == null) - { - throw new IllegalArgumentException("'encryptedCert' cannot be null"); - } - - this.encryptedCert = encryptedCert; - } - - public CMPCertificate getCertificate() - { - return certificate; - } - - public EncryptedValue getEncryptedCert() - { - return encryptedCert; - } - - /** - * 
-     * CertOrEncCert ::= CHOICE {
-     *                      certificate     [0] CMPCertificate,
-     *                      encryptedCert   [1] EncryptedValue
-     *           }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - if (certificate != null) - { - return new DERTaggedObject(true, 0, certificate); - } - - return new DERTaggedObject(true, 1, encryptedCert); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertRepMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertRepMessage.java deleted file mode 100644 index 37015004b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertRepMessage.java +++ /dev/null @@ -1,123 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class CertRepMessage - extends ASN1Encodable -{ - private ASN1Sequence caPubs; - private ASN1Sequence response; - - private CertRepMessage(ASN1Sequence seq) - { - int index = 0; - - if (seq.size() > 1) - { - caPubs = ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(index++), true); - } - - response = ASN1Sequence.getInstance(seq.getObjectAt(index)); - } - - public static CertRepMessage getInstance(Object o) - { - if (o instanceof CertRepMessage) - { - return (CertRepMessage)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertRepMessage((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertRepMessage(CMPCertificate[] caPubs, CertResponse[] response) - { - if (response == null) - { - throw new IllegalArgumentException("'response' cannot be null"); - } - - if (caPubs != null) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < caPubs.length; i++) - { - v.add(caPubs[i]); - } - this.caPubs = new DERSequence(v); - } - - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < response.length; i++) - { - v.add(response[i]); - } - this.response = new DERSequence(v); - } - } - - public CMPCertificate[] getCaPubs() - { - if (caPubs == null) - { - return null; - } - - CMPCertificate[] results = new CMPCertificate[caPubs.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = CMPCertificate.getInstance(caPubs.getObjectAt(i)); - } - - return results; - } - - public CertResponse[] getResponse() - { - CertResponse[] results = new CertResponse[response.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = CertResponse.getInstance(response.getObjectAt(i)); - } - - return results; - } - - /** - * 
-     * CertRepMessage ::= SEQUENCE {
-     *                          caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
-     *                                                                             OPTIONAL,
-     *                          response         SEQUENCE OF CertResponse
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (caPubs != null) - { - v.add(new DERTaggedObject(true, 1, caPubs)); - } - - v.add(response); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertResponse.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertResponse.java deleted file mode 100644 index 4d7ec35f7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertResponse.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CertResponse - extends ASN1Encodable -{ - private DERInteger certReqId; - private PKIStatusInfo status; - private CertifiedKeyPair certifiedKeyPair; - private ASN1OctetString rspInfo; - - private CertResponse(ASN1Sequence seq) - { - certReqId = DERInteger.getInstance(seq.getObjectAt(0)); - status = PKIStatusInfo.getInstance(seq.getObjectAt(1)); - - if (seq.size() >= 3) - { - if (seq.size() == 3) - { - DEREncodable o = seq.getObjectAt(2); - if (o instanceof ASN1OctetString) - { - rspInfo = ASN1OctetString.getInstance(o); - } - else - { - certifiedKeyPair = CertifiedKeyPair.getInstance(o); - } - } - else - { - certifiedKeyPair = CertifiedKeyPair.getInstance(seq.getObjectAt(2)); - rspInfo = ASN1OctetString.getInstance(seq.getObjectAt(3)); - } - } - } - - public static CertResponse getInstance(Object o) - { - if (o instanceof CertResponse) - { - return (CertResponse)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertResponse((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertResponse( - DERInteger certReqId, - PKIStatusInfo status) - { - this(certReqId, status, null, null); - } - - public CertResponse( - DERInteger certReqId, - PKIStatusInfo status, - CertifiedKeyPair certifiedKeyPair, - ASN1OctetString rspInfo) - { - if (certReqId == null) - { - throw new IllegalArgumentException("'certReqId' cannot be null"); - } - if (status == null) - { - throw new IllegalArgumentException("'status' cannot be null"); - } - this.certReqId = certReqId; - this.status = status; - this.certifiedKeyPair = certifiedKeyPair; - this.rspInfo = rspInfo; - } - - public DERInteger getCertReqId() - { - return certReqId; - } - - public PKIStatusInfo getStatus() - { - return status; - } - - public CertifiedKeyPair getCertifiedKeyPair() - { - return certifiedKeyPair; - } - - /** - * 
-     * CertResponse ::= SEQUENCE {
-     *                            certReqId           INTEGER,
-     *                            -- to match this response with corresponding request (a value
-     *                            -- of -1 is to be used if certReqId is not specified in the
-     *                            -- corresponding request)
-     *                            status              PKIStatusInfo,
-     *                            certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
-     *                            rspInfo             OCTET STRING        OPTIONAL
-     *                            -- analogous to the id-regInfo-utf8Pairs string defined
-     *                            -- for regInfo in CertReqMsg [CRMF]
-     *             }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certReqId); - v.add(status); - - if (certifiedKeyPair != null) - { - v.add(certifiedKeyPair); - } - - if (rspInfo != null) - { - v.add(rspInfo); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertStatus.java deleted file mode 100644 index 9335d29b3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertStatus.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class CertStatus - extends ASN1Encodable -{ - private ASN1OctetString certHash; - private DERInteger certReqId; - private PKIStatusInfo statusInfo; - - private CertStatus(ASN1Sequence seq) - { - certHash = ASN1OctetString.getInstance(seq.getObjectAt(0)); - certReqId = DERInteger.getInstance(seq.getObjectAt(1)); - - if (seq.size() > 2) - { - statusInfo = PKIStatusInfo.getInstance(seq.getObjectAt(2)); - } - } - - public CertStatus(byte[] certHash, BigInteger certReqId) - { - this.certHash = new DEROctetString(certHash); - this.certReqId = new DERInteger(certReqId); - } - - public CertStatus(byte[] certHash, BigInteger certReqId, PKIStatusInfo statusInfo) - { - this.certHash = new DEROctetString(certHash); - this.certReqId = new DERInteger(certReqId); - this.statusInfo = statusInfo; - } - - public static CertStatus getInstance(Object o) - { - if (o instanceof CertStatus) - { - return (CertStatus)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertStatus((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public ASN1OctetString getCertHash() - { - return certHash; - } - - public DERInteger getCertReqId() - { - return certReqId; - } - - public PKIStatusInfo getStatusInfo() - { - return statusInfo; - } - - /** - * 
-     * CertStatus ::= SEQUENCE {
-     *                   certHash    OCTET STRING,
-     *                   -- the hash of the certificate, using the same hash algorithm
-     *                   -- as is used to create and verify the certificate signature
-     *                   certReqId   INTEGER,
-     *                   -- to match this confirmation with the corresponding req/rep
-     *                   statusInfo  PKIStatusInfo OPTIONAL
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certHash); - v.add(certReqId); - - if (statusInfo != null) - { - v.add(statusInfo); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertifiedKeyPair.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertifiedKeyPair.java deleted file mode 100644 index 3c15001cf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/CertifiedKeyPair.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.crmf.EncryptedValue; -import org.bouncycastle.asn1.crmf.PKIPublicationInfo; - -public class CertifiedKeyPair - extends ASN1Encodable -{ - private CertOrEncCert certOrEncCert; - private EncryptedValue privateKey; - private PKIPublicationInfo publicationInfo; - - private CertifiedKeyPair(ASN1Sequence seq) - { - certOrEncCert = CertOrEncCert.getInstance(seq.getObjectAt(0)); - - if (seq.size() >= 2) - { - if (seq.size() == 2) - { - ASN1TaggedObject tagged = ASN1TaggedObject.getInstance(seq.getObjectAt(1)); - if (tagged.getTagNo() == 0) - { - privateKey = EncryptedValue.getInstance(tagged.getObject()); - } - else - { - publicationInfo = PKIPublicationInfo.getInstance(tagged.getObject()); - } - } - else - { - privateKey = EncryptedValue.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(1))); - publicationInfo = PKIPublicationInfo.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(2))); - } - } - } - - public static CertifiedKeyPair getInstance(Object o) - { - if (o instanceof CertifiedKeyPair) - { - return (CertifiedKeyPair)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertifiedKeyPair((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertifiedKeyPair( - CertOrEncCert certOrEncCert) - { - this(certOrEncCert, null, null); - } - - public CertifiedKeyPair( - CertOrEncCert certOrEncCert, - EncryptedValue privateKey, - PKIPublicationInfo publicationInfo - ) - { - if (certOrEncCert == null) - { - throw new IllegalArgumentException("'certOrEncCert' cannot be null"); - } - - this.certOrEncCert = certOrEncCert; - this.privateKey = privateKey; - this.publicationInfo = publicationInfo; - } - - public CertOrEncCert getCertOrEncCert() - { - return certOrEncCert; - } - - public EncryptedValue getPrivateKey() - { - return privateKey; - } - - public PKIPublicationInfo getPublicationInfo() - { - return publicationInfo; - } - - /** - * 
-     * CertifiedKeyPair ::= SEQUENCE {
-     *                                  certOrEncCert       CertOrEncCert,
-     *                                  privateKey      [0] EncryptedValue      OPTIONAL,
-     *                                  -- see [CRMF] for comment on encoding
-     *                                  publicationInfo [1] PKIPublicationInfo  OPTIONAL
-     *       }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certOrEncCert); - - if (privateKey != null) - { - v.add(new DERTaggedObject(true, 0, privateKey)); - } - - if (publicationInfo != null) - { - v.add(new DERTaggedObject(true, 1, publicationInfo)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/Challenge.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/Challenge.java deleted file mode 100644 index 603e50f11..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/Challenge.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class Challenge - extends ASN1Encodable -{ - private AlgorithmIdentifier owf; - private ASN1OctetString witness; - private ASN1OctetString challenge; - - private Challenge(ASN1Sequence seq) - { - int index = 0; - - if (seq.size() == 3) - { - owf = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++)); - } - - witness = ASN1OctetString.getInstance(seq.getObjectAt(index++)); - challenge = ASN1OctetString.getInstance(seq.getObjectAt(index)); - } - - public static Challenge getInstance(Object o) - { - if (o instanceof Challenge) - { - return (Challenge)o; - } - - if (o instanceof ASN1Sequence) - { - return new Challenge((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public AlgorithmIdentifier getOwf() - { - return owf; - } - - /** - * 
-     * Challenge ::= SEQUENCE {
-     *                 owf                 AlgorithmIdentifier  OPTIONAL,
-     *
-     *                 -- MUST be present in the first Challenge; MAY be omitted in
-     *                 -- any subsequent Challenge in POPODecKeyChallContent (if
-     *                 -- omitted, then the owf used in the immediately preceding
-     *                 -- Challenge is to be used).
-     *
-     *                 witness             OCTET STRING,
-     *                 -- the result of applying the one-way function (owf) to a
-     *                 -- randomly-generated INTEGER, A.  [Note that a different
-     *                 -- INTEGER MUST be used for each Challenge.]
-     *                 challenge           OCTET STRING
-     *                 -- the encryption (under the public key for which the cert.
-     *                 -- request is being made) of Rand, where Rand is specified as
-     *                 --   Rand ::= SEQUENCE {
-     *                 --      int      INTEGER,
-     *                 --       - the randomly-generated INTEGER A (above)
-     *                 --      sender   GeneralName
-     *                 --       - the sender's name (as included in PKIHeader)
-     *                 --   }
-     *      }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - addOptional(v, owf); - v.add(witness); - v.add(challenge); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, ASN1Encodable obj) - { - if (obj != null) - { - v.add(obj); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ErrorMsgContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ErrorMsgContent.java deleted file mode 100644 index a27abf34c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ErrorMsgContent.java +++ /dev/null @@ -1,120 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class ErrorMsgContent - extends ASN1Encodable -{ - private PKIStatusInfo pkiStatusInfo; - private DERInteger errorCode; - private PKIFreeText errorDetails; - - private ErrorMsgContent(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - - pkiStatusInfo = PKIStatusInfo.getInstance(en.nextElement()); - - while (en.hasMoreElements()) - { - Object o = en.nextElement(); - - if (o instanceof DERInteger) - { - errorCode = DERInteger.getInstance(o); - } - else - { - errorDetails = PKIFreeText.getInstance(o); - } - } - } - - public static ErrorMsgContent getInstance(Object o) - { - if (o instanceof ErrorMsgContent) - { - return (ErrorMsgContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new ErrorMsgContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public ErrorMsgContent(PKIStatusInfo pkiStatusInfo) - { - this(pkiStatusInfo, null, null); - } - - public ErrorMsgContent( - PKIStatusInfo pkiStatusInfo, - DERInteger errorCode, - PKIFreeText errorDetails) - { - if (pkiStatusInfo == null) - { - throw new IllegalArgumentException("'pkiStatusInfo' cannot be null"); - } - - this.pkiStatusInfo = pkiStatusInfo; - this.errorCode = errorCode; - this.errorDetails = errorDetails; - } - - public PKIStatusInfo getPKIStatusInfo() - { - return pkiStatusInfo; - } - - public DERInteger getErrorCode() - { - return errorCode; - } - - public PKIFreeText getErrorDetails() - { - return errorDetails; - } - - /** - * 
-     * ErrorMsgContent ::= SEQUENCE {
-     *                        pKIStatusInfo          PKIStatusInfo,
-     *                        errorCode              INTEGER           OPTIONAL,
-     *                        -- implementation-specific error codes
-     *                        errorDetails           PKIFreeText       OPTIONAL
-     *                        -- implementation-specific error details
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(pkiStatusInfo); - addOptional(v, errorCode); - addOptional(v, errorDetails); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, ASN1Encodable obj) - { - if (obj != null) - { - v.add(obj); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenMsgContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenMsgContent.java deleted file mode 100644 index fec5b770e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenMsgContent.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class GenMsgContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private GenMsgContent(ASN1Sequence seq) - { - content = seq; - } - - public static GenMsgContent getInstance(Object o) - { - if (o instanceof GenMsgContent) - { - return (GenMsgContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new GenMsgContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public GenMsgContent(InfoTypeAndValue itv) - { - content = new DERSequence(itv); - } - - public GenMsgContent(InfoTypeAndValue[] itv) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < itv.length; i++) - { - v.add(itv[i]); - } - content = new DERSequence(v); - } - - public InfoTypeAndValue[] toInfoTypeAndValueArray() - { - InfoTypeAndValue[] result = new InfoTypeAndValue[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = InfoTypeAndValue.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenRepContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenRepContent.java deleted file mode 100644 index e8b8f303f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/GenRepContent.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class GenRepContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private GenRepContent(ASN1Sequence seq) - { - content = seq; - } - - public static GenRepContent getInstance(Object o) - { - if (o instanceof GenRepContent) - { - return (GenRepContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new GenRepContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public GenRepContent(InfoTypeAndValue itv) - { - content = new DERSequence(itv); - } - - public GenRepContent(InfoTypeAndValue[] itv) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < itv.length; i++) - { - v.add(itv[i]); - } - content = new DERSequence(v); - } - - public InfoTypeAndValue[] toInfoTypeAndValueArray() - { - InfoTypeAndValue[] result = new InfoTypeAndValue[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = InfoTypeAndValue.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * GenRepContent ::= SEQUENCE OF InfoTypeAndValue
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/InfoTypeAndValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/InfoTypeAndValue.java deleted file mode 100644 index 3d916f7ab..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/InfoTypeAndValue.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * Example InfoTypeAndValue contents include, but are not limited - * to, the following (un-comment in this ASN.1 module and use as - * appropriate for a given environment): - * 
- *   id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1}
- *      CAProtEncCertValue      ::= CMPCertificate
- *   id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
- *     SignKeyPairTypesValue   ::= SEQUENCE OF AlgorithmIdentifier
- *   id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3}
- *     EncKeyPairTypesValue    ::= SEQUENCE OF AlgorithmIdentifier
- *   id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
- *      PreferredSymmAlgValue   ::= AlgorithmIdentifier
- *   id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5}
- *      CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent
- *   id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6}
- *      CurrentCRLValue         ::= CertificateList
- *   id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7}
- *      UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER
- *   id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10}
- *      KeyPairParamReqValue    ::= OBJECT IDENTIFIER
- *   id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11}
- *      KeyPairParamRepValue    ::= AlgorithmIdentifer
- *   id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12}
- *      RevPassphraseValue      ::= EncryptedValue
- *   id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13}
- *      ImplicitConfirmValue    ::= NULL
- *   id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14}
- *      ConfirmWaitTimeValue    ::= GeneralizedTime
- *   id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15}
- *      OrigPKIMessageValue     ::= PKIMessages
- *   id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16}
- *      SuppLangTagsValue       ::= SEQUENCE OF UTF8String
- *
- * where
- *
- *   id-pkix OBJECT IDENTIFIER ::= {
- *      iso(1) identified-organization(3)
- *      dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
- * and
- *      id-it   OBJECT IDENTIFIER ::= {id-pkix 4}
- *
- */ -public class InfoTypeAndValue - extends ASN1Encodable -{ - private DERObjectIdentifier infoType; - private ASN1Encodable infoValue; - - private InfoTypeAndValue(ASN1Sequence seq) - { - infoType = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - infoValue = (ASN1Encodable)seq.getObjectAt(1); - } - } - - public static InfoTypeAndValue getInstance(Object o) - { - if (o instanceof InfoTypeAndValue) - { - return (InfoTypeAndValue)o; - } - - if (o instanceof ASN1Sequence) - { - return new InfoTypeAndValue((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public InfoTypeAndValue( - DERObjectIdentifier infoType) - { - this.infoType = infoType; - this.infoValue = null; - } - - public InfoTypeAndValue( - DERObjectIdentifier infoType, - ASN1Encodable optionalValue) - { - this.infoType = infoType; - this.infoValue = optionalValue; - } - - public DERObjectIdentifier getInfoType() - { - return infoType; - } - - public ASN1Encodable getInfoValue() - { - return infoValue; - } - - /** - * 
-     * InfoTypeAndValue ::= SEQUENCE {
-     *                         infoType               OBJECT IDENTIFIER,
-     *                         infoValue              ANY DEFINED BY infoType  OPTIONAL
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(infoType); - - if (infoValue != null) - { - v.add(infoValue); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/KeyRecRepContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/KeyRecRepContent.java deleted file mode 100644 index 457dbc222..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/KeyRecRepContent.java +++ /dev/null @@ -1,141 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -import java.util.Enumeration; - -public class KeyRecRepContent - extends ASN1Encodable -{ - private PKIStatusInfo status; - private CMPCertificate newSigCert; - private ASN1Sequence caCerts; - private ASN1Sequence keyPairHist; - - private KeyRecRepContent(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - - status = PKIStatusInfo.getInstance(en.nextElement()); - - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(en.nextElement()); - - switch (tObj.getTagNo()) - { - case 0: - newSigCert = CMPCertificate.getInstance(tObj.getObject()); - break; - case 1: - caCerts = ASN1Sequence.getInstance(tObj.getObject()); - break; - case 2: - keyPairHist = ASN1Sequence.getInstance(tObj.getObject()); - break; - default: - throw new IllegalArgumentException("unknown tag number: " + tObj.getTagNo()); - } - } - } - - public static KeyRecRepContent getInstance(Object o) - { - if (o instanceof KeyRecRepContent) - { - return (KeyRecRepContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new KeyRecRepContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - - public PKIStatusInfo getStatus() - { - return status; - } - - public CMPCertificate getNewSigCert() - { - return newSigCert; - } - - public CMPCertificate[] getCaCerts() - { - if (caCerts == null) - { - return null; - } - - CMPCertificate[] results = new CMPCertificate[caCerts.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = CMPCertificate.getInstance(caCerts.getObjectAt(i)); - } - - return results; - } - - public CertifiedKeyPair[] getKeyPairHist() - { - if (keyPairHist == null) - { - return null; - } - - CertifiedKeyPair[] results = new CertifiedKeyPair[keyPairHist.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = CertifiedKeyPair.getInstance(keyPairHist.getObjectAt(i)); - } - - return results; - } - - /** - * 
-     * KeyRecRepContent ::= SEQUENCE {
-     *                         status                  PKIStatusInfo,
-     *                         newSigCert          [0] CMPCertificate OPTIONAL,
-     *                         caCerts             [1] SEQUENCE SIZE (1..MAX) OF
-     *                                                           CMPCertificate OPTIONAL,
-     *                         keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
-     *                                                           CertifiedKeyPair OPTIONAL
-     *              }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(status); - - addOptional(v, 0, newSigCert); - addOptional(v, 1, caCerts); - addOptional(v, 2, keyPairHist); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(true, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/OOBCertHash.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/OOBCertHash.java deleted file mode 100644 index 7becf3580..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/OOBCertHash.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.crmf.CertId; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class OOBCertHash - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlg; - private CertId certId; - private DERBitString hashVal; - - private OOBCertHash(ASN1Sequence seq) - { - int index = seq.size() - 1; - - hashVal = DERBitString.getInstance(seq.getObjectAt(index--)); - - for (int i = index; i >= 0; i--) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)seq.getObjectAt(i); - - if (tObj.getTagNo() == 0) - { - hashAlg = AlgorithmIdentifier.getInstance(tObj, true); - } - else - { - certId = CertId.getInstance(tObj, true); - } - } - - } - - public static OOBCertHash getInstance(Object o) - { - if (o instanceof OOBCertHash) - { - return (OOBCertHash)o; - } - - if (o instanceof ASN1Sequence) - { - return new OOBCertHash((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public AlgorithmIdentifier getHashAlg() - { - return hashAlg; - } - - public CertId getCertId() - { - return certId; - } - - /** - * 
-     * OOBCertHash ::= SEQUENCE {
-     *                      hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
-     *                      certId      [1] CertId                  OPTIONAL,
-     *                      hashVal         BIT STRING
-     *                      -- hashVal is calculated over the DER encoding of the
-     *                      -- self-signed certificate with the identifier certID.
-     *       }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - addOptional(v, 0, hashAlg); - addOptional(v, 1, certId); - - v.add(hashVal); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(true, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PBMParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PBMParameter.java deleted file mode 100644 index 2386e2320..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PBMParameter.java +++ /dev/null @@ -1,117 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class PBMParameter - extends ASN1Encodable -{ - private ASN1OctetString salt; - private AlgorithmIdentifier owf; - private DERInteger iterationCount; - private AlgorithmIdentifier mac; - - private PBMParameter(ASN1Sequence seq) - { - salt = ASN1OctetString.getInstance(seq.getObjectAt(0)); - owf = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - iterationCount = DERInteger.getInstance(seq.getObjectAt(2)); - mac = AlgorithmIdentifier.getInstance(seq.getObjectAt(3)); - } - - public static PBMParameter getInstance(Object o) - { - if (o instanceof PBMParameter) - { - return (PBMParameter)o; - } - - if (o instanceof ASN1Sequence) - { - return new PBMParameter((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public PBMParameter( - byte[] salt, - AlgorithmIdentifier owf, - int iterationCount, - AlgorithmIdentifier mac) - { - this(new DEROctetString(salt), owf, - new DERInteger(iterationCount), mac); - } - - public PBMParameter( - ASN1OctetString salt, - AlgorithmIdentifier owf, - DERInteger iterationCount, - AlgorithmIdentifier mac) - { - this.salt = salt; - this.owf = owf; - this.iterationCount = iterationCount; - this.mac = mac; - } - - public ASN1OctetString getSalt() - { - return salt; - } - - public AlgorithmIdentifier getOwf() - { - return owf; - } - - public DERInteger getIterationCount() - { - return iterationCount; - } - - public AlgorithmIdentifier getMac() - { - return mac; - } - - /** - * 
-     *  PBMParameter ::= SEQUENCE {
-     *                        salt                OCTET STRING,
-     *                        -- note:  implementations MAY wish to limit acceptable sizes
-     *                        -- of this string to values appropriate for their environment
-     *                        -- in order to reduce the risk of denial-of-service attacks
-     *                        owf                 AlgorithmIdentifier,
-     *                        -- AlgId for a One-Way Function (SHA-1 recommended)
-     *                        iterationCount      INTEGER,
-     *                        -- number of times the OWF is applied
-     *                        -- note:  implementations MAY wish to limit acceptable sizes
-     *                        -- of this integer to values appropriate for their environment
-     *                        -- in order to reduce the risk of denial-of-service attacks
-     *                        mac                 AlgorithmIdentifier
-     *                        -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
-     *    }   -- or HMAC [RFC2104, RFC2202])
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(salt); - v.add(owf); - v.add(iterationCount); - v.add(mac); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIBody.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIBody.java deleted file mode 100644 index 6f311edd8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIBody.java +++ /dev/null @@ -1,193 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.crmf.CertReqMessages; -import org.bouncycastle.asn1.pkcs.CertificationRequest; - -public class PKIBody - extends ASN1Encodable - implements ASN1Choice -{ - public static final int TYPE_INIT_REQ = 0; - public static final int TYPE_INIT_REP = 1; - public static final int TYPE_CERT_REQ = 2; - public static final int TYPE_CERT_REP = 3; - public static final int TYPE_P10_CERT_REQ = 4; - public static final int TYPE_POPO_CHALL = 5; - public static final int TYPE_POPO_REP = 6; - public static final int TYPE_KEY_UPDATE_REQ = 7; - public static final int TYPE_KEY_UPDATE_REP = 8; - public static final int TYPE_KEY_RECOVERY_REQ = 9; - public static final int TYPE_KEY_RECOVERY_REP = 10; - public static final int TYPE_REVOCATION_REQ = 11; - public static final int TYPE_REVOCATION_REP = 12; - public static final int TYPE_CROSS_CERT_REQ = 13; - public static final int TYPE_CROSS_CERT_REP = 14; - public static final int TYPE_CA_KEY_UPDATE_ANN = 15; - public static final int TYPE_CERT_ANN = 16; - public static final int TYPE_REVOCATION_ANN = 17; - public static final int TYPE_CRL_ANN = 18; - public static final int TYPE_CONFIRM = 19; - public static final int TYPE_NESTED = 20; - public static final int TYPE_GEN_MSG = 21; - public static final int TYPE_GEN_REP = 22; - public static final int TYPE_ERROR = 23; - public static final int TYPE_CERT_CONFIRM = 24; - public static final int TYPE_POLL_REQ = 25; - public static final int TYPE_POLL_REP = 26; - - private int tagNo; - private ASN1Encodable body; - - public static PKIBody getInstance(Object o) - { - if (o instanceof PKIBody) - { - return (PKIBody)o; - } - - if (o instanceof ASN1TaggedObject) - { - return new PKIBody((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - private PKIBody(ASN1TaggedObject tagged) - { - tagNo = tagged.getTagNo(); - body = getBodyForType(tagNo, tagged.getObject()); - } - - /** - * Creates a new PKIBody. - * @param type one of the TYPE_* constants - * @param content message content - */ - public PKIBody( - int type, - ASN1Encodable content) - { - tagNo = type; - body = getBodyForType(type, content); - } - - private static ASN1Encodable getBodyForType( - int type, - ASN1Encodable o) - { - switch (type) - { - case TYPE_INIT_REQ: - return CertReqMessages.getInstance(o); - case TYPE_INIT_REP: - return CertRepMessage.getInstance(o); - case TYPE_CERT_REQ: - return CertReqMessages.getInstance(o); - case TYPE_CERT_REP: - return CertRepMessage.getInstance(o); - case TYPE_P10_CERT_REQ: - return CertificationRequest.getInstance(o); - case TYPE_POPO_CHALL: - return POPODecKeyChallContent.getInstance(o); - case TYPE_POPO_REP: - return POPODecKeyRespContent.getInstance(o); - case TYPE_KEY_UPDATE_REQ: - return CertReqMessages.getInstance(o); - case TYPE_KEY_UPDATE_REP: - return CertRepMessage.getInstance(o); - case TYPE_KEY_RECOVERY_REQ: - return CertReqMessages.getInstance(o); - case TYPE_KEY_RECOVERY_REP: - return KeyRecRepContent.getInstance(o); - case TYPE_REVOCATION_REQ: - return RevReqContent.getInstance(o); - case TYPE_REVOCATION_REP: - return RevRepContent.getInstance(o); - case TYPE_CROSS_CERT_REQ: - return CertReqMessages.getInstance(o); - case TYPE_CROSS_CERT_REP: - return CertRepMessage.getInstance(o); - case TYPE_CA_KEY_UPDATE_ANN: - return CAKeyUpdAnnContent.getInstance(o); - case TYPE_CERT_ANN: - return CMPCertificate.getInstance(o); - case TYPE_REVOCATION_ANN: - return RevAnnContent.getInstance(o); - case TYPE_CRL_ANN: - return CRLAnnContent.getInstance(o); - case TYPE_CONFIRM: - return PKIConfirmContent.getInstance(o); - case TYPE_NESTED: - return PKIMessages.getInstance(o); - case TYPE_GEN_MSG: - return GenMsgContent.getInstance(o); - case TYPE_GEN_REP: - return GenRepContent.getInstance(o); - case TYPE_ERROR: - return ErrorMsgContent.getInstance(o); - case TYPE_CERT_CONFIRM: - return CertConfirmContent.getInstance(o); - case TYPE_POLL_REQ: - return PollReqContent.getInstance(o); - case TYPE_POLL_REP: - return PollRepContent.getInstance(o); - default: - throw new IllegalArgumentException("unknown tag number: " + type); - } - } - - public int getType() - { - return tagNo; - } - - public ASN1Encodable getContent() - { - return body; - } - - /** - * 
-     * PKIBody ::= CHOICE {       -- message-specific body elements
-     *        ir       [0]  CertReqMessages,        --Initialization Request
-     *        ip       [1]  CertRepMessage,         --Initialization Response
-     *        cr       [2]  CertReqMessages,        --Certification Request
-     *        cp       [3]  CertRepMessage,         --Certification Response
-     *        p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
-     *        popdecc  [5]  POPODecKeyChallContent, --pop Challenge
-     *        popdecr  [6]  POPODecKeyRespContent,  --pop Response
-     *        kur      [7]  CertReqMessages,        --Key Update Request
-     *        kup      [8]  CertRepMessage,         --Key Update Response
-     *        krr      [9]  CertReqMessages,        --Key Recovery Request
-     *        krp      [10] KeyRecRepContent,       --Key Recovery Response
-     *        rr       [11] RevReqContent,          --Revocation Request
-     *        rp       [12] RevRepContent,          --Revocation Response
-     *        ccr      [13] CertReqMessages,        --Cross-Cert. Request
-     *        ccp      [14] CertRepMessage,         --Cross-Cert. Response
-     *        ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
-     *        cann     [16] CertAnnContent,         --Certificate Ann.
-     *        rann     [17] RevAnnContent,          --Revocation Ann.
-     *        crlann   [18] CRLAnnContent,          --CRL Announcement
-     *        pkiconf  [19] PKIConfirmContent,      --Confirmation
-     *        nested   [20] NestedMessageContent,   --Nested Message
-     *        genm     [21] GenMsgContent,          --General Message
-     *        genp     [22] GenRepContent,          --General Response
-     *        error    [23] ErrorMsgContent,        --Error Message
-     *        certConf [24] CertConfirmContent,     --Certificate confirm
-     *        pollReq  [25] PollReqContent,         --Polling request
-     *        pollRep  [26] PollRepContent          --Polling response
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return new DERTaggedObject(true, tagNo, body); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIConfirmContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIConfirmContent.java deleted file mode 100644 index 7b3b3db56..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIConfirmContent.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; - -public class PKIConfirmContent - extends ASN1Encodable -{ - private ASN1Null val; - - private PKIConfirmContent(ASN1Null val) - { - this.val = val; - } - - public static PKIConfirmContent getInstance(Object o) - { - if (o instanceof PKIConfirmContent) - { - return (PKIConfirmContent)o; - } - - if (o instanceof ASN1Null) - { - return new PKIConfirmContent((ASN1Null)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public PKIConfirmContent() - { - val = DERNull.INSTANCE; - } - - /** - * 
-     * PKIConfirmContent ::= NULL
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return val; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java deleted file mode 100644 index 10acbb44b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.DERBitString; - -/** - * 
- * PKIFailureInfo ::= BIT STRING {
- * badAlg               (0),
- *   -- unrecognized or unsupported Algorithm Identifier
- * badMessageCheck      (1), -- integrity check failed (e.g., signature did not verify)
- * badRequest           (2),
- *   -- transaction not permitted or supported
- * badTime              (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
- * badCertId            (4), -- no certificate could be found matching the provided criteria
- * badDataFormat        (5),
- *   -- the data submitted has the wrong format
- * wrongAuthority       (6), -- the authority indicated in the request is different from the one creating the response token
- * incorrectData        (7), -- the requester's data is incorrect (for notary services)
- * missingTimeStamp     (8), -- when the timestamp is missing but should be there (by policy)
- * badPOP               (9)  -- the proof-of-possession failed
- * certRevoked         (10),
- * certConfirmed       (11),
- * wrongIntegrity      (12),
- * badRecipientNonce   (13), 
- * timeNotAvailable    (14),
- *   -- the TSA's time source is not available
- * unacceptedPolicy    (15),
- *   -- the requested TSA policy is not supported by the TSA
- * unacceptedExtension (16),
- *   -- the requested extension is not supported by the TSA
- * addInfoNotAvailable (17)
- *   -- the additional information requested could not be understood
- *   -- or is not available
- * badSenderNonce      (18),
- * badCertTemplate     (19),
- * signerNotTrusted    (20),
- * transactionIdInUse  (21),
- * unsupportedVersion  (22),
- * notAuthorized       (23),
- * systemUnavail       (24),    
- * systemFailure       (25),
- *   -- the request cannot be handled due to system failure
- * duplicateCertReq    (26) 
- *
- */ -public class PKIFailureInfo - extends DERBitString -{ - public static final int badAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier - public static final int badMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify) - public static final int badRequest = (1 << 5); - public static final int badTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy - public static final int badCertId = (1 << 3); // no certificate could be found matching the provided criteria - public static final int badDataFormat = (1 << 2); - public static final int wrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token - public static final int incorrectData = 1; // the requester's data is incorrect (for notary services) - public static final int missingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy) - public static final int badPOP = (1 << 14); // the proof-of-possession failed - public static final int certRevoked = (1 << 13); - public static final int certConfirmed = (1 << 12); - public static final int wrongIntegrity = (1 << 11); - public static final int badRecipientNonce = (1 << 10); - public static final int timeNotAvailable = (1 << 9); // the TSA's time source is not available - public static final int unacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA - public static final int unacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA - public static final int addInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available - public static final int badSenderNonce = (1 << 21); - public static final int badCertTemplate = (1 << 20); - public static final int signerNotTrusted = (1 << 19); - public static final int transactionIdInUse = (1 << 18); - public static final int unsupportedVersion = (1 << 17); - public static final int notAuthorized = (1 << 16); - public static final int systemUnavail = (1 << 31); - public static final int systemFailure = (1 << 30); //the request cannot be handled due to system failure - public static final int duplicateCertReq = (1 << 29); - - /** @deprecated use lower case version */ - public static final int BAD_ALG = badAlg; // unrecognized or unsupported Algorithm Identifier - /** @deprecated use lower case version */ - public static final int BAD_MESSAGE_CHECK = badMessageCheck; - /** @deprecated use lower case version */ - public static final int BAD_REQUEST = badRequest; // transaction not permitted or supported - /** @deprecated use lower case version */ - public static final int BAD_TIME = badTime; - /** @deprecated use lower case version */ - public static final int BAD_CERT_ID = badCertId; - /** @deprecated use lower case version */ - public static final int BAD_DATA_FORMAT = badDataFormat; // the data submitted has the wrong format - /** @deprecated use lower case version */ - public static final int WRONG_AUTHORITY = wrongAuthority; - /** @deprecated use lower case version */ - public static final int INCORRECT_DATA = incorrectData; - /** @deprecated use lower case version */ - public static final int MISSING_TIME_STAMP = missingTimeStamp; - /** @deprecated use lower case version */ - public static final int BAD_POP = badPOP; - /** @deprecated use lower case version */ - public static final int TIME_NOT_AVAILABLE = timeNotAvailable; - /** @deprecated use lower case version */ - public static final int UNACCEPTED_POLICY = unacceptedPolicy; - /** @deprecated use lower case version */ - public static final int UNACCEPTED_EXTENSION = unacceptedExtension; - /** @deprecated use lower case version */ - public static final int ADD_INFO_NOT_AVAILABLE = addInfoNotAvailable; - /** @deprecated use lower case version */ - public static final int SYSTEM_FAILURE = systemFailure; - /** - * Basic constructor. - */ - public PKIFailureInfo( - int info) - { - super(getBytes(info), getPadBits(info)); - } - - public PKIFailureInfo( - DERBitString info) - { - super(info.getBytes(), info.getPadBits()); - } - - public String toString() - { - return "PKIFailureInfo: 0x" + Integer.toHexString(this.intValue()); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java deleted file mode 100644 index a23879487..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java +++ /dev/null @@ -1,112 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; - -public class PKIFreeText - extends ASN1Encodable -{ - ASN1Sequence strings; - - public static PKIFreeText getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static PKIFreeText getInstance( - Object obj) - { - if (obj instanceof PKIFreeText) - { - return (PKIFreeText)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PKIFreeText((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Unknown object in factory: " + obj.getClass().getName()); - } - - public PKIFreeText( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - if (!(e.nextElement() instanceof DERUTF8String)) - { - throw new IllegalArgumentException("attempt to insert non UTF8 STRING into PKIFreeText"); - } - } - - strings = seq; - } - - public PKIFreeText( - DERUTF8String p) - { - strings = new DERSequence(p); - } - - public PKIFreeText( - DERUTF8String[] strs) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < strs.length; i++) { - v.add(strs[i]); - } - strings = new DERSequence(v); - } - - public PKIFreeText( - String[] strs) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < strs.length; i++) { - v.add(new DERUTF8String(strs[i])); - } - strings = new DERSequence(v); - } - - /** - * Return the number of string elements present. - * - * @return number of elements present. - */ - public int size() - { - return strings.size(); - } - - /** - * Return the UTF8STRING at index i. - * - * @param i index of the string of interest - * @return the string at index i. - */ - public DERUTF8String getStringAt( - int i) - { - return (DERUTF8String)strings.getObjectAt(i); - } - - /** - * 
-     * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-     *
- */ - public DERObject toASN1Object() - { - return strings; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java deleted file mode 100644 index c25cd291b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java +++ /dev/null @@ -1,256 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; - -public class PKIHeader - extends ASN1Encodable -{ - /** - * Value for a "null" recipient or sender. - */ - public static final GeneralName NULL_NAME = new GeneralName(X500Name.getInstance(new DERSequence())); - - public static final int CMP_1999 = 1; - public static final int CMP_2000 = 2; - - private DERInteger pvno; - private GeneralName sender; - private GeneralName recipient; - private DERGeneralizedTime messageTime; - private AlgorithmIdentifier protectionAlg; - private ASN1OctetString senderKID; // KeyIdentifier - private ASN1OctetString recipKID; // KeyIdentifier - private ASN1OctetString transactionID; - private ASN1OctetString senderNonce; - private ASN1OctetString recipNonce; - private PKIFreeText freeText; - private ASN1Sequence generalInfo; - - private PKIHeader(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - - pvno = DERInteger.getInstance(en.nextElement()); - sender = GeneralName.getInstance(en.nextElement()); - recipient = GeneralName.getInstance(en.nextElement()); - - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); - - switch (tObj.getTagNo()) - { - case 0: - messageTime = DERGeneralizedTime.getInstance(tObj, true); - break; - case 1: - protectionAlg = AlgorithmIdentifier.getInstance(tObj, true); - break; - case 2: - senderKID = ASN1OctetString.getInstance(tObj, true); - break; - case 3: - recipKID = ASN1OctetString.getInstance(tObj, true); - break; - case 4: - transactionID = ASN1OctetString.getInstance(tObj, true); - break; - case 5: - senderNonce = ASN1OctetString.getInstance(tObj, true); - break; - case 6: - recipNonce = ASN1OctetString.getInstance(tObj, true); - break; - case 7: - freeText = PKIFreeText.getInstance(tObj, true); - break; - case 8: - generalInfo = ASN1Sequence.getInstance(tObj, true); - break; - default: - throw new IllegalArgumentException("unknown tag number: " + tObj.getTagNo()); - } - } - } - - public static PKIHeader getInstance(Object o) - { - if (o instanceof PKIHeader) - { - return (PKIHeader)o; - } - - if (o instanceof ASN1Sequence) - { - return new PKIHeader((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public PKIHeader( - int pvno, - GeneralName sender, - GeneralName recipient) - { - this(new DERInteger(pvno), sender, recipient); - } - - private PKIHeader( - DERInteger pvno, - GeneralName sender, - GeneralName recipient) - { - this.pvno = pvno; - this.sender = sender; - this.recipient = recipient; - } - - public DERInteger getPvno() - { - return pvno; - } - - public GeneralName getSender() - { - return sender; - } - - public GeneralName getRecipient() - { - return recipient; - } - - public DERGeneralizedTime getMessageTime() - { - return messageTime; - } - - public AlgorithmIdentifier getProtectionAlg() - { - return protectionAlg; - } - - public ASN1OctetString getSenderKID() - { - return senderKID; - } - - public ASN1OctetString getRecipKID() - { - return recipKID; - } - - public ASN1OctetString getTransactionID() - { - return transactionID; - } - - public ASN1OctetString getSenderNonce() - { - return senderNonce; - } - - public ASN1OctetString getRecipNonce() - { - return recipNonce; - } - - public PKIFreeText getFreeText() - { - return freeText; - } - - public InfoTypeAndValue[] getGeneralInfo() - { - if (generalInfo == null) { - return null; - } - InfoTypeAndValue[] results = new InfoTypeAndValue[generalInfo.size()]; - for (int i = 0; i < results.length; i++) { - results[i] - = InfoTypeAndValue.getInstance(generalInfo.getObjectAt(i)); - } - return results; - } - - /** - * 
-     *  PKIHeader ::= SEQUENCE {
-     *            pvno                INTEGER     { cmp1999(1), cmp2000(2) },
-     *            sender              GeneralName,
-     *            -- identifies the sender
-     *            recipient           GeneralName,
-     *            -- identifies the intended recipient
-     *            messageTime     [0] GeneralizedTime         OPTIONAL,
-     *            -- time of production of this message (used when sender
-     *            -- believes that the transport will be "suitable"; i.e.,
-     *            -- that the time will still be meaningful upon receipt)
-     *            protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
-     *            -- algorithm used for calculation of protection bits
-     *            senderKID       [2] KeyIdentifier           OPTIONAL,
-     *            recipKID        [3] KeyIdentifier           OPTIONAL,
-     *            -- to identify specific keys used for protection
-     *            transactionID   [4] OCTET STRING            OPTIONAL,
-     *            -- identifies the transaction; i.e., this will be the same in
-     *            -- corresponding request, response, certConf, and PKIConf
-     *            -- messages
-     *            senderNonce     [5] OCTET STRING            OPTIONAL,
-     *            recipNonce      [6] OCTET STRING            OPTIONAL,
-     *            -- nonces used to provide replay protection, senderNonce
-     *            -- is inserted by the creator of this message; recipNonce
-     *            -- is a nonce previously inserted in a related message by
-     *            -- the intended recipient of this message
-     *            freeText        [7] PKIFreeText             OPTIONAL,
-     *            -- this may be used to indicate context-specific instructions
-     *            -- (this field is intended for human consumption)
-     *            generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
-     *                                 InfoTypeAndValue     OPTIONAL
-     *            -- this may be used to convey context-specific information
-     *            -- (this field not primarily intended for human consumption)
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(pvno); - v.add(sender); - v.add(recipient); - addOptional(v, 0, messageTime); - addOptional(v, 1, protectionAlg); - addOptional(v, 2, senderKID); - addOptional(v, 3, recipKID); - addOptional(v, 4, transactionID); - addOptional(v, 5, senderNonce); - addOptional(v, 6, recipNonce); - addOptional(v, 7, freeText); - addOptional(v, 8, generalInfo); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(true, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java deleted file mode 100644 index 1590a556d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java +++ /dev/null @@ -1,243 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; - -public class PKIHeaderBuilder -{ - private DERInteger pvno; - private GeneralName sender; - private GeneralName recipient; - private DERGeneralizedTime messageTime; - private AlgorithmIdentifier protectionAlg; - private ASN1OctetString senderKID; // KeyIdentifier - private ASN1OctetString recipKID; // KeyIdentifier - private ASN1OctetString transactionID; - private ASN1OctetString senderNonce; - private ASN1OctetString recipNonce; - private PKIFreeText freeText; - private ASN1Sequence generalInfo; - - public PKIHeaderBuilder( - int pvno, - GeneralName sender, - GeneralName recipient) - { - this(new DERInteger(pvno), sender, recipient); - } - - private PKIHeaderBuilder( - DERInteger pvno, - GeneralName sender, - GeneralName recipient) - { - this.pvno = pvno; - this.sender = sender; - this.recipient = recipient; - } - - public PKIHeaderBuilder setMessageTime(DERGeneralizedTime time) - { - messageTime = time; - - return this; - } - - public PKIHeaderBuilder setProtectionAlg(AlgorithmIdentifier aid) - { - protectionAlg = aid; - - return this; - } - - public PKIHeaderBuilder setSenderKID(byte[] kid) - { - return setSenderKID(new DEROctetString(kid)); - } - - public PKIHeaderBuilder setSenderKID(ASN1OctetString kid) - { - senderKID = kid; - - return this; - } - - public PKIHeaderBuilder setRecipKID(byte[] kid) - { - return setRecipKID(new DEROctetString(kid)); - } - - public PKIHeaderBuilder setRecipKID(DEROctetString kid) - { - recipKID = kid; - - return this; - } - - public PKIHeaderBuilder setTransactionID(byte[] tid) - { - return setTransactionID(new DEROctetString(tid)); - } - - public PKIHeaderBuilder setTransactionID(ASN1OctetString tid) - { - transactionID = tid; - - return this; - } - - public PKIHeaderBuilder setSenderNonce(byte[] nonce) - { - return setSenderNonce(new DEROctetString(nonce)); - } - - public PKIHeaderBuilder setSenderNonce(ASN1OctetString nonce) - { - senderNonce = nonce; - - return this; - } - - public PKIHeaderBuilder setRecipNonce(byte[] nonce) - { - return setRecipNonce(new DEROctetString(nonce)); - } - - public PKIHeaderBuilder setRecipNonce(ASN1OctetString nonce) - { - recipNonce = nonce; - - return this; - } - - public PKIHeaderBuilder setFreeText(PKIFreeText text) - { - freeText = text; - - return this; - } - - public PKIHeaderBuilder setGeneralInfo(InfoTypeAndValue genInfo) - { - return setGeneralInfo(makeGeneralInfoSeq(genInfo)); - } - - public PKIHeaderBuilder setGeneralInfo(InfoTypeAndValue[] genInfos) - { - return setGeneralInfo(makeGeneralInfoSeq(genInfos)); - } - - public PKIHeaderBuilder setGeneralInfo(ASN1Sequence seqOfInfoTypeAndValue) - { - generalInfo = seqOfInfoTypeAndValue; - - return this; - } - - private static ASN1Sequence makeGeneralInfoSeq( - InfoTypeAndValue generalInfo) - { - return new DERSequence(generalInfo); - } - - private static ASN1Sequence makeGeneralInfoSeq( - InfoTypeAndValue[] generalInfos) - { - ASN1Sequence genInfoSeq = null; - if (generalInfos != null) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < generalInfos.length; i++) - { - v.add(generalInfos[i]); - } - genInfoSeq = new DERSequence(v); - } - return genInfoSeq; - } - - /** - * 
-     *  PKIHeader ::= SEQUENCE {
-     *            pvno                INTEGER     { cmp1999(1), cmp2000(2) },
-     *            sender              GeneralName,
-     *            -- identifies the sender
-     *            recipient           GeneralName,
-     *            -- identifies the intended recipient
-     *            messageTime     [0] GeneralizedTime         OPTIONAL,
-     *            -- time of production of this message (used when sender
-     *            -- believes that the transport will be "suitable"; i.e.,
-     *            -- that the time will still be meaningful upon receipt)
-     *            protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
-     *            -- algorithm used for calculation of protection bits
-     *            senderKID       [2] KeyIdentifier           OPTIONAL,
-     *            recipKID        [3] KeyIdentifier           OPTIONAL,
-     *            -- to identify specific keys used for protection
-     *            transactionID   [4] OCTET STRING            OPTIONAL,
-     *            -- identifies the transaction; i.e., this will be the same in
-     *            -- corresponding request, response, certConf, and PKIConf
-     *            -- messages
-     *            senderNonce     [5] OCTET STRING            OPTIONAL,
-     *            recipNonce      [6] OCTET STRING            OPTIONAL,
-     *            -- nonces used to provide replay protection, senderNonce
-     *            -- is inserted by the creator of this message; recipNonce
-     *            -- is a nonce previously inserted in a related message by
-     *            -- the intended recipient of this message
-     *            freeText        [7] PKIFreeText             OPTIONAL,
-     *            -- this may be used to indicate context-specific instructions
-     *            -- (this field is intended for human consumption)
-     *            generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
-     *                                 InfoTypeAndValue     OPTIONAL
-     *            -- this may be used to convey context-specific information
-     *            -- (this field not primarily intended for human consumption)
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public PKIHeader build() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(pvno); - v.add(sender); - v.add(recipient); - addOptional(v, 0, messageTime); - addOptional(v, 1, protectionAlg); - addOptional(v, 2, senderKID); - addOptional(v, 3, recipKID); - addOptional(v, 4, transactionID); - addOptional(v, 5, senderNonce); - addOptional(v, 6, recipNonce); - addOptional(v, 7, freeText); - addOptional(v, 8, generalInfo); - - messageTime = null; - protectionAlg = null; - senderKID = null; - recipKID = null; - transactionID = null; - senderNonce = null; - recipNonce = null; - freeText = null; - generalInfo = null; - - return PKIHeader.getInstance(new DERSequence(v)); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(true, tagNo, obj)); - } - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessage.java deleted file mode 100644 index 418024ab1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessage.java +++ /dev/null @@ -1,162 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class PKIMessage - extends ASN1Encodable -{ - private PKIHeader header; - private PKIBody body; - private DERBitString protection; - private ASN1Sequence extraCerts; - - private PKIMessage(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - - header = PKIHeader.getInstance(en.nextElement()); - body = PKIBody.getInstance(en.nextElement()); - - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); - - if (tObj.getTagNo() == 0) - { - protection = DERBitString.getInstance(tObj, true); - } - else - { - extraCerts = ASN1Sequence.getInstance(tObj, true); - } - } - } - - public static PKIMessage getInstance(Object o) - { - if (o instanceof PKIMessage) - { - return (PKIMessage)o; - } - else if (o != null) - { - return new PKIMessage(ASN1Sequence.getInstance(o)); - } - - return null; - } - - /** - * Creates a new PKIMessage. - * - * @param header message header - * @param body message body - * @param protection message protection (may be null) - * @param extraCerts extra certificates (may be null) - */ - public PKIMessage( - PKIHeader header, - PKIBody body, - DERBitString protection, - CMPCertificate[] extraCerts) - { - this.header = header; - this.body = body; - this.protection = protection; - if (extraCerts != null) { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < extraCerts.length; i++) { - v.add(extraCerts[i]); - } - this.extraCerts = new DERSequence(v); - } - } - - public PKIMessage( - PKIHeader header, - PKIBody body, - DERBitString protection) - { - this(header, body, protection, null); - } - - public PKIMessage( - PKIHeader header, - PKIBody body) - { - this(header, body, null, null); - } - - public PKIHeader getHeader() - { - return header; - } - - public PKIBody getBody() - { - return body; - } - - public DERBitString getProtection() - { - return protection; - } - - public CMPCertificate[] getExtraCerts() - { - if (extraCerts == null) - { - return null; - } - - CMPCertificate[] results = new CMPCertificate[extraCerts.size()]; - - for (int i = 0; i < results.length; i++) - { - results[i] = CMPCertificate.getInstance(extraCerts.getObjectAt(i)); - } - return results; - } - - /** - * 
-     * PKIMessage ::= SEQUENCE {
-     *                  header           PKIHeader,
-     *                  body             PKIBody,
-     *                  protection   [0] PKIProtection OPTIONAL,
-     *                  extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
-     *                                                                     OPTIONAL
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(header); - v.add(body); - - addOptional(v, 0, protection); - addOptional(v, 1, extraCerts); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(true, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessages.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessages.java deleted file mode 100644 index cf7489ba5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIMessages.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PKIMessages - extends ASN1Encodable -{ - private ASN1Sequence content; - - private PKIMessages(ASN1Sequence seq) - { - content = seq; - } - - public static PKIMessages getInstance(Object o) - { - if (o instanceof PKIMessages) - { - return (PKIMessages)o; - } - - if (o instanceof ASN1Sequence) - { - return new PKIMessages((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public PKIMessages(PKIMessage msg) - { - content = new DERSequence(msg); - } - - public PKIMessages(PKIMessage[] msgs) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < msgs.length; i++) - { - v.add(msgs[i]); - } - content = new DERSequence(v); - } - - public PKIMessage[] toPKIMessageArray() - { - PKIMessage[] result = new PKIMessage[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = PKIMessage.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java deleted file mode 100644 index 25ba19927..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java +++ /dev/null @@ -1,64 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -public class PKIStatus - extends ASN1Encodable -{ - public static final int GRANTED = 0; - public static final int GRANTED_WITH_MODS = 1; - public static final int REJECTION = 2; - public static final int WAITING = 3; - public static final int REVOCATION_WARNING = 4; - public static final int REVOCATION_NOTIFICATION = 5; - public static final int KEY_UPDATE_WARNING = 6; - - public static final PKIStatus granted = new PKIStatus(GRANTED); - public static final PKIStatus grantedWithMods = new PKIStatus(GRANTED_WITH_MODS); - public static final PKIStatus rejection = new PKIStatus(REJECTION); - public static final PKIStatus waiting = new PKIStatus(WAITING); - public static final PKIStatus revocationWarning = new PKIStatus(REVOCATION_WARNING); - public static final PKIStatus revocationNotification = new PKIStatus(REVOCATION_NOTIFICATION); - public static final PKIStatus keyUpdateWaiting = new PKIStatus(KEY_UPDATE_WARNING); - - private DERInteger value; - - private PKIStatus(int value) - { - this(new DERInteger(value)); - } - - private PKIStatus(DERInteger value) - { - this.value = value; - } - - public static PKIStatus getInstance(Object o) - { - if (o instanceof PKIStatus) - { - return (PKIStatus)o; - } - - if (o instanceof DERInteger) - { - return new PKIStatus((DERInteger)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public BigInteger getValue() - { - return value.getValue(); - } - - public DERObject toASN1Object() - { - return value; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java deleted file mode 100644 index 7704b52c2..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java +++ /dev/null @@ -1,177 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PKIStatusInfo - extends ASN1Encodable -{ - DERInteger status; - PKIFreeText statusString; - DERBitString failInfo; - - public static PKIStatusInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static PKIStatusInfo getInstance( - Object obj) - { - if (obj instanceof PKIStatusInfo) - { - return (PKIStatusInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PKIStatusInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public PKIStatusInfo( - ASN1Sequence seq) - { - this.status = DERInteger.getInstance(seq.getObjectAt(0)); - - this.statusString = null; - this.failInfo = null; - - if (seq.size() > 2) - { - this.statusString = PKIFreeText.getInstance(seq.getObjectAt(1)); - this.failInfo = DERBitString.getInstance(seq.getObjectAt(2)); - } - else if (seq.size() > 1) - { - Object obj = seq.getObjectAt(1); - if (obj instanceof DERBitString) - { - this.failInfo = DERBitString.getInstance(obj); - } - else - { - this.statusString = PKIFreeText.getInstance(obj); - } - } - } - - /** - * @param status - */ - public PKIStatusInfo(int status) - { - this.status = new DERInteger(status); - } - - public PKIStatusInfo(PKIStatus status) - { - this.status = DERInteger.getInstance(status.toASN1Object()); - } - - /** - * @param status - * @param statusString - */ - public PKIStatusInfo( - int status, - PKIFreeText statusString) - { - this.status = new DERInteger(status); - this.statusString = statusString; - } - - public PKIStatusInfo( - PKIStatus status, - PKIFreeText statusString) - { - this.status = DERInteger.getInstance(status.toASN1Object()); - this.statusString = statusString; - } - - public PKIStatusInfo( - int status, - PKIFreeText statusString, - PKIFailureInfo failInfo) - { - this.status = new DERInteger(status); - this.statusString = statusString; - this.failInfo = failInfo; - } - - public BigInteger getStatus() - { - return status.getValue(); - } - - public PKIFreeText getStatusString() - { - return statusString; - } - - public DERBitString getFailInfo() - { - return failInfo; - } - - /** - * 
-     * PKIStatusInfo ::= SEQUENCE {
-     *     status        PKIStatus,                (INTEGER)
-     *     statusString  PKIFreeText     OPTIONAL,
-     *     failInfo      PKIFailureInfo  OPTIONAL  (BIT STRING)
-     * }
-     *
-     * PKIStatus:
-     *   granted                (0), -- you got exactly what you asked for
-     *   grantedWithMods        (1), -- you got something like what you asked for
-     *   rejection              (2), -- you don't get it, more information elsewhere in the message
-     *   waiting                (3), -- the request body part has not yet been processed, expect to hear more later
-     *   revocationWarning      (4), -- this message contains a warning that a revocation is imminent
-     *   revocationNotification (5), -- notification that a revocation has occurred
-     *   keyUpdateWarning       (6)  -- update already done for the oldCertId specified in CertReqMsg
-     *
-     * PKIFailureInfo:
-     *   badAlg           (0), -- unrecognized or unsupported Algorithm Identifier
-     *   badMessageCheck  (1), -- integrity check failed (e.g., signature did not verify)
-     *   badRequest       (2), -- transaction not permitted or supported
-     *   badTime          (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
-     *   badCertId        (4), -- no certificate could be found matching the provided criteria
-     *   badDataFormat    (5), -- the data submitted has the wrong format
-     *   wrongAuthority   (6), -- the authority indicated in the request is different from the one creating the response token
-     *   incorrectData    (7), -- the requester's data is incorrect (for notary services)
-     *   missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
-     *   badPOP           (9)  -- the proof-of-possession failed
-     *
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(status); - - if (statusString != null) - { - v.add(statusString); - } - - if (failInfo!= null) - { - v.add(failInfo); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyChallContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyChallContent.java deleted file mode 100644 index 5b4b1dea4..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyChallContent.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; - -public class POPODecKeyChallContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private POPODecKeyChallContent(ASN1Sequence seq) - { - content = seq; - } - - public static POPODecKeyChallContent getInstance(Object o) - { - if (o instanceof POPODecKeyChallContent) - { - return (POPODecKeyChallContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new POPODecKeyChallContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public Challenge[] toChallengeArray() - { - Challenge[] result = new Challenge[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = Challenge.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * POPODecKeyChallContent ::= SEQUENCE OF Challenge
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyRespContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyRespContent.java deleted file mode 100644 index 3db29ee38..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/POPODecKeyRespContent.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -public class POPODecKeyRespContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private POPODecKeyRespContent(ASN1Sequence seq) - { - content = seq; - } - - public static POPODecKeyRespContent getInstance(Object o) - { - if (o instanceof POPODecKeyRespContent) - { - return (POPODecKeyRespContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new POPODecKeyRespContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public DERInteger[] toDERIntegerArray() - { - DERInteger[] result = new DERInteger[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = DERInteger.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * POPODecKeyRespContent ::= SEQUENCE OF INTEGER
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollRepContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollRepContent.java deleted file mode 100644 index b2598d512..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollRepContent.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PollRepContent - extends ASN1Encodable -{ - private DERInteger certReqId; - private DERInteger checkAfter; - private PKIFreeText reason; - - private PollRepContent(ASN1Sequence seq) - { - certReqId = DERInteger.getInstance(seq.getObjectAt(0)); - checkAfter = DERInteger.getInstance(seq.getObjectAt(1)); - - if (seq.size() > 2) - { - reason = PKIFreeText.getInstance(seq.getObjectAt(2)); - } - } - - public static PollRepContent getInstance(Object o) - { - if (o instanceof PollRepContent) - { - return (PollRepContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new PollRepContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public DERInteger getCertReqId() - { - return certReqId; - } - - public DERInteger getCheckAfter() - { - return checkAfter; - } - - public PKIFreeText getReason() - { - return reason; - } - - /** - * 
-     * PollRepContent ::= SEQUENCE OF SEQUENCE {
-     *         certReqId              INTEGER,
-     *         checkAfter             INTEGER,  -- time in seconds
-     *         reason                 PKIFreeText OPTIONAL
-     *     }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certReqId); - v.add(checkAfter); - - if (reason != null) - { - v.add(reason); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollReqContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollReqContent.java deleted file mode 100644 index e871935ef..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/PollReqContent.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -public class PollReqContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private PollReqContent(ASN1Sequence seq) - { - content = seq; - } - - public static PollReqContent getInstance(Object o) - { - if (o instanceof PollReqContent) - { - return (PollReqContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new PollReqContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public DERInteger[][] getCertReqIds() - { - DERInteger[][] result = new DERInteger[content.size()][]; - - for (int i = 0; i != result.length; i++) - { - result[i] = seqenceToDERIntegerArray((ASN1Sequence)content.getObjectAt(i)); - } - - return result; - } - - private DERInteger[] seqenceToDERIntegerArray(ASN1Sequence seq) - { - DERInteger[] result = new DERInteger[seq.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = DERInteger.getInstance(seq.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * PollReqContent ::= SEQUENCE OF SEQUENCE {
-     *                        certReqId              INTEGER
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ProtectedPart.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ProtectedPart.java deleted file mode 100644 index 0ec36bcce..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/ProtectedPart.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class ProtectedPart - extends ASN1Encodable -{ - private PKIHeader header; - private PKIBody body; - - private ProtectedPart(ASN1Sequence seq) - { - header = PKIHeader.getInstance(seq.getObjectAt(0)); - body = PKIBody.getInstance(seq.getObjectAt(1)); - } - - public static ProtectedPart getInstance(Object o) - { - if (o instanceof ProtectedPart) - { - return (ProtectedPart)o; - } - - if (o instanceof ASN1Sequence) - { - return new ProtectedPart((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public ProtectedPart(PKIHeader header, PKIBody body) - { - this.header = header; - this.body = body; - } - - public PKIHeader getHeader() - { - return header; - } - - public PKIBody getBody() - { - return body; - } - - /** - * 
-     * ProtectedPart ::= SEQUENCE {
-     *                    header    PKIHeader,
-     *                    body      PKIBody
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(header); - v.add(body); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevAnnContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevAnnContent.java deleted file mode 100644 index 3e2bac2c3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevAnnContent.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.crmf.CertId; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class RevAnnContent - extends ASN1Encodable -{ - private PKIStatus status; - private CertId certId; - private DERGeneralizedTime willBeRevokedAt; - private DERGeneralizedTime badSinceDate; - private X509Extensions crlDetails; - - private RevAnnContent(ASN1Sequence seq) - { - status = PKIStatus.getInstance(seq.getObjectAt(0)); - certId = CertId.getInstance(seq.getObjectAt(1)); - willBeRevokedAt = DERGeneralizedTime.getInstance(seq.getObjectAt(2)); - badSinceDate = DERGeneralizedTime.getInstance(seq.getObjectAt(3)); - - if (seq.size() > 4) - { - crlDetails = X509Extensions.getInstance(seq.getObjectAt(4)); - } - } - - public static RevAnnContent getInstance(Object o) - { - if (o instanceof RevAnnContent) - { - return (RevAnnContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new RevAnnContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public PKIStatus getStatus() - { - return status; - } - - public CertId getCertId() - { - return certId; - } - - public DERGeneralizedTime getWillBeRevokedAt() - { - return willBeRevokedAt; - } - - public DERGeneralizedTime getBadSinceDate() - { - return badSinceDate; - } - - public X509Extensions getCrlDetails() - { - return crlDetails; - } - - /** - * 
-     * RevAnnContent ::= SEQUENCE {
-     *       status              PKIStatus,
-     *       certId              CertId,
-     *       willBeRevokedAt     GeneralizedTime,
-     *       badSinceDate        GeneralizedTime,
-     *       crlDetails          Extensions  OPTIONAL
-     *        -- extra CRL details (e.g., crl number, reason, location, etc.)
-     * }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(status); - v.add(certId); - v.add(willBeRevokedAt); - v.add(badSinceDate); - - if (crlDetails != null) - { - v.add(crlDetails); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevDetails.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevDetails.java deleted file mode 100644 index e46282780..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevDetails.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.crmf.CertTemplate; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class RevDetails - extends ASN1Encodable -{ - private CertTemplate certDetails; - private X509Extensions crlEntryDetails; - - private RevDetails(ASN1Sequence seq) - { - certDetails = CertTemplate.getInstance(seq.getObjectAt(0)); - if (seq.size() > 1) - { - crlEntryDetails = X509Extensions.getInstance(seq.getObjectAt(1)); - } - } - - public static RevDetails getInstance(Object o) - { - if (o instanceof RevDetails) - { - return (RevDetails)o; - } - - if (o instanceof ASN1Sequence) - { - return new RevDetails((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public RevDetails(CertTemplate certDetails) - { - this.certDetails = certDetails; - } - - public RevDetails(CertTemplate certDetails, X509Extensions crlEntryDetails) - { - this.crlEntryDetails = crlEntryDetails; - } - - public CertTemplate getCertDetails() - { - return certDetails; - } - - public X509Extensions getCrlEntryDetails() - { - return crlEntryDetails; - } - - /** - * 
-     * RevDetails ::= SEQUENCE {
-     *                  certDetails         CertTemplate,
-     *                   -- allows requester to specify as much as they can about
-     *                   -- the cert. for which revocation is requested
-     *                   -- (e.g., for cases in which serialNumber is not available)
-     *                   crlEntryDetails     Extensions       OPTIONAL
-     *                   -- requested crlEntryExtensions
-     *             }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certDetails); - - if (crlEntryDetails != null) - { - v.add(crlEntryDetails); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContent.java deleted file mode 100644 index 07e5cd703..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContent.java +++ /dev/null @@ -1,136 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.crmf.CertId; -import org.bouncycastle.asn1.x509.CertificateList; - -public class RevRepContent - extends ASN1Encodable -{ - private ASN1Sequence status; - private ASN1Sequence revCerts; - private ASN1Sequence crls; - - private RevRepContent(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - - status = ASN1Sequence.getInstance(en.nextElement()); - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(en.nextElement()); - - if (tObj.getTagNo() == 0) - { - revCerts = ASN1Sequence.getInstance(tObj, true); - } - else - { - crls = ASN1Sequence.getInstance(tObj, true); - } - } - } - - public static RevRepContent getInstance(Object o) - { - if (o instanceof RevRepContent) - { - return (RevRepContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new RevRepContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public PKIStatusInfo[] getStatus() - { - PKIStatusInfo[] results = new PKIStatusInfo[status.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = PKIStatusInfo.getInstance(status.getObjectAt(i)); - } - - return results; - } - - public CertId[] getRevCerts() - { - if (revCerts == null) - { - return null; - } - - CertId[] results = new CertId[revCerts.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = CertId.getInstance(revCerts.getObjectAt(i)); - } - - return results; - } - - public CertificateList[] getCrls() - { - if (crls == null) - { - return null; - } - - CertificateList[] results = new CertificateList[crls.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = CertificateList.getInstance(crls.getObjectAt(i)); - } - - return results; - } - - /** - * 
-     * RevRepContent ::= SEQUENCE {
-     *        status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
-     *        -- in same order as was sent in RevReqContent
-     *        revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
-     *        -- IDs for which revocation was requested
-     *        -- (same order as status)
-     *        crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
-     *        -- the resulting CRLs (there may be more than one)
-     *   }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(status); - - addOptional(v, 0, revCerts); - addOptional(v, 1, crls); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(true, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContentBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContentBuilder.java deleted file mode 100644 index 10522c2f7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevRepContentBuilder.java +++ /dev/null @@ -1,59 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.crmf.CertId; -import org.bouncycastle.asn1.x509.CertificateList; - -public class RevRepContentBuilder -{ - private ASN1EncodableVector status = new ASN1EncodableVector(); - private ASN1EncodableVector revCerts = new ASN1EncodableVector(); - private ASN1EncodableVector crls = new ASN1EncodableVector(); - - public RevRepContentBuilder add(PKIStatusInfo status) - { - this.status.add(status); - - return this; - } - - public RevRepContentBuilder add(PKIStatusInfo status, CertId certId) - { - if (this.status.size() != this.revCerts.size()) - { - throw new IllegalStateException("status and revCerts sequence must be in common order"); - } - this.status.add(status); - this.revCerts.add(certId); - - return this; - } - - public RevRepContentBuilder addCrl(CertificateList crl) - { - this.crls.add(crl); - - return this; - } - - public RevRepContent build() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERSequence(status)); - - if (revCerts.size() != 0) - { - v.add(new DERTaggedObject(true, 0, new DERSequence(revCerts))); - } - - if (crls.size() != 0) - { - v.add(new DERTaggedObject(true, 1, new DERSequence(crls))); - } - - return RevRepContent.getInstance(new DERSequence(v)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevReqContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevReqContent.java deleted file mode 100644 index 08fda00b8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/RevReqContent.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class RevReqContent - extends ASN1Encodable -{ - private ASN1Sequence content; - - private RevReqContent(ASN1Sequence seq) - { - content = seq; - } - - public static RevReqContent getInstance(Object o) - { - if (o instanceof RevReqContent) - { - return (RevReqContent)o; - } - - if (o instanceof ASN1Sequence) - { - return new RevReqContent((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public RevReqContent(RevDetails revDetails) - { - this.content = new DERSequence(revDetails); - } - - public RevReqContent(RevDetails[] revDetailsArray) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != revDetailsArray.length; i++) - { - v.add(revDetailsArray[i]); - } - - this.content = new DERSequence(v); - } - - public RevDetails[] toRevDetailsArray() - { - RevDetails[] result = new RevDetails[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = RevDetails.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * RevReqContent ::= SEQUENCE OF RevDetails
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/package.html deleted file mode 100644 index eb713c970..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cmp/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting PKIX-CMP as described RFC 2510. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attribute.java deleted file mode 100644 index 8e8a991f8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attribute.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class Attribute - extends ASN1Encodable -{ - private DERObjectIdentifier attrType; - private ASN1Set attrValues; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static Attribute getInstance( - Object o) - { - if (o == null || o instanceof Attribute) - { - return (Attribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new Attribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public Attribute( - ASN1Sequence seq) - { - attrType = (DERObjectIdentifier)seq.getObjectAt(0); - attrValues = (ASN1Set)seq.getObjectAt(1); - } - - public Attribute( - DERObjectIdentifier attrType, - ASN1Set attrValues) - { - this.attrType = attrType; - this.attrValues = attrValues; - } - - public DERObjectIdentifier getAttrType() - { - return attrType; - } - - public ASN1Set getAttrValues() - { - return attrValues; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Attribute ::= SEQUENCE {
-     *     attrType OBJECT IDENTIFIER,
-     *     attrValues SET OF AttributeValue
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attrType); - v.add(attrValues); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java deleted file mode 100644 index d686ef23c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java +++ /dev/null @@ -1,232 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSet; - -public class AttributeTable -{ - private Hashtable attributes = new Hashtable(); - - public AttributeTable( - Hashtable attrs) - { - attributes = copyTable(attrs); - } - - public AttributeTable( - ASN1EncodableVector v) - { - for (int i = 0; i != v.size(); i++) - { - Attribute a = Attribute.getInstance(v.get(i)); - - addAttribute(a.getAttrType(), a); - } - } - - public AttributeTable( - ASN1Set s) - { - for (int i = 0; i != s.size(); i++) - { - Attribute a = Attribute.getInstance(s.getObjectAt(i)); - - addAttribute(a.getAttrType(), a); - } - } - - public AttributeTable( - Attributes attrs) - { - this(ASN1Set.getInstance(attrs.getDERObject())); - } - - private void addAttribute( - DERObjectIdentifier oid, - Attribute a) - { - Object value = attributes.get(oid); - - if (value == null) - { - attributes.put(oid, a); - } - else - { - Vector v; - - if (value instanceof Attribute) - { - v = new Vector(); - - v.addElement(value); - v.addElement(a); - } - else - { - v = (Vector)value; - - v.addElement(a); - } - - attributes.put(oid, v); - } - } - - /** - * Return the first attribute matching the OBJECT IDENTIFIER oid. - * - * @param oid type of attribute required. - * @return first attribute found of type oid. - */ - public Attribute get( - DERObjectIdentifier oid) - { - Object value = attributes.get(oid); - - if (value instanceof Vector) - { - return (Attribute)((Vector)value).elementAt(0); - } - - return (Attribute)value; - } - - /** - * Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be - * empty if there are no attributes of the required type present. - * - * @param oid type of attribute required. - * @return a vector of all the attributes found of type oid. - */ - public ASN1EncodableVector getAll( - DERObjectIdentifier oid) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - Object value = attributes.get(oid); - - if (value instanceof Vector) - { - Enumeration e = ((Vector)value).elements(); - - while (e.hasMoreElements()) - { - v.add((Attribute)e.nextElement()); - } - } - else if (value != null) - { - v.add((Attribute)value); - } - - return v; - } - - public int size() - { - int size = 0; - - for (Enumeration en = attributes.elements(); en.hasMoreElements();) - { - Object o = en.nextElement(); - - if (o instanceof Vector) - { - size += ((Vector)o).size(); - } - else - { - size++; - } - } - - return size; - } - - public Hashtable toHashtable() - { - return copyTable(attributes); - } - - public ASN1EncodableVector toASN1EncodableVector() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - Enumeration e = attributes.elements(); - - while (e.hasMoreElements()) - { - Object value = e.nextElement(); - - if (value instanceof Vector) - { - Enumeration en = ((Vector)value).elements(); - - while (en.hasMoreElements()) - { - v.add(Attribute.getInstance(en.nextElement())); - } - } - else - { - v.add(Attribute.getInstance(value)); - } - } - - return v; - } - - public Attributes toAttributes() - { - return new Attributes(this.toASN1EncodableVector()); - } - - private Hashtable copyTable( - Hashtable in) - { - Hashtable out = new Hashtable(); - Enumeration e = in.keys(); - - while (e.hasMoreElements()) - { - Object key = e.nextElement(); - - out.put(key, in.get(key)); - } - - return out; - } - - /** - * Return a new table with the passed in attribute added. - * - * @param attrType - * @param attrValue - * @return - */ - public AttributeTable add(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue) - { - AttributeTable newTable = new AttributeTable(attributes); - - newTable.addAttribute(attrType, new Attribute(attrType, new DERSet(attrValue))); - - return newTable; - } - - public AttributeTable remove(ASN1ObjectIdentifier attrType) - { - AttributeTable newTable = new AttributeTable(attributes); - - newTable.attributes.remove(attrType); - - return newTable; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attributes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attributes.java deleted file mode 100644 index 83664d64a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Attributes.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERObject; - -public class Attributes - extends ASN1Encodable -{ - private ASN1Set attributes; - - private Attributes(ASN1Set set) - { - attributes = set; - } - - public Attributes(ASN1EncodableVector v) - { - attributes = new BERSet(v); - } - - public static Attributes getInstance(Object obj) - { - if (obj instanceof Attributes) - { - return (Attributes)obj; - } - else if (obj != null) - { - return new Attributes(ASN1Set.getInstance(obj)); - } - - return null; - } - - /** - * 
-     * Attributes ::=
-     *   SET SIZE(1..MAX) OF Attribute -- according to RFC 5652
-     *
- * @return - */ - public DERObject toASN1Object() - { - return attributes; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedData.java deleted file mode 100644 index c16323b10..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedData.java +++ /dev/null @@ -1,218 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class AuthEnvelopedData - extends ASN1Encodable -{ - private DERInteger version; - private OriginatorInfo originatorInfo; - private ASN1Set recipientInfos; - private EncryptedContentInfo authEncryptedContentInfo; - private ASN1Set authAttrs; - private ASN1OctetString mac; - private ASN1Set unauthAttrs; - - public AuthEnvelopedData( - OriginatorInfo originatorInfo, - ASN1Set recipientInfos, - EncryptedContentInfo authEncryptedContentInfo, - ASN1Set authAttrs, - ASN1OctetString mac, - ASN1Set unauthAttrs) - { - // "It MUST be set to 0." - this.version = new DERInteger(0); - - this.originatorInfo = originatorInfo; - - // TODO - // "There MUST be at least one element in the collection." - this.recipientInfos = recipientInfos; - - this.authEncryptedContentInfo = authEncryptedContentInfo; - - // TODO - // "The authAttrs MUST be present if the content type carried in - // EncryptedContentInfo is not id-data." - this.authAttrs = authAttrs; - - this.mac = mac; - - this.unauthAttrs = unauthAttrs; - } - - public AuthEnvelopedData( - ASN1Sequence seq) - { - int index = 0; - - // TODO - // "It MUST be set to 0." - DERObject tmp = seq.getObjectAt(index++).getDERObject(); - version = (DERInteger)tmp; - - tmp = seq.getObjectAt(index++).getDERObject(); - if (tmp instanceof ASN1TaggedObject) - { - originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++).getDERObject(); - } - - // TODO - // "There MUST be at least one element in the collection." - recipientInfos = ASN1Set.getInstance(tmp); - - tmp = seq.getObjectAt(index++).getDERObject(); - authEncryptedContentInfo = EncryptedContentInfo.getInstance(tmp); - - tmp = seq.getObjectAt(index++).getDERObject(); - if (tmp instanceof ASN1TaggedObject) - { - authAttrs = ASN1Set.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++).getDERObject(); - } - else - { - // TODO - // "The authAttrs MUST be present if the content type carried in - // EncryptedContentInfo is not id-data." - } - - mac = ASN1OctetString.getInstance(tmp); - - if (seq.size() > index) - { - tmp = seq.getObjectAt(index++).getDERObject(); - unauthAttrs = ASN1Set.getInstance((ASN1TaggedObject)tmp, false); - } - } - - /** - * return an AuthEnvelopedData object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @throws IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static AuthEnvelopedData getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an AuthEnvelopedData object from the given object. - * - * @param obj the object we want converted. - * @throws IllegalArgumentException if the object cannot be converted. - */ - public static AuthEnvelopedData getInstance( - Object obj) - { - if (obj == null || obj instanceof AuthEnvelopedData) - { - return (AuthEnvelopedData)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new AuthEnvelopedData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid AuthEnvelopedData: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorInfo getOriginatorInfo() - { - return originatorInfo; - } - - public ASN1Set getRecipientInfos() - { - return recipientInfos; - } - - public EncryptedContentInfo getAuthEncryptedContentInfo() - { - return authEncryptedContentInfo; - } - - public ASN1Set getAuthAttrs() - { - return authAttrs; - } - - public ASN1OctetString getMac() - { - return mac; - } - - public ASN1Set getUnauthAttrs() - { - return unauthAttrs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * AuthEnvelopedData ::= SEQUENCE {
-     *   version CMSVersion,
-     *   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-     *   recipientInfos RecipientInfos,
-     *   authEncryptedContentInfo EncryptedContentInfo,
-     *   authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
-     *   mac MessageAuthenticationCode,
-     *   unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (originatorInfo != null) - { - v.add(new DERTaggedObject(false, 0, originatorInfo)); - } - - v.add(recipientInfos); - v.add(authEncryptedContentInfo); - - // "authAttrs optionally contains the authenticated attributes." - if (authAttrs != null) - { - // "AuthAttributes MUST be DER encoded, even if the rest of the - // AuthEnvelopedData structure is BER encoded." - v.add(new DERTaggedObject(false, 1, authAttrs)); - } - - v.add(mac); - - // "unauthAttrs optionally contains the unauthenticated attributes." - if (unauthAttrs != null) - { - v.add(new DERTaggedObject(false, 2, unauthAttrs)); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java deleted file mode 100644 index a5e60be53..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java +++ /dev/null @@ -1,157 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.ASN1TaggedObjectParser; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERTags; - -/** - * Produce an object suitable for an ASN1OutputStream. - * - * 
- * AuthEnvelopedData ::= SEQUENCE {
- *   version CMSVersion,
- *   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- *   recipientInfos RecipientInfos,
- *   authEncryptedContentInfo EncryptedContentInfo,
- *   authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
- *   mac MessageAuthenticationCode,
- *   unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
- *
- */ -public class AuthEnvelopedDataParser -{ - private ASN1SequenceParser seq; - private DERInteger version; - private DEREncodable nextObject; - private boolean originatorInfoCalled; - - public AuthEnvelopedDataParser(ASN1SequenceParser seq) throws IOException - { - this.seq = seq; - - // TODO - // "It MUST be set to 0." - this.version = (DERInteger)seq.readObject(); - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorInfo getOriginatorInfo() - throws IOException - { - originatorInfoCalled = true; - - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject instanceof ASN1TaggedObjectParser && ((ASN1TaggedObjectParser)nextObject).getTagNo() == 0) - { - ASN1SequenceParser originatorInfo = (ASN1SequenceParser) ((ASN1TaggedObjectParser)nextObject).getObjectParser(DERTags.SEQUENCE, false); - nextObject = null; - return OriginatorInfo.getInstance(originatorInfo.getDERObject()); - } - - return null; - } - - public ASN1SetParser getRecipientInfos() - throws IOException - { - if (!originatorInfoCalled) - { - getOriginatorInfo(); - } - - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - ASN1SetParser recipientInfos = (ASN1SetParser)nextObject; - nextObject = null; - return recipientInfos; - } - - public EncryptedContentInfoParser getAuthEncryptedContentInfo() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject != null) - { - ASN1SequenceParser o = (ASN1SequenceParser) nextObject; - nextObject = null; - return new EncryptedContentInfoParser(o); - } - - return null; - } - - public ASN1SetParser getAuthAttrs() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject instanceof ASN1TaggedObjectParser) - { - DEREncodable o = nextObject; - nextObject = null; - return (ASN1SetParser)((ASN1TaggedObjectParser)o).getObjectParser(DERTags.SET, false); - } - - // TODO - // "The authAttrs MUST be present if the content type carried in - // EncryptedContentInfo is not id-data." - - return null; - } - - public ASN1OctetString getMac() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - DEREncodable o = nextObject; - nextObject = null; - - return ASN1OctetString.getInstance(o.getDERObject()); - } - - public ASN1SetParser getUnauthAttrs() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject != null) - { - DEREncodable o = nextObject; - nextObject = null; - return (ASN1SetParser)((ASN1TaggedObjectParser)o).getObjectParser(DERTags.SET, false); - } - - return null; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedData.java deleted file mode 100644 index b74e752d5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedData.java +++ /dev/null @@ -1,293 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class AuthenticatedData - extends ASN1Encodable -{ - private DERInteger version; - private OriginatorInfo originatorInfo; - private ASN1Set recipientInfos; - private AlgorithmIdentifier macAlgorithm; - private AlgorithmIdentifier digestAlgorithm; - private ContentInfo encapsulatedContentInfo; - private ASN1Set authAttrs; - private ASN1OctetString mac; - private ASN1Set unauthAttrs; - - public AuthenticatedData( - OriginatorInfo originatorInfo, - ASN1Set recipientInfos, - AlgorithmIdentifier macAlgorithm, - AlgorithmIdentifier digestAlgorithm, - ContentInfo encapsulatedContent, - ASN1Set authAttrs, - ASN1OctetString mac, - ASN1Set unauthAttrs) - { - if (digestAlgorithm != null || authAttrs != null) - { - if (digestAlgorithm == null || authAttrs == null) - { - throw new IllegalArgumentException("digestAlgorithm and authAttrs must be set together"); - } - } - - version = new DERInteger(calculateVersion(originatorInfo)); - - this.originatorInfo = originatorInfo; - this.macAlgorithm = macAlgorithm; - this.digestAlgorithm = digestAlgorithm; - this.recipientInfos = recipientInfos; - this.encapsulatedContentInfo = encapsulatedContent; - this.authAttrs = authAttrs; - this.mac = mac; - this.unauthAttrs = unauthAttrs; - } - - public AuthenticatedData( - ASN1Sequence seq) - { - int index = 0; - - version = (DERInteger)seq.getObjectAt(index++); - - Object tmp = seq.getObjectAt(index++); - - if (tmp instanceof ASN1TaggedObject) - { - originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++); - } - - recipientInfos = ASN1Set.getInstance(tmp); - macAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++)); - - tmp = seq.getObjectAt(index++); - - if (tmp instanceof ASN1TaggedObject) - { - digestAlgorithm = AlgorithmIdentifier.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++); - } - - encapsulatedContentInfo = ContentInfo.getInstance(tmp); - - tmp = seq.getObjectAt(index++); - - if (tmp instanceof ASN1TaggedObject) - { - authAttrs = ASN1Set.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++); - } - - mac = ASN1OctetString.getInstance(tmp); - - if (seq.size() > index) - { - unauthAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false); - } - } - - /** - * return an AuthenticatedData object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @throws IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static AuthenticatedData getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an AuthenticatedData object from the given object. - * - * @param obj the object we want converted. - * @throws IllegalArgumentException if the object cannot be converted. - */ - public static AuthenticatedData getInstance( - Object obj) - { - if (obj == null || obj instanceof AuthenticatedData) - { - return (AuthenticatedData)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new AuthenticatedData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid AuthenticatedData: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorInfo getOriginatorInfo() - { - return originatorInfo; - } - - public ASN1Set getRecipientInfos() - { - return recipientInfos; - } - - public AlgorithmIdentifier getMacAlgorithm() - { - return macAlgorithm; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digestAlgorithm; - } - - public ContentInfo getEncapsulatedContentInfo() - { - return encapsulatedContentInfo; - } - - public ASN1Set getAuthAttrs() - { - return authAttrs; - } - - public ASN1OctetString getMac() - { - return mac; - } - - public ASN1Set getUnauthAttrs() - { - return unauthAttrs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * AuthenticatedData ::= SEQUENCE {
-     *       version CMSVersion,
-     *       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-     *       recipientInfos RecipientInfos,
-     *       macAlgorithm MessageAuthenticationCodeAlgorithm,
-     *       digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
-     *       encapContentInfo EncapsulatedContentInfo,
-     *       authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
-     *       mac MessageAuthenticationCode,
-     *       unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
-     *
-     * AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
-     *
-     * UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
-     *
-     * MessageAuthenticationCode ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (originatorInfo != null) - { - v.add(new DERTaggedObject(false, 0, originatorInfo)); - } - - v.add(recipientInfos); - v.add(macAlgorithm); - - if (digestAlgorithm != null) - { - v.add(new DERTaggedObject(false, 1, digestAlgorithm)); - } - - v.add(encapsulatedContentInfo); - - if (authAttrs != null) - { - v.add(new DERTaggedObject(false, 2, authAttrs)); - } - - v.add(mac); - - if (unauthAttrs != null) - { - v.add(new DERTaggedObject(false, 3, unauthAttrs)); - } - - return new BERSequence(v); - } - - public static int calculateVersion(OriginatorInfo origInfo) - { - if (origInfo == null) - { - return 0; - } - else - { - int ver = 0; - - for (Enumeration e = origInfo.getCertificates().getObjects(); e.hasMoreElements();) - { - Object obj = e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tag = (ASN1TaggedObject)obj; - - if (tag.getTagNo() == 2) - { - ver = 1; - } - else if (tag.getTagNo() == 3) - { - ver = 3; - break; - } - } - } - - for (Enumeration e = origInfo.getCRLs().getObjects(); e.hasMoreElements();) - { - Object obj = e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tag = (ASN1TaggedObject)obj; - - if (tag.getTagNo() == 1) - { - ver = 3; - break; - } - } - } - - return ver; - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedDataParser.java deleted file mode 100644 index 77b171d69..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/AuthenticatedDataParser.java +++ /dev/null @@ -1,197 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1TaggedObjectParser; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERTags; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * Produce an object suitable for an ASN1OutputStream. - * 
- * AuthenticatedData ::= SEQUENCE {
- *       version CMSVersion,
- *       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- *       recipientInfos RecipientInfos,
- *       macAlgorithm MessageAuthenticationCodeAlgorithm,
- *       digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
- *       encapContentInfo EncapsulatedContentInfo,
- *       authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
- *       mac MessageAuthenticationCode,
- *       unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
- *
- * AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
- *
- * UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
- *
- * MessageAuthenticationCode ::= OCTET STRING
- *
- */ -public class AuthenticatedDataParser -{ - private ASN1SequenceParser seq; - private DERInteger version; - private DEREncodable nextObject; - private boolean originatorInfoCalled; - - public AuthenticatedDataParser( - ASN1SequenceParser seq) - throws IOException - { - this.seq = seq; - this.version = (DERInteger)seq.readObject(); - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorInfo getOriginatorInfo() - throws IOException - { - originatorInfoCalled = true; - - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject instanceof ASN1TaggedObjectParser && ((ASN1TaggedObjectParser)nextObject).getTagNo() == 0) - { - ASN1SequenceParser originatorInfo = (ASN1SequenceParser) ((ASN1TaggedObjectParser)nextObject).getObjectParser(DERTags.SEQUENCE, false); - nextObject = null; - return OriginatorInfo.getInstance(originatorInfo.getDERObject()); - } - - return null; - } - - public ASN1SetParser getRecipientInfos() - throws IOException - { - if (!originatorInfoCalled) - { - getOriginatorInfo(); - } - - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - ASN1SetParser recipientInfos = (ASN1SetParser)nextObject; - nextObject = null; - return recipientInfos; - } - - public AlgorithmIdentifier getMacAlgorithm() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject != null) - { - ASN1SequenceParser o = (ASN1SequenceParser)nextObject; - nextObject = null; - return AlgorithmIdentifier.getInstance(o.getDERObject()); - } - - return null; - } - - public AlgorithmIdentifier getDigestAlgorithm() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject instanceof ASN1TaggedObjectParser) - { - AlgorithmIdentifier obj = AlgorithmIdentifier.getInstance((ASN1TaggedObject)nextObject.getDERObject(), false); - nextObject = null; - return obj; - } - - return null; - } - - public ContentInfoParser getEnapsulatedContentInfo() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject != null) - { - ASN1SequenceParser o = (ASN1SequenceParser)nextObject; - nextObject = null; - return new ContentInfoParser(o); - } - - return null; - } - - public ASN1SetParser getAuthAttrs() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject instanceof ASN1TaggedObjectParser) - { - DEREncodable o = nextObject; - nextObject = null; - return (ASN1SetParser)((ASN1TaggedObjectParser)o).getObjectParser(DERTags.SET, false); - } - - return null; - } - - public ASN1OctetString getMac() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - DEREncodable o = nextObject; - nextObject = null; - - return ASN1OctetString.getInstance(o.getDERObject()); - } - - public ASN1SetParser getUnauthAttrs() - throws IOException - { - if (nextObject == null) - { - nextObject = seq.readObject(); - } - - if (nextObject != null) - { - DEREncodable o = nextObject; - nextObject = null; - return (ASN1SetParser)((ASN1TaggedObjectParser)o).getObjectParser(DERTags.SET, false); - } - - return null; - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java deleted file mode 100644 index 5e9732483..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CMSAttributes -{ - public static final ASN1ObjectIdentifier contentType = PKCSObjectIdentifiers.pkcs_9_at_contentType; - public static final ASN1ObjectIdentifier messageDigest = PKCSObjectIdentifiers.pkcs_9_at_messageDigest; - public static final ASN1ObjectIdentifier signingTime = PKCSObjectIdentifiers.pkcs_9_at_signingTime; - public static final ASN1ObjectIdentifier counterSignature = PKCSObjectIdentifiers.pkcs_9_at_counterSignature; - public static final ASN1ObjectIdentifier contentHint = PKCSObjectIdentifiers.id_aa_contentHint; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java deleted file mode 100644 index e8f454180..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CMSObjectIdentifiers -{ - static final ASN1ObjectIdentifier data = PKCSObjectIdentifiers.data; - static final ASN1ObjectIdentifier signedData = PKCSObjectIdentifiers.signedData; - static final ASN1ObjectIdentifier envelopedData = PKCSObjectIdentifiers.envelopedData; - static final ASN1ObjectIdentifier signedAndEnvelopedData = PKCSObjectIdentifiers.signedAndEnvelopedData; - static final ASN1ObjectIdentifier digestedData = PKCSObjectIdentifiers.digestedData; - static final ASN1ObjectIdentifier encryptedData = PKCSObjectIdentifiers.encryptedData; - static final ASN1ObjectIdentifier authenticatedData = PKCSObjectIdentifiers.id_ct_authData; - static final ASN1ObjectIdentifier compressedData = PKCSObjectIdentifiers.id_ct_compressedData; - static final ASN1ObjectIdentifier authEnvelopedData = PKCSObjectIdentifiers.id_ct_authEnvelopedData; - static final ASN1ObjectIdentifier timestampedData = PKCSObjectIdentifiers.id_ct_timestampedData; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java deleted file mode 100644 index 233105908..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * RFC 3274 - CMS Compressed Data. - * 
- * CompressedData ::= SEQUENCE {
- *  version CMSVersion,
- *  compressionAlgorithm CompressionAlgorithmIdentifier,
- *  encapContentInfo EncapsulatedContentInfo
- * }
- *
- */ -public class CompressedData - extends ASN1Encodable -{ - private DERInteger version; - private AlgorithmIdentifier compressionAlgorithm; - private ContentInfo encapContentInfo; - - public CompressedData( - AlgorithmIdentifier compressionAlgorithm, - ContentInfo encapContentInfo) - { - this.version = new DERInteger(0); - this.compressionAlgorithm = compressionAlgorithm; - this.encapContentInfo = encapContentInfo; - } - - public CompressedData( - ASN1Sequence seq) - { - this.version = (DERInteger)seq.getObjectAt(0); - this.compressionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - this.encapContentInfo = ContentInfo.getInstance(seq.getObjectAt(2)); - - } - - /** - * return a CompressedData object from a tagged object. - * - * @param _ato the tagged object holding the object we want. - * @param _explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static CompressedData getInstance( - ASN1TaggedObject _ato, - boolean _explicit) - { - return getInstance(ASN1Sequence.getInstance(_ato, _explicit)); - } - - /** - * return a CompressedData object from the given object. - * - * @param _obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static CompressedData getInstance( - Object _obj) - { - if (_obj == null || _obj instanceof CompressedData) - { - return (CompressedData)_obj; - } - - if (_obj instanceof ASN1Sequence) - { - return new CompressedData((ASN1Sequence)_obj); - } - - throw new IllegalArgumentException("Invalid CompressedData: " + _obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public AlgorithmIdentifier getCompressionAlgorithmIdentifier() - { - return compressionAlgorithm; - } - - public ContentInfo getEncapContentInfo() - { - return encapContentInfo; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(compressionAlgorithm); - v.add(encapContentInfo); - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedDataParser.java deleted file mode 100644 index 9a0edf2c9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/CompressedDataParser.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.ASN1SequenceParser; - -import java.io.IOException; - -/** - * RFC 3274 - CMS Compressed Data. - * 
- * CompressedData ::= SEQUENCE {
- *  version CMSVersion,
- *  compressionAlgorithm CompressionAlgorithmIdentifier,
- *  encapContentInfo EncapsulatedContentInfo
- * }
- *
- */ -public class CompressedDataParser -{ - private DERInteger _version; - private AlgorithmIdentifier _compressionAlgorithm; - private ContentInfoParser _encapContentInfo; - - public CompressedDataParser( - ASN1SequenceParser seq) - throws IOException - { - this._version = (DERInteger)seq.readObject(); - this._compressionAlgorithm = AlgorithmIdentifier.getInstance(seq.readObject().getDERObject()); - this._encapContentInfo = new ContentInfoParser((ASN1SequenceParser)seq.readObject()); - } - - public DERInteger getVersion() - { - return _version; - } - - public AlgorithmIdentifier getCompressionAlgorithmIdentifier() - { - return _compressionAlgorithm; - } - - public ContentInfoParser getEncapContentInfo() - { - return _encapContentInfo; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java deleted file mode 100644 index b8449da32..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; - -public class ContentInfo - extends ASN1Encodable - implements CMSObjectIdentifiers -{ - private ASN1ObjectIdentifier contentType; - private DEREncodable content; - - public static ContentInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof ContentInfo) - { - return (ContentInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ContentInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public ContentInfo( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - contentType = (ASN1ObjectIdentifier)seq.getObjectAt(0); - - if (seq.size() > 1) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)seq.getObjectAt(1); - if (!tagged.isExplicit() || tagged.getTagNo() != 0) - { - throw new IllegalArgumentException("Bad tag for 'content'"); - } - - content = tagged.getObject(); - } - } - - public ContentInfo( - ASN1ObjectIdentifier contentType, - DEREncodable content) - { - this.contentType = contentType; - this.content = content; - } - - public ASN1ObjectIdentifier getContentType() - { - return contentType; - } - - public DEREncodable getContent() - { - return content; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * ContentInfo ::= SEQUENCE {
-     *          contentType ContentType,
-     *          content
-     *          [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - - if (content != null) - { - v.add(new BERTaggedObject(0, content)); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfoParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfoParser.java deleted file mode 100644 index aaaf9170f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ContentInfoParser.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1TaggedObjectParser; -import org.bouncycastle.asn1.DEREncodable; - -/** - * Produce an object suitable for an ASN1OutputStream. - * 
- * ContentInfo ::= SEQUENCE {
- *          contentType ContentType,
- *          content
- *          [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
- *
- */ -public class ContentInfoParser -{ - private ASN1ObjectIdentifier contentType; - private ASN1TaggedObjectParser content; - - public ContentInfoParser( - ASN1SequenceParser seq) - throws IOException - { - contentType = (ASN1ObjectIdentifier)seq.readObject(); - content = (ASN1TaggedObjectParser)seq.readObject(); - } - - public ASN1ObjectIdentifier getContentType() - { - return contentType; - } - - public DEREncodable getContent( - int tag) - throws IOException - { - if (content != null) - { - return content.getObjectParser(tag, true); - } - - return null; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java deleted file mode 100644 index 22ac83952..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptedContentInfo - extends ASN1Encodable -{ - private DERObjectIdentifier contentType; - private AlgorithmIdentifier contentEncryptionAlgorithm; - private ASN1OctetString encryptedContent; - - public EncryptedContentInfo( - DERObjectIdentifier contentType, - AlgorithmIdentifier contentEncryptionAlgorithm, - ASN1OctetString encryptedContent) - { - this.contentType = contentType; - this.contentEncryptionAlgorithm = contentEncryptionAlgorithm; - this.encryptedContent = encryptedContent; - } - - public EncryptedContentInfo( - ASN1Sequence seq) - { - contentType = (DERObjectIdentifier)seq.getObjectAt(0); - contentEncryptionAlgorithm = AlgorithmIdentifier.getInstance( - seq.getObjectAt(1)); - if (seq.size() > 2) - { - encryptedContent = ASN1OctetString.getInstance( - (ASN1TaggedObject)seq.getObjectAt(2), false); - } - } - - /** - * return an EncryptedContentInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static EncryptedContentInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof EncryptedContentInfo) - { - return (EncryptedContentInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new EncryptedContentInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid EncryptedContentInfo: " - + obj.getClass().getName()); - } - - public DERObjectIdentifier getContentType() - { - return contentType; - } - - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return contentEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedContent() - { - return encryptedContent; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * EncryptedContentInfo ::= SEQUENCE {
-     *     contentType ContentType,
-     *     contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
-     *     encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - v.add(contentEncryptionAlgorithm); - - if (encryptedContent != null) - { - v.add(new BERTaggedObject(false, 0, encryptedContent)); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfoParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfoParser.java deleted file mode 100644 index ce6206dc3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfoParser.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1TaggedObjectParser; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * 
- * EncryptedContentInfo ::= SEQUENCE {
- *     contentType ContentType,
- *     contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
- *     encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL 
- * }
- *
- */ -public class EncryptedContentInfoParser -{ - private DERObjectIdentifier _contentType; - private AlgorithmIdentifier _contentEncryptionAlgorithm; - private ASN1TaggedObjectParser _encryptedContent; - - public EncryptedContentInfoParser( - ASN1SequenceParser seq) - throws IOException - { - _contentType = (DERObjectIdentifier)seq.readObject(); - _contentEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.readObject().getDERObject()); - _encryptedContent = (ASN1TaggedObjectParser)seq.readObject(); - } - - public DERObjectIdentifier getContentType() - { - return _contentType; - } - - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return _contentEncryptionAlgorithm; - } - - public DEREncodable getEncryptedContent( - int tag) - throws IOException - { - return _encryptedContent.getObjectParser(tag, false); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java deleted file mode 100644 index d98d02ae4..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -public class EncryptedData - extends ASN1Encodable -{ - private DERInteger version; - private EncryptedContentInfo encryptedContentInfo; - private ASN1Set unprotectedAttrs; - - public static EncryptedData getInstance(Object o) - { - if (o instanceof EncryptedData) - { - return (EncryptedData)o; - } - - if (o instanceof ASN1Sequence) - { - return new EncryptedData((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid EncryptedData: " + o.getClass().getName()); - } - - public EncryptedData(EncryptedContentInfo encInfo) - { - this(encInfo, null); - } - - public EncryptedData(EncryptedContentInfo encInfo, ASN1Set unprotectedAttrs) - { - this.version = new DERInteger((unprotectedAttrs == null) ? 0 : 2); - this.encryptedContentInfo = encInfo; - this.unprotectedAttrs = unprotectedAttrs; - } - - private EncryptedData(ASN1Sequence seq) - { - this.version = DERInteger.getInstance(seq.getObjectAt(0)); - this.encryptedContentInfo = EncryptedContentInfo.getInstance(seq.getObjectAt(1)); - - if (seq.size() == 3) - { - this.unprotectedAttrs = ASN1Set.getInstance(seq.getObjectAt(2)); - } - } - - public DERInteger getVersion() - { - return version; - } - - public EncryptedContentInfo getEncryptedContentInfo() - { - return encryptedContentInfo; - } - - public ASN1Set getUnprotectedAttrs() - { - return unprotectedAttrs; - } - - /** - * 
-     *       EncryptedData ::= SEQUENCE {
-     *                     version CMSVersion,
-     *                     encryptedContentInfo EncryptedContentInfo,
-     *                     unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(encryptedContentInfo); - if (unprotectedAttrs != null) - { - v.add(new BERTaggedObject(false, 1, unprotectedAttrs)); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java deleted file mode 100644 index f4ac42c38..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java +++ /dev/null @@ -1,179 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class EnvelopedData - extends ASN1Encodable -{ - private DERInteger version; - private OriginatorInfo originatorInfo; - private ASN1Set recipientInfos; - private EncryptedContentInfo encryptedContentInfo; - private ASN1Set unprotectedAttrs; - - public EnvelopedData( - OriginatorInfo originatorInfo, - ASN1Set recipientInfos, - EncryptedContentInfo encryptedContentInfo, - ASN1Set unprotectedAttrs) - { - if (originatorInfo != null || unprotectedAttrs != null) - { - version = new DERInteger(2); - } - else - { - version = new DERInteger(0); - - Enumeration e = recipientInfos.getObjects(); - - while (e.hasMoreElements()) - { - RecipientInfo ri = RecipientInfo.getInstance(e.nextElement()); - - if (!ri.getVersion().equals(version)) - { - version = new DERInteger(2); - break; - } - } - } - - this.originatorInfo = originatorInfo; - this.recipientInfos = recipientInfos; - this.encryptedContentInfo = encryptedContentInfo; - this.unprotectedAttrs = unprotectedAttrs; - } - - public EnvelopedData( - ASN1Sequence seq) - { - int index = 0; - - version = (DERInteger)seq.getObjectAt(index++); - - Object tmp = seq.getObjectAt(index++); - - if (tmp instanceof ASN1TaggedObject) - { - originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++); - } - - recipientInfos = ASN1Set.getInstance(tmp); - - encryptedContentInfo = EncryptedContentInfo.getInstance(seq.getObjectAt(index++)); - - if(seq.size() > index) - { - unprotectedAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false); - } - } - - /** - * return an EnvelopedData object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static EnvelopedData getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an EnvelopedData object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static EnvelopedData getInstance( - Object obj) - { - if (obj == null || obj instanceof EnvelopedData) - { - return (EnvelopedData)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new EnvelopedData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid EnvelopedData: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorInfo getOriginatorInfo() - { - return originatorInfo; - } - - public ASN1Set getRecipientInfos() - { - return recipientInfos; - } - - public EncryptedContentInfo getEncryptedContentInfo() - { - return encryptedContentInfo; - } - - public ASN1Set getUnprotectedAttrs() - { - return unprotectedAttrs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * EnvelopedData ::= SEQUENCE {
-     *     version CMSVersion,
-     *     originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-     *     recipientInfos RecipientInfos,
-     *     encryptedContentInfo EncryptedContentInfo,
-     *     unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (originatorInfo != null) - { - v.add(new DERTaggedObject(false, 0, originatorInfo)); - } - - v.add(recipientInfos); - v.add(encryptedContentInfo); - - if (unprotectedAttrs != null) - { - v.add(new DERTaggedObject(false, 1, unprotectedAttrs)); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedDataParser.java deleted file mode 100644 index 109bc05c9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/EnvelopedDataParser.java +++ /dev/null @@ -1,118 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.ASN1TaggedObjectParser; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERTags; - -import java.io.IOException; - -/** - * 
- * EnvelopedData ::= SEQUENCE {
- *     version CMSVersion,
- *     originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- *     recipientInfos RecipientInfos,
- *     encryptedContentInfo EncryptedContentInfo,
- *     unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL 
- * }
- *
- */ -public class EnvelopedDataParser -{ - private ASN1SequenceParser _seq; - private DERInteger _version; - private DEREncodable _nextObject; - private boolean _originatorInfoCalled; - - public EnvelopedDataParser( - ASN1SequenceParser seq) - throws IOException - { - this._seq = seq; - this._version = (DERInteger)seq.readObject(); - } - - public DERInteger getVersion() - { - return _version; - } - - public OriginatorInfo getOriginatorInfo() - throws IOException - { - _originatorInfoCalled = true; - - if (_nextObject == null) - { - _nextObject = _seq.readObject(); - } - - if (_nextObject instanceof ASN1TaggedObjectParser && ((ASN1TaggedObjectParser)_nextObject).getTagNo() == 0) - { - ASN1SequenceParser originatorInfo = (ASN1SequenceParser) ((ASN1TaggedObjectParser)_nextObject).getObjectParser(DERTags.SEQUENCE, false); - _nextObject = null; - return OriginatorInfo.getInstance(originatorInfo.getDERObject()); - } - - return null; - } - - public ASN1SetParser getRecipientInfos() - throws IOException - { - if (!_originatorInfoCalled) - { - getOriginatorInfo(); - } - - if (_nextObject == null) - { - _nextObject = _seq.readObject(); - } - - ASN1SetParser recipientInfos = (ASN1SetParser)_nextObject; - _nextObject = null; - return recipientInfos; - } - - public EncryptedContentInfoParser getEncryptedContentInfo() - throws IOException - { - if (_nextObject == null) - { - _nextObject = _seq.readObject(); - } - - - if (_nextObject != null) - { - ASN1SequenceParser o = (ASN1SequenceParser) _nextObject; - _nextObject = null; - return new EncryptedContentInfoParser(o); - } - - return null; - } - - public ASN1SetParser getUnprotectedAttrs() - throws IOException - { - if (_nextObject == null) - { - _nextObject = _seq.readObject(); - } - - - if (_nextObject != null) - { - DEREncodable o = _nextObject; - _nextObject = null; - return (ASN1SetParser)((ASN1TaggedObjectParser)o).getObjectParser(DERTags.SET, false); - } - - return null; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Evidence.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Evidence.java deleted file mode 100644 index 735e70109..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Evidence.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class Evidence - extends ASN1Encodable - implements ASN1Choice -{ - private TimeStampTokenEvidence tstEvidence; - - public Evidence(TimeStampTokenEvidence tstEvidence) - { - this.tstEvidence = tstEvidence; - } - - private Evidence(ASN1TaggedObject tagged) - { - if (tagged.getTagNo() == 0) - { - this.tstEvidence = TimeStampTokenEvidence.getInstance(tagged, false); - } - } - - public static Evidence getInstance(Object obj) - { - if (obj instanceof Evidence) - { - return (Evidence)obj; - } - else if (obj instanceof ASN1TaggedObject) - { - return new Evidence(ASN1TaggedObject.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public TimeStampTokenEvidence getTstEvidence() - { - return tstEvidence; - } - - public DERObject toASN1Object() - { - if (tstEvidence != null) - { - return new DERTaggedObject(false, 0, tstEvidence); - } - - return null; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java deleted file mode 100644 index e31c1c583..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.X509Name; - -public class IssuerAndSerialNumber - extends ASN1Encodable -{ - private X500Name name; - private DERInteger serialNumber; - - public static IssuerAndSerialNumber getInstance( - Object obj) - { - if (obj instanceof IssuerAndSerialNumber) - { - return (IssuerAndSerialNumber)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new IssuerAndSerialNumber((ASN1Sequence)obj); - } - - throw new IllegalArgumentException( - "Illegal object in IssuerAndSerialNumber: " + obj.getClass().getName()); - } - - public IssuerAndSerialNumber( - ASN1Sequence seq) - { - this.name = X500Name.getInstance(seq.getObjectAt(0)); - this.serialNumber = (DERInteger)seq.getObjectAt(1); - } - - public IssuerAndSerialNumber( - X500Name name, - BigInteger serialNumber) - { - this.name = name; - this.serialNumber = new DERInteger(serialNumber); - } - - /** - * @deprecated use X500Name constructor - */ - public IssuerAndSerialNumber( - X509Name name, - BigInteger serialNumber) - { - this.name = X500Name.getInstance(name); - this.serialNumber = new DERInteger(serialNumber); - } - - /** - * @deprecated use X500Name constructor - */ - public IssuerAndSerialNumber( - X509Name name, - DERInteger serialNumber) - { - this.name = X500Name.getInstance(name); - this.serialNumber = serialNumber; - } - - public X500Name getName() - { - return name; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(name); - v.add(serialNumber); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java deleted file mode 100644 index 708487ef5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class KEKIdentifier - extends ASN1Encodable -{ - private ASN1OctetString keyIdentifier; - private DERGeneralizedTime date; - private OtherKeyAttribute other; - - public KEKIdentifier( - byte[] keyIdentifier, - DERGeneralizedTime date, - OtherKeyAttribute other) - { - this.keyIdentifier = new DEROctetString(keyIdentifier); - this.date = date; - this.other = other; - } - - public KEKIdentifier( - ASN1Sequence seq) - { - keyIdentifier = (ASN1OctetString)seq.getObjectAt(0); - - switch (seq.size()) - { - case 1: - break; - case 2: - if (seq.getObjectAt(1) instanceof DERGeneralizedTime) - { - date = (DERGeneralizedTime)seq.getObjectAt(1); - } - else - { - other = OtherKeyAttribute.getInstance(seq.getObjectAt(1)); - } - break; - case 3: - date = (DERGeneralizedTime)seq.getObjectAt(1); - other = OtherKeyAttribute.getInstance(seq.getObjectAt(2)); - break; - default: - throw new IllegalArgumentException("Invalid KEKIdentifier"); - } - } - - /** - * return a KEKIdentifier object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KEKIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a KEKIdentifier object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KEKIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof KEKIdentifier) - { - return (KEKIdentifier)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new KEKIdentifier((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid KEKIdentifier: " + obj.getClass().getName()); - } - - public ASN1OctetString getKeyIdentifier() - { - return keyIdentifier; - } - - public DERGeneralizedTime getDate() - { - return date; - } - - public OtherKeyAttribute getOther() - { - return other; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * KEKIdentifier ::= SEQUENCE {
-     *     keyIdentifier OCTET STRING,
-     *     date GeneralizedTime OPTIONAL,
-     *     other OtherKeyAttribute OPTIONAL 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(keyIdentifier); - - if (date != null) - { - v.add(date); - } - - if (other != null) - { - v.add(other); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java deleted file mode 100644 index ddbcf134b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KEKRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private KEKIdentifier kekid; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1OctetString encryptedKey; - - public KEKRecipientInfo( - KEKIdentifier kekid, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - this.version = new DERInteger(4); - this.kekid = kekid; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public KEKRecipientInfo( - ASN1Sequence seq) - { - version = (DERInteger)seq.getObjectAt(0); - kekid = KEKIdentifier.getInstance(seq.getObjectAt(1)); - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(2)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(3); - } - - /** - * return a KEKRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KEKRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a KEKRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KEKRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof KEKRecipientInfo) - { - return (KEKRecipientInfo)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new KEKRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid KEKRecipientInfo: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public KEKIdentifier getKekid() - { - return kekid; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * KEKRecipientInfo ::= SEQUENCE {
-     *     version CMSVersion,  -- always set to 4
-     *     kekid KEKIdentifier,
-     *     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-     *     encryptedKey EncryptedKey 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(kekid); - v.add(keyEncryptionAlgorithm); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java deleted file mode 100644 index 09af57b77..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class KeyAgreeRecipientIdentifier - extends ASN1Encodable - implements ASN1Choice -{ - private IssuerAndSerialNumber issuerSerial; - private RecipientKeyIdentifier rKeyID; - - /** - * return an KeyAgreeRecipientIdentifier object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KeyAgreeRecipientIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an KeyAgreeRecipientIdentifier object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KeyAgreeRecipientIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof KeyAgreeRecipientIdentifier) - { - return (KeyAgreeRecipientIdentifier)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new KeyAgreeRecipientIdentifier(IssuerAndSerialNumber.getInstance(obj)); - } - - if (obj instanceof ASN1TaggedObject && ((ASN1TaggedObject)obj).getTagNo() == 0) - { - return new KeyAgreeRecipientIdentifier(RecipientKeyIdentifier.getInstance( - (ASN1TaggedObject)obj, false)); - } - - throw new IllegalArgumentException("Invalid KeyAgreeRecipientIdentifier: " + obj.getClass().getName()); - } - - public KeyAgreeRecipientIdentifier( - IssuerAndSerialNumber issuerSerial) - { - this.issuerSerial = issuerSerial; - this.rKeyID = null; - } - - public KeyAgreeRecipientIdentifier( - RecipientKeyIdentifier rKeyID) - { - this.issuerSerial = null; - this.rKeyID = rKeyID; - } - - public IssuerAndSerialNumber getIssuerAndSerialNumber() - { - return issuerSerial; - } - - public RecipientKeyIdentifier getRKeyID() - { - return rKeyID; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * KeyAgreeRecipientIdentifier ::= CHOICE {
-     *     issuerAndSerialNumber IssuerAndSerialNumber,
-     *     rKeyId [0] IMPLICIT RecipientKeyIdentifier
-     * }
-     *
- */ - public DERObject toASN1Object() - { - if (issuerSerial != null) - { - return issuerSerial.toASN1Object(); - } - - return new DERTaggedObject(false, 0, rKeyID); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java deleted file mode 100644 index 550816cf6..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java +++ /dev/null @@ -1,153 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KeyAgreeRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private OriginatorIdentifierOrKey originator; - private ASN1OctetString ukm; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1Sequence recipientEncryptedKeys; - - public KeyAgreeRecipientInfo( - OriginatorIdentifierOrKey originator, - ASN1OctetString ukm, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1Sequence recipientEncryptedKeys) - { - this.version = new DERInteger(3); - this.originator = originator; - this.ukm = ukm; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.recipientEncryptedKeys = recipientEncryptedKeys; - } - - public KeyAgreeRecipientInfo( - ASN1Sequence seq) - { - int index = 0; - - version = (DERInteger)seq.getObjectAt(index++); - originator = OriginatorIdentifierOrKey.getInstance( - (ASN1TaggedObject)seq.getObjectAt(index++), true); - - if (seq.getObjectAt(index) instanceof ASN1TaggedObject) - { - ukm = ASN1OctetString.getInstance( - (ASN1TaggedObject)seq.getObjectAt(index++), true); - } - - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance( - seq.getObjectAt(index++)); - - recipientEncryptedKeys = (ASN1Sequence)seq.getObjectAt(index++); - } - - /** - * return a KeyAgreeRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KeyAgreeRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a KeyAgreeRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KeyAgreeRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof KeyAgreeRecipientInfo) - { - return (KeyAgreeRecipientInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new KeyAgreeRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException( - "Illegal object in KeyAgreeRecipientInfo: " + obj.getClass().getName()); - - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorIdentifierOrKey getOriginator() - { - return originator; - } - - public ASN1OctetString getUserKeyingMaterial() - { - return ukm; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1Sequence getRecipientEncryptedKeys() - { - return recipientEncryptedKeys; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * KeyAgreeRecipientInfo ::= SEQUENCE {
-     *     version CMSVersion,  -- always set to 3
-     *     originator [0] EXPLICIT OriginatorIdentifierOrKey,
-     *     ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
-     *     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-     *     recipientEncryptedKeys RecipientEncryptedKeys 
-     * }
-     *
-     * UserKeyingMaterial ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(new DERTaggedObject(true, 0, originator)); - - if (ukm != null) - { - v.add(new DERTaggedObject(true, 1, ukm)); - } - - v.add(keyEncryptionAlgorithm); - v.add(recipientEncryptedKeys); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java deleted file mode 100644 index 70553b74e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KeyTransRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private RecipientIdentifier rid; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1OctetString encryptedKey; - - public KeyTransRecipientInfo( - RecipientIdentifier rid, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - if (rid.getDERObject() instanceof ASN1TaggedObject) - { - this.version = new DERInteger(2); - } - else - { - this.version = new DERInteger(0); - } - - this.rid = rid; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public KeyTransRecipientInfo( - ASN1Sequence seq) - { - this.version = (DERInteger)seq.getObjectAt(0); - this.rid = RecipientIdentifier.getInstance(seq.getObjectAt(1)); - this.keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(2)); - this.encryptedKey = (ASN1OctetString)seq.getObjectAt(3); - } - - /** - * return a KeyTransRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KeyTransRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof KeyTransRecipientInfo) - { - return (KeyTransRecipientInfo)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new KeyTransRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException( - "Illegal object in KeyTransRecipientInfo: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public RecipientIdentifier getRecipientIdentifier() - { - return rid; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * KeyTransRecipientInfo ::= SEQUENCE {
-     *     version CMSVersion,  -- always set to 0 or 2
-     *     rid RecipientIdentifier,
-     *     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-     *     encryptedKey EncryptedKey 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(rid); - v.add(keyEncryptionAlgorithm); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/MetaData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/MetaData.java deleted file mode 100644 index e60a297c3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/MetaData.java +++ /dev/null @@ -1,120 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; - -public class MetaData - extends ASN1Encodable -{ - private DERBoolean hashProtected; - private DERUTF8String fileName; - private DERIA5String mediaType; - private Attributes otherMetaData; - - public MetaData( - DERBoolean hashProtected, - DERUTF8String fileName, - DERIA5String mediaType, - Attributes otherMetaData) - { - this.hashProtected = hashProtected; - this.fileName = fileName; - this.mediaType = mediaType; - this.otherMetaData = otherMetaData; - } - - private MetaData(ASN1Sequence seq) - { - this.hashProtected = DERBoolean.getInstance(seq.getObjectAt(0)); - - int index = 1; - - if (index < seq.size() && seq.getObjectAt(index) instanceof DERUTF8String) - { - this.fileName = DERUTF8String.getInstance(seq.getObjectAt(index++)); - } - if (index < seq.size() && seq.getObjectAt(index) instanceof DERIA5String) - { - this.mediaType = DERIA5String.getInstance(seq.getObjectAt(index++)); - } - if (index < seq.size()) - { - this.otherMetaData = Attributes.getInstance(seq.getObjectAt(index++)); - } - } - - public static MetaData getInstance(Object obj) - { - if (obj instanceof MetaData) - { - return (MetaData)obj; - } - else if (obj != null) - { - return new MetaData(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - /** - * 
-     * MetaData ::= SEQUENCE {
-     *   hashProtected        BOOLEAN,
-     *   fileName             UTF8String OPTIONAL,
-     *   mediaType            IA5String OPTIONAL,
-     *   otherMetaData        Attributes OPTIONAL
-     * }
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(hashProtected); - - if (fileName != null) - { - v.add(fileName); - } - - if (mediaType != null) - { - v.add(mediaType); - } - - if (otherMetaData != null) - { - v.add(otherMetaData); - } - - return new DERSequence(v); - } - - public boolean isHashProtected() - { - return hashProtected.isTrue(); - } - - public DERUTF8String getFileName() - { - return this.fileName; - } - - public DERIA5String getMediaType() - { - return this.mediaType; - } - - public Attributes getOtherMetaData() - { - return otherMetaData; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java deleted file mode 100644 index 6f4e62e6b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java +++ /dev/null @@ -1,165 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; - -public class OriginatorIdentifierOrKey - extends ASN1Encodable - implements ASN1Choice -{ - private DEREncodable id; - - public OriginatorIdentifierOrKey( - IssuerAndSerialNumber id) - { - this.id = id; - } - - /** - * @deprecated use version taking a SubjectKeyIdentifier - */ - public OriginatorIdentifierOrKey( - ASN1OctetString id) - { - this(new SubjectKeyIdentifier(id)); - } - - public OriginatorIdentifierOrKey( - SubjectKeyIdentifier id) - { - this.id = new DERTaggedObject(false, 0, id); - } - - public OriginatorIdentifierOrKey( - OriginatorPublicKey id) - { - this.id = new DERTaggedObject(false, 1, id); - } - - /** - * @deprecated use more specific version - */ - public OriginatorIdentifierOrKey( - DERObject id) - { - this.id = id; - } - - /** - * return an OriginatorIdentifierOrKey object from a tagged object. - * - * @param o the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OriginatorIdentifierOrKey getInstance( - ASN1TaggedObject o, - boolean explicit) - { - if (!explicit) - { - throw new IllegalArgumentException( - "Can't implicitly tag OriginatorIdentifierOrKey"); - } - - return getInstance(o.getObject()); - } - - /** - * return an OriginatorIdentifierOrKey object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OriginatorIdentifierOrKey getInstance( - Object o) - { - if (o == null || o instanceof OriginatorIdentifierOrKey) - { - return (OriginatorIdentifierOrKey)o; - } - - if (o instanceof IssuerAndSerialNumber) - { - return new OriginatorIdentifierOrKey((IssuerAndSerialNumber)o); - } - - if (o instanceof SubjectKeyIdentifier) - { - return new OriginatorIdentifierOrKey((SubjectKeyIdentifier)o); - } - - if (o instanceof OriginatorPublicKey) - { - return new OriginatorIdentifierOrKey((OriginatorPublicKey)o); - } - - if (o instanceof ASN1TaggedObject) - { - // TODO Add validation - return new OriginatorIdentifierOrKey((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("Invalid OriginatorIdentifierOrKey: " + o.getClass().getName()); - } - - public DEREncodable getId() - { - return id; - } - - public IssuerAndSerialNumber getIssuerAndSerialNumber() - { - if (id instanceof IssuerAndSerialNumber) - { - return (IssuerAndSerialNumber)id; - } - - return null; - } - - public SubjectKeyIdentifier getSubjectKeyIdentifier() - { - if (id instanceof ASN1TaggedObject && ((ASN1TaggedObject)id).getTagNo() == 0) - { - return SubjectKeyIdentifier.getInstance((ASN1TaggedObject)id, false); - } - - return null; - } - - public OriginatorPublicKey getOriginatorKey() - { - if (id instanceof ASN1TaggedObject && ((ASN1TaggedObject)id).getTagNo() == 1) - { - return OriginatorPublicKey.getInstance((ASN1TaggedObject)id, false); - } - - return null; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OriginatorIdentifierOrKey ::= CHOICE {
-     *     issuerAndSerialNumber IssuerAndSerialNumber,
-     *     subjectKeyIdentifier [0] SubjectKeyIdentifier,
-     *     originatorKey [1] OriginatorPublicKey 
-     * }
-     *
-     * SubjectKeyIdentifier ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - return id.getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java deleted file mode 100644 index 50d2edc68..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OriginatorInfo - extends ASN1Encodable -{ - private ASN1Set certs; - private ASN1Set crls; - - public OriginatorInfo( - ASN1Set certs, - ASN1Set crls) - { - this.certs = certs; - this.crls = crls; - } - - public OriginatorInfo( - ASN1Sequence seq) - { - switch (seq.size()) - { - case 0: // empty - break; - case 1: - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); - switch (o.getTagNo()) - { - case 0 : - certs = ASN1Set.getInstance(o, false); - break; - case 1 : - crls = ASN1Set.getInstance(o, false); - break; - default: - throw new IllegalArgumentException("Bad tag in OriginatorInfo: " + o.getTagNo()); - } - break; - case 2: - certs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(0), false); - crls = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false); - break; - default: - throw new IllegalArgumentException("OriginatorInfo too big"); - } - } - - /** - * return an OriginatorInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OriginatorInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an OriginatorInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OriginatorInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof OriginatorInfo) - { - return (OriginatorInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new OriginatorInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid OriginatorInfo: " + obj.getClass().getName()); - } - - public ASN1Set getCertificates() - { - return certs; - } - - public ASN1Set getCRLs() - { - return crls; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OriginatorInfo ::= SEQUENCE {
-     *     certs [0] IMPLICIT CertificateSet OPTIONAL,
-     *     crls [1] IMPLICIT CertificateRevocationLists OPTIONAL 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (certs != null) - { - v.add(new DERTaggedObject(false, 0, certs)); - } - - if (crls != null) - { - v.add(new DERTaggedObject(false, 1, crls)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java deleted file mode 100644 index 826761d92..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - - -public class OriginatorPublicKey - extends ASN1Encodable -{ - private AlgorithmIdentifier algorithm; - private DERBitString publicKey; - - public OriginatorPublicKey( - AlgorithmIdentifier algorithm, - byte[] publicKey) - { - this.algorithm = algorithm; - this.publicKey = new DERBitString(publicKey); - } - - public OriginatorPublicKey( - ASN1Sequence seq) - { - algorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - publicKey = (DERBitString)seq.getObjectAt(1); - } - - /** - * return an OriginatorPublicKey object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OriginatorPublicKey getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an OriginatorPublicKey object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OriginatorPublicKey getInstance( - Object obj) - { - if (obj == null || obj instanceof OriginatorPublicKey) - { - return (OriginatorPublicKey)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new OriginatorPublicKey((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid OriginatorPublicKey: " + obj.getClass().getName()); - } - - public AlgorithmIdentifier getAlgorithm() - { - return algorithm; - } - - public DERBitString getPublicKey() - { - return publicKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OriginatorPublicKey ::= SEQUENCE {
-     *     algorithm AlgorithmIdentifier,
-     *     publicKey BIT STRING 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algorithm); - v.add(publicKey); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java deleted file mode 100644 index 9b3a5d5d5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class OtherKeyAttribute - extends ASN1Encodable -{ - private DERObjectIdentifier keyAttrId; - private DEREncodable keyAttr; - - /** - * return an OtherKeyAttribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OtherKeyAttribute getInstance( - Object o) - { - if (o == null || o instanceof OtherKeyAttribute) - { - return (OtherKeyAttribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new OtherKeyAttribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public OtherKeyAttribute( - ASN1Sequence seq) - { - keyAttrId = (DERObjectIdentifier)seq.getObjectAt(0); - keyAttr = seq.getObjectAt(1); - } - - public OtherKeyAttribute( - DERObjectIdentifier keyAttrId, - DEREncodable keyAttr) - { - this.keyAttrId = keyAttrId; - this.keyAttr = keyAttr; - } - - public DERObjectIdentifier getKeyAttrId() - { - return keyAttrId; - } - - public DEREncodable getKeyAttr() - { - return keyAttr; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OtherKeyAttribute ::= SEQUENCE {
-     *     keyAttrId OBJECT IDENTIFIER,
-     *     keyAttr ANY DEFINED BY keyAttrId OPTIONAL
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(keyAttrId); - v.add(keyAttr); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java deleted file mode 100644 index f1c69583e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class OtherRecipientInfo - extends ASN1Encodable -{ - private DERObjectIdentifier oriType; - private DEREncodable oriValue; - - public OtherRecipientInfo( - DERObjectIdentifier oriType, - DEREncodable oriValue) - { - this.oriType = oriType; - this.oriValue = oriValue; - } - - public OtherRecipientInfo( - ASN1Sequence seq) - { - oriType = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - oriValue = seq.getObjectAt(1); - } - - /** - * return a OtherRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OtherRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a OtherRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OtherRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof OtherRecipientInfo) - { - return (OtherRecipientInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new OtherRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid OtherRecipientInfo: " + obj.getClass().getName()); - } - - public DERObjectIdentifier getType() - { - return oriType; - } - - public DEREncodable getValue() - { - return oriValue; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OtherRecipientInfo ::= SEQUENCE {
-     *    oriType OBJECT IDENTIFIER,
-     *    oriValue ANY DEFINED BY oriType }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oriType); - v.add(oriValue); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java deleted file mode 100644 index 555a82022..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java +++ /dev/null @@ -1,143 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class PasswordRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private AlgorithmIdentifier keyDerivationAlgorithm; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1OctetString encryptedKey; - - public PasswordRecipientInfo( - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - this.version = new DERInteger(0); - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public PasswordRecipientInfo( - AlgorithmIdentifier keyDerivationAlgorithm, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - this.version = new DERInteger(0); - this.keyDerivationAlgorithm = keyDerivationAlgorithm; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public PasswordRecipientInfo( - ASN1Sequence seq) - { - version = (DERInteger)seq.getObjectAt(0); - if (seq.getObjectAt(1) instanceof ASN1TaggedObject) - { - keyDerivationAlgorithm = AlgorithmIdentifier.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false); - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(2)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(3); - } - else - { - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(2); - } - } - - /** - * return a PasswordRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static PasswordRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a PasswordRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static PasswordRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof PasswordRecipientInfo) - { - return (PasswordRecipientInfo)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new PasswordRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid PasswordRecipientInfo: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public AlgorithmIdentifier getKeyDerivationAlgorithm() - { - return keyDerivationAlgorithm; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * PasswordRecipientInfo ::= SEQUENCE {
-     *   version CMSVersion,   -- Always set to 0
-     *   keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
-     *                             OPTIONAL,
-     *  keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-     *  encryptedKey EncryptedKey }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (keyDerivationAlgorithm != null) - { - v.add(new DERTaggedObject(false, 0, keyDerivationAlgorithm)); - } - v.add(keyEncryptionAlgorithm); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientEncryptedKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientEncryptedKey.java deleted file mode 100644 index d87b0cd7d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientEncryptedKey.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - - -public class RecipientEncryptedKey - extends ASN1Encodable -{ - private KeyAgreeRecipientIdentifier identifier; - private ASN1OctetString encryptedKey; - - private RecipientEncryptedKey( - ASN1Sequence seq) - { - identifier = KeyAgreeRecipientIdentifier.getInstance(seq.getObjectAt(0)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(1); - } - - /** - * return an RecipientEncryptedKey object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static RecipientEncryptedKey getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a RecipientEncryptedKey object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static RecipientEncryptedKey getInstance( - Object obj) - { - if (obj == null || obj instanceof RecipientEncryptedKey) - { - return (RecipientEncryptedKey)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new RecipientEncryptedKey((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid RecipientEncryptedKey: " + obj.getClass().getName()); - } - - public RecipientEncryptedKey( - KeyAgreeRecipientIdentifier id, - ASN1OctetString encryptedKey) - { - this.identifier = id; - this.encryptedKey = encryptedKey; - } - - public KeyAgreeRecipientIdentifier getIdentifier() - { - return identifier; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * RecipientEncryptedKey ::= SEQUENCE {
-     *     rid KeyAgreeRecipientIdentifier,
-     *     encryptedKey EncryptedKey
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(identifier); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java deleted file mode 100644 index e756f346f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class RecipientIdentifier - extends ASN1Encodable - implements ASN1Choice -{ - private DEREncodable id; - - public RecipientIdentifier( - IssuerAndSerialNumber id) - { - this.id = id; - } - - public RecipientIdentifier( - ASN1OctetString id) - { - this.id = new DERTaggedObject(false, 0, id); - } - - public RecipientIdentifier( - DERObject id) - { - this.id = id; - } - - /** - * return a RecipientIdentifier object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static RecipientIdentifier getInstance( - Object o) - { - if (o == null || o instanceof RecipientIdentifier) - { - return (RecipientIdentifier)o; - } - - if (o instanceof IssuerAndSerialNumber) - { - return new RecipientIdentifier((IssuerAndSerialNumber)o); - } - - if (o instanceof ASN1OctetString) - { - return new RecipientIdentifier((ASN1OctetString)o); - } - - if (o instanceof DERObject) - { - return new RecipientIdentifier((DERObject)o); - } - - throw new IllegalArgumentException( - "Illegal object in RecipientIdentifier: " + o.getClass().getName()); - } - - public boolean isTagged() - { - return (id instanceof ASN1TaggedObject); - } - - public DEREncodable getId() - { - if (id instanceof ASN1TaggedObject) - { - return ASN1OctetString.getInstance((ASN1TaggedObject)id, false); - } - - return IssuerAndSerialNumber.getInstance(id); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * RecipientIdentifier ::= CHOICE {
-     *     issuerAndSerialNumber IssuerAndSerialNumber,
-     *     subjectKeyIdentifier [0] SubjectKeyIdentifier 
-     * }
-     *
-     * SubjectKeyIdentifier ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - return id.getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java deleted file mode 100644 index f2cde686f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java +++ /dev/null @@ -1,154 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class RecipientInfo - extends ASN1Encodable - implements ASN1Choice -{ - DEREncodable info; - - public RecipientInfo( - KeyTransRecipientInfo info) - { - this.info = info; - } - - public RecipientInfo( - KeyAgreeRecipientInfo info) - { - this.info = new DERTaggedObject(false, 1, info); - } - - public RecipientInfo( - KEKRecipientInfo info) - { - this.info = new DERTaggedObject(false, 2, info); - } - - public RecipientInfo( - PasswordRecipientInfo info) - { - this.info = new DERTaggedObject(false, 3, info); - } - - public RecipientInfo( - OtherRecipientInfo info) - { - this.info = new DERTaggedObject(false, 4, info); - } - - public RecipientInfo( - DERObject info) - { - this.info = info; - } - - public static RecipientInfo getInstance( - Object o) - { - if (o == null || o instanceof RecipientInfo) - { - return (RecipientInfo)o; - } - else if (o instanceof ASN1Sequence) - { - return new RecipientInfo((ASN1Sequence)o); - } - else if (o instanceof ASN1TaggedObject) - { - return new RecipientInfo((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("unknown object in factory: " - + o.getClass().getName()); - } - - public DERInteger getVersion() - { - if (info instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)info; - - switch (o.getTagNo()) - { - case 1: - return KeyAgreeRecipientInfo.getInstance(o, false).getVersion(); - case 2: - return getKEKInfo(o).getVersion(); - case 3: - return PasswordRecipientInfo.getInstance(o, false).getVersion(); - case 4: - return new DERInteger(0); // no syntax version for OtherRecipientInfo - default: - throw new IllegalStateException("unknown tag"); - } - } - - return KeyTransRecipientInfo.getInstance(info).getVersion(); - } - - public boolean isTagged() - { - return (info instanceof ASN1TaggedObject); - } - - public DEREncodable getInfo() - { - if (info instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)info; - - switch (o.getTagNo()) - { - case 1: - return KeyAgreeRecipientInfo.getInstance(o, false); - case 2: - return getKEKInfo(o); - case 3: - return PasswordRecipientInfo.getInstance(o, false); - case 4: - return OtherRecipientInfo.getInstance(o, false); - default: - throw new IllegalStateException("unknown tag"); - } - } - - return KeyTransRecipientInfo.getInstance(info); - } - - private KEKRecipientInfo getKEKInfo(ASN1TaggedObject o) - { - if (o.isExplicit()) - { // compatibilty with erroneous version - return KEKRecipientInfo.getInstance(o, true); - } - else - { - return KEKRecipientInfo.getInstance(o, false); - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * RecipientInfo ::= CHOICE {
-     *     ktri KeyTransRecipientInfo,
-     *     kari [1] KeyAgreeRecipientInfo,
-     *     kekri [2] KEKRecipientInfo,
-     *     pwri [3] PasswordRecipientInfo,
-     *     ori [4] OtherRecipientInfo }
-     *
- */ - public DERObject toASN1Object() - { - return info.getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java deleted file mode 100644 index 0f5bfd270..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java +++ /dev/null @@ -1,156 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class RecipientKeyIdentifier - extends ASN1Encodable -{ - private ASN1OctetString subjectKeyIdentifier; - private DERGeneralizedTime date; - private OtherKeyAttribute other; - - public RecipientKeyIdentifier( - ASN1OctetString subjectKeyIdentifier, - DERGeneralizedTime date, - OtherKeyAttribute other) - { - this.subjectKeyIdentifier = subjectKeyIdentifier; - this.date = date; - this.other = other; - } - - public RecipientKeyIdentifier( - byte[] subjectKeyIdentifier, - DERGeneralizedTime date, - OtherKeyAttribute other) - { - this.subjectKeyIdentifier = new DEROctetString(subjectKeyIdentifier); - this.date = date; - this.other = other; - } - - public RecipientKeyIdentifier( - byte[] subjectKeyIdentifier) - { - this(subjectKeyIdentifier, null, null); - } - - public RecipientKeyIdentifier( - ASN1Sequence seq) - { - subjectKeyIdentifier = ASN1OctetString.getInstance( - seq.getObjectAt(0)); - - switch(seq.size()) - { - case 1: - break; - case 2: - if (seq.getObjectAt(1) instanceof DERGeneralizedTime) - { - date = (DERGeneralizedTime)seq.getObjectAt(1); - } - else - { - other = OtherKeyAttribute.getInstance(seq.getObjectAt(2)); - } - break; - case 3: - date = (DERGeneralizedTime)seq.getObjectAt(1); - other = OtherKeyAttribute.getInstance(seq.getObjectAt(2)); - break; - default: - throw new IllegalArgumentException("Invalid RecipientKeyIdentifier"); - } - } - - /** - * return a RecipientKeyIdentifier object from a tagged object. - * - * @param _ato the tagged object holding the object we want. - * @param _explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static RecipientKeyIdentifier getInstance(ASN1TaggedObject _ato, boolean _explicit) - { - return getInstance(ASN1Sequence.getInstance(_ato, _explicit)); - } - - /** - * return a RecipientKeyIdentifier object from the given object. - * - * @param _obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static RecipientKeyIdentifier getInstance(Object _obj) - { - if(_obj == null || _obj instanceof RecipientKeyIdentifier) - { - return (RecipientKeyIdentifier)_obj; - } - - if(_obj instanceof ASN1Sequence) - { - return new RecipientKeyIdentifier((ASN1Sequence)_obj); - } - - throw new IllegalArgumentException("Invalid RecipientKeyIdentifier: " + _obj.getClass().getName()); - } - - public ASN1OctetString getSubjectKeyIdentifier() - { - return subjectKeyIdentifier; - } - - public DERGeneralizedTime getDate() - { - return date; - } - - public OtherKeyAttribute getOtherKeyAttribute() - { - return other; - } - - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * RecipientKeyIdentifier ::= SEQUENCE {
-     *     subjectKeyIdentifier SubjectKeyIdentifier,
-     *     date GeneralizedTime OPTIONAL,
-     *     other OtherKeyAttribute OPTIONAL 
-     * }
-     *
-     * SubjectKeyIdentifier ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(subjectKeyIdentifier); - - if (date != null) - { - v.add(date); - } - - if (other != null) - { - v.add(other); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedData.java deleted file mode 100644 index fcf8aed9c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedData.java +++ /dev/null @@ -1,302 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * a signed data object. - */ -public class SignedData - extends ASN1Encodable -{ - private DERInteger version; - private ASN1Set digestAlgorithms; - private ContentInfo contentInfo; - private ASN1Set certificates; - private ASN1Set crls; - private ASN1Set signerInfos; - private boolean certsBer; - private boolean crlsBer; - - public static SignedData getInstance( - Object o) - { - if (o instanceof SignedData) - { - return (SignedData)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignedData((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public SignedData( - ASN1Set digestAlgorithms, - ContentInfo contentInfo, - ASN1Set certificates, - ASN1Set crls, - ASN1Set signerInfos) - { - this.version = calculateVersion(contentInfo.getContentType(), certificates, crls, signerInfos); - this.digestAlgorithms = digestAlgorithms; - this.contentInfo = contentInfo; - this.certificates = certificates; - this.crls = crls; - this.signerInfos = signerInfos; - this.crlsBer = crls instanceof BERSet; - this.certsBer = certificates instanceof BERSet; - } - - - // RFC3852, section 5.1: - // IF ((certificates is present) AND - // (any certificates with a type of other are present)) OR - // ((crls is present) AND - // (any crls with a type of other are present)) - // THEN version MUST be 5 - // ELSE - // IF (certificates is present) AND - // (any version 2 attribute certificates are present) - // THEN version MUST be 4 - // ELSE - // IF ((certificates is present) AND - // (any version 1 attribute certificates are present)) OR - // (any SignerInfo structures are version 3) OR - // (encapContentInfo eContentType is other than id-data) - // THEN version MUST be 3 - // ELSE version MUST be 1 - // - private DERInteger calculateVersion( - DERObjectIdentifier contentOid, - ASN1Set certs, - ASN1Set crls, - ASN1Set signerInfs) - { - boolean otherCert = false; - boolean otherCrl = false; - boolean attrCertV1Found = false; - boolean attrCertV2Found = false; - - if (certs != null) - { - for (Enumeration en = certs.getObjects(); en.hasMoreElements();) - { - Object obj = en.nextElement(); - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)obj; - - if (tagged.getTagNo() == 1) - { - attrCertV1Found = true; - } - else if (tagged.getTagNo() == 2) - { - attrCertV2Found = true; - } - else if (tagged.getTagNo() == 3) - { - otherCert = true; - } - } - } - } - - if (otherCert) - { - return new DERInteger(5); - } - - if (crls != null) // no need to check if otherCert is true - { - for (Enumeration en = crls.getObjects(); en.hasMoreElements();) - { - Object obj = en.nextElement(); - if (obj instanceof ASN1TaggedObject) - { - otherCrl = true; - } - } - } - - if (otherCrl) - { - return new DERInteger(5); - } - - if (attrCertV2Found) - { - return new DERInteger(4); - } - - if (attrCertV1Found) - { - return new DERInteger(3); - } - - if (checkForVersion3(signerInfs)) - { - return new DERInteger(3); - } - - if (!CMSObjectIdentifiers.data.equals(contentOid)) - { - return new DERInteger(3); - } - - return new DERInteger(1); - } - - private boolean checkForVersion3(ASN1Set signerInfs) - { - for (Enumeration e = signerInfs.getObjects(); e.hasMoreElements();) - { - SignerInfo s = SignerInfo.getInstance(e.nextElement()); - - if (s.getVersion().getValue().intValue() == 3) - { - return true; - } - } - - return false; - } - - public SignedData( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - digestAlgorithms = ((ASN1Set)e.nextElement()); - contentInfo = ContentInfo.getInstance(e.nextElement()); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject)e.nextElement(); - - // - // an interesting feature of SignedData is that there appear - // to be varying implementations... - // for the moment we ignore anything which doesn't fit. - // - if (o instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)o; - - switch (tagged.getTagNo()) - { - case 0: - certsBer = tagged instanceof BERTaggedObject; - certificates = ASN1Set.getInstance(tagged, false); - break; - case 1: - crlsBer = tagged instanceof BERTaggedObject; - crls = ASN1Set.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("unknown tag value " + tagged.getTagNo()); - } - } - else - { - signerInfos = (ASN1Set)o; - } - } - } - - public DERInteger getVersion() - { - return version; - } - - public ASN1Set getDigestAlgorithms() - { - return digestAlgorithms; - } - - public ContentInfo getEncapContentInfo() - { - return contentInfo; - } - - public ASN1Set getCertificates() - { - return certificates; - } - - public ASN1Set getCRLs() - { - return crls; - } - - public ASN1Set getSignerInfos() - { - return signerInfos; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * SignedData ::= SEQUENCE {
-     *     version CMSVersion,
-     *     digestAlgorithms DigestAlgorithmIdentifiers,
-     *     encapContentInfo EncapsulatedContentInfo,
-     *     certificates [0] IMPLICIT CertificateSet OPTIONAL,
-     *     crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
-     *     signerInfos SignerInfos
-     *   }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(digestAlgorithms); - v.add(contentInfo); - - if (certificates != null) - { - if (certsBer) - { - v.add(new BERTaggedObject(false, 0, certificates)); - } - else - { - v.add(new DERTaggedObject(false, 0, certificates)); - } - } - - if (crls != null) - { - if (crlsBer) - { - v.add(new BERTaggedObject(false, 1, crls)); - } - else - { - v.add(new DERTaggedObject(false, 1, crls)); - } - } - - v.add(signerInfos); - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedDataParser.java deleted file mode 100644 index 50c461a6f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignedDataParser.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObjectParser; -import org.bouncycastle.asn1.DERTags; - -import java.io.IOException; - -/** - * 
- * SignedData ::= SEQUENCE {
- *     version CMSVersion,
- *     digestAlgorithms DigestAlgorithmIdentifiers,
- *     encapContentInfo EncapsulatedContentInfo,
- *     certificates [0] IMPLICIT CertificateSet OPTIONAL,
- *     crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
- *     signerInfos SignerInfos
- *   }
- *
- */ -public class SignedDataParser -{ - private ASN1SequenceParser _seq; - private DERInteger _version; - private Object _nextObject; - private boolean _certsCalled; - private boolean _crlsCalled; - - public static SignedDataParser getInstance( - Object o) - throws IOException - { - if (o instanceof ASN1Sequence) - { - return new SignedDataParser(((ASN1Sequence)o).parser()); - } - if (o instanceof ASN1SequenceParser) - { - return new SignedDataParser((ASN1SequenceParser)o); - } - - throw new IOException("unknown object encountered: " + o.getClass().getName()); - } - - private SignedDataParser( - ASN1SequenceParser seq) - throws IOException - { - this._seq = seq; - this._version = (DERInteger)seq.readObject(); - } - - public DERInteger getVersion() - { - return _version; - } - - public ASN1SetParser getDigestAlgorithms() - throws IOException - { - Object o = _seq.readObject(); - - if (o instanceof ASN1Set) - { - return ((ASN1Set)o).parser(); - } - - return (ASN1SetParser)o; - } - - public ContentInfoParser getEncapContentInfo() - throws IOException - { - return new ContentInfoParser((ASN1SequenceParser)_seq.readObject()); - } - - public ASN1SetParser getCertificates() - throws IOException - { - _certsCalled = true; - _nextObject = _seq.readObject(); - - if (_nextObject instanceof ASN1TaggedObjectParser && ((ASN1TaggedObjectParser)_nextObject).getTagNo() == 0) - { - ASN1SetParser certs = (ASN1SetParser)((ASN1TaggedObjectParser)_nextObject).getObjectParser(DERTags.SET, false); - _nextObject = null; - - return certs; - } - - return null; - } - - public ASN1SetParser getCrls() - throws IOException - { - if (!_certsCalled) - { - throw new IOException("getCerts() has not been called."); - } - - _crlsCalled = true; - - if (_nextObject == null) - { - _nextObject = _seq.readObject(); - } - - if (_nextObject instanceof ASN1TaggedObjectParser && ((ASN1TaggedObjectParser)_nextObject).getTagNo() == 1) - { - ASN1SetParser crls = (ASN1SetParser)((ASN1TaggedObjectParser)_nextObject).getObjectParser(DERTags.SET, false); - _nextObject = null; - - return crls; - } - - return null; - } - - public ASN1SetParser getSignerInfos() - throws IOException - { - if (!_certsCalled || !_crlsCalled) - { - throw new IOException("getCerts() and/or getCrls() has not been called."); - } - - if (_nextObject == null) - { - _nextObject = _seq.readObject(); - } - - return (ASN1SetParser)_nextObject; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java deleted file mode 100644 index 39e9b2dc8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class SignerIdentifier - extends ASN1Encodable - implements ASN1Choice -{ - private DEREncodable id; - - public SignerIdentifier( - IssuerAndSerialNumber id) - { - this.id = id; - } - - public SignerIdentifier( - ASN1OctetString id) - { - this.id = new DERTaggedObject(false, 0, id); - } - - public SignerIdentifier( - DERObject id) - { - this.id = id; - } - - /** - * return a SignerIdentifier object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static SignerIdentifier getInstance( - Object o) - { - if (o == null || o instanceof SignerIdentifier) - { - return (SignerIdentifier)o; - } - - if (o instanceof IssuerAndSerialNumber) - { - return new SignerIdentifier((IssuerAndSerialNumber)o); - } - - if (o instanceof ASN1OctetString) - { - return new SignerIdentifier((ASN1OctetString)o); - } - - if (o instanceof DERObject) - { - return new SignerIdentifier((DERObject)o); - } - - throw new IllegalArgumentException( - "Illegal object in SignerIdentifier: " + o.getClass().getName()); - } - - public boolean isTagged() - { - return (id instanceof ASN1TaggedObject); - } - - public DEREncodable getId() - { - if (id instanceof ASN1TaggedObject) - { - return ASN1OctetString.getInstance((ASN1TaggedObject)id, false); - } - - return id; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * SignerIdentifier ::= CHOICE {
-     *     issuerAndSerialNumber IssuerAndSerialNumber,
-     *     subjectKeyIdentifier [0] SubjectKeyIdentifier 
-     * }
-     *
-     * SubjectKeyIdentifier ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - return id.getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java deleted file mode 100644 index 243b01dcb..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java +++ /dev/null @@ -1,183 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -import java.util.Enumeration; - -public class SignerInfo - extends ASN1Encodable -{ - private DERInteger version; - private SignerIdentifier sid; - private AlgorithmIdentifier digAlgorithm; - private ASN1Set authenticatedAttributes; - private AlgorithmIdentifier digEncryptionAlgorithm; - private ASN1OctetString encryptedDigest; - private ASN1Set unauthenticatedAttributes; - - public static SignerInfo getInstance( - Object o) - throws IllegalArgumentException - { - if (o == null || o instanceof SignerInfo) - { - return (SignerInfo)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignerInfo((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public SignerInfo( - SignerIdentifier sid, - AlgorithmIdentifier digAlgorithm, - ASN1Set authenticatedAttributes, - AlgorithmIdentifier digEncryptionAlgorithm, - ASN1OctetString encryptedDigest, - ASN1Set unauthenticatedAttributes) - { - if (sid.isTagged()) - { - this.version = new DERInteger(3); - } - else - { - this.version = new DERInteger(1); - } - - this.sid = sid; - this.digAlgorithm = digAlgorithm; - this.authenticatedAttributes = authenticatedAttributes; - this.digEncryptionAlgorithm = digEncryptionAlgorithm; - this.encryptedDigest = encryptedDigest; - this.unauthenticatedAttributes = unauthenticatedAttributes; - } - - public SignerInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - sid = SignerIdentifier.getInstance(e.nextElement()); - digAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - - Object obj = e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false); - - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - } - else - { - authenticatedAttributes = null; - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj); - } - - encryptedDigest = DEROctetString.getInstance(e.nextElement()); - - if (e.hasMoreElements()) - { - unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false); - } - else - { - unauthenticatedAttributes = null; - } - } - - public DERInteger getVersion() - { - return version; - } - - public SignerIdentifier getSID() - { - return sid; - } - - public ASN1Set getAuthenticatedAttributes() - { - return authenticatedAttributes; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digAlgorithm; - } - - public ASN1OctetString getEncryptedDigest() - { - return encryptedDigest; - } - - public AlgorithmIdentifier getDigestEncryptionAlgorithm() - { - return digEncryptionAlgorithm; - } - - public ASN1Set getUnauthenticatedAttributes() - { - return unauthenticatedAttributes; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  SignerInfo ::= SEQUENCE {
-     *      version Version,
-     *      SignerIdentifier sid,
-     *      digestAlgorithm DigestAlgorithmIdentifier,
-     *      authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
-     *      digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
-     *      encryptedDigest EncryptedDigest,
-     *      unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
-     *  }
-     *
-     *  EncryptedDigest ::= OCTET STRING
-     *
-     *  DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-     *
-     *  DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(sid); - v.add(digAlgorithm); - - if (authenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 0, authenticatedAttributes)); - } - - v.add(digEncryptionAlgorithm); - v.add(encryptedDigest); - - if (unauthenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Time.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Time.java deleted file mode 100644 index 890d0766b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/Time.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUTCTime; - -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -public class Time - extends ASN1Encodable - implements ASN1Choice -{ - DERObject time; - - public static Time getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - public Time( - DERObject time) - { - if (!(time instanceof DERUTCTime) - && !(time instanceof DERGeneralizedTime)) - { - throw new IllegalArgumentException("unknown object passed to Time"); - } - - this.time = time; - } - - /** - * creates a time object from a given date - if the date is between 1950 - * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime - * is used. - */ - public Time( - Date date) - { - SimpleTimeZone tz = new SimpleTimeZone(0, "Z"); - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss"); - - dateF.setTimeZone(tz); - - String d = dateF.format(date) + "Z"; - int year = Integer.parseInt(d.substring(0, 4)); - - if (year < 1950 || year > 2049) - { - time = new DERGeneralizedTime(d); - } - else - { - time = new DERUTCTime(d.substring(2)); - } - } - - public static Time getInstance( - Object obj) - { - if (obj == null || obj instanceof Time) - { - return (Time)obj; - } - else if (obj instanceof DERUTCTime) - { - return new Time((DERUTCTime)obj); - } - else if (obj instanceof DERGeneralizedTime) - { - return new Time((DERGeneralizedTime)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public String getTime() - { - if (time instanceof DERUTCTime) - { - return ((DERUTCTime)time).getAdjustedTime(); - } - else - { - return ((DERGeneralizedTime)time).getTime(); - } - } - - public Date getDate() - { - try - { - if (time instanceof DERUTCTime) - { - return ((DERUTCTime)time).getAdjustedDate(); - } - else - { - return ((DERGeneralizedTime)time).getDate(); - } - } - catch (ParseException e) - { // this should never happen - throw new IllegalStateException("invalid date string: " + e.getMessage()); - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Time ::= CHOICE {
-     *             utcTime        UTCTime,
-     *             generalTime    GeneralizedTime }
-     *
- */ - public DERObject toASN1Object() - { - return time; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampAndCRL.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampAndCRL.java deleted file mode 100644 index 5d0779948..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampAndCRL.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.CertificateList; - -public class TimeStampAndCRL - extends ASN1Encodable -{ - private ContentInfo timeStamp; - private CertificateList crl; - - public TimeStampAndCRL(ContentInfo timeStamp) - { - this.timeStamp = timeStamp; - } - - private TimeStampAndCRL(ASN1Sequence seq) - { - this.timeStamp = ContentInfo.getInstance(seq.getObjectAt(0)); - if (seq.size() == 2) - { - this.crl = CertificateList.getInstance(seq.getObjectAt(1)); - } - } - - public static TimeStampAndCRL getInstance(Object obj) - { - if (obj instanceof TimeStampAndCRL) - { - return (TimeStampAndCRL)obj; - } - else if (obj != null) - { - return new TimeStampAndCRL(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public ContentInfo getTimeStampToken() - { - return this.timeStamp; - } - - public CertificateList getCertificateList() - { - return this.crl; - } - - /** - * 
-     * TimeStampAndCRL ::= SEQUENCE {
-     *     timeStamp   TimeStampToken,          -- according to RFC 3161
-     *     crl         CertificateList OPTIONAL -- according to RFC 5280
-     *  }
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(timeStamp); - - if (crl != null) - { - v.add(crl); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java deleted file mode 100644 index 80861ca62..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java +++ /dev/null @@ -1,84 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class TimeStampTokenEvidence - extends ASN1Encodable -{ - private TimeStampAndCRL[] timeStampAndCRLs; - - public TimeStampTokenEvidence(TimeStampAndCRL[] timeStampAndCRLs) - { - this.timeStampAndCRLs = timeStampAndCRLs; - } - - public TimeStampTokenEvidence(TimeStampAndCRL timeStampAndCRL) - { - this.timeStampAndCRLs = new TimeStampAndCRL[1]; - - timeStampAndCRLs[0] = timeStampAndCRL; - } - - private TimeStampTokenEvidence(ASN1Sequence seq) - { - this.timeStampAndCRLs = new TimeStampAndCRL[seq.size()]; - - int count = 0; - - for (Enumeration en = seq.getObjects(); en.hasMoreElements();) - { - timeStampAndCRLs[count++] = TimeStampAndCRL.getInstance(en.nextElement()); - } - } - - public static TimeStampTokenEvidence getInstance(ASN1TaggedObject tagged, boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(tagged, explicit)); - } - - public static TimeStampTokenEvidence getInstance(Object obj) - { - if (obj instanceof TimeStampTokenEvidence) - { - return (TimeStampTokenEvidence)obj; - } - else if (obj != null) - { - return new TimeStampTokenEvidence(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public TimeStampAndCRL[] toTimeStampAndCRLArray() - { - return timeStampAndCRLs; - } - - /** - * 
-     * TimeStampTokenEvidence ::=
-     *    SEQUENCE SIZE(1..MAX) OF TimeStampAndCRL
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != timeStampAndCRLs.length; i++) - { - v.add(timeStampAndCRLs[i]); - } - - return new DERSequence(v); - } - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedData.java deleted file mode 100644 index 46e97f687..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedData.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -public class TimeStampedData - extends ASN1Encodable -{ - private DERInteger version; - private DERIA5String dataUri; - private MetaData metaData; - private ASN1OctetString content; - private Evidence temporalEvidence; - - public TimeStampedData(DERIA5String dataUri, MetaData metaData, ASN1OctetString content, Evidence temporalEvidence) - { - this.version = new DERInteger(1); - this.dataUri = dataUri; - this.metaData = metaData; - this.content = content; - this.temporalEvidence = temporalEvidence; - } - - private TimeStampedData(ASN1Sequence seq) - { - this.version = DERInteger.getInstance(seq.getObjectAt(0)); - - int index = 1; - if (seq.getObjectAt(index) instanceof DERIA5String) - { - this.dataUri = DERIA5String.getInstance(seq.getObjectAt(index++)); - } - if (seq.getObjectAt(index) instanceof MetaData || seq.getObjectAt(index) instanceof ASN1Sequence) - { - this.metaData = MetaData.getInstance(seq.getObjectAt(index++)); - } - if (seq.getObjectAt(index) instanceof ASN1OctetString) - { - this.content = ASN1OctetString.getInstance(seq.getObjectAt(index++)); - } - this.temporalEvidence = Evidence.getInstance(seq.getObjectAt(index)); - } - - public static TimeStampedData getInstance(Object obj) - { - if (obj instanceof TimeStampedData) - { - return (TimeStampedData)obj; - } - else if (obj != null) - { - return new TimeStampedData(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public DERIA5String getDataUri() - { - return dataUri; - } - - public MetaData getMetaData() - { - return metaData; - } - - public ASN1OctetString getContent() - { - return content; - } - - public Evidence getTemporalEvidence() - { - return temporalEvidence; - } - - /** - * 
-     * TimeStampedData ::= SEQUENCE {
-     *   version              INTEGER { v1(1) },
-     *   dataUri              IA5String OPTIONAL,
-     *   metaData             MetaData OPTIONAL,
-     *   content              OCTET STRING OPTIONAL,
-     *   temporalEvidence     Evidence
-     * }
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (dataUri != null) - { - v.add(dataUri); - } - - if (metaData != null) - { - v.add(metaData); - } - - if (content != null) - { - v.add(content); - } - - v.add(temporalEvidence); - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedDataParser.java deleted file mode 100644 index 28b4b85bf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/TimeStampedDataParser.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -public class TimeStampedDataParser -{ - private DERInteger version; - private DERIA5String dataUri; - private MetaData metaData; - private ASN1OctetStringParser content; - private Evidence temporalEvidence; - private ASN1SequenceParser parser; - - private TimeStampedDataParser(ASN1SequenceParser parser) - throws IOException - { - this.parser = parser; - this.version = DERInteger.getInstance(parser.readObject()); - - DEREncodable obj = parser.readObject(); - - if (obj instanceof DERIA5String) - { - this.dataUri = DERIA5String.getInstance(obj); - obj = parser.readObject(); - } - if (obj instanceof MetaData || obj instanceof ASN1SequenceParser) - { - this.metaData = MetaData.getInstance(obj.getDERObject()); - obj = parser.readObject(); - } - if (obj instanceof ASN1OctetStringParser) - { - this.content = (ASN1OctetStringParser)obj; - } - } - - public static TimeStampedDataParser getInstance(Object obj) - throws IOException - { - if (obj instanceof ASN1Sequence) - { - return new TimeStampedDataParser(((ASN1Sequence)obj).parser()); - } - if (obj instanceof ASN1SequenceParser) - { - return new TimeStampedDataParser((ASN1SequenceParser)obj); - } - - return null; - } - - public DERIA5String getDataUri() - { - return dataUri; - } - - public MetaData getMetaData() - { - return metaData; - } - - public ASN1OctetStringParser getContent() - { - return content; - } - - public Evidence getTemporalEvidence() - throws IOException - { - if (temporalEvidence == null) - { - temporalEvidence = Evidence.getInstance(parser.readObject().getDERObject()); - } - - return temporalEvidence; - } - - /** - * 
-     * TimeStampedData ::= SEQUENCE {
-     *   version              INTEGER { v1(1) },
-     *   dataUri              IA5String OPTIONAL,
-     *   metaData             MetaData OPTIONAL,
-     *   content              OCTET STRING OPTIONAL,
-     *   temporalEvidence     Evidence
-     * }
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (dataUri != null) - { - v.add(dataUri); - } - - if (metaData != null) - { - v.add(metaData); - } - - if (content != null) - { - v.add(content); - } - - v.add(temporalEvidence); - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ecc/MQVuserKeyingMaterial.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ecc/MQVuserKeyingMaterial.java deleted file mode 100644 index 3ae507167..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/ecc/MQVuserKeyingMaterial.java +++ /dev/null @@ -1,112 +0,0 @@ -package org.bouncycastle.asn1.cms.ecc; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.OriginatorPublicKey; - -public class MQVuserKeyingMaterial - extends ASN1Encodable -{ - private OriginatorPublicKey ephemeralPublicKey; - private ASN1OctetString addedukm; - - public MQVuserKeyingMaterial( - OriginatorPublicKey ephemeralPublicKey, - ASN1OctetString addedukm) - { - // TODO Check ephemeralPublicKey not null - - this.ephemeralPublicKey = ephemeralPublicKey; - this.addedukm = addedukm; - } - - private MQVuserKeyingMaterial( - ASN1Sequence seq) - { - // TODO Check seq has either 1 or 2 elements - - this.ephemeralPublicKey = OriginatorPublicKey.getInstance( - seq.getObjectAt(0)); - - if (seq.size() > 1) - { - this.addedukm = ASN1OctetString.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - /** - * return an MQVuserKeyingMaterial object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @throws IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static MQVuserKeyingMaterial getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an MQVuserKeyingMaterial object from the given object. - * - * @param obj the object we want converted. - * @throws IllegalArgumentException if the object cannot be converted. - */ - public static MQVuserKeyingMaterial getInstance( - Object obj) - { - if (obj == null || obj instanceof MQVuserKeyingMaterial) - { - return (MQVuserKeyingMaterial)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new MQVuserKeyingMaterial((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid MQVuserKeyingMaterial: " + obj.getClass().getName()); - } - - public OriginatorPublicKey getEphemeralPublicKey() - { - return ephemeralPublicKey; - } - - public ASN1OctetString getAddedukm() - { - return addedukm; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * MQVuserKeyingMaterial ::= SEQUENCE {
-     *   ephemeralPublicKey OriginatorPublicKey,
-     *   addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(ephemeralPublicKey); - - if (addedukm != null) - { - v.add(new DERTaggedObject(true, 0, addedukm)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/package.html deleted file mode 100644 index c165a7a6e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cms/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting Cryptographic Message Syntax as described in PKCS#7 and RFC 3369 (formerly RFC 2630). - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java deleted file mode 100644 index 56e316426..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/AttributeTypeAndValue.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class AttributeTypeAndValue - extends ASN1Encodable -{ - private DERObjectIdentifier type; - private ASN1Encodable value; - - private AttributeTypeAndValue(ASN1Sequence seq) - { - type = (DERObjectIdentifier)seq.getObjectAt(0); - value = (ASN1Encodable)seq.getObjectAt(1); - } - - public static AttributeTypeAndValue getInstance(Object o) - { - if (o instanceof AttributeTypeAndValue) - { - return (AttributeTypeAndValue)o; - } - - if (o instanceof ASN1Sequence) - { - return new AttributeTypeAndValue((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public AttributeTypeAndValue( - String oid, - ASN1Encodable value) - { - this(new DERObjectIdentifier(oid), value); - } - - public AttributeTypeAndValue( - DERObjectIdentifier type, - ASN1Encodable value) - { - this.type = type; - this.value = value; - } - - public DERObjectIdentifier getType() - { - return type; - } - - public ASN1Encodable getValue() - { - return value; - } - - /** - * 
-     * AttributeTypeAndValue ::= SEQUENCE {
-     *           type         OBJECT IDENTIFIER,
-     *           value        ANY DEFINED BY type }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(type); - v.add(value); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java deleted file mode 100644 index c36084db3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CRMFObjectIdentifiers -{ - static final ASN1ObjectIdentifier id_pkix = new ASN1ObjectIdentifier("1.3.6.1.5.5.7"); - - // arc for Internet X.509 PKI protocols and their components - - static final ASN1ObjectIdentifier id_pkip = id_pkix.branch("5"); - - static final ASN1ObjectIdentifier id_regCtrl = id_pkip.branch("1"); - static final ASN1ObjectIdentifier id_regCtrl_regToken = id_regCtrl.branch("1"); - static final ASN1ObjectIdentifier id_regCtrl_authenticator = id_regCtrl.branch("2"); - static final ASN1ObjectIdentifier id_regCtrl_pkiPublicationInfo = id_regCtrl.branch("3"); - static final ASN1ObjectIdentifier id_regCtrl_pkiArchiveOptions = id_regCtrl.branch("4"); - - static final ASN1ObjectIdentifier id_ct_encKeyWithID = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_ct + ".21"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertId.java deleted file mode 100644 index c8999939c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertId.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.GeneralName; - -public class CertId - extends ASN1Encodable -{ - private GeneralName issuer; - private DERInteger serialNumber; - - private CertId(ASN1Sequence seq) - { - issuer = GeneralName.getInstance(seq.getObjectAt(0)); - serialNumber = DERInteger.getInstance(seq.getObjectAt(1)); - } - - public static CertId getInstance(Object o) - { - if (o instanceof CertId) - { - return (CertId)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertId((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public static CertId getInstance(ASN1TaggedObject obj, boolean isExplicit) - { - return getInstance(ASN1Sequence.getInstance(obj, isExplicit)); - } - - public GeneralName getIssuer() - { - return issuer; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - /** - * 
-     * CertId ::= SEQUENCE {
-     *                 issuer           GeneralName,
-     *                 serialNumber     INTEGER }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(issuer); - v.add(serialNumber); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java deleted file mode 100644 index 4ca8d9d8a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMessages.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CertReqMessages - extends ASN1Encodable -{ - private ASN1Sequence content; - - private CertReqMessages(ASN1Sequence seq) - { - content = seq; - } - - public static CertReqMessages getInstance(Object o) - { - if (o instanceof CertReqMessages) - { - return (CertReqMessages)o; - } - - if (o instanceof ASN1Sequence) - { - return new CertReqMessages((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public CertReqMessages( - CertReqMsg msg) - { - content = new DERSequence(msg); - } - - public CertReqMessages( - CertReqMsg[] msgs) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < msgs.length; i++) { - v.add(msgs[i]); - } - content = new DERSequence(v); - } - - public CertReqMsg[] toCertReqMsgArray() - { - CertReqMsg[] result = new CertReqMsg[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = CertReqMsg.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java deleted file mode 100644 index 8c41b44bc..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertReqMsg.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CertReqMsg - extends ASN1Encodable -{ - private CertRequest certReq; - private ProofOfPossession popo; - private ASN1Sequence regInfo; - - private CertReqMsg(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - - certReq = CertRequest.getInstance(en.nextElement()); - while (en.hasMoreElements()) - { - Object o = en.nextElement(); - - if (o instanceof ASN1TaggedObject || o instanceof ProofOfPossession) - { - popo = ProofOfPossession.getInstance(o); - } - else - { - regInfo = ASN1Sequence.getInstance(o); - } - } - } - - public static CertReqMsg getInstance(Object o) - { - if (o instanceof CertReqMsg) - { - return (CertReqMsg)o; - } - else if (o != null) - { - return new CertReqMsg(ASN1Sequence.getInstance(o)); - } - - return null; - } - - /** - * Creates a new CertReqMsg. - * @param certReq CertRequest - * @param popo may be null - * @param regInfo may be null - */ - public CertReqMsg( - CertRequest certReq, - ProofOfPossession popo, - AttributeTypeAndValue[] regInfo) - { - if (certReq == null) - { - throw new IllegalArgumentException("'certReq' cannot be null"); - } - - this.certReq = certReq; - this.popo = popo; - - if (regInfo != null) - { - this.regInfo = new DERSequence(regInfo); - } - } - - public CertRequest getCertReq() - { - return certReq; - } - - /** - * @deprecated use getPopo - */ - public ProofOfPossession getPop() - { - return popo; - } - - public ProofOfPossession getPopo() - { - return popo; - } - - public AttributeTypeAndValue[] getRegInfo() - { - if (regInfo == null) - { - return null; - } - - AttributeTypeAndValue[] results = new AttributeTypeAndValue[regInfo.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = AttributeTypeAndValue.getInstance(regInfo.getObjectAt(i)); - } - - return results; - } - - /** - * 
-     * CertReqMsg ::= SEQUENCE {
-     *                    certReq   CertRequest,
-     *                    pop       ProofOfPossession  OPTIONAL,
-     *                    -- content depends upon key type
-     *                    regInfo   SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certReq); - - addOptional(v, popo); - addOptional(v, regInfo); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, ASN1Encodable obj) - { - if (obj != null) - { - v.add(obj); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java deleted file mode 100644 index 0071bdf82..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertRequest.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CertRequest - extends ASN1Encodable -{ - private DERInteger certReqId; - private CertTemplate certTemplate; - private Controls controls; - - private CertRequest(ASN1Sequence seq) - { - certReqId = DERInteger.getInstance(seq.getObjectAt(0)); - certTemplate = CertTemplate.getInstance(seq.getObjectAt(1)); - if (seq.size() > 2) - { - controls = Controls.getInstance(seq.getObjectAt(2)); - } - } - - public static CertRequest getInstance(Object o) - { - if (o instanceof CertRequest) - { - return (CertRequest)o; - } - else if (o != null) - { - return new CertRequest(ASN1Sequence.getInstance(o)); - } - - return null; - } - - public CertRequest( - int certReqId, - CertTemplate certTemplate, - Controls controls) - { - this(new DERInteger(certReqId), certTemplate, controls); - } - - public CertRequest( - DERInteger certReqId, - CertTemplate certTemplate, - Controls controls) - { - this.certReqId = certReqId; - this.certTemplate = certTemplate; - this.controls = controls; - } - - public DERInteger getCertReqId() - { - return certReqId; - } - - public CertTemplate getCertTemplate() - { - return certTemplate; - } - - public Controls getControls() - { - return controls; - } - - /** - * 
-     * CertRequest ::= SEQUENCE {
-     *                      certReqId     INTEGER,          -- ID for matching request and reply
-     *                      certTemplate  CertTemplate,  -- Selected fields of cert to be issued
-     *                      controls      Controls OPTIONAL }   -- Attributes affecting issuance
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certReqId); - v.add(certTemplate); - - if (controls != null) - { - v.add(controls); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java deleted file mode 100644 index 6bc779d47..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplate.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class CertTemplate - extends ASN1Encodable -{ - private ASN1Sequence seq; - - private DERInteger version; - private DERInteger serialNumber; - private AlgorithmIdentifier signingAlg; - private X500Name issuer; - private OptionalValidity validity; - private X500Name subject; - private SubjectPublicKeyInfo publicKey; - private DERBitString issuerUID; - private DERBitString subjectUID; - private X509Extensions extensions; - - private CertTemplate(ASN1Sequence seq) - { - this.seq = seq; - - Enumeration en = seq.getObjects(); - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); - - switch (tObj.getTagNo()) - { - case 0: - version = DERInteger.getInstance(tObj, false); - break; - case 1: - serialNumber = DERInteger.getInstance(tObj, false); - break; - case 2: - signingAlg = AlgorithmIdentifier.getInstance(tObj, false); - break; - case 3: - issuer = X500Name.getInstance(tObj, true); // CHOICE - break; - case 4: - validity = OptionalValidity.getInstance(ASN1Sequence.getInstance(tObj, false)); - break; - case 5: - subject = X500Name.getInstance(tObj, true); // CHOICE - break; - case 6: - publicKey = SubjectPublicKeyInfo.getInstance(tObj, false); - break; - case 7: - issuerUID = DERBitString.getInstance(tObj, false); - break; - case 8: - subjectUID = DERBitString.getInstance(tObj, false); - break; - case 9: - extensions = X509Extensions.getInstance(tObj, false); - break; - default: - throw new IllegalArgumentException("unknown tag: " + tObj.getTagNo()); - } - } - } - - public static CertTemplate getInstance(Object o) - { - if (o instanceof CertTemplate) - { - return (CertTemplate)o; - } - else if (o != null) - { - return new CertTemplate(ASN1Sequence.getInstance(o)); - } - - return null; - } - - public int getVersion() - { - return version.getValue().intValue(); - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public AlgorithmIdentifier getSigningAlg() - { - return signingAlg; - } - - public X500Name getIssuer() - { - return issuer; - } - - public OptionalValidity getValidity() - { - return validity; - } - - public X500Name getSubject() - { - return subject; - } - - public SubjectPublicKeyInfo getPublicKey() - { - return publicKey; - } - - public void setPublicKey(SubjectPublicKeyInfo spki) - { - publicKey = spki; - } - - public DERBitString getIssuerUID() - { - return issuerUID; - } - - public DERBitString getSubjectUID() - { - return subjectUID; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * 
-     *  CertTemplate ::= SEQUENCE {
-     *      version      [0] Version               OPTIONAL,
-     *      serialNumber [1] INTEGER               OPTIONAL,
-     *      signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
-     *      issuer       [3] Name                  OPTIONAL,
-     *      validity     [4] OptionalValidity      OPTIONAL,
-     *      subject      [5] Name                  OPTIONAL,
-     *      publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
-     *      issuerUID    [7] UniqueIdentifier      OPTIONAL,
-     *      subjectUID   [8] UniqueIdentifier      OPTIONAL,
-     *      extensions   [9] Extensions            OPTIONAL }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java deleted file mode 100644 index 858ef8209..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/CertTemplateBuilder.java +++ /dev/null @@ -1,141 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class CertTemplateBuilder -{ - private DERInteger version; - private DERInteger serialNumber; - private AlgorithmIdentifier signingAlg; - private X500Name issuer; - private OptionalValidity validity; - private X500Name subject; - private SubjectPublicKeyInfo publicKey; - private DERBitString issuerUID; - private DERBitString subjectUID; - private X509Extensions extensions; - - /** Sets the X.509 version. Note: for X509v3, use 2 here. */ - public CertTemplateBuilder setVersion(int ver) - { - version = new DERInteger(ver); - - return this; - } - - public CertTemplateBuilder setSerialNumber(DERInteger ser) - { - serialNumber = ser; - - return this; - } - - public CertTemplateBuilder setSigningAlg(AlgorithmIdentifier aid) - { - signingAlg = aid; - - return this; - } - - public CertTemplateBuilder setIssuer(X500Name name) - { - issuer = name; - - return this; - } - - public CertTemplateBuilder setValidity(OptionalValidity v) - { - validity = v; - - return this; - } - - public CertTemplateBuilder setSubject(X500Name name) - { - subject = name; - - return this; - } - - public CertTemplateBuilder setPublicKey(SubjectPublicKeyInfo spki) - { - publicKey = spki; - - return this; - } - - /** Sets the issuer unique ID (deprecated in X.509v3) */ - public CertTemplateBuilder setIssuerUID(DERBitString uid) - { - issuerUID = uid; - - return this; - } - - /** Sets the subject unique ID (deprecated in X.509v3) */ - public CertTemplateBuilder setSubjectUID(DERBitString uid) - { - subjectUID = uid; - - return this; - } - - public CertTemplateBuilder setExtensions(X509Extensions extens) - { - extensions = extens; - - return this; - } - - /** - * 
-     *  CertTemplate ::= SEQUENCE {
-     *      version      [0] Version               OPTIONAL,
-     *      serialNumber [1] INTEGER               OPTIONAL,
-     *      signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
-     *      issuer       [3] Name                  OPTIONAL,
-     *      validity     [4] OptionalValidity      OPTIONAL,
-     *      subject      [5] Name                  OPTIONAL,
-     *      publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
-     *      issuerUID    [7] UniqueIdentifier      OPTIONAL,
-     *      subjectUID   [8] UniqueIdentifier      OPTIONAL,
-     *      extensions   [9] Extensions            OPTIONAL }
-     *
- * @return a basic ASN.1 object representation. - */ - public CertTemplate build() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - addOptional(v, 0, false, version); - addOptional(v, 1, false, serialNumber); - addOptional(v, 2, false, signingAlg); - addOptional(v, 3, true, issuer); // CHOICE - addOptional(v, 4, false, validity); - addOptional(v, 5, true, subject); // CHOICE - addOptional(v, 6, false, publicKey); - addOptional(v, 7, false, issuerUID); - addOptional(v, 8, false, subjectUID); - addOptional(v, 9, false, extensions); - - return CertTemplate.getInstance(new DERSequence(v)); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, boolean isExplicit, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(isExplicit, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/Controls.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/Controls.java deleted file mode 100644 index 96731fb22..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/Controls.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class Controls - extends ASN1Encodable -{ - private ASN1Sequence content; - - private Controls(ASN1Sequence seq) - { - content = seq; - } - - public static Controls getInstance(Object o) - { - if (o instanceof Controls) - { - return (Controls)o; - } - - if (o instanceof ASN1Sequence) - { - return new Controls((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public Controls(AttributeTypeAndValue atv) - { - content = new DERSequence(atv); - } - - public Controls(AttributeTypeAndValue[] atvs) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i < atvs.length; i++) { - v.add(atvs[i]); - } - content = new DERSequence(v); - } - - public AttributeTypeAndValue[] toAttributeTypeAndValueArray() - { - AttributeTypeAndValue[] result = new AttributeTypeAndValue[content.size()]; - - for (int i = 0; i != result.length; i++) - { - result[i] = AttributeTypeAndValue.getInstance(content.getObjectAt(i)); - } - - return result; - } - - /** - * 
-     * Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return content; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java deleted file mode 100644 index ebc3a3d77..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncKeyWithID.java +++ /dev/null @@ -1,116 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.GeneralName; - -public class EncKeyWithID - extends ASN1Encodable -{ - private final PrivateKeyInfo privKeyInfo; - private final ASN1Encodable identifier; - - public static EncKeyWithID getInstance(Object o) - { - if (o instanceof EncKeyWithID) - { - return (EncKeyWithID)o; - } - else if (o != null) - { - return new EncKeyWithID(ASN1Sequence.getInstance(o)); - } - - return null; - } - - private EncKeyWithID(ASN1Sequence seq) - { - this.privKeyInfo = PrivateKeyInfo.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - if (!(seq.getObjectAt(1) instanceof DERUTF8String)) - { - this.identifier = GeneralName.getInstance(seq.getObjectAt(1)); - } - else - { - this.identifier = (ASN1Encodable)seq.getObjectAt(1); - } - } - else - { - this.identifier = null; - } - } - - public EncKeyWithID(PrivateKeyInfo privKeyInfo) - { - this.privKeyInfo = privKeyInfo; - this.identifier = null; - } - - public EncKeyWithID(PrivateKeyInfo privKeyInfo, DERUTF8String str) - { - this.privKeyInfo = privKeyInfo; - this.identifier = str; - } - - public EncKeyWithID(PrivateKeyInfo privKeyInfo, GeneralName generalName) - { - this.privKeyInfo = privKeyInfo; - this.identifier = generalName; - } - - public PrivateKeyInfo getPrivateKey() - { - return privKeyInfo; - } - - public boolean hasIdentifier() - { - return identifier != null; - } - - public boolean isIdentifierUTF8String() - { - return identifier instanceof DERUTF8String; - } - - public ASN1Encodable getIdentifier() - { - return identifier; - } - - /** - * 
-     * EncKeyWithID ::= SEQUENCE {
-     *      privateKey           PrivateKeyInfo,
-     *      identifier CHOICE {
-     *         string               UTF8String,
-     *         generalName          GeneralName
-     *     } OPTIONAL
-     * }
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(privKeyInfo); - - if (identifier != null) - { - v.add(identifier); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java deleted file mode 100644 index b711abf0b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedKey.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.EnvelopedData; - -public class EncryptedKey - extends ASN1Encodable - implements ASN1Choice -{ - private EnvelopedData envelopedData; - private EncryptedValue encryptedValue; - - public static EncryptedKey getInstance(Object o) - { - if (o instanceof EncryptedKey) - { - return (EncryptedKey)o; - } - else if (o instanceof ASN1TaggedObject) - { - return new EncryptedKey(EnvelopedData.getInstance((ASN1TaggedObject)o, false)); - } - else if (o instanceof EncryptedValue) - { - return new EncryptedKey((EncryptedValue)o); - } - else - { - return new EncryptedKey(EncryptedValue.getInstance(o)); - } - } - - public EncryptedKey(EnvelopedData envelopedData) - { - this.envelopedData = envelopedData; - } - - public EncryptedKey(EncryptedValue encryptedValue) - { - this.encryptedValue = encryptedValue; - } - - public boolean isEncryptedValue() - { - return encryptedValue != null; - } - - public ASN1Encodable getValue() - { - if (encryptedValue != null) - { - return encryptedValue; - } - - return envelopedData; - } - - /** - * 
-     *    EncryptedKey ::= CHOICE {
-     *        encryptedValue        EncryptedValue, -- deprecated
-     *        envelopedData     [0] EnvelopedData }
-     *        -- The encrypted private key MUST be placed in the envelopedData
-     *        -- encryptedContentInfo encryptedContent OCTET STRING.
-     *
- */ - public DERObject toASN1Object() - { - if (encryptedValue != null) - { - return encryptedValue.toASN1Object(); - } - - return new DERTaggedObject(false, 0, envelopedData); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java deleted file mode 100644 index 677018402..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/EncryptedValue.java +++ /dev/null @@ -1,163 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptedValue - extends ASN1Encodable -{ - private AlgorithmIdentifier intendedAlg; - private AlgorithmIdentifier symmAlg; - private DERBitString encSymmKey; - private AlgorithmIdentifier keyAlg; - private ASN1OctetString valueHint; - private DERBitString encValue; - - private EncryptedValue(ASN1Sequence seq) - { - int index = 0; - while (seq.getObjectAt(index) instanceof ASN1TaggedObject) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)seq.getObjectAt(index); - - switch (tObj.getTagNo()) - { - case 0: - intendedAlg = AlgorithmIdentifier.getInstance(tObj, false); - break; - case 1: - symmAlg = AlgorithmIdentifier.getInstance(tObj, false); - break; - case 2: - encSymmKey = DERBitString.getInstance(tObj, false); - break; - case 3: - keyAlg = AlgorithmIdentifier.getInstance(tObj, false); - break; - case 4: - valueHint = ASN1OctetString.getInstance(tObj, false); - break; - } - index++; - } - - encValue = DERBitString.getInstance(seq.getObjectAt(index)); - } - - public static EncryptedValue getInstance(Object o) - { - if (o instanceof EncryptedValue) - { - return (EncryptedValue)o; - } - else if (o != null) - { - return new EncryptedValue(ASN1Sequence.getInstance(o)); - } - - return null; - } - - public EncryptedValue( - AlgorithmIdentifier intendedAlg, - AlgorithmIdentifier symmAlg, - DERBitString encSymmKey, - AlgorithmIdentifier keyAlg, - ASN1OctetString valueHint, - DERBitString encValue) - { - if (encValue == null) - { - throw new IllegalArgumentException("'encValue' cannot be null"); - } - - this.intendedAlg = intendedAlg; - this.symmAlg = symmAlg; - this.encSymmKey = encSymmKey; - this.keyAlg = keyAlg; - this.valueHint = valueHint; - this.encValue = encValue; - } - - public AlgorithmIdentifier getIntendedAlg() - { - return intendedAlg; - } - - public AlgorithmIdentifier getSymmAlg() - { - return symmAlg; - } - - public DERBitString getEncSymmKey() - { - return encSymmKey; - } - - public AlgorithmIdentifier getKeyAlg() - { - return keyAlg; - } - - public ASN1OctetString getValueHint() - { - return valueHint; - } - - public DERBitString getEncValue() - { - return encValue; - } - - /** - * 
-     * EncryptedValue ::= SEQUENCE {
-     *                     intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
-     *                     -- the intended algorithm for which the value will be used
-     *                     symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
-     *                     -- the symmetric algorithm used to encrypt the value
-     *                     encSymmKey    [2] BIT STRING           OPTIONAL,
-     *                     -- the (encrypted) symmetric key used to encrypt the value
-     *                     keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
-     *                     -- algorithm used to encrypt the symmetric key
-     *                     valueHint     [4] OCTET STRING         OPTIONAL,
-     *                     -- a brief description or identifier of the encValue content
-     *                     -- (may be meaningful only to the sending entity, and used only
-     *                     -- if EncryptedValue might be re-examined by the sending entity
-     *                     -- in the future)
-     *                     encValue       BIT STRING }
-     *                     -- the encrypted value itself
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - addOptional(v, 0, intendedAlg); - addOptional(v, 1, symmAlg); - addOptional(v, 2, encSymmKey); - addOptional(v, 3, keyAlg); - addOptional(v, 4, valueHint); - - v.add(encValue); - - return new DERSequence(v); - } - - private void addOptional(ASN1EncodableVector v, int tagNo, ASN1Encodable obj) - { - if (obj != null) - { - v.add(new DERTaggedObject(false, tagNo, obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java deleted file mode 100644 index 750f2a543..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/OptionalValidity.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.Time; - -import java.util.Enumeration; - -public class OptionalValidity - extends ASN1Encodable -{ - private Time notBefore; - private Time notAfter; - - private OptionalValidity(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); - - if (tObj.getTagNo() == 0) - { - notBefore = Time.getInstance(tObj, true); - } - else - { - notAfter = Time.getInstance(tObj, true); - } - } - } - - public static OptionalValidity getInstance(Object o) - { - if (o instanceof OptionalValidity) - { - return (OptionalValidity)o; - } - - if (o instanceof ASN1Sequence) - { - return new OptionalValidity((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - /** - * 
-     * OptionalValidity ::= SEQUENCE {
-     *                        notBefore  [0] Time OPTIONAL,
-     *                        notAfter   [1] Time OPTIONAL } --at least one MUST be present
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (notBefore != null) - { - v.add(new DERTaggedObject(true, 0, notBefore)); - } - - if (notAfter != null) - { - v.add(new DERTaggedObject(true, 1, notAfter)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java deleted file mode 100644 index 479e9624d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIArchiveOptions.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class PKIArchiveOptions - extends ASN1Encodable - implements ASN1Choice -{ - public static final int encryptedPrivKey = 0; - public static final int keyGenParameters = 1; - public static final int archiveRemGenPrivKey = 2; - - private ASN1Encodable value; - - public static PKIArchiveOptions getInstance(Object o) - { - if (o instanceof PKIArchiveOptions) - { - return (PKIArchiveOptions)o; - } - else if (o instanceof ASN1TaggedObject) - { - return new PKIArchiveOptions((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("unknown object: " + o); - } - - private PKIArchiveOptions(ASN1TaggedObject tagged) - { - switch (tagged.getTagNo()) - { - case encryptedPrivKey: - value = EncryptedKey.getInstance(tagged.getObject()); - break; - case keyGenParameters: - value = ASN1OctetString.getInstance(tagged, false); - break; - case archiveRemGenPrivKey: - value = DERBoolean.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo()); - } - } - - public PKIArchiveOptions(EncryptedKey encKey) - { - this.value = encKey; - } - - public PKIArchiveOptions(ASN1OctetString keyGenParameters) - { - this.value = keyGenParameters; - } - - public PKIArchiveOptions(boolean archiveRemGenPrivKey) - { - this.value = new DERBoolean(archiveRemGenPrivKey); - } - - public int getType() - { - if (value instanceof EncryptedKey) - { - return encryptedPrivKey; - } - - if (value instanceof ASN1OctetString) - { - return keyGenParameters; - } - - return archiveRemGenPrivKey; - } - - public ASN1Encodable getValue() - { - return value; - } - - /** - * 
-     *  PKIArchiveOptions ::= CHOICE {
-     *      encryptedPrivKey     [0] EncryptedKey,
-     *      -- the actual value of the private key
-     *      keyGenParameters     [1] KeyGenParameters,
-     *      -- parameters which allow the private key to be re-generated
-     *      archiveRemGenPrivKey [2] BOOLEAN }
-     *      -- set to TRUE if sender wishes receiver to archive the private
-     *      -- key of a key pair that the receiver generates in response to
-     *      -- this request; set to FALSE if no archival is desired.
-     *
- */ - public DERObject toASN1Object() - { - if (value instanceof EncryptedKey) - { - return new DERTaggedObject(true, encryptedPrivKey, value); // choice - } - - if (value instanceof ASN1OctetString) - { - return new DERTaggedObject(false, keyGenParameters, value); - } - - return new DERTaggedObject(false, archiveRemGenPrivKey, value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java deleted file mode 100644 index e4831063f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKIPublicationInfo.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PKIPublicationInfo - extends ASN1Encodable -{ - private DERInteger action; - private ASN1Sequence pubInfos; - - private PKIPublicationInfo(ASN1Sequence seq) - { - action = DERInteger.getInstance(seq.getObjectAt(0)); - pubInfos = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - - public static PKIPublicationInfo getInstance(Object o) - { - if (o instanceof PKIPublicationInfo) - { - return (PKIPublicationInfo)o; - } - - if (o instanceof ASN1Sequence) - { - return new PKIPublicationInfo((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public DERInteger getAction() - { - return action; - } - - public SinglePubInfo[] getPubInfos() - { - if (pubInfos == null) - { - return null; - } - - SinglePubInfo[] results = new SinglePubInfo[pubInfos.size()]; - - for (int i = 0; i != results.length; i++) - { - results[i] = SinglePubInfo.getInstance(pubInfos.getObjectAt(i)); - } - - return results; - } - - /** - * 
-     * PKIPublicationInfo ::= SEQUENCE {
-     *                  action     INTEGER {
-     *                                 dontPublish (0),
-     *                                 pleasePublish (1) },
-     *                  pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-     * -- pubInfos MUST NOT be present if action is "dontPublish"
-     * -- (if action is "pleasePublish" and pubInfos is omitted,
-     * -- "dontCare" is assumed)
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(action); - v.add(pubInfos); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java deleted file mode 100644 index 2fdb77314..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/PKMACValue.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers; -import org.bouncycastle.asn1.cmp.PBMParameter; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * Password-based MAC value for use with POPOSigningKeyInput. - */ -public class PKMACValue - extends ASN1Encodable -{ - private AlgorithmIdentifier algId; - private DERBitString value; - - private PKMACValue(ASN1Sequence seq) - { - algId = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - value = DERBitString.getInstance(seq.getObjectAt(1)); - } - - public static PKMACValue getInstance(Object o) - { - if (o instanceof PKMACValue) - { - return (PKMACValue)o; - } - - if (o instanceof ASN1Sequence) - { - return new PKMACValue((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public static PKMACValue getInstance(ASN1TaggedObject obj, boolean isExplicit) - { - return getInstance(ASN1Sequence.getInstance(obj, isExplicit)); - } - - /** - * Creates a new PKMACValue. - * @param params parameters for password-based MAC - * @param value MAC of the DER-encoded SubjectPublicKeyInfo - */ - public PKMACValue( - PBMParameter params, - DERBitString value) - { - this(new AlgorithmIdentifier( - CMPObjectIdentifiers.passwordBasedMac, params), value); - } - - /** - * Creates a new PKMACValue. - * @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter - * @param value MAC of the DER-encoded SubjectPublicKeyInfo - */ - public PKMACValue( - AlgorithmIdentifier aid, - DERBitString value) - { - this.algId = aid; - this.value = value; - } - - public AlgorithmIdentifier getAlgId() - { - return algId; - } - - public DERBitString getValue() - { - return value; - } - - /** - * 
-     * PKMACValue ::= SEQUENCE {
-     *      algId  AlgorithmIdentifier,
-     *      -- algorithm value shall be PasswordBasedMac 1.2.840.113533.7.66.13
-     *      -- parameter value is PBMParameter
-     *      value  BIT STRING }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(value); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java deleted file mode 100644 index 50991eef7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOPrivKey.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.EnvelopedData; - -public class POPOPrivKey - extends ASN1Encodable - implements ASN1Choice -{ - public static final int thisMessage = 0; - public static final int subsequentMessage = 1; - public static final int dhMAC = 2; - public static final int agreeMAC = 3; - public static final int encryptedKey = 4; - - private int tagNo; - private ASN1Encodable obj; - - private POPOPrivKey(ASN1TaggedObject obj) - { - this.tagNo = obj.getTagNo(); - - switch (tagNo) - { - case thisMessage: - this.obj = DERBitString.getInstance(obj, false); - break; - case subsequentMessage: - this.obj = SubsequentMessage.valueOf(DERInteger.getInstance(obj, false).getValue().intValue()); - break; - case dhMAC: - this.obj = DERBitString.getInstance(obj, false); - break; - case agreeMAC: - this.obj = PKMACValue.getInstance(obj, false); - break; - case encryptedKey: - this.obj = EnvelopedData.getInstance(obj, false); - break; - default: - throw new IllegalArgumentException("unknown tag in POPOPrivKey"); - } - } - - public static POPOPrivKey getInstance(ASN1TaggedObject tagged, boolean isExplicit) - { - return new POPOPrivKey(ASN1TaggedObject.getInstance(tagged.getObject())); - } - - public POPOPrivKey(SubsequentMessage msg) - { - this.tagNo = subsequentMessage; - this.obj = msg; - } - - public int getType() - { - return tagNo; - } - - public ASN1Encodable getValue() - { - return obj; - } - - /** - * 
-     * POPOPrivKey ::= CHOICE {
-     *        thisMessage       [0] BIT STRING,         -- Deprecated
-     *         -- possession is proven in this message (which contains the private
-     *         -- key itself (encrypted for the CA))
-     *        subsequentMessage [1] SubsequentMessage,
-     *         -- possession will be proven in a subsequent message
-     *        dhMAC             [2] BIT STRING,         -- Deprecated
-     *        agreeMAC          [3] PKMACValue,
-     *        encryptedKey      [4] EnvelopedData }
-     *
- */ - public DERObject toASN1Object() - { - return new DERTaggedObject(false, tagNo, obj); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java deleted file mode 100644 index 4ad14f0a1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKey.java +++ /dev/null @@ -1,122 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class POPOSigningKey - extends ASN1Encodable -{ - private POPOSigningKeyInput poposkInput; - private AlgorithmIdentifier algorithmIdentifier; - private DERBitString signature; - - private POPOSigningKey(ASN1Sequence seq) - { - int index = 0; - - if (seq.getObjectAt(index) instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagObj - = (ASN1TaggedObject) seq.getObjectAt(index++); - if (tagObj.getTagNo() != 0) - { - throw new IllegalArgumentException( - "Unknown POPOSigningKeyInput tag: " + tagObj.getTagNo()); - } - poposkInput = POPOSigningKeyInput.getInstance(tagObj.getObject()); - } - algorithmIdentifier = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++)); - signature = DERBitString.getInstance(seq.getObjectAt(index)); - } - - public static POPOSigningKey getInstance(Object o) - { - if (o instanceof POPOSigningKey) - { - return (POPOSigningKey)o; - } - - if (o instanceof ASN1Sequence) - { - return new POPOSigningKey((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public static POPOSigningKey getInstance(ASN1TaggedObject obj, boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * Creates a new Proof of Possession object for a signing key. - * @param poposkIn the POPOSigningKeyInput structure, or null if the - * CertTemplate includes both subject and publicKey values. - * @param aid the AlgorithmIdentifier used to sign the proof of possession. - * @param signature a signature over the DER-encoded value of poposkIn, - * or the DER-encoded value of certReq if poposkIn is null. - */ - public POPOSigningKey( - POPOSigningKeyInput poposkIn, - AlgorithmIdentifier aid, - DERBitString signature) - { - this.poposkInput = poposkIn; - this.algorithmIdentifier = aid; - this.signature = signature; - } - - public POPOSigningKeyInput getPoposkInput() { - return poposkInput; - } - - public AlgorithmIdentifier getAlgorithmIdentifier() { - return algorithmIdentifier; - } - - public DERBitString getSignature() { - return signature; - } - - /** - * 
-     * POPOSigningKey ::= SEQUENCE {
-     *                      poposkInput           [0] POPOSigningKeyInput OPTIONAL,
-     *                      algorithmIdentifier   AlgorithmIdentifier,
-     *                      signature             BIT STRING }
-     *  -- The signature (using "algorithmIdentifier") is on the
-     *  -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
-     *  -- certReq CertTemplate contains the subject and publicKey values,
-     *  -- then poposkInput MUST be omitted and the signature MUST be
-     *  -- computed on the DER-encoded value of CertReqMsg certReq.  If
-     *  -- the CertReqMsg certReq CertTemplate does not contain the public
-     *  -- key and subject values, then poposkInput MUST be present and
-     *  -- MUST be signed.  This strategy ensures that the public key is
-     *  -- not present in both the poposkInput and CertReqMsg certReq
-     *  -- CertTemplate fields.
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (poposkInput != null) - { - v.add(new DERTaggedObject(false, 0, poposkInput)); - } - - v.add(algorithmIdentifier); - v.add(signature); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java deleted file mode 100644 index b59fcde0a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/POPOSigningKeyInput.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -public class POPOSigningKeyInput - extends ASN1Encodable -{ - private GeneralName sender; - private PKMACValue publicKeyMAC; - private SubjectPublicKeyInfo publicKey; - - private POPOSigningKeyInput(ASN1Sequence seq) - { - ASN1Encodable authInfo = (ASN1Encodable)seq.getObjectAt(0); - - if (authInfo instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagObj = (ASN1TaggedObject)authInfo; - if (tagObj.getTagNo() != 0) - { - throw new IllegalArgumentException( - "Unknown authInfo tag: " + tagObj.getTagNo()); - } - sender = GeneralName.getInstance(tagObj.getObject()); - } - else - { - publicKeyMAC = PKMACValue.getInstance(authInfo); - } - - publicKey = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(1)); - } - - public static POPOSigningKeyInput getInstance(Object o) - { - if (o instanceof POPOSigningKeyInput) - { - return (POPOSigningKeyInput)o; - } - - if (o instanceof ASN1Sequence) - { - return new POPOSigningKeyInput((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - /** Creates a new POPOSigningKeyInput with sender name as authInfo. */ - public POPOSigningKeyInput( - GeneralName sender, - SubjectPublicKeyInfo spki) - { - this.sender = sender; - this.publicKey = spki; - } - - /** Creates a new POPOSigningKeyInput using password-based MAC. */ - public POPOSigningKeyInput( - PKMACValue pkmac, - SubjectPublicKeyInfo spki) - { - this.publicKeyMAC = pkmac; - this.publicKey = spki; - } - - /** Returns the sender field, or null if authInfo is publicKeyMAC */ - public GeneralName getSender() - { - return sender; - } - - /** Returns the publicKeyMAC field, or null if authInfo is sender */ - public PKMACValue getPublicKeyMAC() - { - return publicKeyMAC; - } - - public SubjectPublicKeyInfo getPublicKey() - { - return publicKey; - } - - /** - * 
-     * POPOSigningKeyInput ::= SEQUENCE {
-     *        authInfo             CHOICE {
-     *                                 sender              [0] GeneralName,
-     *                                 -- used only if an authenticated identity has been
-     *                                 -- established for the sender (e.g., a DN from a
-     *                                 -- previously-issued and currently-valid certificate
-     *                                 publicKeyMAC        PKMACValue },
-     *                                 -- used if no authenticated GeneralName currently exists for
-     *                                 -- the sender; publicKeyMAC contains a password-based MAC
-     *                                 -- on the DER-encoded value of publicKey
-     *        publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (sender != null) - { - v.add(new DERTaggedObject(false, 0, sender)); - } - else - { - v.add(publicKeyMAC); - } - - v.add(publicKey); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java deleted file mode 100644 index e52bc222e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/ProofOfPossession.java +++ /dev/null @@ -1,107 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class ProofOfPossession - extends ASN1Encodable - implements ASN1Choice -{ - public static final int TYPE_RA_VERIFIED = 0; - public static final int TYPE_SIGNING_KEY = 1; - public static final int TYPE_KEY_ENCIPHERMENT = 2; - public static final int TYPE_KEY_AGREEMENT = 3; - - private int tagNo; - private ASN1Encodable obj; - - private ProofOfPossession(ASN1TaggedObject tagged) - { - tagNo = tagged.getTagNo(); - switch (tagNo) - { - case 0: - obj = DERNull.INSTANCE; - break; - case 1: - obj = POPOSigningKey.getInstance(tagged, false); - break; - case 2: - case 3: - obj = POPOPrivKey.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("unknown tag: " + tagNo); - } - } - - public static ProofOfPossession getInstance(Object o) - { - if (o instanceof ProofOfPossession) - { - return (ProofOfPossession)o; - } - - if (o instanceof ASN1TaggedObject) - { - return new ProofOfPossession((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - /** Creates a ProofOfPossession with type raVerified. */ - public ProofOfPossession() - { - tagNo = TYPE_RA_VERIFIED; - obj = DERNull.INSTANCE; - } - - /** Creates a ProofOfPossession for a signing key. */ - public ProofOfPossession(POPOSigningKey poposk) - { - tagNo = TYPE_SIGNING_KEY; - obj = poposk; - } - - /** - * Creates a ProofOfPossession for key encipherment or agreement. - * @param type one of TYPE_KEY_ENCIPHERMENT or TYPE_KEY_AGREEMENT - */ - public ProofOfPossession(int type, POPOPrivKey privkey) - { - tagNo = type; - obj = privkey; - } - - public int getType() - { - return tagNo; - } - - public ASN1Encodable getObject() - { - return obj; - } - - /** - * 
-     * ProofOfPossession ::= CHOICE {
-     *                           raVerified        [0] NULL,
-     *                           -- used if the RA has already verified that the requester is in
-     *                           -- possession of the private key
-     *                           signature         [1] POPOSigningKey,
-     *                           keyEncipherment   [2] POPOPrivKey,
-     *                           keyAgreement      [3] POPOPrivKey }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - return new DERTaggedObject(false, tagNo, obj); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java deleted file mode 100644 index 90caf0e7a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SinglePubInfo.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.GeneralName; - -public class SinglePubInfo - extends ASN1Encodable -{ - private DERInteger pubMethod; - private GeneralName pubLocation; - - private SinglePubInfo(ASN1Sequence seq) - { - pubMethod = DERInteger.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - pubLocation = GeneralName.getInstance(seq.getObjectAt(1)); - } - } - - public static SinglePubInfo getInstance(Object o) - { - if (o instanceof SinglePubInfo) - { - return (SinglePubInfo)o; - } - - if (o instanceof ASN1Sequence) - { - return new SinglePubInfo((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); - } - - public GeneralName getPubLocation() - { - return pubLocation; - } - - /** - * 
-     * SinglePubInfo ::= SEQUENCE {
-     *        pubMethod    INTEGER {
-     *           dontCare    (0),
-     *           x500        (1),
-     *           web         (2),
-     *           ldap        (3) },
-     *       pubLocation  GeneralName OPTIONAL }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(pubMethod); - - if (pubLocation != null) - { - v.add(pubLocation); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java deleted file mode 100644 index 378fdf69d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/crmf/SubsequentMessage.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.asn1.crmf; - -import org.bouncycastle.asn1.DERInteger; - -public class SubsequentMessage - extends DERInteger -{ - public static final SubsequentMessage encrCert = new SubsequentMessage(0); - public static final SubsequentMessage challengeResp = new SubsequentMessage(1); - - private SubsequentMessage(int value) - { - super(value); - } - - public static SubsequentMessage valueOf(int value) - { - if (value == 0) - { - return encrCert; - } - if (value == 1) - { - return challengeResp; - } - - throw new IllegalArgumentException("unknown value: " + value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java deleted file mode 100644 index b5d6c1ff3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface CryptoProObjectIdentifiers -{ - // GOST Algorithms OBJECT IDENTIFIERS : - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)} - static final String GOST_id = "1.2.643.2.2"; - - static final DERObjectIdentifier gostR3411 = new DERObjectIdentifier(GOST_id+".9"); - - static final DERObjectIdentifier gostR28147_cbc = new DERObjectIdentifier(GOST_id+".21"); - - static final DERObjectIdentifier gostR3410_94 = new DERObjectIdentifier(GOST_id+".20"); - static final DERObjectIdentifier gostR3410_2001 = new DERObjectIdentifier(GOST_id+".19"); - static final DERObjectIdentifier gostR3411_94_with_gostR3410_94 = new DERObjectIdentifier(GOST_id+".4"); - static final DERObjectIdentifier gostR3411_94_with_gostR3410_2001 = new DERObjectIdentifier(GOST_id+".3"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) hashes(30) } - static final DERObjectIdentifier gostR3411_94_CryptoProParamSet = new DERObjectIdentifier(GOST_id+".30.1"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) signs(32) } - static final DERObjectIdentifier gostR3410_94_CryptoPro_A = new DERObjectIdentifier(GOST_id+".32.2"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_B = new DERObjectIdentifier(GOST_id+".32.3"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_C = new DERObjectIdentifier(GOST_id+".32.4"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_D = new DERObjectIdentifier(GOST_id+".32.5"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) exchanges(33) } - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchA = new DERObjectIdentifier(GOST_id+".33.1"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchB = new DERObjectIdentifier(GOST_id+".33.2"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchC = new DERObjectIdentifier(GOST_id+".33.3"); - - //{ iso(1) member-body(2)ru(643) rans(2) cryptopro(2) ecc-signs(35) } - static final DERObjectIdentifier gostR3410_2001_CryptoPro_A = new DERObjectIdentifier(GOST_id+".35.1"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_B = new DERObjectIdentifier(GOST_id+".35.2"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_C = new DERObjectIdentifier(GOST_id+".35.3"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) ecc-exchanges(36) } - static final DERObjectIdentifier gostR3410_2001_CryptoPro_XchA = new DERObjectIdentifier(GOST_id+".36.0"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_XchB = new DERObjectIdentifier(GOST_id+".36.1"); - - static final DERObjectIdentifier gost_ElSgDH3410_default = new DERObjectIdentifier(GOST_id+".36.0"); - static final DERObjectIdentifier gost_ElSgDH3410_1 = new DERObjectIdentifier(GOST_id+".36.1"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java deleted file mode 100644 index 78bc10ab7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECFieldElement; -import org.bouncycastle.math.ec.ECPoint; - -/** - * table of the available named parameters for GOST 3410-2001. - */ -public class ECGOST3410NamedCurves -{ - static final Hashtable objIds = new Hashtable(); - static final Hashtable params = new Hashtable(); - static final Hashtable names = new Hashtable(); - - static - { - BigInteger mod_p = new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639319"); - BigInteger mod_q = new BigInteger("115792089237316195423570985008687907853073762908499243225378155805079068850323"); - - ECCurve.Fp curve = new ECCurve.Fp( - mod_p, // p - new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"), // a - new BigInteger("166")); // b - - ECDomainParameters ecParams = new ECDomainParameters( - curve, - new ECPoint.Fp(curve, - new ECFieldElement.Fp(curve.getQ(),new BigInteger("1")), // x - new ECFieldElement.Fp(curve.getQ(),new BigInteger("64033881142927202683649881450433473985931760268884941288852745803908878638612"))), // y - mod_q); - - params.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_A, ecParams); - - mod_p = new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639319"); - mod_q = new BigInteger("115792089237316195423570985008687907853073762908499243225378155805079068850323"); - - curve = new ECCurve.Fp( - mod_p, // p - new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"), - new BigInteger("166")); - - ecParams = new ECDomainParameters( - curve, - new ECPoint.Fp(curve, - new ECFieldElement.Fp(curve.getQ(),new BigInteger("1")), // x - new ECFieldElement.Fp(curve.getQ(),new BigInteger("64033881142927202683649881450433473985931760268884941288852745803908878638612"))), // y - mod_q); - - params.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_XchA, ecParams); - - mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823193"); //p - mod_q = new BigInteger("57896044618658097711785492504343953927102133160255826820068844496087732066703"); //q - - curve = new ECCurve.Fp( - mod_p, // p - new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823190"), // a - new BigInteger("28091019353058090096996979000309560759124368558014865957655842872397301267595")); // b - - ecParams = new ECDomainParameters( - curve, - new ECPoint.Fp(curve, - new ECFieldElement.Fp(mod_p,new BigInteger("1")), // x - new ECFieldElement.Fp(mod_p,new BigInteger("28792665814854611296992347458380284135028636778229113005756334730996303888124"))), // y - mod_q); // q - - params.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_B, ecParams); - - mod_p = new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502619"); - mod_q = new BigInteger("70390085352083305199547718019018437840920882647164081035322601458352298396601"); - - curve = new ECCurve.Fp( - mod_p, // p - new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"), - new BigInteger("32858")); - - ecParams = new ECDomainParameters( - curve, - new ECPoint.Fp(curve, - new ECFieldElement.Fp(mod_p,new BigInteger("0")), - new ECFieldElement.Fp(mod_p,new BigInteger("29818893917731240733471273240314769927240550812383695689146495261604565990247"))), - mod_q); - - params.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_XchB, ecParams); - - mod_p = new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502619"); //p - mod_q = new BigInteger("70390085352083305199547718019018437840920882647164081035322601458352298396601"); //q - curve = new ECCurve.Fp( - mod_p, // p - new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"), // a - new BigInteger("32858")); // b - - ecParams = new ECDomainParameters( - curve, - new ECPoint.Fp(curve, - new ECFieldElement.Fp(mod_p,new BigInteger("0")), // x - new ECFieldElement.Fp(mod_p,new BigInteger("29818893917731240733471273240314769927240550812383695689146495261604565990247"))), // y - mod_q); // q - - params.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_C, ecParams); - - objIds.put("GostR3410-2001-CryptoPro-A", CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_A); - objIds.put("GostR3410-2001-CryptoPro-B", CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_B); - objIds.put("GostR3410-2001-CryptoPro-C", CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_C); - objIds.put("GostR3410-2001-CryptoPro-XchA", CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_XchA); - objIds.put("GostR3410-2001-CryptoPro-XchB", CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_XchB); - - names.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_A, "GostR3410-2001-CryptoPro-A"); - names.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_B, "GostR3410-2001-CryptoPro-B"); - names.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_C, "GostR3410-2001-CryptoPro-C"); - names.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_XchA, "GostR3410-2001-CryptoPro-XchA"); - names.put(CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_XchB, "GostR3410-2001-CryptoPro-XchB"); - } - - /** - * return the ECDomainParameters object for the given OID, null if it - * isn't present. - * - * @param oid an object identifier representing a named parameters, if present. - */ - public static ECDomainParameters getByOID( - DERObjectIdentifier oid) - { - return (ECDomainParameters)params.get(oid); - } - - /** - * returns an enumeration containing the name strings for parameters - * contained in this structure. - */ - public static Enumeration getNames() - { - return objIds.keys(); - } - - public static ECDomainParameters getByName( - String name) - { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(name); - - if (oid != null) - { - return (ECDomainParameters)params.get(oid); - } - - return null; - } - - /** - * return the named curve name represented by the given object identifier. - */ - public static String getName( - DERObjectIdentifier oid) - { - return (String)names.get(oid); - } - - public static DERObjectIdentifier getOID(String name) - { - return (DERObjectIdentifier)objIds.get(name); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java deleted file mode 100644 index bd0736d61..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class ECGOST3410ParamSetParameters - extends ASN1Encodable -{ - DERInteger p, q, a, b, x, y; - - public static ECGOST3410ParamSetParameters getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ECGOST3410ParamSetParameters getInstance( - Object obj) - { - if(obj == null || obj instanceof ECGOST3410ParamSetParameters) - { - return (ECGOST3410ParamSetParameters)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new ECGOST3410ParamSetParameters((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid GOST3410Parameter: " + obj.getClass().getName()); - } - - public ECGOST3410ParamSetParameters( - BigInteger a, - BigInteger b, - BigInteger p, - BigInteger q, - int x, - BigInteger y) - { - this.a = new DERInteger(a); - this.b = new DERInteger(b); - this.p = new DERInteger(p); - this.q = new DERInteger(q); - this.x = new DERInteger(x); - this.y = new DERInteger(y); - } - - public ECGOST3410ParamSetParameters( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - a = (DERInteger)e.nextElement(); - b = (DERInteger)e.nextElement(); - p = (DERInteger)e.nextElement(); - q = (DERInteger)e.nextElement(); - x = (DERInteger)e.nextElement(); - y = (DERInteger)e.nextElement(); - } - - public BigInteger getP() - { - return p.getPositiveValue(); - } - - public BigInteger getQ() - { - return q.getPositiveValue(); - } - - public BigInteger getA() - { - return a.getPositiveValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(a); - v.add(b); - v.add(p); - v.add(q); - v.add(x); - v.add(y); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST28147Parameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST28147Parameters.java deleted file mode 100644 index 603ad99d8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST28147Parameters.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class GOST28147Parameters - extends ASN1Encodable -{ - ASN1OctetString iv; - DERObjectIdentifier paramSet; - - public static GOST28147Parameters getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static GOST28147Parameters getInstance( - Object obj) - { - if(obj == null || obj instanceof GOST28147Parameters) - { - return (GOST28147Parameters)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new GOST28147Parameters((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid GOST3410Parameter: " + obj.getClass().getName()); - } - - public GOST28147Parameters( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - iv = (ASN1OctetString)e.nextElement(); - paramSet = (DERObjectIdentifier)e.nextElement(); - } - - /** - * 
-     * Gost28147-89-Parameters ::=
-     *               SEQUENCE {
-     *                       iv                   Gost28147-89-IV,
-     *                       encryptionParamSet   OBJECT IDENTIFIER
-     *                }
-     *
-     *   Gost28147-89-IV ::= OCTET STRING (SIZE (8))
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(iv); - v.add(paramSet); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.java deleted file mode 100644 index 8845d4175..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.java +++ /dev/null @@ -1,116 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * table of the available named parameters for GOST 3410-94. - */ -public class GOST3410NamedParameters -{ - static final Hashtable objIds = new Hashtable(); - static final Hashtable params = new Hashtable(); - static final Hashtable names = new Hashtable(); - - static private GOST3410ParamSetParameters cryptoProA = new GOST3410ParamSetParameters( - 1024, - new BigInteger("127021248288932417465907042777176443525787653508916535812817507265705031260985098497423188333483401180925999995120988934130659205614996724254121049274349357074920312769561451689224110579311248812610229678534638401693520013288995000362260684222750813532307004517341633685004541062586971416883686778842537820383"), - new BigInteger("68363196144955700784444165611827252895102170888761442055095051287550314083023"), - new BigInteger("100997906755055304772081815535925224869841082572053457874823515875577147990529272777244152852699298796483356699682842027972896052747173175480590485607134746852141928680912561502802222185647539190902656116367847270145019066794290930185446216399730872221732889830323194097355403213400972588322876850946740663962") -// validationAlgorithm { -// algorithm -// id-GostR3410-94-bBis, -// parameters -// GostR3410-94-ValidationBisParameters: { -// x0 1376285941, -// c 3996757427 -// } -// } - - ); - - static private GOST3410ParamSetParameters cryptoProB = new GOST3410ParamSetParameters( - 1024, - new BigInteger("139454871199115825601409655107690713107041707059928031797758001454375765357722984094124368522288239833039114681648076688236921220737322672160740747771700911134550432053804647694904686120113087816240740184800477047157336662926249423571248823968542221753660143391485680840520336859458494803187341288580489525163"), - new BigInteger("79885141663410976897627118935756323747307951916507639758300472692338873533959"), - new BigInteger("42941826148615804143873447737955502392672345968607143066798112994089471231420027060385216699563848719957657284814898909770759462613437669456364882730370838934791080835932647976778601915343474400961034231316672578686920482194932878633360203384797092684342247621055760235016132614780652761028509445403338652341") -// validationAlgorithm { -// algorithm -// id-GostR3410-94-bBis, -// parameters -// GostR3410-94-ValidationBisParameters: { -// x0 1536654555, -// c 1855361757, -// d 14408629386140014567655 -//4902939282056547857802241461782996702017713059974755104394739915140 -//6115284791024439062735788342744854120601660303926203867703556828005 -//8957203818114895398976594425537561271800850306 -// } -// } -//} - ); - - static private GOST3410ParamSetParameters cryptoProXchA = new GOST3410ParamSetParameters( - 1024, - new BigInteger("142011741597563481196368286022318089743276138395243738762872573441927459393512718973631166078467600360848946623567625795282774719212241929071046134208380636394084512691828894000571524625445295769349356752728956831541775441763139384457191755096847107846595662547942312293338483924514339614727760681880609734239"), - new BigInteger("91771529896554605945588149018382750217296858393520724172743325725474374979801"), - new BigInteger("133531813272720673433859519948319001217942375967847486899482359599369642528734712461590403327731821410328012529253871914788598993103310567744136196364803064721377826656898686468463277710150809401182608770201615324990468332931294920912776241137878030224355746606283971659376426832674269780880061631528163475887") - ); - - static - { - params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A, cryptoProA); - params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_B, cryptoProB); -// params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_C, cryptoProC); -// params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_D, cryptoProD); - params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_XchA, cryptoProXchA); -// params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_XchB, cryptoProXchA); -// params.put(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_XchC, cryptoProXchA); - - objIds.put("GostR3410-94-CryptoPro-A", CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A); - objIds.put("GostR3410-94-CryptoPro-B", CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_B); - objIds.put("GostR3410-94-CryptoPro-XchA", CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_XchA); - } - - /** - * return the GOST3410ParamSetParameters object for the given OID, null if it - * isn't present. - * - * @param oid an object identifier representing a named parameters, if present. - */ - public static GOST3410ParamSetParameters getByOID( - DERObjectIdentifier oid) - { - return (GOST3410ParamSetParameters)params.get(oid); - } - - /** - * returns an enumeration containing the name strings for parameters - * contained in this structure. - */ - public static Enumeration getNames() - { - return objIds.keys(); - } - - public static GOST3410ParamSetParameters getByName( - String name) - { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(name); - - if (oid != null) - { - return (GOST3410ParamSetParameters)params.get(oid); - } - - return null; - } - - public static DERObjectIdentifier getOID(String name) - { - return (DERObjectIdentifier)objIds.get(name); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.java deleted file mode 100644 index 02c753c9a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class GOST3410ParamSetParameters - extends ASN1Encodable -{ - int keySize; - DERInteger p, q, a; - - public static GOST3410ParamSetParameters getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static GOST3410ParamSetParameters getInstance( - Object obj) - { - if(obj == null || obj instanceof GOST3410ParamSetParameters) - { - return (GOST3410ParamSetParameters)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new GOST3410ParamSetParameters((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid GOST3410Parameter: " + obj.getClass().getName()); - } - - public GOST3410ParamSetParameters( - int keySize, - BigInteger p, - BigInteger q, - BigInteger a) - { - this.keySize = keySize; - this.p = new DERInteger(p); - this.q = new DERInteger(q); - this.a = new DERInteger(a); - } - - public GOST3410ParamSetParameters( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - keySize = ((DERInteger)e.nextElement()).getValue().intValue(); - p = (DERInteger)e.nextElement(); - q = (DERInteger)e.nextElement(); - a = (DERInteger)e.nextElement(); - } - - /** - * @deprecated use getKeySize - */ - public int getLKeySize() - { - return keySize; - } - - public int getKeySize() - { - return keySize; - } - - public BigInteger getP() - { - return p.getPositiveValue(); - } - - public BigInteger getQ() - { - return q.getPositiveValue(); - } - - public BigInteger getA() - { - return a.getPositiveValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(keySize)); - v.add(p); - v.add(q); - v.add(a); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.java deleted file mode 100644 index ae04e55be..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.java +++ /dev/null @@ -1,101 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class GOST3410PublicKeyAlgParameters - extends ASN1Encodable -{ - private DERObjectIdentifier publicKeyParamSet; - private DERObjectIdentifier digestParamSet; - private DERObjectIdentifier encryptionParamSet; - - public static GOST3410PublicKeyAlgParameters getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static GOST3410PublicKeyAlgParameters getInstance( - Object obj) - { - if(obj == null || obj instanceof GOST3410PublicKeyAlgParameters) - { - return (GOST3410PublicKeyAlgParameters)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new GOST3410PublicKeyAlgParameters((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid GOST3410Parameter: " + obj.getClass().getName()); - } - - public GOST3410PublicKeyAlgParameters( - DERObjectIdentifier publicKeyParamSet, - DERObjectIdentifier digestParamSet) - { - this.publicKeyParamSet = publicKeyParamSet; - this.digestParamSet = digestParamSet; - this.encryptionParamSet = null; - } - - public GOST3410PublicKeyAlgParameters( - DERObjectIdentifier publicKeyParamSet, - DERObjectIdentifier digestParamSet, - DERObjectIdentifier encryptionParamSet) - { - this.publicKeyParamSet = publicKeyParamSet; - this.digestParamSet = digestParamSet; - this.encryptionParamSet = encryptionParamSet; - } - - public GOST3410PublicKeyAlgParameters( - ASN1Sequence seq) - { - this.publicKeyParamSet = (DERObjectIdentifier)seq.getObjectAt(0); - this.digestParamSet = (DERObjectIdentifier)seq.getObjectAt(1); - - if (seq.size() > 2) - { - this.encryptionParamSet = (DERObjectIdentifier)seq.getObjectAt(2); - } - } - - public DERObjectIdentifier getPublicKeyParamSet() - { - return publicKeyParamSet; - } - - public DERObjectIdentifier getDigestParamSet() - { - return digestParamSet; - } - - public DERObjectIdentifier getEncryptionParamSet() - { - return encryptionParamSet; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(publicKeyParamSet); - v.add(digestParamSet); - - if (encryptionParamSet != null) - { - v.add(encryptionParamSet); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/package.html deleted file mode 100644 index 2b0af9e08..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/cryptopro/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes for CRYPTO-PRO related objects - such as GOST identifiers. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java deleted file mode 100644 index 222043173..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.asn1.eac; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface EACObjectIdentifiers -{ - // bsi-de OBJECT IDENTIFIER ::= { - // itu-t(0) identified-organization(4) etsi(0) - // reserved(127) etsi-identified-organization(0) 7 - // } - static final DERObjectIdentifier bsi_de = new DERObjectIdentifier("0.4.0.127.0.7"); - - // id-PK OBJECT IDENTIFIER ::= { - // bsi-de protocols(2) smartcard(2) 1 - // } - static final DERObjectIdentifier id_PK = new DERObjectIdentifier(bsi_de + ".2.2.1"); - - static final DERObjectIdentifier id_PK_DH = new DERObjectIdentifier(id_PK + ".1"); - static final DERObjectIdentifier id_PK_ECDH = new DERObjectIdentifier(id_PK + ".2"); - - // id-CA OBJECT IDENTIFIER ::= { - // bsi-de protocols(2) smartcard(2) 3 - // } - static final DERObjectIdentifier id_CA = new DERObjectIdentifier(bsi_de + ".2.2.3"); - static final DERObjectIdentifier id_CA_DH = new DERObjectIdentifier(id_CA + ".1"); - static final DERObjectIdentifier id_CA_DH_3DES_CBC_CBC = new DERObjectIdentifier(id_CA_DH + ".1"); - static final DERObjectIdentifier id_CA_ECDH = new DERObjectIdentifier(id_CA + ".2"); - static final DERObjectIdentifier id_CA_ECDH_3DES_CBC_CBC = new DERObjectIdentifier(id_CA_ECDH + ".1"); - - // - // id-TA OBJECT IDENTIFIER ::= { - // bsi-de protocols(2) smartcard(2) 2 - // } - static final DERObjectIdentifier id_TA = new DERObjectIdentifier(bsi_de + ".2.2.2"); - - static final DERObjectIdentifier id_TA_RSA = new DERObjectIdentifier(id_TA + ".1"); - static final DERObjectIdentifier id_TA_RSA_v1_5_SHA_1 = new DERObjectIdentifier(id_TA_RSA + ".1"); - static final DERObjectIdentifier id_TA_RSA_v1_5_SHA_256 = new DERObjectIdentifier(id_TA_RSA + ".2"); - static final DERObjectIdentifier id_TA_RSA_PSS_SHA_1 = new DERObjectIdentifier(id_TA_RSA + ".3"); - static final DERObjectIdentifier id_TA_RSA_PSS_SHA_256 = new DERObjectIdentifier(id_TA_RSA + ".4"); - static final DERObjectIdentifier id_TA_ECDSA = new DERObjectIdentifier(id_TA + ".2"); - static final DERObjectIdentifier id_TA_ECDSA_SHA_1 = new DERObjectIdentifier(id_TA_ECDSA + ".1"); - static final DERObjectIdentifier id_TA_ECDSA_SHA_224 = new DERObjectIdentifier(id_TA_ECDSA + ".2"); - static final DERObjectIdentifier id_TA_ECDSA_SHA_256 = new DERObjectIdentifier(id_TA_ECDSA + ".3"); - - static final DERObjectIdentifier id_TA_ECDSA_SHA_384 = new DERObjectIdentifier(id_TA_ECDSA + ".4"); - static final DERObjectIdentifier id_TA_ECDSA_SHA_512 = new DERObjectIdentifier(id_TA_ECDSA + ".5"); - - /** - * id-EAC-ePassport OBJECT IDENTIFIER ::= { - * bsi-de applications(3) mrtd(1) roles(2) 1} - */ - static final DERObjectIdentifier id_EAC_ePassport = new DERObjectIdentifier(bsi_de + ".3.1.2.1"); - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java deleted file mode 100644 index b80883836..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CommitmentTypeIdentifier -{ - public static final DERObjectIdentifier proofOfOrigin = PKCSObjectIdentifiers.id_cti_ets_proofOfOrigin; - public static final DERObjectIdentifier proofOfReceipt = PKCSObjectIdentifiers.id_cti_ets_proofOfReceipt; - public static final DERObjectIdentifier proofOfDelivery = PKCSObjectIdentifiers.id_cti_ets_proofOfDelivery; - public static final DERObjectIdentifier proofOfSender = PKCSObjectIdentifiers.id_cti_ets_proofOfSender; - public static final DERObjectIdentifier proofOfApproval = PKCSObjectIdentifiers.id_cti_ets_proofOfApproval; - public static final DERObjectIdentifier proofOfCreation = PKCSObjectIdentifiers.id_cti_ets_proofOfCreation; -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java deleted file mode 100644 index e8948aa8c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class CommitmentTypeIndication - extends ASN1Encodable -{ - private DERObjectIdentifier commitmentTypeId; - private ASN1Sequence commitmentTypeQualifier; - - public CommitmentTypeIndication( - ASN1Sequence seq) - { - commitmentTypeId = (DERObjectIdentifier)seq.getObjectAt(0); - - if (seq.size() > 1) - { - commitmentTypeQualifier = (ASN1Sequence)seq.getObjectAt(1); - } - } - - public CommitmentTypeIndication( - DERObjectIdentifier commitmentTypeId) - { - this.commitmentTypeId = commitmentTypeId; - } - - public CommitmentTypeIndication( - DERObjectIdentifier commitmentTypeId, - ASN1Sequence commitmentTypeQualifier) - { - this.commitmentTypeId = commitmentTypeId; - this.commitmentTypeQualifier = commitmentTypeQualifier; - } - - public static CommitmentTypeIndication getInstance( - Object obj) - { - if (obj == null || obj instanceof CommitmentTypeIndication) - { - return (CommitmentTypeIndication)obj; - } - - return new CommitmentTypeIndication(ASN1Sequence.getInstance(obj)); - } - - public DERObjectIdentifier getCommitmentTypeId() - { - return commitmentTypeId; - } - - public ASN1Sequence getCommitmentTypeQualifier() - { - return commitmentTypeQualifier; - } - - /** - * 
-     * CommitmentTypeIndication ::= SEQUENCE {
-     *      commitmentTypeId   CommitmentTypeIdentifier,
-     *      commitmentTypeQualifier   SEQUENCE SIZE (1..MAX) OF
-     *              CommitmentTypeQualifier OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(commitmentTypeId); - - if (commitmentTypeQualifier != null) - { - v.add(commitmentTypeQualifier); - } - - return new DERSequence(v); - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java deleted file mode 100644 index 7895e766d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126). - * - * 
- *   CommitmentTypeQualifier ::= SEQUENCE {
- *       commitmentTypeIdentifier  CommitmentTypeIdentifier,
- *       qualifier          ANY DEFINED BY commitmentTypeIdentifier OPTIONAL }
- *
- */ -public class CommitmentTypeQualifier - extends ASN1Encodable -{ - private DERObjectIdentifier commitmentTypeIdentifier; - private DEREncodable qualifier; - - /** - * Creates a new CommitmentTypeQualifier instance. - * - * @param commitmentTypeIdentifier a CommitmentTypeIdentifier value - */ - public CommitmentTypeQualifier( - DERObjectIdentifier commitmentTypeIdentifier) - { - this(commitmentTypeIdentifier, null); - } - - /** - * Creates a new CommitmentTypeQualifier instance. - * - * @param commitmentTypeIdentifier a CommitmentTypeIdentifier value - * @param qualifier the qualifier, defined by the above field. - */ - public CommitmentTypeQualifier( - DERObjectIdentifier commitmentTypeIdentifier, - DEREncodable qualifier) - { - this.commitmentTypeIdentifier = commitmentTypeIdentifier; - this.qualifier = qualifier; - } - - /** - * Creates a new CommitmentTypeQualifier instance. - * - * @param as CommitmentTypeQualifier structure - * encoded as an ASN1Sequence. - */ - public CommitmentTypeQualifier( - ASN1Sequence as) - { - commitmentTypeIdentifier = (DERObjectIdentifier)as.getObjectAt(0); - - if (as.size() > 1) - { - qualifier = as.getObjectAt(1); - } - } - - public static CommitmentTypeQualifier getInstance(Object as) - { - if (as instanceof CommitmentTypeQualifier || as == null) - { - return (CommitmentTypeQualifier)as; - } - else if (as instanceof ASN1Sequence) - { - return new CommitmentTypeQualifier((ASN1Sequence)as); - } - - throw new IllegalArgumentException("unknown object in getInstance."); - } - - public DERObjectIdentifier getCommitmentTypeIdentifier() - { - return commitmentTypeIdentifier; - } - - public DEREncodable getQualifier() - { - return qualifier; - } - - /** - * Returns a DER-encodable representation of this instance. - * - * @return a DERObject value - */ - public DERObject toASN1Object() - { - ASN1EncodableVector dev = new ASN1EncodableVector(); - dev.add(commitmentTypeIdentifier); - if (qualifier != null) - { - dev.add(qualifier); - } - - return new DERSequence(dev); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CompleteRevocationRefs.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CompleteRevocationRefs.java deleted file mode 100644 index 42f3cea36..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CompleteRevocationRefs.java +++ /dev/null @@ -1,65 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
- *
- */ -public class CompleteRevocationRefs - extends ASN1Encodable -{ - - private ASN1Sequence crlOcspRefs; - - public static CompleteRevocationRefs getInstance(Object obj) - { - if (obj instanceof CompleteRevocationRefs) - { - return (CompleteRevocationRefs)obj; - } - else if (obj != null) - { - return new CompleteRevocationRefs(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private CompleteRevocationRefs(ASN1Sequence seq) - { - Enumeration seqEnum = seq.getObjects(); - while (seqEnum.hasMoreElements()) - { - CrlOcspRef.getInstance(seqEnum.nextElement()); - } - this.crlOcspRefs = seq; - } - - public CompleteRevocationRefs(CrlOcspRef[] crlOcspRefs) - { - this.crlOcspRefs = new DERSequence(crlOcspRefs); - } - - public CrlOcspRef[] getCrlOcspRefs() - { - CrlOcspRef[] result = new CrlOcspRef[this.crlOcspRefs.size()]; - for (int idx = 0; idx < result.length; idx++) - { - result[idx] = CrlOcspRef.getInstance(this.crlOcspRefs - .getObjectAt(idx)); - } - return result; - } - - public DERObject toASN1Object() - { - return this.crlOcspRefs; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlIdentifier.java deleted file mode 100644 index c8a6f6595..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlIdentifier.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.x500.X500Name; - -/** - * 
- *  CrlIdentifier ::= SEQUENCE 
- * {
- *   crlissuer    Name,
- *   crlIssuedTime  UTCTime,
- *   crlNumber    INTEGER OPTIONAL
- * }
- *
- */ -public class CrlIdentifier - extends ASN1Encodable -{ - private X500Name crlIssuer; - private DERUTCTime crlIssuedTime; - private DERInteger crlNumber; - - public static CrlIdentifier getInstance(Object obj) - { - if (obj instanceof CrlIdentifier) - { - return (CrlIdentifier)obj; - } - else if (obj != null) - { - return new CrlIdentifier(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private CrlIdentifier(ASN1Sequence seq) - { - if (seq.size() < 2 || seq.size() > 3) - { - throw new IllegalArgumentException(); - } - this.crlIssuer = X500Name.getInstance(seq.getObjectAt(0)); - this.crlIssuedTime = DERUTCTime.getInstance(seq.getObjectAt(1)); - if (seq.size() > 2) - { - this.crlNumber = DERInteger.getInstance(seq.getObjectAt(2)); - } - } - - public CrlIdentifier(X500Name crlIssuer, DERUTCTime crlIssuedTime) - { - this(crlIssuer, crlIssuedTime, null); - } - - public CrlIdentifier(X500Name crlIssuer, DERUTCTime crlIssuedTime, - BigInteger crlNumber) - { - this.crlIssuer = crlIssuer; - this.crlIssuedTime = crlIssuedTime; - if (null != crlNumber) - { - this.crlNumber = new DERInteger(crlNumber); - } - } - - public X500Name getCrlIssuer() - { - return this.crlIssuer; - } - - public DERUTCTime getCrlIssuedTime() - { - return this.crlIssuedTime; - } - - public BigInteger getCrlNumber() - { - if (null == this.crlNumber) - { - return null; - } - return this.crlNumber.getValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(this.crlIssuer.toASN1Object()); - v.add(this.crlIssuedTime); - if (null != this.crlNumber) - { - v.add(this.crlNumber); - } - return new DERSequence(v); - } - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlListID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlListID.java deleted file mode 100644 index deeafdcb0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlListID.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * CRLListID ::= SEQUENCE {
- *     crls SEQUENCE OF CrlValidatedID }
- *
- */ -public class CrlListID - extends ASN1Encodable -{ - - private ASN1Sequence crls; - - public static CrlListID getInstance(Object obj) - { - if (obj instanceof CrlListID) - { - return (CrlListID)obj; - } - else if (obj != null) - { - return new CrlListID(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private CrlListID(ASN1Sequence seq) - { - this.crls = (ASN1Sequence)seq.getObjectAt(0); - Enumeration e = this.crls.getObjects(); - while (e.hasMoreElements()) - { - CrlValidatedID.getInstance(e.nextElement()); - } - } - - public CrlListID(CrlValidatedID[] crls) - { - this.crls = new DERSequence(crls); - } - - public CrlValidatedID[] getCrls() - { - CrlValidatedID[] result = new CrlValidatedID[this.crls.size()]; - for (int idx = 0; idx < result.length; idx++) - { - result[idx] = CrlValidatedID - .getInstance(this.crls.getObjectAt(idx)); - } - return result; - } - - public DERObject toASN1Object() - { - return new DERSequence(this.crls); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlOcspRef.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlOcspRef.java deleted file mode 100644 index 530860ac1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlOcspRef.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * 
- * CrlOcspRef ::= SEQUENCE {
- *     crlids [0] CRLListID OPTIONAL,
- *     ocspids [1] OcspListID OPTIONAL,
- *     otherRev [2] OtherRevRefs OPTIONAL
- * }
- *
- */ -public class CrlOcspRef - extends ASN1Encodable -{ - - private CrlListID crlids; - private OcspListID ocspids; - private OtherRevRefs otherRev; - - public static CrlOcspRef getInstance(Object obj) - { - if (obj instanceof CrlOcspRef) - { - return (CrlOcspRef)obj; - } - else if (obj != null) - { - return new CrlOcspRef(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private CrlOcspRef(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - DERTaggedObject o = (DERTaggedObject)e.nextElement(); - switch (o.getTagNo()) - { - case 0: - this.crlids = CrlListID.getInstance(o.getObject()); - break; - case 1: - this.ocspids = OcspListID.getInstance(o.getObject()); - break; - case 2: - this.otherRev = OtherRevRefs.getInstance(o.getObject()); - break; - default: - throw new IllegalArgumentException("illegal tag"); - } - } - } - - public CrlOcspRef(CrlListID crlids, OcspListID ocspids, - OtherRevRefs otherRev) - { - this.crlids = crlids; - this.ocspids = ocspids; - this.otherRev = otherRev; - } - - public CrlListID getCrlids() - { - return this.crlids; - } - - public OcspListID getOcspids() - { - return this.ocspids; - } - - public OtherRevRefs getOtherRev() - { - return this.otherRev; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - if (null != this.crlids) - { - v.add(new DERTaggedObject(true, 0, this.crlids.toASN1Object())); - } - if (null != this.ocspids) - { - v.add(new DERTaggedObject(true, 1, this.ocspids.toASN1Object())); - } - if (null != this.otherRev) - { - v.add(new DERTaggedObject(true, 2, this.otherRev.toASN1Object())); - } - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlValidatedID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlValidatedID.java deleted file mode 100644 index 6bd557805..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/CrlValidatedID.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * CrlValidatedID ::= SEQUENCE {
- *   crlHash OtherHash,
- *   crlIdentifier CrlIdentifier OPTIONAL }
- *
- */ -public class CrlValidatedID - extends ASN1Encodable -{ - - private OtherHash crlHash; - private CrlIdentifier crlIdentifier; - - public static CrlValidatedID getInstance(Object obj) - { - if (obj instanceof CrlValidatedID) - { - return (CrlValidatedID)obj; - } - else if (obj != null) - { - return new CrlValidatedID(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private CrlValidatedID(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.crlHash = OtherHash.getInstance(seq.getObjectAt(0)); - if (seq.size() > 1) - { - this.crlIdentifier = CrlIdentifier.getInstance(seq.getObjectAt(1)); - } - } - - public CrlValidatedID(OtherHash crlHash) - { - this(crlHash, null); - } - - public CrlValidatedID(OtherHash crlHash, CrlIdentifier crlIdentifier) - { - this.crlHash = crlHash; - this.crlIdentifier = crlIdentifier; - } - - public OtherHash getCrlHash() - { - return this.crlHash; - } - - public CrlIdentifier getCrlIdentifier() - { - return this.crlIdentifier; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(this.crlHash.toASN1Object()); - if (null != this.crlIdentifier) - { - v.add(this.crlIdentifier.toASN1Object()); - } - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java deleted file mode 100644 index ebdc5eadc..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface ESFAttributes -{ - public static final ASN1ObjectIdentifier sigPolicyId = PKCSObjectIdentifiers.id_aa_ets_sigPolicyId; - public static final ASN1ObjectIdentifier commitmentType = PKCSObjectIdentifiers.id_aa_ets_commitmentType; - public static final ASN1ObjectIdentifier signerLocation = PKCSObjectIdentifiers.id_aa_ets_signerLocation; - public static final ASN1ObjectIdentifier signerAttr = PKCSObjectIdentifiers.id_aa_ets_signerAttr; - public static final ASN1ObjectIdentifier otherSigCert = PKCSObjectIdentifiers.id_aa_ets_otherSigCert; - public static final ASN1ObjectIdentifier contentTimestamp = PKCSObjectIdentifiers.id_aa_ets_contentTimestamp; - public static final ASN1ObjectIdentifier certificateRefs = PKCSObjectIdentifiers.id_aa_ets_certificateRefs; - public static final ASN1ObjectIdentifier revocationRefs = PKCSObjectIdentifiers.id_aa_ets_revocationRefs; - public static final ASN1ObjectIdentifier certValues = PKCSObjectIdentifiers.id_aa_ets_certValues; - public static final ASN1ObjectIdentifier revocationValues = PKCSObjectIdentifiers.id_aa_ets_revocationValues; - public static final ASN1ObjectIdentifier escTimeStamp = PKCSObjectIdentifiers.id_aa_ets_escTimeStamp; - public static final ASN1ObjectIdentifier certCRLTimestamp = PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp; - public static final ASN1ObjectIdentifier archiveTimestamp = PKCSObjectIdentifiers.id_aa_ets_archiveTimestamp; - public static final ASN1ObjectIdentifier archiveTimestampV2 = PKCSObjectIdentifiers.id_aa.branch("48"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspIdentifier.java deleted file mode 100644 index 27af42fc1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspIdentifier.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ocsp.ResponderID; - -/** - * 
- * OcspIdentifier ::= SEQUENCE {
- *     ocspResponderID ResponderID, -- As in OCSP response data
- *     producedAt GeneralizedTime -- As in OCSP response data
- * }
- *
- */ -public class OcspIdentifier - extends ASN1Encodable -{ - private ResponderID ocspResponderID; - private DERGeneralizedTime producedAt; - - public static OcspIdentifier getInstance(Object obj) - { - if (obj instanceof OcspIdentifier) - { - return (OcspIdentifier)obj; - } - else if (obj != null) - { - return new OcspIdentifier(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private OcspIdentifier(ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.ocspResponderID = ResponderID.getInstance(seq.getObjectAt(0)); - this.producedAt = (DERGeneralizedTime)seq.getObjectAt(1); - } - - public OcspIdentifier(ResponderID ocspResponderID, DERGeneralizedTime producedAt) - { - this.ocspResponderID = ocspResponderID; - this.producedAt = producedAt; - } - - public ResponderID getOcspResponderID() - { - return this.ocspResponderID; - } - - public DERGeneralizedTime getProducedAt() - { - return this.producedAt; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(this.ocspResponderID); - v.add(this.producedAt); - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspListID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspListID.java deleted file mode 100644 index 77cc589ef..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspListID.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * OcspListID ::=  SEQUENCE {
- *    ocspResponses  SEQUENCE OF OcspResponsesID
- * }
- *
- */ -public class OcspListID - extends ASN1Encodable -{ - private ASN1Sequence ocspResponses; - - public static OcspListID getInstance(Object obj) - { - if (obj instanceof OcspListID) - { - return (OcspListID)obj; - } - else if (obj != null) - { - return new OcspListID(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private OcspListID(ASN1Sequence seq) - { - if (seq.size() != 1) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.ocspResponses = (ASN1Sequence)seq.getObjectAt(0); - Enumeration e = this.ocspResponses.getObjects(); - while (e.hasMoreElements()) - { - OcspResponsesID.getInstance(e.nextElement()); - } - } - - public OcspListID(OcspResponsesID[] ocspResponses) - { - this.ocspResponses = new DERSequence(ocspResponses); - } - - public OcspResponsesID[] getOcspResponses() - { - OcspResponsesID[] result = new OcspResponsesID[this.ocspResponses - .size()]; - for (int idx = 0; idx < result.length; idx++) - { - result[idx] = OcspResponsesID.getInstance(this.ocspResponses - .getObjectAt(idx)); - } - return result; - } - - public DERObject toASN1Object() - { - return new DERSequence(this.ocspResponses); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspResponsesID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspResponsesID.java deleted file mode 100644 index 32673f9f0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OcspResponsesID.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * OcspResponsesID ::= SEQUENCE {
- *    ocspIdentifier OcspIdentifier,
- *    ocspRepHash OtherHash OPTIONAL
- * }
- *
- */ -public class OcspResponsesID - extends ASN1Encodable -{ - - private OcspIdentifier ocspIdentifier; - private OtherHash ocspRepHash; - - public static OcspResponsesID getInstance(Object obj) - { - if (obj instanceof OcspResponsesID) - { - return (OcspResponsesID)obj; - } - else if (obj != null) - { - return new OcspResponsesID(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private OcspResponsesID(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.ocspIdentifier = OcspIdentifier.getInstance(seq.getObjectAt(0)); - if (seq.size() > 1) - { - this.ocspRepHash = OtherHash.getInstance(seq.getObjectAt(1)); - } - } - - public OcspResponsesID(OcspIdentifier ocspIdentifier) - { - this(ocspIdentifier, null); - } - - public OcspResponsesID(OcspIdentifier ocspIdentifier, OtherHash ocspRepHash) - { - this.ocspIdentifier = ocspIdentifier; - this.ocspRepHash = ocspRepHash; - } - - public OcspIdentifier getOcspIdentifier() - { - return this.ocspIdentifier; - } - - public OtherHash getOcspRepHash() - { - return this.ocspRepHash; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(this.ocspIdentifier); - if (null != this.ocspRepHash) - { - v.add(this.ocspRepHash); - } - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHash.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHash.java deleted file mode 100644 index a4f2b8251..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHash.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * 
- * OtherHash ::= CHOICE {
- *    sha1Hash  OtherHashValue, -- This contains a SHA-1 hash
- *   otherHash  OtherHashAlgAndValue
- *  }
- *
- */ -public class OtherHash - extends ASN1Encodable - implements ASN1Choice -{ - - private ASN1OctetString sha1Hash; - private OtherHashAlgAndValue otherHash; - - public static OtherHash getInstance(Object obj) - { - if (obj instanceof OtherHash) - { - return (OtherHash)obj; - } - if (obj instanceof ASN1OctetString) - { - return new OtherHash((ASN1OctetString)obj); - } - return new OtherHash(OtherHashAlgAndValue.getInstance(obj)); - } - - private OtherHash(ASN1OctetString sha1Hash) - { - this.sha1Hash = sha1Hash; - } - - public OtherHash(OtherHashAlgAndValue otherHash) - { - this.otherHash = otherHash; - } - - public OtherHash(byte[] sha1Hash) - { - this.sha1Hash = new DEROctetString(sha1Hash); - } - - public AlgorithmIdentifier getHashAlgorithm() - { - if (null == this.otherHash) - { - return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1); - } - return this.otherHash.getHashAlgorithm(); - } - - public byte[] getHashValue() - { - if (null == this.otherHash) - { - return this.sha1Hash.getOctets(); - } - return this.otherHash.getHashValue().getOctets(); - } - - public DERObject toASN1Object() - { - if (null == this.otherHash) - { - return this.sha1Hash; - } - return this.otherHash.toASN1Object(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHashAlgAndValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHashAlgAndValue.java deleted file mode 100644 index 68c647131..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherHashAlgAndValue.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class OtherHashAlgAndValue - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlgorithm; - private ASN1OctetString hashValue; - - - public static OtherHashAlgAndValue getInstance( - Object obj) - { - if (obj instanceof OtherHashAlgAndValue) - { - return (OtherHashAlgAndValue) obj; - } - else if (obj != null) - { - return new OtherHashAlgAndValue(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private OtherHashAlgAndValue( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - hashValue = ASN1OctetString.getInstance(seq.getObjectAt(1)); - } - - public OtherHashAlgAndValue( - AlgorithmIdentifier hashAlgorithm, - ASN1OctetString hashValue) - { - this.hashAlgorithm = hashAlgorithm; - this.hashValue = hashValue; - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public ASN1OctetString getHashValue() - { - return hashValue; - } - - /** - * 
-     * OtherHashAlgAndValue ::= SEQUENCE {
-     *     hashAlgorithm AlgorithmIdentifier,
-     *     hashValue OtherHashValue }
-     *
-     * OtherHashValue ::= OCTET STRING
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(hashAlgorithm); - v.add(hashValue); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevRefs.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevRefs.java deleted file mode 100644 index 493738045..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevRefs.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * OtherRevRefs ::= SEQUENCE {
- *   otherRevRefType OtherRevRefType,
- *   otherRevRefs ANY DEFINED BY otherRevRefType
- * }
- *
- * OtherRevRefType ::= OBJECT IDENTIFIER
- *
- */ -public class OtherRevRefs - extends ASN1Encodable -{ - - private ASN1ObjectIdentifier otherRevRefType; - private ASN1Object otherRevRefs; - - public static OtherRevRefs getInstance(Object obj) - { - if (obj instanceof OtherRevRefs) - { - return (OtherRevRefs)obj; - } - else if (obj != null) - { - return new OtherRevRefs(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private OtherRevRefs(ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.otherRevRefType = new ASN1ObjectIdentifier(((DERObjectIdentifier)seq.getObjectAt(0)).getId()); - try - { - this.otherRevRefs = ASN1Object.fromByteArray(seq.getObjectAt(1) - .getDERObject().getDEREncoded()); - } - catch (IOException e) - { - throw new IllegalStateException(); - } - } - - public ASN1ObjectIdentifier getOtherRevRefType() - { - return this.otherRevRefType; - } - - public ASN1Object getOtherRevRefs() - { - return this.otherRevRefs; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(this.otherRevRefType); - v.add(this.otherRevRefs); - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevVals.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevVals.java deleted file mode 100644 index d56997362..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/OtherRevVals.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * 
- * OtherRevVals ::= SEQUENCE {
- *    otherRevValType OtherRevValType,
- *    otherRevVals ANY DEFINED BY OtherRevValType
- * }
- * 
- * OtherRevValType ::= OBJECT IDENTIFIER
- *
- */ -public class OtherRevVals extends ASN1Encodable { - - private DERObjectIdentifier otherRevValType; - - private ASN1Object otherRevVals; - - public static OtherRevVals getInstance(Object obj) { - if (null == obj || obj instanceof OtherRevVals) { - return (OtherRevVals) obj; - } - return new OtherRevVals((ASN1Sequence) obj); - } - - public OtherRevVals(ASN1Sequence seq) { - if (seq.size() != 2) { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.otherRevValType = (DERObjectIdentifier) seq.getObjectAt(0); - try { - this.otherRevVals = ASN1Object.fromByteArray(seq.getObjectAt(1) - .getDERObject().getDEREncoded()); - } catch (IOException e) { - throw new IllegalStateException(); - } - } - - public OtherRevVals(DERObjectIdentifier otherRevValType, - ASN1Object otherRevVals) { - this.otherRevValType = otherRevValType; - this.otherRevVals = otherRevVals; - } - - public DERObjectIdentifier getOtherRevValType() { - return this.otherRevValType; - } - - public ASN1Object getOtherRevVals() { - return this.otherRevVals; - } - - public DERObject toASN1Object() { - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(this.otherRevValType); - v.add(this.otherRevVals); - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/RevocationValues.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/RevocationValues.java deleted file mode 100644 index fe2091f48..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/RevocationValues.java +++ /dev/null @@ -1,151 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.x509.CertificateList; - -/** - * 
- * RevocationValues ::= SEQUENCE {
- *    crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
- *    ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
- *    otherRevVals [2] OtherRevVals OPTIONAL}
- *
- */ -public class RevocationValues - extends ASN1Encodable -{ - - private ASN1Sequence crlVals; - private ASN1Sequence ocspVals; - private OtherRevVals otherRevVals; - - public static RevocationValues getInstance(Object obj) - { - if (null == obj || obj instanceof RevocationValues) - { - return (RevocationValues)obj; - } - else if (obj != null) - { - return new RevocationValues(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("null value in getInstance"); - } - - private RevocationValues(ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - DERTaggedObject o = (DERTaggedObject)e.nextElement(); - switch (o.getTagNo()) - { - case 0: - ASN1Sequence crlValsSeq = (ASN1Sequence)o.getObject(); - Enumeration crlValsEnum = crlValsSeq.getObjects(); - while (crlValsEnum.hasMoreElements()) - { - CertificateList.getInstance(crlValsEnum.nextElement()); - } - this.crlVals = crlValsSeq; - break; - case 1: - ASN1Sequence ocspValsSeq = (ASN1Sequence)o.getObject(); - Enumeration ocspValsEnum = ocspValsSeq.getObjects(); - while (ocspValsEnum.hasMoreElements()) - { - BasicOCSPResponse.getInstance(ocspValsEnum.nextElement()); - } - this.ocspVals = ocspValsSeq; - break; - case 2: - this.otherRevVals = OtherRevVals.getInstance(o.getObject()); - break; - default: - throw new IllegalArgumentException("invalid tag: " - + o.getTagNo()); - } - } - } - - public RevocationValues(CertificateList[] crlVals, - BasicOCSPResponse[] ocspVals, OtherRevVals otherRevVals) - { - if (null != crlVals) - { - this.crlVals = new DERSequence(crlVals); - } - if (null != ocspVals) - { - this.ocspVals = new DERSequence(ocspVals); - } - this.otherRevVals = otherRevVals; - } - - public CertificateList[] getCrlVals() - { - if (null == this.crlVals) - { - return new CertificateList[0]; - } - CertificateList[] result = new CertificateList[this.crlVals.size()]; - for (int idx = 0; idx < result.length; idx++) - { - result[idx] = CertificateList.getInstance(this.crlVals - .getObjectAt(idx)); - } - return result; - } - - public BasicOCSPResponse[] getOcspVals() - { - if (null == this.ocspVals) - { - return new BasicOCSPResponse[0]; - } - BasicOCSPResponse[] result = new BasicOCSPResponse[this.ocspVals.size()]; - for (int idx = 0; idx < result.length; idx++) - { - result[idx] = BasicOCSPResponse.getInstance(this.ocspVals - .getObjectAt(idx)); - } - return result; - } - - public OtherRevVals getOtherRevVals() - { - return this.otherRevVals; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - if (null != this.crlVals) - { - v.add(new DERTaggedObject(true, 0, this.crlVals)); - } - if (null != this.ocspVals) - { - v.add(new DERTaggedObject(true, 1, this.ocspVals)); - } - if (null != this.otherRevVals) - { - v.add(new DERTaggedObject(true, 2, this.otherRevVals.toASN1Object())); - } - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPUserNotice.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPUserNotice.java deleted file mode 100644 index 9021457c2..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPUserNotice.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.x509.NoticeReference; -import org.bouncycastle.asn1.x509.DisplayText; -import org.bouncycastle.asn1.*; - -import java.util.Enumeration; - -public class SPUserNotice -{ - private NoticeReference noticeRef; - private DisplayText explicitText; - - public static SPUserNotice getInstance( - Object obj) - { - if (obj == null || obj instanceof SPUserNotice) - { - return (SPUserNotice) obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SPUserNotice((ASN1Sequence) obj); - } - - throw new IllegalArgumentException( - "unknown object in 'SPUserNotice' factory : " - + obj.getClass().getName() + "."); - } - - public SPUserNotice( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - DEREncodable object = (DEREncodable) e.nextElement(); - if (object instanceof NoticeReference) - { - noticeRef = NoticeReference.getInstance(object); - } - else if (object instanceof DisplayText) - { - explicitText = DisplayText.getInstance(object); - } - else - { - throw new IllegalArgumentException("Invalid element in 'SPUserNotice'."); - } - } - } - - public SPUserNotice( - NoticeReference noticeRef, - DisplayText explicitText) - { - this.noticeRef = noticeRef; - this.explicitText = explicitText; - } - - public NoticeReference getNoticeRef() - { - return noticeRef; - } - - public DisplayText getExplicitText() - { - return explicitText; - } - - /** - * 
-     * SPUserNotice ::= SEQUENCE {
-     *     noticeRef NoticeReference OPTIONAL,
-     *     explicitText DisplayText OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (noticeRef != null) - { - v.add(noticeRef); - } - - if (explicitText != null) - { - v.add(explicitText); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPuri.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPuri.java deleted file mode 100644 index 82d646057..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SPuri.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; - -public class SPuri -{ - private DERIA5String uri; - - public static SPuri getInstance( - Object obj) - { - if (obj instanceof SPuri) - { - return (SPuri) obj; - } - else if (obj instanceof DERIA5String) - { - return new SPuri((DERIA5String) obj); - } - - throw new IllegalArgumentException( - "unknown object in 'SPuri' factory: " - + obj.getClass().getName() + "."); - } - - public SPuri( - DERIA5String uri) - { - this.uri = uri; - } - - public DERIA5String getUri() - { - return uri; - } - - /** - * 
-     * SPuri ::= IA5String
-     *
- */ - public DERObject toASN1Object() - { - return uri.getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifierInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifierInfo.java deleted file mode 100644 index e598caa16..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifierInfo.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class SigPolicyQualifierInfo - extends ASN1Encodable -{ - private DERObjectIdentifier sigPolicyQualifierId; - private DEREncodable sigQualifier; - - public SigPolicyQualifierInfo( - DERObjectIdentifier sigPolicyQualifierId, - DEREncodable sigQualifier) - { - this.sigPolicyQualifierId = sigPolicyQualifierId; - this.sigQualifier = sigQualifier; - } - - public SigPolicyQualifierInfo( - ASN1Sequence seq) - { - sigPolicyQualifierId = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - sigQualifier = seq.getObjectAt(1); - } - - public static SigPolicyQualifierInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof SigPolicyQualifierInfo) - { - return (SigPolicyQualifierInfo) obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SigPolicyQualifierInfo((ASN1Sequence) obj); - } - - throw new IllegalArgumentException( - "unknown object in 'SigPolicyQualifierInfo' factory: " - + obj.getClass().getName() + "."); - } - - public ASN1ObjectIdentifier getSigPolicyQualifierId() - { - return new ASN1ObjectIdentifier(sigPolicyQualifierId.getId()); - } - - public DEREncodable getSigQualifier() - { - return sigQualifier; - } - - /** - * 
-     * SigPolicyQualifierInfo ::= SEQUENCE {
-     *    sigPolicyQualifierId SigPolicyQualifierId,
-     *    sigQualifier ANY DEFINED BY sigPolicyQualifierId }
-     *
-     * SigPolicyQualifierId ::= OBJECT IDENTIFIER
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(sigPolicyQualifierId); - v.add(sigQualifier); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifiers.java deleted file mode 100644 index 1f156024f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SigPolicyQualifiers.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.*; - -public class SigPolicyQualifiers - extends ASN1Encodable -{ - ASN1Sequence qualifiers; - - public static SigPolicyQualifiers getInstance( - Object obj) - { - if (obj instanceof SigPolicyQualifiers) - { - return (SigPolicyQualifiers) obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SigPolicyQualifiers((ASN1Sequence) obj); - } - - throw new IllegalArgumentException( - "unknown object in 'SigPolicyQualifiers' factory: " - + obj.getClass().getName() + "."); - } - - public SigPolicyQualifiers( - ASN1Sequence seq) - { - qualifiers = seq; - } - - public SigPolicyQualifiers( - SigPolicyQualifierInfo[] qualifierInfos) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i=0; i < qualifierInfos.length; i++) - { - v.add(qualifierInfos[i]); - } - qualifiers = new DERSequence(v); - } - - /** - * Return the number of qualifier info elements present. - * - * @return number of elements present. - */ - public int size() - { - return qualifiers.size(); - } - - /** - * Return the SigPolicyQualifierInfo at index i. - * - * @param i index of the string of interest - * @return the string at index i. - */ - public SigPolicyQualifierInfo getStringAt( - int i) - { - return SigPolicyQualifierInfo.getInstance(qualifiers.getObjectAt(i)); - } - - /** - * 
-     * SigPolicyQualifiers ::= SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo
-     *
- */ - public DERObject toASN1Object() - { - return qualifiers; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyId.java deleted file mode 100644 index 6d0b79301..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyId.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class SignaturePolicyId - extends ASN1Encodable -{ - private DERObjectIdentifier sigPolicyId; - private OtherHashAlgAndValue sigPolicyHash; - private SigPolicyQualifiers sigPolicyQualifiers; - - - public static SignaturePolicyId getInstance( - Object obj) - { - if (obj == null || obj instanceof SignaturePolicyId) - { - return (SignaturePolicyId) obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SignaturePolicyId((ASN1Sequence) obj); - } - - throw new IllegalArgumentException( - "Unknown object in 'SignaturePolicyId' factory : " - + obj.getClass().getName() + "."); - } - - public SignaturePolicyId( - ASN1Sequence seq) - { - if (seq.size() != 2 && seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - sigPolicyId = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - sigPolicyHash = OtherHashAlgAndValue.getInstance(seq.getObjectAt(1)); - - if (seq.size() == 3) - { - sigPolicyQualifiers = SigPolicyQualifiers.getInstance(seq.getObjectAt(2)); - } - } - - public SignaturePolicyId( - DERObjectIdentifier sigPolicyIdentifier, - OtherHashAlgAndValue sigPolicyHash) - { - this(sigPolicyIdentifier, sigPolicyHash, null); - } - - public SignaturePolicyId( - DERObjectIdentifier sigPolicyId, - OtherHashAlgAndValue sigPolicyHash, - SigPolicyQualifiers sigPolicyQualifiers) - { - this.sigPolicyId = sigPolicyId; - this.sigPolicyHash = sigPolicyHash; - this.sigPolicyQualifiers = sigPolicyQualifiers; - } - - public ASN1ObjectIdentifier getSigPolicyId() - { - return new ASN1ObjectIdentifier(sigPolicyId.getId()); - } - - public OtherHashAlgAndValue getSigPolicyHash() - { - return sigPolicyHash; - } - - public SigPolicyQualifiers getSigPolicyQualifiers() - { - return sigPolicyQualifiers; - } - - /** - * 
-     * SignaturePolicyId ::= SEQUENCE {
-     *     sigPolicyId SigPolicyId,
-     *     sigPolicyHash SigPolicyHash,
-     *     sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL}
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(sigPolicyId); - v.add(sigPolicyHash); - if (sigPolicyQualifiers != null) - { - v.add(sigPolicyQualifiers); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyIdentifier.java deleted file mode 100644 index e28885d9e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignaturePolicyIdentifier.java +++ /dev/null @@ -1,74 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.*; - -public class SignaturePolicyIdentifier - extends ASN1Encodable -{ - private SignaturePolicyId signaturePolicyId; - private boolean isSignaturePolicyImplied; - - public static SignaturePolicyIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof SignaturePolicyIdentifier) - { - return (SignaturePolicyIdentifier) obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SignaturePolicyIdentifier(SignaturePolicyId.getInstance(obj)); - } - else if (obj instanceof ASN1Null) - { - return new SignaturePolicyIdentifier(); - } - - throw new IllegalArgumentException( - "unknown object in 'SignaturePolicyIdentifier' factory: " - + obj.getClass().getName() + "."); - } - - public SignaturePolicyIdentifier() - { - this.isSignaturePolicyImplied = true; - } - - public SignaturePolicyIdentifier( - SignaturePolicyId signaturePolicyId) - { - this.signaturePolicyId = signaturePolicyId; - this.isSignaturePolicyImplied = false; - } - - public SignaturePolicyId getSignaturePolicyId() - { - return signaturePolicyId; - } - - public boolean isSignaturePolicyImplied() - { - return isSignaturePolicyImplied; - } - - /** - * 
-     * SignaturePolicyIdentifier ::= CHOICE{
-     *     SignaturePolicyId         SignaturePolicyId,
-     *     SignaturePolicyImplied    SignaturePolicyImplied }
-     *
-     * SignaturePolicyImplied ::= NULL
-     *
- */ - public DERObject toASN1Object() - { - if (isSignaturePolicyImplied) - { - return new DERNull(); - } - else - { - return signaturePolicyId.getDERObject(); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerAttribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerAttribute.java deleted file mode 100644 index bdd42d840..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerAttribute.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AttributeCertificate; - - -public class SignerAttribute - extends ASN1Encodable -{ - private ASN1Sequence claimedAttributes; - private AttributeCertificate certifiedAttributes; - - public static SignerAttribute getInstance( - Object o) - { - if (o == null || o instanceof SignerAttribute) - { - return (SignerAttribute) o; - } - else if (o instanceof ASN1Sequence) - { - return new SignerAttribute(o); - } - - throw new IllegalArgumentException( - "unknown object in 'SignerAttribute' factory: " - + o.getClass().getName() + "."); - } - - private SignerAttribute( - Object o) - { - ASN1Sequence seq = (ASN1Sequence) o; - DERTaggedObject taggedObject = (DERTaggedObject) seq.getObjectAt(0); - if (taggedObject.getTagNo() == 0) - { - claimedAttributes = ASN1Sequence.getInstance(taggedObject, true); - } - else if (taggedObject.getTagNo() == 1) - { - certifiedAttributes = AttributeCertificate.getInstance(taggedObject); - } - else - { - throw new IllegalArgumentException("illegal tag."); - } - } - - public SignerAttribute( - ASN1Sequence claimedAttributes) - { - this.claimedAttributes = claimedAttributes; - } - - public SignerAttribute( - AttributeCertificate certifiedAttributes) - { - this.certifiedAttributes = certifiedAttributes; - } - - public ASN1Sequence getClaimedAttributes() - { - return claimedAttributes; - } - - public AttributeCertificate getCertifiedAttributes() - { - return certifiedAttributes; - } - - /** - * - * 
-     *  SignerAttribute ::= SEQUENCE OF CHOICE {
-     *      claimedAttributes   [0] ClaimedAttributes,
-     *      certifiedAttributes [1] CertifiedAttributes }
-     *
-     *  ClaimedAttributes ::= SEQUENCE OF Attribute
-     *  CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1.
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (claimedAttributes != null) - { - v.add(new DERTaggedObject(0, claimedAttributes)); - } - else - { - v.add(new DERTaggedObject(1, certifiedAttributes)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java deleted file mode 100644 index 0fbe173a2..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java +++ /dev/null @@ -1,162 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.x500.DirectoryString; - -/** - * Signer-Location attribute (RFC3126). - * - * 
- *   SignerLocation ::= SEQUENCE {
- *       countryName        [0] DirectoryString OPTIONAL,
- *       localityName       [1] DirectoryString OPTIONAL,
- *       postalAddress      [2] PostalAddress OPTIONAL }
- *
- *   PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
- *
- */ -public class SignerLocation - extends ASN1Encodable -{ - private DERUTF8String countryName; - private DERUTF8String localityName; - private ASN1Sequence postalAddress; - - public SignerLocation( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - DERTaggedObject o = (DERTaggedObject)e.nextElement(); - - switch (o.getTagNo()) - { - case 0: - DirectoryString countryNameDirectoryString = DirectoryString.getInstance(o, true); - this.countryName = new DERUTF8String(countryNameDirectoryString.getString()); - break; - case 1: - DirectoryString localityNameDirectoryString = DirectoryString.getInstance(o, true); - this.localityName = new DERUTF8String(localityNameDirectoryString.getString()); - break; - case 2: - if (o.isExplicit()) - { - this.postalAddress = ASN1Sequence.getInstance(o, true); - } - else // handle erroneous implicitly tagged sequences - { - this.postalAddress = ASN1Sequence.getInstance(o, false); - } - if (postalAddress != null && postalAddress.size() > 6) - { - throw new IllegalArgumentException("postal address must contain less than 6 strings"); - } - break; - default: - throw new IllegalArgumentException("illegal tag"); - } - } - } - - public SignerLocation( - DERUTF8String countryName, - DERUTF8String localityName, - ASN1Sequence postalAddress) - { - if (postalAddress != null && postalAddress.size() > 6) - { - throw new IllegalArgumentException("postal address must contain less than 6 strings"); - } - - if (countryName != null) - { - this.countryName = DERUTF8String.getInstance(countryName.toASN1Object()); - } - - if (localityName != null) - { - this.localityName = DERUTF8String.getInstance(localityName.toASN1Object()); - } - - if (postalAddress != null) - { - this.postalAddress = ASN1Sequence.getInstance(postalAddress.toASN1Object()); - } - } - - public static SignerLocation getInstance( - Object obj) - { - if (obj == null || obj instanceof SignerLocation) - { - return (SignerLocation)obj; - } - - return new SignerLocation(ASN1Sequence.getInstance(obj)); - } - - public DERUTF8String getCountryName() - { - return countryName; - } - - public DERUTF8String getLocalityName() - { - return localityName; - } - - public ASN1Sequence getPostalAddress() - { - return postalAddress; - } - - /** - * 
-     *   SignerLocation ::= SEQUENCE {
-     *       countryName        [0] DirectoryString OPTIONAL,
-     *       localityName       [1] DirectoryString OPTIONAL,
-     *       postalAddress      [2] PostalAddress OPTIONAL }
-     *
-     *   PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
-     *   
-     *   DirectoryString ::= CHOICE {
-     *         teletexString           TeletexString (SIZE (1..MAX)),
-     *         printableString         PrintableString (SIZE (1..MAX)),
-     *         universalString         UniversalString (SIZE (1..MAX)),
-     *         utf8String              UTF8String (SIZE (1.. MAX)),
-     *         bmpString               BMPString (SIZE (1..MAX)) }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (countryName != null) - { - v.add(new DERTaggedObject(true, 0, countryName)); - } - - if (localityName != null) - { - v.add(new DERTaggedObject(true, 1, localityName)); - } - - if (postalAddress != null) - { - v.add(new DERTaggedObject(true, 2, postalAddress)); - } - - return new DERSequence(v); - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/package.html deleted file mode 100644 index de2736754..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/esf/package.html +++ /dev/null @@ -1,6 +0,0 @@ - - -Support classes useful for encoding and supporting [ESF] RFC3126 -Electronic Signature Formats for long term electronic signatures. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java deleted file mode 100644 index 5ffd96336..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; - -public class ContentHints - extends ASN1Encodable -{ - private DERUTF8String contentDescription; - private DERObjectIdentifier contentType; - - public static ContentHints getInstance(Object o) - { - if (o == null || o instanceof ContentHints) - { - return (ContentHints)o; - } - else if (o instanceof ASN1Sequence) - { - return new ContentHints((ASN1Sequence)o); - } - - throw new IllegalArgumentException( - "unknown object in 'ContentHints' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructor - */ - private ContentHints(ASN1Sequence seq) - { - DEREncodable field = seq.getObjectAt(0); - if (field.getDERObject() instanceof DERUTF8String) - { - contentDescription = DERUTF8String.getInstance(field); - contentType = DERObjectIdentifier.getInstance(seq.getObjectAt(1)); - } - else - { - contentType = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - } - } - - public ContentHints( - DERObjectIdentifier contentType) - { - this.contentType = contentType; - this.contentDescription = null; - } - - public ContentHints( - DERObjectIdentifier contentType, - DERUTF8String contentDescription) - { - this.contentType = contentType; - this.contentDescription = contentDescription; - } - - public DERObjectIdentifier getContentType() - { - return contentType; - } - - public DERUTF8String getContentDescription() - { - return contentDescription; - } - - /** - * 
-     * ContentHints ::= SEQUENCE {
-     *   contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
-     *   contentType ContentType }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (contentDescription != null) - { - v.add(contentDescription); - } - - v.add(contentType); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java deleted file mode 100644 index 88b4f454e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java +++ /dev/null @@ -1,65 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; - -public class ContentIdentifier - extends ASN1Encodable -{ - ASN1OctetString value; - - public static ContentIdentifier getInstance(Object o) - { - if (o == null || o instanceof ContentIdentifier) - { - return (ContentIdentifier) o; - } - else if (o instanceof ASN1OctetString) - { - return new ContentIdentifier((ASN1OctetString) o); - } - - throw new IllegalArgumentException( - "unknown object in 'ContentIdentifier' factory : " - + o.getClass().getName() + "."); - } - - /** - * Create from OCTET STRING whose octets represent the identifier. - */ - public ContentIdentifier( - ASN1OctetString value) - { - this.value = value; - } - - /** - * Create from byte array representing the identifier. - */ - public ContentIdentifier( - byte[] value) - { - this(new DEROctetString(value)); - } - - public ASN1OctetString getValue() - { - return value; - } - - /** - * The definition of ContentIdentifier is - * 
-     * ContentIdentifier ::=  OCTET STRING
-     *
- * id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 7 } - */ - public DERObject toASN1Object() - { - return value; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java deleted file mode 100644 index 69b107af5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.IssuerSerial; - -public class ESSCertID - extends ASN1Encodable -{ - private ASN1OctetString certHash; - - private IssuerSerial issuerSerial; - - public static ESSCertID getInstance(Object o) - { - if (o == null || o instanceof ESSCertID) - { - return (ESSCertID)o; - } - else if (o instanceof ASN1Sequence) - { - return new ESSCertID((ASN1Sequence)o); - } - - throw new IllegalArgumentException( - "unknown object in 'ESSCertID' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructor - */ - public ESSCertID(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - certHash = ASN1OctetString.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - issuerSerial = IssuerSerial.getInstance(seq.getObjectAt(1)); - } - } - - public ESSCertID( - byte[] hash) - { - certHash = new DEROctetString(hash); - } - - public ESSCertID( - byte[] hash, - IssuerSerial issuerSerial) - { - this.certHash = new DEROctetString(hash); - this.issuerSerial = issuerSerial; - } - - public byte[] getCertHash() - { - return certHash.getOctets(); - } - - public IssuerSerial getIssuerSerial() - { - return issuerSerial; - } - - /** - * 
-     * ESSCertID ::= SEQUENCE {
-     *     certHash Hash, 
-     *     issuerSerial IssuerSerial OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certHash); - - if (issuerSerial != null) - { - v.add(issuerSerial); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertIDv2.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertIDv2.java deleted file mode 100644 index c44897749..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/ESSCertIDv2.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.IssuerSerial; - -public class ESSCertIDv2 - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlgorithm; - private byte[] certHash; - private IssuerSerial issuerSerial; - private static final AlgorithmIdentifier DEFAULT_ALG_ID = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256); - - public static ESSCertIDv2 getInstance( - Object o) - { - if (o == null || o instanceof ESSCertIDv2) - { - return (ESSCertIDv2) o; - } - else if (o instanceof ASN1Sequence) - { - return new ESSCertIDv2((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'ESSCertIDv2' factory : " - + o.getClass().getName() + "."); - } - - public ESSCertIDv2( - ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - int count = 0; - - if (seq.getObjectAt(0) instanceof ASN1OctetString) - { - // Default value - this.hashAlgorithm = DEFAULT_ALG_ID; - } - else - { - this.hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(count++).getDERObject()); - } - - this.certHash = ASN1OctetString.getInstance(seq.getObjectAt(count++).getDERObject()).getOctets(); - - if (seq.size() > count) - { - this.issuerSerial = new IssuerSerial(ASN1Sequence.getInstance(seq.getObjectAt(count).getDERObject())); - } - } - - public ESSCertIDv2( - AlgorithmIdentifier algId, - byte[] certHash) - { - this(algId, certHash, null); - } - - public ESSCertIDv2( - AlgorithmIdentifier algId, - byte[] certHash, - IssuerSerial issuerSerial) - { - if (algId == null) - { - // Default value - this.hashAlgorithm = DEFAULT_ALG_ID; - } - else - { - this.hashAlgorithm = algId; - } - - this.certHash = certHash; - this.issuerSerial = issuerSerial; - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return this.hashAlgorithm; - } - - public byte[] getCertHash() - { - return certHash; - } - - public IssuerSerial getIssuerSerial() - { - return issuerSerial; - } - - /** - * 
-     * ESSCertIDv2 ::=  SEQUENCE {
-     *     hashAlgorithm     AlgorithmIdentifier
-     *              DEFAULT {algorithm id-sha256},
-     *     certHash          Hash,
-     *     issuerSerial      IssuerSerial OPTIONAL
-     * }
-     *
-     * Hash ::= OCTET STRING
-     *
-     * IssuerSerial ::= SEQUENCE {
-     *     issuer         GeneralNames,
-     *     serialNumber   CertificateSerialNumber
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (!hashAlgorithm.equals(DEFAULT_ALG_ID)) - { - v.add(hashAlgorithm); - } - - v.add(new DEROctetString(certHash).toASN1Object()); - - if (issuerSerial != null) - { - v.add(issuerSerial); - } - - return new DERSequence(v); - } - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java deleted file mode 100644 index dcd5d50ae..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class OtherCertID - extends ASN1Encodable -{ - private ASN1Encodable otherCertHash; - private IssuerSerial issuerSerial; - - public static OtherCertID getInstance(Object o) - { - if (o == null || o instanceof OtherCertID) - { - return (OtherCertID) o; - } - else if (o instanceof ASN1Sequence) - { - return new OtherCertID((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'OtherCertID' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructor - */ - public OtherCertID(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - if (seq.getObjectAt(0).getDERObject() instanceof ASN1OctetString) - { - otherCertHash = ASN1OctetString.getInstance(seq.getObjectAt(0)); - } - else - { - otherCertHash = DigestInfo.getInstance(seq.getObjectAt(0)); - - } - - if (seq.size() > 1) - { - issuerSerial = new IssuerSerial(ASN1Sequence.getInstance(seq.getObjectAt(1))); - } - } - - public OtherCertID( - AlgorithmIdentifier algId, - byte[] digest) - { - this.otherCertHash = new DigestInfo(algId, digest); - } - - public OtherCertID( - AlgorithmIdentifier algId, - byte[] digest, - IssuerSerial issuerSerial) - { - this.otherCertHash = new DigestInfo(algId, digest); - this.issuerSerial = issuerSerial; - } - - public AlgorithmIdentifier getAlgorithmHash() - { - if (otherCertHash.getDERObject() instanceof ASN1OctetString) - { - // SHA-1 - return new AlgorithmIdentifier("1.3.14.3.2.26"); - } - else - { - return DigestInfo.getInstance(otherCertHash).getAlgorithmId(); - } - } - - public byte[] getCertHash() - { - if (otherCertHash.getDERObject() instanceof ASN1OctetString) - { - // SHA-1 - return ((ASN1OctetString)otherCertHash.getDERObject()).getOctets(); - } - else - { - return DigestInfo.getInstance(otherCertHash).getDigest(); - } - } - - public IssuerSerial getIssuerSerial() - { - return issuerSerial; - } - - /** - * 
-     * OtherCertID ::= SEQUENCE {
-     *     otherCertHash    OtherHash,
-     *     issuerSerial     IssuerSerial OPTIONAL }
-     *
-     * OtherHash ::= CHOICE {
-     *     sha1Hash     OCTET STRING,
-     *     otherHash    OtherHashAlgAndValue }
-     *
-     * OtherHashAlgAndValue ::= SEQUENCE {
-     *     hashAlgorithm    AlgorithmIdentifier,
-     *     hashValue        OCTET STRING }
-     *
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(otherCertHash); - - if (issuerSerial != null) - { - v.add(issuerSerial); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java deleted file mode 100644 index 0207d7a82..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.PolicyInformation; - -public class OtherSigningCertificate - extends ASN1Encodable -{ - ASN1Sequence certs; - ASN1Sequence policies; - - public static OtherSigningCertificate getInstance(Object o) - { - if (o == null || o instanceof OtherSigningCertificate) - { - return (OtherSigningCertificate) o; - } - else if (o instanceof ASN1Sequence) - { - return new OtherSigningCertificate((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'OtherSigningCertificate' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructeurs - */ - public OtherSigningCertificate(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - this.certs = ASN1Sequence.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - this.policies = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public OtherSigningCertificate( - OtherCertID otherCertID) - { - certs = new DERSequence(otherCertID); - } - - public OtherCertID[] getCerts() - { - OtherCertID[] cs = new OtherCertID[certs.size()]; - - for (int i = 0; i != certs.size(); i++) - { - cs[i] = OtherCertID.getInstance(certs.getObjectAt(i)); - } - - return cs; - } - - public PolicyInformation[] getPolicies() - { - if (policies == null) - { - return null; - } - - PolicyInformation[] ps = new PolicyInformation[policies.size()]; - - for (int i = 0; i != policies.size(); i++) - { - ps[i] = PolicyInformation.getInstance(policies.getObjectAt(i)); - } - - return ps; - } - - /** - * The definition of OtherSigningCertificate is - * 
-     * OtherSigningCertificate ::=  SEQUENCE {
-     *      certs        SEQUENCE OF OtherCertID,
-     *      policies     SEQUENCE OF PolicyInformation OPTIONAL
-     * }
-     *
- * id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 19 } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certs); - - if (policies != null) - { - v.add(policies); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java deleted file mode 100644 index bd3c904ec..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.PolicyInformation; - - -public class SigningCertificate - extends ASN1Encodable -{ - ASN1Sequence certs; - ASN1Sequence policies; - - public static SigningCertificate getInstance(Object o) - { - if (o == null || o instanceof SigningCertificate) - { - return (SigningCertificate) o; - } - else if (o instanceof ASN1Sequence) - { - return new SigningCertificate((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'SigningCertificate' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructeurs - */ - public SigningCertificate(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.certs = ASN1Sequence.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - this.policies = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public SigningCertificate( - ESSCertID essCertID) - { - certs = new DERSequence(essCertID); - } - - public ESSCertID[] getCerts() - { - ESSCertID[] cs = new ESSCertID[certs.size()]; - - for (int i = 0; i != certs.size(); i++) - { - cs[i] = ESSCertID.getInstance(certs.getObjectAt(i)); - } - - return cs; - } - - public PolicyInformation[] getPolicies() - { - if (policies == null) - { - return null; - } - - PolicyInformation[] ps = new PolicyInformation[policies.size()]; - - for (int i = 0; i != policies.size(); i++) - { - ps[i] = PolicyInformation.getInstance(policies.getObjectAt(i)); - } - - return ps; - } - - /** - * The definition of SigningCertificate is - * 
-     * SigningCertificate ::=  SEQUENCE {
-     *      certs        SEQUENCE OF ESSCertID,
-     *      policies     SEQUENCE OF PolicyInformation OPTIONAL
-     * }
-     *
- * id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 12 } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certs); - - if (policies != null) - { - v.add(policies); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificateV2.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificateV2.java deleted file mode 100644 index d70d8caa0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/SigningCertificateV2.java +++ /dev/null @@ -1,132 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.PolicyInformation; - -public class SigningCertificateV2 - extends ASN1Encodable -{ - ASN1Sequence certs; - ASN1Sequence policies; - - public static SigningCertificateV2 getInstance( - Object o) - { - if (o == null || o instanceof SigningCertificateV2) - { - return (SigningCertificateV2) o; - } - else if (o instanceof ASN1Sequence) - { - return new SigningCertificateV2((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'SigningCertificateV2' factory : " - + o.getClass().getName() + "."); - } - - public SigningCertificateV2( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - this.certs = ASN1Sequence.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - this.policies = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public SigningCertificateV2( - ESSCertIDv2[] certs) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i=0; i < certs.length; i++) - { - v.add(certs[i]); - } - this.certs = new DERSequence(v); - } - - public SigningCertificateV2( - ESSCertIDv2[] certs, - PolicyInformation[] policies) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i=0; i < certs.length; i++) - { - v.add(certs[i]); - } - this.certs = new DERSequence(v); - - if (policies != null) - { - v = new ASN1EncodableVector(); - for (int i=0; i < policies.length; i++) - { - v.add(policies[i]); - } - this.policies = new DERSequence(v); - } - } - - public ESSCertIDv2[] getCerts() - { - ESSCertIDv2[] certIds = new ESSCertIDv2[certs.size()]; - for (int i = 0; i != certs.size(); i++) - { - certIds[i] = ESSCertIDv2.getInstance(certs.getObjectAt(i)); - } - return certIds; - } - - public PolicyInformation[] getPolicies() - { - if (policies == null) - { - return null; - } - - PolicyInformation[] policyInformations = new PolicyInformation[policies.size()]; - for (int i = 0; i != policies.size(); i++) - { - policyInformations[i] = PolicyInformation.getInstance(policies.getObjectAt(i)); - } - return policyInformations; - } - - /** - * The definition of SigningCertificateV2 is - * 
-     * SigningCertificateV2 ::=  SEQUENCE {
-     *      certs        SEQUENCE OF ESSCertIDv2,
-     *      policies     SEQUENCE OF PolicyInformation OPTIONAL
-     * }
-     *
- * id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 47 } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certs); - - if (policies != null) - { - v.add(policies); - } - - return new DERSequence(v); - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/package.html deleted file mode 100644 index 21854b368..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ess/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting Enhanced Security Services for S/MIME as described RFC 2634 and RFC 5035. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java deleted file mode 100644 index 084a020a0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.asn1.gnu; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface GNUObjectIdentifiers -{ - public static final ASN1ObjectIdentifier GNU = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.1"); // GNU Radius - public static final ASN1ObjectIdentifier GnuPG = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.2"); // GnuPG (Ägypten) - public static final ASN1ObjectIdentifier notation = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.2.1"); // notation - public static final ASN1ObjectIdentifier pkaAddress = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.2.1.1"); // pkaAddress - public static final ASN1ObjectIdentifier GnuRadar = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.3"); // GNU Radar - public static final ASN1ObjectIdentifier digestAlgorithm = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.12"); // digestAlgorithm - public static final ASN1ObjectIdentifier Tiger_192 = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.12.2"); // TIGER/192 - public static final ASN1ObjectIdentifier encryptionAlgorithm = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13"); // encryptionAlgorithm - public static final ASN1ObjectIdentifier Serpent = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2"); // Serpent - public static final ASN1ObjectIdentifier Serpent_128_ECB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.1"); // Serpent-128-ECB - public static final ASN1ObjectIdentifier Serpent_128_CBC = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.2"); // Serpent-128-CBC - public static final ASN1ObjectIdentifier Serpent_128_OFB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.3"); // Serpent-128-OFB - public static final ASN1ObjectIdentifier Serpent_128_CFB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.4"); // Serpent-128-CFB - public static final ASN1ObjectIdentifier Serpent_192_ECB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.21"); // Serpent-192-ECB - public static final ASN1ObjectIdentifier Serpent_192_CBC = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.22"); // Serpent-192-CBC - public static final ASN1ObjectIdentifier Serpent_192_OFB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.23"); // Serpent-192-OFB - public static final ASN1ObjectIdentifier Serpent_192_CFB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.24"); // Serpent-192-CFB - public static final ASN1ObjectIdentifier Serpent_256_ECB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.41"); // Serpent-256-ECB - public static final ASN1ObjectIdentifier Serpent_256_CBC = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.42"); // Serpent-256-CBC - public static final ASN1ObjectIdentifier Serpent_256_OFB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.43"); // Serpent-256-OFB - public static final ASN1ObjectIdentifier Serpent_256_CFB = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.13.2.44"); // Serpent-256-CFB - public static final ASN1ObjectIdentifier CRC = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.14"); // CRC algorithms - public static final ASN1ObjectIdentifier CRC32 = new ASN1ObjectIdentifier("1.3.6.1.4.1.11591.14.1"); // CRC 32 -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java deleted file mode 100644 index e9ab8d607..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1.iana; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface IANAObjectIdentifiers -{ - // id-SHA1 OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1)} - // - - static final ASN1ObjectIdentifier isakmpOakley = new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1"); - - static final ASN1ObjectIdentifier hmacMD5 = new ASN1ObjectIdentifier(isakmpOakley + ".1"); - static final ASN1ObjectIdentifier hmacSHA1 = new ASN1ObjectIdentifier(isakmpOakley + ".2"); - - static final ASN1ObjectIdentifier hmacTIGER = new ASN1ObjectIdentifier(isakmpOakley + ".3"); - - static final ASN1ObjectIdentifier hmacRIPEMD160 = new ASN1ObjectIdentifier(isakmpOakley + ".4"); - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java deleted file mode 100644 index c4f719ff1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.x509.X509CertificateStructure; - -/** - * The CscaMasterList object. This object can be wrapped in a - * CMSSignedData to be published in LDAP. - * - * 
- * CscaMasterList ::= SEQUENCE {
- *   version                CscaMasterListVersion,
- *   certList               SET OF Certificate }
- *   
- * CscaMasterListVersion :: INTEGER {v0(0)}
- *
- */ - -public class CscaMasterList - extends ASN1Encodable -{ - private DERInteger version = new DERInteger(0); - private X509CertificateStructure[] certList; - - public static CscaMasterList getInstance( - Object obj) - { - if (obj instanceof CscaMasterList) - { - return (CscaMasterList)obj; - } - else if (obj != null) - { - return new CscaMasterList(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - private CscaMasterList( - ASN1Sequence seq) - { - if (seq == null || seq.size() == 0) - { - throw new IllegalArgumentException( - "null or empty sequence passed."); - } - if (seq.size() != 2) { - throw new IllegalArgumentException( - "Incorrect sequence size: " + seq.size()); - } - - version = DERInteger.getInstance(seq.getObjectAt(0)); - ASN1Set certSet = ASN1Set.getInstance(seq.getObjectAt(1)); - certList = new X509CertificateStructure[certSet.size()]; - for (int i = 0; i < certList.length; i++) { - certList[i] - = X509CertificateStructure.getInstance(certSet.getObjectAt(i)); - } - } - - public CscaMasterList( - X509CertificateStructure[] certStructs) - { - certList = copyCertList(certStructs); - } - - public int getVersion() { - return version.getValue().intValue(); - } - - public X509CertificateStructure[] getCertStructs() - { - return copyCertList(certList); - } - - private X509CertificateStructure[] copyCertList(X509CertificateStructure[] orig) - { - X509CertificateStructure[] certs = new X509CertificateStructure[orig.length]; - - for (int i = 0; i != certs.length; i++) - { - certs[i] = orig[i]; - } - - return certs; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - - seq.add(version); - - ASN1EncodableVector certSet = new ASN1EncodableVector(); - for (int i = 0; i < certList.length; i++) - { - certSet.add(certList[i]); - } - seq.add(new DERSet(certSet)); - - return new DERSequence(seq); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java deleted file mode 100644 index 757a74263..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * The DataGroupHash object. - * 
- * DataGroupHash  ::=  SEQUENCE {
- *      dataGroupNumber         DataGroupNumber,
- *      dataGroupHashValue     OCTET STRING }
- * 
- * DataGroupNumber ::= INTEGER {
- *         dataGroup1    (1),
- *         dataGroup1    (2),
- *         dataGroup1    (3),
- *         dataGroup1    (4),
- *         dataGroup1    (5),
- *         dataGroup1    (6),
- *         dataGroup1    (7),
- *         dataGroup1    (8),
- *         dataGroup1    (9),
- *         dataGroup1    (10),
- *         dataGroup1    (11),
- *         dataGroup1    (12),
- *         dataGroup1    (13),
- *         dataGroup1    (14),
- *         dataGroup1    (15),
- *         dataGroup1    (16) }
- * 
- *
- */ -public class DataGroupHash - extends ASN1Encodable -{ - DERInteger dataGroupNumber; - ASN1OctetString dataGroupHashValue; - - public static DataGroupHash getInstance( - Object obj) - { - if (obj instanceof DataGroupHash) - { - return (DataGroupHash)obj; - } - else if (obj != null) - { - return new DataGroupHash(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - private DataGroupHash(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - // dataGroupNumber - dataGroupNumber = DERInteger.getInstance(e.nextElement()); - // dataGroupHashValue - dataGroupHashValue = ASN1OctetString.getInstance(e.nextElement()); - } - - public DataGroupHash( - int dataGroupNumber, - ASN1OctetString dataGroupHashValue) - { - this.dataGroupNumber = new DERInteger(dataGroupNumber); - this.dataGroupHashValue = dataGroupHashValue; - } - - public int getDataGroupNumber() - { - return dataGroupNumber.getValue().intValue(); - } - - public ASN1OctetString getDataGroupHashValue() - { - return dataGroupHashValue; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(dataGroupNumber); - seq.add(dataGroupHashValue); - - return new DERSequence(seq); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java deleted file mode 100644 index 0b5da2be4..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface ICAOObjectIdentifiers -{ - // - // base id - // - static final ASN1ObjectIdentifier id_icao = new ASN1ObjectIdentifier("2.23.136"); - - static final ASN1ObjectIdentifier id_icao_mrtd = id_icao.branch("1"); - static final ASN1ObjectIdentifier id_icao_mrtd_security = id_icao_mrtd.branch("1"); - - // LDS security object, see ICAO Doc 9303-Volume 2-Section IV-A3.2 - static final ASN1ObjectIdentifier id_icao_ldsSecurityObject = id_icao_mrtd_security.branch("1"); - - // CSCA master list, see TR CSCA Countersigning and Master List issuance - static final ASN1ObjectIdentifier id_icao_cscaMasterList = id_icao_mrtd_security.branch("2"); - static final ASN1ObjectIdentifier id_icao_cscaMasterListSigningKey = id_icao_mrtd_security.branch("3"); - - // document type list, see draft TR LDS and PKI Maintenance, par. 3.2.1 - static final ASN1ObjectIdentifier id_icao_documentTypeList = id_icao_mrtd_security.branch("4"); - - // Active Authentication protocol, see draft TR LDS and PKI Maintenance, - // par. 5.2.2 - static final ASN1ObjectIdentifier id_icao_aaProtocolObject = id_icao_mrtd_security.branch("5"); - - // CSCA name change and key reoll-over, see draft TR LDS and PKI - // Maintenance, par. 3.2.1 - static final ASN1ObjectIdentifier id_icao_extensions = id_icao_mrtd_security.branch("6"); - static final ASN1ObjectIdentifier id_icao_extensions_namechangekeyrollover = id_icao_extensions.branch("1"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java deleted file mode 100644 index 02ddcbc00..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java +++ /dev/null @@ -1,159 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * The LDSSecurityObject object (V1.8). - * 
- * LDSSecurityObject ::= SEQUENCE {
- *   version                LDSSecurityObjectVersion,
- *   hashAlgorithm          DigestAlgorithmIdentifier,
- *   dataGroupHashValues    SEQUENCE SIZE (2..ub-DataGroups) OF DataHashGroup,
- *   ldsVersionInfo         LDSVersionInfo OPTIONAL
- *   -- if present, version MUST be v1 }
- *   
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier,
- * 
- * LDSSecurityObjectVersion :: INTEGER {V0(0)}
- *
- */ - -public class LDSSecurityObject - extends ASN1Encodable - implements ICAOObjectIdentifiers -{ - public static final int ub_DataGroups = 16; - - private DERInteger version = new DERInteger(0); - private AlgorithmIdentifier digestAlgorithmIdentifier; - private DataGroupHash[] datagroupHash; - private LDSVersionInfo versionInfo; - - public static LDSSecurityObject getInstance( - Object obj) - { - if (obj instanceof LDSSecurityObject) - { - return (LDSSecurityObject)obj; - } - else if (obj != null) - { - return new LDSSecurityObject(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - private LDSSecurityObject( - ASN1Sequence seq) - { - if (seq == null || seq.size() == 0) - { - throw new IllegalArgumentException("null or empty sequence passed."); - } - - Enumeration e = seq.getObjects(); - - // version - version = DERInteger.getInstance(e.nextElement()); - // digestAlgorithmIdentifier - digestAlgorithmIdentifier = AlgorithmIdentifier.getInstance(e.nextElement()); - - ASN1Sequence datagroupHashSeq = ASN1Sequence.getInstance(e.nextElement()); - - if (version.getValue().intValue() == 1) - { - versionInfo = LDSVersionInfo.getInstance(e.nextElement()); - } - - checkDatagroupHashSeqSize(datagroupHashSeq.size()); - - datagroupHash = new DataGroupHash[datagroupHashSeq.size()]; - for (int i= 0; i< datagroupHashSeq.size();i++) - { - datagroupHash[i] = DataGroupHash.getInstance(datagroupHashSeq.getObjectAt(i)); - } - } - - public LDSSecurityObject( - AlgorithmIdentifier digestAlgorithmIdentifier, - DataGroupHash[] datagroupHash) - { - this.version = new DERInteger(0); - this.digestAlgorithmIdentifier = digestAlgorithmIdentifier; - this.datagroupHash = datagroupHash; - - checkDatagroupHashSeqSize(datagroupHash.length); - } - - public LDSSecurityObject( - AlgorithmIdentifier digestAlgorithmIdentifier, - DataGroupHash[] datagroupHash, - LDSVersionInfo versionInfo) - { - this.version = new DERInteger(1); - this.digestAlgorithmIdentifier = digestAlgorithmIdentifier; - this.datagroupHash = datagroupHash; - this.versionInfo = versionInfo; - - checkDatagroupHashSeqSize(datagroupHash.length); - } - - private void checkDatagroupHashSeqSize(int size) - { - if ((size < 2) || (size > ub_DataGroups)) - { - throw new IllegalArgumentException("wrong size in DataGroupHashValues : not in (2.."+ ub_DataGroups +")"); - } - } - - public int getVersion() - { - return version.getValue().intValue(); - } - - public AlgorithmIdentifier getDigestAlgorithmIdentifier() - { - return digestAlgorithmIdentifier; - } - - public DataGroupHash[] getDatagroupHash() - { - return datagroupHash; - } - - public LDSVersionInfo getVersionInfo() - { - return versionInfo; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - - seq.add(version); - seq.add(digestAlgorithmIdentifier); - - ASN1EncodableVector seqname = new ASN1EncodableVector(); - for (int i = 0; i < datagroupHash.length; i++) - { - seqname.add(datagroupHash[i]); - } - seq.add(new DERSequence(seqname)); - - if (versionInfo != null) - { - seq.add(versionInfo); - } - - return new DERSequence(seq); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSVersionInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSVersionInfo.java deleted file mode 100644 index 000951826..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/LDSVersionInfo.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERSequence; - -public class LDSVersionInfo - extends ASN1Encodable -{ - private DERPrintableString ldsVersion; - private DERPrintableString unicodeVersion; - - public LDSVersionInfo(String ldsVersion, String unicodeVersion) - { - this.ldsVersion = new DERPrintableString(ldsVersion); - this.unicodeVersion = new DERPrintableString(unicodeVersion); - } - - private LDSVersionInfo(ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("sequence wrong size for LDSVersionInfo"); - } - - this.ldsVersion = DERPrintableString.getInstance(seq.getObjectAt(0)); - this.unicodeVersion = DERPrintableString.getInstance(seq.getObjectAt(1)); - } - - public static LDSVersionInfo getInstance(Object obj) - { - if (obj instanceof LDSVersionInfo) - { - return (LDSVersionInfo)obj; - } - else if (obj != null) - { - return new LDSVersionInfo(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public String getLdsVersion() - { - return ldsVersion.getString(); - } - - public String getUnicodeVersion() - { - return unicodeVersion.getString(); - } - - /** - * 
-     * LDSVersionInfo ::= SEQUENCE {
-	 *    ldsVersion PRINTABLE STRING
-	 *    unicodeVersion PRINTABLE STRING
-     *  }
-     *
- * @return - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(ldsVersion); - v.add(unicodeVersion); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/package.html deleted file mode 100644 index f2301dbe0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/icao/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -ICAO ASN.1 classes for electronic passport. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java deleted file mode 100644 index bc2ac8d5b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java +++ /dev/null @@ -1,180 +0,0 @@ -package org.bouncycastle.asn1.isismtt; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface ISISMTTObjectIdentifiers -{ - - static final ASN1ObjectIdentifier id_isismtt = new ASN1ObjectIdentifier("1.3.36.8"); - - static final ASN1ObjectIdentifier id_isismtt_cp = id_isismtt.branch("1"); - - /** - * The id-isismtt-cp-accredited OID indicates that the certificate is a - * qualified certificate according to Directive 1999/93/EC of the European - * Parliament and of the Council of 13 December 1999 on a Community - * Framework for Electronic Signatures, which additionally conforms the - * special requirements of the SigG and has been issued by an accredited CA. - */ - static final ASN1ObjectIdentifier id_isismtt_cp_accredited = id_isismtt_cp.branch("1"); - - static final ASN1ObjectIdentifier id_isismtt_at = id_isismtt.branch("3"); - - /** - * Certificate extensionDate of certificate generation - * - * 
-     *                DateOfCertGenSyntax ::= GeneralizedTime
-     *
- */ - static final ASN1ObjectIdentifier id_isismtt_at_dateOfCertGen = id_isismtt_at.branch("1"); - - /** - * Attribute to indicate that the certificate holder may sign in the name of - * a third person. May also be used as extension in a certificate. - */ - static final ASN1ObjectIdentifier id_isismtt_at_procuration = id_isismtt_at.branch("2"); - - /** - * Attribute to indicate admissions to certain professions. May be used as - * attribute in attribute certificate or as extension in a certificate - */ - static final ASN1ObjectIdentifier id_isismtt_at_admission = id_isismtt_at.branch("3"); - - /** - * Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST - * be used in new certificates in place of the extension/attribute - * MonetaryLimit since January 1, 2004. For the sake of backward - * compatibility with certificates already in use, SigG conforming - * components MUST support MonetaryLimit (as well as QcEuLimitValue). - */ - static final ASN1ObjectIdentifier id_isismtt_at_monetaryLimit = id_isismtt_at.branch("4"); - - /** - * A declaration of majority. May be used as attribute in attribute - * certificate or as extension in a certificate - */ - static final ASN1ObjectIdentifier id_isismtt_at_declarationOfMajority = id_isismtt_at.branch("5"); - - /** - * - * Serial number of the smart card containing the corresponding private key - * - * 
-     *                 ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
-     *
- */ - static final ASN1ObjectIdentifier id_isismtt_at_iCCSN = id_isismtt_at.branch("6"); - - /** - * - * Reference for a file of a smartcard that stores the public key of this - * certificate and that is used as �security anchor�. - * - * 
-     *      PKReferenceSyntax ::= OCTET STRING (SIZE(20))
-     *
- */ - static final ASN1ObjectIdentifier id_isismtt_at_PKReference = id_isismtt_at.branch("7"); - - /** - * Some other restriction regarding the usage of this certificate. May be - * used as attribute in attribute certificate or as extension in a - * certificate. - * - * 
-     *             RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-     *
- * - * @see org.bouncycastle.asn1.isismtt.x509.Restriction - */ - static final ASN1ObjectIdentifier id_isismtt_at_restriction = id_isismtt_at.branch("8"); - - /** - * - * (Single)Request extension: Clients may include this extension in a - * (single) Request to request the responder to send the certificate in the - * response message along with the status information. Besides the LDAP - * service, this extension provides another mechanism for the distribution - * of certificates, which MAY optionally be provided by certificate - * repositories. - * - * 
-     *        RetrieveIfAllowed ::= BOOLEAN
-     *       
-     *
- */ - static final ASN1ObjectIdentifier id_isismtt_at_retrieveIfAllowed = id_isismtt_at.branch("9"); - - /** - * SingleOCSPResponse extension: The certificate requested by the client by - * inserting the RetrieveIfAllowed extension in the request, will be - * returned in this extension. - * - * @see org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate - */ - static final ASN1ObjectIdentifier id_isismtt_at_requestedCertificate = id_isismtt_at.branch("10"); - - /** - * Base ObjectIdentifier for naming authorities - */ - static final ASN1ObjectIdentifier id_isismtt_at_namingAuthorities = id_isismtt_at.branch("11"); - - /** - * SingleOCSPResponse extension: Date, when certificate has been published - * in the directory and status information has become available. Currently, - * accrediting authorities enforce that SigG-conforming OCSP servers include - * this extension in the responses. - * - * 
-     *      CertInDirSince ::= GeneralizedTime
-     *
- */ - static final ASN1ObjectIdentifier id_isismtt_at_certInDirSince = id_isismtt_at.branch("12"); - - /** - * Hash of a certificate in OCSP. - * - * @see org.bouncycastle.asn1.isismtt.ocsp.CertHash - */ - static final ASN1ObjectIdentifier id_isismtt_at_certHash = id_isismtt_at.branch("13"); - - /** - * 
-     *          NameAtBirth ::= DirectoryString(SIZE(1..64)
-     *
- * - * Used in - * {@link org.bouncycastle.asn1.x509.SubjectDirectoryAttributes SubjectDirectoryAttributes} - */ - static final ASN1ObjectIdentifier id_isismtt_at_nameAtBirth = id_isismtt_at.branch("14"); - - /** - * Some other information of non-restrictive nature regarding the usage of - * this certificate. May be used as attribute in atribute certificate or as - * extension in a certificate. - * - * 
-     *               AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-     *
- * - * @see org.bouncycastle.asn1.isismtt.x509.AdditionalInformationSyntax - */ - static final ASN1ObjectIdentifier id_isismtt_at_additionalInformation = id_isismtt_at.branch("15"); - - /** - * Indicates that an attribute certificate exists, which limits the - * usability of this public key certificate. Whenever verifying a signature - * with the help of this certificate, the content of the corresponding - * attribute certificate should be concerned. This extension MUST be - * included in a PKC, if a corresponding attribute certificate (having the - * PKC as base certificate) contains some attribute that restricts the - * usability of the PKC too. Attribute certificates with restricting content - * MUST always be included in the signed document. - * - * 
-     *                   LiabilityLimitationFlagSyntax ::= BOOLEAN
-     *
- */ - static final ASN1ObjectIdentifier id_isismtt_at_liabilityLimitationFlag = new ASN1ObjectIdentifier("0.2.262.1.10.12.0"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java deleted file mode 100644 index a4616d3d8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.asn1.isismtt.ocsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * ISIS-MTT PROFILE: The responder may include this extension in a response to - * send the hash of the requested certificate to the responder. This hash is - * cryptographically bound to the certificate and serves as evidence that the - * certificate is known to the responder (i.e. it has been issued and is present - * in the directory). Hence, this extension is a means to provide a positive - * statement of availability as described in T8.[8]. As explained in T13.[1], - * clients may rely on this information to be able to validate signatures after - * the expiry of the corresponding certificate. Hence, clients MUST support this - * extension. If a positive statement of availability is to be delivered, this - * extension syntax and OID MUST be used. - *

- *

- * 

- *     CertHash ::= SEQUENCE {
- *       hashAlgorithm AlgorithmIdentifier,
- *       certificateHash OCTET STRING
- *     }
- *
- */ -public class CertHash - extends ASN1Encodable -{ - - private AlgorithmIdentifier hashAlgorithm; - private byte[] certificateHash; - - public static CertHash getInstance(Object obj) - { - if (obj == null || obj instanceof CertHash) - { - return (CertHash)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new CertHash((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - *

- * The sequence is of type CertHash: - *

- * 

-     *     CertHash ::= SEQUENCE {
-     *       hashAlgorithm AlgorithmIdentifier,
-     *       certificateHash OCTET STRING
-     *     }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private CertHash(ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - certificateHash = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets(); - } - - /** - * Constructor from a given details. - * - * @param hashAlgorithm The hash algorithm identifier. - * @param certificateHash The hash of the whole DER encoding of the certificate. - */ - public CertHash(AlgorithmIdentifier hashAlgorithm, byte[] certificateHash) - { - this.hashAlgorithm = hashAlgorithm; - this.certificateHash = new byte[certificateHash.length]; - System.arraycopy(certificateHash, 0, this.certificateHash, 0, - certificateHash.length); - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public byte[] getCertificateHash() - { - return certificateHash; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *     CertHash ::= SEQUENCE {
-     *       hashAlgorithm AlgorithmIdentifier,
-     *       certificateHash OCTET STRING
-     *     }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - vec.add(hashAlgorithm); - vec.add(new DEROctetString(certificateHash)); - return new DERSequence(vec); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java deleted file mode 100644 index 98ae2e82a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java +++ /dev/null @@ -1,183 +0,0 @@ -package org.bouncycastle.asn1.isismtt.ocsp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509CertificateStructure; - -import java.io.IOException; - -/** - * ISIS-MTT-Optional: The certificate requested by the client by inserting the - * RetrieveIfAllowed extension in the request, will be returned in this - * extension. - *

- * ISIS-MTT-SigG: The signature act allows publishing certificates only then, - * when the certificate owner gives his explicit permission. Accordingly, there - * may be �nondownloadable� certificates, about which the responder must provide - * status information, but MUST NOT include them in the response. Clients may - * get therefore the following three kind of answers on a single request - * including the RetrieveIfAllowed extension: - *

- * Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If - * any of the OCTET STRING options is used, it MUST contain the DER encoding of - * the requested certificate. - *

- * 

- *            RequestedCertificate ::= CHOICE {
- *              Certificate Certificate,
- *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
- *              attributeCertificate [1] EXPLICIT OCTET STRING
- *            }
- *
- */ -public class RequestedCertificate - extends ASN1Encodable - implements ASN1Choice -{ - public static final int certificate = -1; - public static final int publicKeyCertificate = 0; - public static final int attributeCertificate = 1; - - private X509CertificateStructure cert; - private byte[] publicKeyCert; - private byte[] attributeCert; - - public static RequestedCertificate getInstance(Object obj) - { - if (obj == null || obj instanceof RequestedCertificate) - { - return (RequestedCertificate)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new RequestedCertificate(X509CertificateStructure.getInstance(obj)); - } - if (obj instanceof ASN1TaggedObject) - { - return new RequestedCertificate((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - public static RequestedCertificate getInstance(ASN1TaggedObject obj, boolean explicit) - { - if (!explicit) - { - throw new IllegalArgumentException("choice item must be explicitly tagged"); - } - - return getInstance(obj.getObject()); - } - - private RequestedCertificate(ASN1TaggedObject tagged) - { - if (tagged.getTagNo() == publicKeyCertificate) - { - publicKeyCert = ASN1OctetString.getInstance(tagged, true).getOctets(); - } - else if (tagged.getTagNo() == attributeCertificate) - { - attributeCert = ASN1OctetString.getInstance(tagged, true).getOctets(); - } - else - { - throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo()); - } - } - - /** - * Constructor from a given details. - *

- * Only one parameter can be given. All other must be null. - * - * @param certificate Given as Certificate - */ - public RequestedCertificate(X509CertificateStructure certificate) - { - this.cert = certificate; - } - - public RequestedCertificate(int type, byte[] certificateOctets) - { - this(new DERTaggedObject(type, new DEROctetString(certificateOctets))); - } - - public int getType() - { - if (cert != null) - { - return certificate; - } - if (publicKeyCert != null) - { - return publicKeyCertificate; - } - return attributeCertificate; - } - - public byte[] getCertificateBytes() - { - if (cert != null) - { - try - { - return cert.getEncoded(); - } - catch (IOException e) - { - throw new IllegalStateException("can't decode certificate: " + e); - } - } - if (publicKeyCert != null) - { - return publicKeyCert; - } - return attributeCert; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *            RequestedCertificate ::= CHOICE {
-     *              Certificate Certificate,
-     *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
-     *              attributeCertificate [1] EXPLICIT OCTET STRING
-     *            }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - if (publicKeyCert != null) - { - return new DERTaggedObject(0, new DEROctetString(publicKeyCert)); - } - if (attributeCert != null) - { - return new DERTaggedObject(1, new DEROctetString(attributeCert)); - } - return cert.getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java deleted file mode 100644 index 7946ff092..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x500.DirectoryString; - -/** - * Some other information of non-restrictive nature regarding the usage of this - * certificate. - * - * 
- *    AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
- *
- */ -public class AdditionalInformationSyntax extends ASN1Encodable -{ - private DirectoryString information; - - public static AdditionalInformationSyntax getInstance(Object obj) - { - if (obj instanceof AdditionalInformationSyntax) - { - return (AdditionalInformationSyntax)obj; - } - - if (obj instanceof ASN1String) - { - return new AdditionalInformationSyntax(DirectoryString.getInstance(obj)); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - private AdditionalInformationSyntax(DirectoryString information) - { - this.information = information; - } - - /** - * Constructor from a given details. - * - * @param information The describtion of the information. - */ - public AdditionalInformationSyntax(String information) - { - this(new DirectoryString(information)); - } - - public DirectoryString getInformation() - { - return information; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *   AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - return information.toASN1Object(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java deleted file mode 100644 index fdd540c16..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java +++ /dev/null @@ -1,280 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.GeneralName; - -import java.util.Enumeration; - -/** - * Attribute to indicate admissions to certain professions. - *

- * 

- *     AdmissionSyntax ::= SEQUENCE
- *     {
- *       admissionAuthority GeneralName OPTIONAL,
- *       contentsOfAdmissions SEQUENCE OF Admissions
- *     }
- * 

- *     Admissions ::= SEQUENCE
- *     {
- *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- *       professionInfos SEQUENCE OF ProfessionInfo
- *     }
- * 

- *     NamingAuthority ::= SEQUENCE
- *     {
- *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
- *       namingAuthorityUrl IA5String OPTIONAL,
- *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- *     }
- * 

- *     ProfessionInfo ::= SEQUENCE
- *     {
- *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- *       professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- *       professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- *       registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- *       addProfessionInfo OCTET STRING OPTIONAL
- *     }
- *
- *

- *

- * ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax - * supports the following concepts and requirements: - *

- *

- * By means of different namingAuthority-OIDs or profession OIDs hierarchies of - * professions, specializations, disciplines, fields of activity, etc. can be - * expressed. The issuing admission authority should always be indicated (field - * admissionAuthority), whenever a registration number is presented. Still, - * information on admissions can be given without indicating an admission or a - * naming authority by the exclusive use of the component professionItems. In - * this case the certification authority is responsible for the verification of - * the admission information. - *

- *

- *

- * This attribute is single-valued. Still, several admissions can be captured in - * the sequence structure of the component contentsOfAdmissions of - * AdmissionSyntax or in the component professionInfos of Admissions. The - * component admissionAuthority of AdmissionSyntax serves as default value for - * the component admissionAuthority of Admissions. Within the latter component - * the default value can be overwritten, in case that another authority is - * responsible. The component namingAuthority of Admissions serves as a default - * value for the component namingAuthority of ProfessionInfo. Within the latter - * component the default value can be overwritten, in case that another naming - * authority needs to be recorded. - *

- * The length of the string objects is limited to 128 characters. It is - * recommended to indicate a namingAuthorityURL in all issued attribute - * certificates. If a namingAuthorityURL is indicated, the field professionItems - * of ProfessionInfo should contain only registered titles. If the field - * professionOIDs exists, it has to contain the OIDs of the professions listed - * in professionItems in the same order. In general, the field professionInfos - * should contain only one entry, unless the admissions that are to be listed - * are logically connected (e.g. they have been issued under the same admission - * number). - * - * @see org.bouncycastle.asn1.isismtt.x509.Admissions - * @see org.bouncycastle.asn1.isismtt.x509.ProfessionInfo - * @see org.bouncycastle.asn1.isismtt.x509.NamingAuthority - */ -public class AdmissionSyntax - extends ASN1Encodable -{ - - private GeneralName admissionAuthority; - - private ASN1Sequence contentsOfAdmissions; - - public static AdmissionSyntax getInstance(Object obj) - { - if (obj == null || obj instanceof AdmissionSyntax) - { - return (AdmissionSyntax)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new AdmissionSyntax((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - *

- * The sequence is of type ProcurationSyntax: - *

- * 

-     *     AdmissionSyntax ::= SEQUENCE
-     *     {
-     *       admissionAuthority GeneralName OPTIONAL,
-     *       contentsOfAdmissions SEQUENCE OF Admissions
-     *     }
-     * 

-     *     Admissions ::= SEQUENCE
-     *     {
-     *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-     *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-     *       professionInfos SEQUENCE OF ProfessionInfo
-     *     }
-     * 

-     *     NamingAuthority ::= SEQUENCE
-     *     {
-     *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-     *       namingAuthorityUrl IA5String OPTIONAL,
-     *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-     *     }
-     * 

-     *     ProfessionInfo ::= SEQUENCE
-     *     {
-     *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-     *       professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-     *       professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-     *       registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-     *       addProfessionInfo OCTET STRING OPTIONAL
-     *     }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private AdmissionSyntax(ASN1Sequence seq) - { - switch (seq.size()) - { - case 1: - contentsOfAdmissions = DERSequence.getInstance(seq.getObjectAt(0)); - break; - case 2: - admissionAuthority = GeneralName.getInstance(seq.getObjectAt(0)); - contentsOfAdmissions = DERSequence.getInstance(seq.getObjectAt(1)); - break; - default: - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - } - - /** - * Constructor from given details. - * - * @param admissionAuthority The admission authority. - * @param contentsOfAdmissions The admissions. - */ - public AdmissionSyntax(GeneralName admissionAuthority, ASN1Sequence contentsOfAdmissions) - { - this.admissionAuthority = admissionAuthority; - this.contentsOfAdmissions = contentsOfAdmissions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *     AdmissionSyntax ::= SEQUENCE
-     *     {
-     *       admissionAuthority GeneralName OPTIONAL,
-     *       contentsOfAdmissions SEQUENCE OF Admissions
-     *     }
-     * 

-     *     Admissions ::= SEQUENCE
-     *     {
-     *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-     *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-     *       professionInfos SEQUENCE OF ProfessionInfo
-     *     }
-     * 

-     *     NamingAuthority ::= SEQUENCE
-     *     {
-     *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-     *       namingAuthorityUrl IA5String OPTIONAL,
-     *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-     *     }
-     * 

-     *     ProfessionInfo ::= SEQUENCE
-     *     {
-     *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-     *       professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-     *       professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-     *       registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-     *       addProfessionInfo OCTET STRING OPTIONAL
-     *     }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - if (admissionAuthority != null) - { - vec.add(admissionAuthority); - } - vec.add(contentsOfAdmissions); - return new DERSequence(vec); - } - - /** - * @return Returns the admissionAuthority if present, null otherwise. - */ - public GeneralName getAdmissionAuthority() - { - return admissionAuthority; - } - - /** - * @return Returns the contentsOfAdmissions. - */ - public Admissions[] getContentsOfAdmissions() - { - Admissions[] admissions = new Admissions[contentsOfAdmissions.size()]; - int count = 0; - for (Enumeration e = contentsOfAdmissions.getObjects(); e.hasMoreElements();) - { - admissions[count++] = Admissions.getInstance(e.nextElement()); - } - return admissions; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java deleted file mode 100644 index f679beed2..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java +++ /dev/null @@ -1,188 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.GeneralName; - -import java.util.Enumeration; - -/** - * An Admissions structure. - *

- * 

- *            Admissions ::= SEQUENCE
- *            {
- *              admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- *              namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- *              professionInfos SEQUENCE OF ProfessionInfo
- *            }
- * 

- *
- * - * @see org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax - * @see org.bouncycastle.asn1.isismtt.x509.ProfessionInfo - * @see org.bouncycastle.asn1.isismtt.x509.NamingAuthority - */ -public class Admissions extends ASN1Encodable -{ - - private GeneralName admissionAuthority; - - private NamingAuthority namingAuthority; - - private ASN1Sequence professionInfos; - - public static Admissions getInstance(Object obj) - { - if (obj == null || obj instanceof Admissions) - { - return (Admissions)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new Admissions((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - *

- * The sequence is of type ProcurationSyntax: - *

- * 

-     *            Admissions ::= SEQUENCE
-     *            {
-     *              admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-     *              namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-     *              professionInfos SEQUENCE OF ProfessionInfo
-     *            }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private Admissions(ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - Enumeration e = seq.getObjects(); - - DEREncodable o = (DEREncodable)e.nextElement(); - if (o instanceof ASN1TaggedObject) - { - switch (((ASN1TaggedObject)o).getTagNo()) - { - case 0: - admissionAuthority = GeneralName.getInstance((ASN1TaggedObject)o, true); - break; - case 1: - namingAuthority = NamingAuthority.getInstance((ASN1TaggedObject)o, true); - break; - default: - throw new IllegalArgumentException("Bad tag number: " + ((ASN1TaggedObject)o).getTagNo()); - } - o = (DEREncodable)e.nextElement(); - } - if (o instanceof ASN1TaggedObject) - { - switch (((ASN1TaggedObject)o).getTagNo()) - { - case 1: - namingAuthority = NamingAuthority.getInstance((ASN1TaggedObject)o, true); - break; - default: - throw new IllegalArgumentException("Bad tag number: " + ((ASN1TaggedObject)o).getTagNo()); - } - o = (DEREncodable)e.nextElement(); - } - professionInfos = ASN1Sequence.getInstance(o); - if (e.hasMoreElements()) - { - throw new IllegalArgumentException("Bad object encountered: " - + e.nextElement().getClass()); - } - } - - /** - * Constructor from a given details. - *

- * Parameter professionInfos is mandatory. - * - * @param admissionAuthority The admission authority. - * @param namingAuthority The naming authority. - * @param professionInfos The profession infos. - */ - public Admissions(GeneralName admissionAuthority, - NamingAuthority namingAuthority, ProfessionInfo[] professionInfos) - { - this.admissionAuthority = admissionAuthority; - this.namingAuthority = namingAuthority; - this.professionInfos = new DERSequence(professionInfos); - } - - public GeneralName getAdmissionAuthority() - { - return admissionAuthority; - } - - public NamingAuthority getNamingAuthority() - { - return namingAuthority; - } - - public ProfessionInfo[] getProfessionInfos() - { - ProfessionInfo[] infos = new ProfessionInfo[professionInfos.size()]; - int count = 0; - for (Enumeration e = professionInfos.getObjects(); e.hasMoreElements();) - { - infos[count++] = ProfessionInfo.getInstance(e.nextElement()); - } - return infos; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *       Admissions ::= SEQUENCE
-     *       {
-     *         admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-     *         namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-     *         professionInfos SEQUENCE OF ProfessionInfo
-     *       }
-     * 

-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - - if (admissionAuthority != null) - { - vec.add(new DERTaggedObject(true, 0, admissionAuthority)); - } - if (namingAuthority != null) - { - vec.add(new DERTaggedObject(true, 1, namingAuthority)); - } - vec.add(professionInfos); - - return new DERSequence(vec); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java deleted file mode 100644 index f382cfbbf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * A declaration of majority. - *

- * 

- *           DeclarationOfMajoritySyntax ::= CHOICE
- *           {
- *             notYoungerThan [0] IMPLICIT INTEGER,
- *             fullAgeAtCountry [1] IMPLICIT SEQUENCE
- *             {
- *               fullAge BOOLEAN DEFAULT TRUE,
- *               country PrintableString (SIZE(2))
- *             }
- *             dateOfBirth [2] IMPLICIT GeneralizedTime
- *           }
- *
- *

- * fullAgeAtCountry indicates the majority of the owner with respect to the laws - * of a specific country. - */ -public class DeclarationOfMajority - extends ASN1Encodable - implements ASN1Choice -{ - public static final int notYoungerThan = 0; - public static final int fullAgeAtCountry = 1; - public static final int dateOfBirth = 2; - - private ASN1TaggedObject declaration; - - public DeclarationOfMajority(int notYoungerThan) - { - declaration = new DERTaggedObject(false, 0, new DERInteger(notYoungerThan)); - } - - public DeclarationOfMajority(boolean fullAge, String country) - { - if (country.length() > 2) - { - throw new IllegalArgumentException("country can only be 2 characters"); - } - - if (fullAge) - { - declaration = new DERTaggedObject(false, 1, new DERSequence(new DERPrintableString(country, true))); - } - else - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(DERBoolean.FALSE); - v.add(new DERPrintableString(country, true)); - - declaration = new DERTaggedObject(false, 1, new DERSequence(v)); - } - } - - public DeclarationOfMajority(DERGeneralizedTime dateOfBirth) - { - declaration = new DERTaggedObject(false, 2, dateOfBirth); - } - - public static DeclarationOfMajority getInstance(Object obj) - { - if (obj == null || obj instanceof DeclarationOfMajority) - { - return (DeclarationOfMajority)obj; - } - - if (obj instanceof ASN1TaggedObject) - { - return new DeclarationOfMajority((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - private DeclarationOfMajority(ASN1TaggedObject o) - { - if (o.getTagNo() > 2) - { - throw new IllegalArgumentException("Bad tag number: " + o.getTagNo()); - } - declaration = o; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *           DeclarationOfMajoritySyntax ::= CHOICE
-     *           {
-     *             notYoungerThan [0] IMPLICIT INTEGER,
-     *             fullAgeAtCountry [1] IMPLICIT SEQUENCE
-     *             {
-     *               fullAge BOOLEAN DEFAULT TRUE,
-     *               country PrintableString (SIZE(2))
-     *             }
-     *             dateOfBirth [2] IMPLICIT GeneralizedTime
-     *           }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - return declaration; - } - - public int getType() - { - return declaration.getTagNo(); - } - - /** - * @return notYoungerThan if that's what we are, -1 otherwise - */ - public int notYoungerThan() - { - if (declaration.getTagNo() != 0) - { - return -1; - } - - return DERInteger.getInstance(declaration, false).getValue().intValue(); - } - - public ASN1Sequence fullAgeAtCountry() - { - if (declaration.getTagNo() != 1) - { - return null; - } - - return ASN1Sequence.getInstance(declaration, false); - } - - public DERGeneralizedTime getDateOfBirth() - { - if (declaration.getTagNo() != 2) - { - return null; - } - - return DERGeneralizedTime.getInstance(declaration, false); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java deleted file mode 100644 index fe0528535..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERSequence; - -import java.math.BigInteger; -import java.util.Enumeration; - -/** - * Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST be - * used in new certificates in place of the extension/attribute MonetaryLimit - * since January 1, 2004. For the sake of backward compatibility with - * certificates already in use, components SHOULD support MonetaryLimit (as well - * as QcEuLimitValue). - *

- * Indicates a monetary limit within which the certificate holder is authorized - * to act. (This value DOES NOT express a limit on the liability of the - * certification authority). - *

- * 

- *    MonetaryLimitSyntax ::= SEQUENCE
- *    {
- *      currency PrintableString (SIZE(3)),
- *      amount INTEGER,
- *      exponent INTEGER
- *    }
- *
- *

- * currency must be the ISO code. - *

- * value = amount�10*exponent - */ -public class MonetaryLimit - extends ASN1Encodable -{ - DERPrintableString currency; - DERInteger amount; - DERInteger exponent; - - public static MonetaryLimit getInstance(Object obj) - { - if (obj == null || obj instanceof MonetaryLimit) - { - return (MonetaryLimit)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new MonetaryLimit(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - private MonetaryLimit(ASN1Sequence seq) - { - if (seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - Enumeration e = seq.getObjects(); - currency = DERPrintableString.getInstance(e.nextElement()); - amount = DERInteger.getInstance(e.nextElement()); - exponent = DERInteger.getInstance(e.nextElement()); - } - - /** - * Constructor from a given details. - *

- *

- * value = amount�10^exponent - * - * @param currency The currency. Must be the ISO code. - * @param amount The amount - * @param exponent The exponent - */ - public MonetaryLimit(String currency, int amount, int exponent) - { - this.currency = new DERPrintableString(currency, true); - this.amount = new DERInteger(amount); - this.exponent = new DERInteger(exponent); - } - - public String getCurrency() - { - return currency.getString(); - } - - public BigInteger getAmount() - { - return amount.getValue(); - } - - public BigInteger getExponent() - { - return exponent.getValue(); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *    MonetaryLimitSyntax ::= SEQUENCE
-     *    {
-     *      currency PrintableString (SIZE(3)),
-     *      amount INTEGER,
-     *      exponent INTEGER
-     *    }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(currency); - seq.add(amount); - seq.add(exponent); - - return new DERSequence(seq); - } - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java deleted file mode 100644 index 17d95fc5f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java +++ /dev/null @@ -1,225 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers; -import org.bouncycastle.asn1.x500.DirectoryString; - -/** - * Names of authorities which are responsible for the administration of title - * registers. - * - * 
- *             NamingAuthority ::= SEQUENCE 
- *             {
- *               namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
- *               namingAuthorityUrl IA5String OPTIONAL,
- *               namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- *             }
- *
- * @see org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax - * - */ -public class NamingAuthority - extends ASN1Encodable -{ - - /** - * Profession OIDs should always be defined under the OID branch of the - * responsible naming authority. At the time of this writing, the work group - * �Recht, Wirtschaft, Steuern� (�Law, Economy, Taxes�) is registered as the - * first naming authority under the OID id-isismtt-at-namingAuthorities. - */ - public static final DERObjectIdentifier id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern = - new DERObjectIdentifier(ISISMTTObjectIdentifiers.id_isismtt_at_namingAuthorities + ".1"); - - private DERObjectIdentifier namingAuthorityId; - private String namingAuthorityUrl; - private DirectoryString namingAuthorityText; - - public static NamingAuthority getInstance(Object obj) - { - if (obj == null || obj instanceof NamingAuthority) - { - return (NamingAuthority)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new NamingAuthority((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - public static NamingAuthority getInstance(ASN1TaggedObject obj, boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * Constructor from ASN1Sequence. - *

- *

- * 

-     *             NamingAuthority ::= SEQUENCE
-     *             {
-     *               namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-     *               namingAuthorityUrl IA5String OPTIONAL,
-     *               namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-     *             }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private NamingAuthority(ASN1Sequence seq) - { - - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - if (e.hasMoreElements()) - { - DEREncodable o = (DEREncodable)e.nextElement(); - if (o instanceof DERObjectIdentifier) - { - namingAuthorityId = (DERObjectIdentifier)o; - } - else if (o instanceof DERIA5String) - { - namingAuthorityUrl = DERIA5String.getInstance(o).getString(); - } - else if (o instanceof ASN1String) - { - namingAuthorityText = DirectoryString.getInstance(o); - } - else - { - throw new IllegalArgumentException("Bad object encountered: " - + o.getClass()); - } - } - if (e.hasMoreElements()) - { - DEREncodable o = (DEREncodable)e.nextElement(); - if (o instanceof DERIA5String) - { - namingAuthorityUrl = DERIA5String.getInstance(o).getString(); - } - else if (o instanceof ASN1String) - { - namingAuthorityText = DirectoryString.getInstance(o); - } - else - { - throw new IllegalArgumentException("Bad object encountered: " - + o.getClass()); - } - } - if (e.hasMoreElements()) - { - DEREncodable o = (DEREncodable)e.nextElement(); - if (o instanceof ASN1String) - { - namingAuthorityText = DirectoryString.getInstance(o); - } - else - { - throw new IllegalArgumentException("Bad object encountered: " - + o.getClass()); - } - - } - } - - /** - * @return Returns the namingAuthorityId. - */ - public DERObjectIdentifier getNamingAuthorityId() - { - return namingAuthorityId; - } - - /** - * @return Returns the namingAuthorityText. - */ - public DirectoryString getNamingAuthorityText() - { - return namingAuthorityText; - } - - /** - * @return Returns the namingAuthorityUrl. - */ - public String getNamingAuthorityUrl() - { - return namingAuthorityUrl; - } - - /** - * Constructor from given details. - *

- * All parameters can be combined. - * - * @param namingAuthorityId ObjectIdentifier for naming authority. - * @param namingAuthorityUrl URL for naming authority. - * @param namingAuthorityText Textual representation of naming authority. - */ - public NamingAuthority(DERObjectIdentifier namingAuthorityId, - String namingAuthorityUrl, DirectoryString namingAuthorityText) - { - this.namingAuthorityId = namingAuthorityId; - this.namingAuthorityUrl = namingAuthorityUrl; - this.namingAuthorityText = namingAuthorityText; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *             NamingAuthority ::= SEQUENCE
-     *             {
-     *               namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-     *               namingAuthorityUrl IA5String OPTIONAL,
-     *               namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-     *             }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - if (namingAuthorityId != null) - { - vec.add(namingAuthorityId); - } - if (namingAuthorityUrl != null) - { - vec.add(new DERIA5String(namingAuthorityUrl, true)); - } - if (namingAuthorityText != null) - { - vec.add(namingAuthorityText); - } - return new DERSequence(vec); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java deleted file mode 100644 index b0c61e5a9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java +++ /dev/null @@ -1,240 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.DirectoryString; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.IssuerSerial; - -import java.util.Enumeration; - -/** - * Attribute to indicate that the certificate holder may sign in the name of a - * third person. - *

- * ISIS-MTT PROFILE: The corresponding ProcurationSyntax contains either the - * name of the person who is represented (subcomponent thirdPerson) or a - * reference to his/her base certificate (in the component signingFor, - * subcomponent certRef), furthermore the optional components country and - * typeSubstitution to indicate the country whose laws apply, and respectively - * the type of procuration (e.g. manager, procuration, custody). - *

- * ISIS-MTT PROFILE: The GeneralName MUST be of type directoryName and MAY only - * contain: - RFC3039 attributes, except pseudonym (countryName, commonName, - * surname, givenName, serialNumber, organizationName, organizationalUnitName, - * stateOrProvincename, localityName, postalAddress) and - SubjectDirectoryName - * attributes (title, dateOfBirth, placeOfBirth, gender, countryOfCitizenship, - * countryOfResidence and NameAtBirth). - * - * 

- *               ProcurationSyntax ::= SEQUENCE {
- *                 country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
- *                 typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
- *                 signingFor [3] EXPLICIT SigningFor 
- *               }
- *               
- *               SigningFor ::= CHOICE 
- *               { 
- *                 thirdPerson GeneralName,
- *                 certRef IssuerSerial 
- *               }
- *
- * - */ -public class ProcurationSyntax - extends ASN1Encodable -{ - private String country; - private DirectoryString typeOfSubstitution; - - private GeneralName thirdPerson; - private IssuerSerial certRef; - - public static ProcurationSyntax getInstance(Object obj) - { - if (obj == null || obj instanceof ProcurationSyntax) - { - return (ProcurationSyntax)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new ProcurationSyntax((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - *

- * The sequence is of type ProcurationSyntax: - *

- * 

-     *               ProcurationSyntax ::= SEQUENCE {
-     *                 country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
-     *                 typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
-     *                 signingFor [3] EXPLICIT SigningFor
-     *               }
-     * 

-     *               SigningFor ::= CHOICE
-     *               {
-     *                 thirdPerson GeneralName,
-     *                 certRef IssuerSerial
-     *               }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private ProcurationSyntax(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); - switch (o.getTagNo()) - { - case 1: - country = DERPrintableString.getInstance(o, true).getString(); - break; - case 2: - typeOfSubstitution = DirectoryString.getInstance(o, true); - break; - case 3: - DEREncodable signingFor = o.getObject(); - if (signingFor instanceof ASN1TaggedObject) - { - thirdPerson = GeneralName.getInstance(signingFor); - } - else - { - certRef = IssuerSerial.getInstance(signingFor); - } - break; - default: - throw new IllegalArgumentException("Bad tag number: " + o.getTagNo()); - } - } - } - - /** - * Constructor from a given details. - *

- *

- * Either generalName or certRef MUST be - * null. - * - * @param country The country code whose laws apply. - * @param typeOfSubstitution The type of procuration. - * @param certRef Reference to certificate of the person who is represented. - */ - public ProcurationSyntax( - String country, - DirectoryString typeOfSubstitution, - IssuerSerial certRef) - { - this.country = country; - this.typeOfSubstitution = typeOfSubstitution; - this.thirdPerson = null; - this.certRef = certRef; - } - - /** - * Constructor from a given details. - *

- *

- * Either generalName or certRef MUST be - * null. - * - * @param country The country code whose laws apply. - * @param typeOfSubstitution The type of procuration. - * @param thirdPerson The GeneralName of the person who is represented. - */ - public ProcurationSyntax( - String country, - DirectoryString typeOfSubstitution, - GeneralName thirdPerson) - { - this.country = country; - this.typeOfSubstitution = typeOfSubstitution; - this.thirdPerson = thirdPerson; - this.certRef = null; - } - - public String getCountry() - { - return country; - } - - public DirectoryString getTypeOfSubstitution() - { - return typeOfSubstitution; - } - - public GeneralName getThirdPerson() - { - return thirdPerson; - } - - public IssuerSerial getCertRef() - { - return certRef; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *               ProcurationSyntax ::= SEQUENCE {
-     *                 country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
-     *                 typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
-     *                 signingFor [3] EXPLICIT SigningFor
-     *               }
-     * 

-     *               SigningFor ::= CHOICE
-     *               {
-     *                 thirdPerson GeneralName,
-     *                 certRef IssuerSerial
-     *               }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - if (country != null) - { - vec.add(new DERTaggedObject(true, 1, new DERPrintableString(country, true))); - } - if (typeOfSubstitution != null) - { - vec.add(new DERTaggedObject(true, 2, typeOfSubstitution)); - } - if (thirdPerson != null) - { - vec.add(new DERTaggedObject(true, 3, thirdPerson)); - } - else - { - vec.add(new DERTaggedObject(true, 3, certRef)); - } - - return new DERSequence(vec); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java deleted file mode 100644 index 68509e6bf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java +++ /dev/null @@ -1,407 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.DirectoryString; - -import java.util.Enumeration; - -/** - * Professions, specializations, disciplines, fields of activity, etc. - * - * 
- *               ProfessionInfo ::= SEQUENCE 
- *               {
- *                 namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- *                 professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- *                 professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- *                 registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- *                 addProfessionInfo OCTET STRING OPTIONAL 
- *               }
- *
- * - * @see org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax - */ -public class ProfessionInfo extends ASN1Encodable -{ - - /** - * Rechtsanw�ltin - */ - public static final DERObjectIdentifier Rechtsanwltin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".1"); - - /** - * Rechtsanwalt - */ - public static final DERObjectIdentifier Rechtsanwalt = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".2"); - - /** - * Rechtsbeistand - */ - public static final DERObjectIdentifier Rechtsbeistand = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".3"); - - /** - * Steuerberaterin - */ - public static final DERObjectIdentifier Steuerberaterin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".4"); - - /** - * Steuerberater - */ - public static final DERObjectIdentifier Steuerberater = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".5"); - - /** - * Steuerbevollm�chtigte - */ - public static final DERObjectIdentifier Steuerbevollmchtigte = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".6"); - - /** - * Steuerbevollm�chtigter - */ - public static final DERObjectIdentifier Steuerbevollmchtigter = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".7"); - - /** - * Notarin - */ - public static final DERObjectIdentifier Notarin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".8"); - - /** - * Notar - */ - public static final DERObjectIdentifier Notar = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".9"); - - /** - * Notarvertreterin - */ - public static final DERObjectIdentifier Notarvertreterin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".10"); - - /** - * Notarvertreter - */ - public static final DERObjectIdentifier Notarvertreter = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".11"); - - /** - * Notariatsverwalterin - */ - public static final DERObjectIdentifier Notariatsverwalterin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".12"); - - /** - * Notariatsverwalter - */ - public static final DERObjectIdentifier Notariatsverwalter = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".13"); - - /** - * Wirtschaftspr�ferin - */ - public static final DERObjectIdentifier Wirtschaftsprferin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".14"); - - /** - * Wirtschaftspr�fer - */ - public static final DERObjectIdentifier Wirtschaftsprfer = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".15"); - - /** - * Vereidigte Buchpr�ferin - */ - public static final DERObjectIdentifier VereidigteBuchprferin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".16"); - - /** - * Vereidigter Buchpr�fer - */ - public static final DERObjectIdentifier VereidigterBuchprfer = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".17"); - - /** - * Patentanw�ltin - */ - public static final DERObjectIdentifier Patentanwltin = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".18"); - - /** - * Patentanwalt - */ - public static final DERObjectIdentifier Patentanwalt = new DERObjectIdentifier( - NamingAuthority.id_isismtt_at_namingAuthorities_RechtWirtschaftSteuern + ".19"); - - private NamingAuthority namingAuthority; - - private ASN1Sequence professionItems; - - private ASN1Sequence professionOIDs; - - private String registrationNumber; - - private ASN1OctetString addProfessionInfo; - - public static ProfessionInfo getInstance(Object obj) - { - if (obj == null || obj instanceof ProfessionInfo) - { - return (ProfessionInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new ProfessionInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - *

- *

- * 

-     *               ProfessionInfo ::= SEQUENCE
-     *               {
-     *                 namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-     *                 professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-     *                 professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-     *                 registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-     *                 addProfessionInfo OCTET STRING OPTIONAL
-     *               }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private ProfessionInfo(ASN1Sequence seq) - { - if (seq.size() > 5) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - DEREncodable o = (DEREncodable)e.nextElement(); - - if (o instanceof ASN1TaggedObject) - { - if (((ASN1TaggedObject)o).getTagNo() != 0) - { - throw new IllegalArgumentException("Bad tag number: " - + ((ASN1TaggedObject)o).getTagNo()); - } - namingAuthority = NamingAuthority.getInstance((ASN1TaggedObject)o, true); - o = (DEREncodable)e.nextElement(); - } - - professionItems = ASN1Sequence.getInstance(o); - - if (e.hasMoreElements()) - { - o = (DEREncodable)e.nextElement(); - if (o instanceof ASN1Sequence) - { - professionOIDs = ASN1Sequence.getInstance(o); - } - else if (o instanceof DERPrintableString) - { - registrationNumber = DERPrintableString.getInstance(o).getString(); - } - else if (o instanceof ASN1OctetString) - { - addProfessionInfo = ASN1OctetString.getInstance(o); - } - else - { - throw new IllegalArgumentException("Bad object encountered: " - + o.getClass()); - } - } - if (e.hasMoreElements()) - { - o = (DEREncodable)e.nextElement(); - if (o instanceof DERPrintableString) - { - registrationNumber = DERPrintableString.getInstance(o).getString(); - } - else if (o instanceof DEROctetString) - { - addProfessionInfo = (DEROctetString)o; - } - else - { - throw new IllegalArgumentException("Bad object encountered: " - + o.getClass()); - } - } - if (e.hasMoreElements()) - { - o = (DEREncodable)e.nextElement(); - if (o instanceof DEROctetString) - { - addProfessionInfo = (DEROctetString)o; - } - else - { - throw new IllegalArgumentException("Bad object encountered: " - + o.getClass()); - } - } - - } - - /** - * Constructor from given details. - *

- * professionItems is mandatory, all other parameters are - * optional. - * - * @param namingAuthority The naming authority. - * @param professionItems Directory strings of the profession. - * @param professionOIDs DERObjectIdentfier objects for the - * profession. - * @param registrationNumber Registration number. - * @param addProfessionInfo Additional infos in encoded form. - */ - public ProfessionInfo(NamingAuthority namingAuthority, - DirectoryString[] professionItems, DERObjectIdentifier[] professionOIDs, - String registrationNumber, ASN1OctetString addProfessionInfo) - { - this.namingAuthority = namingAuthority; - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i != professionItems.length; i++) - { - v.add(professionItems[i]); - } - this.professionItems = new DERSequence(v); - if (professionOIDs != null) - { - v = new ASN1EncodableVector(); - for (int i = 0; i != professionOIDs.length; i++) - { - v.add(professionOIDs[i]); - } - this.professionOIDs = new DERSequence(v); - } - this.registrationNumber = registrationNumber; - this.addProfessionInfo = addProfessionInfo; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *               ProfessionInfo ::= SEQUENCE
-     *               {
-     *                 namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-     *                 professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-     *                 professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-     *                 registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-     *                 addProfessionInfo OCTET STRING OPTIONAL
-     *               }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - if (namingAuthority != null) - { - vec.add(new DERTaggedObject(true, 0, namingAuthority)); - } - vec.add(professionItems); - if (professionOIDs != null) - { - vec.add(professionOIDs); - } - if (registrationNumber != null) - { - vec.add(new DERPrintableString(registrationNumber, true)); - } - if (addProfessionInfo != null) - { - vec.add(addProfessionInfo); - } - return new DERSequence(vec); - } - - /** - * @return Returns the addProfessionInfo. - */ - public ASN1OctetString getAddProfessionInfo() - { - return addProfessionInfo; - } - - /** - * @return Returns the namingAuthority. - */ - public NamingAuthority getNamingAuthority() - { - return namingAuthority; - } - - /** - * @return Returns the professionItems. - */ - public DirectoryString[] getProfessionItems() - { - DirectoryString[] items = new DirectoryString[professionItems.size()]; - int count = 0; - for (Enumeration e = professionItems.getObjects(); e.hasMoreElements();) - { - items[count++] = DirectoryString.getInstance(e.nextElement()); - } - return items; - } - - /** - * @return Returns the professionOIDs. - */ - public DERObjectIdentifier[] getProfessionOIDs() - { - if (professionOIDs == null) - { - return new DERObjectIdentifier[0]; - } - DERObjectIdentifier[] oids = new DERObjectIdentifier[professionOIDs.size()]; - int count = 0; - for (Enumeration e = professionOIDs.getObjects(); e.hasMoreElements();) - { - oids[count++] = DERObjectIdentifier.getInstance(e.nextElement()); - } - return oids; - } - - /** - * @return Returns the registrationNumber. - */ - public String getRegistrationNumber() - { - return registrationNumber; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java deleted file mode 100644 index 73153f8a3..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.isismtt.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x500.DirectoryString; - -/** - * Some other restriction regarding the usage of this certificate. - *

- * 

- *  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
- *
- */ -public class Restriction extends ASN1Encodable -{ - private DirectoryString restriction; - - public static Restriction getInstance(Object obj) - { - if (obj instanceof Restriction) - { - return (Restriction)obj; - } - - if (obj instanceof ASN1String) - { - return new Restriction(DirectoryString.getInstance(obj)); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * Constructor from DERString. - *

- * The DERString is of type RestrictionSyntax: - *

- * 

-     *      RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-     *
- * - * @param restriction A DERString. - */ - private Restriction(DirectoryString restriction) - { - this.restriction = restriction; - } - - /** - * Constructor from a given details. - * - * @param restriction The describtion of the restriction. - */ - public Restriction(String restriction) - { - this.restriction = new DirectoryString(restriction); - } - - public DirectoryString getRestriction() - { - return restriction; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *      RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-     * 

-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - return restriction.toASN1Object(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.java deleted file mode 100644 index 73e0c581c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.asn1.kisa; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface KISAObjectIdentifiers -{ - public static final ASN1ObjectIdentifier id_seedCBC = new ASN1ObjectIdentifier("1.2.410.200004.1.4"); - public static final ASN1ObjectIdentifier id_npki_app_cmsSeed_wrap = new ASN1ObjectIdentifier("1.2.410.200004.7.1.1.1"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java deleted file mode 100644 index f40a943bc..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.asn1.microsoft; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface MicrosoftObjectIdentifiers -{ - // - // Microsoft - // iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) - // - static final ASN1ObjectIdentifier microsoft = new ASN1ObjectIdentifier("1.3.6.1.4.1.311"); - static final ASN1ObjectIdentifier microsoftCertTemplateV1 = microsoft.branch("20.2"); - static final ASN1ObjectIdentifier microsoftCaVersion = microsoft.branch("21.1"); - static final ASN1ObjectIdentifier microsoftPrevCaCertHash = microsoft.branch("21.2"); - static final ASN1ObjectIdentifier microsoftCertTemplateV2 = microsoft.branch("21.7"); - static final ASN1ObjectIdentifier microsoftAppPolicies = microsoft.branch("21.10"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/CAST5CBCParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/CAST5CBCParameters.java deleted file mode 100644 index 6616f23ca..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/CAST5CBCParameters.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class CAST5CBCParameters - extends ASN1Encodable -{ - DERInteger keyLength; - ASN1OctetString iv; - - public static CAST5CBCParameters getInstance( - Object o) - { - if (o instanceof CAST5CBCParameters) - { - return (CAST5CBCParameters)o; - } - else if (o instanceof ASN1Sequence) - { - return new CAST5CBCParameters((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in CAST5CBCParameter factory"); - } - - public CAST5CBCParameters( - byte[] iv, - int keyLength) - { - this.iv = new DEROctetString(iv); - this.keyLength = new DERInteger(keyLength); - } - - public CAST5CBCParameters( - ASN1Sequence seq) - { - iv = (ASN1OctetString)seq.getObjectAt(0); - keyLength = (DERInteger)seq.getObjectAt(1); - } - - public byte[] getIV() - { - return iv.getOctets(); - } - - public int getKeyLength() - { - return keyLength.getValue().intValue(); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * cast5CBCParameters ::= SEQUENCE {
-     *                           iv         OCTET STRING DEFAULT 0,
-     *                                  -- Initialization vector
-     *                           keyLength  INTEGER
-     *                                  -- Key length, in bits
-     *                      }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(iv); - v.add(keyLength); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java deleted file mode 100644 index c384e8a3e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class IDEACBCPar - extends ASN1Encodable -{ - ASN1OctetString iv; - - public static IDEACBCPar getInstance( - Object o) - { - if (o instanceof IDEACBCPar) - { - return (IDEACBCPar)o; - } - else if (o instanceof ASN1Sequence) - { - return new IDEACBCPar((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in IDEACBCPar factory"); - } - - public IDEACBCPar( - byte[] iv) - { - this.iv = new DEROctetString(iv); - } - - public IDEACBCPar( - ASN1Sequence seq) - { - if (seq.size() == 1) - { - iv = (ASN1OctetString)seq.getObjectAt(0); - } - else - { - iv = null; - } - } - - public byte[] getIV() - { - if (iv != null) - { - return iv.getOctets(); - } - else - { - return null; - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * IDEA-CBCPar ::= SEQUENCE {
-     *                      iv    OCTET STRING OPTIONAL -- exactly 8 octets
-     *                  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (iv != null) - { - v.add(iv); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java deleted file mode 100644 index debf26884..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface MiscObjectIdentifiers -{ - // - // Netscape - // iso/itu(2) joint-assign(16) us(840) uscompany(1) netscape(113730) cert-extensions(1) } - // - static final ASN1ObjectIdentifier netscape = new ASN1ObjectIdentifier("2.16.840.1.113730.1"); - static final ASN1ObjectIdentifier netscapeCertType = netscape.branch("1"); - static final ASN1ObjectIdentifier netscapeBaseURL = netscape.branch("2"); - static final ASN1ObjectIdentifier netscapeRevocationURL = netscape.branch("3"); - static final ASN1ObjectIdentifier netscapeCARevocationURL = netscape.branch("4"); - static final ASN1ObjectIdentifier netscapeRenewalURL = netscape.branch("7"); - static final ASN1ObjectIdentifier netscapeCApolicyURL = netscape.branch("8"); - static final ASN1ObjectIdentifier netscapeSSLServerName = netscape.branch("12"); - static final ASN1ObjectIdentifier netscapeCertComment = netscape.branch("13"); - - // - // Verisign - // iso/itu(2) joint-assign(16) us(840) uscompany(1) verisign(113733) cert-extensions(1) } - // - static final ASN1ObjectIdentifier verisign = new ASN1ObjectIdentifier("2.16.840.1.113733.1"); - - // - // CZAG - country, zip, age, and gender - // - static final ASN1ObjectIdentifier verisignCzagExtension = verisign.branch("6.3"); - // D&B D-U-N-S number - static final ASN1ObjectIdentifier verisignDnbDunsNumber = verisign.branch("6.15"); - - // - // Novell - // iso/itu(2) country(16) us(840) organization(1) novell(113719) - // - static final ASN1ObjectIdentifier novell = new ASN1ObjectIdentifier("2.16.840.1.113719"); - static final ASN1ObjectIdentifier novellSecurityAttribs = novell.branch("1.9.4.1"); - - // - // Entrust - // iso(1) member-body(16) us(840) nortelnetworks(113533) entrust(7) - // - static final ASN1ObjectIdentifier entrust = new ASN1ObjectIdentifier("1.2.840.113533.7"); - static final ASN1ObjectIdentifier entrustVersionExtension = entrust.branch("65.0"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java deleted file mode 100644 index 61a851abd..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -/** - * The NetscapeCertType object. - * 
- *    NetscapeCertType ::= BIT STRING {
- *         SSLClient               (0),
- *         SSLServer               (1),
- *         S/MIME                  (2),
- *         Object Signing          (3),
- *         Reserved                (4),
- *         SSL CA                  (5),
- *         S/MIME CA               (6),
- *         Object Signing CA       (7) }
- *
- */ -public class NetscapeCertType - extends DERBitString -{ - public static final int sslClient = (1 << 7); - public static final int sslServer = (1 << 6); - public static final int smime = (1 << 5); - public static final int objectSigning = (1 << 4); - public static final int reserved = (1 << 3); - public static final int sslCA = (1 << 2); - public static final int smimeCA = (1 << 1); - public static final int objectSigningCA = (1 << 0); - - /** - * Basic constructor. - * - * @param usage - the bitwise OR of the Key Usage flags giving the - * allowed uses for the key. - * e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA) - */ - public NetscapeCertType( - int usage) - { - super(getBytes(usage), getPadBits(usage)); - } - - public NetscapeCertType( - DERBitString usage) - { - super(usage.getBytes(), usage.getPadBits()); - } - - public String toString() - { - return "NetscapeCertType: 0x" + Integer.toHexString(data[0] & 0xff); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java deleted file mode 100644 index ba35d0848..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class NetscapeRevocationURL - extends DERIA5String -{ - public NetscapeRevocationURL( - DERIA5String str) - { - super(str.getString()); - } - - public String toString() - { - return "NetscapeRevocationURL: " + this.getString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java deleted file mode 100644 index 5066ec547..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class VerisignCzagExtension - extends DERIA5String -{ - public VerisignCzagExtension( - DERIA5String str) - { - super(str.getString()); - } - - public String toString() - { - return "VerisignCzagExtension: " + this.getString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/package.html deleted file mode 100644 index e3bda6408..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/misc/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Miscellaneous object identifiers and objects. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java deleted file mode 100644 index 97482ee86..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.asn1.mozilla; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * This is designed to parse - * the PublicKeyAndChallenge created by the KEYGEN tag included by - * Mozilla based browsers. - * 
- *  PublicKeyAndChallenge ::= SEQUENCE {
- *    spki SubjectPublicKeyInfo,
- *    challenge IA5STRING
- *  }
- *
- *
- */ -public class PublicKeyAndChallenge - extends ASN1Encodable -{ - private ASN1Sequence pkacSeq; - private SubjectPublicKeyInfo spki; - private DERIA5String challenge; - - public static PublicKeyAndChallenge getInstance(Object obj) - { - if (obj instanceof PublicKeyAndChallenge) - { - return (PublicKeyAndChallenge)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PublicKeyAndChallenge((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unkown object in factory: " + obj.getClass().getName()); - } - - public PublicKeyAndChallenge(ASN1Sequence seq) - { - pkacSeq = seq; - spki = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(0)); - challenge = DERIA5String.getInstance(seq.getObjectAt(1)); - } - - public DERObject toASN1Object() - { - return pkacSeq; - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return spki; - } - - public DERIA5String getChallenge() - { - return challenge; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/package.html deleted file mode 100644 index 40776b018..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/mozilla/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding objects used by mozilla. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java deleted file mode 100644 index 821e0d131..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.asn1.nist; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.sec.SECObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.util.Strings; - -import java.util.Enumeration; -import java.util.Hashtable; - -/** - * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2 - */ -public class NISTNamedCurves -{ - static final Hashtable objIds = new Hashtable(); - static final Hashtable names = new Hashtable(); - - static void defineCurve(String name, DERObjectIdentifier oid) - { - objIds.put(name, oid); - names.put(oid, name); - } - - static - { - // TODO Missing the "K-" curves - - defineCurve("B-571", SECObjectIdentifiers.sect571r1); - defineCurve("B-409", SECObjectIdentifiers.sect409r1); - defineCurve("B-283", SECObjectIdentifiers.sect283r1); - defineCurve("B-233", SECObjectIdentifiers.sect233r1); - defineCurve("B-163", SECObjectIdentifiers.sect163r2); - defineCurve("P-521", SECObjectIdentifiers.secp521r1); - defineCurve("P-384", SECObjectIdentifiers.secp384r1); - defineCurve("P-256", SECObjectIdentifiers.secp256r1); - defineCurve("P-224", SECObjectIdentifiers.secp224r1); - defineCurve("P-192", SECObjectIdentifiers.secp192r1); - } - - public static X9ECParameters getByName( - String name) - { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name)); - - if (oid != null) - { - return getByOID(oid); - } - - return null; - } - - /** - * return the X9ECParameters object for the named curve represented by - * the passed in object identifier. Null if the curve isn't present. - * - * @param oid an object identifier representing a named curve, if present. - */ - public static X9ECParameters getByOID( - DERObjectIdentifier oid) - { - return SECNamedCurves.getByOID(oid); - } - - /** - * return the object identifier signified by the passed in name. Null - * if there is no object identifier associated with name. - * - * @return the object identifier associated with name, if present. - */ - public static DERObjectIdentifier getOID( - String name) - { - return (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name)); - } - - /** - * return the named curve name represented by the given object identifier. - */ - public static String getName( - DERObjectIdentifier oid) - { - return (String)names.get(oid); - } - - /** - * returns an enumeration containing the name strings for curves - * contained in this structure. - */ - public static Enumeration getNames() - { - return objIds.keys(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java deleted file mode 100644 index 258f269e7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.asn1.nist; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface NISTObjectIdentifiers -{ - // - // NIST - // iso/itu(2) joint-assign(16) us(840) organization(1) gov(101) csor(3) - - // - // nistalgorithms(4) - // - static final ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4"); - - static final ASN1ObjectIdentifier id_sha256 = nistAlgorithm.branch("2.1"); - static final ASN1ObjectIdentifier id_sha384 = nistAlgorithm.branch("2.2"); - static final ASN1ObjectIdentifier id_sha512 = nistAlgorithm.branch("2.3"); - static final ASN1ObjectIdentifier id_sha224 = nistAlgorithm.branch("2.4"); - - static final ASN1ObjectIdentifier aes = nistAlgorithm.branch("1"); - - static final ASN1ObjectIdentifier id_aes128_ECB = aes.branch("1"); - static final ASN1ObjectIdentifier id_aes128_CBC = aes.branch("2"); - static final ASN1ObjectIdentifier id_aes128_OFB = aes.branch("3"); - static final ASN1ObjectIdentifier id_aes128_CFB = aes.branch("4"); - static final ASN1ObjectIdentifier id_aes128_wrap = aes.branch("5"); - static final ASN1ObjectIdentifier id_aes128_GCM = aes.branch("6"); - static final ASN1ObjectIdentifier id_aes128_CCM = aes.branch("7"); - - static final ASN1ObjectIdentifier id_aes192_ECB = aes.branch("21"); - static final ASN1ObjectIdentifier id_aes192_CBC = aes.branch("22"); - static final ASN1ObjectIdentifier id_aes192_OFB = aes.branch("23"); - static final ASN1ObjectIdentifier id_aes192_CFB = aes.branch("24"); - static final ASN1ObjectIdentifier id_aes192_wrap = aes.branch("25"); - static final ASN1ObjectIdentifier id_aes192_GCM = aes.branch("26"); - static final ASN1ObjectIdentifier id_aes192_CCM = aes.branch("27"); - - static final ASN1ObjectIdentifier id_aes256_ECB = aes.branch("41"); - static final ASN1ObjectIdentifier id_aes256_CBC = aes.branch("42"); - static final ASN1ObjectIdentifier id_aes256_OFB = aes.branch("43"); - static final ASN1ObjectIdentifier id_aes256_CFB = aes.branch("44"); - static final ASN1ObjectIdentifier id_aes256_wrap = aes.branch("45"); - static final ASN1ObjectIdentifier id_aes256_GCM = aes.branch("46"); - static final ASN1ObjectIdentifier id_aes256_CCM = aes.branch("47"); - - // - // signatures - // - static final ASN1ObjectIdentifier id_dsa_with_sha2 = nistAlgorithm.branch("3"); - - static final ASN1ObjectIdentifier dsa_with_sha224 = id_dsa_with_sha2.branch("1"); - static final ASN1ObjectIdentifier dsa_with_sha256 = id_dsa_with_sha2.branch("2"); - static final ASN1ObjectIdentifier dsa_with_sha384 = id_dsa_with_sha2.branch("3"); - static final ASN1ObjectIdentifier dsa_with_sha512 = id_dsa_with_sha2.branch("4"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/package.html deleted file mode 100644 index 1cdca7695..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/nist/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes for NIST related objects. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ntt/NTTObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ntt/NTTObjectIdentifiers.java deleted file mode 100644 index 2e4132ad4..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ntt/NTTObjectIdentifiers.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.asn1.ntt; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -/** - * From RFC 3657 - */ -public interface NTTObjectIdentifiers -{ - public static final ASN1ObjectIdentifier id_camellia128_cbc = new ASN1ObjectIdentifier("1.2.392.200011.61.1.1.1.2"); - public static final ASN1ObjectIdentifier id_camellia192_cbc = new ASN1ObjectIdentifier("1.2.392.200011.61.1.1.1.3"); - public static final ASN1ObjectIdentifier id_camellia256_cbc = new ASN1ObjectIdentifier("1.2.392.200011.61.1.1.1.4"); - - public static final ASN1ObjectIdentifier id_camellia128_wrap = new ASN1ObjectIdentifier("1.2.392.200011.61.1.1.3.2"); - public static final ASN1ObjectIdentifier id_camellia192_wrap = new ASN1ObjectIdentifier("1.2.392.200011.61.1.1.3.3"); - public static final ASN1ObjectIdentifier id_camellia256_wrap = new ASN1ObjectIdentifier("1.2.392.200011.61.1.1.3.4"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java deleted file mode 100644 index b2c8e55f0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java +++ /dev/null @@ -1,112 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class BasicOCSPResponse - extends ASN1Encodable -{ - private ResponseData tbsResponseData; - private AlgorithmIdentifier signatureAlgorithm; - private DERBitString signature; - private ASN1Sequence certs; - - public BasicOCSPResponse( - ResponseData tbsResponseData, - AlgorithmIdentifier signatureAlgorithm, - DERBitString signature, - ASN1Sequence certs) - { - this.tbsResponseData = tbsResponseData; - this.signatureAlgorithm = signatureAlgorithm; - this.signature = signature; - this.certs = certs; - } - - public BasicOCSPResponse( - ASN1Sequence seq) - { - this.tbsResponseData = ResponseData.getInstance(seq.getObjectAt(0)); - this.signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - this.signature = (DERBitString)seq.getObjectAt(2); - - if (seq.size() > 3) - { - this.certs = ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(3), true); - } - } - - public static BasicOCSPResponse getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static BasicOCSPResponse getInstance( - Object obj) - { - if (obj == null || obj instanceof BasicOCSPResponse) - { - return (BasicOCSPResponse)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new BasicOCSPResponse((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public ResponseData getTbsResponseData() - { - return tbsResponseData; - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public DERBitString getSignature() - { - return signature; - } - - public ASN1Sequence getCerts() - { - return certs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * BasicOCSPResponse       ::= SEQUENCE {
-     *      tbsResponseData      ResponseData,
-     *      signatureAlgorithm   AlgorithmIdentifier,
-     *      signature            BIT STRING,
-     *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsResponseData); - v.add(signatureAlgorithm); - v.add(signature); - if (certs != null) - { - v.add(new DERTaggedObject(true, 0, certs)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java deleted file mode 100644 index 359567b94..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class CertID - extends ASN1Encodable -{ - AlgorithmIdentifier hashAlgorithm; - ASN1OctetString issuerNameHash; - ASN1OctetString issuerKeyHash; - DERInteger serialNumber; - - public CertID( - AlgorithmIdentifier hashAlgorithm, - ASN1OctetString issuerNameHash, - ASN1OctetString issuerKeyHash, - DERInteger serialNumber) - { - this.hashAlgorithm = hashAlgorithm; - this.issuerNameHash = issuerNameHash; - this.issuerKeyHash = issuerKeyHash; - this.serialNumber = serialNumber; - } - - public CertID( - ASN1Sequence seq) - { - hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - issuerNameHash = (ASN1OctetString)seq.getObjectAt(1); - issuerKeyHash = (ASN1OctetString)seq.getObjectAt(2); - serialNumber = (DERInteger)seq.getObjectAt(3); - } - - public static CertID getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static CertID getInstance( - Object obj) - { - if (obj == null || obj instanceof CertID) - { - return (CertID)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertID((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public ASN1OctetString getIssuerNameHash() - { - return issuerNameHash; - } - - public ASN1OctetString getIssuerKeyHash() - { - return issuerKeyHash; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * CertID          ::=     SEQUENCE {
-     *     hashAlgorithm       AlgorithmIdentifier,
-     *     issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
-     *     issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
-     *     serialNumber        CertificateSerialNumber }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(hashAlgorithm); - v.add(issuerNameHash); - v.add(issuerKeyHash); - v.add(serialNumber); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java deleted file mode 100644 index 5d942a824..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class CertStatus - extends ASN1Encodable - implements ASN1Choice -{ - private int tagNo; - private DEREncodable value; - - /** - * create a CertStatus object with a tag of zero. - */ - public CertStatus() - { - tagNo = 0; - value = new DERNull(); - } - - public CertStatus( - RevokedInfo info) - { - tagNo = 1; - value = info; - } - - public CertStatus( - int tagNo, - DEREncodable value) - { - this.tagNo = tagNo; - this.value = value; - } - - public CertStatus( - ASN1TaggedObject choice) - { - this.tagNo = choice.getTagNo(); - - switch (choice.getTagNo()) - { - case 0: - value = new DERNull(); - break; - case 1: - value = RevokedInfo.getInstance(choice, false); - break; - case 2: - value = new DERNull(); - } - } - - public static CertStatus getInstance( - Object obj) - { - if (obj == null || obj instanceof CertStatus) - { - return (CertStatus)obj; - } - else if (obj instanceof ASN1TaggedObject) - { - return new CertStatus((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public static CertStatus getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public int getTagNo() - { - return tagNo; - } - - public DEREncodable getStatus() - { - return value; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  CertStatus ::= CHOICE {
-     *                  good        [0]     IMPLICIT NULL,
-     *                  revoked     [1]     IMPLICIT RevokedInfo,
-     *                  unknown     [2]     IMPLICIT UnknownInfo }
-     *
- */ - public DERObject toASN1Object() - { - return new DERTaggedObject(false, tagNo, value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java deleted file mode 100644 index c933ac0cf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; - -public class CrlID - extends ASN1Encodable -{ - DERIA5String crlUrl; - DERInteger crlNum; - DERGeneralizedTime crlTime; - - public CrlID( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1TaggedObject o = (ASN1TaggedObject)e.nextElement(); - - switch (o.getTagNo()) - { - case 0: - crlUrl = DERIA5String.getInstance(o, true); - break; - case 1: - crlNum = DERInteger.getInstance(o, true); - break; - case 2: - crlTime = DERGeneralizedTime.getInstance(o, true); - break; - default: - throw new IllegalArgumentException( - "unknown tag number: " + o.getTagNo()); - } - } - } - - public DERIA5String getCrlUrl() - { - return crlUrl; - } - - public DERInteger getCrlNum() - { - return crlNum; - } - - public DERGeneralizedTime getCrlTime() - { - return crlTime; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * CrlID ::= SEQUENCE {
-     *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
-     *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
-     *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (crlUrl != null) - { - v.add(new DERTaggedObject(true, 0, crlUrl)); - } - - if (crlNum != null) - { - v.add(new DERTaggedObject(true, 1, crlNum)); - } - - if (crlTime != null) - { - v.add(new DERTaggedObject(true, 2, crlTime)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java deleted file mode 100644 index 40b15e96c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface OCSPObjectIdentifiers -{ - public static final String pkix_ocsp = "1.3.6.1.5.5.7.48.1"; - - public static final ASN1ObjectIdentifier id_pkix_ocsp = new ASN1ObjectIdentifier(pkix_ocsp); - public static final ASN1ObjectIdentifier id_pkix_ocsp_basic = new ASN1ObjectIdentifier(pkix_ocsp + ".1"); - - // - // extensions - // - public static final ASN1ObjectIdentifier id_pkix_ocsp_nonce = new ASN1ObjectIdentifier(pkix_ocsp + ".2"); - public static final ASN1ObjectIdentifier id_pkix_ocsp_crl = new ASN1ObjectIdentifier(pkix_ocsp + ".3"); - - public static final ASN1ObjectIdentifier id_pkix_ocsp_response = new ASN1ObjectIdentifier(pkix_ocsp + ".4"); - public static final ASN1ObjectIdentifier id_pkix_ocsp_nocheck = new ASN1ObjectIdentifier(pkix_ocsp + ".5"); - public static final ASN1ObjectIdentifier id_pkix_ocsp_archive_cutoff = new ASN1ObjectIdentifier(pkix_ocsp + ".6"); - public static final ASN1ObjectIdentifier id_pkix_ocsp_service_locator = new ASN1ObjectIdentifier(pkix_ocsp + ".7"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java deleted file mode 100644 index deb58c680..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OCSPRequest - extends ASN1Encodable -{ - TBSRequest tbsRequest; - Signature optionalSignature; - - public OCSPRequest( - TBSRequest tbsRequest, - Signature optionalSignature) - { - this.tbsRequest = tbsRequest; - this.optionalSignature = optionalSignature; - } - - public OCSPRequest( - ASN1Sequence seq) - { - tbsRequest = TBSRequest.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - optionalSignature = Signature.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - public static OCSPRequest getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static OCSPRequest getInstance( - Object obj) - { - if (obj == null || obj instanceof OCSPRequest) - { - return (OCSPRequest)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new OCSPRequest((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public TBSRequest getTbsRequest() - { - return tbsRequest; - } - - public Signature getOptionalSignature() - { - return optionalSignature; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OCSPRequest     ::=     SEQUENCE {
-     *     tbsRequest                  TBSRequest,
-     *     optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsRequest); - - if (optionalSignature != null) - { - v.add(new DERTaggedObject(true, 0, optionalSignature)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java deleted file mode 100644 index 895878665..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OCSPResponse - extends ASN1Encodable -{ - OCSPResponseStatus responseStatus; - ResponseBytes responseBytes; - - public OCSPResponse( - OCSPResponseStatus responseStatus, - ResponseBytes responseBytes) - { - this.responseStatus = responseStatus; - this.responseBytes = responseBytes; - } - - public OCSPResponse( - ASN1Sequence seq) - { - responseStatus = new OCSPResponseStatus( - DEREnumerated.getInstance(seq.getObjectAt(0))); - - if (seq.size() == 2) - { - responseBytes = ResponseBytes.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - public static OCSPResponse getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static OCSPResponse getInstance( - Object obj) - { - if (obj == null || obj instanceof OCSPResponse) - { - return (OCSPResponse)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new OCSPResponse((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public OCSPResponseStatus getResponseStatus() - { - return responseStatus; - } - - public ResponseBytes getResponseBytes() - { - return responseBytes; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * OCSPResponse ::= SEQUENCE {
-     *     responseStatus         OCSPResponseStatus,
-     *     responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(responseStatus); - - if (responseBytes != null) - { - v.add(new DERTaggedObject(true, 0, responseBytes)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java deleted file mode 100644 index 7185235df..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.DEREnumerated; - -public class OCSPResponseStatus - extends DEREnumerated -{ - public static final int SUCCESSFUL = 0; - public static final int MALFORMED_REQUEST = 1; - public static final int INTERNAL_ERROR = 2; - public static final int TRY_LATER = 3; - public static final int SIG_REQUIRED = 5; - public static final int UNAUTHORIZED = 6; - - /** - * The OCSPResponseStatus enumeration. - * 
-     * OCSPResponseStatus ::= ENUMERATED {
-     *     successful            (0),  --Response has valid confirmations
-     *     malformedRequest      (1),  --Illegal confirmation request
-     *     internalError         (2),  --Internal error in issuer
-     *     tryLater              (3),  --Try again later
-     *                                 --(4) is not used
-     *     sigRequired           (5),  --Must sign the request
-     *     unauthorized          (6)   --Request unauthorized
-     * }
-     *
- */ - public OCSPResponseStatus( - int value) - { - super(value); - } - - public OCSPResponseStatus( - DEREnumerated value) - { - super(value.getValue().intValue()); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Request.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Request.java deleted file mode 100644 index 63e942249..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Request.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class Request - extends ASN1Encodable -{ - CertID reqCert; - X509Extensions singleRequestExtensions; - - public Request( - CertID reqCert, - X509Extensions singleRequestExtensions) - { - this.reqCert = reqCert; - this.singleRequestExtensions = singleRequestExtensions; - } - - public Request( - ASN1Sequence seq) - { - reqCert = CertID.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - singleRequestExtensions = X509Extensions.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - public static Request getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static Request getInstance( - Object obj) - { - if (obj == null || obj instanceof Request) - { - return (Request)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Request((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public CertID getReqCert() - { - return reqCert; - } - - public X509Extensions getSingleRequestExtensions() - { - return singleRequestExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Request         ::=     SEQUENCE {
-     *     reqCert                     CertID,
-     *     singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(reqCert); - - if (singleRequestExtensions != null) - { - v.add(new DERTaggedObject(true, 0, singleRequestExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java deleted file mode 100644 index 663ea87e5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.X500Name; - -public class ResponderID - extends ASN1Encodable - implements ASN1Choice -{ - private DEREncodable value; - - public ResponderID( - ASN1OctetString value) - { - this.value = value; - } - - public ResponderID( - X500Name value) - { - this.value = value; - } - - public static ResponderID getInstance( - Object obj) - { - if (obj instanceof ResponderID) - { - return (ResponderID)obj; - } - else if (obj instanceof DEROctetString) - { - return new ResponderID((DEROctetString)obj); - } - else if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)obj; - - if (o.getTagNo() == 1) - { - return new ResponderID(X500Name.getInstance(o, true)); - } - else - { - return new ResponderID(ASN1OctetString.getInstance(o, true)); - } - } - - return new ResponderID(X500Name.getInstance(obj)); - } - - public static ResponderID getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public byte[] getKeyHash() - { - if (this.value instanceof ASN1OctetString) - { - ASN1OctetString octetString = (ASN1OctetString)this.value; - return octetString.getOctets(); - } - - return null; - } - - public X500Name getName() - { - if (this.value instanceof ASN1OctetString) - { - return null; - } - - return X500Name.getInstance(value); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * ResponderID ::= CHOICE {
-     *      byName          [1] Name,
-     *      byKey           [2] KeyHash }
-     *
- */ - public DERObject toASN1Object() - { - if (value instanceof ASN1OctetString) - { - return new DERTaggedObject(true, 2, value); - } - - return new DERTaggedObject(true, 1, value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java deleted file mode 100644 index b5ee5098e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class ResponseBytes - extends ASN1Encodable -{ - DERObjectIdentifier responseType; - ASN1OctetString response; - - public ResponseBytes( - DERObjectIdentifier responseType, - ASN1OctetString response) - { - this.responseType = responseType; - this.response = response; - } - - public ResponseBytes( - ASN1Sequence seq) - { - responseType = (DERObjectIdentifier)seq.getObjectAt(0); - response = (ASN1OctetString)seq.getObjectAt(1); - } - - public static ResponseBytes getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ResponseBytes getInstance( - Object obj) - { - if (obj == null || obj instanceof ResponseBytes) - { - return (ResponseBytes)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ResponseBytes((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public DERObjectIdentifier getResponseType() - { - return responseType; - } - - public ASN1OctetString getResponse() - { - return response; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * ResponseBytes ::=       SEQUENCE {
-     *     responseType   OBJECT IDENTIFIER,
-     *     response       OCTET STRING }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(responseType); - v.add(response); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java deleted file mode 100644 index d3831aa00..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class ResponseData - extends ASN1Encodable -{ - private static final DERInteger V1 = new DERInteger(0); - - private boolean versionPresent; - - private DERInteger version; - private ResponderID responderID; - private DERGeneralizedTime producedAt; - private ASN1Sequence responses; - private X509Extensions responseExtensions; - - public ResponseData( - DERInteger version, - ResponderID responderID, - DERGeneralizedTime producedAt, - ASN1Sequence responses, - X509Extensions responseExtensions) - { - this.version = version; - this.responderID = responderID; - this.producedAt = producedAt; - this.responses = responses; - this.responseExtensions = responseExtensions; - } - - public ResponseData( - ResponderID responderID, - DERGeneralizedTime producedAt, - ASN1Sequence responses, - X509Extensions responseExtensions) - { - this(V1, responderID, producedAt, responses, responseExtensions); - } - - public ResponseData( - ASN1Sequence seq) - { - int index = 0; - - if (seq.getObjectAt(0) instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); - - if (o.getTagNo() == 0) - { - this.versionPresent = true; - this.version = DERInteger.getInstance( - (ASN1TaggedObject)seq.getObjectAt(0), true); - index++; - } - else - { - this.version = V1; - } - } - else - { - this.version = V1; - } - - this.responderID = ResponderID.getInstance(seq.getObjectAt(index++)); - this.producedAt = (DERGeneralizedTime)seq.getObjectAt(index++); - this.responses = (ASN1Sequence)seq.getObjectAt(index++); - - if (seq.size() > index) - { - this.responseExtensions = X509Extensions.getInstance( - (ASN1TaggedObject)seq.getObjectAt(index), true); - } - } - - public static ResponseData getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ResponseData getInstance( - Object obj) - { - if (obj == null || obj instanceof ResponseData) - { - return (ResponseData)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ResponseData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public ResponderID getResponderID() - { - return responderID; - } - - public DERGeneralizedTime getProducedAt() - { - return producedAt; - } - - public ASN1Sequence getResponses() - { - return responses; - } - - public X509Extensions getResponseExtensions() - { - return responseExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * ResponseData ::= SEQUENCE {
-     *     version              [0] EXPLICIT Version DEFAULT v1,
-     *     responderID              ResponderID,
-     *     producedAt               GeneralizedTime,
-     *     responses                SEQUENCE OF SingleResponse,
-     *     responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (versionPresent || !version.equals(V1)) - { - v.add(new DERTaggedObject(true, 0, version)); - } - - v.add(responderID); - v.add(producedAt); - v.add(responses); - if (responseExtensions != null) - { - v.add(new DERTaggedObject(true, 1, responseExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java deleted file mode 100644 index dc2b053ef..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.CRLReason; - -public class RevokedInfo - extends ASN1Encodable -{ - private DERGeneralizedTime revocationTime; - private CRLReason revocationReason; - - public RevokedInfo( - DERGeneralizedTime revocationTime, - CRLReason revocationReason) - { - this.revocationTime = revocationTime; - this.revocationReason = revocationReason; - } - - public RevokedInfo( - ASN1Sequence seq) - { - this.revocationTime = (DERGeneralizedTime)seq.getObjectAt(0); - - if (seq.size() > 1) - { - this.revocationReason = new CRLReason(DEREnumerated.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)); - } - } - - public static RevokedInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static RevokedInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof RevokedInfo) - { - return (RevokedInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RevokedInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public DERGeneralizedTime getRevocationTime() - { - return revocationTime; - } - - public CRLReason getRevocationReason() - { - return revocationReason; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * RevokedInfo ::= SEQUENCE {
-     *      revocationTime              GeneralizedTime,
-     *      revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(revocationTime); - if (revocationReason != null) - { - v.add(new DERTaggedObject(true, 0, revocationReason)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java deleted file mode 100644 index a5ead3fdd..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x500.X500Name; - -public class ServiceLocator - extends ASN1Encodable -{ - X500Name issuer; - DERObject locator; - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * ServiceLocator ::= SEQUENCE {
-     *     issuer    Name,
-     *     locator   AuthorityInfoAccessSyntax OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(issuer); - - if (locator != null) - { - v.add(locator); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java deleted file mode 100644 index f410b17e9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class Signature - extends ASN1Encodable -{ - AlgorithmIdentifier signatureAlgorithm; - DERBitString signature; - ASN1Sequence certs; - - public Signature( - AlgorithmIdentifier signatureAlgorithm, - DERBitString signature) - { - this.signatureAlgorithm = signatureAlgorithm; - this.signature = signature; - } - - public Signature( - AlgorithmIdentifier signatureAlgorithm, - DERBitString signature, - ASN1Sequence certs) - { - this.signatureAlgorithm = signatureAlgorithm; - this.signature = signature; - this.certs = certs; - } - - public Signature( - ASN1Sequence seq) - { - signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - signature = (DERBitString)seq.getObjectAt(1); - - if (seq.size() == 3) - { - certs = ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(2), true); - } - } - - public static Signature getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static Signature getInstance( - Object obj) - { - if (obj == null || obj instanceof Signature) - { - return (Signature)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Signature((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public DERBitString getSignature() - { - return signature; - } - - public ASN1Sequence getCerts() - { - return certs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Signature       ::=     SEQUENCE {
-     *     signatureAlgorithm      AlgorithmIdentifier,
-     *     signature               BIT STRING,
-     *     certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(signatureAlgorithm); - v.add(signature); - - if (certs != null) - { - v.add(new DERTaggedObject(true, 0, certs)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java deleted file mode 100644 index efe3492ea..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java +++ /dev/null @@ -1,143 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class SingleResponse - extends ASN1Encodable -{ - private CertID certID; - private CertStatus certStatus; - private DERGeneralizedTime thisUpdate; - private DERGeneralizedTime nextUpdate; - private X509Extensions singleExtensions; - - public SingleResponse( - CertID certID, - CertStatus certStatus, - DERGeneralizedTime thisUpdate, - DERGeneralizedTime nextUpdate, - X509Extensions singleExtensions) - { - this.certID = certID; - this.certStatus = certStatus; - this.thisUpdate = thisUpdate; - this.nextUpdate = nextUpdate; - this.singleExtensions = singleExtensions; - } - - public SingleResponse( - ASN1Sequence seq) - { - this.certID = CertID.getInstance(seq.getObjectAt(0)); - this.certStatus = CertStatus.getInstance(seq.getObjectAt(1)); - this.thisUpdate = (DERGeneralizedTime)seq.getObjectAt(2); - - if (seq.size() > 4) - { - this.nextUpdate = DERGeneralizedTime.getInstance( - (ASN1TaggedObject)seq.getObjectAt(3), true); - this.singleExtensions = X509Extensions.getInstance( - (ASN1TaggedObject)seq.getObjectAt(4), true); - } - else if (seq.size() > 3) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(3); - - if (o.getTagNo() == 0) - { - this.nextUpdate = DERGeneralizedTime.getInstance(o, true); - } - else - { - this.singleExtensions = X509Extensions.getInstance(o, true); - } - } - } - - public static SingleResponse getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static SingleResponse getInstance( - Object obj) - { - if (obj == null || obj instanceof SingleResponse) - { - return (SingleResponse)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SingleResponse((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public CertID getCertID() - { - return certID; - } - - public CertStatus getCertStatus() - { - return certStatus; - } - - public DERGeneralizedTime getThisUpdate() - { - return thisUpdate; - } - - public DERGeneralizedTime getNextUpdate() - { - return nextUpdate; - } - - public X509Extensions getSingleExtensions() - { - return singleExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  SingleResponse ::= SEQUENCE {
-     *          certID                       CertID,
-     *          certStatus                   CertStatus,
-     *          thisUpdate                   GeneralizedTime,
-     *          nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
-     *          singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certID); - v.add(certStatus); - v.add(thisUpdate); - - if (nextUpdate != null) - { - v.add(new DERTaggedObject(true, 0, nextUpdate)); - } - - if (singleExtensions != null) - { - v.add(new DERTaggedObject(true, 1, singleExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java deleted file mode 100644 index 3c1dc472c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java +++ /dev/null @@ -1,154 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class TBSRequest - extends ASN1Encodable -{ - private static final DERInteger V1 = new DERInteger(0); - - DERInteger version; - GeneralName requestorName; - ASN1Sequence requestList; - X509Extensions requestExtensions; - - boolean versionSet; - - public TBSRequest( - GeneralName requestorName, - ASN1Sequence requestList, - X509Extensions requestExtensions) - { - this.version = V1; - this.requestorName = requestorName; - this.requestList = requestList; - this.requestExtensions = requestExtensions; - } - - public TBSRequest( - ASN1Sequence seq) - { - int index = 0; - - if (seq.getObjectAt(0) instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); - - if (o.getTagNo() == 0) - { - versionSet = true; - version = DERInteger.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); - index++; - } - else - { - version = V1; - } - } - else - { - version = V1; - } - - if (seq.getObjectAt(index) instanceof ASN1TaggedObject) - { - requestorName = GeneralName.getInstance((ASN1TaggedObject)seq.getObjectAt(index++), true); - } - - requestList = (ASN1Sequence)seq.getObjectAt(index++); - - if (seq.size() == (index + 1)) - { - requestExtensions = X509Extensions.getInstance((ASN1TaggedObject)seq.getObjectAt(index), true); - } - } - - public static TBSRequest getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static TBSRequest getInstance( - Object obj) - { - if (obj == null || obj instanceof TBSRequest) - { - return (TBSRequest)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new TBSRequest((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public GeneralName getRequestorName() - { - return requestorName; - } - - public ASN1Sequence getRequestList() - { - return requestList; - } - - public X509Extensions getRequestExtensions() - { - return requestExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * TBSRequest      ::=     SEQUENCE {
-     *     version             [0]     EXPLICIT Version DEFAULT v1,
-     *     requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
-     *     requestList                 SEQUENCE OF Request,
-     *     requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - // - // if default don't include - unless explicitly provided. Not strictly correct - // but required for some requests - // - if (!version.equals(V1) || versionSet) - { - v.add(new DERTaggedObject(true, 0, version)); - } - - if (requestorName != null) - { - v.add(new DERTaggedObject(true, 1, requestorName)); - } - - v.add(requestList); - - if (requestExtensions != null) - { - v.add(new DERTaggedObject(true, 2, requestExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/package.html deleted file mode 100644 index 22c560d2c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/ocsp/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting OCSP objects. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java deleted file mode 100644 index b0c32479c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.asn1.oiw; - -import java.math.*; -import java.util.*; - -import org.bouncycastle.asn1.*; - -public class ElGamalParameter - extends ASN1Encodable -{ - DERInteger p, g; - - public ElGamalParameter( - BigInteger p, - BigInteger g) - { - this.p = new DERInteger(p); - this.g = new DERInteger(g); - } - - public ElGamalParameter( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - p = (DERInteger)e.nextElement(); - g = (DERInteger)e.nextElement(); - } - - public BigInteger getP() - { - return p.getPositiveValue(); - } - - public BigInteger getG() - { - return g.getPositiveValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(p); - v.add(g); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java deleted file mode 100644 index c8ce26b52..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.bouncycastle.asn1.oiw; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface OIWObjectIdentifiers -{ - // id-SHA1 OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } // - static final ASN1ObjectIdentifier md4WithRSA = new ASN1ObjectIdentifier("1.3.14.3.2.2"); - static final ASN1ObjectIdentifier md5WithRSA = new ASN1ObjectIdentifier("1.3.14.3.2.3"); - static final ASN1ObjectIdentifier md4WithRSAEncryption = new ASN1ObjectIdentifier("1.3.14.3.2.4"); - - static final ASN1ObjectIdentifier desECB = new ASN1ObjectIdentifier("1.3.14.3.2.6"); - static final ASN1ObjectIdentifier desCBC = new ASN1ObjectIdentifier("1.3.14.3.2.7"); - static final ASN1ObjectIdentifier desOFB = new ASN1ObjectIdentifier("1.3.14.3.2.8"); - static final ASN1ObjectIdentifier desCFB = new ASN1ObjectIdentifier("1.3.14.3.2.9"); - - static final ASN1ObjectIdentifier desEDE = new ASN1ObjectIdentifier("1.3.14.3.2.17"); - - static final ASN1ObjectIdentifier idSHA1 = new ASN1ObjectIdentifier("1.3.14.3.2.26"); - - static final ASN1ObjectIdentifier dsaWithSHA1 = new ASN1ObjectIdentifier("1.3.14.3.2.27"); - - static final ASN1ObjectIdentifier sha1WithRSA = new ASN1ObjectIdentifier("1.3.14.3.2.29"); - - // ElGamal Algorithm OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) oiw(14) dirservsig(7) algorithm(2) encryption(1) 1 } - // - static final ASN1ObjectIdentifier elGamalAlgorithm = new ASN1ObjectIdentifier("1.3.14.7.2.1.1"); - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/package.html deleted file mode 100644 index 44eb2fe84..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/oiw/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Objects and OID for the support of ISO OIW. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/package.html deleted file mode 100644 index 1ac16a553..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -A library for parsing and writing ASN.1 objects. Support is provided for DER and BER encoding. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java deleted file mode 100644 index 0c5439265..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class Attribute - extends ASN1Encodable -{ - private DERObjectIdentifier attrType; - private ASN1Set attrValues; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static Attribute getInstance( - Object o) - { - if (o == null || o instanceof Attribute) - { - return (Attribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new Attribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public Attribute( - ASN1Sequence seq) - { - attrType = (DERObjectIdentifier)seq.getObjectAt(0); - attrValues = (ASN1Set)seq.getObjectAt(1); - } - - public Attribute( - DERObjectIdentifier attrType, - ASN1Set attrValues) - { - this.attrType = attrType; - this.attrValues = attrValues; - } - - public DERObjectIdentifier getAttrType() - { - return attrType; - } - - public ASN1Set getAttrValues() - { - return attrValues; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Attribute ::= SEQUENCE {
-     *     attrType OBJECT IDENTIFIER,
-     *     attrValues SET OF AttributeValue
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attrType); - v.add(attrValues); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java deleted file mode 100644 index fe04a5c68..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERObject; - -public class AuthenticatedSafe - extends ASN1Encodable -{ - ContentInfo[] info; - - public AuthenticatedSafe( - ASN1Sequence seq) - { - info = new ContentInfo[seq.size()]; - - for (int i = 0; i != info.length; i++) - { - info[i] = ContentInfo.getInstance(seq.getObjectAt(i)); - } - } - - public AuthenticatedSafe( - ContentInfo[] info) - { - this.info = info; - } - - public ContentInfo[] getContentInfo() - { - return info; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != info.length; i++) - { - v.add(info[i]); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java deleted file mode 100644 index c781b4c34..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class CertBag - extends ASN1Encodable -{ - ASN1Sequence seq; - DERObjectIdentifier certId; - DERObject certValue; - - public CertBag( - ASN1Sequence seq) - { - this.seq = seq; - this.certId = (DERObjectIdentifier)seq.getObjectAt(0); - this.certValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); - } - - public CertBag( - DERObjectIdentifier certId, - DERObject certValue) - { - this.certId = certId; - this.certValue = certValue; - } - - public DERObjectIdentifier getCertId() - { - return certId; - } - - public DERObject getCertValue() - { - return certValue; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certId); - v.add(new DERTaggedObject(0, certValue)); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java deleted file mode 100644 index 73c2e9495..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * PKCS10 Certification request object. - * 
- * CertificationRequest ::= SEQUENCE {
- *   certificationRequestInfo  CertificationRequestInfo,
- *   signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
- *   signature                 BIT STRING
- * }
- *
- */ -public class CertificationRequest - extends ASN1Encodable -{ - protected CertificationRequestInfo reqInfo = null; - protected AlgorithmIdentifier sigAlgId = null; - protected DERBitString sigBits = null; - - public static CertificationRequest getInstance(Object o) - { - if (o instanceof CertificationRequest) - { - return (CertificationRequest)o; - } - - if (o != null) - { - return new CertificationRequest(ASN1Sequence.getInstance(o)); - } - - return null; - } - - protected CertificationRequest() - { - } - - public CertificationRequest( - CertificationRequestInfo requestInfo, - AlgorithmIdentifier algorithm, - DERBitString signature) - { - this.reqInfo = requestInfo; - this.sigAlgId = algorithm; - this.sigBits = signature; - } - - public CertificationRequest( - ASN1Sequence seq) - { - reqInfo = CertificationRequestInfo.getInstance(seq.getObjectAt(0)); - sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - sigBits = (DERBitString)seq.getObjectAt(2); - } - - public CertificationRequestInfo getCertificationRequestInfo() - { - return reqInfo; - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return sigAlgId; - } - - public DERBitString getSignature() - { - return sigBits; - } - - public DERObject toASN1Object() - { - // Construct the CertificateRequest - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(reqInfo); - v.add(sigAlgId); - v.add(sigBits); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java deleted file mode 100644 index bf3b0a883..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java +++ /dev/null @@ -1,145 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Name; - -/** - * PKCS10 CertificationRequestInfo object. - * 
- *  CertificationRequestInfo ::= SEQUENCE {
- *   version             INTEGER { v1(0) } (v1,...),
- *   subject             Name,
- *   subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- *   attributes          [0] Attributes{{ CRIAttributes }}
- *  }
- *
- *  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
- *
- *  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
- *    type    ATTRIBUTE.&id({IOSet}),
- *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- *  }
- *
- */ -public class CertificationRequestInfo - extends ASN1Encodable -{ - DERInteger version = new DERInteger(0); - X509Name subject; - SubjectPublicKeyInfo subjectPKInfo; - ASN1Set attributes = null; - - public static CertificationRequestInfo getInstance( - Object obj) - { - if (obj instanceof CertificationRequestInfo) - { - return (CertificationRequestInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertificationRequestInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public CertificationRequestInfo( - X500Name subject, - SubjectPublicKeyInfo pkInfo, - ASN1Set attributes) - { - this.subject = X509Name.getInstance(subject.getDERObject()); - this.subjectPKInfo = pkInfo; - this.attributes = attributes; - - if ((subject == null) || (version == null) || (subjectPKInfo == null)) - { - throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); - } - } - - public CertificationRequestInfo( - X509Name subject, - SubjectPublicKeyInfo pkInfo, - ASN1Set attributes) - { - this.subject = subject; - this.subjectPKInfo = pkInfo; - this.attributes = attributes; - - if ((subject == null) || (version == null) || (subjectPKInfo == null)) - { - throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); - } - } - - public CertificationRequestInfo( - ASN1Sequence seq) - { - version = (DERInteger)seq.getObjectAt(0); - - subject = X509Name.getInstance(seq.getObjectAt(1)); - subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2)); - - // - // some CertificationRequestInfo objects seem to treat this field - // as optional. - // - if (seq.size() > 3) - { - DERTaggedObject tagobj = (DERTaggedObject)seq.getObjectAt(3); - attributes = ASN1Set.getInstance(tagobj, false); - } - - if ((subject == null) || (version == null) || (subjectPKInfo == null)) - { - throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); - } - } - - public DERInteger getVersion() - { - return version; - } - - public X509Name getSubject() - { - return subject; - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return subjectPKInfo; - } - - public ASN1Set getAttributes() - { - return attributes; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(subject); - v.add(subjectPKInfo); - - if (attributes != null) - { - v.add(new DERTaggedObject(false, 0, attributes)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java deleted file mode 100644 index 6b56c1a52..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; - -public class ContentInfo - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private DERObjectIdentifier contentType; - private DEREncodable content; - - public static ContentInfo getInstance( - Object obj) - { - if (obj instanceof ContentInfo) - { - return (ContentInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ContentInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public ContentInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - contentType = (DERObjectIdentifier)e.nextElement(); - - if (e.hasMoreElements()) - { - content = ((DERTaggedObject)e.nextElement()).getObject(); - } - } - - public ContentInfo( - DERObjectIdentifier contentType, - DEREncodable content) - { - this.contentType = contentType; - this.content = content; - } - - public DERObjectIdentifier getContentType() - { - return contentType; - } - - public DEREncodable getContent() - { - return content; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * ContentInfo ::= SEQUENCE {
-     *          contentType ContentType,
-     *          content
-     *          [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - - if (content != null) - { - v.add(new BERTaggedObject(0, content)); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java deleted file mode 100644 index 34537fa87..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class DHParameter - extends ASN1Encodable -{ - DERInteger p, g, l; - - public DHParameter( - BigInteger p, - BigInteger g, - int l) - { - this.p = new DERInteger(p); - this.g = new DERInteger(g); - - if (l != 0) - { - this.l = new DERInteger(l); - } - else - { - this.l = null; - } - } - - public DHParameter( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - p = (DERInteger)e.nextElement(); - g = (DERInteger)e.nextElement(); - - if (e.hasMoreElements()) - { - l = (DERInteger)e.nextElement(); - } - else - { - l = null; - } - } - - public BigInteger getP() - { - return p.getPositiveValue(); - } - - public BigInteger getG() - { - return g.getPositiveValue(); - } - - public BigInteger getL() - { - if (l == null) - { - return null; - } - - return l.getPositiveValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(p); - v.add(g); - - if (this.getL() != null) - { - v.add(l); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java deleted file mode 100644 index 7fa8e0895..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * The EncryptedData object. - * 
- *      EncryptedData ::= SEQUENCE {
- *           version Version,
- *           encryptedContentInfo EncryptedContentInfo
- *      }
- *
- *
- *      EncryptedContentInfo ::= SEQUENCE {
- *          contentType ContentType,
- *          contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
- *          encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
- *    }
- *
- *    EncryptedContent ::= OCTET STRING
- *
- */ -public class EncryptedData - extends ASN1Encodable -{ - ASN1Sequence data; - DERObjectIdentifier bagId; - DERObject bagValue; - - public static EncryptedData getInstance( - Object obj) - { - if (obj instanceof EncryptedData) - { - return (EncryptedData)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new EncryptedData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public EncryptedData( - ASN1Sequence seq) - { - int version = ((DERInteger)seq.getObjectAt(0)).getValue().intValue(); - - if (version != 0) - { - throw new IllegalArgumentException("sequence not version 0"); - } - - this.data = (ASN1Sequence)seq.getObjectAt(1); - } - - public EncryptedData( - DERObjectIdentifier contentType, - AlgorithmIdentifier encryptionAlgorithm, - DEREncodable content) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - v.add(encryptionAlgorithm.getDERObject()); - v.add(new BERTaggedObject(false, 0, content)); - - data = new BERSequence(v); - } - - public DERObjectIdentifier getContentType() - { - return (DERObjectIdentifier)data.getObjectAt(0); - } - - public AlgorithmIdentifier getEncryptionAlgorithm() - { - return AlgorithmIdentifier.getInstance(data.getObjectAt(1)); - } - - public ASN1OctetString getContent() - { - if (data.size() == 3) - { - DERTaggedObject o = (DERTaggedObject)data.getObjectAt(2); - - return ASN1OctetString.getInstance(o, false); - } - - return null; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(data); - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java deleted file mode 100644 index 77c4b0444..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptedPrivateKeyInfo - extends ASN1Encodable -{ - private AlgorithmIdentifier algId; - private ASN1OctetString data; - - public EncryptedPrivateKeyInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - algId = AlgorithmIdentifier.getInstance(e.nextElement()); - data = (ASN1OctetString)e.nextElement(); - } - - public EncryptedPrivateKeyInfo( - AlgorithmIdentifier algId, - byte[] encoding) - { - this.algId = algId; - this.data = new DEROctetString(encoding); - } - - public static EncryptedPrivateKeyInfo getInstance( - Object obj) - { - if (obj instanceof EncryptedData) - { - return (EncryptedPrivateKeyInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new EncryptedPrivateKeyInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AlgorithmIdentifier getEncryptionAlgorithm() - { - return algId; - } - - public byte[] getEncryptedData() - { - return data.getOctets(); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * EncryptedPrivateKeyInfo ::= SEQUENCE {
-     *      encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
-     *      encryptedData EncryptedData
-     * }
-     *
-     * EncryptedData ::= OCTET STRING
-     *
-     * KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
-     *          ... -- For local profiles
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(data); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java deleted file mode 100644 index 8f06c231e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptionScheme - extends AlgorithmIdentifier -{ - public EncryptionScheme( - DERObjectIdentifier objectId, - DEREncodable parameters) - { - super(objectId, parameters); - } - - EncryptionScheme( - ASN1Sequence seq) - { - this((DERObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1)); - } - - public static final AlgorithmIdentifier getInstance(Object obj) - { - if (obj instanceof EncryptionScheme) - { - return (EncryptionScheme)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new EncryptionScheme((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public DERObject getObject() - { - return (DERObject)getParameters(); - } - - public DERObject getDERObject() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(getObjectId()); - v.add(getParameters()); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java deleted file mode 100644 index 699e467b8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.X509Name; - -public class IssuerAndSerialNumber - extends ASN1Encodable -{ - X509Name name; - DERInteger certSerialNumber; - - public static IssuerAndSerialNumber getInstance( - Object obj) - { - if (obj instanceof IssuerAndSerialNumber) - { - return (IssuerAndSerialNumber)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new IssuerAndSerialNumber((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public IssuerAndSerialNumber( - ASN1Sequence seq) - { - this.name = X509Name.getInstance(seq.getObjectAt(0)); - this.certSerialNumber = (DERInteger)seq.getObjectAt(1); - } - - public IssuerAndSerialNumber( - X509Name name, - BigInteger certSerialNumber) - { - this.name = name; - this.certSerialNumber = new DERInteger(certSerialNumber); - } - - public IssuerAndSerialNumber( - X509Name name, - DERInteger certSerialNumber) - { - this.name = name; - this.certSerialNumber = certSerialNumber; - } - - public X509Name getName() - { - return name; - } - - public DERInteger getCertificateSerialNumber() - { - return certSerialNumber; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(name); - v.add(certSerialNumber); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java deleted file mode 100644 index 08dd94f61..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KeyDerivationFunc - extends AlgorithmIdentifier -{ - KeyDerivationFunc( - ASN1Sequence seq) - { - super(seq); - } - - public KeyDerivationFunc( - DERObjectIdentifier id, - ASN1Encodable params) - { - super(id, params); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java deleted file mode 100644 index e85cf4abd..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.DigestInfo; - -public class MacData - extends ASN1Encodable -{ - private static final BigInteger ONE = BigInteger.valueOf(1); - - DigestInfo digInfo; - byte[] salt; - BigInteger iterationCount; - - public static MacData getInstance( - Object obj) - { - if (obj instanceof MacData) - { - return (MacData)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new MacData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public MacData( - ASN1Sequence seq) - { - this.digInfo = DigestInfo.getInstance(seq.getObjectAt(0)); - - this.salt = ((ASN1OctetString)seq.getObjectAt(1)).getOctets(); - - if (seq.size() == 3) - { - this.iterationCount = ((DERInteger)seq.getObjectAt(2)).getValue(); - } - else - { - this.iterationCount = ONE; - } - } - - public MacData( - DigestInfo digInfo, - byte[] salt, - int iterationCount) - { - this.digInfo = digInfo; - this.salt = salt; - this.iterationCount = BigInteger.valueOf(iterationCount); - } - - public DigestInfo getMac() - { - return digInfo; - } - - public byte[] getSalt() - { - return salt; - } - - public BigInteger getIterationCount() - { - return iterationCount; - } - - /** - * 
-     * MacData ::= SEQUENCE {
-     *     mac      DigestInfo,
-     *     macSalt  OCTET STRING,
-     *     iterations INTEGER DEFAULT 1
-     *     -- Note: The default is for historic reasons and its use is deprecated. A
-     *     -- higher value, like 1024 is recommended.
-     *
- * @return the basic DERObject construction. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(digInfo); - v.add(new DEROctetString(salt)); - - if (!iterationCount.equals(ONE)) - { - v.add(new DERInteger(iterationCount)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java deleted file mode 100644 index f24cd9ae8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class PBEParameter - extends ASN1Encodable -{ - DERInteger iterations; - ASN1OctetString salt; - - public PBEParameter( - byte[] salt, - int iterations) - { - if (salt.length != 8) - { - throw new IllegalArgumentException("salt length must be 8"); - } - this.salt = new DEROctetString(salt); - this.iterations = new DERInteger(iterations); - } - - public PBEParameter( - ASN1Sequence seq) - { - salt = (ASN1OctetString)seq.getObjectAt(0); - iterations = (DERInteger)seq.getObjectAt(1); - } - - public static PBEParameter getInstance( - Object obj) - { - if (obj instanceof PBEParameter) - { - return (PBEParameter)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PBEParameter((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public BigInteger getIterationCount() - { - return iterations.getValue(); - } - - public byte[] getSalt() - { - return salt.getOctets(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(salt); - v.add(iterations); - - return new DERSequence(v); - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java deleted file mode 100644 index 28179036f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * @deprecated - use AlgorithmIdentifier and PBES2Parameters - */ -public class PBES2Algorithms - extends AlgorithmIdentifier implements PKCSObjectIdentifiers -{ - private DERObjectIdentifier objectId; - private KeyDerivationFunc func; - private EncryptionScheme scheme; - - public PBES2Algorithms( - ASN1Sequence obj) - { - super(obj); - - Enumeration e = obj.getObjects(); - - objectId = (DERObjectIdentifier)e.nextElement(); - - ASN1Sequence seq = (ASN1Sequence)e.nextElement(); - - e = seq.getObjects(); - - ASN1Sequence funcSeq = (ASN1Sequence)e.nextElement(); - - if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) - { - func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); - } - else - { - func = new KeyDerivationFunc(funcSeq); - } - - scheme = new EncryptionScheme((ASN1Sequence)e.nextElement()); - } - - public DERObjectIdentifier getObjectId() - { - return objectId; - } - - public KeyDerivationFunc getKeyDerivationFunc() - { - return func; - } - - public EncryptionScheme getEncryptionScheme() - { - return scheme; - } - - public DERObject getDERObject() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - ASN1EncodableVector subV = new ASN1EncodableVector(); - - v.add(objectId); - - subV.add(func); - subV.add(scheme); - v.add(new DERSequence(subV)); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java deleted file mode 100644 index c96d16974..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PBES2Parameters - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private KeyDerivationFunc func; - private EncryptionScheme scheme; - - public static PBES2Parameters getInstance( - Object obj) - { - if (obj== null || obj instanceof PBES2Parameters) - { - return (PBES2Parameters)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new PBES2Parameters((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public PBES2Parameters( - ASN1Sequence obj) - { - Enumeration e = obj.getObjects(); - ASN1Sequence funcSeq = ASN1Sequence.getInstance(((DEREncodable)e.nextElement()).getDERObject()); - - if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) - { - func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); - } - else - { - func = new KeyDerivationFunc(funcSeq); - } - - scheme = (EncryptionScheme)EncryptionScheme.getInstance(e.nextElement()); - } - - public KeyDerivationFunc getKeyDerivationFunc() - { - return func; - } - - public EncryptionScheme getEncryptionScheme() - { - return scheme; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(func); - v.add(scheme); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java deleted file mode 100644 index 02b154369..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class PBKDF2Params - extends ASN1Encodable -{ - ASN1OctetString octStr; - DERInteger iterationCount; - DERInteger keyLength; - - public static PBKDF2Params getInstance( - Object obj) - { - if (obj instanceof PBKDF2Params) - { - return (PBKDF2Params)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new PBKDF2Params((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public PBKDF2Params( - byte[] salt, - int iterationCount) - { - this.octStr = new DEROctetString(salt); - this.iterationCount = new DERInteger(iterationCount); - } - - public PBKDF2Params( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - octStr = (ASN1OctetString)e.nextElement(); - iterationCount = (DERInteger)e.nextElement(); - - if (e.hasMoreElements()) - { - keyLength = (DERInteger)e.nextElement(); - } - else - { - keyLength = null; - } - } - - public byte[] getSalt() - { - return octStr.getOctets(); - } - - public BigInteger getIterationCount() - { - return iterationCount.getValue(); - } - - public BigInteger getKeyLength() - { - if (keyLength != null) - { - return keyLength.getValue(); - } - - return null; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(octStr); - v.add(iterationCount); - - if (keyLength != null) - { - v.add(keyLength); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java deleted file mode 100644 index 8817b35c5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class PKCS12PBEParams - extends ASN1Encodable -{ - DERInteger iterations; - ASN1OctetString iv; - - public PKCS12PBEParams( - byte[] salt, - int iterations) - { - this.iv = new DEROctetString(salt); - this.iterations = new DERInteger(iterations); - } - - public PKCS12PBEParams( - ASN1Sequence seq) - { - iv = (ASN1OctetString)seq.getObjectAt(0); - iterations = (DERInteger)seq.getObjectAt(1); - } - - public static PKCS12PBEParams getInstance( - Object obj) - { - if (obj instanceof PKCS12PBEParams) - { - return (PKCS12PBEParams)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PKCS12PBEParams((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public BigInteger getIterations() - { - return iterations.getValue(); - } - - public byte[] getIV() - { - return iv.getOctets(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(iv); - v.add(iterations); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java deleted file mode 100644 index 50c722f79..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +++ /dev/null @@ -1,252 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface PKCSObjectIdentifiers -{ - // - // pkcs-1 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } - // - static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); - static final ASN1ObjectIdentifier rsaEncryption = pkcs_1.branch("1"); - static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2"); - static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3"); - static final ASN1ObjectIdentifier md5WithRSAEncryption = pkcs_1.branch("4"); - static final ASN1ObjectIdentifier sha1WithRSAEncryption = pkcs_1.branch("5"); - static final ASN1ObjectIdentifier srsaOAEPEncryptionSET = pkcs_1.branch("6"); - static final ASN1ObjectIdentifier id_RSAES_OAEP = pkcs_1.branch("7"); - static final ASN1ObjectIdentifier id_mgf1 = pkcs_1.branch("8"); - static final ASN1ObjectIdentifier id_pSpecified = pkcs_1.branch("9"); - static final ASN1ObjectIdentifier id_RSASSA_PSS = pkcs_1.branch("10"); - static final ASN1ObjectIdentifier sha256WithRSAEncryption = pkcs_1.branch("11"); - static final ASN1ObjectIdentifier sha384WithRSAEncryption = pkcs_1.branch("12"); - static final ASN1ObjectIdentifier sha512WithRSAEncryption = pkcs_1.branch("13"); - static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14"); - - // - // pkcs-3 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 3 } - // - static final ASN1ObjectIdentifier pkcs_3 = new ASN1ObjectIdentifier("1.2.840.113549.1.3"); - static final ASN1ObjectIdentifier dhKeyAgreement = pkcs_3.branch("1"); - - // - // pkcs-5 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } - // - static final ASN1ObjectIdentifier pkcs_5 = new ASN1ObjectIdentifier("1.2.840.113549.1.5"); - - static final ASN1ObjectIdentifier pbeWithMD2AndDES_CBC = pkcs_5.branch("1"); - static final ASN1ObjectIdentifier pbeWithMD2AndRC2_CBC = pkcs_5.branch("4"); - static final ASN1ObjectIdentifier pbeWithMD5AndDES_CBC = pkcs_5.branch("3"); - static final ASN1ObjectIdentifier pbeWithMD5AndRC2_CBC = pkcs_5.branch("6"); - static final ASN1ObjectIdentifier pbeWithSHA1AndDES_CBC = pkcs_5.branch("10"); - static final ASN1ObjectIdentifier pbeWithSHA1AndRC2_CBC = pkcs_5.branch("11"); - - static final ASN1ObjectIdentifier id_PBES2 = pkcs_5.branch("13"); - - static final ASN1ObjectIdentifier id_PBKDF2 = pkcs_5.branch("12"); - - // - // encryptionAlgorithm OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) 3 } - // - static final ASN1ObjectIdentifier encryptionAlgorithm = new ASN1ObjectIdentifier("1.2.840.113549.3"); - - static final ASN1ObjectIdentifier des_EDE3_CBC = encryptionAlgorithm.branch("7"); - static final ASN1ObjectIdentifier RC2_CBC = encryptionAlgorithm.branch("2"); - - // - // object identifiers for digests - // - static final ASN1ObjectIdentifier digestAlgorithm = new ASN1ObjectIdentifier("1.2.840.113549.2"); - // - // md2 OBJECT IDENTIFIER ::= - // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2} - // - static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2"); - - // - // md4 OBJECT IDENTIFIER ::= - // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4} - // - static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4"); - - // - // md5 OBJECT IDENTIFIER ::= - // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 5} - // - static final ASN1ObjectIdentifier md5 = digestAlgorithm.branch("5"); - - static final ASN1ObjectIdentifier id_hmacWithSHA1 = digestAlgorithm.branch("7"); - static final ASN1ObjectIdentifier id_hmacWithSHA224 = digestAlgorithm.branch("8"); - static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9"); - static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10"); - static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11"); - - // - // pkcs-7 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } - // - static final String pkcs_7 = "1.2.840.113549.1.7"; - static final ASN1ObjectIdentifier data = new ASN1ObjectIdentifier(pkcs_7 + ".1"); - static final ASN1ObjectIdentifier signedData = new ASN1ObjectIdentifier(pkcs_7 + ".2"); - static final ASN1ObjectIdentifier envelopedData = new ASN1ObjectIdentifier(pkcs_7 + ".3"); - static final ASN1ObjectIdentifier signedAndEnvelopedData = new ASN1ObjectIdentifier(pkcs_7 + ".4"); - static final ASN1ObjectIdentifier digestedData = new ASN1ObjectIdentifier(pkcs_7 + ".5"); - static final ASN1ObjectIdentifier encryptedData = new ASN1ObjectIdentifier(pkcs_7 + ".6"); - - // - // pkcs-9 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } - // - static final ASN1ObjectIdentifier pkcs_9 = new ASN1ObjectIdentifier("1.2.840.113549.1.9"); - - static final ASN1ObjectIdentifier pkcs_9_at_emailAddress = pkcs_9.branch("1"); - static final ASN1ObjectIdentifier pkcs_9_at_unstructuredName = pkcs_9.branch("2"); - static final ASN1ObjectIdentifier pkcs_9_at_contentType = pkcs_9.branch("3"); - static final ASN1ObjectIdentifier pkcs_9_at_messageDigest = pkcs_9.branch("4"); - static final ASN1ObjectIdentifier pkcs_9_at_signingTime = pkcs_9.branch("5"); - static final ASN1ObjectIdentifier pkcs_9_at_counterSignature = pkcs_9.branch("6"); - static final ASN1ObjectIdentifier pkcs_9_at_challengePassword = pkcs_9.branch("7"); - static final ASN1ObjectIdentifier pkcs_9_at_unstructuredAddress = pkcs_9.branch("8"); - static final ASN1ObjectIdentifier pkcs_9_at_extendedCertificateAttributes = pkcs_9.branch("9"); - - static final ASN1ObjectIdentifier pkcs_9_at_signingDescription = pkcs_9.branch("13"); - static final ASN1ObjectIdentifier pkcs_9_at_extensionRequest = pkcs_9.branch("14"); - static final ASN1ObjectIdentifier pkcs_9_at_smimeCapabilities = pkcs_9.branch("15"); - - static final ASN1ObjectIdentifier pkcs_9_at_friendlyName = pkcs_9.branch("20"); - static final ASN1ObjectIdentifier pkcs_9_at_localKeyId = pkcs_9.branch("21"); - - /** @deprecated use x509Certificate instead */ - static final ASN1ObjectIdentifier x509certType = pkcs_9.branch("22.1"); - - static final ASN1ObjectIdentifier certTypes = pkcs_9.branch("22"); - static final ASN1ObjectIdentifier x509Certificate = certTypes.branch("1"); - static final ASN1ObjectIdentifier sdsiCertificate = certTypes.branch("2"); - - static final ASN1ObjectIdentifier crlTypes = pkcs_9.branch("23"); - static final ASN1ObjectIdentifier x509Crl = crlTypes.branch("1"); - - static final ASN1ObjectIdentifier id_alg_PWRI_KEK = pkcs_9.branch("16.3.9"); - - // - // SMIME capability sub oids. - // - static final ASN1ObjectIdentifier preferSignedData = pkcs_9.branch("15.1"); - static final ASN1ObjectIdentifier canNotDecryptAny = pkcs_9.branch("15.2"); - static final ASN1ObjectIdentifier sMIMECapabilitiesVersions = pkcs_9.branch("15.3"); - - // - // id-ct OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1)} - // - static final ASN1ObjectIdentifier id_ct = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1"); - - static final ASN1ObjectIdentifier id_ct_authData = id_ct.branch("2"); - static final ASN1ObjectIdentifier id_ct_TSTInfo = id_ct.branch("4"); - static final ASN1ObjectIdentifier id_ct_compressedData = id_ct.branch("9"); - static final ASN1ObjectIdentifier id_ct_authEnvelopedData = id_ct.branch("23"); - static final ASN1ObjectIdentifier id_ct_timestampedData = id_ct.branch("31"); - - // - // id-cti OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6)} - // - static final ASN1ObjectIdentifier id_cti = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.6"); - - static final ASN1ObjectIdentifier id_cti_ets_proofOfOrigin = id_cti.branch("1"); - static final ASN1ObjectIdentifier id_cti_ets_proofOfReceipt = id_cti.branch("2"); - static final ASN1ObjectIdentifier id_cti_ets_proofOfDelivery = id_cti.branch("3"); - static final ASN1ObjectIdentifier id_cti_ets_proofOfSender = id_cti.branch("4"); - static final ASN1ObjectIdentifier id_cti_ets_proofOfApproval = id_cti.branch("5"); - static final ASN1ObjectIdentifier id_cti_ets_proofOfCreation = id_cti.branch("6"); - - // - // id-aa OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2)} - // - static final ASN1ObjectIdentifier id_aa = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2"); - - - static final ASN1ObjectIdentifier id_aa_receiptRequest = id_aa.branch("1"); - - static final ASN1ObjectIdentifier id_aa_contentHint = id_aa.branch("4"); // See RFC 2634 - static final ASN1ObjectIdentifier id_aa_msgSigDigest = id_aa.branch("5"); - static final ASN1ObjectIdentifier id_aa_contentReference = id_aa.branch("10"); - /* - * id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11} - * - */ - static final ASN1ObjectIdentifier id_aa_encrypKeyPref = id_aa.branch("11"); - static final ASN1ObjectIdentifier id_aa_signingCertificate = id_aa.branch("12"); - static final ASN1ObjectIdentifier id_aa_signingCertificateV2 = id_aa.branch("47"); - - static final ASN1ObjectIdentifier id_aa_contentIdentifier = id_aa.branch("7"); // See RFC 2634 - - /* - * RFC 3126 - */ - static final ASN1ObjectIdentifier id_aa_signatureTimeStampToken = id_aa.branch("14"); - - static final ASN1ObjectIdentifier id_aa_ets_sigPolicyId = id_aa.branch("15"); - static final ASN1ObjectIdentifier id_aa_ets_commitmentType = id_aa.branch("16"); - static final ASN1ObjectIdentifier id_aa_ets_signerLocation = id_aa.branch("17"); - static final ASN1ObjectIdentifier id_aa_ets_signerAttr = id_aa.branch("18"); - static final ASN1ObjectIdentifier id_aa_ets_otherSigCert = id_aa.branch("19"); - static final ASN1ObjectIdentifier id_aa_ets_contentTimestamp = id_aa.branch("20"); - static final ASN1ObjectIdentifier id_aa_ets_certificateRefs = id_aa.branch("21"); - static final ASN1ObjectIdentifier id_aa_ets_revocationRefs = id_aa.branch("22"); - static final ASN1ObjectIdentifier id_aa_ets_certValues = id_aa.branch("23"); - static final ASN1ObjectIdentifier id_aa_ets_revocationValues = id_aa.branch("24"); - static final ASN1ObjectIdentifier id_aa_ets_escTimeStamp = id_aa.branch("25"); - static final ASN1ObjectIdentifier id_aa_ets_certCRLTimestamp = id_aa.branch("26"); - static final ASN1ObjectIdentifier id_aa_ets_archiveTimestamp = id_aa.branch("27"); - - /** @deprecated use id_aa_ets_sigPolicyId instead */ - static final ASN1ObjectIdentifier id_aa_sigPolicyId = id_aa_ets_sigPolicyId; - /** @deprecated use id_aa_ets_commitmentType instead */ - static final ASN1ObjectIdentifier id_aa_commitmentType = id_aa_ets_commitmentType; - /** @deprecated use id_aa_ets_signerLocation instead */ - static final ASN1ObjectIdentifier id_aa_signerLocation = id_aa_ets_signerLocation; - /** @deprecated use id_aa_ets_otherSigCert instead */ - static final ASN1ObjectIdentifier id_aa_otherSigCert = id_aa_ets_otherSigCert; - - // - // id-spq OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-spq(5)} - // - final String id_spq = "1.2.840.113549.1.9.16.5"; - - static final ASN1ObjectIdentifier id_spq_ets_uri = new ASN1ObjectIdentifier(id_spq + ".1"); - static final ASN1ObjectIdentifier id_spq_ets_unotice = new ASN1ObjectIdentifier(id_spq + ".2"); - - // - // pkcs-12 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } - // - static final ASN1ObjectIdentifier pkcs_12 = new ASN1ObjectIdentifier("1.2.840.113549.1.12"); - static final ASN1ObjectIdentifier bagtypes = pkcs_12.branch("10.1"); - - static final ASN1ObjectIdentifier keyBag = bagtypes.branch("1"); - static final ASN1ObjectIdentifier pkcs8ShroudedKeyBag = bagtypes.branch("2"); - static final ASN1ObjectIdentifier certBag = bagtypes.branch("3"); - static final ASN1ObjectIdentifier crlBag = bagtypes.branch("4"); - static final ASN1ObjectIdentifier secretBag = bagtypes.branch("5"); - static final ASN1ObjectIdentifier safeContentsBag = bagtypes.branch("6"); - - static final ASN1ObjectIdentifier pkcs_12PbeIds = pkcs_12.branch("1"); - - static final ASN1ObjectIdentifier pbeWithSHAAnd128BitRC4 = pkcs_12PbeIds.branch("1"); - static final ASN1ObjectIdentifier pbeWithSHAAnd40BitRC4 = pkcs_12PbeIds.branch("2"); - static final ASN1ObjectIdentifier pbeWithSHAAnd3_KeyTripleDES_CBC = pkcs_12PbeIds.branch("3"); - static final ASN1ObjectIdentifier pbeWithSHAAnd2_KeyTripleDES_CBC = pkcs_12PbeIds.branch("4"); - static final ASN1ObjectIdentifier pbeWithSHAAnd128BitRC2_CBC = pkcs_12PbeIds.branch("5"); - static final ASN1ObjectIdentifier pbewithSHAAnd40BitRC2_CBC = pkcs_12PbeIds.branch("6"); - - static final ASN1ObjectIdentifier id_alg_CMS3DESwrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"); - static final ASN1ObjectIdentifier id_alg_CMSRC2wrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.7"); -} - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java deleted file mode 100644 index ba5292cc9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -/** - * the infamous Pfx from PKCS12 - */ -public class Pfx - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private ContentInfo contentInfo; - private MacData macData = null; - - public Pfx( - ASN1Sequence seq) - { - BigInteger version = ((DERInteger)seq.getObjectAt(0)).getValue(); - if (version.intValue() != 3) - { - throw new IllegalArgumentException("wrong version for PFX PDU"); - } - - contentInfo = ContentInfo.getInstance(seq.getObjectAt(1)); - - if (seq.size() == 3) - { - macData = MacData.getInstance(seq.getObjectAt(2)); - } - } - - public Pfx( - ContentInfo contentInfo, - MacData macData) - { - this.contentInfo = contentInfo; - this.macData = macData; - } - - public ContentInfo getAuthSafe() - { - return contentInfo; - } - - public MacData getMacData() - { - return macData; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(3)); - v.add(contentInfo); - - if (macData != null) - { - v.add(macData); - } - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java deleted file mode 100644 index 9e8449946..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class PrivateKeyInfo - extends ASN1Encodable -{ - private DERObject privKey; - private AlgorithmIdentifier algId; - private ASN1Set attributes; - - public static PrivateKeyInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static PrivateKeyInfo getInstance( - Object obj) - { - if (obj instanceof PrivateKeyInfo) - { - return (PrivateKeyInfo)obj; - } - else if (obj != null) - { - return new PrivateKeyInfo(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public PrivateKeyInfo( - AlgorithmIdentifier algId, - DERObject privateKey) - { - this(algId, privateKey, null); - } - - public PrivateKeyInfo( - AlgorithmIdentifier algId, - DERObject privateKey, - ASN1Set attributes) - { - this.privKey = privateKey; - this.algId = algId; - this.attributes = attributes; - } - - public PrivateKeyInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - BigInteger version = ((DERInteger)e.nextElement()).getValue(); - if (version.intValue() != 0) - { - throw new IllegalArgumentException("wrong version for private key info"); - } - - algId = new AlgorithmIdentifier((ASN1Sequence)e.nextElement()); - - try - { - ASN1InputStream aIn = new ASN1InputStream(((ASN1OctetString)e.nextElement()).getOctets()); - - privKey = aIn.readObject(); - } - catch (IOException ex) - { - throw new IllegalArgumentException("Error recoverying private key from sequence"); - } - - if (e.hasMoreElements()) - { - attributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false); - } - } - - public AlgorithmIdentifier getAlgorithmId() - { - return algId; - } - - public DERObject getPrivateKey() - { - return privKey; - } - - public ASN1Set getAttributes() - { - return attributes; - } - - /** - * write out an RSA private key with its associated information - * as described in PKCS8. - * 
-     *      PrivateKeyInfo ::= SEQUENCE {
-     *                              version Version,
-     *                              privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
-     *                              privateKey PrivateKey,
-     *                              attributes [0] IMPLICIT Attributes OPTIONAL 
-     *                          }
-     *      Version ::= INTEGER {v1(0)} (v1,...)
-     *
-     *      PrivateKey ::= OCTET STRING
-     *
-     *      Attributes ::= SET OF Attribute
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(algId); - v.add(new DEROctetString(privKey)); - - if (attributes != null) - { - v.add(new DERTaggedObject(false, 0, attributes)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java deleted file mode 100644 index 23508a429..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class RC2CBCParameter - extends ASN1Encodable -{ - DERInteger version; - ASN1OctetString iv; - - public static RC2CBCParameter getInstance( - Object o) - { - if (o instanceof ASN1Sequence) - { - return new RC2CBCParameter((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in RC2CBCParameter factory"); - } - - public RC2CBCParameter( - byte[] iv) - { - this.version = null; - this.iv = new DEROctetString(iv); - } - - public RC2CBCParameter( - int parameterVersion, - byte[] iv) - { - this.version = new DERInteger(parameterVersion); - this.iv = new DEROctetString(iv); - } - - public RC2CBCParameter( - ASN1Sequence seq) - { - if (seq.size() == 1) - { - version = null; - iv = (ASN1OctetString)seq.getObjectAt(0); - } - else - { - version = (DERInteger)seq.getObjectAt(0); - iv = (ASN1OctetString)seq.getObjectAt(1); - } - } - - public BigInteger getRC2ParameterVersion() - { - if (version == null) - { - return null; - } - - return version.getValue(); - } - - public byte[] getIV() - { - return iv.getOctets(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (version != null) - { - v.add(version); - } - - v.add(iv); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java deleted file mode 100644 index 18dd25917..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java +++ /dev/null @@ -1,151 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class RSAESOAEPparams - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlgorithm; - private AlgorithmIdentifier maskGenAlgorithm; - private AlgorithmIdentifier pSourceAlgorithm; - - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); - public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); - public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0])); - - public static RSAESOAEPparams getInstance( - Object obj) - { - if (obj instanceof RSAESOAEPparams) - { - return (RSAESOAEPparams)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RSAESOAEPparams((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - /** - * The default version - */ - public RSAESOAEPparams() - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - pSourceAlgorithm = DEFAULT_P_SOURCE_ALGORITHM; - } - - public RSAESOAEPparams( - AlgorithmIdentifier hashAlgorithm, - AlgorithmIdentifier maskGenAlgorithm, - AlgorithmIdentifier pSourceAlgorithm) - { - this.hashAlgorithm = hashAlgorithm; - this.maskGenAlgorithm = maskGenAlgorithm; - this.pSourceAlgorithm = pSourceAlgorithm; - } - - public RSAESOAEPparams( - ASN1Sequence seq) - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - pSourceAlgorithm = DEFAULT_P_SOURCE_ALGORITHM; - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(i); - - switch (o.getTagNo()) - { - case 0: - hashAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 1: - maskGenAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 2: - pSourceAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - default: - throw new IllegalArgumentException("unknown tag"); - } - } - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public AlgorithmIdentifier getMaskGenAlgorithm() - { - return maskGenAlgorithm; - } - - public AlgorithmIdentifier getPSourceAlgorithm() - { - return pSourceAlgorithm; - } - - /** - * 
-     *  RSAES-OAEP-params ::= SEQUENCE {
-     *     hashAlgorithm      [0] OAEP-PSSDigestAlgorithms     DEFAULT sha1,
-     *     maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1,
-     *     pSourceAlgorithm   [2] PKCS1PSourceAlgorithms  DEFAULT pSpecifiedEmpty
-     *   }
-     *  
-     *   OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
-     *     { OID id-sha1 PARAMETERS NULL   }|
-     *     { OID id-sha256 PARAMETERS NULL }|
-     *     { OID id-sha384 PARAMETERS NULL }|
-     *     { OID id-sha512 PARAMETERS NULL },
-     *     ...  -- Allows for future expansion --
-     *   }
-     *   PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
-     *     { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
-     *    ...  -- Allows for future expansion --
-     *   }
-     *   PKCS1PSourceAlgorithms    ALGORITHM-IDENTIFIER ::= {
-     *     { OID id-pSpecified PARAMETERS OCTET STRING },
-     *     ...  -- Allows for future expansion --
-     *  }
-     *
- * @return the asn1 primitive representing the parameters. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) - { - v.add(new DERTaggedObject(true, 0, hashAlgorithm)); - } - - if (!maskGenAlgorithm.equals(DEFAULT_MASK_GEN_FUNCTION)) - { - v.add(new DERTaggedObject(true, 1, maskGenAlgorithm)); - } - - if (!pSourceAlgorithm.equals(DEFAULT_P_SOURCE_ALGORITHM)) - { - v.add(new DERTaggedObject(true, 2, pSourceAlgorithm)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java deleted file mode 100644 index e2f00720f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java +++ /dev/null @@ -1,186 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class RSAPrivateKeyStructure - extends ASN1Encodable -{ - private int version; - private BigInteger modulus; - private BigInteger publicExponent; - private BigInteger privateExponent; - private BigInteger prime1; - private BigInteger prime2; - private BigInteger exponent1; - private BigInteger exponent2; - private BigInteger coefficient; - private ASN1Sequence otherPrimeInfos = null; - - public static RSAPrivateKeyStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static RSAPrivateKeyStructure getInstance( - Object obj) - { - if (obj instanceof RSAPrivateKeyStructure) - { - return (RSAPrivateKeyStructure)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RSAPrivateKeyStructure((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public RSAPrivateKeyStructure( - BigInteger modulus, - BigInteger publicExponent, - BigInteger privateExponent, - BigInteger prime1, - BigInteger prime2, - BigInteger exponent1, - BigInteger exponent2, - BigInteger coefficient) - { - this.version = 0; - this.modulus = modulus; - this.publicExponent = publicExponent; - this.privateExponent = privateExponent; - this.prime1 = prime1; - this.prime2 = prime2; - this.exponent1 = exponent1; - this.exponent2 = exponent2; - this.coefficient = coefficient; - } - - public RSAPrivateKeyStructure( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - BigInteger v = ((DERInteger)e.nextElement()).getValue(); - if (v.intValue() != 0 && v.intValue() != 1) - { - throw new IllegalArgumentException("wrong version for RSA private key"); - } - - version = v.intValue(); - modulus = ((DERInteger)e.nextElement()).getValue(); - publicExponent = ((DERInteger)e.nextElement()).getValue(); - privateExponent = ((DERInteger)e.nextElement()).getValue(); - prime1 = ((DERInteger)e.nextElement()).getValue(); - prime2 = ((DERInteger)e.nextElement()).getValue(); - exponent1 = ((DERInteger)e.nextElement()).getValue(); - exponent2 = ((DERInteger)e.nextElement()).getValue(); - coefficient = ((DERInteger)e.nextElement()).getValue(); - - if (e.hasMoreElements()) - { - otherPrimeInfos = (ASN1Sequence)e.nextElement(); - } - } - - public int getVersion() - { - return version; - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPublicExponent() - { - return publicExponent; - } - - public BigInteger getPrivateExponent() - { - return privateExponent; - } - - public BigInteger getPrime1() - { - return prime1; - } - - public BigInteger getPrime2() - { - return prime2; - } - - public BigInteger getExponent1() - { - return exponent1; - } - - public BigInteger getExponent2() - { - return exponent2; - } - - public BigInteger getCoefficient() - { - return coefficient; - } - - /** - * This outputs the key in PKCS1v2 format. - * 
-     *      RSAPrivateKey ::= SEQUENCE {
-     *                          version Version,
-     *                          modulus INTEGER, -- n
-     *                          publicExponent INTEGER, -- e
-     *                          privateExponent INTEGER, -- d
-     *                          prime1 INTEGER, -- p
-     *                          prime2 INTEGER, -- q
-     *                          exponent1 INTEGER, -- d mod (p-1)
-     *                          exponent2 INTEGER, -- d mod (q-1)
-     *                          coefficient INTEGER, -- (inverse of q) mod p
-     *                          otherPrimeInfos OtherPrimeInfos OPTIONAL
-     *                      }
-     *
-     *      Version ::= INTEGER { two-prime(0), multi(1) }
-     *        (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --})
-     *
- *

- * This routine is written to output PKCS1 version 2.1, private keys. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(version)); // version - v.add(new DERInteger(getModulus())); - v.add(new DERInteger(getPublicExponent())); - v.add(new DERInteger(getPrivateExponent())); - v.add(new DERInteger(getPrime1())); - v.add(new DERInteger(getPrime2())); - v.add(new DERInteger(getExponent1())); - v.add(new DERInteger(getExponent2())); - v.add(new DERInteger(getCoefficient())); - - if (otherPrimeInfos != null) - { - v.add(otherPrimeInfos); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java deleted file mode 100644 index 3e8648cbe..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java +++ /dev/null @@ -1,170 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class RSASSAPSSparams - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlgorithm; - private AlgorithmIdentifier maskGenAlgorithm; - private DERInteger saltLength; - private DERInteger trailerField; - - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); - public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); - public final static DERInteger DEFAULT_SALT_LENGTH = new DERInteger(20); - public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1); - - public static RSASSAPSSparams getInstance( - Object obj) - { - if (obj == null || obj instanceof RSASSAPSSparams) - { - return (RSASSAPSSparams)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RSASSAPSSparams((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - /** - * The default version - */ - public RSASSAPSSparams() - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - saltLength = DEFAULT_SALT_LENGTH; - trailerField = DEFAULT_TRAILER_FIELD; - } - - public RSASSAPSSparams( - AlgorithmIdentifier hashAlgorithm, - AlgorithmIdentifier maskGenAlgorithm, - DERInteger saltLength, - DERInteger trailerField) - { - this.hashAlgorithm = hashAlgorithm; - this.maskGenAlgorithm = maskGenAlgorithm; - this.saltLength = saltLength; - this.trailerField = trailerField; - } - - public RSASSAPSSparams( - ASN1Sequence seq) - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - saltLength = DEFAULT_SALT_LENGTH; - trailerField = DEFAULT_TRAILER_FIELD; - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(i); - - switch (o.getTagNo()) - { - case 0: - hashAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 1: - maskGenAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 2: - saltLength = DERInteger.getInstance(o, true); - break; - case 3: - trailerField = DERInteger.getInstance(o, true); - break; - default: - throw new IllegalArgumentException("unknown tag"); - } - } - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public AlgorithmIdentifier getMaskGenAlgorithm() - { - return maskGenAlgorithm; - } - - public DERInteger getSaltLength() - { - return saltLength; - } - - public DERInteger getTrailerField() - { - return trailerField; - } - - /** - * 

-     * RSASSA-PSS-params ::= SEQUENCE {
-     *   hashAlgorithm      [0] OAEP-PSSDigestAlgorithms  DEFAULT sha1,
-     *    maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1,
-     *    saltLength         [2] INTEGER  DEFAULT 20,
-     *    trailerField       [3] TrailerField  DEFAULT trailerFieldBC
-     *  }
-     *
-     * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
-     *    { OID id-sha1 PARAMETERS NULL   }|
-     *    { OID id-sha256 PARAMETERS NULL }|
-     *    { OID id-sha384 PARAMETERS NULL }|
-     *    { OID id-sha512 PARAMETERS NULL },
-     *    ...  -- Allows for future expansion --
-     * }
-     *
-     * PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
-     *   { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
-     *    ...  -- Allows for future expansion --
-     * }
-     * 
-     * TrailerField ::= INTEGER { trailerFieldBC(1) }
-     *
- * @return the asn1 primitive representing the parameters. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) - { - v.add(new DERTaggedObject(true, 0, hashAlgorithm)); - } - - if (!maskGenAlgorithm.equals(DEFAULT_MASK_GEN_FUNCTION)) - { - v.add(new DERTaggedObject(true, 1, maskGenAlgorithm)); - } - - if (!saltLength.equals(DEFAULT_SALT_LENGTH)) - { - v.add(new DERTaggedObject(true, 2, saltLength)); - } - - if (!trailerField.equals(DEFAULT_TRAILER_FIELD)) - { - v.add(new DERTaggedObject(true, 3, trailerField)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java deleted file mode 100644 index 2808d92d6..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class SafeBag - extends ASN1Encodable -{ - DERObjectIdentifier bagId; - DERObject bagValue; - ASN1Set bagAttributes; - - public SafeBag( - DERObjectIdentifier oid, - DERObject obj) - { - this.bagId = oid; - this.bagValue = obj; - this.bagAttributes = null; - } - - public SafeBag( - DERObjectIdentifier oid, - DERObject obj, - ASN1Set bagAttributes) - { - this.bagId = oid; - this.bagValue = obj; - this.bagAttributes = bagAttributes; - } - - public SafeBag( - ASN1Sequence seq) - { - this.bagId = (DERObjectIdentifier)seq.getObjectAt(0); - this.bagValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); - if (seq.size() == 3) - { - this.bagAttributes = (ASN1Set)seq.getObjectAt(2); - } - } - - public DERObjectIdentifier getBagId() - { - return bagId; - } - - public DERObject getBagValue() - { - return bagValue; - } - - public ASN1Set getBagAttributes() - { - return bagAttributes; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(bagId); - v.add(new DERTaggedObject(0, bagValue)); - - if (bagAttributes != null) - { - v.add(bagAttributes); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java deleted file mode 100644 index 136ad11fb..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java +++ /dev/null @@ -1,166 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * a PKCS#7 signed data object. - */ -public class SignedData - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private DERInteger version; - private ASN1Set digestAlgorithms; - private ContentInfo contentInfo; - private ASN1Set certificates; - private ASN1Set crls; - private ASN1Set signerInfos; - - public static SignedData getInstance( - Object o) - { - if (o instanceof SignedData) - { - return (SignedData)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignedData((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o); - } - - public SignedData( - DERInteger _version, - ASN1Set _digestAlgorithms, - ContentInfo _contentInfo, - ASN1Set _certificates, - ASN1Set _crls, - ASN1Set _signerInfos) - { - version = _version; - digestAlgorithms = _digestAlgorithms; - contentInfo = _contentInfo; - certificates = _certificates; - crls = _crls; - signerInfos = _signerInfos; - } - - public SignedData( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - digestAlgorithms = ((ASN1Set)e.nextElement()); - contentInfo = ContentInfo.getInstance(e.nextElement()); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject)e.nextElement(); - - // - // an interesting feature of SignedData is that there appear to be varying implementations... - // for the moment we ignore anything which doesn't fit. - // - if (o instanceof DERTaggedObject) - { - DERTaggedObject tagged = (DERTaggedObject)o; - - switch (tagged.getTagNo()) - { - case 0: - certificates = ASN1Set.getInstance(tagged, false); - break; - case 1: - crls = ASN1Set.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("unknown tag value " + tagged.getTagNo()); - } - } - else - { - signerInfos = (ASN1Set)o; - } - } - } - - public DERInteger getVersion() - { - return version; - } - - public ASN1Set getDigestAlgorithms() - { - return digestAlgorithms; - } - - public ContentInfo getContentInfo() - { - return contentInfo; - } - - public ASN1Set getCertificates() - { - return certificates; - } - - public ASN1Set getCRLs() - { - return crls; - } - - public ASN1Set getSignerInfos() - { - return signerInfos; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  SignedData ::= SEQUENCE {
-     *      version Version,
-     *      digestAlgorithms DigestAlgorithmIdentifiers,
-     *      contentInfo ContentInfo,
-     *      certificates
-     *          [0] IMPLICIT ExtendedCertificatesAndCertificates
-     *                   OPTIONAL,
-     *      crls
-     *          [1] IMPLICIT CertificateRevocationLists OPTIONAL,
-     *      signerInfos SignerInfos }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(digestAlgorithms); - v.add(contentInfo); - - if (certificates != null) - { - v.add(new DERTaggedObject(false, 0, certificates)); - } - - if (crls != null) - { - v.add(new DERTaggedObject(false, 1, crls)); - } - - v.add(signerInfos); - - return new BERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java deleted file mode 100644 index e3aa07506..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * a PKCS#7 signer info object. - */ -public class SignerInfo - extends ASN1Encodable -{ - private DERInteger version; - private IssuerAndSerialNumber issuerAndSerialNumber; - private AlgorithmIdentifier digAlgorithm; - private ASN1Set authenticatedAttributes; - private AlgorithmIdentifier digEncryptionAlgorithm; - private ASN1OctetString encryptedDigest; - private ASN1Set unauthenticatedAttributes; - - public static SignerInfo getInstance( - Object o) - { - if (o instanceof SignerInfo) - { - return (SignerInfo)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignerInfo((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public SignerInfo( - DERInteger version, - IssuerAndSerialNumber issuerAndSerialNumber, - AlgorithmIdentifier digAlgorithm, - ASN1Set authenticatedAttributes, - AlgorithmIdentifier digEncryptionAlgorithm, - ASN1OctetString encryptedDigest, - ASN1Set unauthenticatedAttributes) - { - this.version = version; - this.issuerAndSerialNumber = issuerAndSerialNumber; - this.digAlgorithm = digAlgorithm; - this.authenticatedAttributes = authenticatedAttributes; - this.digEncryptionAlgorithm = digEncryptionAlgorithm; - this.encryptedDigest = encryptedDigest; - this.unauthenticatedAttributes = unauthenticatedAttributes; - } - - public SignerInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(e.nextElement()); - digAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - - Object obj = e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false); - - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - } - else - { - authenticatedAttributes = null; - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj); - } - - encryptedDigest = DEROctetString.getInstance(e.nextElement()); - - if (e.hasMoreElements()) - { - unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false); - } - else - { - unauthenticatedAttributes = null; - } - } - - public DERInteger getVersion() - { - return version; - } - - public IssuerAndSerialNumber getIssuerAndSerialNumber() - { - return issuerAndSerialNumber; - } - - public ASN1Set getAuthenticatedAttributes() - { - return authenticatedAttributes; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digAlgorithm; - } - - public ASN1OctetString getEncryptedDigest() - { - return encryptedDigest; - } - - public AlgorithmIdentifier getDigestEncryptionAlgorithm() - { - return digEncryptionAlgorithm; - } - - public ASN1Set getUnauthenticatedAttributes() - { - return unauthenticatedAttributes; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  SignerInfo ::= SEQUENCE {
-     *      version Version,
-     *      issuerAndSerialNumber IssuerAndSerialNumber,
-     *      digestAlgorithm DigestAlgorithmIdentifier,
-     *      authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
-     *      digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
-     *      encryptedDigest EncryptedDigest,
-     *      unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
-     *  }
-     *
-     *  EncryptedDigest ::= OCTET STRING
-     *
-     *  DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-     *
-     *  DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(issuerAndSerialNumber); - v.add(digAlgorithm); - - if (authenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 0, authenticatedAttributes)); - } - - v.add(digEncryptionAlgorithm); - v.add(encryptedDigest); - - if (unauthenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/package.html deleted file mode 100644 index ab800f446..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/pkcs/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting the various RSA PKCS documents. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java deleted file mode 100644 index b9a040731..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.asn1.sec; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.util.BigIntegers; - -/** - * the elliptic curve private key object from SEC 1 - */ -public class ECPrivateKeyStructure - extends ASN1Encodable -{ - private ASN1Sequence seq; - - public ECPrivateKeyStructure( - ASN1Sequence seq) - { - this.seq = seq; - } - - public ECPrivateKeyStructure( - BigInteger key) - { - byte[] bytes = BigIntegers.asUnsignedByteArray(key); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(1)); - v.add(new DEROctetString(bytes)); - - seq = new DERSequence(v); - } - - public ECPrivateKeyStructure( - BigInteger key, - ASN1Encodable parameters) - { - this(key, null, parameters); - } - - public ECPrivateKeyStructure( - BigInteger key, - DERBitString publicKey, - ASN1Encodable parameters) - { - byte[] bytes = BigIntegers.asUnsignedByteArray(key); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(1)); - v.add(new DEROctetString(bytes)); - - if (parameters != null) - { - v.add(new DERTaggedObject(true, 0, parameters)); - } - - if (publicKey != null) - { - v.add(new DERTaggedObject(true, 1, publicKey)); - } - - seq = new DERSequence(v); - } - - public BigInteger getKey() - { - ASN1OctetString octs = (ASN1OctetString)seq.getObjectAt(1); - - return new BigInteger(1, octs.getOctets()); - } - - public DERBitString getPublicKey() - { - return (DERBitString)getObjectInTag(1); - } - - public ASN1Object getParameters() - { - return getObjectInTag(0); - } - - private ASN1Object getObjectInTag(int tagNo) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - DEREncodable obj = (DEREncodable)e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tag = (ASN1TaggedObject)obj; - if (tag.getTagNo() == tagNo) - { - return (ASN1Object)((DEREncodable)tag.getObject()).getDERObject(); - } - } - } - return null; - } - - /** - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] Parameters OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL } - */ - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java deleted file mode 100644 index 67ead069f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java +++ /dev/null @@ -1,1029 +0,0 @@ -package org.bouncycastle.asn1.sec; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ECParametersHolder; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.math.ec.ECConstants; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; - -public class SECNamedCurves -{ - private static BigInteger fromHex( - String hex) - { - return new BigInteger(1, Hex.decode(hex)); - } - - /* - * secp112r1 - */ - static X9ECParametersHolder secp112r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = (2^128 - 3) / 76439 - BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B"); - BigInteger a = fromHex("DB7C2ABF62E35E668076BEAD2088"); - BigInteger b = fromHex("659EF8BA043916EEDE8911702B22"); - byte[] S = Hex.decode("00F50B028E4D696E676875615175290472783FB1"); - BigInteger n = fromHex("DB7C2ABF62E35E7628DFAC6561C5"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "09487239995A5EE76B55F9C2F098")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "09487239995A5EE76B55F9C2F098" - + "A89CE5AF8724C0A23E0E0FF77500")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp112r2 - */ - static X9ECParametersHolder secp112r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = (2^128 - 3) / 76439 - BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B"); - BigInteger a = fromHex("6127C24C05F38A0AAAF65C0EF02C"); - BigInteger b = fromHex("51DEF1815DB5ED74FCC34C85D709"); - byte[] S = Hex.decode("002757A1114D696E6768756151755316C05E0BD4"); - BigInteger n = fromHex("36DF0AAFD8B8D7597CA10520D04B"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "4BA30AB5E892B4E1649DD0928643")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "4BA30AB5E892B4E1649DD0928643" - + "ADCD46F5882E3747DEF36E956E97")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp128r1 - */ - static X9ECParametersHolder secp128r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^128 - 2^97 - 1 - BigInteger p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF"); - BigInteger a = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"); - BigInteger b = fromHex("E87579C11079F43DD824993C2CEE5ED3"); - byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679"); - BigInteger n = fromHex("FFFFFFFE0000000075A30D1B9038A115"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "161FF7528B899B2D0C28607CA52C5B86")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "161FF7528B899B2D0C28607CA52C5B86" - + "CF5AC8395BAFEB13C02DA292DDED7A83")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp128r2 - */ - static X9ECParametersHolder secp128r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^128 - 2^97 - 1 - BigInteger p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF"); - BigInteger a = fromHex("D6031998D1B3BBFEBF59CC9BBFF9AEE1"); - BigInteger b = fromHex("5EEEFCA380D02919DC2C6558BB6D8A5D"); - byte[] S = Hex.decode("004D696E67687561517512D8F03431FCE63B88F4"); - BigInteger n = fromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "7B6AA5D85E572983E6FB32A7CDEBC140")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "7B6AA5D85E572983E6FB32A7CDEBC140" - + "27B6916A894D3AEE7106FE805FC34B44")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp160k1 - */ - static X9ECParametersHolder secp160k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73"); - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(7); - byte[] S = null; - BigInteger n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); -// ECPoint G = curve.decodePoint(Hex.decode("02" -// + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB" - + "938CF935318FDCED6BC28286531733C3F03C4FEE")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp160r1 - */ - static X9ECParametersHolder secp160r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^160 - 2^31 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"); - BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"); - BigInteger b = fromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"); - byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345"); - BigInteger n = fromHex("0100000000000000000001F4C8F927AED3CA752257"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "4A96B5688EF573284664698968C38BB913CBFC82")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "4A96B5688EF573284664698968C38BB913CBFC82" - + "23A628553168947D59DCC912042351377AC5FB32")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp160r2 - */ - static X9ECParametersHolder secp160r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73"); - BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70"); - BigInteger b = fromHex("B4E134D3FB59EB8BAB57274904664D5AF50388BA"); - byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751"); - BigInteger n = fromHex("0100000000000000000000351EE786A818F3A1A16B"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "52DCB034293A117E1F4FF11B30F7199D3144CE6D" - + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp192k1 - */ - static X9ECParametersHolder secp192k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37"); - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(3); - byte[] S = null; - BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D" - + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp192r1 - */ - static X9ECParametersHolder secp192r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^192 - 2^64 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"); - BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"); - BigInteger b = fromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"); - byte[] S = Hex.decode("3045AE6FC8422F64ED579528D38120EAE12196D5"); - BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012" - + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp224k1 - */ - static X9ECParametersHolder secp224k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^224 - 2^32 - 2^12 - 2^11 - 2^9 - 2^7 - 2^4 - 2 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D"); - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(5); - byte[] S = null; - BigInteger n = fromHex("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C" - + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp224r1 - */ - static X9ECParametersHolder secp224r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^224 - 2^96 + 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"); - BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"); - BigInteger b = fromHex("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"); - byte[] S = Hex.decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); - BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21" - + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp256k1 - */ - static X9ECParametersHolder secp256k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"); - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(7); - byte[] S = null; - BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798" - + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp256r1 - */ - static X9ECParametersHolder secp256r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1 - BigInteger p = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"); - BigInteger a = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"); - BigInteger b = fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); - byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90"); - BigInteger n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" - + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp384r1 - */ - static X9ECParametersHolder secp384r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^384 - 2^128 - 2^96 + 2^32 - 1 - BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"); - BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"); - BigInteger b = fromHex("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"); - byte[] S = Hex.decode("A335926AA319A27A1D00896A6773A4827ACDAC73"); - BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7" - + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * secp521r1 - */ - static X9ECParametersHolder secp521r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - // p = 2^521 - 1 - BigInteger p = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); - BigInteger a = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"); - BigInteger b = fromHex("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"); - byte[] S = Hex.decode("D09E8800291CB85396CC6717393284AAA0DA64BA"); - BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"); - BigInteger h = BigInteger.valueOf(1); - - ECCurve curve = new ECCurve.Fp(p, a, b); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66" - + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect113r1 - */ - static X9ECParametersHolder sect113r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 113; - int k = 9; - - BigInteger a = fromHex("003088250CA6E7C7FE649CE85820F7"); - BigInteger b = fromHex("00E8BEE4D3E2260744188BE0E9C723"); - byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9"); - BigInteger n = fromHex("0100000000000000D9CCEC8A39E56F"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "009D73616F35F4AB1407D73562C10F")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "009D73616F35F4AB1407D73562C10F" - + "00A52830277958EE84D1315ED31886")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect113r2 - */ - static X9ECParametersHolder sect113r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 113; - int k = 9; - - BigInteger a = fromHex("00689918DBEC7E5A0DD6DFC0AA55C7"); - BigInteger b = fromHex("0095E9A9EC9B297BD4BF36E059184F"); - byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D"); - BigInteger n = fromHex("010000000000000108789B2496AF93"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "01A57A6A7B26CA5EF52FCDB8164797")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "01A57A6A7B26CA5EF52FCDB8164797" - + "00B3ADC94ED1FE674C06E695BABA1D")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect131r1 - */ - static X9ECParametersHolder sect131r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 131; - int k1 = 2; - int k2 = 3; - int k3 = 8; - - BigInteger a = fromHex("07A11B09A76B562144418FF3FF8C2570B8"); - BigInteger b = fromHex("0217C05610884B63B9C6C7291678F9D341"); - byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2"); - BigInteger n = fromHex("0400000000000000023123953A9464B54D"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "0081BAF91FDF9833C40F9C181343638399")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "0081BAF91FDF9833C40F9C181343638399" - + "078C6E7EA38C001F73C8134B1B4EF9E150")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect131r2 - */ - static X9ECParametersHolder sect131r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 131; - int k1 = 2; - int k2 = 3; - int k3 = 8; - - BigInteger a = fromHex("03E5A88919D7CAFCBF415F07C2176573B2"); - BigInteger b = fromHex("04B8266A46C55657AC734CE38F018F2192"); - byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3"); - BigInteger n = fromHex("0400000000000000016954A233049BA98F"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "0356DCD8F2F95031AD652D23951BB366A8")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "0356DCD8F2F95031AD652D23951BB366A8" - + "0648F06D867940A5366D9E265DE9EB240F")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect163k1 - */ - static X9ECParametersHolder sect163k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 163; - int k1 = 3; - int k2 = 6; - int k3 = 7; - - BigInteger a = BigInteger.valueOf(1); - BigInteger b = BigInteger.valueOf(1); - byte[] S = null; - BigInteger n = fromHex("04000000000000000000020108A2E0CC0D99F8A5EF"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8" - + "0289070FB05D38FF58321F2E800536D538CCDAA3D9")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect163r1 - */ - static X9ECParametersHolder sect163r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 163; - int k1 = 3; - int k2 = 6; - int k3 = 7; - - BigInteger a = fromHex("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2"); - BigInteger b = fromHex("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9"); - byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C"); - BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "0369979697AB43897789566789567F787A7876A654")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "0369979697AB43897789566789567F787A7876A654" - + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect163r2 - */ - static X9ECParametersHolder sect163r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 163; - int k1 = 3; - int k2 = 6; - int k3 = 7; - - BigInteger a = BigInteger.valueOf(1); - BigInteger b = fromHex("020A601907B8C953CA1481EB10512F78744A3205FD"); - byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268"); - BigInteger n = fromHex("040000000000000000000292FE77E70C12A4234C33"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "03F0EBA16286A2D57EA0991168D4994637E8343E36")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "03F0EBA16286A2D57EA0991168D4994637E8343E36" - + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect193r1 - */ - static X9ECParametersHolder sect193r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 193; - int k = 15; - - BigInteger a = fromHex("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01"); - BigInteger b = fromHex("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814"); - byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30"); - BigInteger n = fromHex("01000000000000000000000000C7F34A778F443ACC920EBA49"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1" - + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect193r2 - */ - static X9ECParametersHolder sect193r2 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 193; - int k = 15; - - BigInteger a = fromHex("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B"); - BigInteger b = fromHex("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE"); - byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211"); - BigInteger n = fromHex("010000000000000000000000015AAB561B005413CCD4EE99D5"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F" - + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect233k1 - */ - static X9ECParametersHolder sect233k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 233; - int k = 74; - - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(1); - byte[] S = null; - BigInteger n = fromHex("8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126" - + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect233r1 - */ - static X9ECParametersHolder sect233r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 233; - int k = 74; - - BigInteger a = BigInteger.valueOf(1); - BigInteger b = fromHex("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD"); - byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3"); - BigInteger n = fromHex("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B" - + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect239k1 - */ - static X9ECParametersHolder sect239k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 239; - int k = 158; - - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(1); - byte[] S = null; - BigInteger n = fromHex("2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC" - + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect283k1 - */ - static X9ECParametersHolder sect283k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 283; - int k1 = 5; - int k2 = 7; - int k3 = 12; - - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(1); - byte[] S = null; - BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836" - + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect283r1 - */ - static X9ECParametersHolder sect283r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 283; - int k1 = 5; - int k2 = 7; - int k3 = 12; - - BigInteger a = BigInteger.valueOf(1); - BigInteger b = fromHex("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5"); - byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE"); - BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053" - + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect409k1 - */ - static X9ECParametersHolder sect409k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 409; - int k = 87; - - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(1); - byte[] S = null; - BigInteger n = fromHex("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746" - + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect409r1 - */ - static X9ECParametersHolder sect409r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 409; - int k = 87; - - BigInteger a = BigInteger.valueOf(1); - BigInteger b = fromHex("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F"); - byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B"); - BigInteger n = fromHex("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7" - + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect571k1 - */ - static X9ECParametersHolder sect571k1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 571; - int k1 = 2; - int k2 = 5; - int k3 = 10; - - BigInteger a = ECConstants.ZERO; - BigInteger b = BigInteger.valueOf(1); - byte[] S = null; - BigInteger n = fromHex("020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001"); - BigInteger h = BigInteger.valueOf(4); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("02" - //+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972" - + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - /* - * sect571r1 - */ - static X9ECParametersHolder sect571r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - int m = 571; - int k1 = 2; - int k2 = 5; - int k3 = 10; - - BigInteger a = BigInteger.valueOf(1); - BigInteger b = fromHex("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A"); - byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310"); - BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47"); - BigInteger h = BigInteger.valueOf(2); - - ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h); - //ECPoint G = curve.decodePoint(Hex.decode("03" - //+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19")); - ECPoint G = curve.decodePoint(Hex.decode("04" - + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19" - + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B")); - - return new X9ECParameters(curve, G, n, h, S); - } - }; - - - static final Hashtable objIds = new Hashtable(); - static final Hashtable curves = new Hashtable(); - static final Hashtable names = new Hashtable(); - - static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder) - { - objIds.put(name, oid); - names.put(oid, name); - curves.put(oid, holder); - } - - static - { - defineCurve("secp112r1", SECObjectIdentifiers.secp112r1, secp112r1); - defineCurve("secp112r2", SECObjectIdentifiers.secp112r2, secp112r2); - defineCurve("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1); - defineCurve("secp128r2", SECObjectIdentifiers.secp128r2, secp128r2); - defineCurve("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1); - defineCurve("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1); - defineCurve("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2); - defineCurve("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1); - defineCurve("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1); - defineCurve("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1); - defineCurve("secp224r1", SECObjectIdentifiers.secp224r1, secp224r1); - defineCurve("secp256k1", SECObjectIdentifiers.secp256k1, secp256k1); - defineCurve("secp256r1", SECObjectIdentifiers.secp256r1, secp256r1); - defineCurve("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1); - defineCurve("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1); - - defineCurve("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1); - defineCurve("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2); - defineCurve("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1); - defineCurve("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2); - defineCurve("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1); - defineCurve("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1); - defineCurve("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2); - defineCurve("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1); - defineCurve("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2); - defineCurve("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1); - defineCurve("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1); - defineCurve("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1); - defineCurve("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1); - defineCurve("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1); - defineCurve("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1); - defineCurve("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1); - defineCurve("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1); - defineCurve("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1); - } - - public static X9ECParameters getByName( - String name) - { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); - - if (oid != null) - { - return getByOID(oid); - } - - return null; - } - - /** - * return the X9ECParameters object for the named curve represented by - * the passed in object identifier. Null if the curve isn't present. - * - * @param oid an object identifier representing a named curve, if present. - */ - public static X9ECParameters getByOID( - DERObjectIdentifier oid) - { - X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid); - - if (holder != null) - { - return holder.getParameters(); - } - - return null; - } - - /** - * return the object identifier signified by the passed in name. Null - * if there is no object identifier associated with name. - * - * @return the object identifier associated with name, if present. - */ - public static DERObjectIdentifier getOID( - String name) - { - return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); - } - - /** - * return the named curve name represented by the given object identifier. - */ - public static String getName( - DERObjectIdentifier oid) - { - return (String)names.get(oid); - } - - /** - * returns an enumeration containing the name strings for curves - * contained in this structure. - */ - public static Enumeration getNames() - { - return objIds.keys(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java deleted file mode 100644 index 8b19cd687..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.asn1.sec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -public interface SECObjectIdentifiers -{ - /** - * ellipticCurve OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) - * } - */ - static final ASN1ObjectIdentifier ellipticCurve = new ASN1ObjectIdentifier("1.3.132.0"); - - static final ASN1ObjectIdentifier sect163k1 = ellipticCurve.branch("1"); - static final ASN1ObjectIdentifier sect163r1 = ellipticCurve.branch("2"); - static final ASN1ObjectIdentifier sect239k1 = ellipticCurve.branch("3"); - static final ASN1ObjectIdentifier sect113r1 = ellipticCurve.branch("4"); - static final ASN1ObjectIdentifier sect113r2 = ellipticCurve.branch("5"); - static final ASN1ObjectIdentifier secp112r1 = ellipticCurve.branch("6"); - static final ASN1ObjectIdentifier secp112r2 = ellipticCurve.branch("7"); - static final ASN1ObjectIdentifier secp160r1 = ellipticCurve.branch("8"); - static final ASN1ObjectIdentifier secp160k1 = ellipticCurve.branch("9"); - static final ASN1ObjectIdentifier secp256k1 = ellipticCurve.branch("10"); - static final ASN1ObjectIdentifier sect163r2 = ellipticCurve.branch("15"); - static final ASN1ObjectIdentifier sect283k1 = ellipticCurve.branch("16"); - static final ASN1ObjectIdentifier sect283r1 = ellipticCurve.branch("17"); - static final ASN1ObjectIdentifier sect131r1 = ellipticCurve.branch("22"); - static final ASN1ObjectIdentifier sect131r2 = ellipticCurve.branch("23"); - static final ASN1ObjectIdentifier sect193r1 = ellipticCurve.branch("24"); - static final ASN1ObjectIdentifier sect193r2 = ellipticCurve.branch("25"); - static final ASN1ObjectIdentifier sect233k1 = ellipticCurve.branch("26"); - static final ASN1ObjectIdentifier sect233r1 = ellipticCurve.branch("27"); - static final ASN1ObjectIdentifier secp128r1 = ellipticCurve.branch("28"); - static final ASN1ObjectIdentifier secp128r2 = ellipticCurve.branch("29"); - static final ASN1ObjectIdentifier secp160r2 = ellipticCurve.branch("30"); - static final ASN1ObjectIdentifier secp192k1 = ellipticCurve.branch("31"); - static final ASN1ObjectIdentifier secp224k1 = ellipticCurve.branch("32"); - static final ASN1ObjectIdentifier secp224r1 = ellipticCurve.branch("33"); - static final ASN1ObjectIdentifier secp384r1 = ellipticCurve.branch("34"); - static final ASN1ObjectIdentifier secp521r1 = ellipticCurve.branch("35"); - static final ASN1ObjectIdentifier sect409k1 = ellipticCurve.branch("36"); - static final ASN1ObjectIdentifier sect409r1 = ellipticCurve.branch("37"); - static final ASN1ObjectIdentifier sect571k1 = ellipticCurve.branch("38"); - static final ASN1ObjectIdentifier sect571r1 = ellipticCurve.branch("39"); - - static final ASN1ObjectIdentifier secp192r1 = X9ObjectIdentifiers.prime192v1; - static final ASN1ObjectIdentifier secp256r1 = X9ObjectIdentifiers.prime256v1; - -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/package.html deleted file mode 100644 index 5e34dec46..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/sec/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Classes for support of the SEC standard for Elliptic Curve. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEAttributes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEAttributes.java deleted file mode 100644 index ef6b60b04..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEAttributes.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1.smime; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface SMIMEAttributes -{ - public static final DERObjectIdentifier smimeCapabilities = PKCSObjectIdentifiers.pkcs_9_at_smimeCapabilities; - public static final DERObjectIdentifier encrypKeyPref = PKCSObjectIdentifiers.id_aa_encrypKeyPref; -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilities.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilities.java deleted file mode 100644 index 48ba4395a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilities.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.asn1.smime; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -/** - * Handler class for dealing with S/MIME Capabilities - */ -public class SMIMECapabilities - extends ASN1Encodable -{ - /** - * general preferences - */ - public static final DERObjectIdentifier preferSignedData = PKCSObjectIdentifiers.preferSignedData; - public static final DERObjectIdentifier canNotDecryptAny = PKCSObjectIdentifiers.canNotDecryptAny; - public static final DERObjectIdentifier sMIMECapabilitesVersions = PKCSObjectIdentifiers.sMIMECapabilitiesVersions; - - /** - * encryption algorithms preferences - */ - public static final DERObjectIdentifier dES_CBC = new DERObjectIdentifier("1.3.14.3.2.7"); - public static final DERObjectIdentifier dES_EDE3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC; - public static final DERObjectIdentifier rC2_CBC = PKCSObjectIdentifiers.RC2_CBC; - - private ASN1Sequence capabilities; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static SMIMECapabilities getInstance( - Object o) - { - if (o == null || o instanceof SMIMECapabilities) - { - return (SMIMECapabilities)o; - } - - if (o instanceof ASN1Sequence) - { - return new SMIMECapabilities((ASN1Sequence)o); - } - - if (o instanceof Attribute) - { - return new SMIMECapabilities( - (ASN1Sequence)(((Attribute)o).getAttrValues().getObjectAt(0))); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public SMIMECapabilities( - ASN1Sequence seq) - { - capabilities = seq; - } - - /** - * returns a vector with 0 or more objects of all the capabilities - * matching the passed in capability OID. If the OID passed is null the - * entire set is returned. - */ - public Vector getCapabilities( - DERObjectIdentifier capability) - { - Enumeration e = capabilities.getObjects(); - Vector list = new Vector(); - - if (capability == null) - { - while (e.hasMoreElements()) - { - SMIMECapability cap = SMIMECapability.getInstance(e.nextElement()); - - list.addElement(cap); - } - } - else - { - while (e.hasMoreElements()) - { - SMIMECapability cap = SMIMECapability.getInstance(e.nextElement()); - - if (capability.equals(cap.getCapabilityID())) - { - list.addElement(cap); - } - } - } - - return list; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * SMIMECapabilities ::= SEQUENCE OF SMIMECapability
-     *
- */ - public DERObject toASN1Object() - { - return capabilities; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilitiesAttribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilitiesAttribute.java deleted file mode 100644 index cfad31ecf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilitiesAttribute.java +++ /dev/null @@ -1,16 +0,0 @@ -package org.bouncycastle.asn1.smime; - -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; - -public class SMIMECapabilitiesAttribute - extends Attribute -{ - public SMIMECapabilitiesAttribute( - SMIMECapabilityVector capabilities) - { - super(SMIMEAttributes.smimeCapabilities, - new DERSet(new DERSequence(capabilities.toASN1EncodableVector()))); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapability.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapability.java deleted file mode 100644 index f9cc9c75e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapability.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.asn1.smime; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public class SMIMECapability - extends ASN1Encodable -{ - /** - * general preferences - */ - public static final DERObjectIdentifier preferSignedData = PKCSObjectIdentifiers.preferSignedData; - public static final DERObjectIdentifier canNotDecryptAny = PKCSObjectIdentifiers.canNotDecryptAny; - public static final DERObjectIdentifier sMIMECapabilitiesVersions = PKCSObjectIdentifiers.sMIMECapabilitiesVersions; - - /** - * encryption algorithms preferences - */ - public static final DERObjectIdentifier dES_CBC = new DERObjectIdentifier("1.3.14.3.2.7"); - public static final DERObjectIdentifier dES_EDE3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC; - public static final DERObjectIdentifier rC2_CBC = PKCSObjectIdentifiers.RC2_CBC; - public static final DERObjectIdentifier aES128_CBC = NISTObjectIdentifiers.id_aes128_CBC; - public static final DERObjectIdentifier aES192_CBC = NISTObjectIdentifiers.id_aes192_CBC; - public static final DERObjectIdentifier aES256_CBC = NISTObjectIdentifiers.id_aes256_CBC; - - private DERObjectIdentifier capabilityID; - private DEREncodable parameters; - - public SMIMECapability( - ASN1Sequence seq) - { - capabilityID = (DERObjectIdentifier)seq.getObjectAt(0); - - if (seq.size() > 1) - { - parameters = (DERObject)seq.getObjectAt(1); - } - } - - public SMIMECapability( - DERObjectIdentifier capabilityID, - DEREncodable parameters) - { - this.capabilityID = capabilityID; - this.parameters = parameters; - } - - public static SMIMECapability getInstance( - Object obj) - { - if (obj == null || obj instanceof SMIMECapability) - { - return (SMIMECapability)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new SMIMECapability((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid SMIMECapability"); - } - - public DERObjectIdentifier getCapabilityID() - { - return capabilityID; - } - - public DEREncodable getParameters() - { - return parameters; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
 
-     * SMIMECapability ::= SEQUENCE {
-     *     capabilityID OBJECT IDENTIFIER,
-     *     parameters ANY DEFINED BY capabilityID OPTIONAL 
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(capabilityID); - - if (parameters != null) - { - v.add(parameters); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilityVector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilityVector.java deleted file mode 100644 index 9dbcff020..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMECapabilityVector.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.asn1.smime; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * Handler for creating a vector S/MIME Capabilities - */ -public class SMIMECapabilityVector -{ - private ASN1EncodableVector capabilities = new ASN1EncodableVector(); - - public void addCapability( - DERObjectIdentifier capability) - { - capabilities.add(new DERSequence(capability)); - } - - public void addCapability( - DERObjectIdentifier capability, - int value) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(capability); - v.add(new DERInteger(value)); - - capabilities.add(new DERSequence(v)); - } - - public void addCapability( - DERObjectIdentifier capability, - DEREncodable params) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(capability); - v.add(params); - - capabilities.add(new DERSequence(v)); - } - - public ASN1EncodableVector toASN1EncodableVector() - { - return capabilities; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute.java deleted file mode 100644 index 1e5b5396c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1.smime; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.RecipientKeyIdentifier; - -/** - * The SMIMEEncryptionKeyPreference object. - * 
- * SMIMEEncryptionKeyPreference ::= CHOICE {
- *     issuerAndSerialNumber   [0] IssuerAndSerialNumber,
- *     receipentKeyId          [1] RecipientKeyIdentifier,
- *     subjectAltKeyIdentifier [2] SubjectKeyIdentifier
- * }
- *
- */ -public class SMIMEEncryptionKeyPreferenceAttribute - extends Attribute -{ - public SMIMEEncryptionKeyPreferenceAttribute( - IssuerAndSerialNumber issAndSer) - { - super(SMIMEAttributes.encrypKeyPref, - new DERSet(new DERTaggedObject(false, 0, issAndSer))); - } - - public SMIMEEncryptionKeyPreferenceAttribute( - RecipientKeyIdentifier rKeyId) - { - - super(SMIMEAttributes.encrypKeyPref, - new DERSet(new DERTaggedObject(false, 1, rKeyId))); - } - - /** - * @param sKeyId the subjectKeyIdentifier value (normally the X.509 one) - */ - public SMIMEEncryptionKeyPreferenceAttribute( - ASN1OctetString sKeyId) - { - - super(SMIMEAttributes.encrypKeyPref, - new DERSet(new DERTaggedObject(false, 2, sKeyId))); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/package.html deleted file mode 100644 index d527abad5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/smime/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting S/MIME. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java deleted file mode 100644 index cdcbdffa8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java +++ /dev/null @@ -1,351 +0,0 @@ -package org.bouncycastle.asn1.teletrust; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ECParametersHolder; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; - -/** - * elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation" - * http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt - */ -public class TeleTrusTNamedCurves -{ - static X9ECParametersHolder brainpoolP160r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620F", 16), // q - new BigInteger("340E7BE2A280EB74E2BE61BADA745D97E8F7C300", 16), // a - new BigInteger("1E589A8595423412134FAA2DBDEC95C8D8675E58", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("04BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC31667CB477A1A8EC338F94741669C976316DA6321")), // G - new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16), //n - new BigInteger("01", 16)); // h - } - }; - - static X9ECParametersHolder brainpoolP160t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - // new BigInteger("24DBFF5DEC9B986BBFE5295A29BFBAE45E0F5D0B", 16), // Z - new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620F", 16), // q - new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620C", 16), // a' - new BigInteger("7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("04B199B13B9B34EFC1397E64BAEB05ACC265FF2378ADD6718B7C7C1961F0991B842443772152C9E0AD")), // G - new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16), //n - new BigInteger("01", 16)); // h - } - }; - - static X9ECParametersHolder brainpoolP192r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 16), // q - new BigInteger("6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", 16), // a - new BigInteger("469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("04C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD614B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F")), // G - new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16), //n - new BigInteger("01", 16)); // h - } - }; - - static X9ECParametersHolder brainpoolP192t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - //new BigInteger("1B6F5CC8DB4DC7AF19458A9CB80DC2295E5EB9C3732104CB") //Z - new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 16), // q - new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294", 16), // a' - new BigInteger("13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("043AE9E58C82F63C30282E1FE7BBF43FA72C446AF6F4618129097E2C5667C2223A902AB5CA449D0084B7E5B3DE7CCC01C9")), // G' - new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16), //n - new BigInteger("01", 16)); // h - } - }; - - static X9ECParametersHolder brainpoolP224r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 16), // q - new BigInteger("68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", 16), // a - new BigInteger("2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD")), // G - new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16), //n - new BigInteger("01", 16)); // n - } - }; - static X9ECParametersHolder brainpoolP224t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - //new BigInteger("2DF271E14427A346910CF7A2E6CFA7B3F484E5C2CCE1C8B730E28B3F") //Z - new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 16), // q - new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC", 16), // a' - new BigInteger("4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("046AB1E344CE25FF3896424E7FFE14762ECB49F8928AC0C76029B4D5800374E9F5143E568CD23F3F4D7C0D4B1E41C8CC0D1C6ABD5F1A46DB4C")), // G' - new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP256r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16), // q - new BigInteger("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 16), // a - new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997")), // G - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP256t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - //new BigInteger("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0") //Z - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16), // q - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374", 16), // a' - new BigInteger("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("04A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F42D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE")), // G' - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP320r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 16), // q - new BigInteger("3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", 16), // a - new BigInteger("520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("0443BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E2061114FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1")), // G - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP320t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - //new BigInteger("15F75CAF668077F7E85B42EB01F0A81FF56ECD6191D55CB82B7D861458A18FEFC3E5AB7496F3C7B1") //Z - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 16), // q - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E24", 16), // a' - new BigInteger("A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CEB5B4FEF422340353", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("04925BE9FB01AFC6FB4D3E7D4990010F813408AB106C4F09CB7EE07868CC136FFF3357F624A21BED5263BA3A7A27483EBF6671DBEF7ABB30EBEE084E58A0B077AD42A5A0989D1EE71B1B9BC0455FB0D2C3")), // G' - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP384r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16), // q - new BigInteger("7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", 16), // a - new BigInteger("4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("041D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315")), // G - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP384t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - //new BigInteger("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C") //Z - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16), // q - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC50", 16), // a' - new BigInteger("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("0418DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946A5F54D8D0AA2F418808CC25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC2B2912675BF5B9E582928")), // G' - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP512r1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16), // q - new BigInteger("7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", 16), // a - new BigInteger("3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 16)); // b - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("0481AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F8227DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892")), // G - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16), //n - new BigInteger("01", 16)); // h - } - }; - static X9ECParametersHolder brainpoolP512t1 = new X9ECParametersHolder() - { - protected X9ECParameters createParameters() - { - ECCurve curve = new ECCurve.Fp( - //new BigInteger("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB") //Z - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16), // q - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0", 16), // a' - new BigInteger("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16)); // b' - - return new X9ECParameters( - curve, - curve.decodePoint(Hex.decode("04640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332")), // G' - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16), //n - new BigInteger("01", 16)); // h - } - }; - - static final Hashtable objIds = new Hashtable(); - static final Hashtable curves = new Hashtable(); - static final Hashtable names = new Hashtable(); - - static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder) - { - objIds.put(name, oid); - names.put(oid, name); - curves.put(oid, holder); - } - - static - { - defineCurve("brainpoolp160r1", TeleTrusTObjectIdentifiers.brainpoolP160r1, brainpoolP160r1); - defineCurve("brainpoolp160t1", TeleTrusTObjectIdentifiers.brainpoolP160t1, brainpoolP160t1); - defineCurve("brainpoolp192r1", TeleTrusTObjectIdentifiers.brainpoolP192r1, brainpoolP192r1); - defineCurve("brainpoolp192t1", TeleTrusTObjectIdentifiers.brainpoolP192t1, brainpoolP192t1); - defineCurve("brainpoolp224r1", TeleTrusTObjectIdentifiers.brainpoolP224r1, brainpoolP224r1); - defineCurve("brainpoolp224t1", TeleTrusTObjectIdentifiers.brainpoolP224t1, brainpoolP224t1); - defineCurve("brainpoolp256r1", TeleTrusTObjectIdentifiers.brainpoolP256r1, brainpoolP256r1); - defineCurve("brainpoolp256t1", TeleTrusTObjectIdentifiers.brainpoolP256t1, brainpoolP256t1); - defineCurve("brainpoolp320r1", TeleTrusTObjectIdentifiers.brainpoolP320r1, brainpoolP320r1); - defineCurve("brainpoolp320t1", TeleTrusTObjectIdentifiers.brainpoolP320t1, brainpoolP320t1); - defineCurve("brainpoolp384r1", TeleTrusTObjectIdentifiers.brainpoolP384r1, brainpoolP384r1); - defineCurve("brainpoolp384t1", TeleTrusTObjectIdentifiers.brainpoolP384t1, brainpoolP384t1); - defineCurve("brainpoolp512r1", TeleTrusTObjectIdentifiers.brainpoolP512r1, brainpoolP512r1); - defineCurve("brainpoolp512t1", TeleTrusTObjectIdentifiers.brainpoolP512t1, brainpoolP512t1); - } - - public static X9ECParameters getByName( - String name) - { - DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); - - if (oid != null) - { - return getByOID(oid); - } - - return null; - } - - /** - * return the X9ECParameters object for the named curve represented by - * the passed in object identifier. Null if the curve isn't present. - * - * @param oid an object identifier representing a named curve, if present. - */ - public static X9ECParameters getByOID( - DERObjectIdentifier oid) - { - X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid); - - if (holder != null) - { - return holder.getParameters(); - } - - return null; - } - - /** - * return the object identifier signified by the passed in name. Null - * if there is no object identifier associated with name. - * - * @return the object identifier associated with name, if present. - */ - public static DERObjectIdentifier getOID( - String name) - { - return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name)); - } - - /** - * return the named curve name represented by the given object identifier. - */ - public static String getName( - DERObjectIdentifier oid) - { - return (String)names.get(oid); - } - - /** - * returns an enumeration containing the name strings for curves - * contained in this structure. - */ - public static Enumeration getNames() - { - return objIds.keys(); - } - - public static DERObjectIdentifier getOID(short curvesize, boolean twisted) - { - return getOID("brainpoolP" + curvesize + (twisted ? "t" : "r") + "1"); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java deleted file mode 100644 index df9a0ffdf..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.asn1.teletrust; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface TeleTrusTObjectIdentifiers -{ - static final ASN1ObjectIdentifier teleTrusTAlgorithm = new ASN1ObjectIdentifier("1.3.36.3"); - - static final ASN1ObjectIdentifier ripemd160 = teleTrusTAlgorithm.branch("2.1"); - static final ASN1ObjectIdentifier ripemd128 = teleTrusTAlgorithm.branch("2.2"); - static final ASN1ObjectIdentifier ripemd256 = teleTrusTAlgorithm.branch("2.3"); - - static final ASN1ObjectIdentifier teleTrusTRSAsignatureAlgorithm = teleTrusTAlgorithm.branch("3.1"); - - static final ASN1ObjectIdentifier rsaSignatureWithripemd160 = teleTrusTRSAsignatureAlgorithm.branch("2"); - static final ASN1ObjectIdentifier rsaSignatureWithripemd128 = teleTrusTRSAsignatureAlgorithm.branch("3"); - static final ASN1ObjectIdentifier rsaSignatureWithripemd256 = teleTrusTRSAsignatureAlgorithm.branch("4"); - - static final ASN1ObjectIdentifier ecSign = teleTrusTAlgorithm.branch("3.2"); - - static final ASN1ObjectIdentifier ecSignWithSha1 = ecSign.branch("1"); - static final ASN1ObjectIdentifier ecSignWithRipemd160 = ecSign.branch("2"); - - static final ASN1ObjectIdentifier ecc_brainpool = teleTrusTAlgorithm.branch("3.2.8"); - static final ASN1ObjectIdentifier ellipticCurve = ecc_brainpool.branch("1"); - static final ASN1ObjectIdentifier versionOne = ellipticCurve.branch("1"); - - static final ASN1ObjectIdentifier brainpoolP160r1 = versionOne.branch("1"); - static final ASN1ObjectIdentifier brainpoolP160t1 = versionOne.branch("2"); - static final ASN1ObjectIdentifier brainpoolP192r1 = versionOne.branch("3"); - static final ASN1ObjectIdentifier brainpoolP192t1 = versionOne.branch("4"); - static final ASN1ObjectIdentifier brainpoolP224r1 = versionOne.branch("5"); - static final ASN1ObjectIdentifier brainpoolP224t1 = versionOne.branch("6"); - static final ASN1ObjectIdentifier brainpoolP256r1 = versionOne.branch("7"); - static final ASN1ObjectIdentifier brainpoolP256t1 = versionOne.branch("8"); - static final ASN1ObjectIdentifier brainpoolP320r1 = versionOne.branch("9"); - static final ASN1ObjectIdentifier brainpoolP320t1 = versionOne.branch("10"); - static final ASN1ObjectIdentifier brainpoolP384r1 = versionOne.branch("11"); - static final ASN1ObjectIdentifier brainpoolP384t1 = versionOne.branch("12"); - static final ASN1ObjectIdentifier brainpoolP512r1 = versionOne.branch("13"); - static final ASN1ObjectIdentifier brainpoolP512t1 = versionOne.branch("14"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/package.html deleted file mode 100644 index 86606c39d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/teletrust/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes for TeleTrust related objects. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java deleted file mode 100644 index 18f4c15a5..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java +++ /dev/null @@ -1,174 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; - - -public class Accuracy - extends ASN1Encodable -{ - DERInteger seconds; - - DERInteger millis; - - DERInteger micros; - - // constantes - protected static final int MIN_MILLIS = 1; - - protected static final int MAX_MILLIS = 999; - - protected static final int MIN_MICROS = 1; - - protected static final int MAX_MICROS = 999; - - protected Accuracy() - { - } - - public Accuracy( - DERInteger seconds, - DERInteger millis, - DERInteger micros) - { - this.seconds = seconds; - - //Verifications - if (millis != null - && (millis.getValue().intValue() < MIN_MILLIS || millis - .getValue().intValue() > MAX_MILLIS)) - { - throw new IllegalArgumentException( - "Invalid millis field : not in (1..999)"); - } - else - { - this.millis = millis; - } - - if (micros != null - && (micros.getValue().intValue() < MIN_MICROS || micros - .getValue().intValue() > MAX_MICROS)) - { - throw new IllegalArgumentException( - "Invalid micros field : not in (1..999)"); - } - else - { - this.micros = micros; - } - - } - - public Accuracy(ASN1Sequence seq) - { - seconds = null; - millis = null; - micros = null; - - for (int i = 0; i < seq.size(); i++) - { - // seconds - if (seq.getObjectAt(i) instanceof DERInteger) - { - seconds = (DERInteger) seq.getObjectAt(i); - } - else if (seq.getObjectAt(i) instanceof DERTaggedObject) - { - DERTaggedObject extra = (DERTaggedObject) seq.getObjectAt(i); - - switch (extra.getTagNo()) - { - case 0: - millis = DERInteger.getInstance(extra, false); - if (millis.getValue().intValue() < MIN_MILLIS - || millis.getValue().intValue() > MAX_MILLIS) - { - throw new IllegalArgumentException( - "Invalid millis field : not in (1..999)."); - } - break; - case 1: - micros = DERInteger.getInstance(extra, false); - if (micros.getValue().intValue() < MIN_MICROS - || micros.getValue().intValue() > MAX_MICROS) - { - throw new IllegalArgumentException( - "Invalid micros field : not in (1..999)."); - } - break; - default: - throw new IllegalArgumentException("Invalig tag number"); - } - } - } - } - - public static Accuracy getInstance(Object o) - { - if (o == null || o instanceof Accuracy) - { - return (Accuracy) o; - } - else if (o instanceof ASN1Sequence) - { - return new Accuracy((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "Unknown object in 'Accuracy' factory : " - + o.getClass().getName() + "."); - } - - public DERInteger getSeconds() - { - return seconds; - } - - public DERInteger getMillis() - { - return millis; - } - - public DERInteger getMicros() - { - return micros; - } - - /** - * 
-     * Accuracy ::= SEQUENCE {
-     *             seconds        INTEGER              OPTIONAL,
-     *             millis     [0] INTEGER  (1..999)    OPTIONAL,
-     *             micros     [1] INTEGER  (1..999)    OPTIONAL
-     *             }
-     *
- */ - public DERObject toASN1Object() - { - - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (seconds != null) - { - v.add(seconds); - } - - if (millis != null) - { - v.add(new DERTaggedObject(false, 0, millis)); - } - - if (micros != null) - { - v.add(new DERTaggedObject(false, 1, micros)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java deleted file mode 100644 index 759a42352..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class MessageImprint - extends ASN1Encodable -{ - AlgorithmIdentifier hashAlgorithm; - byte[] hashedMessage; - - /** - * @param o - * @return a MessageImprint object. - */ - public static MessageImprint getInstance(Object o) - { - if (o == null || o instanceof MessageImprint) - { - return (MessageImprint)o; - } - else if (o instanceof ASN1Sequence) - { - return new MessageImprint((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Bad object in factory."); - } - - public MessageImprint( - ASN1Sequence seq) - { - this.hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - this.hashedMessage = ASN1OctetString.getInstance(seq.getObjectAt(1)).getOctets(); - } - - public MessageImprint( - AlgorithmIdentifier hashAlgorithm, - byte[] hashedMessage) - { - this.hashAlgorithm = hashAlgorithm; - this.hashedMessage = hashedMessage; - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public byte[] getHashedMessage() - { - return hashedMessage; - } - - /** - * 
-     *    MessageImprint ::= SEQUENCE  {
-     *       hashAlgorithm                AlgorithmIdentifier,
-     *       hashedMessage                OCTET STRING  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(hashAlgorithm); - v.add(new DEROctetString(hashedMessage)); - - return new DERSequence(v); - } -} \ No newline at end of file diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java deleted file mode 100644 index 83893223b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java +++ /dev/null @@ -1,254 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extensions; - -import java.io.IOException; -import java.util.Enumeration; - -public class TSTInfo - extends ASN1Encodable -{ - DERInteger version; - - DERObjectIdentifier tsaPolicyId; - - MessageImprint messageImprint; - - DERInteger serialNumber; - - DERGeneralizedTime genTime; - - Accuracy accuracy; - - DERBoolean ordering; - - DERInteger nonce; - - GeneralName tsa; - - X509Extensions extensions; - - public static TSTInfo getInstance(Object o) - { - if (o == null || o instanceof TSTInfo) - { - return (TSTInfo) o; - } - else if (o instanceof ASN1Sequence) - { - return new TSTInfo((ASN1Sequence) o); - } - else if (o instanceof ASN1OctetString) - { - try - { - return getInstance(new ASN1InputStream(((ASN1OctetString)o).getOctets()).readObject()); - } - catch (IOException ioEx) - { - throw new IllegalArgumentException( - "Bad object format in 'TSTInfo' factory."); - } - } - - throw new IllegalArgumentException( - "Unknown object in 'TSTInfo' factory : " - + o.getClass().getName() + "."); - } - - public TSTInfo(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - // version - version = DERInteger.getInstance(e.nextElement()); - - // tsaPolicy - tsaPolicyId = DERObjectIdentifier.getInstance(e.nextElement()); - - // messageImprint - messageImprint = MessageImprint.getInstance(e.nextElement()); - - // serialNumber - serialNumber = DERInteger.getInstance(e.nextElement()); - - // genTime - genTime = DERGeneralizedTime.getInstance(e.nextElement()); - - // default for ordering - ordering = new DERBoolean(false); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject) e.nextElement(); - - if (o instanceof ASN1TaggedObject) - { - DERTaggedObject tagged = (DERTaggedObject) o; - - switch (tagged.getTagNo()) - { - case 0: - tsa = GeneralName.getInstance(tagged, true); - break; - case 1: - extensions = X509Extensions.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("Unknown tag value " + tagged.getTagNo()); - } - } - else if (o instanceof DERSequence) - { - accuracy = Accuracy.getInstance(o); - } - else if (o instanceof DERBoolean) - { - ordering = DERBoolean.getInstance(o); - } - else if (o instanceof DERInteger) - { - nonce = DERInteger.getInstance(o); - } - - } - } - - public TSTInfo(DERObjectIdentifier tsaPolicyId, MessageImprint messageImprint, - DERInteger serialNumber, DERGeneralizedTime genTime, - Accuracy accuracy, DERBoolean ordering, DERInteger nonce, - GeneralName tsa, X509Extensions extensions) - { - version = new DERInteger(1); - this.tsaPolicyId = tsaPolicyId; - this.messageImprint = messageImprint; - this.serialNumber = serialNumber; - this.genTime = genTime; - - this.accuracy = accuracy; - this.ordering = ordering; - this.nonce = nonce; - this.tsa = tsa; - this.extensions = extensions; - } - - public MessageImprint getMessageImprint() - { - return messageImprint; - } - - public DERObjectIdentifier getPolicy() - { - return tsaPolicyId; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public Accuracy getAccuracy() - { - return accuracy; - } - - public DERGeneralizedTime getGenTime() - { - return genTime; - } - - public DERBoolean getOrdering() - { - return ordering; - } - - public DERInteger getNonce() - { - return nonce; - } - - public GeneralName getTsa() - { - return tsa; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * 
-     * 
-     *     TSTInfo ::= SEQUENCE  {
-     *        version                      INTEGER  { v1(1) },
-     *        policy                       TSAPolicyId,
-     *        messageImprint               MessageImprint,
-     *          -- MUST have the same value as the similar field in
-     *          -- TimeStampReq
-     *        serialNumber                 INTEGER,
-     *         -- Time-Stamping users MUST be ready to accommodate integers
-     *         -- up to 160 bits.
-     *        genTime                      GeneralizedTime,
-     *        accuracy                     Accuracy                 OPTIONAL,
-     *        ordering                     BOOLEAN             DEFAULT FALSE,
-     *        nonce                        INTEGER                  OPTIONAL,
-     *          -- MUST be present if the similar field was present
-     *          -- in TimeStampReq.  In that case it MUST have the same value.
-     *        tsa                          [0] GeneralName          OPTIONAL,
-     *        extensions                   [1] IMPLICIT Extensions   OPTIONAL  }
-     * 
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(version); - - seq.add(tsaPolicyId); - seq.add(messageImprint); - seq.add(serialNumber); - seq.add(genTime); - - if (accuracy != null) - { - seq.add(accuracy); - } - - if (ordering != null && ordering.isTrue()) - { - seq.add(ordering); - } - - if (nonce != null) - { - seq.add(nonce); - } - - if (tsa != null) - { - seq.add(new DERTaggedObject(true, 0, tsa)); - } - - if (extensions != null) - { - seq.add(new DERTaggedObject(false, 1, extensions)); - } - - return new DERSequence(seq); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java deleted file mode 100644 index 46565e713..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java +++ /dev/null @@ -1,181 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class TimeStampReq - extends ASN1Encodable -{ - DERInteger version; - - MessageImprint messageImprint; - - DERObjectIdentifier tsaPolicy; - - DERInteger nonce; - - DERBoolean certReq; - - X509Extensions extensions; - - public static TimeStampReq getInstance(Object o) - { - if (o == null || o instanceof TimeStampReq) - { - return (TimeStampReq) o; - } - else if (o instanceof ASN1Sequence) - { - return new TimeStampReq((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "Unknown object in 'TimeStampReq' factory : " - + o.getClass().getName() + "."); - } - - public TimeStampReq(ASN1Sequence seq) - { - int nbObjects = seq.size(); - - int seqStart = 0; - - // version - version = DERInteger.getInstance(seq.getObjectAt(seqStart)); - - seqStart++; - - // messageImprint - messageImprint = MessageImprint.getInstance(seq.getObjectAt(seqStart)); - - seqStart++; - - for (int opt = seqStart; opt < nbObjects; opt++) - { - // tsaPolicy - if (seq.getObjectAt(opt) instanceof DERObjectIdentifier) - { - tsaPolicy = DERObjectIdentifier.getInstance(seq.getObjectAt(opt)); - } - // nonce - else if (seq.getObjectAt(opt) instanceof DERInteger) - { - nonce = DERInteger.getInstance(seq.getObjectAt(opt)); - } - // certReq - else if (seq.getObjectAt(opt) instanceof DERBoolean) - { - certReq = DERBoolean.getInstance(seq.getObjectAt(opt)); - } - // extensions - else if (seq.getObjectAt(opt) instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)seq.getObjectAt(opt); - if (tagged.getTagNo() == 0) - { - extensions = X509Extensions.getInstance(tagged, false); - } - } - } - } - - public TimeStampReq( - MessageImprint messageImprint, - DERObjectIdentifier tsaPolicy, - DERInteger nonce, - DERBoolean certReq, - X509Extensions extensions) - { - // default - version = new DERInteger(1); - - this.messageImprint = messageImprint; - this.tsaPolicy = tsaPolicy; - this.nonce = nonce; - this.certReq = certReq; - this.extensions = extensions; - } - - public DERInteger getVersion() - { - return version; - } - - public MessageImprint getMessageImprint() - { - return messageImprint; - } - - public DERObjectIdentifier getReqPolicy() - { - return tsaPolicy; - } - - public DERInteger getNonce() - { - return nonce; - } - - public DERBoolean getCertReq() - { - return certReq; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * 
-     * TimeStampReq ::= SEQUENCE  {
-     *  version                      INTEGER  { v1(1) },
-     *  messageImprint               MessageImprint,
-     *    --a hash algorithm OID and the hash value of the data to be
-     *    --time-stamped
-     *  reqPolicy             TSAPolicyId              OPTIONAL,
-     *  nonce                 INTEGER                  OPTIONAL,
-     *  certReq               BOOLEAN                  DEFAULT FALSE,
-     *  extensions            [0] IMPLICIT Extensions  OPTIONAL
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(messageImprint); - - if (tsaPolicy != null) - { - v.add(tsaPolicy); - } - - if (nonce != null) - { - v.add(nonce); - } - - if (certReq != null && certReq.isTrue()) - { - v.add(certReq); - } - - if (extensions != null) - { - v.add(new DERTaggedObject(false, 0, extensions)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java deleted file mode 100644 index f5bfa7ecc..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cmp.PKIStatusInfo; - - -public class TimeStampResp - extends ASN1Encodable -{ - PKIStatusInfo pkiStatusInfo; - - ContentInfo timeStampToken; - - public static TimeStampResp getInstance(Object o) - { - if (o == null || o instanceof TimeStampResp) - { - return (TimeStampResp) o; - } - else if (o instanceof ASN1Sequence) - { - return new TimeStampResp((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'TimeStampResp' factory : " - + o.getClass().getName() + "."); - } - - public TimeStampResp(ASN1Sequence seq) - { - - Enumeration e = seq.getObjects(); - - // status - pkiStatusInfo = PKIStatusInfo.getInstance(e.nextElement()); - - if (e.hasMoreElements()) - { - timeStampToken = ContentInfo.getInstance(e.nextElement()); - } - } - - public TimeStampResp(PKIStatusInfo pkiStatusInfo, ContentInfo timeStampToken) - { - this.pkiStatusInfo = pkiStatusInfo; - this.timeStampToken = timeStampToken; - } - - public PKIStatusInfo getStatus() - { - return pkiStatusInfo; - } - - public ContentInfo getTimeStampToken() - { - return timeStampToken; - } - - /** - * 
-     * TimeStampResp ::= SEQUENCE  {
-     *   status                  PKIStatusInfo,
-     *   timeStampToken          TimeStampToken     OPTIONAL  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(pkiStatusInfo); - if (timeStampToken != null) - { - v.add(timeStampToken); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/package.html deleted file mode 100644 index d6265f044..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/tsp/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Support classes useful for encoding and supporting Time Stamp Protocol as described RFC 3161. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java deleted file mode 100644 index cb540431f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java +++ /dev/null @@ -1,432 +0,0 @@ -package org.bouncycastle.asn1.util; - -import java.io.IOException; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERApplicationSpecific; -import org.bouncycastle.asn1.BERConstructedOctetString; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERApplicationSpecific; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERExternal; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERT61String; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERTags; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.DERUnknownTag; -import org.bouncycastle.asn1.DERVisibleString; -import org.bouncycastle.util.encoders.Hex; - -public class ASN1Dump -{ - private static final String TAB = " "; - private static final int SAMPLE_SIZE = 32; - - /** - * dump a DER object as a formatted string with indentation - * - * @param obj the DERObject to be dumped out. - */ - static void _dumpAsString( - String indent, - boolean verbose, - DERObject obj, - StringBuffer buf) - { - String nl = System.getProperty("line.separator"); - if (obj instanceof ASN1Sequence) - { - Enumeration e = ((ASN1Sequence)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - if (obj instanceof BERSequence) - { - buf.append("BER Sequence"); - } - else if (obj instanceof DERSequence) - { - buf.append("DER Sequence"); - } - else - { - buf.append("Sequence"); - } - - buf.append(nl); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - if (o == null || o.equals(new DERNull())) - { - buf.append(tab); - buf.append("NULL"); - buf.append(nl); - } - else if (o instanceof DERObject) - { - _dumpAsString(tab, verbose, (DERObject)o, buf); - } - else - { - _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf); - } - } - } - else if (obj instanceof DERTaggedObject) - { - String tab = indent + TAB; - - buf.append(indent); - if (obj instanceof BERTaggedObject) - { - buf.append("BER Tagged ["); - } - else - { - buf.append("Tagged ["); - } - - DERTaggedObject o = (DERTaggedObject)obj; - - buf.append(Integer.toString(o.getTagNo())); - buf.append(']'); - - if (!o.isExplicit()) - { - buf.append(" IMPLICIT "); - } - - buf.append(nl); - - if (o.isEmpty()) - { - buf.append(tab); - buf.append("EMPTY"); - buf.append(nl); - } - else - { - _dumpAsString(tab, verbose, o.getObject(), buf); - } - } - else if (obj instanceof BERSet) - { - Enumeration e = ((ASN1Set)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - buf.append("BER Set"); - buf.append(nl); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - if (o == null) - { - buf.append(tab); - buf.append("NULL"); - buf.append(nl); - } - else if (o instanceof DERObject) - { - _dumpAsString(tab, verbose, (DERObject)o, buf); - } - else - { - _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf); - } - } - } - else if (obj instanceof DERSet) - { - Enumeration e = ((ASN1Set)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - buf.append("DER Set"); - buf.append(nl); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - if (o == null) - { - buf.append(tab); - buf.append("NULL"); - buf.append(nl); - } - else if (o instanceof DERObject) - { - _dumpAsString(tab, verbose, (DERObject)o, buf); - } - else - { - _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf); - } - } - } - else if (obj instanceof DERObjectIdentifier) - { - buf.append(indent + "ObjectIdentifier(" + ((DERObjectIdentifier)obj).getId() + ")" + nl); - } - else if (obj instanceof DERBoolean) - { - buf.append(indent + "Boolean(" + ((DERBoolean)obj).isTrue() + ")" + nl); - } - else if (obj instanceof DERInteger) - { - buf.append(indent + "Integer(" + ((DERInteger)obj).getValue() + ")" + nl); - } - else if (obj instanceof BERConstructedOctetString) - { - ASN1OctetString oct = (ASN1OctetString)obj; - buf.append(indent + "BER Constructed Octet String" + "[" + oct.getOctets().length + "] "); - if (verbose) - { - buf.append(dumpBinaryDataAsString(indent, oct.getOctets())); - } - else{ - buf.append(nl); - } - } - else if (obj instanceof DEROctetString) - { - ASN1OctetString oct = (ASN1OctetString)obj; - buf.append(indent + "DER Octet String" + "[" + oct.getOctets().length + "] "); - if (verbose) - { - buf.append(dumpBinaryDataAsString(indent, oct.getOctets())); - } - else{ - buf.append(nl); - } - } - else if (obj instanceof DERBitString) - { - DERBitString bt = (DERBitString)obj; - buf.append(indent + "DER Bit String" + "[" + bt.getBytes().length + ", " + bt.getPadBits() + "] "); - if (verbose) - { - buf.append(dumpBinaryDataAsString(indent, bt.getBytes())); - } - else{ - buf.append(nl); - } - } - else if (obj instanceof DERIA5String) - { - buf.append(indent + "IA5String(" + ((DERIA5String)obj).getString() + ") " + nl); - } - else if (obj instanceof DERUTF8String) - { - buf.append(indent + "UTF8String(" + ((DERUTF8String)obj).getString() + ") " + nl); - } - else if (obj instanceof DERPrintableString) - { - buf.append(indent + "PrintableString(" + ((DERPrintableString)obj).getString() + ") " + nl); - } - else if (obj instanceof DERVisibleString) - { - buf.append(indent + "VisibleString(" + ((DERVisibleString)obj).getString() + ") " + nl); - } - else if (obj instanceof DERBMPString) - { - buf.append(indent + "BMPString(" + ((DERBMPString)obj).getString() + ") " + nl); - } - else if (obj instanceof DERT61String) - { - buf.append(indent + "T61String(" + ((DERT61String)obj).getString() + ") " + nl); - } - else if (obj instanceof DERUTCTime) - { - buf.append(indent + "UTCTime(" + ((DERUTCTime)obj).getTime() + ") " + nl); - } - else if (obj instanceof DERGeneralizedTime) - { - buf.append(indent + "GeneralizedTime(" + ((DERGeneralizedTime)obj).getTime() + ") " + nl); - } - else if (obj instanceof DERUnknownTag) - { - buf.append(indent + "Unknown " + Integer.toString(((DERUnknownTag)obj).getTag(), 16) + " " + new String(Hex.encode(((DERUnknownTag)obj).getData())) + nl); - } - else if (obj instanceof BERApplicationSpecific) - { - buf.append(outputApplicationSpecific("BER", indent, verbose, obj, nl)); - } - else if (obj instanceof DERApplicationSpecific) - { - buf.append(outputApplicationSpecific("DER", indent, verbose, obj, nl)); - } - else if (obj instanceof DEREnumerated) - { - DEREnumerated en = (DEREnumerated) obj; - buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl); - } - else if (obj instanceof DERExternal) - { - DERExternal ext = (DERExternal) obj; - buf.append(indent + "External " + nl); - String tab = indent + TAB; - if (ext.getDirectReference() != null) - { - buf.append(tab + "Direct Reference: " + ext.getDirectReference().getId() + nl); - } - if (ext.getIndirectReference() != null) - { - buf.append(tab + "Indirect Reference: " + ext.getIndirectReference().toString() + nl); - } - if (ext.getDataValueDescriptor() != null) - { - _dumpAsString(tab, verbose, ext.getDataValueDescriptor(), buf); - } - buf.append(tab + "Encoding: " + ext.getEncoding() + nl); - _dumpAsString(tab, verbose, ext.getExternalContent(), buf); - } - else - { - buf.append(indent + obj.toString() + nl); - } - } - - private static String outputApplicationSpecific(String type, String indent, boolean verbose, DERObject obj, String nl) - { - DERApplicationSpecific app = (DERApplicationSpecific)obj; - StringBuffer buf = new StringBuffer(); - - if (app.isConstructed()) - { - try - { - ASN1Sequence s = ASN1Sequence.getInstance(app.getObject(DERTags.SEQUENCE)); - buf.append(indent + type + " ApplicationSpecific[" + app.getApplicationTag() + "]" + nl); - for (Enumeration e = s.getObjects(); e.hasMoreElements();) - { - _dumpAsString(indent + TAB, verbose, (DERObject)e.nextElement(), buf); - } - } - catch (IOException e) - { - buf.append(e); - } - return buf.toString(); - } - - return indent + type + " ApplicationSpecific[" + app.getApplicationTag() + "] (" + new String(Hex.encode(app.getContents())) + ")" + nl; - } - - /** - * dump out a DER object as a formatted string, in non-verbose mode. - * - * @param obj the DERObject to be dumped out. - * @return the resulting string. - */ - public static String dumpAsString( - Object obj) - { - return dumpAsString(obj, false); - } - - /** - * Dump out the object as a string. - * - * @param obj the object to be dumped - * @param verbose if true, dump out the contents of octet and bit strings. - * @return the resulting string. - */ - public static String dumpAsString( - Object obj, - boolean verbose) - { - StringBuffer buf = new StringBuffer(); - - if (obj instanceof DERObject) - { - _dumpAsString("", verbose, (DERObject)obj, buf); - } - else if (obj instanceof DEREncodable) - { - _dumpAsString("", verbose, ((DEREncodable)obj).getDERObject(), buf); - } - else - { - return "unknown object type " + obj.toString(); - } - - return buf.toString(); - } - - private static String dumpBinaryDataAsString(String indent, byte[] bytes) - { - String nl = System.getProperty("line.separator"); - StringBuffer buf = new StringBuffer(); - - indent += TAB; - - buf.append(nl); - for (int i = 0; i < bytes.length; i += SAMPLE_SIZE) - { - if (bytes.length - i > SAMPLE_SIZE) - { - buf.append(indent); - buf.append(new String(Hex.encode(bytes, i, SAMPLE_SIZE))); - buf.append(TAB); - buf.append(calculateAscString(bytes, i, SAMPLE_SIZE)); - buf.append(nl); - } - else - { - buf.append(indent); - buf.append(new String(Hex.encode(bytes, i, bytes.length - i))); - for (int j = bytes.length - i; j != SAMPLE_SIZE; j++) - { - buf.append(" "); - } - buf.append(TAB); - buf.append(calculateAscString(bytes, i, bytes.length - i)); - buf.append(nl); - } - } - - return buf.toString(); - } - - private static String calculateAscString(byte[] bytes, int off, int len) - { - StringBuffer buf = new StringBuffer(); - - for (int i = off; i != off + len; i++) - { - if (bytes[i] >= ' ' && bytes[i] <= '~') - { - buf.append((char)bytes[i]); - } - } - - return buf.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/DERDump.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/DERDump.java deleted file mode 100644 index 943cd2b5b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/DERDump.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.asn1.util; - -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; - -/** - * @deprecated use ASN1Dump. - */ -public class DERDump - extends ASN1Dump -{ - /** - * dump out a DER object as a formatted string - * - * @param obj the DERObject to be dumped out. - */ - public static String dumpAsString( - DERObject obj) - { - StringBuffer buf = new StringBuffer(); - - _dumpAsString("", false, obj, buf); - - return buf.toString(); - } - - /** - * dump out a DER object as a formatted string - * - * @param obj the DERObject to be dumped out. - */ - public static String dumpAsString( - DEREncodable obj) - { - StringBuffer buf = new StringBuffer(); - - _dumpAsString("", false, obj.getDERObject(), buf); - - return buf.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/Dump.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/Dump.java deleted file mode 100644 index 27a37f340..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/Dump.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1.util; - -import java.io.FileInputStream; - -import org.bouncycastle.asn1.ASN1InputStream; - -public class Dump -{ - public static void main( - String args[]) - throws Exception - { - FileInputStream fIn = new FileInputStream(args[0]); - ASN1InputStream bIn = new ASN1InputStream(fIn); - Object obj = null; - - while ((obj = bIn.readObject()) != null) - { - System.out.println(ASN1Dump.dumpAsString(obj)); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/package.html deleted file mode 100644 index 1db893d19..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/util/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -An ASN.1 dump utility. - - diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java deleted file mode 100644 index bbe2171a1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.x500; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttributeTypeAndValue - extends ASN1Encodable -{ - private ASN1ObjectIdentifier type; - private ASN1Encodable value; - - private AttributeTypeAndValue(ASN1Sequence seq) - { - type = (ASN1ObjectIdentifier)seq.getObjectAt(0); - value = (ASN1Encodable)seq.getObjectAt(1); - } - - public static AttributeTypeAndValue getInstance(Object o) - { - if (o instanceof AttributeTypeAndValue) - { - return (AttributeTypeAndValue)o; - } - else if (o != null) - { - return new AttributeTypeAndValue(ASN1Sequence.getInstance(o)); - } - - throw new IllegalArgumentException("null value in getInstance()"); - } - - public AttributeTypeAndValue( - ASN1ObjectIdentifier type, - ASN1Encodable value) - { - this.type = type; - this.value = value; - } - - public ASN1ObjectIdentifier getType() - { - return type; - } - - public ASN1Encodable getValue() - { - return value; - } - - /** - * 
-     * AttributeTypeAndValue ::= SEQUENCE {
-     *           type         OBJECT IDENTIFIER,
-     *           value        ANY DEFINED BY type }
-     *
- * @return a basic ASN.1 object representation. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(type); - v.add(value); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java deleted file mode 100644 index b76155cc9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.asn1.x500; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERT61String; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.DERUniversalString; - -public class DirectoryString - extends ASN1Encodable - implements ASN1Choice, ASN1String -{ - private ASN1String string; - - public static DirectoryString getInstance(Object o) - { - if (o instanceof DirectoryString) - { - return (DirectoryString)o; - } - - if (o instanceof DERT61String) - { - return new DirectoryString((DERT61String)o); - } - - if (o instanceof DERPrintableString) - { - return new DirectoryString((DERPrintableString)o); - } - - if (o instanceof DERUniversalString) - { - return new DirectoryString((DERUniversalString)o); - } - - if (o instanceof DERUTF8String) - { - return new DirectoryString((DERUTF8String)o); - } - - if (o instanceof DERBMPString) - { - return new DirectoryString((DERBMPString)o); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + o.getClass().getName()); - } - - public static DirectoryString getInstance(ASN1TaggedObject o, boolean explicit) - { - if (!explicit) - { - throw new IllegalArgumentException("choice item must be explicitly tagged"); - } - - return getInstance(o.getObject()); - } - - private DirectoryString( - DERT61String string) - { - this.string = string; - } - - private DirectoryString( - DERPrintableString string) - { - this.string = string; - } - - private DirectoryString( - DERUniversalString string) - { - this.string = string; - } - - private DirectoryString( - DERUTF8String string) - { - this.string = string; - } - - private DirectoryString( - DERBMPString string) - { - this.string = string; - } - - public DirectoryString(String string) - { - this.string = new DERUTF8String(string); - } - - public String getString() - { - return string.getString(); - } - - public String toString() - { - return string.getString(); - } - - /** - * 
-     *  DirectoryString ::= CHOICE {
-     *    teletexString               TeletexString (SIZE (1..MAX)),
-     *    printableString             PrintableString (SIZE (1..MAX)),
-     *    universalString             UniversalString (SIZE (1..MAX)),
-     *    utf8String                  UTF8String (SIZE (1..MAX)),
-     *    bmpString                   BMPString (SIZE (1..MAX))  }
-     *
- */ - public DERObject toASN1Object() - { - return ((DEREncodable)string).getDERObject(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/RDN.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/RDN.java deleted file mode 100644 index 700a9180c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/RDN.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.x500; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; - -public class RDN - extends ASN1Encodable -{ - private ASN1Set values; - - private RDN(ASN1Set values) - { - this.values = values; - } - - public static RDN getInstance(Object obj) - { - if (obj instanceof RDN) - { - return (RDN)obj; - } - else if (obj != null) - { - return new RDN(ASN1Set.getInstance(obj)); - } - - return null; - } - - /** - * Create a single valued RDN. - * - * @param oid - * @param value - */ - public RDN(ASN1ObjectIdentifier oid, ASN1Encodable value) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oid); - v.add(value); - - this.values = new DERSet(new DERSequence(v)); - } - - public RDN(AttributeTypeAndValue attrTAndV) - { - this.values = new DERSet(attrTAndV); - } - - /** - * Create a multi-valued RDN. - */ - public RDN(AttributeTypeAndValue[] aAndVs) - { - this.values = new DERSet(aAndVs); - } - - public boolean isMultiValued() - { - return this.values.size() > 1; - } - - public AttributeTypeAndValue getFirst() - { - if (this.values.size() == 0) - { - return null; - } - - return AttributeTypeAndValue.getInstance(this.values.getObjectAt(0)); - } - - public AttributeTypeAndValue[] getTypesAndValues() - { - AttributeTypeAndValue[] tmp = new AttributeTypeAndValue[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = AttributeTypeAndValue.getInstance(values.getObjectAt(i)); - } - - return tmp; - } - - /** - * 
-     * RelativeDistinguishedName ::=
-     *                     SET OF AttributeTypeAndValue
-
-     * AttributeTypeAndValue ::= SEQUENCE {
-     *        type     AttributeType,
-     *        value    AttributeValue }
-     *
- * @return - */ - public DERObject toASN1Object() - { - return values; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500Name.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500Name.java deleted file mode 100644 index 316646310..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500Name.java +++ /dev/null @@ -1,274 +0,0 @@ -package org.bouncycastle.asn1.x500; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x500.style.BCStyle; -import org.bouncycastle.asn1.x509.X509Name; - -/** - * 
- *     Name ::= CHOICE {
- *                       RDNSequence }
- *
- *     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- *     RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
- *
- *     AttributeTypeAndValue ::= SEQUENCE {
- *                                   type  OBJECT IDENTIFIER,
- *                                   value ANY }
- *
- */ -public class X500Name - extends ASN1Encodable - implements ASN1Choice -{ - private static X500NameStyle defaultStyle = BCStyle.INSTANCE; - - private boolean isHashCodeCalculated; - private int hashCodeValue; - - private X500NameStyle style; - private RDN[] rdns; - - public X500Name(X500NameStyle style, X500Name name) - { - this.rdns = name.rdns; - this.style = style; - } - - /** - * Return a X509Name based on the passed in tagged object. - * - * @param obj tag object holding name. - * @param explicit true if explicitly tagged false otherwise. - * @return the X509Name - */ - public static X500Name getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - // must be true as choice item - return getInstance(ASN1Sequence.getInstance(obj, true)); - } - - public static X500Name getInstance( - Object obj) - { - if (obj instanceof X500Name) - { - return (X500Name)obj; - } - else if (obj instanceof X509Name) - { - return new X500Name(ASN1Sequence.getInstance(((X509Name)obj).getDERObject())); - } - else if (obj != null) - { - return new X500Name(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - /** - * Constructor from ASN1Sequence - * - * the principal will be a list of constructed sets, each containing an (OID, String) pair. - */ - private X500Name( - ASN1Sequence seq) - { - this(defaultStyle, seq); - } - - private X500Name( - X500NameStyle style, - ASN1Sequence seq) - { - this.style = style; - this.rdns = new RDN[seq.size()]; - - int index = 0; - - for (Enumeration e = seq.getObjects(); e.hasMoreElements();) - { - rdns[index++] = RDN.getInstance(e.nextElement()); - } - } - - public X500Name( - RDN[] rDNs) - { - this(defaultStyle, rDNs); - } - - public X500Name( - X500NameStyle style, - RDN[] rDNs) - { - this.rdns = rDNs; - this.style = style; - } - - public X500Name( - String dirName) - { - this(defaultStyle, dirName); - } - - public X500Name( - X500NameStyle style, - String dirName) - { - this(style.fromString(dirName)); - - this.style = style; - } - - /** - * return an array of RDNs in structure order. - * - * @return an array of RDN objects. - */ - public RDN[] getRDNs() - { - RDN[] tmp = new RDN[this.rdns.length]; - - System.arraycopy(rdns, 0, tmp, 0, tmp.length); - - return tmp; - } - - /** - * return an array of RDNs containing the attribute type given by OID in structure order. - * - * @param oid the type OID we are looking for. - * @return an array, possibly zero length, of RDN objects. - */ - public RDN[] getRDNs(ASN1ObjectIdentifier oid) - { - RDN[] res = new RDN[rdns.length]; - int count = 0; - - for (int i = 0; i != rdns.length; i++) - { - RDN rdn = rdns[i]; - - if (rdn.isMultiValued()) - { - AttributeTypeAndValue[] attr = rdn.getTypesAndValues(); - for (int j = 0; j != attr.length; j++) - { - if (attr[j].getType().equals(oid)) - { - res[count++] = rdn; - break; - } - } - } - else - { - if (rdn.getFirst().getType().equals(oid)) - { - res[count++] = rdn; - } - } - } - - RDN[] tmp = new RDN[count]; - - System.arraycopy(res, 0, tmp, 0, tmp.length); - - return tmp; - } - - public DERObject toASN1Object() - { - return new DERSequence(rdns); - } - - public int hashCode() - { - if (isHashCodeCalculated) - { - return hashCodeValue; - } - - isHashCodeCalculated = true; - - hashCodeValue = style.calculateHashCode(this); - - return hashCodeValue; - } - - /** - * test for equality - note: case is ignored. - */ - public boolean equals(Object obj) - { - if (obj == this) - { - return true; - } - - if (!(obj instanceof X500Name || obj instanceof ASN1Sequence)) - { - return false; - } - - DERObject derO = ((DEREncodable)obj).getDERObject(); - - if (this.getDERObject().equals(derO)) - { - return true; - } - - try - { - return style.areEqual(this, new X500Name(ASN1Sequence.getInstance(((DEREncodable)obj).getDERObject()))); - } - catch (Exception e) - { - return false; - } - } - - public String toString() - { - return style.toString(this); - } - - /** - * Set the default style for X500Name construction. - * - * @param style an X500NameStyle - */ - public static void setDefaultStyle(X500NameStyle style) - { - if (style == null) - { - throw new NullPointerException("cannot set style to null"); - } - - defaultStyle = style; - } - - /** - * Return the current default style. - * - * @return default style for X500Name construction. - */ - public static X500NameStyle getDefaultStyle() - { - return defaultStyle; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java deleted file mode 100644 index 30e871c99..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1.x500; - -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public class X500NameBuilder -{ - private X500NameStyle template; - private Vector rdns = new Vector(); - - public X500NameBuilder(X500NameStyle template) - { - this.template = template; - } - - public X500NameBuilder addRDN(ASN1ObjectIdentifier oid, String value) - { - this.addRDN(oid, template.stringToValue(oid, value)); - - return this; - } - - public X500NameBuilder addRDN(ASN1ObjectIdentifier oid, ASN1Encodable value) - { - rdns.addElement(new RDN(oid, value)); - - return this; - } - - public X500NameBuilder addRDN(AttributeTypeAndValue attrTAndV) - { - rdns.addElement(new RDN(attrTAndV)); - - return this; - } - - public X500NameBuilder addMultiValuedRDN(ASN1ObjectIdentifier[] oids, String[] values) - { - ASN1Encodable[] vals = new ASN1Encodable[values.length]; - - for (int i = 0; i != vals.length; i++) - { - vals[i] = template.stringToValue(oids[i], values[i]); - } - - return addMultiValuedRDN(oids, vals); - } - - public X500NameBuilder addMultiValuedRDN(ASN1ObjectIdentifier[] oids, ASN1Encodable[] values) - { - AttributeTypeAndValue[] avs = new AttributeTypeAndValue[oids.length]; - - for (int i = 0; i != oids.length; i++) - { - avs[i] = new AttributeTypeAndValue(oids[i], values[i]); - } - - return addMultiValuedRDN(avs); - } - - public X500NameBuilder addMultiValuedRDN(AttributeTypeAndValue[] attrTAndVs) - { - rdns.addElement(new RDN(attrTAndVs)); - - return this; - } - - public X500Name build() - { - RDN[] vals = new RDN[rdns.size()]; - - for (int i = 0; i != vals.length; i++) - { - vals[i] = (RDN)rdns.elementAt(i); - } - - return new X500Name(template, vals); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java deleted file mode 100644 index 7a7c8370c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.asn1.x500; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -/** - * It turns out that the number of standard ways the fields in a DN should be - * encoded into their ASN.1 counterparts is rapidly approaching the - * number of machines on the internet. By default the X500Name class - * will produce UTF8Strings in line with the current recommendations (RFC 3280). - *

- */ -public interface X500NameStyle -{ - /** - * Convert the passed in String value into the appropriate ASN.1 - * encoded object. - * - * @param oid the oid associated with the value in the DN. - * @param value the value of the particular DN component. - * @return the ASN.1 equivalent for the value. - */ - ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value); - - ASN1ObjectIdentifier attrNameToOID(String attrName); - - boolean areEqual(X500Name name1, X500Name name2); - - RDN[] fromString(String dirName); - - int calculateHashCode(X500Name name); - - String toString(X500Name name); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java deleted file mode 100644 index af10fef02..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.bouncycastle.asn1.x500.style; - -import org.bouncycastle.asn1.x500.RDN; -import org.bouncycastle.asn1.x500.X500Name; - -/** - * Variation of BCStyle that insists on strict ordering for equality - * and hashCode comparisons - */ -public class BCStrictStyle - extends BCStyle -{ - public boolean areEqual(X500Name name1, X500Name name2) - { - RDN[] rdns1 = name1.getRDNs(); - RDN[] rdns2 = name2.getRDNs(); - - if (rdns1.length != rdns2.length) - { - return false; - } - - for (int i = 0; i != rdns1.length; i++) - { - if (rdnAreEqual(rdns1[i], rdns2[i])) - { - return false; - } - } - - return true; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java deleted file mode 100644 index 32f93ff91..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java +++ /dev/null @@ -1,544 +0,0 @@ -package org.bouncycastle.asn1.x500.style; - -import java.io.IOException; -import java.util.Hashtable; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x500.AttributeTypeAndValue; -import org.bouncycastle.asn1.x500.RDN; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.X500NameStyle; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; - -public class BCStyle - implements X500NameStyle -{ - public static final X500NameStyle INSTANCE = new BCStyle(); - - /** - * country code - StringType(SIZE(2)) - */ - public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6"); - - /** - * organization - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10"); - - /** - * organizational unit name - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11"); - - /** - * Title - */ - public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12"); - - /** - * common name - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3"); - - /** - * device serial number name - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5"); - - /** - * street - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier STREET = new ASN1ObjectIdentifier("2.5.4.9"); - - /** - * device serial number name - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier SERIALNUMBER = SN; - - /** - * locality name - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7"); - - /** - * state, or province name - StringType(SIZE(1..64)) - */ - public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8"); - - /** - * Naming attributes of type X520name - */ - public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4"); - public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42"); - public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43"); - public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44"); - public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45"); - - /** - * businessCategory - DirectoryString(SIZE(1..128) - */ - public static final ASN1ObjectIdentifier BUSINESS_CATEGORY = new ASN1ObjectIdentifier( - "2.5.4.15"); - - /** - * postalCode - DirectoryString(SIZE(1..40) - */ - public static final ASN1ObjectIdentifier POSTAL_CODE = new ASN1ObjectIdentifier( - "2.5.4.17"); - - /** - * dnQualifier - DirectoryString(SIZE(1..64) - */ - public static final ASN1ObjectIdentifier DN_QUALIFIER = new ASN1ObjectIdentifier( - "2.5.4.46"); - - /** - * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) - */ - public static final ASN1ObjectIdentifier PSEUDONYM = new ASN1ObjectIdentifier( - "2.5.4.65"); - - - /** - * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z - */ - public static final ASN1ObjectIdentifier DATE_OF_BIRTH = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.1"); - - /** - * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) - */ - public static final ASN1ObjectIdentifier PLACE_OF_BIRTH = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.2"); - - /** - * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" - */ - public static final ASN1ObjectIdentifier GENDER = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.3"); - - /** - * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 - * codes only - */ - public static final ASN1ObjectIdentifier COUNTRY_OF_CITIZENSHIP = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.4"); - - /** - * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166 - * codes only - */ - public static final ASN1ObjectIdentifier COUNTRY_OF_RESIDENCE = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.5"); - - - /** - * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64) - */ - public static final ASN1ObjectIdentifier NAME_AT_BIRTH = new ASN1ObjectIdentifier("1.3.36.8.3.14"); - - /** - * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF - * DirectoryString(SIZE(1..30)) - */ - public static final ASN1ObjectIdentifier POSTAL_ADDRESS = new ASN1ObjectIdentifier("2.5.4.16"); - - /** - * RFC 2256 dmdName - */ - public static final ASN1ObjectIdentifier DMD_NAME = new ASN1ObjectIdentifier("2.5.4.54"); - - /** - * id-at-telephoneNumber - */ - public static final ASN1ObjectIdentifier TELEPHONE_NUMBER = X509ObjectIdentifiers.id_at_telephoneNumber; - - /** - * id-at-name - */ - public static final ASN1ObjectIdentifier NAME = X509ObjectIdentifiers.id_at_name; - - /** - * Email address (RSA PKCS#9 extension) - IA5String. - *

Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here. - */ - public static final ASN1ObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress; - - /** - * more from PKCS#9 - */ - public static final ASN1ObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName; - public static final ASN1ObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress; - - /** - * email address in Verisign certificates - */ - public static final ASN1ObjectIdentifier E = EmailAddress; - - /* - * others... - */ - public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25"); - - /** - * LDAP User id. - */ - public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1"); - - /** - * default look up table translating OID values into their common symbols following - * the convention in RFC 2253 with a few extras - */ - private static final Hashtable DefaultSymbols = new Hashtable(); - - /** - * look up table translating common symbols into their OIDS. - */ - private static final Hashtable DefaultLookUp = new Hashtable(); - - static - { - DefaultSymbols.put(C, "C"); - DefaultSymbols.put(O, "O"); - DefaultSymbols.put(T, "T"); - DefaultSymbols.put(OU, "OU"); - DefaultSymbols.put(CN, "CN"); - DefaultSymbols.put(L, "L"); - DefaultSymbols.put(ST, "ST"); - DefaultSymbols.put(SN, "SERIALNUMBER"); - DefaultSymbols.put(EmailAddress, "E"); - DefaultSymbols.put(DC, "DC"); - DefaultSymbols.put(UID, "UID"); - DefaultSymbols.put(STREET, "STREET"); - DefaultSymbols.put(SURNAME, "SURNAME"); - DefaultSymbols.put(GIVENNAME, "GIVENNAME"); - DefaultSymbols.put(INITIALS, "INITIALS"); - DefaultSymbols.put(GENERATION, "GENERATION"); - DefaultSymbols.put(UnstructuredAddress, "unstructuredAddress"); - DefaultSymbols.put(UnstructuredName, "unstructuredName"); - DefaultSymbols.put(UNIQUE_IDENTIFIER, "UniqueIdentifier"); - DefaultSymbols.put(DN_QUALIFIER, "DN"); - DefaultSymbols.put(PSEUDONYM, "Pseudonym"); - DefaultSymbols.put(POSTAL_ADDRESS, "PostalAddress"); - DefaultSymbols.put(NAME_AT_BIRTH, "NameAtBirth"); - DefaultSymbols.put(COUNTRY_OF_CITIZENSHIP, "CountryOfCitizenship"); - DefaultSymbols.put(COUNTRY_OF_RESIDENCE, "CountryOfResidence"); - DefaultSymbols.put(GENDER, "Gender"); - DefaultSymbols.put(PLACE_OF_BIRTH, "PlaceOfBirth"); - DefaultSymbols.put(DATE_OF_BIRTH, "DateOfBirth"); - DefaultSymbols.put(POSTAL_CODE, "PostalCode"); - DefaultSymbols.put(BUSINESS_CATEGORY, "BusinessCategory"); - DefaultSymbols.put(TELEPHONE_NUMBER, "TelephoneNumber"); - DefaultSymbols.put(NAME, "Name"); - - DefaultLookUp.put("c", C); - DefaultLookUp.put("o", O); - DefaultLookUp.put("t", T); - DefaultLookUp.put("ou", OU); - DefaultLookUp.put("cn", CN); - DefaultLookUp.put("l", L); - DefaultLookUp.put("st", ST); - DefaultLookUp.put("sn", SN); - DefaultLookUp.put("serialnumber", SN); - DefaultLookUp.put("street", STREET); - DefaultLookUp.put("emailaddress", E); - DefaultLookUp.put("dc", DC); - DefaultLookUp.put("e", E); - DefaultLookUp.put("uid", UID); - DefaultLookUp.put("surname", SURNAME); - DefaultLookUp.put("givenname", GIVENNAME); - DefaultLookUp.put("initials", INITIALS); - DefaultLookUp.put("generation", GENERATION); - DefaultLookUp.put("unstructuredaddress", UnstructuredAddress); - DefaultLookUp.put("unstructuredname", UnstructuredName); - DefaultLookUp.put("uniqueidentifier", UNIQUE_IDENTIFIER); - DefaultLookUp.put("dn", DN_QUALIFIER); - DefaultLookUp.put("pseudonym", PSEUDONYM); - DefaultLookUp.put("postaladdress", POSTAL_ADDRESS); - DefaultLookUp.put("nameofbirth", NAME_AT_BIRTH); - DefaultLookUp.put("countryofcitizenship", COUNTRY_OF_CITIZENSHIP); - DefaultLookUp.put("countryofresidence", COUNTRY_OF_RESIDENCE); - DefaultLookUp.put("gender", GENDER); - DefaultLookUp.put("placeofbirth", PLACE_OF_BIRTH); - DefaultLookUp.put("dateofbirth", DATE_OF_BIRTH); - DefaultLookUp.put("postalcode", POSTAL_CODE); - DefaultLookUp.put("businesscategory", BUSINESS_CATEGORY); - DefaultLookUp.put("telephonenumber", TELEPHONE_NUMBER); - DefaultLookUp.put("name", NAME); - } - - protected BCStyle() - { - - } - - public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value) - { - if (value.length() != 0 && value.charAt(0) == '#') - { - try - { - return IETFUtils.valueFromHexString(value, 1); - } - catch (IOException e) - { - throw new RuntimeException("can't recode value for oid " + oid.getId()); - } - } - else - { - if (value.length() != 0 && value.charAt(0) == '\\') - { - value = value.substring(1); - } - if (oid.equals(EmailAddress) || oid.equals(DC)) - { - return new DERIA5String(value); - } - else if (oid.equals(DATE_OF_BIRTH)) // accept time string as well as # (for compatibility) - { - return new DERGeneralizedTime(value); - } - else if (oid.equals(C) || oid.equals(SN) || oid.equals(DN_QUALIFIER) - || oid.equals(TELEPHONE_NUMBER)) - { - return new DERPrintableString(value); - } - } - - return new DERUTF8String(value); - } - - public ASN1ObjectIdentifier attrNameToOID(String attrName) - { - return IETFUtils.decodeAttrName(attrName, DefaultLookUp); - } - - public boolean areEqual(X500Name name1, X500Name name2) - { - RDN[] rdns1 = name1.getRDNs(); - RDN[] rdns2 = name2.getRDNs(); - - if (rdns1.length != rdns2.length) - { - return false; - } - - boolean reverse = false; - - if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null) - { - reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType()); // guess forward - } - - for (int i = 0; i != rdns1.length; i++) - { - if (!foundMatch(reverse, rdns1[i], rdns2)) - { - return false; - } - } - - return true; - } - - private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs) - { - if (reverse) - { - for (int i = possRDNs.length - 1; i >= 0; i--) - { - if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i])) - { - possRDNs[i] = null; - return true; - } - } - } - else - { - for (int i = 0; i != possRDNs.length; i++) - { - if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i])) - { - possRDNs[i] = null; - return true; - } - } - } - - return false; - } - - protected boolean rdnAreEqual(RDN rdn1, RDN rdn2) - { - if (rdn1.isMultiValued()) - { - if (rdn2.isMultiValued()) - { - AttributeTypeAndValue[] atvs1 = rdn1.getTypesAndValues(); - AttributeTypeAndValue[] atvs2 = rdn2.getTypesAndValues(); - - if (atvs1.length != atvs2.length) - { - return false; - } - - for (int i = 0; i != atvs1.length; i++) - { - if (!atvAreEqual(atvs1[i], atvs2[i])) - { - return false; - } - } - } - else - { - return false; - } - } - else - { - if (!rdn2.isMultiValued()) - { - return atvAreEqual(rdn1.getFirst(), rdn2.getFirst()); - } - else - { - return false; - } - } - - return true; - } - - private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2) - { - if (atv1 == atv2) - { - return true; - } - - if (atv1 == null) - { - return false; - } - - if (atv2 == null) - { - return false; - } - - ASN1ObjectIdentifier o1 = atv1.getType(); - ASN1ObjectIdentifier o2 = atv2.getType(); - - if (!o1.equals(o2)) - { - return false; - } - - String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue())); - String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue())); - - if (!v1.equals(v2)) - { - return false; - } - - return true; - } - - public RDN[] fromString(String dirName) - { - return IETFUtils.rDNsFromString(dirName, this); - } - - public int calculateHashCode(X500Name name) - { - int hashCodeValue = 0; - RDN[] rdns = name.getRDNs(); - - // this needs to be order independent, like equals - for (int i = 0; i != rdns.length; i++) - { - if (rdns[i].isMultiValued()) - { - AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues(); - - for (int j = 0; j != atv.length; j++) - { - hashCodeValue ^= atv[j].getType().hashCode(); - hashCodeValue ^= calcHashCode(atv[j].getValue()); - } - } - else - { - hashCodeValue ^= rdns[i].getFirst().getType().hashCode(); - hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue()); - } - } - - return hashCodeValue; - } - - private int calcHashCode(ASN1Encodable enc) - { - String value = IETFUtils.valueToString(enc); - - value = IETFUtils.canonicalize(value); - - return value.hashCode(); - } - - public String toString(X500Name name) - { - StringBuffer buf = new StringBuffer(); - boolean first = true; - - RDN[] rdns = name.getRDNs(); - - for (int i = 0; i < rdns.length; i++) - { - if (first) - { - first = false; - } - else - { - buf.append(','); - } - - if (rdns[i].isMultiValued()) - { - AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues(); - boolean firstAtv = true; - - for (int j = 0; j != atv.length; j++) - { - if (firstAtv) - { - firstAtv = false; - } - else - { - buf.append('+'); - } - - IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols); - } - } - else - { - IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols); - } - } - - return buf.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java deleted file mode 100644 index 580304249..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java +++ /dev/null @@ -1,294 +0,0 @@ -package org.bouncycastle.asn1.x500.style; - -import java.io.IOException; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUniversalString; -import org.bouncycastle.asn1.x500.AttributeTypeAndValue; -import org.bouncycastle.asn1.x500.RDN; -import org.bouncycastle.asn1.x500.X500NameBuilder; -import org.bouncycastle.asn1.x500.X500NameStyle; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - -public class IETFUtils -{ - public static RDN[] rDNsFromString(String name, X500NameStyle x500Style) - { - X500NameTokenizer nTok = new X500NameTokenizer(name); - X500NameBuilder builder = new X500NameBuilder(x500Style); - - while (nTok.hasMoreTokens()) - { - String token = nTok.nextToken(); - int index = token.indexOf('='); - - if (index == -1) - { - throw new IllegalArgumentException("badly formated directory string"); - } - - String attr = token.substring(0, index); - String value = token.substring(index + 1); - ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr); - - if (value.indexOf('+') > 0) - { - X500NameTokenizer vTok = new X500NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - Vector oids = new Vector(); - Vector values = new Vector(); - - oids.addElement(oid); - values.addElement(v); - - while (vTok.hasMoreTokens()) - { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); - - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); - - oids.addElement(x500Style.attrNameToOID(nm)); - values.addElement(vl); - } - - builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values)); - } - else - { - builder.addRDN(oid, value); - } - } - - return builder.build().getRDNs(); - } - - private static String[] toValueArray(Vector values) - { - String[] tmp = new String[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (String)values.elementAt(i); - } - - return tmp; - } - - private static ASN1ObjectIdentifier[] toOIDArray(Vector oids) - { - ASN1ObjectIdentifier[] tmp = new ASN1ObjectIdentifier[oids.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (ASN1ObjectIdentifier)oids.elementAt(i); - } - - return tmp; - } - - public static ASN1ObjectIdentifier decodeAttrName( - String name, - Hashtable lookUp) - { - if (Strings.toUpperCase(name).startsWith("OID.")) - { - return new ASN1ObjectIdentifier(name.substring(4)); - } - else if (name.charAt(0) >= '0' && name.charAt(0) <= '9') - { - return new ASN1ObjectIdentifier(name); - } - - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)lookUp.get(Strings.toLowerCase(name)); - if (oid == null) - { - throw new IllegalArgumentException("Unknown object id - " + name + " - passed to distinguished name"); - } - - return oid; - } - - public static ASN1Encodable valueFromHexString( - String str, - int off) - throws IOException - { - str = Strings.toLowerCase(str); - byte[] data = new byte[(str.length() - off) / 2]; - for (int index = 0; index != data.length; index++) - { - char left = str.charAt((index * 2) + off); - char right = str.charAt((index * 2) + off + 1); - - if (left < 'a') - { - data[index] = (byte)((left - '0') << 4); - } - else - { - data[index] = (byte)((left - 'a' + 10) << 4); - } - if (right < 'a') - { - data[index] |= (byte)(right - '0'); - } - else - { - data[index] |= (byte)(right - 'a' + 10); - } - } - - return ASN1Object.fromByteArray(data); - } - - public static void appendTypeAndValue( - StringBuffer buf, - AttributeTypeAndValue typeAndValue, - Hashtable oidSymbols) - { - String sym = (String)oidSymbols.get(typeAndValue.getType()); - - if (sym != null) - { - buf.append(sym); - } - else - { - buf.append(typeAndValue.getType().getId()); - } - - buf.append('='); - - buf.append(valueToString(typeAndValue.getValue())); - } - - public static String valueToString(ASN1Encodable value) - { - StringBuffer vBuf = new StringBuffer(); - - if (value instanceof ASN1String && !(value instanceof DERUniversalString)) - { - String v = ((ASN1String)value).getString(); - if (v.length() > 0 && v.charAt(0) == '#') - { - vBuf.append("\\" + v); - } - else - { - vBuf.append(v); - } - } - else - { - vBuf.append("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); - } - - int end = vBuf.length(); - int index = 0; - - if (vBuf.length() >= 2 && vBuf.charAt(0) == '\\' && vBuf.charAt(1) == '#') - { - index += 2; - } - - while (index != end) - { - if ((vBuf.charAt(index) == ',') - || (vBuf.charAt(index) == '"') - || (vBuf.charAt(index) == '\\') - || (vBuf.charAt(index) == '+') - || (vBuf.charAt(index) == '=') - || (vBuf.charAt(index) == '<') - || (vBuf.charAt(index) == '>') - || (vBuf.charAt(index) == ';')) - { - vBuf.insert(index, "\\"); - index++; - end++; - } - - index++; - } - - return vBuf.toString(); - } - - private static String bytesToString( - byte[] data) - { - char[] cs = new char[data.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(data[i] & 0xff); - } - - return new String(cs); - } - - public static String canonicalize(String s) - { - String value = Strings.toLowerCase(s.trim()); - - if (value.length() > 0 && value.charAt(0) == '#') - { - DERObject obj = decodeObject(value); - - if (obj instanceof ASN1String) - { - value = Strings.toLowerCase(((ASN1String)obj).getString().trim()); - } - } - - value = stripInternalSpaces(value); - - return value; - } - - private static ASN1Object decodeObject(String oValue) - { - try - { - return ASN1Object.fromByteArray(Hex.decode(oValue.substring(1))); - } - catch (IOException e) - { - throw new IllegalStateException("unknown encoding in name: " + e); - } - } - - public static String stripInternalSpaces( - String str) - { - StringBuffer res = new StringBuffer(); - - if (str.length() != 0) - { - char c1 = str.charAt(0); - - res.append(c1); - - for (int k = 1; k < str.length(); k++) - { - char c2 = str.charAt(k); - if (!(c1 == ' ' && c2 == ' ')) - { - res.append(c2); - } - c1 = c2; - } - } - - return res.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java deleted file mode 100644 index 63f1a25c8..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java +++ /dev/null @@ -1,443 +0,0 @@ -package org.bouncycastle.asn1.x500.style; - -import java.io.IOException; -import java.util.Hashtable; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.x500.AttributeTypeAndValue; -import org.bouncycastle.asn1.x500.RDN; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.X500NameStyle; - -public class RFC4519Style - implements X500NameStyle -{ - public static final X500NameStyle INSTANCE = new RFC4519Style(); - - public static final ASN1ObjectIdentifier businessCategory = new ASN1ObjectIdentifier("2.5.4.15"); - public static final ASN1ObjectIdentifier c = new ASN1ObjectIdentifier("2.5.4.6"); - public static final ASN1ObjectIdentifier cn = new ASN1ObjectIdentifier("2.5.4.3"); - public static final ASN1ObjectIdentifier dc = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25"); - public static final ASN1ObjectIdentifier description = new ASN1ObjectIdentifier("2.5.4.13"); - public static final ASN1ObjectIdentifier destinationIndicator = new ASN1ObjectIdentifier("2.5.4.27"); - public static final ASN1ObjectIdentifier distinguishedName = new ASN1ObjectIdentifier("2.5.4.49"); - public static final ASN1ObjectIdentifier dnQualifier = new ASN1ObjectIdentifier("2.5.4.46"); - public static final ASN1ObjectIdentifier enhancedSearchGuide = new ASN1ObjectIdentifier("2.5.4.47"); - public static final ASN1ObjectIdentifier facsimileTelephoneNumber = new ASN1ObjectIdentifier("2.5.4.23"); - public static final ASN1ObjectIdentifier generationQualifier = new ASN1ObjectIdentifier("2.5.4.44"); - public static final ASN1ObjectIdentifier givenName = new ASN1ObjectIdentifier("2.5.4.42"); - public static final ASN1ObjectIdentifier houseIdentifier = new ASN1ObjectIdentifier("2.5.4.51"); - public static final ASN1ObjectIdentifier initials = new ASN1ObjectIdentifier("2.5.4.43"); - public static final ASN1ObjectIdentifier internationalISDNNumber = new ASN1ObjectIdentifier("2.5.4.25"); - public static final ASN1ObjectIdentifier l = new ASN1ObjectIdentifier("2.5.4.7"); - public static final ASN1ObjectIdentifier member = new ASN1ObjectIdentifier("2.5.4.31"); - public static final ASN1ObjectIdentifier name = new ASN1ObjectIdentifier("2.5.4.41"); - public static final ASN1ObjectIdentifier o = new ASN1ObjectIdentifier("2.5.4.10"); - public static final ASN1ObjectIdentifier ou = new ASN1ObjectIdentifier("2.5.4.11"); - public static final ASN1ObjectIdentifier owner = new ASN1ObjectIdentifier("2.5.4.32"); - public static final ASN1ObjectIdentifier physicalDeliveryOfficeName = new ASN1ObjectIdentifier("2.5.4.19"); - public static final ASN1ObjectIdentifier postalAddress = new ASN1ObjectIdentifier("2.5.4.16"); - public static final ASN1ObjectIdentifier postalCode = new ASN1ObjectIdentifier("2.5.4.17"); - public static final ASN1ObjectIdentifier postOfficeBox = new ASN1ObjectIdentifier("2.5.4.18"); - public static final ASN1ObjectIdentifier preferredDeliveryMethod = new ASN1ObjectIdentifier("2.5.4.28"); - public static final ASN1ObjectIdentifier registeredAddress = new ASN1ObjectIdentifier("2.5.4.26"); - public static final ASN1ObjectIdentifier roleOccupant = new ASN1ObjectIdentifier("2.5.4.33"); - public static final ASN1ObjectIdentifier searchGuide = new ASN1ObjectIdentifier("2.5.4.14"); - public static final ASN1ObjectIdentifier seeAlso = new ASN1ObjectIdentifier("2.5.4.34"); - public static final ASN1ObjectIdentifier serialNumber = new ASN1ObjectIdentifier("2.5.4.5"); - public static final ASN1ObjectIdentifier sn = new ASN1ObjectIdentifier("2.5.4.4"); - public static final ASN1ObjectIdentifier st = new ASN1ObjectIdentifier("2.5.4.8"); - public static final ASN1ObjectIdentifier street = new ASN1ObjectIdentifier("2.5.4.9"); - public static final ASN1ObjectIdentifier telephoneNumber = new ASN1ObjectIdentifier("2.5.4.20"); - public static final ASN1ObjectIdentifier teletexTerminalIdentifier = new ASN1ObjectIdentifier("2.5.4.22"); - public static final ASN1ObjectIdentifier telexNumber = new ASN1ObjectIdentifier("2.5.4.21"); - public static final ASN1ObjectIdentifier title = new ASN1ObjectIdentifier("2.5.4.12"); - public static final ASN1ObjectIdentifier uid = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1"); - public static final ASN1ObjectIdentifier uniqueMember = new ASN1ObjectIdentifier("2.5.4.50"); - public static final ASN1ObjectIdentifier userPassword = new ASN1ObjectIdentifier("2.5.4.35"); - public static final ASN1ObjectIdentifier x121Address = new ASN1ObjectIdentifier("2.5.4.24"); - public static final ASN1ObjectIdentifier x500UniqueIdentifier = new ASN1ObjectIdentifier("2.5.4.45"); - - /** - * default look up table translating OID values into their common symbols following - * the convention in RFC 2253 with a few extras - */ - private static final Hashtable DefaultSymbols = new Hashtable(); - - /** - * look up table translating common symbols into their OIDS. - */ - private static final Hashtable DefaultLookUp = new Hashtable(); - - static - { - DefaultSymbols.put(businessCategory, "businessCategory"); - DefaultSymbols.put(c, "c"); - DefaultSymbols.put(cn, "cn"); - DefaultSymbols.put(dc, "dc"); - DefaultSymbols.put(description, "description"); - DefaultSymbols.put(destinationIndicator, "destinationIndicator"); - DefaultSymbols.put(distinguishedName, "distinguishedName"); - DefaultSymbols.put(dnQualifier, "dnQualifier"); - DefaultSymbols.put(enhancedSearchGuide, "enhancedSearchGuide"); - DefaultSymbols.put(facsimileTelephoneNumber, "facsimileTelephoneNumber"); - DefaultSymbols.put(generationQualifier, "generationQualifier"); - DefaultSymbols.put(givenName, "givenName"); - DefaultSymbols.put(houseIdentifier, "houseIdentifier"); - DefaultSymbols.put(initials, "initials"); - DefaultSymbols.put(internationalISDNNumber, "internationalISDNNumber"); - DefaultSymbols.put(l, "l"); - DefaultSymbols.put(member, "member"); - DefaultSymbols.put(name, "name"); - DefaultSymbols.put(o, "o"); - DefaultSymbols.put(ou, "ou"); - DefaultSymbols.put(owner, "owner"); - DefaultSymbols.put(physicalDeliveryOfficeName, "physicalDeliveryOfficeName"); - DefaultSymbols.put(postalAddress, "postalAddress"); - DefaultSymbols.put(postalCode, "postalCode"); - DefaultSymbols.put(postOfficeBox, "postOfficeBox"); - DefaultSymbols.put(preferredDeliveryMethod, "preferredDeliveryMethod"); - DefaultSymbols.put(registeredAddress, "registeredAddress"); - DefaultSymbols.put(roleOccupant, "roleOccupant"); - DefaultSymbols.put(searchGuide, "searchGuide"); - DefaultSymbols.put(seeAlso, "seeAlso"); - DefaultSymbols.put(serialNumber, "serialNumber"); - DefaultSymbols.put(sn, "sn"); - DefaultSymbols.put(st, "st"); - DefaultSymbols.put(street, "street"); - DefaultSymbols.put(telephoneNumber, "telephoneNumber"); - DefaultSymbols.put(teletexTerminalIdentifier, "teletexTerminalIdentifier"); - DefaultSymbols.put(telexNumber, "telexNumber"); - DefaultSymbols.put(title, "title"); - DefaultSymbols.put(uid, "uid"); - DefaultSymbols.put(uniqueMember, "uniqueMember"); - DefaultSymbols.put(userPassword, "userPassword"); - DefaultSymbols.put(x121Address, "x121Address"); - DefaultSymbols.put(x500UniqueIdentifier, "x500UniqueIdentifier"); - - DefaultLookUp.put("businesscategory", businessCategory); - DefaultLookUp.put("c", c); - DefaultLookUp.put("cn", cn); - DefaultLookUp.put("dc", dc); - DefaultLookUp.put("description", description); - DefaultLookUp.put("destinationindicator", destinationIndicator); - DefaultLookUp.put("distinguishedname", distinguishedName); - DefaultLookUp.put("dnqualifier", dnQualifier); - DefaultLookUp.put("enhancedsearchguide", enhancedSearchGuide); - DefaultLookUp.put("facsimiletelephonenumber", facsimileTelephoneNumber); - DefaultLookUp.put("generationqualifier", generationQualifier); - DefaultLookUp.put("givenname", givenName); - DefaultLookUp.put("houseidentifier", houseIdentifier); - DefaultLookUp.put("initials", initials); - DefaultLookUp.put("internationalisdnnumber", internationalISDNNumber); - DefaultLookUp.put("l", l); - DefaultLookUp.put("member", member); - DefaultLookUp.put("name", name); - DefaultLookUp.put("o", o); - DefaultLookUp.put("ou", ou); - DefaultLookUp.put("owner", owner); - DefaultLookUp.put("physicaldeliveryofficename", physicalDeliveryOfficeName); - DefaultLookUp.put("postaladdress", postalAddress); - DefaultLookUp.put("postalcode", postalCode); - DefaultLookUp.put("postofficebox", postOfficeBox); - DefaultLookUp.put("preferreddeliverymethod", preferredDeliveryMethod); - DefaultLookUp.put("registeredaddress", registeredAddress); - DefaultLookUp.put("roleoccupant", roleOccupant); - DefaultLookUp.put("searchguide", searchGuide); - DefaultLookUp.put("seealso", seeAlso); - DefaultLookUp.put("serialnumber", serialNumber); - DefaultLookUp.put("sn", sn); - DefaultLookUp.put("st", st); - DefaultLookUp.put("street", street); - DefaultLookUp.put("telephonenumber", telephoneNumber); - DefaultLookUp.put("teletexterminalidentifier", teletexTerminalIdentifier); - DefaultLookUp.put("telexnumber", telexNumber); - DefaultLookUp.put("title", title); - DefaultLookUp.put("uid", uid); - DefaultLookUp.put("uniquemember", uniqueMember); - DefaultLookUp.put("userpassword", userPassword); - DefaultLookUp.put("x121address", x121Address); - DefaultLookUp.put("x500uniqueidentifier", x500UniqueIdentifier); - - // TODO: need to add correct matching for equality comparisons. - } - - protected RFC4519Style() - { - - } - - public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value) - { - if (value.length() != 0 && value.charAt(0) == '#') - { - try - { - return IETFUtils.valueFromHexString(value, 1); - } - catch (IOException e) - { - throw new RuntimeException("can't recode value for oid " + oid.getId()); - } - } - else - { - if (value.length() != 0 && value.charAt(0) == '\\') - { - value = value.substring(1); - } - if (oid.equals(dc)) - { - return new DERIA5String(value); - } - else if (oid.equals(c) || oid.equals(serialNumber) || oid.equals(dnQualifier) - || oid.equals(telephoneNumber)) - { - return new DERPrintableString(value); - } - } - - return new DERUTF8String(value); - } - - public ASN1ObjectIdentifier attrNameToOID(String attrName) - { - return IETFUtils.decodeAttrName(attrName, DefaultLookUp); - } - - public boolean areEqual(X500Name name1, X500Name name2) - { - RDN[] rdns1 = name1.getRDNs(); - RDN[] rdns2 = name2.getRDNs(); - - if (rdns1.length != rdns2.length) - { - return false; - } - - boolean reverse = false; - - if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null) - { - reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType()); // guess forward - } - - for (int i = 0; i != rdns1.length; i++) - { - if (!foundMatch(reverse, rdns1[i], rdns2)) - { - return false; - } - } - - return true; - } - - private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs) - { - if (reverse) - { - for (int i = possRDNs.length - 1; i >= 0; i--) - { - if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i])) - { - possRDNs[i] = null; - return true; - } - } - } - else - { - for (int i = 0; i != possRDNs.length; i++) - { - if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i])) - { - possRDNs[i] = null; - return true; - } - } - } - - return false; - } - - protected boolean rdnAreEqual(RDN rdn1, RDN rdn2) - { - if (rdn1.isMultiValued()) - { - if (rdn2.isMultiValued()) - { - AttributeTypeAndValue[] atvs1 = rdn1.getTypesAndValues(); - AttributeTypeAndValue[] atvs2 = rdn2.getTypesAndValues(); - - if (atvs1.length != atvs2.length) - { - return false; - } - - for (int i = 0; i != atvs1.length; i++) - { - if (!atvAreEqual(atvs1[i], atvs2[i])) - { - return false; - } - } - } - else - { - return false; - } - } - else - { - if (!rdn2.isMultiValued()) - { - return atvAreEqual(rdn1.getFirst(), rdn2.getFirst()); - } - else - { - return false; - } - } - - return true; - } - - private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2) - { - if (atv1 == atv2) - { - return true; - } - - if (atv1 == null) - { - return false; - } - - if (atv2 == null) - { - return false; - } - - ASN1ObjectIdentifier o1 = atv1.getType(); - ASN1ObjectIdentifier o2 = atv2.getType(); - - if (!o1.equals(o2)) - { - return false; - } - - String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue())); - String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue())); - - if (!v1.equals(v2)) - { - return false; - } - - return true; - } - - // parse backwards - public RDN[] fromString(String dirName) - { - RDN[] tmp = IETFUtils.rDNsFromString(dirName, this); - RDN[] res = new RDN[tmp.length]; - - for (int i = 0; i != tmp.length; i++) - { - res[res.length - i - 1] = tmp[i]; - } - - return res; - } - - public int calculateHashCode(X500Name name) - { - int hashCodeValue = 0; - RDN[] rdns = name.getRDNs(); - - // this needs to be order independent, like equals - for (int i = 0; i != rdns.length; i++) - { - if (rdns[i].isMultiValued()) - { - AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues(); - - for (int j = 0; j != atv.length; j++) - { - hashCodeValue ^= atv[j].getType().hashCode(); - hashCodeValue ^= calcHashCode(atv[j].getValue()); - } - } - else - { - hashCodeValue ^= rdns[i].getFirst().getType().hashCode(); - hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue()); - } - } - - return hashCodeValue; - } - - private int calcHashCode(ASN1Encodable enc) - { - String value = IETFUtils.valueToString(enc); - - value = IETFUtils.canonicalize(value); - - return value.hashCode(); - } - - // convert in reverse - public String toString(X500Name name) - { - StringBuffer buf = new StringBuffer(); - boolean first = true; - - RDN[] rdns = name.getRDNs(); - - for (int i = rdns.length - 1; i >= 0; i--) - { - if (first) - { - first = false; - } - else - { - buf.append(','); - } - - if (rdns[i].isMultiValued()) - { - AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues(); - boolean firstAtv = true; - - for (int j = 0; j != atv.length; j++) - { - if (firstAtv) - { - firstAtv = false; - } - else - { - buf.append('+'); - } - - IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols); - } - } - else - { - IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols); - } - } - - return buf.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java deleted file mode 100644 index 7549a7299..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.asn1.x500.style; - -/** - * class for breaking up an X500 Name into it's component tokens, ala - * java.util.StringTokenizer. We need this class as some of the - * lightweight Java environment don't support classes like - * StringTokenizer. - */ -class X500NameTokenizer -{ - private String value; - private int index; - private char seperator; - private StringBuffer buf = new StringBuffer(); - - public X500NameTokenizer( - String oid) - { - this(oid, ','); - } - - public X500NameTokenizer( - String oid, - char seperator) - { - this.value = oid; - this.index = -1; - this.seperator = seperator; - } - - public boolean hasMoreTokens() - { - return (index != value.length()); - } - - public String nextToken() - { - if (index == value.length()) - { - return null; - } - - int end = index + 1; - boolean quoted = false; - boolean escaped = false; - - buf.setLength(0); - - while (end != value.length()) - { - char c = value.charAt(end); - - if (c == '"') - { - if (!escaped) - { - quoted = !quoted; - } - else - { - buf.append(c); - } - escaped = false; - } - else - { - if (escaped || quoted) - { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && seperator != '+') - { - buf.append('\\'); - } - buf.append(c); - escaped = false; - } - else if (c == '\\') - { - escaped = true; - } - else if (c == seperator) - { - break; - } - else - { - buf.append(c); - } - } - end++; - } - - index = end; - return buf.toString().trim(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java deleted file mode 100644 index d9b248644..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * The AccessDescription object. - * 

- * AccessDescription  ::=  SEQUENCE {
- *       accessMethod          OBJECT IDENTIFIER,
- *       accessLocation        GeneralName  }
- *
- */ -public class AccessDescription - extends ASN1Encodable -{ - public final static DERObjectIdentifier id_ad_caIssuers = new DERObjectIdentifier("1.3.6.1.5.5.7.48.2"); - - public final static DERObjectIdentifier id_ad_ocsp = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1"); - - DERObjectIdentifier accessMethod = null; - GeneralName accessLocation = null; - - public static AccessDescription getInstance( - Object obj) - { - if (obj instanceof AccessDescription) - { - return (AccessDescription)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AccessDescription((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AccessDescription( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("wrong number of elements in sequence"); - } - - accessMethod = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - accessLocation = GeneralName.getInstance(seq.getObjectAt(1)); - } - - /** - * create an AccessDescription with the oid and location provided. - */ - public AccessDescription( - DERObjectIdentifier oid, - GeneralName location) - { - accessMethod = oid; - accessLocation = location; - } - - /** - * - * @return the access method. - */ - public DERObjectIdentifier getAccessMethod() - { - return accessMethod; - } - - /** - * - * @return the access location - */ - public GeneralName getAccessLocation() - { - return accessLocation; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector accessDescription = new ASN1EncodableVector(); - - accessDescription.add(accessMethod); - accessDescription.add(accessLocation); - - return new DERSequence(accessDescription); - } - - public String toString() - { - return ("AccessDescription: Oid(" + this.accessMethod.getId() + ")"); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java deleted file mode 100644 index 7288d384d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class AlgorithmIdentifier - extends ASN1Encodable -{ - private DERObjectIdentifier objectId; - private DEREncodable parameters; - private boolean parametersDefined = false; - - public static AlgorithmIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static AlgorithmIdentifier getInstance( - Object obj) - { - if (obj== null || obj instanceof AlgorithmIdentifier) - { - return (AlgorithmIdentifier)obj; - } - - if (obj instanceof DERObjectIdentifier) - { - return new AlgorithmIdentifier((DERObjectIdentifier)obj); - } - - if (obj instanceof String) - { - return new AlgorithmIdentifier((String)obj); - } - - if (obj instanceof ASN1Sequence) - { - return new AlgorithmIdentifier((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AlgorithmIdentifier( - DERObjectIdentifier objectId) - { - this.objectId = objectId; - } - - public AlgorithmIdentifier( - String objectId) - { - this.objectId = new DERObjectIdentifier(objectId); - } - - public AlgorithmIdentifier( - DERObjectIdentifier objectId, - DEREncodable parameters) - { - parametersDefined = true; - this.objectId = objectId; - this.parameters = parameters; - } - - public AlgorithmIdentifier( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - objectId = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - parametersDefined = true; - parameters = seq.getObjectAt(1); - } - else - { - parameters = null; - } - } - - public ASN1ObjectIdentifier getAlgorithm() - { - return new ASN1ObjectIdentifier(objectId.getId()); - } - - /** - * @deprecated use getAlgorithm - * @return - */ - public DERObjectIdentifier getObjectId() - { - return objectId; - } - - public DEREncodable getParameters() - { - return parameters; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *      AlgorithmIdentifier ::= SEQUENCE {
-     *                            algorithm OBJECT IDENTIFIER,
-     *                            parameters ANY DEFINED BY algorithm OPTIONAL }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(objectId); - - if (parametersDefined) - { - if (parameters != null) - { - v.add(parameters); - } - else - { - v.add(DERNull.INSTANCE); - } - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java deleted file mode 100644 index f08bd2a9a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class AttCertIssuer - extends ASN1Encodable - implements ASN1Choice -{ - ASN1Encodable obj; - DERObject choiceObj; - - public static AttCertIssuer getInstance( - Object obj) - { - if (obj instanceof AttCertIssuer) - { - return (AttCertIssuer)obj; - } - else if (obj instanceof V2Form) - { - return new AttCertIssuer(V2Form.getInstance(obj)); - } - else if (obj instanceof GeneralNames) - { - return new AttCertIssuer((GeneralNames)obj); - } - else if (obj instanceof ASN1TaggedObject) - { - return new AttCertIssuer(V2Form.getInstance((ASN1TaggedObject)obj, false)); - } - else if (obj instanceof ASN1Sequence) - { - return new AttCertIssuer(GeneralNames.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public static AttCertIssuer getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explictly tagged - } - - /** - * Don't use this one if you are trying to be RFC 3281 compliant. - * Use it for v1 attribute certificates only. - * - * @param names our GeneralNames structure - */ - public AttCertIssuer( - GeneralNames names) - { - obj = names; - choiceObj = obj.getDERObject(); - } - - public AttCertIssuer( - V2Form v2Form) - { - obj = v2Form; - choiceObj = new DERTaggedObject(false, 0, obj); - } - - public ASN1Encodable getIssuer() - { - return obj; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  AttCertIssuer ::= CHOICE {
-     *       v1Form   GeneralNames,  -- MUST NOT be used in this
-     *                               -- profile
-     *       v2Form   [0] V2Form     -- v2 only
-     *  }
-     *
- */ - public DERObject toASN1Object() - { - return choiceObj; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java deleted file mode 100644 index a4ab4cde7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java +++ /dev/null @@ -1,84 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttCertValidityPeriod - extends ASN1Encodable -{ - DERGeneralizedTime notBeforeTime; - DERGeneralizedTime notAfterTime; - - public static AttCertValidityPeriod getInstance( - Object obj) - { - if (obj instanceof AttCertValidityPeriod) - { - return (AttCertValidityPeriod)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AttCertValidityPeriod((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AttCertValidityPeriod( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - notBeforeTime = DERGeneralizedTime.getInstance(seq.getObjectAt(0)); - notAfterTime = DERGeneralizedTime.getInstance(seq.getObjectAt(1)); - } - - /** - * @param notBeforeTime - * @param notAfterTime - */ - public AttCertValidityPeriod( - DERGeneralizedTime notBeforeTime, - DERGeneralizedTime notAfterTime) - { - this.notBeforeTime = notBeforeTime; - this.notAfterTime = notAfterTime; - } - - public DERGeneralizedTime getNotBeforeTime() - { - return notBeforeTime; - } - - public DERGeneralizedTime getNotAfterTime() - { - return notAfterTime; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  AttCertValidityPeriod  ::= SEQUENCE {
-     *       notBeforeTime  GeneralizedTime,
-     *       notAfterTime   GeneralizedTime
-     *  } 
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(notBeforeTime); - v.add(notAfterTime); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Attribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Attribute.java deleted file mode 100644 index 56df17806..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Attribute.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class Attribute - extends ASN1Encodable -{ - private DERObjectIdentifier attrType; - private ASN1Set attrValues; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static Attribute getInstance( - Object o) - { - if (o == null || o instanceof Attribute) - { - return (Attribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new Attribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName()); - } - - public Attribute( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - attrType = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - attrValues = ASN1Set.getInstance(seq.getObjectAt(1)); - } - - public Attribute( - DERObjectIdentifier attrType, - ASN1Set attrValues) - { - this.attrType = attrType; - this.attrValues = attrValues; - } - - public ASN1ObjectIdentifier getAttrType() - { - return new ASN1ObjectIdentifier(attrType.getId()); - } - - public ASN1Encodable[] getAttributeValues() - { - return attrValues.toArray(); - } - - public ASN1Set getAttrValues() - { - return attrValues; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Attribute ::= SEQUENCE {
-     *     attrType OBJECT IDENTIFIER,
-     *     attrValues SET OF AttributeValue
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attrType); - v.add(attrValues); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java deleted file mode 100644 index 9e79e8920..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttributeCertificate - extends ASN1Encodable -{ - AttributeCertificateInfo acinfo; - AlgorithmIdentifier signatureAlgorithm; - DERBitString signatureValue; - - /** - * @param obj - * @return an AttributeCertificate object - */ - public static AttributeCertificate getInstance(Object obj) - { - if (obj instanceof AttributeCertificate) - { - return (AttributeCertificate)obj; - } - else if (obj != null) - { - return new AttributeCertificate(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public AttributeCertificate( - AttributeCertificateInfo acinfo, - AlgorithmIdentifier signatureAlgorithm, - DERBitString signatureValue) - { - this.acinfo = acinfo; - this.signatureAlgorithm = signatureAlgorithm; - this.signatureValue = signatureValue; - } - - public AttributeCertificate( - ASN1Sequence seq) - { - if (seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - this.acinfo = AttributeCertificateInfo.getInstance(seq.getObjectAt(0)); - this.signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - this.signatureValue = DERBitString.getInstance(seq.getObjectAt(2)); - } - - public AttributeCertificateInfo getAcinfo() - { - return acinfo; - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public DERBitString getSignatureValue() - { - return signatureValue; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  AttributeCertificate ::= SEQUENCE {
-     *       acinfo               AttributeCertificateInfo,
-     *       signatureAlgorithm   AlgorithmIdentifier,
-     *       signatureValue       BIT STRING
-     *  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(acinfo); - v.add(signatureAlgorithm); - v.add(signatureValue); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java deleted file mode 100644 index 59ff27af6..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java +++ /dev/null @@ -1,165 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttributeCertificateInfo - extends ASN1Encodable -{ - private DERInteger version; - private Holder holder; - private AttCertIssuer issuer; - private AlgorithmIdentifier signature; - private DERInteger serialNumber; - private AttCertValidityPeriod attrCertValidityPeriod; - private ASN1Sequence attributes; - private DERBitString issuerUniqueID; - private X509Extensions extensions; - - public static AttributeCertificateInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static AttributeCertificateInfo getInstance( - Object obj) - { - if (obj instanceof AttributeCertificateInfo) - { - return (AttributeCertificateInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AttributeCertificateInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AttributeCertificateInfo( - ASN1Sequence seq) - { - if (seq.size() < 7 || seq.size() > 9) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - this.version = DERInteger.getInstance(seq.getObjectAt(0)); - this.holder = Holder.getInstance(seq.getObjectAt(1)); - this.issuer = AttCertIssuer.getInstance(seq.getObjectAt(2)); - this.signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(3)); - this.serialNumber = DERInteger.getInstance(seq.getObjectAt(4)); - this.attrCertValidityPeriod = AttCertValidityPeriod.getInstance(seq.getObjectAt(5)); - this.attributes = ASN1Sequence.getInstance(seq.getObjectAt(6)); - - for (int i = 7; i < seq.size(); i++) - { - ASN1Encodable obj = (ASN1Encodable)seq.getObjectAt(i); - - if (obj instanceof DERBitString) - { - this.issuerUniqueID = DERBitString.getInstance(seq.getObjectAt(i)); - } - else if (obj instanceof ASN1Sequence || obj instanceof X509Extensions) - { - this.extensions = X509Extensions.getInstance(seq.getObjectAt(i)); - } - } - } - - public DERInteger getVersion() - { - return version; - } - - public Holder getHolder() - { - return holder; - } - - public AttCertIssuer getIssuer() - { - return issuer; - } - - public AlgorithmIdentifier getSignature() - { - return signature; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public AttCertValidityPeriod getAttrCertValidityPeriod() - { - return attrCertValidityPeriod; - } - - public ASN1Sequence getAttributes() - { - return attributes; - } - - public DERBitString getIssuerUniqueID() - { - return issuerUniqueID; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  AttributeCertificateInfo ::= SEQUENCE {
-     *       version              AttCertVersion -- version is v2,
-     *       holder               Holder,
-     *       issuer               AttCertIssuer,
-     *       signature            AlgorithmIdentifier,
-     *       serialNumber         CertificateSerialNumber,
-     *       attrCertValidityPeriod   AttCertValidityPeriod,
-     *       attributes           SEQUENCE OF Attribute,
-     *       issuerUniqueID       UniqueIdentifier OPTIONAL,
-     *       extensions           Extensions OPTIONAL
-     *  }
-     *
-     *  AttCertVersion ::= INTEGER { v2(1) }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(holder); - v.add(issuer); - v.add(signature); - v.add(serialNumber); - v.add(attrCertValidityPeriod); - v.add(attributes); - - if (issuerUniqueID != null) - { - v.add(issuerUniqueID); - } - - if (extensions != null) - { - v.add(extensions); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java deleted file mode 100644 index 6e996213e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * The AuthorityInformationAccess object. - * 
- * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
- *
- * AuthorityInfoAccessSyntax  ::=
- *      SEQUENCE SIZE (1..MAX) OF AccessDescription
- * AccessDescription  ::=  SEQUENCE {
- *       accessMethod          OBJECT IDENTIFIER,
- *       accessLocation        GeneralName  }
- *
- * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
- * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
- * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
- *
- */ -public class AuthorityInformationAccess - extends ASN1Encodable -{ - private AccessDescription[] descriptions; - - public static AuthorityInformationAccess getInstance( - Object obj) - { - if (obj instanceof AuthorityInformationAccess) - { - return (AuthorityInformationAccess)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new AuthorityInformationAccess((ASN1Sequence)obj); - } - - if (obj instanceof X509Extension) - { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AuthorityInformationAccess( - ASN1Sequence seq) - { - if (seq.size() < 1) - { - throw new IllegalArgumentException("sequence may not be empty"); - } - - descriptions = new AccessDescription[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - descriptions[i] = AccessDescription.getInstance(seq.getObjectAt(i)); - } - } - - /** - * create an AuthorityInformationAccess with the oid and location provided. - */ - public AuthorityInformationAccess( - DERObjectIdentifier oid, - GeneralName location) - { - descriptions = new AccessDescription[1]; - - descriptions[0] = new AccessDescription(oid, location); - } - - - /** - * - * @return the access descriptions contained in this object. - */ - public AccessDescription[] getAccessDescriptions() - { - return descriptions; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - - for (int i = 0; i != descriptions.length; i++) - { - vec.add(descriptions[i]); - } - - return new DERSequence(vec); - } - - public String toString() - { - return ("AuthorityInformationAccess: Oid(" + this.descriptions[0].getAccessMethod().getId() + ")"); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java deleted file mode 100644 index a3e5a549b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +++ /dev/null @@ -1,231 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; - -import java.math.BigInteger; -import java.util.Enumeration; - -/** - * The AuthorityKeyIdentifier object. - * 
- * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
- *
- *   AuthorityKeyIdentifier ::= SEQUENCE {
- *      keyIdentifier             [0] IMPLICIT KeyIdentifier           OPTIONAL,
- *      authorityCertIssuer       [1] IMPLICIT GeneralNames            OPTIONAL,
- *      authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL  }
- *
- *   KeyIdentifier ::= OCTET STRING
- *
- * - */ -public class AuthorityKeyIdentifier - extends ASN1Encodable -{ - ASN1OctetString keyidentifier=null; - GeneralNames certissuer=null; - DERInteger certserno=null; - - public static AuthorityKeyIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static AuthorityKeyIdentifier getInstance( - Object obj) - { - if (obj instanceof AuthorityKeyIdentifier) - { - return (AuthorityKeyIdentifier)obj; - } - if (obj instanceof ASN1Sequence) - { - return new AuthorityKeyIdentifier((ASN1Sequence)obj); - } - if (obj instanceof X509Extension) - { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public AuthorityKeyIdentifier( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1TaggedObject o = DERTaggedObject.getInstance(e.nextElement()); - - switch (o.getTagNo()) - { - case 0: - this.keyidentifier = ASN1OctetString.getInstance(o, false); - break; - case 1: - this.certissuer = GeneralNames.getInstance(o, false); - break; - case 2: - this.certserno = DERInteger.getInstance(o, false); - break; - default: - throw new IllegalArgumentException("illegal tag"); - } - } - } - - /** - * - * Calulates the keyidentifier using a SHA1 hash over the BIT STRING - * from SubjectPublicKeyInfo as defined in RFC2459. - * - * Example of making a AuthorityKeyIdentifier: - * 
-     *   SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
-     *       publicKey.getEncoded()).readObject());
-     *   AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
-     *
- * - **/ - public AuthorityKeyIdentifier( - SubjectPublicKeyInfo spki) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - this.keyidentifier = new DEROctetString(resBuf); - } - - /** - * create an AuthorityKeyIdentifier with the GeneralNames tag and - * the serial number provided as well. - */ - public AuthorityKeyIdentifier( - SubjectPublicKeyInfo spki, - GeneralNames name, - BigInteger serialNumber) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - - this.keyidentifier = new DEROctetString(resBuf); - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); - } - - /** - * create an AuthorityKeyIdentifier with the GeneralNames tag and - * the serial number provided. - */ - public AuthorityKeyIdentifier( - GeneralNames name, - BigInteger serialNumber) - { - this.keyidentifier = null; - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); - } - - /** - * create an AuthorityKeyIdentifier with a precomupted key identifier - */ - public AuthorityKeyIdentifier( - byte[] keyIdentifier) - { - this.keyidentifier = new DEROctetString(keyIdentifier); - this.certissuer = null; - this.certserno = null; - } - - /** - * create an AuthorityKeyIdentifier with a precomupted key identifier - * and the GeneralNames tag and the serial number provided as well. - */ - public AuthorityKeyIdentifier( - byte[] keyIdentifier, - GeneralNames name, - BigInteger serialNumber) - { - this.keyidentifier = new DEROctetString(keyIdentifier); - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); - } - - public byte[] getKeyIdentifier() - { - if (keyidentifier != null) - { - return keyidentifier.getOctets(); - } - - return null; - } - - public GeneralNames getAuthorityCertIssuer() - { - return certissuer; - } - - public BigInteger getAuthorityCertSerialNumber() - { - if (certserno != null) - { - return certserno.getValue(); - } - - return null; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (keyidentifier != null) - { - v.add(new DERTaggedObject(false, 0, keyidentifier)); - } - - if (certissuer != null) - { - v.add(new DERTaggedObject(false, 1, certissuer)); - } - - if (certserno != null) - { - v.add(new DERTaggedObject(false, 2, certserno)); - } - - - return new DERSequence(v); - } - - public String toString() - { - return ("AuthorityKeyIdentifier: KeyID(" + this.keyidentifier.getOctets() + ")"); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java deleted file mode 100644 index e6a98077f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java +++ /dev/null @@ -1,181 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -import java.math.BigInteger; - -public class BasicConstraints - extends ASN1Encodable -{ - DERBoolean cA = new DERBoolean(false); - DERInteger pathLenConstraint = null; - - public static BasicConstraints getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static BasicConstraints getInstance( - Object obj) - { - if (obj == null || obj instanceof BasicConstraints) - { - return (BasicConstraints)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new BasicConstraints((ASN1Sequence)obj); - } - - if (obj instanceof X509Extension) - { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public BasicConstraints( - ASN1Sequence seq) - { - if (seq.size() == 0) - { - this.cA = null; - this.pathLenConstraint = null; - } - else - { - if (seq.getObjectAt(0) instanceof DERBoolean) - { - this.cA = DERBoolean.getInstance(seq.getObjectAt(0)); - } - else - { - this.cA = null; - this.pathLenConstraint = DERInteger.getInstance(seq.getObjectAt(0)); - } - if (seq.size() > 1) - { - if (this.cA != null) - { - this.pathLenConstraint = DERInteger.getInstance(seq.getObjectAt(1)); - } - else - { - throw new IllegalArgumentException("wrong sequence in constructor"); - } - } - } - } - - /** - * @deprecated use one of the other two unambigous constructors. - * @param cA - * @param pathLenConstraint - */ - public BasicConstraints( - boolean cA, - int pathLenConstraint) - { - if (cA) - { - this.cA = new DERBoolean(cA); - this.pathLenConstraint = new DERInteger(pathLenConstraint); - } - else - { - this.cA = null; - this.pathLenConstraint = null; - } - } - - public BasicConstraints( - boolean cA) - { - if (cA) - { - this.cA = new DERBoolean(true); - } - else - { - this.cA = null; - } - this.pathLenConstraint = null; - } - - /** - * create a cA=true object for the given path length constraint. - * - * @param pathLenConstraint - */ - public BasicConstraints( - int pathLenConstraint) - { - this.cA = new DERBoolean(true); - this.pathLenConstraint = new DERInteger(pathLenConstraint); - } - - public boolean isCA() - { - return (cA != null) && cA.isTrue(); - } - - public BigInteger getPathLenConstraint() - { - if (pathLenConstraint != null) - { - return pathLenConstraint.getValue(); - } - - return null; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * BasicConstraints := SEQUENCE {
-     *    cA                  BOOLEAN DEFAULT FALSE,
-     *    pathLenConstraint   INTEGER (0..MAX) OPTIONAL
-     * }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (cA != null) - { - v.add(cA); - } - - if (pathLenConstraint != null) // yes some people actually do this when cA is false... - { - v.add(pathLenConstraint); - } - - return new DERSequence(v); - } - - public String toString() - { - if (pathLenConstraint == null) - { - if (cA == null) - { - return "BasicConstraints: isCa(false)"; - } - return "BasicConstraints: isCa(" + this.isCA() + ")"; - } - return "BasicConstraints: isCa(" + this.isCA() + "), pathLenConstraint = " + pathLenConstraint.getValue(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java deleted file mode 100644 index 67244b186..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CRLDistPoint - extends ASN1Encodable -{ - ASN1Sequence seq = null; - - public static CRLDistPoint getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static CRLDistPoint getInstance( - Object obj) - { - if (obj instanceof CRLDistPoint || obj == null) - { - return (CRLDistPoint)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CRLDistPoint((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public CRLDistPoint( - ASN1Sequence seq) - { - this.seq = seq; - } - - public CRLDistPoint( - DistributionPoint[] points) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != points.length; i++) - { - v.add(points[i]); - } - - seq = new DERSequence(v); - } - - /** - * Return the distribution points making up the sequence. - * - * @return DistributionPoint[] - */ - public DistributionPoint[] getDistributionPoints() - { - DistributionPoint[] dp = new DistributionPoint[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - dp[i] = DistributionPoint.getInstance(seq.getObjectAt(i)); - } - - return dp; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * CRLDistPoint ::= SEQUENCE SIZE {1..MAX} OF DistributionPoint
-     *
- */ - public DERObject toASN1Object() - { - return seq; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String sep = System.getProperty("line.separator"); - - buf.append("CRLDistPoint:"); - buf.append(sep); - DistributionPoint dp[] = getDistributionPoints(); - for (int i = 0; i != dp.length; i++) - { - buf.append(" "); - buf.append(dp[i]); - buf.append(sep); - } - return buf.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java deleted file mode 100644 index 5c74abf1e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERInteger; - -import java.math.BigInteger; - -/** - * The CRLNumber object. - * 
- * CRLNumber::= INTEGER(0..MAX)
- *
- */ -public class CRLNumber - extends DERInteger -{ - - public CRLNumber( - BigInteger number) - { - super(number); - } - - public BigInteger getCRLNumber() - { - return getPositiveValue(); - } - - public String toString() - { - return "CRLNumber: " + getCRLNumber(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java deleted file mode 100644 index dfbccda99..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DEREnumerated; - -/** - * The CRLReason enumeration. - * 
- * CRLReason ::= ENUMERATED {
- *  unspecified             (0),
- *  keyCompromise           (1),
- *  cACompromise            (2),
- *  affiliationChanged      (3),
- *  superseded              (4),
- *  cessationOfOperation    (5),
- *  certificateHold         (6),
- *  removeFromCRL           (8),
- *  privilegeWithdrawn      (9),
- *  aACompromise           (10)
- * }
- *
- */ -public class CRLReason - extends DEREnumerated -{ - /** - * @deprecated use lower case version - */ - public static final int UNSPECIFIED = 0; - /** - * @deprecated use lower case version - */ - public static final int KEY_COMPROMISE = 1; - /** - * @deprecated use lower case version - */ - public static final int CA_COMPROMISE = 2; - /** - * @deprecated use lower case version - */ - public static final int AFFILIATION_CHANGED = 3; - /** - * @deprecated use lower case version - */ - public static final int SUPERSEDED = 4; - /** - * @deprecated use lower case version - */ - public static final int CESSATION_OF_OPERATION = 5; - /** - * @deprecated use lower case version - */ - public static final int CERTIFICATE_HOLD = 6; - /** - * @deprecated use lower case version - */ - public static final int REMOVE_FROM_CRL = 8; - /** - * @deprecated use lower case version - */ - public static final int PRIVILEGE_WITHDRAWN = 9; - /** - * @deprecated use lower case version - */ - public static final int AA_COMPROMISE = 10; - - public static final int unspecified = 0; - public static final int keyCompromise = 1; - public static final int cACompromise = 2; - public static final int affiliationChanged = 3; - public static final int superseded = 4; - public static final int cessationOfOperation = 5; - public static final int certificateHold = 6; - // 7 -> unknown - public static final int removeFromCRL = 8; - public static final int privilegeWithdrawn = 9; - public static final int aACompromise = 10; - - private static final String[] reasonString = - { - "unspecified", "keyCompromise", "cACompromise", "affiliationChanged", - "superseded", "cessationOfOperation", "certificateHold", "unknown", - "removeFromCRL", "privilegeWithdrawn", "aACompromise" - }; - - public CRLReason( - int reason) - { - super(reason); - } - - public CRLReason( - DEREnumerated reason) - { - super(reason.getValue().intValue()); - } - - public String toString() - { - String str; - int reason = getValue().intValue(); - if (reason < 0 || reason > 10) - { - str = "invalid"; - } - else - { - str = reasonString[reason]; - } - return "CRLReason: " + str; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java deleted file mode 100644 index 3e85dbd6e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - - -/** - * CertPolicyId, used in the CertificatePolicies and PolicyMappings - * X509V3 Extensions. - * - * 
- *     CertPolicyId ::= OBJECT IDENTIFIER
- *
- */ -public class CertPolicyId extends DERObjectIdentifier -{ - public CertPolicyId (String id) - { - super(id); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java deleted file mode 100644 index 40c49c654..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java +++ /dev/null @@ -1,126 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * PKIX RFC-2459 - * - * The X.509 v2 CRL syntax is as follows. For signature calculation, - * the data that is to be signed is ASN.1 DER encoded. - * - * 
- * CertificateList  ::=  SEQUENCE  {
- *      tbsCertList          TBSCertList,
- *      signatureAlgorithm   AlgorithmIdentifier,
- *      signatureValue       BIT STRING  }
- *
- */ -public class CertificateList - extends ASN1Encodable -{ - TBSCertList tbsCertList; - AlgorithmIdentifier sigAlgId; - DERBitString sig; - - public static CertificateList getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static CertificateList getInstance( - Object obj) - { - if (obj instanceof CertificateList) - { - return (CertificateList)obj; - } - else if (obj != null) - { - return new CertificateList(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public CertificateList( - ASN1Sequence seq) - { - if (seq.size() == 3) - { - tbsCertList = TBSCertList.getInstance(seq.getObjectAt(0)); - sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - sig = DERBitString.getInstance(seq.getObjectAt(2)); - } - else - { - throw new IllegalArgumentException("sequence wrong size for CertificateList"); - } - } - - public TBSCertList getTBSCertList() - { - return tbsCertList; - } - - public TBSCertList.CRLEntry[] getRevokedCertificates() - { - return tbsCertList.getRevokedCertificates(); - } - - public Enumeration getRevokedCertificateEnumeration() - { - return tbsCertList.getRevokedCertificateEnumeration(); - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return sigAlgId; - } - - public DERBitString getSignature() - { - return sig; - } - - public int getVersion() - { - return tbsCertList.getVersion(); - } - - public X509Name getIssuer() - { - return tbsCertList.getIssuer(); - } - - public Time getThisUpdate() - { - return tbsCertList.getThisUpdate(); - } - - public Time getNextUpdate() - { - return tbsCertList.getNextUpdate(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCertList); - v.add(sigAlgId); - v.add(sig); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java deleted file mode 100644 index bd9d25c00..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java +++ /dev/null @@ -1,169 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -import java.util.Enumeration; - -/** - * This class helps to support crossCerfificatePairs in a LDAP directory - * according RFC 2587 - * - * 
- *     crossCertificatePairATTRIBUTE::={
- *       WITH SYNTAX   CertificatePair
- *       EQUALITY MATCHING RULE certificatePairExactMatch
- *       ID joint-iso-ccitt(2) ds(5) attributeType(4) crossCertificatePair(40)}
- *
- * - *
The forward elements of the crossCertificatePair attribute of a - * CA's directory entry shall be used to store all, except self-issued - * certificates issued to this CA. Optionally, the reverse elements of the - * crossCertificatePair attribute, of a CA's directory entry may contain a - * subset of certificates issued by this CA to other CAs. When both the forward - * and the reverse elements are present in a single attribute value, issuer name - * in one certificate shall match the subject name in the other and vice versa, - * and the subject public key in one certificate shall be capable of verifying - * the digital signature on the other certificate and vice versa. - * - * When a reverse element is present, the forward element value and the reverse - * element value need not be stored in the same attribute value; in other words, - * they can be stored in either a single attribute value or two attribute - * values.
- * - * 
- *       CertificatePair ::= SEQUENCE {
- *         forward        [0]    Certificate OPTIONAL,
- *         reverse        [1]    Certificate OPTIONAL,
- *         -- at least one of the pair shall be present -- } 
- *
- */ -public class CertificatePair - extends ASN1Encodable -{ - private X509CertificateStructure forward; - - private X509CertificateStructure reverse; - - public static CertificatePair getInstance(Object obj) - { - if (obj == null || obj instanceof CertificatePair) - { - return (CertificatePair)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new CertificatePair((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - *

- * The sequence is of type CertificatePair: - *

- * 

-     *       CertificatePair ::= SEQUENCE {
-     *         forward        [0]    Certificate OPTIONAL,
-     *         reverse        [1]    Certificate OPTIONAL,
-     *         -- at least one of the pair shall be present -- }
-     *
- * - * @param seq The ASN.1 sequence. - */ - private CertificatePair(ASN1Sequence seq) - { - if (seq.size() != 1 && seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); - if (o.getTagNo() == 0) - { - forward = X509CertificateStructure.getInstance(o, true); - } - else if (o.getTagNo() == 1) - { - reverse = X509CertificateStructure.getInstance(o, true); - } - else - { - throw new IllegalArgumentException("Bad tag number: " - + o.getTagNo()); - } - } - } - - /** - * Constructor from a given details. - * - * @param forward Certificates issued to this CA. - * @param reverse Certificates issued by this CA to other CAs. - */ - public CertificatePair(X509CertificateStructure forward, X509CertificateStructure reverse) - { - this.forward = forward; - this.reverse = reverse; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - *

- * Returns: - *

- * 

-     *       CertificatePair ::= SEQUENCE {
-     *         forward        [0]    Certificate OPTIONAL,
-     *         reverse        [1]    Certificate OPTIONAL,
-     *         -- at least one of the pair shall be present -- }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - - if (forward != null) - { - vec.add(new DERTaggedObject(0, forward)); - } - if (reverse != null) - { - vec.add(new DERTaggedObject(1, reverse)); - } - - return new DERSequence(vec); - } - - /** - * @return Returns the forward. - */ - public X509CertificateStructure getForward() - { - return forward; - } - - /** - * @return Returns the reverse. - */ - public X509CertificateStructure getReverse() - { - return reverse; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java deleted file mode 100644 index 8bc043bab..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java +++ /dev/null @@ -1,147 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class CertificatePolicies - extends ASN1Encodable -{ - static final DERObjectIdentifier anyPolicy = new DERObjectIdentifier("2.5.29.32.0"); - - Vector policies = new Vector(); - -/** - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public static CertificatePolicies getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - -/** - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public static CertificatePolicies getInstance( - Object obj) - { - if (obj instanceof CertificatePolicies) - { - return (CertificatePolicies)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertificatePolicies((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - -/** - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public CertificatePolicies( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - policies.addElement(s.getObjectAt(0)); - } - // For now we just don't handle PolicyQualifiers - } - - /** - * create a certificate policy with the given OID. - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public CertificatePolicies( - DERObjectIdentifier p) - { - policies.addElement(p); - } - - /** - * create a certificate policy with the policy given by the OID represented - * by the string p. - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public CertificatePolicies( - String p) - { - this(new DERObjectIdentifier(p)); - } - - public void addPolicy( - String p) - { - policies.addElement(new DERObjectIdentifier(p)); - } - - public String getPolicy(int nr) - { - if (policies.size() > nr) - { - return ((DERObjectIdentifier)policies.elementAt(nr)).getId(); - } - - return null; - } - - /** - * 
-     * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
-     *
-     * PolicyInformation ::= SEQUENCE {
-     *   policyIdentifier   CertPolicyId,
-     *   policyQualifiers   SEQUENCE SIZE (1..MAX) OF
-     *                           PolicyQualifierInfo OPTIONAL }
-     *
-     * CertPolicyId ::= OBJECT IDENTIFIER
-     *
-     * PolicyQualifierInfo ::= SEQUENCE {
-     *   policyQualifierId  PolicyQualifierId,
-     *   qualifier          ANY DEFINED BY policyQualifierId }
-     *
-     * PolicyQualifierId ::=
-     *   OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice)
-     *
- * @deprecated use an ASN1Sequence of PolicyInformation - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - // We only do policyIdentifier yet... - for (int i=0;i - * DigestInfo::=SEQUENCE{ - * digestAlgorithm AlgorithmIdentifier, - * digest OCTET STRING } - * - */ -public class DigestInfo - extends ASN1Encodable -{ - private byte[] digest; - private AlgorithmIdentifier algId; - - public static DigestInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static DigestInfo getInstance( - Object obj) - { - if (obj instanceof DigestInfo) - { - return (DigestInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new DigestInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public DigestInfo( - AlgorithmIdentifier algId, - byte[] digest) - { - this.digest = digest; - this.algId = algId; - } - - public DigestInfo( - ASN1Sequence obj) - { - Enumeration e = obj.getObjects(); - - algId = AlgorithmIdentifier.getInstance(e.nextElement()); - digest = ASN1OctetString.getInstance(e.nextElement()).getOctets(); - } - - public AlgorithmIdentifier getAlgorithmId() - { - return algId; - } - - public byte[] getDigest() - { - return digest; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(new DEROctetString(digest)); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java deleted file mode 100644 index 2db721e07..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java +++ /dev/null @@ -1,165 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.DERVisibleString; - -/** - * DisplayText class, used in - * CertificatePolicies X509 V3 extensions (in policy qualifiers). - * - *

It stores a string in a chosen encoding. - * 

- * DisplayText ::= CHOICE {
- *      ia5String        IA5String      (SIZE (1..200)),
- *      visibleString    VisibleString  (SIZE (1..200)),
- *      bmpString        BMPString      (SIZE (1..200)),
- *      utf8String       UTF8String     (SIZE (1..200)) }
- *
- * @see PolicyQualifierInfo - * @see PolicyInformation - */ -public class DisplayText - extends ASN1Encodable - implements ASN1Choice -{ - /** - * Constant corresponding to ia5String encoding. - * - */ - public static final int CONTENT_TYPE_IA5STRING = 0; - /** - * Constant corresponding to bmpString encoding. - * - */ - public static final int CONTENT_TYPE_BMPSTRING = 1; - /** - * Constant corresponding to utf8String encoding. - * - */ - public static final int CONTENT_TYPE_UTF8STRING = 2; - /** - * Constant corresponding to visibleString encoding. - * - */ - public static final int CONTENT_TYPE_VISIBLESTRING = 3; - - /** - * Describe constant DISPLAY_TEXT_MAXIMUM_SIZE here. - * - */ - public static final int DISPLAY_TEXT_MAXIMUM_SIZE = 200; - - int contentType; - ASN1String contents; - - /** - * Creates a new DisplayText instance. - * - * @param type the desired encoding type for the text. - * @param text the text to store. Strings longer than 200 - * characters are truncated. - */ - public DisplayText(int type, String text) - { - if (text.length() > DISPLAY_TEXT_MAXIMUM_SIZE) - { - // RFC3280 limits these strings to 200 chars - // truncate the string - text = text.substring (0, DISPLAY_TEXT_MAXIMUM_SIZE); - } - - contentType = type; - switch (type) - { - case CONTENT_TYPE_IA5STRING: - contents = new DERIA5String(text); - break; - case CONTENT_TYPE_UTF8STRING: - contents = new DERUTF8String(text); - break; - case CONTENT_TYPE_VISIBLESTRING: - contents = new DERVisibleString(text); - break; - case CONTENT_TYPE_BMPSTRING: - contents = new DERBMPString(text); - break; - default: - contents = new DERUTF8String(text); - break; - } - } - - /** - * Creates a new DisplayText instance. - * - * @param text the text to encapsulate. Strings longer than 200 - * characters are truncated. - */ - public DisplayText(String text) - { - // by default use UTF8String - if (text.length() > DISPLAY_TEXT_MAXIMUM_SIZE) - { - text = text.substring(0, DISPLAY_TEXT_MAXIMUM_SIZE); - } - - contentType = CONTENT_TYPE_UTF8STRING; - contents = new DERUTF8String(text); - } - - /** - * Creates a new DisplayText instance. - *

Useful when reading back a DisplayText class - * from it's ASN1Encodable/DEREncodable form. - * - * @param de a DEREncodable instance. - */ - private DisplayText(ASN1String de) - { - contents = de; - } - - public static DisplayText getInstance(Object obj) - { - if (obj instanceof ASN1String) - { - return new DisplayText((ASN1String)obj); - } - else if (obj instanceof DisplayText) - { - return (DisplayText)obj; - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - public static DisplayText getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public DERObject toASN1Object() - { - return (DERObject)contents; - } - - /** - * Returns the stored String object. - * - * @return the stored text as a String. - */ - public String getString() - { - return contents.getString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java deleted file mode 100644 index e57c408d7..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java +++ /dev/null @@ -1,158 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The DistributionPoint object. - * 

- * DistributionPoint ::= SEQUENCE {
- *      distributionPoint [0] DistributionPointName OPTIONAL,
- *      reasons           [1] ReasonFlags OPTIONAL,
- *      cRLIssuer         [2] GeneralNames OPTIONAL
- * }
- *
- */ -public class DistributionPoint - extends ASN1Encodable -{ - DistributionPointName distributionPoint; - ReasonFlags reasons; - GeneralNames cRLIssuer; - - public static DistributionPoint getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static DistributionPoint getInstance( - Object obj) - { - if(obj == null || obj instanceof DistributionPoint) - { - return (DistributionPoint)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new DistributionPoint((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid DistributionPoint: " + obj.getClass().getName()); - } - - public DistributionPoint( - ASN1Sequence seq) - { - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject t = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - switch (t.getTagNo()) - { - case 0: - distributionPoint = DistributionPointName.getInstance(t, true); - break; - case 1: - reasons = new ReasonFlags(DERBitString.getInstance(t, false)); - break; - case 2: - cRLIssuer = GeneralNames.getInstance(t, false); - } - } - } - - public DistributionPoint( - DistributionPointName distributionPoint, - ReasonFlags reasons, - GeneralNames cRLIssuer) - { - this.distributionPoint = distributionPoint; - this.reasons = reasons; - this.cRLIssuer = cRLIssuer; - } - - public DistributionPointName getDistributionPoint() - { - return distributionPoint; - } - - public ReasonFlags getReasons() - { - return reasons; - } - - public GeneralNames getCRLIssuer() - { - return cRLIssuer; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (distributionPoint != null) - { - // - // as this is a CHOICE it must be explicitly tagged - // - v.add(new DERTaggedObject(0, distributionPoint)); - } - - if (reasons != null) - { - v.add(new DERTaggedObject(false, 1, reasons)); - } - - if (cRLIssuer != null) - { - v.add(new DERTaggedObject(false, 2, cRLIssuer)); - } - - return new DERSequence(v); - } - - public String toString() - { - String sep = System.getProperty("line.separator"); - StringBuffer buf = new StringBuffer(); - buf.append("DistributionPoint: ["); - buf.append(sep); - if (distributionPoint != null) - { - appendObject(buf, sep, "distributionPoint", distributionPoint.toString()); - } - if (reasons != null) - { - appendObject(buf, sep, "reasons", reasons.toString()); - } - if (cRLIssuer != null) - { - appendObject(buf, sep, "cRLIssuer", cRLIssuer.toString()); - } - buf.append("]"); - buf.append(sep); - return buf.toString(); - } - - private void appendObject(StringBuffer buf, String sep, String name, String value) - { - String indent = " "; - - buf.append(indent); - buf.append(name); - buf.append(":"); - buf.append(sep); - buf.append(indent); - buf.append(indent); - buf.append(value); - buf.append(sep); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java deleted file mode 100644 index b6a294e0c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java +++ /dev/null @@ -1,149 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The DistributionPointName object. - * 
- * DistributionPointName ::= CHOICE {
- *     fullName                 [0] GeneralNames,
- *     nameRelativeToCRLIssuer  [1] RDN
- * }
- *
- */ -public class DistributionPointName - extends ASN1Encodable - implements ASN1Choice -{ - DEREncodable name; - int type; - - public static final int FULL_NAME = 0; - public static final int NAME_RELATIVE_TO_CRL_ISSUER = 1; - - public static DistributionPointName getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1TaggedObject.getInstance(obj, true)); - } - - public static DistributionPointName getInstance( - Object obj) - { - if (obj == null || obj instanceof DistributionPointName) - { - return (DistributionPointName)obj; - } - else if (obj instanceof ASN1TaggedObject) - { - return new DistributionPointName((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - /* - * @deprecated use ASN1Encodable - */ - public DistributionPointName( - int type, - DEREncodable name) - { - this.type = type; - this.name = name; - } - - public DistributionPointName( - int type, - ASN1Encodable name) - { - this.type = type; - this.name = name; - } - - public DistributionPointName( - GeneralNames name) - { - this(FULL_NAME, name); - } - - /** - * Return the tag number applying to the underlying choice. - * - * @return the tag number for this point name. - */ - public int getType() - { - return this.type; - } - - /** - * Return the tagged object inside the distribution point name. - * - * @return the underlying choice item. - */ - public ASN1Encodable getName() - { - return (ASN1Encodable)name; - } - - public DistributionPointName( - ASN1TaggedObject obj) - { - this.type = obj.getTagNo(); - - if (type == 0) - { - this.name = GeneralNames.getInstance(obj, false); - } - else - { - this.name = ASN1Set.getInstance(obj, false); - } - } - - public DERObject toASN1Object() - { - return new DERTaggedObject(false, type, name); - } - - public String toString() - { - String sep = System.getProperty("line.separator"); - StringBuffer buf = new StringBuffer(); - buf.append("DistributionPointName: ["); - buf.append(sep); - if (type == FULL_NAME) - { - appendObject(buf, sep, "fullName", name.toString()); - } - else - { - appendObject(buf, sep, "nameRelativeToCRLIssuer", name.toString()); - } - buf.append("]"); - buf.append(sep); - return buf.toString(); - } - - private void appendObject(StringBuffer buf, String sep, String name, String value) - { - String indent = " "; - - buf.append(indent); - buf.append(name); - buf.append(":"); - buf.append(sep); - buf.append(indent); - buf.append(indent); - buf.append(value); - buf.append(sep); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java deleted file mode 100644 index 0811df538..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -/** - * The extendedKeyUsage object. - * 
- *      extendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- */ -public class ExtendedKeyUsage - extends ASN1Encodable -{ - Hashtable usageTable = new Hashtable(); - ASN1Sequence seq; - - public static ExtendedKeyUsage getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ExtendedKeyUsage getInstance( - Object obj) - { - if (obj instanceof ExtendedKeyUsage) - { - return (ExtendedKeyUsage)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new ExtendedKeyUsage((ASN1Sequence)obj); - } - - if (obj instanceof X509Extension) - { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); - } - - throw new IllegalArgumentException("Invalid ExtendedKeyUsage: " + obj.getClass().getName()); - } - - public ExtendedKeyUsage( - KeyPurposeId usage) - { - this.seq = new DERSequence(usage); - - this.usageTable.put(usage, usage); - } - - public ExtendedKeyUsage( - ASN1Sequence seq) - { - this.seq = seq; - - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - if (!(o instanceof DERObjectIdentifier)) - { - throw new IllegalArgumentException("Only DERObjectIdentifiers allowed in ExtendedKeyUsage."); - } - this.usageTable.put(o, o); - } - } - - public ExtendedKeyUsage( - Vector usages) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - Enumeration e = usages.elements(); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject)e.nextElement(); - - v.add(o); - this.usageTable.put(o, o); - } - - this.seq = new DERSequence(v); - } - - public boolean hasKeyPurposeId( - KeyPurposeId keyPurposeId) - { - return (usageTable.get(keyPurposeId) != null); - } - - /** - * Returns all extended key usages. - * The returned vector contains DERObjectIdentifiers. - * @return A vector with all key purposes. - */ - public Vector getUsages() - { - Vector temp = new Vector(); - for (Enumeration it = usageTable.elements(); it.hasMoreElements();) - { - temp.addElement(it.nextElement()); - } - return temp; - } - - public int size() - { - return usageTable.size(); - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java deleted file mode 100644 index 29fdd7233..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java +++ /dev/null @@ -1,446 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; -import java.util.StringTokenizer; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.util.IPAddress; - -/** - * The GeneralName object. - * 
- * GeneralName ::= CHOICE {
- *      otherName                       [0]     OtherName,
- *      rfc822Name                      [1]     IA5String,
- *      dNSName                         [2]     IA5String,
- *      x400Address                     [3]     ORAddress,
- *      directoryName                   [4]     Name,
- *      ediPartyName                    [5]     EDIPartyName,
- *      uniformResourceIdentifier       [6]     IA5String,
- *      iPAddress                       [7]     OCTET STRING,
- *      registeredID                    [8]     OBJECT IDENTIFIER}
- *
- * OtherName ::= SEQUENCE {
- *      type-id    OBJECT IDENTIFIER,
- *      value      [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * EDIPartyName ::= SEQUENCE {
- *      nameAssigner            [0]     DirectoryString OPTIONAL,
- *      partyName               [1]     DirectoryString }
- * 
- * Name ::= CHOICE { RDNSequence }
- *
- */ -public class GeneralName - extends ASN1Encodable - implements ASN1Choice -{ - public static final int otherName = 0; - public static final int rfc822Name = 1; - public static final int dNSName = 2; - public static final int x400Address = 3; - public static final int directoryName = 4; - public static final int ediPartyName = 5; - public static final int uniformResourceIdentifier = 6; - public static final int iPAddress = 7; - public static final int registeredID = 8; - - DEREncodable obj; - int tag; - - public GeneralName( - X509Name dirName) - { - this.obj = dirName; - this.tag = 4; - } - - public GeneralName( - X500Name dirName) - { - this.obj = dirName; - this.tag = 4; - } - - /** - * @deprecated this constructor seems the wrong way round! Use GeneralName(tag, name). - */ - public GeneralName( - DERObject name, int tag) - { - this.obj = name; - this.tag = tag; - } - - /** - * When the subjectAltName extension contains an Internet mail address, - * the address MUST be included as an rfc822Name. The format of an - * rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. - * - * When the subjectAltName extension contains a domain name service - * label, the domain name MUST be stored in the dNSName (an IA5String). - * The name MUST be in the "preferred name syntax," as specified by RFC - * 1034 [RFC 1034]. - * - * When the subjectAltName extension contains a URI, the name MUST be - * stored in the uniformResourceIdentifier (an IA5String). The name MUST - * be a non-relative URL, and MUST follow the URL syntax and encoding - * rules specified in [RFC 1738]. The name must include both a scheme - * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- - * specific-part must include a fully qualified domain name or IP - * address as the host. - * - * When the subjectAltName extension contains a iPAddress, the address - * MUST be stored in the octet string in "network byte order," as - * specified in RFC 791 [RFC 791]. The least significant bit (LSB) of - * each octet is the LSB of the corresponding byte in the network - * address. For IP Version 4, as specified in RFC 791, the octet string - * MUST contain exactly four octets. For IP Version 6, as specified in - * RFC 1883, the octet string MUST contain exactly sixteen octets [RFC - * 1883]. - */ - public GeneralName( - int tag, - ASN1Encodable name) - { - this.obj = name; - this.tag = tag; - } - - /** - * Create a GeneralName for the given tag from the passed in String. - *

- * This constructor can handle: - *

- * For x400Address, otherName and ediPartyName there is no common string - * format defined. - *

- * Note: A directory name can be encoded in different ways into a byte - * representation. Be aware of this if the byte representation is used for - * comparing results. - * - * @param tag tag number - * @param name string representation of name - * @throws IllegalArgumentException if the string encoding is not correct or * not supported. - */ - public GeneralName( - int tag, - String name) - { - this.tag = tag; - - if (tag == rfc822Name || tag == dNSName || tag == uniformResourceIdentifier) - { - this.obj = new DERIA5String(name); - } - else if (tag == registeredID) - { - this.obj = new DERObjectIdentifier(name); - } - else if (tag == directoryName) - { - this.obj = new X509Name(name); - } - else if (tag == iPAddress) - { - byte[] enc = toGeneralNameEncoding(name); - if (enc != null) - { - this.obj = new DEROctetString(enc); - } - else - { - throw new IllegalArgumentException("IP Address is invalid"); - } - } - else - { - throw new IllegalArgumentException("can't process String for tag: " + tag); - } - } - - public static GeneralName getInstance( - Object obj) - { - if (obj == null || obj instanceof GeneralName) - { - return (GeneralName)obj; - } - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagObj = (ASN1TaggedObject)obj; - int tag = tagObj.getTagNo(); - - switch (tag) - { - case otherName: - return new GeneralName(tag, ASN1Sequence.getInstance(tagObj, false)); - case rfc822Name: - return new GeneralName(tag, DERIA5String.getInstance(tagObj, false)); - case dNSName: - return new GeneralName(tag, DERIA5String.getInstance(tagObj, false)); - case x400Address: - throw new IllegalArgumentException("unknown tag: " + tag); - case directoryName: - return new GeneralName(tag, X509Name.getInstance(tagObj, true)); - case ediPartyName: - return new GeneralName(tag, ASN1Sequence.getInstance(tagObj, false)); - case uniformResourceIdentifier: - return new GeneralName(tag, DERIA5String.getInstance(tagObj, false)); - case iPAddress: - return new GeneralName(tag, ASN1OctetString.getInstance(tagObj, false)); - case registeredID: - return new GeneralName(tag, DERObjectIdentifier.getInstance(tagObj, false)); - } - } - - if (obj instanceof byte[]) - { - try - { - return getInstance(ASN1Object.fromByteArray((byte[])obj)); - } - catch (IOException e) - { - throw new IllegalArgumentException("unable to parse encoded general name"); - } - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - public static GeneralName getInstance( - ASN1TaggedObject tagObj, - boolean explicit) - { - return GeneralName.getInstance(ASN1TaggedObject.getInstance(tagObj, true)); - } - - public int getTagNo() - { - return tag; - } - - public DEREncodable getName() - { - return obj; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - - buf.append(tag); - buf.append(": "); - switch (tag) - { - case rfc822Name: - case dNSName: - case uniformResourceIdentifier: - buf.append(DERIA5String.getInstance(obj).getString()); - break; - case directoryName: - buf.append(X509Name.getInstance(obj).toString()); - break; - default: - buf.append(obj.toString()); - } - return buf.toString(); - } - - private byte[] toGeneralNameEncoding(String ip) - { - if (IPAddress.isValidIPv6WithNetmask(ip) || IPAddress.isValidIPv6(ip)) - { - int slashIndex = ip.indexOf('/'); - - if (slashIndex < 0) - { - byte[] addr = new byte[16]; - int[] parsedIp = parseIPv6(ip); - copyInts(parsedIp, addr, 0); - - return addr; - } - else - { - byte[] addr = new byte[32]; - int[] parsedIp = parseIPv6(ip.substring(0, slashIndex)); - copyInts(parsedIp, addr, 0); - String mask = ip.substring(slashIndex + 1); - if (mask.indexOf(':') > 0) - { - parsedIp = parseIPv6(mask); - } - else - { - parsedIp = parseMask(mask); - } - copyInts(parsedIp, addr, 16); - - return addr; - } - } - else if (IPAddress.isValidIPv4WithNetmask(ip) || IPAddress.isValidIPv4(ip)) - { - int slashIndex = ip.indexOf('/'); - - if (slashIndex < 0) - { - byte[] addr = new byte[4]; - - parseIPv4(ip, addr, 0); - - return addr; - } - else - { - byte[] addr = new byte[8]; - - parseIPv4(ip.substring(0, slashIndex), addr, 0); - - String mask = ip.substring(slashIndex + 1); - if (mask.indexOf('.') > 0) - { - parseIPv4(mask, addr, 4); - } - else - { - parseIPv4Mask(mask, addr, 4); - } - - return addr; - } - } - - return null; - } - - private void parseIPv4Mask(String mask, byte[] addr, int offset) - { - int maskVal = Integer.parseInt(mask); - - for (int i = 0; i != maskVal; i++) - { - addr[(i / 8) + offset] |= 1 << (i % 8); - } - } - - private void parseIPv4(String ip, byte[] addr, int offset) - { - StringTokenizer sTok = new StringTokenizer(ip, "./"); - int index = 0; - - while (sTok.hasMoreTokens()) - { - addr[offset + index++] = (byte)Integer.parseInt(sTok.nextToken()); - } - } - - private int[] parseMask(String mask) - { - int[] res = new int[8]; - int maskVal = Integer.parseInt(mask); - - for (int i = 0; i != maskVal; i++) - { - res[i / 16] |= 1 << (i % 16); - } - return res; - } - - private void copyInts(int[] parsedIp, byte[] addr, int offSet) - { - for (int i = 0; i != parsedIp.length; i++) - { - addr[(i * 2) + offSet] = (byte)(parsedIp[i] >> 8); - addr[(i * 2 + 1) + offSet] = (byte)parsedIp[i]; - } - } - - private int[] parseIPv6(String ip) - { - StringTokenizer sTok = new StringTokenizer(ip, ":", true); - int index = 0; - int[] val = new int[8]; - - if (ip.charAt(0) == ':' && ip.charAt(1) == ':') - { - sTok.nextToken(); // skip the first one - } - - int doubleColon = -1; - - while (sTok.hasMoreTokens()) - { - String e = sTok.nextToken(); - - if (e.equals(":")) - { - doubleColon = index; - val[index++] = 0; - } - else - { - if (e.indexOf('.') < 0) - { - val[index++] = Integer.parseInt(e, 16); - if (sTok.hasMoreTokens()) - { - sTok.nextToken(); - } - } - else - { - StringTokenizer eTok = new StringTokenizer(e, "."); - - val[index++] = (Integer.parseInt(eTok.nextToken()) << 8) | Integer.parseInt(eTok.nextToken()); - val[index++] = (Integer.parseInt(eTok.nextToken()) << 8) | Integer.parseInt(eTok.nextToken()); - } - } - } - - if (index != val.length) - { - System.arraycopy(val, doubleColon, val, val.length - (index - doubleColon), index - doubleColon); - for (int i = doubleColon; i != val.length - (index - doubleColon); i++) - { - val[i] = 0; - } - } - - return val; - } - - public DERObject toASN1Object() - { - if (tag == directoryName) // directoryName is explicitly tagged as it is a CHOICE - { - return new DERTaggedObject(true, tag, obj); - } - else - { - return new DERTaggedObject(false, tag, obj); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java deleted file mode 100644 index f35e10d08..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class GeneralNames - extends ASN1Encodable -{ - private final GeneralName[] names; - - public static GeneralNames getInstance( - Object obj) - { - if (obj == null || obj instanceof GeneralNames) - { - return (GeneralNames)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new GeneralNames((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - public static GeneralNames getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * Construct a GeneralNames object containing one GeneralName. - * - * @param name the name to be contained. - */ - public GeneralNames( - GeneralName name) - { - this.names = new GeneralName[] { name }; - } - - public GeneralNames( - ASN1Sequence seq) - { - this.names = new GeneralName[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - names[i] = GeneralName.getInstance(seq.getObjectAt(i)); - } - } - - public GeneralName[] getNames() - { - GeneralName[] tmp = new GeneralName[names.length]; - - System.arraycopy(names, 0, tmp, 0, names.length); - - return tmp; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 

-     * GeneralNames ::= SEQUENCE SIZE {1..MAX} OF GeneralName
-     *
- */ - public DERObject toASN1Object() - { - return new DERSequence(names); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String sep = System.getProperty("line.separator"); - - buf.append("GeneralNames:"); - buf.append(sep); - - for (int i = 0; i != names.length; i++) - { - buf.append(" "); - buf.append(names[i]); - buf.append(sep); - } - return buf.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java deleted file mode 100644 index 2a4b1f1c0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java +++ /dev/null @@ -1,218 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * Class for containing a restriction object subtrees in NameConstraints. See - * RFC 3280. - * - * 
- *       
- *       GeneralSubtree ::= SEQUENCE 
- *       {
- *         base                    GeneralName,
- *         minimum         [0]     BaseDistance DEFAULT 0,
- *         maximum         [1]     BaseDistance OPTIONAL 
- *       }
- *
- * - * @see org.bouncycastle.asn1.x509.NameConstraints - * - */ -public class GeneralSubtree - extends ASN1Encodable -{ - private static final BigInteger ZERO = BigInteger.valueOf(0); - - private GeneralName base; - - private DERInteger minimum; - - private DERInteger maximum; - - public GeneralSubtree( - ASN1Sequence seq) - { - base = GeneralName.getInstance(seq.getObjectAt(0)); - - switch (seq.size()) - { - case 1: - break; - case 2: - ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(1)); - switch (o.getTagNo()) - { - case 0: - minimum = DERInteger.getInstance(o, false); - break; - case 1: - maximum = DERInteger.getInstance(o, false); - break; - default: - throw new IllegalArgumentException("Bad tag number: " - + o.getTagNo()); - } - break; - case 3: - { - { - ASN1TaggedObject oMin = ASN1TaggedObject.getInstance(seq.getObjectAt(1)); - if (oMin.getTagNo() != 0) - { - throw new IllegalArgumentException("Bad tag number for 'minimum': " + oMin.getTagNo()); - } - minimum = DERInteger.getInstance(oMin, false); - } - - { - ASN1TaggedObject oMax = ASN1TaggedObject.getInstance(seq.getObjectAt(2)); - if (oMax.getTagNo() != 1) - { - throw new IllegalArgumentException("Bad tag number for 'maximum': " + oMax.getTagNo()); - } - maximum = DERInteger.getInstance(oMax, false); - } - - break; - } - default: - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - } - - /** - * Constructor from a given details. - * - * According RFC 3280, the minimum and maximum fields are not used with any - * name forms, thus minimum MUST be zero, and maximum MUST be absent. - *

- * If minimum is null, zero is assumed, if - * maximum is null, maximum is absent. - * - * @param base - * A restriction. - * @param minimum - * Minimum - * - * @param maximum - * Maximum - */ - public GeneralSubtree( - GeneralName base, - BigInteger minimum, - BigInteger maximum) - { - this.base = base; - if (maximum != null) - { - this.maximum = new DERInteger(maximum); - } - if (minimum == null) - { - this.minimum = null; - } - else - { - this.minimum = new DERInteger(minimum); - } - } - - public GeneralSubtree(GeneralName base) - { - this(base, null, null); - } - - public static GeneralSubtree getInstance( - ASN1TaggedObject o, - boolean explicit) - { - return new GeneralSubtree(ASN1Sequence.getInstance(o, explicit)); - } - - public static GeneralSubtree getInstance( - Object obj) - { - if (obj == null) - { - return null; - } - - if (obj instanceof GeneralSubtree) - { - return (GeneralSubtree) obj; - } - - return new GeneralSubtree(ASN1Sequence.getInstance(obj)); - } - - public GeneralName getBase() - { - return base; - } - - public BigInteger getMinimum() - { - if (minimum == null) - { - return ZERO; - } - - return minimum.getValue(); - } - - public BigInteger getMaximum() - { - if (maximum == null) - { - return null; - } - - return maximum.getValue(); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * 

-     *       GeneralSubtree ::= SEQUENCE 
-     *       {
-     *         base                    GeneralName,
-     *         minimum         [0]     BaseDistance DEFAULT 0,
-     *         maximum         [1]     BaseDistance OPTIONAL 
-     *       }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(base); - - if (minimum != null && !minimum.getValue().equals(ZERO)) - { - v.add(new DERTaggedObject(false, 0, minimum)); - } - - if (maximum != null) - { - v.add(new DERTaggedObject(false, 1, maximum)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Holder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Holder.java deleted file mode 100644 index 2425847b0..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Holder.java +++ /dev/null @@ -1,242 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The Holder object. - *

- * For an v2 attribute certificate this is: - * - * 

- *            Holder ::= SEQUENCE {
- *                  baseCertificateID   [0] IssuerSerial OPTIONAL,
- *                           -- the issuer and serial number of
- *                           -- the holder's Public Key Certificate
- *                  entityName          [1] GeneralNames OPTIONAL,
- *                           -- the name of the claimant or role
- *                  objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
- *                           -- used to directly authenticate the holder,
- *                           -- for example, an executable
- *            }
- *
- * - *

- * For an v1 attribute certificate this is: - * - * 

- *         subject CHOICE {
- *          baseCertificateID [0] IssuerSerial,
- *          -- associated with a Public Key Certificate
- *          subjectName [1] GeneralNames },
- *          -- associated with a name
- *
- */ -public class Holder - extends ASN1Encodable -{ - IssuerSerial baseCertificateID; - - GeneralNames entityName; - - ObjectDigestInfo objectDigestInfo; - - private int version = 1; - - public static Holder getInstance(Object obj) - { - if (obj instanceof Holder) - { - return (Holder)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Holder((ASN1Sequence)obj); - } - else if (obj instanceof ASN1TaggedObject) - { - return new Holder((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - /** - * Constructor for a holder for an v1 attribute certificate. - * - * @param tagObj The ASN.1 tagged holder object. - */ - public Holder(ASN1TaggedObject tagObj) - { - switch (tagObj.getTagNo()) - { - case 0: - baseCertificateID = IssuerSerial.getInstance(tagObj, false); - break; - case 1: - entityName = GeneralNames.getInstance(tagObj, false); - break; - default: - throw new IllegalArgumentException("unknown tag in Holder"); - } - version = 0; - } - - /** - * Constructor for a holder for an v2 attribute certificate. * - * - * @param seq The ASN.1 sequence. - */ - public Holder(ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(seq - .getObjectAt(i)); - - switch (tObj.getTagNo()) - { - case 0: - baseCertificateID = IssuerSerial.getInstance(tObj, false); - break; - case 1: - entityName = GeneralNames.getInstance(tObj, false); - break; - case 2: - objectDigestInfo = ObjectDigestInfo.getInstance(tObj, false); - break; - default: - throw new IllegalArgumentException("unknown tag in Holder"); - } - } - version = 1; - } - - public Holder(IssuerSerial baseCertificateID) - { - this.baseCertificateID = baseCertificateID; - } - - /** - * Constructs a holder from a IssuerSerial. - * @param baseCertificateID The IssuerSerial. - * @param version The version of the attribute certificate. - */ - public Holder(IssuerSerial baseCertificateID, int version) - { - this.baseCertificateID = baseCertificateID; - this.version = version; - } - - /** - * Returns 1 for v2 attribute certificates or 0 for v1 attribute - * certificates. - * @return The version of the attribute certificate. - */ - public int getVersion() - { - return version; - } - - /** - * Constructs a holder with an entityName for v2 attribute certificates or - * with a subjectName for v1 attribute certificates. - * - * @param entityName The entity or subject name. - */ - public Holder(GeneralNames entityName) - { - this.entityName = entityName; - } - - /** - * Constructs a holder with an entityName for v2 attribute certificates or - * with a subjectName for v1 attribute certificates. - * - * @param entityName The entity or subject name. - * @param version The version of the attribute certificate. - */ - public Holder(GeneralNames entityName, int version) - { - this.entityName = entityName; - this.version = version; - } - - /** - * Constructs a holder from an object digest info. - * - * @param objectDigestInfo The object digest info object. - */ - public Holder(ObjectDigestInfo objectDigestInfo) - { - this.objectDigestInfo = objectDigestInfo; - } - - public IssuerSerial getBaseCertificateID() - { - return baseCertificateID; - } - - /** - * Returns the entityName for an v2 attribute certificate or the subjectName - * for an v1 attribute certificate. - * - * @return The entityname or subjectname. - */ - public GeneralNames getEntityName() - { - return entityName; - } - - public ObjectDigestInfo getObjectDigestInfo() - { - return objectDigestInfo; - } - - public DERObject toASN1Object() - { - if (version == 1) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (baseCertificateID != null) - { - v.add(new DERTaggedObject(false, 0, baseCertificateID)); - } - - if (entityName != null) - { - v.add(new DERTaggedObject(false, 1, entityName)); - } - - if (objectDigestInfo != null) - { - v.add(new DERTaggedObject(false, 2, objectDigestInfo)); - } - - return new DERSequence(v); - } - else - { - if (entityName != null) - { - return new DERTaggedObject(false, 1, entityName); - } - else - { - return new DERTaggedObject(false, 0, baseCertificateID); - } - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java deleted file mode 100644 index 07e07cf17..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java +++ /dev/null @@ -1,174 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTF8String; - -/** - * Implementation of IetfAttrSyntax as specified by RFC3281. - */ -public class IetfAttrSyntax - extends ASN1Encodable -{ - public static final int VALUE_OCTETS = 1; - public static final int VALUE_OID = 2; - public static final int VALUE_UTF8 = 3; - GeneralNames policyAuthority = null; - Vector values = new Vector(); - int valueChoice = -1; - - /** - * - */ - public IetfAttrSyntax(ASN1Sequence seq) - { - int i = 0; - - if (seq.getObjectAt(0) instanceof ASN1TaggedObject) - { - policyAuthority = GeneralNames.getInstance(((ASN1TaggedObject)seq.getObjectAt(0)), false); - i++; - } - else if (seq.size() == 2) - { // VOMS fix - policyAuthority = GeneralNames.getInstance(seq.getObjectAt(0)); - i++; - } - - if (!(seq.getObjectAt(i) instanceof ASN1Sequence)) - { - throw new IllegalArgumentException("Non-IetfAttrSyntax encoding"); - } - - seq = (ASN1Sequence)seq.getObjectAt(i); - - for (Enumeration e = seq.getObjects(); e.hasMoreElements();) - { - DERObject obj = (DERObject)e.nextElement(); - int type; - - if (obj instanceof DERObjectIdentifier) - { - type = VALUE_OID; - } - else if (obj instanceof DERUTF8String) - { - type = VALUE_UTF8; - } - else if (obj instanceof DEROctetString) - { - type = VALUE_OCTETS; - } - else - { - throw new IllegalArgumentException("Bad value type encoding IetfAttrSyntax"); - } - - if (valueChoice < 0) - { - valueChoice = type; - } - - if (type != valueChoice) - { - throw new IllegalArgumentException("Mix of value types in IetfAttrSyntax"); - } - - values.addElement(obj); - } - } - - public GeneralNames getPolicyAuthority() - { - return policyAuthority; - } - - public int getValueType() - { - return valueChoice; - } - - public Object[] getValues() - { - if (this.getValueType() == VALUE_OCTETS) - { - ASN1OctetString[] tmp = new ASN1OctetString[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (ASN1OctetString)values.elementAt(i); - } - - return tmp; - } - else if (this.getValueType() == VALUE_OID) - { - DERObjectIdentifier[] tmp = new DERObjectIdentifier[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (DERObjectIdentifier)values.elementAt(i); - } - - return tmp; - } - else - { - DERUTF8String[] tmp = new DERUTF8String[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (DERUTF8String)values.elementAt(i); - } - - return tmp; - } - } - - /** - * - * 
-     * 
-     *  IetfAttrSyntax ::= SEQUENCE {
-     *    policyAuthority [0] GeneralNames OPTIONAL,
-     *    values SEQUENCE OF CHOICE {
-     *      octets OCTET STRING,
-     *      oid OBJECT IDENTIFIER,
-     *      string UTF8String
-     *    }
-     *  }
-     *  
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (policyAuthority != null) - { - v.add(new DERTaggedObject(0, policyAuthority)); - } - - ASN1EncodableVector v2 = new ASN1EncodableVector(); - - for (Enumeration i = values.elements(); i.hasMoreElements();) - { - v2.add((ASN1Encodable)i.nextElement()); - } - - v.add(new DERSequence(v2)); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java deleted file mode 100644 index ceb639f0e..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class IssuerSerial - extends ASN1Encodable -{ - GeneralNames issuer; - DERInteger serial; - DERBitString issuerUID; - - public static IssuerSerial getInstance( - Object obj) - { - if (obj == null || obj instanceof IssuerSerial) - { - return (IssuerSerial)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new IssuerSerial((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - public static IssuerSerial getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public IssuerSerial( - ASN1Sequence seq) - { - if (seq.size() != 2 && seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - issuer = GeneralNames.getInstance(seq.getObjectAt(0)); - serial = DERInteger.getInstance(seq.getObjectAt(1)); - - if (seq.size() == 3) - { - issuerUID = DERBitString.getInstance(seq.getObjectAt(2)); - } - } - - public IssuerSerial( - GeneralNames issuer, - DERInteger serial) - { - this.issuer = issuer; - this.serial = serial; - } - - public GeneralNames getIssuer() - { - return issuer; - } - - public DERInteger getSerial() - { - return serial; - } - - public DERBitString getIssuerUID() - { - return issuerUID; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  IssuerSerial  ::=  SEQUENCE {
-     *       issuer         GeneralNames,
-     *       serial         CertificateSerialNumber,
-     *       issuerUID      UniqueIdentifier OPTIONAL
-     *  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(issuer); - v.add(serial); - - if (issuerUID != null) - { - v.add(issuerUID); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java deleted file mode 100644 index b6524a45f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java +++ /dev/null @@ -1,256 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * 
- * IssuingDistributionPoint ::= SEQUENCE { 
- *   distributionPoint          [0] DistributionPointName OPTIONAL, 
- *   onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE, 
- *   onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE, 
- *   onlySomeReasons            [3] ReasonFlags OPTIONAL, 
- *   indirectCRL                [4] BOOLEAN DEFAULT FALSE,
- *   onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
- *
- */ -public class IssuingDistributionPoint - extends ASN1Encodable -{ - private DistributionPointName distributionPoint; - - private boolean onlyContainsUserCerts; - - private boolean onlyContainsCACerts; - - private ReasonFlags onlySomeReasons; - - private boolean indirectCRL; - - private boolean onlyContainsAttributeCerts; - - private ASN1Sequence seq; - - public static IssuingDistributionPoint getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static IssuingDistributionPoint getInstance( - Object obj) - { - if (obj == null || obj instanceof IssuingDistributionPoint) - { - return (IssuingDistributionPoint)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new IssuingDistributionPoint((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - /** - * Constructor from given details. - * - * @param distributionPoint - * May contain an URI as pointer to most current CRL. - * @param onlyContainsUserCerts Covers revocation information for end certificates. - * @param onlyContainsCACerts Covers revocation information for CA certificates. - * - * @param onlySomeReasons - * Which revocation reasons does this point cover. - * @param indirectCRL - * If true then the CRL contains revocation - * information about certificates ssued by other CAs. - * @param onlyContainsAttributeCerts Covers revocation information for attribute certificates. - */ - public IssuingDistributionPoint( - DistributionPointName distributionPoint, - boolean onlyContainsUserCerts, - boolean onlyContainsCACerts, - ReasonFlags onlySomeReasons, - boolean indirectCRL, - boolean onlyContainsAttributeCerts) - { - this.distributionPoint = distributionPoint; - this.indirectCRL = indirectCRL; - this.onlyContainsAttributeCerts = onlyContainsAttributeCerts; - this.onlyContainsCACerts = onlyContainsCACerts; - this.onlyContainsUserCerts = onlyContainsUserCerts; - this.onlySomeReasons = onlySomeReasons; - - ASN1EncodableVector vec = new ASN1EncodableVector(); - if (distributionPoint != null) - { // CHOICE item so explicitly tagged - vec.add(new DERTaggedObject(true, 0, distributionPoint)); - } - if (onlyContainsUserCerts) - { - vec.add(new DERTaggedObject(false, 1, new DERBoolean(true))); - } - if (onlyContainsCACerts) - { - vec.add(new DERTaggedObject(false, 2, new DERBoolean(true))); - } - if (onlySomeReasons != null) - { - vec.add(new DERTaggedObject(false, 3, onlySomeReasons)); - } - if (indirectCRL) - { - vec.add(new DERTaggedObject(false, 4, new DERBoolean(true))); - } - if (onlyContainsAttributeCerts) - { - vec.add(new DERTaggedObject(false, 5, new DERBoolean(true))); - } - - seq = new DERSequence(vec); - } - - /** - * Constructor from ASN1Sequence - */ - public IssuingDistributionPoint( - ASN1Sequence seq) - { - this.seq = seq; - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - - switch (o.getTagNo()) - { - case 0: - // CHOICE so explicit - distributionPoint = DistributionPointName.getInstance(o, true); - break; - case 1: - onlyContainsUserCerts = DERBoolean.getInstance(o, false).isTrue(); - break; - case 2: - onlyContainsCACerts = DERBoolean.getInstance(o, false).isTrue(); - break; - case 3: - onlySomeReasons = new ReasonFlags(ReasonFlags.getInstance(o, false)); - break; - case 4: - indirectCRL = DERBoolean.getInstance(o, false).isTrue(); - break; - case 5: - onlyContainsAttributeCerts = DERBoolean.getInstance(o, false).isTrue(); - break; - default: - throw new IllegalArgumentException( - "unknown tag in IssuingDistributionPoint"); - } - } - } - - public boolean onlyContainsUserCerts() - { - return onlyContainsUserCerts; - } - - public boolean onlyContainsCACerts() - { - return onlyContainsCACerts; - } - - public boolean isIndirectCRL() - { - return indirectCRL; - } - - public boolean onlyContainsAttributeCerts() - { - return onlyContainsAttributeCerts; - } - - /** - * @return Returns the distributionPoint. - */ - public DistributionPointName getDistributionPoint() - { - return distributionPoint; - } - - /** - * @return Returns the onlySomeReasons. - */ - public ReasonFlags getOnlySomeReasons() - { - return onlySomeReasons; - } - - public DERObject toASN1Object() - { - return seq; - } - - public String toString() - { - String sep = System.getProperty("line.separator"); - StringBuffer buf = new StringBuffer(); - - buf.append("IssuingDistributionPoint: ["); - buf.append(sep); - if (distributionPoint != null) - { - appendObject(buf, sep, "distributionPoint", distributionPoint.toString()); - } - if (onlyContainsUserCerts) - { - appendObject(buf, sep, "onlyContainsUserCerts", booleanToString(onlyContainsUserCerts)); - } - if (onlyContainsCACerts) - { - appendObject(buf, sep, "onlyContainsCACerts", booleanToString(onlyContainsCACerts)); - } - if (onlySomeReasons != null) - { - appendObject(buf, sep, "onlySomeReasons", onlySomeReasons.toString()); - } - if (onlyContainsAttributeCerts) - { - appendObject(buf, sep, "onlyContainsAttributeCerts", booleanToString(onlyContainsAttributeCerts)); - } - if (indirectCRL) - { - appendObject(buf, sep, "indirectCRL", booleanToString(indirectCRL)); - } - buf.append("]"); - buf.append(sep); - return buf.toString(); - } - - private void appendObject(StringBuffer buf, String sep, String name, String value) - { - String indent = " "; - - buf.append(indent); - buf.append(name); - buf.append(":"); - buf.append(sep); - buf.append(indent); - buf.append(indent); - buf.append(value); - buf.append(sep); - } - - private String booleanToString(boolean value) - { - return value ? "true" : "false"; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java deleted file mode 100644 index 425e04387..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java +++ /dev/null @@ -1,119 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * The KeyPurposeId object. - * 
- *     KeyPurposeId ::= OBJECT IDENTIFIER
- *
- *     id-kp ::= OBJECT IDENTIFIER { iso(1) identified-organization(3) 
- *          dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3}
- *
- *
- */ -public class KeyPurposeId - extends DERObjectIdentifier -{ - private static final String id_kp = "1.3.6.1.5.5.7.3"; - - /** - * Create a KeyPurposeId from an OID string - * - * @param id OID String. E.g. "1.3.6.1.5.5.7.3.1" - */ - public KeyPurposeId( - String id) - { - super(id); - } - - /** - * { 2 5 29 37 0 } - */ - public static final KeyPurposeId anyExtendedKeyUsage = new KeyPurposeId(X509Extensions.ExtendedKeyUsage.getId() + ".0"); - /** - * { id-kp 1 } - */ - public static final KeyPurposeId id_kp_serverAuth = new KeyPurposeId(id_kp + ".1"); - /** - * { id-kp 2 } - */ - public static final KeyPurposeId id_kp_clientAuth = new KeyPurposeId(id_kp + ".2"); - /** - * { id-kp 3 } - */ - public static final KeyPurposeId id_kp_codeSigning = new KeyPurposeId(id_kp + ".3"); - /** - * { id-kp 4 } - */ - public static final KeyPurposeId id_kp_emailProtection = new KeyPurposeId(id_kp + ".4"); - /** - * Usage deprecated by RFC4945 - was { id-kp 5 } - */ - public static final KeyPurposeId id_kp_ipsecEndSystem = new KeyPurposeId(id_kp + ".5"); - /** - * Usage deprecated by RFC4945 - was { id-kp 6 } - */ - public static final KeyPurposeId id_kp_ipsecTunnel = new KeyPurposeId(id_kp + ".6"); - /** - * Usage deprecated by RFC4945 - was { idkp 7 } - */ - public static final KeyPurposeId id_kp_ipsecUser = new KeyPurposeId(id_kp + ".7"); - /** - * { id-kp 8 } - */ - public static final KeyPurposeId id_kp_timeStamping = new KeyPurposeId(id_kp + ".8"); - /** - * { id-kp 9 } - */ - public static final KeyPurposeId id_kp_OCSPSigning = new KeyPurposeId(id_kp + ".9"); - /** - * { id-kp 10 } - */ - public static final KeyPurposeId id_kp_dvcs = new KeyPurposeId(id_kp + ".10"); - /** - * { id-kp 11 } - */ - public static final KeyPurposeId id_kp_sbgpCertAAServerAuth = new KeyPurposeId(id_kp + ".11"); - /** - * { id-kp 12 } - */ - public static final KeyPurposeId id_kp_scvp_responder = new KeyPurposeId(id_kp + ".12"); - /** - * { id-kp 13 } - */ - public static final KeyPurposeId id_kp_eapOverPPP = new KeyPurposeId(id_kp + ".13"); - /** - * { id-kp 14 } - */ - public static final KeyPurposeId id_kp_eapOverLAN = new KeyPurposeId(id_kp + ".14"); - /** - * { id-kp 15 } - */ - public static final KeyPurposeId id_kp_scvpServer = new KeyPurposeId(id_kp + ".15"); - /** - * { id-kp 16 } - */ - public static final KeyPurposeId id_kp_scvpClient = new KeyPurposeId(id_kp + ".16"); - /** - * { id-kp 17 } - */ - public static final KeyPurposeId id_kp_ipsecIKE = new KeyPurposeId(id_kp + ".17"); - /** - * { id-kp 18 } - */ - public static final KeyPurposeId id_kp_capwapAC = new KeyPurposeId(id_kp + ".18"); - /** - * { id-kp 19 } - */ - public static final KeyPurposeId id_kp_capwapWTP = new KeyPurposeId(id_kp + ".19"); - - // - // microsoft key purpose ids - // - /** - * { 1 3 6 1 4 1 311 20 2 2 } - */ - public static final KeyPurposeId id_kp_smartcardlogon = new KeyPurposeId("1.3.6.1.4.1.311.20.2.2"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java deleted file mode 100644 index 3ffd94b4a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERBitString; - -/** - * The KeyUsage object. - * 
- *    id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
- *
- *    KeyUsage ::= BIT STRING {
- *         digitalSignature        (0),
- *         nonRepudiation          (1),
- *         keyEncipherment         (2),
- *         dataEncipherment        (3),
- *         keyAgreement            (4),
- *         keyCertSign             (5),
- *         cRLSign                 (6),
- *         encipherOnly            (7),
- *         decipherOnly            (8) }
- *
- */ -public class KeyUsage - extends DERBitString -{ - public static final int digitalSignature = (1 << 7); - public static final int nonRepudiation = (1 << 6); - public static final int keyEncipherment = (1 << 5); - public static final int dataEncipherment = (1 << 4); - public static final int keyAgreement = (1 << 3); - public static final int keyCertSign = (1 << 2); - public static final int cRLSign = (1 << 1); - public static final int encipherOnly = (1 << 0); - public static final int decipherOnly = (1 << 15); - - public static DERBitString getInstance(Object obj) // needs to be DERBitString for other VMs - { - if (obj instanceof KeyUsage) - { - return (KeyUsage)obj; - } - - if (obj instanceof X509Extension) - { - return new KeyUsage(DERBitString.getInstance(X509Extension.convertValueToObject((X509Extension)obj))); - } - - return new KeyUsage(DERBitString.getInstance(obj)); - } - - /** - * Basic constructor. - * - * @param usage - the bitwise OR of the Key Usage flags giving the - * allowed uses for the key. - * e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment) - */ - public KeyUsage( - int usage) - { - super(getBytes(usage), getPadBits(usage)); - } - - public KeyUsage( - DERBitString usage) - { - super(usage.getBytes(), usage.getPadBits()); - } - - public String toString() - { - if (data.length == 1) - { - return "KeyUsage: 0x" + Integer.toHexString(data[0] & 0xff); - } - return "KeyUsage: 0x" + Integer.toHexString((data[1] & 0xff) << 8 | (data[0] & 0xff)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java deleted file mode 100644 index 1383d3937..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class NameConstraints - extends ASN1Encodable -{ - private ASN1Sequence permitted, excluded; - - public NameConstraints(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); - switch (o.getTagNo()) - { - case 0: - permitted = ASN1Sequence.getInstance(o, false); - break; - case 1: - excluded = ASN1Sequence.getInstance(o, false); - break; - } - } - } - - /** - * Constructor from a given details. - * - *

- * permitted and excluded are Vectors of GeneralSubtree objects. - * - * @param permitted - * Permitted subtrees - * @param excluded - * Excludes subtrees - */ - public NameConstraints( - Vector permitted, - Vector excluded) - { - if (permitted != null) - { - this.permitted = createSequence(permitted); - } - if (excluded != null) - { - this.excluded = createSequence(excluded); - } - } - - private DERSequence createSequence(Vector subtree) - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = subtree.elements(); - while (e.hasMoreElements()) - { - vec.add((GeneralSubtree)e.nextElement()); - } - - return new DERSequence(vec); - } - - public ASN1Sequence getPermittedSubtrees() - { - return permitted; - } - - public ASN1Sequence getExcludedSubtrees() - { - return excluded; - } - - /* - * NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees - * OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (permitted != null) - { - v.add(new DERTaggedObject(false, 0, permitted)); - } - - if (excluded != null) - { - v.add(new DERTaggedObject(false, 1, excluded)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java deleted file mode 100644 index 0bc639ac9..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java +++ /dev/null @@ -1,155 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * NoticeReference class, used in - * CertificatePolicies X509 V3 extensions - * (in policy qualifiers). - * - * 

- *  NoticeReference ::= SEQUENCE {
- *      organization     DisplayText,
- *      noticeNumbers    SEQUENCE OF INTEGER }
- *
- *
- * - * @see PolicyQualifierInfo - * @see PolicyInformation - */ -public class NoticeReference - extends ASN1Encodable -{ - private DisplayText organization; - private ASN1Sequence noticeNumbers; - - /** - * Creates a new NoticeReference instance. - * - * @param orgName a String value - * @param numbers a Vector value - */ - public NoticeReference( - String orgName, - Vector numbers) - { - organization = new DisplayText(orgName); - - Object o = numbers.elementAt(0); - - ASN1EncodableVector av = new ASN1EncodableVector(); - if (o instanceof Integer) - { - Enumeration it = numbers.elements(); - - while (it.hasMoreElements()) - { - Integer nm = (Integer) it.nextElement(); - DERInteger di = new DERInteger(nm.intValue()); - av.add (di); - } - } - - noticeNumbers = new DERSequence(av); - } - - /** - * Creates a new NoticeReference instance. - * - * @param orgName a String value - * @param numbers an ASN1EncodableVector value - */ - public NoticeReference( - String orgName, - ASN1Sequence numbers) - { - organization = new DisplayText (orgName); - noticeNumbers = numbers; - } - - /** - * Creates a new NoticeReference instance. - * - * @param displayTextType an int value - * @param orgName a String value - * @param numbers an ASN1EncodableVector value - */ - public NoticeReference( - int displayTextType, - String orgName, - ASN1Sequence numbers) - { - organization = new DisplayText(displayTextType, - orgName); - noticeNumbers = numbers; - } - - /** - * Creates a new NoticeReference instance. - *

Useful for reconstructing a NoticeReference - * instance from its encodable/encoded form. - * - * @param as an ASN1Sequence value obtained from either - * calling @{link toASN1Object()} for a NoticeReference - * instance or from parsing it from a DER-encoded stream. - */ - public NoticeReference( - ASN1Sequence as) - { - if (as.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + as.size()); - } - - organization = DisplayText.getInstance(as.getObjectAt(0)); - noticeNumbers = ASN1Sequence.getInstance(as.getObjectAt(1)); - } - - public static NoticeReference getInstance( - Object as) - { - if (as instanceof NoticeReference) - { - return (NoticeReference)as; - } - else if (as instanceof ASN1Sequence) - { - return new NoticeReference((ASN1Sequence)as); - } - - throw new IllegalArgumentException("unknown object in getInstance."); - } - - public DisplayText getOrganization() - { - return organization; - } - - public ASN1Sequence getNoticeNumbers() - { - return noticeNumbers; - } - - /** - * Describe toASN1Object method here. - * - * @return a DERObject value - */ - public DERObject toASN1Object() - { - ASN1EncodableVector av = new ASN1EncodableVector(); - av.add (organization); - av.add (noticeNumbers); - return new DERSequence (av); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java deleted file mode 100644 index b88150922..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java +++ /dev/null @@ -1,192 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * ObjectDigestInfo ASN.1 structure used in v2 attribute certificates. - * - * 

- *  
- *    ObjectDigestInfo ::= SEQUENCE {
- *         digestedObjectType  ENUMERATED {
- *                 publicKey            (0),
- *                 publicKeyCert        (1),
- *                 otherObjectTypes     (2) },
- *                         -- otherObjectTypes MUST NOT
- *                         -- be used in this profile
- *         otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
- *         digestAlgorithm     AlgorithmIdentifier,
- *         objectDigest        BIT STRING
- *    }
- *   
- *
- * - */ -public class ObjectDigestInfo - extends ASN1Encodable -{ - /** - * The public key is hashed. - */ - public final static int publicKey = 0; - - /** - * The public key certificate is hashed. - */ - public final static int publicKeyCert = 1; - - /** - * An other object is hashed. - */ - public final static int otherObjectDigest = 2; - - DEREnumerated digestedObjectType; - - DERObjectIdentifier otherObjectTypeID; - - AlgorithmIdentifier digestAlgorithm; - - DERBitString objectDigest; - - public static ObjectDigestInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof ObjectDigestInfo) - { - return (ObjectDigestInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new ObjectDigestInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - public static ObjectDigestInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * Constructor from given details. - *

- * If digestedObjectType is not {@link #publicKeyCert} or - * {@link #publicKey} otherObjectTypeID must be given, - * otherwise it is ignored. - * - * @param digestedObjectType The digest object type. - * @param otherObjectTypeID The object type ID for - * otherObjectDigest. - * @param digestAlgorithm The algorithm identifier for the hash. - * @param objectDigest The hash value. - */ - public ObjectDigestInfo( - int digestedObjectType, - String otherObjectTypeID, - AlgorithmIdentifier digestAlgorithm, - byte[] objectDigest) - { - this.digestedObjectType = new DEREnumerated(digestedObjectType); - if (digestedObjectType == otherObjectDigest) - { - this.otherObjectTypeID = new DERObjectIdentifier(otherObjectTypeID); - } - - this.digestAlgorithm = digestAlgorithm; - - this.objectDigest = new DERBitString(objectDigest); - } - - private ObjectDigestInfo( - ASN1Sequence seq) - { - if (seq.size() > 4 || seq.size() < 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - digestedObjectType = DEREnumerated.getInstance(seq.getObjectAt(0)); - - int offset = 0; - - if (seq.size() == 4) - { - otherObjectTypeID = DERObjectIdentifier.getInstance(seq.getObjectAt(1)); - offset++; - } - - digestAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1 + offset)); - - objectDigest = DERBitString.getInstance(seq.getObjectAt(2 + offset)); - } - - public DEREnumerated getDigestedObjectType() - { - return digestedObjectType; - } - - public DERObjectIdentifier getOtherObjectTypeID() - { - return otherObjectTypeID; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digestAlgorithm; - } - - public DERBitString getObjectDigest() - { - return objectDigest; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * 

-     *  
-     *    ObjectDigestInfo ::= SEQUENCE {
-     *         digestedObjectType  ENUMERATED {
-     *                 publicKey            (0),
-     *                 publicKeyCert        (1),
-     *                 otherObjectTypes     (2) },
-     *                         -- otherObjectTypes MUST NOT
-     *                         -- be used in this profile
-     *         otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
-     *         digestAlgorithm     AlgorithmIdentifier,
-     *         objectDigest        BIT STRING
-     *    }
-     *   
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(digestedObjectType); - - if (otherObjectTypeID != null) - { - v.add(otherObjectTypeID); - } - - v.add(digestAlgorithm); - v.add(objectDigest); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java deleted file mode 100644 index b4373b086..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class PolicyInformation - extends ASN1Encodable -{ - private DERObjectIdentifier policyIdentifier; - private ASN1Sequence policyQualifiers; - - public PolicyInformation( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - policyIdentifier = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - policyQualifiers = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public PolicyInformation( - DERObjectIdentifier policyIdentifier) - { - this.policyIdentifier = policyIdentifier; - } - - public PolicyInformation( - DERObjectIdentifier policyIdentifier, - ASN1Sequence policyQualifiers) - { - this.policyIdentifier = policyIdentifier; - this.policyQualifiers = policyQualifiers; - } - - public static PolicyInformation getInstance( - Object obj) - { - if (obj == null || obj instanceof PolicyInformation) - { - return (PolicyInformation)obj; - } - - return new PolicyInformation(ASN1Sequence.getInstance(obj)); - } - - public DERObjectIdentifier getPolicyIdentifier() - { - return policyIdentifier; - } - - public ASN1Sequence getPolicyQualifiers() - { - return policyQualifiers; - } - - /* - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(policyIdentifier); - - if (policyQualifiers != null) - { - v.add(policyQualifiers); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java deleted file mode 100644 index df78ec44d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Hashtable; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * PolicyMappings V3 extension, described in RFC3280. - * 
- *    PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- *      issuerDomainPolicy      CertPolicyId,
- *      subjectDomainPolicy     CertPolicyId }
- *
- * - * @see RFC 3280, section 4.2.1.6 - */ -public class PolicyMappings - extends ASN1Encodable -{ - ASN1Sequence seq = null; - - /** - * Creates a new PolicyMappings instance. - * - * @param seq an ASN1Sequence constructed as specified - * in RFC 3280 - */ - public PolicyMappings (ASN1Sequence seq) - { - this.seq = seq; - } - - /** - * Creates a new PolicyMappings instance. - * - * @param mappings a HashMap value that maps - * String oids - * to other String oids. - */ - public PolicyMappings (Hashtable mappings) - { - ASN1EncodableVector dev = new ASN1EncodableVector(); - Enumeration it = mappings.keys(); - - while (it.hasMoreElements()) - { - String idp = (String) it.nextElement(); - String sdp = (String) mappings.get(idp); - ASN1EncodableVector dv = new ASN1EncodableVector(); - dv.add(new DERObjectIdentifier(idp)); - dv.add(new DERObjectIdentifier(sdp)); - dev.add(new DERSequence(dv)); - } - - seq = new DERSequence(dev); - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java deleted file mode 100644 index 267805760..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java +++ /dev/null @@ -1,31 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * PolicyQualifierId, used in the CertificatePolicies - * X509V3 extension. - * - * 
- *    id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
- *    id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
- *    id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
- *  PolicyQualifierId ::=
- *       OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice)
- *
- */ -public class PolicyQualifierId extends DERObjectIdentifier -{ - private static final String id_qt = "1.3.6.1.5.5.7.2"; - - private PolicyQualifierId(String id) - { - super(id); - } - - public static final PolicyQualifierId id_qt_cps = - new PolicyQualifierId(id_qt + ".1"); - public static final PolicyQualifierId id_qt_unotice = - new PolicyQualifierId(id_qt + ".2"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java deleted file mode 100644 index 6e97f7096..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * Policy qualifiers, used in the X509V3 CertificatePolicies - * extension. - * - * 
- *   PolicyQualifierInfo ::= SEQUENCE {
- *       policyQualifierId  PolicyQualifierId,
- *       qualifier          ANY DEFINED BY policyQualifierId }
- *
- */ -public class PolicyQualifierInfo - extends ASN1Encodable -{ - private DERObjectIdentifier policyQualifierId; - private DEREncodable qualifier; - - /** - * Creates a new PolicyQualifierInfo instance. - * - * @param policyQualifierId a PolicyQualifierId value - * @param qualifier the qualifier, defined by the above field. - */ - public PolicyQualifierInfo( - DERObjectIdentifier policyQualifierId, - DEREncodable qualifier) - { - this.policyQualifierId = policyQualifierId; - this.qualifier = qualifier; - } - - /** - * Creates a new PolicyQualifierInfo containing a - * cPSuri qualifier. - * - * @param cps the CPS (certification practice statement) uri as a - * String. - */ - public PolicyQualifierInfo( - String cps) - { - policyQualifierId = PolicyQualifierId.id_qt_cps; - qualifier = new DERIA5String (cps); - } - - /** - * Creates a new PolicyQualifierInfo instance. - * - * @param as PolicyQualifierInfo X509 structure - * encoded as an ASN1Sequence. - */ - public PolicyQualifierInfo( - ASN1Sequence as) - { - if (as.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + as.size()); - } - - policyQualifierId = DERObjectIdentifier.getInstance(as.getObjectAt(0)); - qualifier = as.getObjectAt(1); - } - - public static PolicyQualifierInfo getInstance( - Object as) - { - if (as instanceof PolicyQualifierInfo) - { - return (PolicyQualifierInfo)as; - } - else if (as instanceof ASN1Sequence) - { - return new PolicyQualifierInfo((ASN1Sequence)as); - } - - throw new IllegalArgumentException("unknown object in getInstance."); - } - - - public DERObjectIdentifier getPolicyQualifierId() - { - return policyQualifierId; - } - - public DEREncodable getQualifier() - { - return qualifier; - } - - /** - * Returns a DER-encodable representation of this instance. - * - * @return a DERObject value - */ - public DERObject toASN1Object() - { - ASN1EncodableVector dev = new ASN1EncodableVector(); - dev.add(policyQualifierId); - dev.add(qualifier); - - return new DERSequence(dev); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java deleted file mode 100644 index b5396233d..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -import java.util.Enumeration; - -/** - * 
- *    PrivateKeyUsagePeriod ::= SEQUENCE {
- *      notBefore       [0]     GeneralizedTime OPTIONAL,
- *      notAfter        [1]     GeneralizedTime OPTIONAL }
- *
- */ -public class PrivateKeyUsagePeriod - extends ASN1Encodable -{ - public static PrivateKeyUsagePeriod getInstance(Object obj) - { - if (obj instanceof PrivateKeyUsagePeriod) - { - return (PrivateKeyUsagePeriod)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new PrivateKeyUsagePeriod((ASN1Sequence)obj); - } - - if (obj instanceof X509Extension) - { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName()); - } - - private DERGeneralizedTime _notBefore, _notAfter; - - private PrivateKeyUsagePeriod(ASN1Sequence seq) - { - Enumeration en = seq.getObjects(); - while (en.hasMoreElements()) - { - ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement(); - - if (tObj.getTagNo() == 0) - { - _notBefore = DERGeneralizedTime.getInstance(tObj, false); - } - else if (tObj.getTagNo() == 1) - { - _notAfter = DERGeneralizedTime.getInstance(tObj, false); - } - } - } - - public DERGeneralizedTime getNotBefore() - { - return _notBefore; - } - - public DERGeneralizedTime getNotAfter() - { - return _notAfter; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (_notBefore != null) - { - v.add(new DERTaggedObject(false, 0, _notBefore)); - } - if (_notAfter != null) - { - v.add(new DERTaggedObject(false, 1, _notAfter)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java deleted file mode 100644 index 0047f6aa4..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class RSAPublicKeyStructure - extends ASN1Encodable -{ - private BigInteger modulus; - private BigInteger publicExponent; - - public static RSAPublicKeyStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static RSAPublicKeyStructure getInstance( - Object obj) - { - if(obj == null || obj instanceof RSAPublicKeyStructure) - { - return (RSAPublicKeyStructure)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new RSAPublicKeyStructure((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid RSAPublicKeyStructure: " + obj.getClass().getName()); - } - - public RSAPublicKeyStructure( - BigInteger modulus, - BigInteger publicExponent) - { - this.modulus = modulus; - this.publicExponent = publicExponent; - } - - public RSAPublicKeyStructure( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - modulus = DERInteger.getInstance(e.nextElement()).getPositiveValue(); - publicExponent = DERInteger.getInstance(e.nextElement()).getPositiveValue(); - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPublicExponent() - { - return publicExponent; - } - - /** - * This outputs the key in PKCS1v2 format. - * 
-     *      RSAPublicKey ::= SEQUENCE {
-     *                          modulus INTEGER, -- n
-     *                          publicExponent INTEGER, -- e
-     *                      }
-     *
- *

- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(getModulus())); - v.add(new DERInteger(getPublicExponent())); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java deleted file mode 100644 index 612e2c5e1..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java +++ /dev/null @@ -1,85 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERBitString; - -/** - * The ReasonFlags object. - * 

- * ReasonFlags ::= BIT STRING {
- *      unused                  (0),
- *      keyCompromise           (1),
- *      cACompromise            (2),
- *      affiliationChanged      (3),
- *      superseded              (4),
- *      cessationOfOperation    (5),
- *      certificateHold         (6),
- *      privilegeWithdrawn      (7),
- *      aACompromise            (8) }
- *
- */ -public class ReasonFlags - extends DERBitString -{ - /** - * @deprecated use lower case version - */ - public static final int UNUSED = (1 << 7); - /** - * @deprecated use lower case version - */ - public static final int KEY_COMPROMISE = (1 << 6); - /** - * @deprecated use lower case version - */ - public static final int CA_COMPROMISE = (1 << 5); - /** - * @deprecated use lower case version - */ - public static final int AFFILIATION_CHANGED = (1 << 4); - /** - * @deprecated use lower case version - */ - public static final int SUPERSEDED = (1 << 3); - /** - * @deprecated use lower case version - */ - public static final int CESSATION_OF_OPERATION = (1 << 2); - /** - * @deprecated use lower case version - */ - public static final int CERTIFICATE_HOLD = (1 << 1); - /** - * @deprecated use lower case version - */ - public static final int PRIVILEGE_WITHDRAWN = (1 << 0); - /** - * @deprecated use lower case version - */ - public static final int AA_COMPROMISE = (1 << 15); - - public static final int unused = (1 << 7); - public static final int keyCompromise = (1 << 6); - public static final int cACompromise = (1 << 5); - public static final int affiliationChanged = (1 << 4); - public static final int superseded = (1 << 3); - public static final int cessationOfOperation = (1 << 2); - public static final int certificateHold = (1 << 1); - public static final int privilegeWithdrawn = (1 << 0); - public static final int aACompromise = (1 << 15); - - /** - * @param reasons - the bitwise OR of the Key Reason flags giving the - * allowed uses for the key. - */ - public ReasonFlags( - int reasons) - { - super(getBytes(reasons), getPadBits(reasons)); - } - - public ReasonFlags( - DERBitString reasons) - { - super(reasons.getBytes(), reasons.getPadBits()); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java deleted file mode 100644 index 1794b697b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java +++ /dev/null @@ -1,237 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * Implementation of the RoleSyntax object as specified by the RFC3281. - * - * 
- * RoleSyntax ::= SEQUENCE {
- *                 roleAuthority  [0] GeneralNames OPTIONAL,
- *                 roleName       [1] GeneralName
- *           } 
- *
- */ -public class RoleSyntax - extends ASN1Encodable -{ - private GeneralNames roleAuthority; - private GeneralName roleName; - - /** - * RoleSyntax factory method. - * @param obj the object used to construct an instance of - * RoleSyntax. It must be an instance of RoleSyntax - * or ASN1Sequence. - * @return the instance of RoleSyntax built from the - * supplied object. - * @throws java.lang.IllegalArgumentException if the object passed - * to the factory is not an instance of RoleSyntax or - * ASN1Sequence. - */ - public static RoleSyntax getInstance( - Object obj) - { - - if (obj instanceof RoleSyntax) - { - return (RoleSyntax)obj; - } - else if (obj != null) - { - return new RoleSyntax(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - /** - * Constructor. - * @param roleAuthority the role authority of this RoleSyntax. - * @param roleName the role name of this RoleSyntax. - */ - public RoleSyntax( - GeneralNames roleAuthority, - GeneralName roleName) - { - if(roleName == null || - roleName.getTagNo() != GeneralName.uniformResourceIdentifier || - ((ASN1String)roleName.getName()).getString().equals("")) - { - throw new IllegalArgumentException("the role name MUST be non empty and MUST " + - "use the URI option of GeneralName"); - } - this.roleAuthority = roleAuthority; - this.roleName = roleName; - } - - /** - * Constructor. Invoking this constructor is the same as invoking - * new RoleSyntax(null, roleName). - * @param roleName the role name of this RoleSyntax. - */ - public RoleSyntax( - GeneralName roleName) - { - this(null, roleName); - } - - /** - * Utility constructor. Takes a String argument representing - * the role name, builds a GeneralName to hold the role name - * and calls the constructor that takes a GeneralName. - * @param roleName - */ - public RoleSyntax( - String roleName) - { - this(new GeneralName(GeneralName.uniformResourceIdentifier, - (roleName == null)? "": roleName)); - } - - /** - * Constructor that builds an instance of RoleSyntax by - * extracting the encoded elements from the ASN1Sequence - * object supplied. - * @param seq an instance of ASN1Sequence that holds - * the encoded elements used to build this RoleSyntax. - */ - private RoleSyntax( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject taggedObject = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - switch (taggedObject.getTagNo()) - { - case 0: - roleAuthority = GeneralNames.getInstance(taggedObject, false); - break; - case 1: - roleName = GeneralName.getInstance(taggedObject, true); - break; - default: - throw new IllegalArgumentException("Unknown tag in RoleSyntax"); - } - } - } - - /** - * Gets the role authority of this RoleSyntax. - * @return an instance of GeneralNames holding the - * role authority of this RoleSyntax. - */ - public GeneralNames getRoleAuthority() - { - return this.roleAuthority; - } - - /** - * Gets the role name of this RoleSyntax. - * @return an instance of GeneralName holding the - * role name of this RoleSyntax. - */ - public GeneralName getRoleName() - { - return this.roleName; - } - - /** - * Gets the role name as a java.lang.String object. - * @return the role name of this RoleSyntax represented as a - * java.lang.String object. - */ - public String getRoleNameAsString() - { - ASN1String str = (ASN1String)this.roleName.getName(); - - return str.getString(); - } - - /** - * Gets the role authority as a String[] object. - * @return the role authority of this RoleSyntax represented as a - * String[] array. - */ - public String[] getRoleAuthorityAsString() - { - if(roleAuthority == null) - { - return new String[0]; - } - - GeneralName[] names = roleAuthority.getNames(); - String[] namesString = new String[names.length]; - for(int i = 0; i < names.length; i++) - { - DEREncodable value = names[i].getName(); - if(value instanceof ASN1String) - { - namesString[i] = ((ASN1String)value).getString(); - } - else - { - namesString[i] = value.toString(); - } - } - return namesString; - } - - /** - * Implementation of the method toASN1Object as - * required by the superclass ASN1Encodable. - * - * 
-     * RoleSyntax ::= SEQUENCE {
-     *                 roleAuthority  [0] GeneralNames OPTIONAL,
-     *                 roleName       [1] GeneralName
-     *           } 
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - if(this.roleAuthority != null) - { - v.add(new DERTaggedObject(false, 0, roleAuthority)); - } - v.add(new DERTaggedObject(true, 1, roleName)); - - return new DERSequence(v); - } - - public String toString() - { - StringBuffer buff = new StringBuffer("Name: " + this.getRoleNameAsString() + - " - Auth: "); - if(this.roleAuthority == null || roleAuthority.getNames().length == 0) - { - buff.append("N/A"); - } - else - { - String[] names = this.getRoleAuthorityAsString(); - buff.append('[').append(names[0]); - for(int i = 1; i < names.length; i++) - { - buff.append(", ").append(names[i]); - } - buff.append(']'); - } - return buff.toString(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java deleted file mode 100644 index 3dede6509..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * This extension may contain further X.500 attributes of the subject. See also - * RFC 3039. - * - * 
- *     SubjectDirectoryAttributes ::= Attributes
- *     Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- *     Attribute ::= SEQUENCE 
- *     {
- *       type AttributeType 
- *       values SET OF AttributeValue 
- *     }
- *     
- *     AttributeType ::= OBJECT IDENTIFIER
- *     AttributeValue ::= ANY DEFINED BY AttributeType
- *
- * - * @see org.bouncycastle.asn1.x509.X509Name for AttributeType ObjectIdentifiers. - */ -public class SubjectDirectoryAttributes - extends ASN1Encodable -{ - private Vector attributes = new Vector(); - - public static SubjectDirectoryAttributes getInstance( - Object obj) - { - if (obj == null || obj instanceof SubjectDirectoryAttributes) - { - return (SubjectDirectoryAttributes)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new SubjectDirectoryAttributes((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - * - * The sequence is of type SubjectDirectoryAttributes: - * - * 
-     *      SubjectDirectoryAttributes ::= Attributes
-     *      Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-     *      Attribute ::= SEQUENCE 
-     *      {
-     *        type AttributeType 
-     *        values SET OF AttributeValue 
-     *      }
-     *      
-     *      AttributeType ::= OBJECT IDENTIFIER
-     *      AttributeValue ::= ANY DEFINED BY AttributeType
-     *
- * - * @param seq - * The ASN.1 sequence. - */ - public SubjectDirectoryAttributes(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - attributes.addElement(new Attribute(s)); - } - } - - /** - * Constructor from a vector of attributes. - * - * The vector consists of attributes of type {@link Attribute Attribute} - * - * @param attributes - * The attributes. - * - */ - public SubjectDirectoryAttributes(Vector attributes) - { - Enumeration e = attributes.elements(); - - while (e.hasMoreElements()) - { - this.attributes.addElement(e.nextElement()); - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * 
-     *      SubjectDirectoryAttributes ::= Attributes
-     *      Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-     *      Attribute ::= SEQUENCE 
-     *      {
-     *        type AttributeType 
-     *        values SET OF AttributeValue 
-     *      }
-     *      
-     *      AttributeType ::= OBJECT IDENTIFIER
-     *      AttributeValue ::= ANY DEFINED BY AttributeType
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = attributes.elements(); - - while (e.hasMoreElements()) - { - - vec.add((Attribute)e.nextElement()); - } - - return new DERSequence(vec); - } - - /** - * @return Returns the attributes. - */ - public Vector getAttributes() - { - return attributes; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java deleted file mode 100644 index 8701b1ecb..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +++ /dev/null @@ -1,137 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; - -/** - * The SubjectKeyIdentifier object. - * 
- * SubjectKeyIdentifier::= OCTET STRING
- *
- */ -public class SubjectKeyIdentifier - extends ASN1Encodable -{ - private byte[] keyidentifier; - - public static SubjectKeyIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1OctetString.getInstance(obj, explicit)); - } - - public static SubjectKeyIdentifier getInstance( - Object obj) - { - if (obj instanceof SubjectKeyIdentifier) - { - return (SubjectKeyIdentifier)obj; - } - - if (obj instanceof SubjectPublicKeyInfo) - { - return new SubjectKeyIdentifier((SubjectPublicKeyInfo)obj); - } - - if (obj instanceof ASN1OctetString) - { - return new SubjectKeyIdentifier((ASN1OctetString)obj); - } - - if (obj instanceof X509Extension) - { - return getInstance(X509Extension.convertValueToObject((X509Extension)obj)); - } - - throw new IllegalArgumentException("Invalid SubjectKeyIdentifier: " + obj.getClass().getName()); - } - - public SubjectKeyIdentifier( - byte[] keyid) - { - this.keyidentifier=keyid; - } - - public SubjectKeyIdentifier( - ASN1OctetString keyid) - { - this.keyidentifier=keyid.getOctets(); - } - - /** - * Calculates the keyidentifier using a SHA1 hash over the BIT STRING - * from SubjectPublicKeyInfo as defined in RFC3280. - * - * @param spki the subject public key info. - */ - public SubjectKeyIdentifier( - SubjectPublicKeyInfo spki) - { - this.keyidentifier = getDigest(spki); - } - - public byte[] getKeyIdentifier() - { - return keyidentifier; - } - - public DERObject toASN1Object() - { - return new DEROctetString(keyidentifier); - } - - /** - * Return a RFC 3280 type 1 key identifier. As in: - * 
-     * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
-     * value of the BIT STRING subjectPublicKey (excluding the tag,
-     * length, and number of unused bits).
-     *
- * @param keyInfo the key info object containing the subjectPublicKey field. - * @return the key identifier. - */ - public static SubjectKeyIdentifier createSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo) - { - return new SubjectKeyIdentifier(keyInfo); - } - - /** - * Return a RFC 3280 type 2 key identifier. As in: - * 
-     * (2) The keyIdentifier is composed of a four bit type field with
-     * the value 0100 followed by the least significant 60 bits of the
-     * SHA-1 hash of the value of the BIT STRING subjectPublicKey.
-     *
- * @param keyInfo the key info object containing the subjectPublicKey field. - * @return the key identifier. - */ - public static SubjectKeyIdentifier createTruncatedSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo) - { - byte[] dig = getDigest(keyInfo); - byte[] id = new byte[8]; - - System.arraycopy(dig, dig.length - 8, id, 0, id.length); - - id[0] &= 0x0f; - id[0] |= 0x40; - - return new SubjectKeyIdentifier(id); - } - - private static byte[] getDigest(SubjectPublicKeyInfo spki) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - return resBuf; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java deleted file mode 100644 index 9af439dfe..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * The object that contains the public key stored in a certficate. - *

- * The getEncoded() method in the public keys in the JCE produces a DER - * encoded one of these. - */ -public class SubjectPublicKeyInfo - extends ASN1Encodable -{ - private AlgorithmIdentifier algId; - private DERBitString keyData; - - public static SubjectPublicKeyInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static SubjectPublicKeyInfo getInstance( - Object obj) - { - if (obj instanceof SubjectPublicKeyInfo) - { - return (SubjectPublicKeyInfo)obj; - } - else if (obj != null) - { - return new SubjectPublicKeyInfo(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public SubjectPublicKeyInfo( - AlgorithmIdentifier algId, - DEREncodable publicKey) - { - this.keyData = new DERBitString(publicKey); - this.algId = algId; - } - - public SubjectPublicKeyInfo( - AlgorithmIdentifier algId, - byte[] publicKey) - { - this.keyData = new DERBitString(publicKey); - this.algId = algId; - } - - public SubjectPublicKeyInfo( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - this.algId = AlgorithmIdentifier.getInstance(e.nextElement()); - this.keyData = DERBitString.getInstance(e.nextElement()); - } - - public AlgorithmIdentifier getAlgorithmId() - { - return algId; - } - - /** - * for when the public key is an encoded object - if the bitstring - * can't be decoded this routine throws an IOException. - * - * @exception IOException - if the bit string doesn't represent a DER - * encoded object. - */ - public DERObject getPublicKey() - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(keyData.getBytes()); - - return aIn.readObject(); - } - - /** - * for when the public key is raw bits... - */ - public DERBitString getPublicKeyData() - { - return keyData; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 

-     * SubjectPublicKeyInfo ::= SEQUENCE {
-     *                          algorithm AlgorithmIdentifier,
-     *                          publicKey BIT STRING }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(keyData); - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java deleted file mode 100644 index 128a1a19a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java +++ /dev/null @@ -1,266 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; - -/** - * PKIX RFC-2459 - TBSCertList object. - * 
- * TBSCertList  ::=  SEQUENCE  {
- *      version                 Version OPTIONAL,
- *                                   -- if present, shall be v2
- *      signature               AlgorithmIdentifier,
- *      issuer                  Name,
- *      thisUpdate              Time,
- *      nextUpdate              Time OPTIONAL,
- *      revokedCertificates     SEQUENCE OF SEQUENCE  {
- *           userCertificate         CertificateSerialNumber,
- *           revocationDate          Time,
- *           crlEntryExtensions      Extensions OPTIONAL
- *                                         -- if present, shall be v2
- *                                }  OPTIONAL,
- *      crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
- *                                         -- if present, shall be v2
- *                                }
- *
- */ -public class TBSCertList - extends ASN1Encodable -{ - public static class CRLEntry - extends ASN1Encodable - { - ASN1Sequence seq; - - DERInteger userCertificate; - Time revocationDate; - X509Extensions crlEntryExtensions; - - public CRLEntry( - ASN1Sequence seq) - { - if (seq.size() < 2 || seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - this.seq = seq; - - userCertificate = DERInteger.getInstance(seq.getObjectAt(0)); - revocationDate = Time.getInstance(seq.getObjectAt(1)); - } - - public DERInteger getUserCertificate() - { - return userCertificate; - } - - public Time getRevocationDate() - { - return revocationDate; - } - - public X509Extensions getExtensions() - { - if (crlEntryExtensions == null && seq.size() == 3) - { - crlEntryExtensions = X509Extensions.getInstance(seq.getObjectAt(2)); - } - - return crlEntryExtensions; - } - - public DERObject toASN1Object() - { - return seq; - } - } - - private class RevokedCertificatesEnumeration - implements Enumeration - { - private final Enumeration en; - - RevokedCertificatesEnumeration(Enumeration en) - { - this.en = en; - } - - public boolean hasMoreElements() - { - return en.hasMoreElements(); - } - - public Object nextElement() - { - return new CRLEntry(ASN1Sequence.getInstance(en.nextElement())); - } - } - - private class EmptyEnumeration - implements Enumeration - { - public boolean hasMoreElements() - { - return false; - } - - public Object nextElement() - { - return null; // TODO: check exception handling - } - } - - ASN1Sequence seq; - - DERInteger version; - AlgorithmIdentifier signature; - X509Name issuer; - Time thisUpdate; - Time nextUpdate; - ASN1Sequence revokedCertificates; - X509Extensions crlExtensions; - - public static TBSCertList getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static TBSCertList getInstance( - Object obj) - { - if (obj instanceof TBSCertList) - { - return (TBSCertList)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new TBSCertList((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public TBSCertList( - ASN1Sequence seq) - { - if (seq.size() < 3 || seq.size() > 7) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - int seqPos = 0; - - this.seq = seq; - - if (seq.getObjectAt(seqPos) instanceof DERInteger) - { - version = DERInteger.getInstance(seq.getObjectAt(seqPos++)); - } - else - { - version = new DERInteger(0); - } - - signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++)); - issuer = X509Name.getInstance(seq.getObjectAt(seqPos++)); - thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); - - if (seqPos < seq.size() - && (seq.getObjectAt(seqPos) instanceof DERUTCTime - || seq.getObjectAt(seqPos) instanceof DERGeneralizedTime - || seq.getObjectAt(seqPos) instanceof Time)) - { - nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); - } - - if (seqPos < seq.size() - && !(seq.getObjectAt(seqPos) instanceof DERTaggedObject)) - { - revokedCertificates = ASN1Sequence.getInstance(seq.getObjectAt(seqPos++)); - } - - if (seqPos < seq.size() - && seq.getObjectAt(seqPos) instanceof DERTaggedObject) - { - crlExtensions = X509Extensions.getInstance(seq.getObjectAt(seqPos)); - } - } - - public int getVersion() - { - return version.getValue().intValue() + 1; - } - - public DERInteger getVersionNumber() - { - return version; - } - - public AlgorithmIdentifier getSignature() - { - return signature; - } - - public X509Name getIssuer() - { - return issuer; - } - - public Time getThisUpdate() - { - return thisUpdate; - } - - public Time getNextUpdate() - { - return nextUpdate; - } - - public CRLEntry[] getRevokedCertificates() - { - if (revokedCertificates == null) - { - return new CRLEntry[0]; - } - - CRLEntry[] entries = new CRLEntry[revokedCertificates.size()]; - - for (int i = 0; i < entries.length; i++) - { - entries[i] = new CRLEntry(ASN1Sequence.getInstance(revokedCertificates.getObjectAt(i))); - } - - return entries; - } - - public Enumeration getRevokedCertificateEnumeration() - { - if (revokedCertificates == null) - { - return new EmptyEnumeration(); - } - - return new RevokedCertificatesEnumeration(revokedCertificates.getObjects()); - } - - public X509Extensions getExtensions() - { - return crlExtensions; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java deleted file mode 100644 index 36425d72a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java +++ /dev/null @@ -1,193 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -/** - * The TBSCertificate object. - * 
- * TBSCertificate ::= SEQUENCE {
- *      version          [ 0 ]  Version DEFAULT v1(0),
- *      serialNumber            CertificateSerialNumber,
- *      signature               AlgorithmIdentifier,
- *      issuer                  Name,
- *      validity                Validity,
- *      subject                 Name,
- *      subjectPublicKeyInfo    SubjectPublicKeyInfo,
- *      issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
- *      subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
- *      extensions        [ 3 ] Extensions OPTIONAL
- *      }
- *
- *

- * Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class - * will parse them, but you really shouldn't be creating new ones. - */ -public class TBSCertificateStructure - extends ASN1Encodable - implements X509ObjectIdentifiers, PKCSObjectIdentifiers -{ - ASN1Sequence seq; - - DERInteger version; - DERInteger serialNumber; - AlgorithmIdentifier signature; - X509Name issuer; - Time startDate, endDate; - X509Name subject; - SubjectPublicKeyInfo subjectPublicKeyInfo; - DERBitString issuerUniqueId; - DERBitString subjectUniqueId; - X509Extensions extensions; - - public static TBSCertificateStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static TBSCertificateStructure getInstance( - Object obj) - { - if (obj instanceof TBSCertificateStructure) - { - return (TBSCertificateStructure)obj; - } - else if (obj != null) - { - return new TBSCertificateStructure(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public TBSCertificateStructure( - ASN1Sequence seq) - { - int seqStart = 0; - - this.seq = seq; - - // - // some certficates don't include a version number - we assume v1 - // - if (seq.getObjectAt(0) instanceof DERTaggedObject) - { - version = DERInteger.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); - } - else - { - seqStart = -1; // field 0 is missing! - version = new DERInteger(0); - } - - serialNumber = DERInteger.getInstance(seq.getObjectAt(seqStart + 1)); - - signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqStart + 2)); - issuer = X509Name.getInstance(seq.getObjectAt(seqStart + 3)); - - // - // before and after dates - // - ASN1Sequence dates = (ASN1Sequence)seq.getObjectAt(seqStart + 4); - - startDate = Time.getInstance(dates.getObjectAt(0)); - endDate = Time.getInstance(dates.getObjectAt(1)); - - subject = X509Name.getInstance(seq.getObjectAt(seqStart + 5)); - - // - // public key info. - // - subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(seqStart + 6)); - - for (int extras = seq.size() - (seqStart + 6) - 1; extras > 0; extras--) - { - DERTaggedObject extra = (DERTaggedObject)seq.getObjectAt(seqStart + 6 + extras); - - switch (extra.getTagNo()) - { - case 1: - issuerUniqueId = DERBitString.getInstance(extra, false); - break; - case 2: - subjectUniqueId = DERBitString.getInstance(extra, false); - break; - case 3: - extensions = X509Extensions.getInstance(extra); - } - } - } - - public int getVersion() - { - return version.getValue().intValue() + 1; - } - - public DERInteger getVersionNumber() - { - return version; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public AlgorithmIdentifier getSignature() - { - return signature; - } - - public X509Name getIssuer() - { - return issuer; - } - - public Time getStartDate() - { - return startDate; - } - - public Time getEndDate() - { - return endDate; - } - - public X509Name getSubject() - { - return subject; - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return subjectPublicKeyInfo; - } - - public DERBitString getIssuerUniqueId() - { - return issuerUniqueId; - } - - public DERBitString getSubjectUniqueId() - { - return subjectUniqueId; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Target.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Target.java deleted file mode 100644 index 4d3b672dc..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Target.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * Target structure used in target information extension for attribute - * certificates from RFC 3281. - * - * 

- *     Target  ::= CHOICE {
- *       targetName          [0] GeneralName,
- *       targetGroup         [1] GeneralName,
- *       targetCert          [2] TargetCert
- *     }
- *
- * - *

- * The targetCert field is currently not supported and must not be used - * according to RFC 3281. - */ -public class Target - extends ASN1Encodable - implements ASN1Choice -{ - public static final int targetName = 0; - public static final int targetGroup = 1; - - private GeneralName targName; - private GeneralName targGroup; - - /** - * Creates an instance of a Target from the given object. - *

- * obj can be a Target or a {@link ASN1TaggedObject} - * - * @param obj The object. - * @return A Target instance. - * @throws IllegalArgumentException if the given object cannot be - * interpreted as Target. - */ - public static Target getInstance(Object obj) - { - if (obj instanceof Target) - { - return (Target) obj; - } - else if (obj instanceof ASN1TaggedObject) - { - return new Target((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " - + obj.getClass()); - } - - /** - * Constructor from ASN1TaggedObject. - * - * @param tagObj The tagged object. - * @throws IllegalArgumentException if the encoding is wrong. - */ - private Target(ASN1TaggedObject tagObj) - { - switch (tagObj.getTagNo()) - { - case targetName: // GeneralName is already a choice so explicit - targName = GeneralName.getInstance(tagObj, true); - break; - case targetGroup: - targGroup = GeneralName.getInstance(tagObj, true); - break; - default: - throw new IllegalArgumentException("unknown tag: " + tagObj.getTagNo()); - } - } - - /** - * Constructor from given details. - *

- * Exactly one of the parameters must be not null. - * - * @param type the choice type to apply to the name. - * @param name the general name. - * @throws IllegalArgumentException if type is invalid. - */ - public Target(int type, GeneralName name) - { - this(new DERTaggedObject(type, name)); - } - - /** - * @return Returns the targetGroup. - */ - public GeneralName getTargetGroup() - { - return targGroup; - } - - /** - * @return Returns the targetName. - */ - public GeneralName getTargetName() - { - return targName; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * 

-     *     Target  ::= CHOICE {
-     *       targetName          [0] GeneralName,
-     *       targetGroup         [1] GeneralName,
-     *       targetCert          [2] TargetCert
-     *     }
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - // GeneralName is a choice already so most be explicitly tagged - if (targName != null) - { - return new DERTaggedObject(true, 0, targName); - } - else - { - return new DERTaggedObject(true, 1, targGroup); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TargetInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TargetInformation.java deleted file mode 100644 index 7608b2200..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/TargetInformation.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -import java.util.Enumeration; - -/** - * Target information extension for attributes certificates according to RFC - * 3281. - * - * 
- *           SEQUENCE OF Targets
- *
- * - */ -public class TargetInformation - extends ASN1Encodable -{ - private ASN1Sequence targets; - - /** - * Creates an instance of a TargetInformation from the given object. - *

- * obj can be a TargetInformation or a {@link ASN1Sequence} - * - * @param obj The object. - * @return A TargetInformation instance. - * @throws IllegalArgumentException if the given object cannot be - * interpreted as TargetInformation. - */ - public static TargetInformation getInstance(Object obj) - { - if (obj instanceof TargetInformation) - { - return (TargetInformation) obj; - } - else if (obj instanceof ASN1Sequence) - { - return new TargetInformation((ASN1Sequence) obj); - } - - throw new IllegalArgumentException("unknown object in factory: " - + obj.getClass()); - } - - /** - * Constructor from a ASN1Sequence. - * - * @param seq The ASN1Sequence. - * @throws IllegalArgumentException if the sequence does not contain - * correctly encoded Targets elements. - */ - private TargetInformation(ASN1Sequence seq) - { - targets = seq; - } - - /** - * Returns the targets in this target information extension. - * - * @return Returns the targets. - */ - public Targets[] getTargetsObjects() - { - Targets[] copy = new Targets[targets.size()]; - int count = 0; - for (Enumeration e = targets.getObjects(); e.hasMoreElements();) - { - copy[count++] = Targets.getInstance(e.nextElement()); - } - return copy; - } - - /** - * Constructs a target information from a single targets element. - * According to RFC 3281 only one targets element must be produced. - * - * @param targets A Targets instance. - */ - public TargetInformation(Targets targets) - { - this.targets = new DERSequence(targets); - } - - /** - * According to RFC 3281 only one targets element must be produced. If - * multiple targets are given they must be merged in - * into one targets element. - * - * @param targets An array with {@link Targets}. - */ - public TargetInformation(Target[] targets) - { - this(new Targets(targets)); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * 

-     *          SEQUENCE OF Targets
-     *
- * - *

- * According to RFC 3281 only one targets element must be produced. If - * multiple targets are given in the constructor they are merged into one - * targets element. If this was produced from a - * {@link org.bouncycastle.asn1.ASN1Sequence} the encoding is kept. - * - * @return a DERObject - */ - public DERObject toASN1Object() - { - return targets; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Targets.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Targets.java deleted file mode 100644 index 2fead075b..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Targets.java +++ /dev/null @@ -1,122 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -import java.util.Enumeration; - -/** - * Targets structure used in target information extension for attribute - * certificates from RFC 3281. - * - * 

- *            Targets ::= SEQUENCE OF Target
- *           
- *            Target  ::= CHOICE {
- *              targetName          [0] GeneralName,
- *              targetGroup         [1] GeneralName,
- *              targetCert          [2] TargetCert
- *            }
- *           
- *            TargetCert  ::= SEQUENCE {
- *              targetCertificate    IssuerSerial,
- *              targetName           GeneralName OPTIONAL,
- *              certDigestInfo       ObjectDigestInfo OPTIONAL
- *            }
- *
- * - * @see org.bouncycastle.asn1.x509.Target - * @see org.bouncycastle.asn1.x509.TargetInformation - */ -public class Targets - extends ASN1Encodable -{ - private ASN1Sequence targets; - - /** - * Creates an instance of a Targets from the given object. - *

- * obj can be a Targets or a {@link ASN1Sequence} - * - * @param obj The object. - * @return A Targets instance. - * @throws IllegalArgumentException if the given object cannot be - * interpreted as Target. - */ - public static Targets getInstance(Object obj) - { - if (obj instanceof Targets) - { - return (Targets)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Targets((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " - + obj.getClass()); - } - - /** - * Constructor from ASN1Sequence. - * - * @param targets The ASN.1 SEQUENCE. - * @throws IllegalArgumentException if the contents of the sequence are - * invalid. - */ - private Targets(ASN1Sequence targets) - { - this.targets = targets; - } - - /** - * Constructor from given targets. - *

- * The vector is copied. - * - * @param targets A Vector of {@link Target}s. - * @see Target - * @throws IllegalArgumentException if the vector contains not only Targets. - */ - public Targets(Target[] targets) - { - this.targets = new DERSequence(targets); - } - - /** - * Returns the targets in a Vector. - *

- * The vector is cloned before it is returned. - * - * @return Returns the targets. - */ - public Target[] getTargets() - { - Target[] targs = new Target[targets.size()]; - int count = 0; - for (Enumeration e = targets.getObjects(); e.hasMoreElements();) - { - targs[count++] = Target.getInstance(e.nextElement()); - } - return targs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * 

-     *            Targets ::= SEQUENCE OF Target
-     *
- * - * @return a DERObject - */ - public DERObject toASN1Object() - { - return targets; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Time.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Time.java deleted file mode 100644 index d51209d63..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/Time.java +++ /dev/null @@ -1,133 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUTCTime; - -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -public class Time - extends ASN1Encodable - implements ASN1Choice -{ - DERObject time; - - public static Time getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public Time( - DERObject time) - { - if (!(time instanceof DERUTCTime) - && !(time instanceof DERGeneralizedTime)) - { - throw new IllegalArgumentException("unknown object passed to Time"); - } - - this.time = time; - } - - /** - * creates a time object from a given date - if the date is between 1950 - * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime - * is used. - */ - public Time( - Date date) - { - SimpleTimeZone tz = new SimpleTimeZone(0, "Z"); - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss"); - - dateF.setTimeZone(tz); - - String d = dateF.format(date) + "Z"; - int year = Integer.parseInt(d.substring(0, 4)); - - if (year < 1950 || year > 2049) - { - time = new DERGeneralizedTime(d); - } - else - { - time = new DERUTCTime(d.substring(2)); - } - } - - public static Time getInstance( - Object obj) - { - if (obj == null || obj instanceof Time) - { - return (Time)obj; - } - else if (obj instanceof DERUTCTime) - { - return new Time((DERUTCTime)obj); - } - else if (obj instanceof DERGeneralizedTime) - { - return new Time((DERGeneralizedTime)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public String getTime() - { - if (time instanceof DERUTCTime) - { - return ((DERUTCTime)time).getAdjustedTime(); - } - else - { - return ((DERGeneralizedTime)time).getTime(); - } - } - - public Date getDate() - { - try - { - if (time instanceof DERUTCTime) - { - return ((DERUTCTime)time).getAdjustedDate(); - } - else - { - return ((DERGeneralizedTime)time).getDate(); - } - } - catch (ParseException e) - { // this should never happen - throw new IllegalStateException("invalid date string: " + e.getMessage()); - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     * Time ::= CHOICE {
-     *             utcTime        UTCTime,
-     *             generalTime    GeneralizedTime }
-     *
- */ - public DERObject toASN1Object() - { - return time; - } - - public String toString() - { - return getTime(); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java deleted file mode 100644 index b3785ff2c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java +++ /dev/null @@ -1,117 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * UserNotice class, used in - * CertificatePolicies X509 extensions (in policy - * qualifiers). - * 
- * UserNotice ::= SEQUENCE {
- *      noticeRef        NoticeReference OPTIONAL,
- *      explicitText     DisplayText OPTIONAL}
- *
- *
- * - * @see PolicyQualifierId - * @see PolicyInformation - */ -public class UserNotice - extends ASN1Encodable -{ - private NoticeReference noticeRef; - private DisplayText explicitText; - - /** - * Creates a new UserNotice instance. - * - * @param noticeRef a NoticeReference value - * @param explicitText a DisplayText value - */ - public UserNotice( - NoticeReference noticeRef, - DisplayText explicitText) - { - this.noticeRef = noticeRef; - this.explicitText = explicitText; - } - - /** - * Creates a new UserNotice instance. - * - * @param noticeRef a NoticeReference value - * @param str the explicitText field as a String. - */ - public UserNotice( - NoticeReference noticeRef, - String str) - { - this.noticeRef = noticeRef; - this.explicitText = new DisplayText(str); - } - - /** - * Creates a new UserNotice instance. - *

Useful from reconstructing a UserNotice instance - * from its encodable/encoded form. - * - * @param as an ASN1Sequence value obtained from either - * calling @{link toASN1Object()} for a UserNotice - * instance or from parsing it from a DER-encoded stream. - */ - public UserNotice( - ASN1Sequence as) - { - if (as.size() == 2) - { - noticeRef = NoticeReference.getInstance(as.getObjectAt(0)); - explicitText = DisplayText.getInstance(as.getObjectAt(1)); - } - else if (as.size() == 1) - { - if (as.getObjectAt(0).getDERObject() instanceof ASN1Sequence) - { - noticeRef = NoticeReference.getInstance(as.getObjectAt(0)); - } - else - { - explicitText = DisplayText.getInstance(as.getObjectAt(0)); - } - } - else - { - throw new IllegalArgumentException("Bad sequence size: " + as.size()); - } - } - - public NoticeReference getNoticeRef() - { - return noticeRef; - } - - public DisplayText getExplicitText() - { - return explicitText; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector av = new ASN1EncodableVector(); - - if (noticeRef != null) - { - av.add(noticeRef); - } - - if (explicitText != null) - { - av.add(explicitText); - } - - return new DERSequence(av); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java deleted file mode 100644 index 1c3016dfa..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.x500.X500Name; - -/** - * Generator for Version 1 TBSCertificateStructures. - * 

- * TBSCertificate ::= SEQUENCE {
- *      version          [ 0 ]  Version DEFAULT v1(0),
- *      serialNumber            CertificateSerialNumber,
- *      signature               AlgorithmIdentifier,
- *      issuer                  Name,
- *      validity                Validity,
- *      subject                 Name,
- *      subjectPublicKeyInfo    SubjectPublicKeyInfo,
- *      }
- *
- * - */ -public class V1TBSCertificateGenerator -{ - DERTaggedObject version = new DERTaggedObject(0, new DERInteger(0)); - - DERInteger serialNumber; - AlgorithmIdentifier signature; - X509Name issuer; - Time startDate, endDate; - X509Name subject; - SubjectPublicKeyInfo subjectPublicKeyInfo; - - public V1TBSCertificateGenerator() - { - } - - public void setSerialNumber( - DERInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - X509Name issuer) - { - this.issuer = issuer; - } - - public void setIssuer( - X500Name issuer) - { - this.issuer = X509Name.getInstance(issuer.getDERObject()); - } - - public void setStartDate( - Time startDate) - { - this.startDate = startDate; - } - - public void setStartDate( - DERUTCTime startDate) - { - this.startDate = new Time(startDate); - } - - public void setEndDate( - Time endDate) - { - this.endDate = endDate; - } - - public void setEndDate( - DERUTCTime endDate) - { - this.endDate = new Time(endDate); - } - - public void setSubject( - X509Name subject) - { - this.subject = subject; - } - - public void setSubject( - X500Name subject) - { - this.subject = X509Name.getInstance(subject.getDERObject()); - } - - public void setSubjectPublicKeyInfo( - SubjectPublicKeyInfo pubKeyInfo) - { - this.subjectPublicKeyInfo = pubKeyInfo; - } - - public TBSCertificateStructure generateTBSCertificate() - { - if ((serialNumber == null) || (signature == null) - || (issuer == null) || (startDate == null) || (endDate == null) - || (subject == null) || (subjectPublicKeyInfo == null)) - { - throw new IllegalStateException("not all mandatory fields set in V1 TBScertificate generator"); - } - - ASN1EncodableVector seq = new ASN1EncodableVector(); - - // seq.add(version); - not required as default value. - seq.add(serialNumber); - seq.add(signature); - seq.add(issuer); - - // - // before and after dates - // - ASN1EncodableVector validity = new ASN1EncodableVector(); - - validity.add(startDate); - validity.add(endDate); - - seq.add(new DERSequence(validity)); - - seq.add(subject); - - seq.add(subjectPublicKeyInfo); - - return new TBSCertificateStructure(new DERSequence(seq)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java deleted file mode 100644 index ed8412e78..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java +++ /dev/null @@ -1,148 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSet; - -/** - * Generator for Version 2 AttributeCertificateInfo - * 
- * AttributeCertificateInfo ::= SEQUENCE {
- *       version              AttCertVersion -- version is v2,
- *       holder               Holder,
- *       issuer               AttCertIssuer,
- *       signature            AlgorithmIdentifier,
- *       serialNumber         CertificateSerialNumber,
- *       attrCertValidityPeriod   AttCertValidityPeriod,
- *       attributes           SEQUENCE OF Attribute,
- *       issuerUniqueID       UniqueIdentifier OPTIONAL,
- *       extensions           Extensions OPTIONAL
- * }
- *
- * - */ -public class V2AttributeCertificateInfoGenerator -{ - private DERInteger version; - private Holder holder; - private AttCertIssuer issuer; - private AlgorithmIdentifier signature; - private DERInteger serialNumber; - private ASN1EncodableVector attributes; - private DERBitString issuerUniqueID; - private X509Extensions extensions; - - // Note: validity period start/end dates stored directly - //private AttCertValidityPeriod attrCertValidityPeriod; - private DERGeneralizedTime startDate, endDate; - - public V2AttributeCertificateInfoGenerator() - { - this.version = new DERInteger(1); - attributes = new ASN1EncodableVector(); - } - - public void setHolder(Holder holder) - { - this.holder = holder; - } - - public void addAttribute(String oid, ASN1Encodable value) - { - attributes.add(new Attribute(new DERObjectIdentifier(oid), new DERSet(value))); - } - - /** - * @param attribute - */ - public void addAttribute(Attribute attribute) - { - attributes.add(attribute); - } - - public void setSerialNumber( - DERInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - AttCertIssuer issuer) - { - this.issuer = issuer; - } - - public void setStartDate( - DERGeneralizedTime startDate) - { - this.startDate = startDate; - } - - public void setEndDate( - DERGeneralizedTime endDate) - { - this.endDate = endDate; - } - - public void setIssuerUniqueID( - DERBitString issuerUniqueID) - { - this.issuerUniqueID = issuerUniqueID; - } - - public void setExtensions( - X509Extensions extensions) - { - this.extensions = extensions; - } - - public AttributeCertificateInfo generateAttributeCertificateInfo() - { - if ((serialNumber == null) || (signature == null) - || (issuer == null) || (startDate == null) || (endDate == null) - || (holder == null) || (attributes == null)) - { - throw new IllegalStateException("not all mandatory fields set in V2 AttributeCertificateInfo generator"); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(holder); - v.add(issuer); - v.add(signature); - v.add(serialNumber); - - // - // before and after dates => AttCertValidityPeriod - // - AttCertValidityPeriod validity = new AttCertValidityPeriod(startDate, endDate); - v.add(validity); - - // Attributes - v.add(new DERSequence(attributes)); - - if (issuerUniqueID != null) - { - v.add(issuerUniqueID); - } - - if (extensions != null) - { - v.add(extensions); - } - - return new AttributeCertificateInfo(new DERSequence(v)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2Form.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2Form.java deleted file mode 100644 index 1eb77d113..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2Form.java +++ /dev/null @@ -1,130 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class V2Form - extends ASN1Encodable -{ - GeneralNames issuerName; - IssuerSerial baseCertificateID; - ObjectDigestInfo objectDigestInfo; - - public static V2Form getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static V2Form getInstance( - Object obj) - { - if (obj == null || obj instanceof V2Form) - { - return (V2Form)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new V2Form((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public V2Form( - GeneralNames issuerName) - { - this.issuerName = issuerName; - } - - public V2Form( - ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - int index = 0; - - if (!(seq.getObjectAt(0) instanceof ASN1TaggedObject)) - { - index++; - this.issuerName = GeneralNames.getInstance(seq.getObjectAt(0)); - } - - for (int i = index; i != seq.size(); i++) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - if (o.getTagNo() == 0) - { - baseCertificateID = IssuerSerial.getInstance(o, false); - } - else if (o.getTagNo() == 1) - { - objectDigestInfo = ObjectDigestInfo.getInstance(o, false); - } - else - { - throw new IllegalArgumentException("Bad tag number: " - + o.getTagNo()); - } - } - } - - public GeneralNames getIssuerName() - { - return issuerName; - } - - public IssuerSerial getBaseCertificateID() - { - return baseCertificateID; - } - - public ObjectDigestInfo getObjectDigestInfo() - { - return objectDigestInfo; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * 
-     *  V2Form ::= SEQUENCE {
-     *       issuerName            GeneralNames  OPTIONAL,
-     *       baseCertificateID     [0] IssuerSerial  OPTIONAL,
-     *       objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
-     *         -- issuerName MUST be present in this profile
-     *         -- baseCertificateID and objectDigestInfo MUST NOT
-     *         -- be present in this profile
-     *  }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (issuerName != null) - { - v.add(issuerName); - } - - if (baseCertificateID != null) - { - v.add(new DERTaggedObject(false, 0, baseCertificateID)); - } - - if (objectDigestInfo != null) - { - v.add(new DERTaggedObject(false, 1, objectDigestInfo)); - } - - return new DERSequence(v); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java deleted file mode 100644 index 9c6936170..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java +++ /dev/null @@ -1,219 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.x500.X500Name; - -/** - * Generator for Version 2 TBSCertList structures. - * 
- *  TBSCertList  ::=  SEQUENCE  {
- *       version                 Version OPTIONAL,
- *                                    -- if present, shall be v2
- *       signature               AlgorithmIdentifier,
- *       issuer                  Name,
- *       thisUpdate              Time,
- *       nextUpdate              Time OPTIONAL,
- *       revokedCertificates     SEQUENCE OF SEQUENCE  {
- *            userCertificate         CertificateSerialNumber,
- *            revocationDate          Time,
- *            crlEntryExtensions      Extensions OPTIONAL
- *                                          -- if present, shall be v2
- *                                 }  OPTIONAL,
- *       crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
- *                                          -- if present, shall be v2
- *                                 }
- *
- * - * Note: This class may be subject to change - */ -public class V2TBSCertListGenerator -{ - DERInteger version = new DERInteger(1); - - AlgorithmIdentifier signature; - X509Name issuer; - Time thisUpdate, nextUpdate=null; - X509Extensions extensions=null; - private Vector crlentries=null; - - public V2TBSCertListGenerator() - { - } - - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - X509Name issuer) - { - this.issuer = issuer; - } - - public void setIssuer(X500Name issuer) - { - this.issuer = X509Name.getInstance(issuer); - } - - public void setThisUpdate( - DERUTCTime thisUpdate) - { - this.thisUpdate = new Time(thisUpdate); - } - - public void setNextUpdate( - DERUTCTime nextUpdate) - { - this.nextUpdate = new Time(nextUpdate); - } - - public void setThisUpdate( - Time thisUpdate) - { - this.thisUpdate = thisUpdate; - } - - public void setNextUpdate( - Time nextUpdate) - { - this.nextUpdate = nextUpdate; - } - - public void addCRLEntry( - ASN1Sequence crlEntry) - { - if (crlentries == null) - { - crlentries = new Vector(); - } - - crlentries.addElement(crlEntry); - } - - public void addCRLEntry(DERInteger userCertificate, DERUTCTime revocationDate, int reason) - { - addCRLEntry(userCertificate, new Time(revocationDate), reason); - } - - public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason) - { - addCRLEntry(userCertificate, revocationDate, reason, null); - } - - public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason, DERGeneralizedTime invalidityDate) - { - Vector extOids = new Vector(); - Vector extValues = new Vector(); - - if (reason != 0) - { - CRLReason crlReason = new CRLReason(reason); - - try - { - extOids.addElement(X509Extension.reasonCode); - extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded()))); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding reason: " + e); - } - } - - if (invalidityDate != null) - { - try - { - extOids.addElement(X509Extension.invalidityDate); - extValues.addElement(new X509Extension(false, new DEROctetString(invalidityDate.getEncoded()))); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding invalidityDate: " + e); - } - } - - if (extOids.size() != 0) - { - addCRLEntry(userCertificate, revocationDate, new X509Extensions(extOids, extValues)); - } - else - { - addCRLEntry(userCertificate, revocationDate, null); - } - } - - public void addCRLEntry(DERInteger userCertificate, Time revocationDate, X509Extensions extensions) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(userCertificate); - v.add(revocationDate); - - if (extensions != null) - { - v.add(extensions); - } - - addCRLEntry(new DERSequence(v)); - } - - public void setExtensions( - X509Extensions extensions) - { - this.extensions = extensions; - } - - public TBSCertList generateTBSCertList() - { - if ((signature == null) || (issuer == null) || (thisUpdate == null)) - { - throw new IllegalStateException("Not all mandatory fields set in V2 TBSCertList generator."); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(signature); - v.add(issuer); - - v.add(thisUpdate); - if (nextUpdate != null) - { - v.add(nextUpdate); - } - - // Add CRLEntries if they exist - if (crlentries != null) - { - ASN1EncodableVector certs = new ASN1EncodableVector(); - Enumeration it = crlentries.elements(); - while(it.hasMoreElements()) - { - certs.add((ASN1Sequence)it.nextElement()); - } - v.add(new DERSequence(certs)); - } - - if (extensions != null) - { - v.add(new DERTaggedObject(0, extensions)); - } - - return new TBSCertList(new DERSequence(v)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java deleted file mode 100644 index 6fccbd07f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java +++ /dev/null @@ -1,196 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.x500.X500Name; - -/** - * Generator for Version 3 TBSCertificateStructures. - * 
- * TBSCertificate ::= SEQUENCE {
- *      version          [ 0 ]  Version DEFAULT v1(0),
- *      serialNumber            CertificateSerialNumber,
- *      signature               AlgorithmIdentifier,
- *      issuer                  Name,
- *      validity                Validity,
- *      subject                 Name,
- *      subjectPublicKeyInfo    SubjectPublicKeyInfo,
- *      issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
- *      subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
- *      extensions        [ 3 ] Extensions OPTIONAL
- *      }
- *
- * - */ -public class V3TBSCertificateGenerator -{ - DERTaggedObject version = new DERTaggedObject(0, new DERInteger(2)); - - DERInteger serialNumber; - AlgorithmIdentifier signature; - X509Name issuer; - Time startDate, endDate; - X509Name subject; - SubjectPublicKeyInfo subjectPublicKeyInfo; - X509Extensions extensions; - - private boolean altNamePresentAndCritical; - private DERBitString issuerUniqueID; - private DERBitString subjectUniqueID; - - public V3TBSCertificateGenerator() - { - } - - public void setSerialNumber( - DERInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - X509Name issuer) - { - this.issuer = issuer; - } - - public void setIssuer( - X500Name issuer) - { - this.issuer = X509Name.getInstance(issuer.getDERObject()); - } - - public void setStartDate( - DERUTCTime startDate) - { - this.startDate = new Time(startDate); - } - - public void setStartDate( - Time startDate) - { - this.startDate = startDate; - } - - public void setEndDate( - DERUTCTime endDate) - { - this.endDate = new Time(endDate); - } - - public void setEndDate( - Time endDate) - { - this.endDate = endDate; - } - - public void setSubject( - X509Name subject) - { - this.subject = subject; - } - - public void setSubject( - X500Name subject) - { - this.subject = X509Name.getInstance(subject.getDERObject()); - } - - public void setIssuerUniqueID( - DERBitString uniqueID) - { - this.issuerUniqueID = uniqueID; - } - - public void setSubjectUniqueID( - DERBitString uniqueID) - { - this.subjectUniqueID = uniqueID; - } - - public void setSubjectPublicKeyInfo( - SubjectPublicKeyInfo pubKeyInfo) - { - this.subjectPublicKeyInfo = pubKeyInfo; - } - - public void setExtensions( - X509Extensions extensions) - { - this.extensions = extensions; - if (extensions != null) - { - X509Extension altName = extensions.getExtension(X509Extensions.SubjectAlternativeName); - - if (altName != null && altName.isCritical()) - { - altNamePresentAndCritical = true; - } - } - } - - public TBSCertificateStructure generateTBSCertificate() - { - if ((serialNumber == null) || (signature == null) - || (issuer == null) || (startDate == null) || (endDate == null) - || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) - { - throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator"); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(serialNumber); - v.add(signature); - v.add(issuer); - - // - // before and after dates - // - ASN1EncodableVector validity = new ASN1EncodableVector(); - - validity.add(startDate); - validity.add(endDate); - - v.add(new DERSequence(validity)); - - if (subject != null) - { - v.add(subject); - } - else - { - v.add(new DERSequence()); - } - - v.add(subjectPublicKeyInfo); - - if (issuerUniqueID != null) - { - v.add(new DERTaggedObject(false, 1, issuerUniqueID)); - } - - if (subjectUniqueID != null) - { - v.add(new DERTaggedObject(false, 2, subjectUniqueID)); - } - - if (extensions != null) - { - v.add(new DERTaggedObject(3, extensions)); - } - - return new TBSCertificateStructure(new DERSequence(v)); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java deleted file mode 100644 index 8ea18fa15..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public class X509Attributes -{ - public static final DERObjectIdentifier RoleSyntax = new DERObjectIdentifier("2.5.4.72"); -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java deleted file mode 100644 index 8559b6925..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -/** - * an X509Certificate structure. - * 
- *  Certificate ::= SEQUENCE {
- *      tbsCertificate          TBSCertificate,
- *      signatureAlgorithm      AlgorithmIdentifier,
- *      signature               BIT STRING
- *  }
- *
- */ -public class X509CertificateStructure - extends ASN1Encodable - implements X509ObjectIdentifiers, PKCSObjectIdentifiers -{ - ASN1Sequence seq; - TBSCertificateStructure tbsCert; - AlgorithmIdentifier sigAlgId; - DERBitString sig; - - public static X509CertificateStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static X509CertificateStructure getInstance( - Object obj) - { - if (obj instanceof X509CertificateStructure) - { - return (X509CertificateStructure)obj; - } - else if (obj != null) - { - return new X509CertificateStructure(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - public X509CertificateStructure( - ASN1Sequence seq) - { - this.seq = seq; - - // - // correct x509 certficate - // - if (seq.size() == 3) - { - tbsCert = TBSCertificateStructure.getInstance(seq.getObjectAt(0)); - sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - - sig = DERBitString.getInstance(seq.getObjectAt(2)); - } - else - { - throw new IllegalArgumentException("sequence wrong size for a certificate"); - } - } - - public TBSCertificateStructure getTBSCertificate() - { - return tbsCert; - } - - public int getVersion() - { - return tbsCert.getVersion(); - } - - public DERInteger getSerialNumber() - { - return tbsCert.getSerialNumber(); - } - - public X509Name getIssuer() - { - return tbsCert.getIssuer(); - } - - public Time getStartDate() - { - return tbsCert.getStartDate(); - } - - public Time getEndDate() - { - return tbsCert.getEndDate(); - } - - public X509Name getSubject() - { - return tbsCert.getSubject(); - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return tbsCert.getSubjectPublicKeyInfo(); - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return sigAlgId; - } - - public DERBitString getSignature() - { - return sig; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java deleted file mode 100644 index 6098c271f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java +++ /dev/null @@ -1,65 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.asn1.DERUTF8String; - -import java.io.IOException; - -/** - * The default converter for X509 DN entries when going from their - * string value to ASN.1 strings. - */ -public class X509DefaultEntryConverter - extends X509NameEntryConverter -{ - /** - * Apply default coversion for the given value depending on the oid - * and the character range of the value. - * - * @param oid the object identifier for the DN entry - * @param value the value associated with it - * @return the ASN.1 equivalent for the string value. - */ - public DERObject getConvertedValue( - DERObjectIdentifier oid, - String value) - { - if (value.length() != 0 && value.charAt(0) == '#') - { - try - { - return convertHexEncoded(value, 1); - } - catch (IOException e) - { - throw new RuntimeException("can't recode value for oid " + oid.getId()); - } - } - else - { - if (value.length() != 0 && value.charAt(0) == '\\') - { - value = value.substring(1); - } - if (oid.equals(X509Name.EmailAddress) || oid.equals(X509Name.DC)) - { - return new DERIA5String(value); - } - else if (oid.equals(X509Name.DATE_OF_BIRTH)) // accept time string as well as # (for compatibility) - { - return new DERGeneralizedTime(value); - } - else if (oid.equals(X509Name.C) || oid.equals(X509Name.SN) || oid.equals(X509Name.DN_QUALIFIER) - || oid.equals(X509Name.TELEPHONE_NUMBER)) - { - return new DERPrintableString(value); - } - } - - return new DERUTF8String(value); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java deleted file mode 100644 index 8c2cab42f..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java +++ /dev/null @@ -1,249 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERBoolean; - -/** - * an object for the elements in the X.509 V3 extension block. - */ -public class X509Extension -{ - /** - * Subject Directory Attributes - */ - public static final ASN1ObjectIdentifier subjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9"); - - /** - * Subject Key Identifier - */ - public static final ASN1ObjectIdentifier subjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14"); - - /** - * Key Usage - */ - public static final ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier("2.5.29.15"); - - /** - * Private Key Usage Period - */ - public static final ASN1ObjectIdentifier privateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16"); - - /** - * Subject Alternative Name - */ - public static final ASN1ObjectIdentifier subjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17"); - - /** - * Issuer Alternative Name - */ - public static final ASN1ObjectIdentifier issuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18"); - - /** - * Basic Constraints - */ - public static final ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19"); - - /** - * CRL Number - */ - public static final ASN1ObjectIdentifier cRLNumber = new ASN1ObjectIdentifier("2.5.29.20"); - - /** - * Reason code - */ - public static final ASN1ObjectIdentifier reasonCode = new ASN1ObjectIdentifier("2.5.29.21"); - - /** - * Hold Instruction Code - */ - public static final ASN1ObjectIdentifier instructionCode = new ASN1ObjectIdentifier("2.5.29.23"); - - /** - * Invalidity Date - */ - public static final ASN1ObjectIdentifier invalidityDate = new ASN1ObjectIdentifier("2.5.29.24"); - - /** - * Delta CRL indicator - */ - public static final ASN1ObjectIdentifier deltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27"); - - /** - * Issuing Distribution Point - */ - public static final ASN1ObjectIdentifier issuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28"); - - /** - * Certificate Issuer - */ - public static final ASN1ObjectIdentifier certificateIssuer = new ASN1ObjectIdentifier("2.5.29.29"); - - /** - * Name Constraints - */ - public static final ASN1ObjectIdentifier nameConstraints = new ASN1ObjectIdentifier("2.5.29.30"); - - /** - * CRL Distribution Points - */ - public static final ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31"); - - /** - * Certificate Policies - */ - public static final ASN1ObjectIdentifier certificatePolicies = new ASN1ObjectIdentifier("2.5.29.32"); - - /** - * Policy Mappings - */ - public static final ASN1ObjectIdentifier policyMappings = new ASN1ObjectIdentifier("2.5.29.33"); - - /** - * Authority Key Identifier - */ - public static final ASN1ObjectIdentifier authorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35"); - - /** - * Policy Constraints - */ - public static final ASN1ObjectIdentifier policyConstraints = new ASN1ObjectIdentifier("2.5.29.36"); - - /** - * Extended Key Usage - */ - public static final ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37"); - - /** - * Freshest CRL - */ - public static final ASN1ObjectIdentifier freshestCRL = new ASN1ObjectIdentifier("2.5.29.46"); - - /** - * Inhibit Any Policy - */ - public static final ASN1ObjectIdentifier inhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54"); - - /** - * Authority Info Access - */ - public static final ASN1ObjectIdentifier authorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1"); - - /** - * Subject Info Access - */ - public static final ASN1ObjectIdentifier subjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11"); - - /** - * Logo Type - */ - public static final ASN1ObjectIdentifier logoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12"); - - /** - * BiometricInfo - */ - public static final ASN1ObjectIdentifier biometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2"); - - /** - * QCStatements - */ - public static final ASN1ObjectIdentifier qCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3"); - - /** - * Audit identity extension in attribute certificates. - */ - public static final ASN1ObjectIdentifier auditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4"); - - /** - * NoRevAvail extension in attribute certificates. - */ - public static final ASN1ObjectIdentifier noRevAvail = new ASN1ObjectIdentifier("2.5.29.56"); - - /** - * TargetInformation extension in attribute certificates. - */ - public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55"); - - boolean critical; - ASN1OctetString value; - - public X509Extension( - DERBoolean critical, - ASN1OctetString value) - { - this.critical = critical.isTrue(); - this.value = value; - } - - public X509Extension( - boolean critical, - ASN1OctetString value) - { - this.critical = critical; - this.value = value; - } - - public boolean isCritical() - { - return critical; - } - - public ASN1OctetString getValue() - { - return value; - } - - public ASN1Encodable getParsedValue() - { - return convertValueToObject(this); - } - - public int hashCode() - { - if (this.isCritical()) - { - return this.getValue().hashCode(); - } - - - return ~this.getValue().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof X509Extension)) - { - return false; - } - - X509Extension other = (X509Extension)o; - - return other.getValue().equals(this.getValue()) - && (other.isCritical() == this.isCritical()); - } - - /** - * Convert the value of the passed in extension to an object - * @param ext the extension to parse - * @return the object the value string contains - * @exception IllegalArgumentException if conversion is not possible - */ - public static ASN1Object convertValueToObject( - X509Extension ext) - throws IllegalArgumentException - { - try - { - return ASN1Object.fromByteArray(ext.getValue().getOctets()); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't convert extension: " + e); - } - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java deleted file mode 100644 index 0abbe84dd..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java +++ /dev/null @@ -1,479 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class X509Extensions - extends ASN1Encodable -{ - /** - * Subject Directory Attributes - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier SubjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9"); - - /** - * Subject Key Identifier - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier SubjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14"); - - /** - * Key Usage - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier KeyUsage = new ASN1ObjectIdentifier("2.5.29.15"); - - /** - * Private Key Usage Period - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier PrivateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16"); - - /** - * Subject Alternative Name - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier SubjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17"); - - /** - * Issuer Alternative Name - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier IssuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18"); - - /** - * Basic Constraints - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier BasicConstraints = new ASN1ObjectIdentifier("2.5.29.19"); - - /** - * CRL Number - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier CRLNumber = new ASN1ObjectIdentifier("2.5.29.20"); - - /** - * Reason code - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier ReasonCode = new ASN1ObjectIdentifier("2.5.29.21"); - - /** - * Hold Instruction Code - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier InstructionCode = new ASN1ObjectIdentifier("2.5.29.23"); - - /** - * Invalidity Date - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier InvalidityDate = new ASN1ObjectIdentifier("2.5.29.24"); - - /** - * Delta CRL indicator - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier DeltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27"); - - /** - * Issuing Distribution Point - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier IssuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28"); - - /** - * Certificate Issuer - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier CertificateIssuer = new ASN1ObjectIdentifier("2.5.29.29"); - - /** - * Name Constraints - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier NameConstraints = new ASN1ObjectIdentifier("2.5.29.30"); - - /** - * CRL Distribution Points - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier CRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31"); - - /** - * Certificate Policies - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier CertificatePolicies = new ASN1ObjectIdentifier("2.5.29.32"); - - /** - * Policy Mappings - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier PolicyMappings = new ASN1ObjectIdentifier("2.5.29.33"); - - /** - * Authority Key Identifier - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier AuthorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35"); - - /** - * Policy Constraints - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier PolicyConstraints = new ASN1ObjectIdentifier("2.5.29.36"); - - /** - * Extended Key Usage - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier ExtendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37"); - - /** - * Freshest CRL - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier FreshestCRL = new ASN1ObjectIdentifier("2.5.29.46"); - - /** - * Inhibit Any Policy - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier InhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54"); - - /** - * Authority Info Access - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier AuthorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1"); - - /** - * Subject Info Access - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier SubjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11"); - - /** - * Logo Type - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier LogoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12"); - - /** - * BiometricInfo - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier BiometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2"); - - /** - * QCStatements - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier QCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3"); - - /** - * Audit identity extension in attribute certificates. - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier AuditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4"); - - /** - * NoRevAvail extension in attribute certificates. - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier NoRevAvail = new ASN1ObjectIdentifier("2.5.29.56"); - - /** - * TargetInformation extension in attribute certificates. - * @deprecated use X509Extension value. - */ - public static final ASN1ObjectIdentifier TargetInformation = new ASN1ObjectIdentifier("2.5.29.55"); - - private Hashtable extensions = new Hashtable(); - private Vector ordering = new Vector(); - - public static X509Extensions getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static X509Extensions getInstance( - Object obj) - { - if (obj == null || obj instanceof X509Extensions) - { - return (X509Extensions)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new X509Extensions((ASN1Sequence)obj); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - * - * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) - */ - public X509Extensions( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - - if (s.size() == 3) - { - extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)))); - } - else if (s.size() == 2) - { - extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)))); - } - else - { - throw new IllegalArgumentException("Bad sequence size: " + s.size()); - } - - ordering.addElement(s.getObjectAt(0)); - } - } - - /** - * constructor from a table of extensions. - *

- * it's is assumed the table contains OID/String pairs. - */ - public X509Extensions( - Hashtable extensions) - { - this(null, extensions); - } - - /** - * Constructor from a table of extensions with ordering. - *

- * It's is assumed the table contains OID/String pairs. - */ - public X509Extensions( - Vector ordering, - Hashtable extensions) - { - Enumeration e; - - if (ordering == null) - { - e = extensions.keys(); - } - else - { - e = ordering.elements(); - } - - while (e.hasMoreElements()) - { - this.ordering.addElement(new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId())); - } - - e = this.ordering.elements(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId()); - X509Extension ext = (X509Extension)extensions.get(oid); - - this.extensions.put(oid, ext); - } - } - - /** - * Constructor from two vectors - * - * @param objectIDs a vector of the object identifiers. - * @param values a vector of the extension values. - */ - public X509Extensions( - Vector objectIDs, - Vector values) - { - Enumeration e = objectIDs.elements(); - - while (e.hasMoreElements()) - { - this.ordering.addElement(e.nextElement()); - } - - int count = 0; - - e = this.ordering.elements(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = (X509Extension)values.elementAt(count); - - this.extensions.put(oid, ext); - count++; - } - } - - /** - * return an Enumeration of the extension field's object ids. - */ - public Enumeration oids() - { - return ordering.elements(); - } - - /** - * return the extension represented by the object identifier - * passed in. - * - * @return the extension if it's present, null otherwise. - */ - public X509Extension getExtension( - ASN1ObjectIdentifier oid) - { - return (X509Extension)extensions.get(oid); - } - - /** - * @deprecated - * @param oid - * @return - */ - public X509Extension getExtension( - DERObjectIdentifier oid) - { - return (X509Extension)extensions.get(oid); - } - - /** - * 

-     *     Extensions        ::=   SEQUENCE SIZE (1..MAX) OF Extension
-     *
-     *     Extension         ::=   SEQUENCE {
-     *        extnId            EXTENSION.&id ({ExtensionSet}),
-     *        critical          BOOLEAN DEFAULT FALSE,
-     *        extnValue         OCTET STRING }
-     *
- */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = ordering.elements(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = (X509Extension)extensions.get(oid); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oid); - - if (ext.isCritical()) - { - v.add(new DERBoolean(true)); - } - - v.add(ext.getValue()); - - vec.add(new DERSequence(v)); - } - - return new DERSequence(vec); - } - - public boolean equivalent( - X509Extensions other) - { - if (extensions.size() != other.extensions.size()) - { - return false; - } - - Enumeration e1 = extensions.keys(); - - while (e1.hasMoreElements()) - { - Object key = e1.nextElement(); - - if (!extensions.get(key).equals(other.extensions.get(key))) - { - return false; - } - } - - return true; - } - - public ASN1ObjectIdentifier[] getExtensionOIDs() - { - return toOidArray(ordering); - } - - public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public ASN1ObjectIdentifier[] getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - private ASN1ObjectIdentifier[] getExtensionOIDs(boolean isCritical) - { - Vector oidVec = new Vector(); - - for (int i = 0; i != ordering.size(); i++) - { - Object oid = ordering.elementAt(i); - - if (((X509Extension)extensions.get(oid)).isCritical() == isCritical) - { - oidVec.addElement(oid); - } - } - - return toOidArray(oidVec); - } - - private ASN1ObjectIdentifier[] toOidArray(Vector oidVec) - { - ASN1ObjectIdentifier[] oids = new ASN1ObjectIdentifier[oidVec.size()]; - - for (int i = 0; i != oids.length; i++) - { - oids[i] = (ASN1ObjectIdentifier)oidVec.elementAt(i); - } - return oids; - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java deleted file mode 100644 index 0487c8e2c..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; - -import java.io.IOException; -import java.util.Hashtable; -import java.util.Vector; - -/** - * Generator for X.509 extensions - */ -public class X509ExtensionsGenerator -{ - private Hashtable extensions = new Hashtable(); - private Vector extOrdering = new Vector(); - - /** - * Reset the generator - */ - public void reset() - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - /** - * Add an extension with the given oid and the passed in value to be included - * in the OCTET STRING associated with the extension. - * - * @param oid OID for the extension. - * @param critical true if critical, false otherwise. - * @param value the ASN.1 object to be included in the extension. - */ - public void addExtension( - DERObjectIdentifier oid, - boolean critical, - DEREncodable value) - { - try - { - this.addExtension(oid, critical, value.getDERObject().getEncoded(ASN1Encodable.DER)); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding value: " + e); - } - } - - /** - * Add an extension with the given oid and the passed in byte array to be wrapped in the - * OCTET STRING associated with the extension. - * - * @param oid OID for the extension. - * @param critical true if critical, false otherwise. - * @param value the byte array to be wrapped. - */ - public void addExtension( - DERObjectIdentifier oid, - boolean critical, - byte[] value) - { - if (extensions.containsKey(oid)) - { - throw new IllegalArgumentException("extension " + oid + " already added"); - } - - extOrdering.addElement(oid); - extensions.put(oid, new X509Extension(critical, new DEROctetString(value))); - } - - /** - * Return true if there are no extension present in this generator. - * - * @return true if empty, false otherwise - */ - public boolean isEmpty() - { - return extOrdering.isEmpty(); - } - - /** - * Generate an X509Extensions object based on the current state of the generator. - * - * @return an X09Extensions object. - */ - public X509Extensions generate() - { - return new X509Extensions(extOrdering, extensions); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Name.java deleted file mode 100644 index 76c6e663a..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509Name.java +++ /dev/null @@ -1,1267 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERString; -import org.bouncycastle.asn1.DERUniversalString; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - -/** - * 
- *     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- *     RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
- *
- *     AttributeTypeAndValue ::= SEQUENCE {
- *                                   type  OBJECT IDENTIFIER,
- *                                   value ANY }
- *
- * @deprecated use org.bouncycastle.asn1.x500.X500Name. - */ -public class X509Name - extends ASN1Encodable -{ - /** - * country code - StringType(SIZE(2)) - */ - public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6"); - - /** - * organization - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10"); - - /** - * organizational unit name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11"); - - /** - * Title - */ - public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12"); - - /** - * common name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3"); - - /** - * device serial number name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5"); - - /** - * street - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier STREET = new DERObjectIdentifier("2.5.4.9"); - - /** - * device serial number name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier SERIALNUMBER = SN; - - /** - * locality name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7"); - - /** - * state, or province name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8"); - - /** - * Naming attributes of type X520name - */ - public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4"); - public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42"); - public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43"); - public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44"); - public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45"); - - /** - * businessCategory - DirectoryString(SIZE(1..128) - */ - public static final DERObjectIdentifier BUSINESS_CATEGORY = new DERObjectIdentifier( - "2.5.4.15"); - - /** - * postalCode - DirectoryString(SIZE(1..40) - */ - public static final DERObjectIdentifier POSTAL_CODE = new DERObjectIdentifier( - "2.5.4.17"); - - /** - * dnQualifier - DirectoryString(SIZE(1..64) - */ - public static final DERObjectIdentifier DN_QUALIFIER = new DERObjectIdentifier( - "2.5.4.46"); - - /** - * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) - */ - public static final DERObjectIdentifier PSEUDONYM = new DERObjectIdentifier( - "2.5.4.65"); - - - /** - * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z - */ - public static final DERObjectIdentifier DATE_OF_BIRTH = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.1"); - - /** - * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) - */ - public static final DERObjectIdentifier PLACE_OF_BIRTH = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.2"); - - /** - * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" - */ - public static final DERObjectIdentifier GENDER = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.3"); - - /** - * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 - * codes only - */ - public static final DERObjectIdentifier COUNTRY_OF_CITIZENSHIP = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.4"); - - /** - * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166 - * codes only - */ - public static final DERObjectIdentifier COUNTRY_OF_RESIDENCE = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.5"); - - - /** - * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64) - */ - public static final DERObjectIdentifier NAME_AT_BIRTH = new DERObjectIdentifier("1.3.36.8.3.14"); - - /** - * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF - * DirectoryString(SIZE(1..30)) - */ - public static final DERObjectIdentifier POSTAL_ADDRESS = new DERObjectIdentifier("2.5.4.16"); - - /** - * RFC 2256 dmdName - */ - public static final DERObjectIdentifier DMD_NAME = new DERObjectIdentifier("2.5.4.54"); - - /** - * id-at-telephoneNumber - */ - public static final DERObjectIdentifier TELEPHONE_NUMBER = X509ObjectIdentifiers.id_at_telephoneNumber; - - /** - * id-at-name - */ - public static final DERObjectIdentifier NAME = X509ObjectIdentifiers.id_at_name; - - /** - * Email address (RSA PKCS#9 extension) - IA5String. - *

Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here. - */ - public static final DERObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress; - - /** - * more from PKCS#9 - */ - public static final DERObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName; - public static final DERObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress; - - /** - * email address in Verisign certificates - */ - public static final DERObjectIdentifier E = EmailAddress; - - /* - * others... - */ - public static final DERObjectIdentifier DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25"); - - /** - * LDAP User id. - */ - public static final DERObjectIdentifier UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1"); - - /** - * determines whether or not strings should be processed and printed - * from back to front. - */ - public static boolean DefaultReverse = false; - - /** - * default look up table translating OID values into their common symbols following - * the convention in RFC 2253 with a few extras - */ - public static final Hashtable DefaultSymbols = new Hashtable(); - - /** - * look up table translating OID values into their common symbols following the convention in RFC 2253 - * - */ - public static final Hashtable RFC2253Symbols = new Hashtable(); - - /** - * look up table translating OID values into their common symbols following the convention in RFC 1779 - * - */ - public static final Hashtable RFC1779Symbols = new Hashtable(); - - /** - * look up table translating common symbols into their OIDS. - */ - public static final Hashtable DefaultLookUp = new Hashtable(); - - /** - * look up table translating OID values into their common symbols - * @deprecated use DefaultSymbols - */ - public static final Hashtable OIDLookUp = DefaultSymbols; - - /** - * look up table translating string values into their OIDS - - * @deprecated use DefaultLookUp - */ - public static final Hashtable SymbolLookUp = DefaultLookUp; - - private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility - private static final Boolean FALSE = new Boolean(false); - - static - { - DefaultSymbols.put(C, "C"); - DefaultSymbols.put(O, "O"); - DefaultSymbols.put(T, "T"); - DefaultSymbols.put(OU, "OU"); - DefaultSymbols.put(CN, "CN"); - DefaultSymbols.put(L, "L"); - DefaultSymbols.put(ST, "ST"); - DefaultSymbols.put(SN, "SERIALNUMBER"); - DefaultSymbols.put(EmailAddress, "E"); - DefaultSymbols.put(DC, "DC"); - DefaultSymbols.put(UID, "UID"); - DefaultSymbols.put(STREET, "STREET"); - DefaultSymbols.put(SURNAME, "SURNAME"); - DefaultSymbols.put(GIVENNAME, "GIVENNAME"); - DefaultSymbols.put(INITIALS, "INITIALS"); - DefaultSymbols.put(GENERATION, "GENERATION"); - DefaultSymbols.put(UnstructuredAddress, "unstructuredAddress"); - DefaultSymbols.put(UnstructuredName, "unstructuredName"); - DefaultSymbols.put(UNIQUE_IDENTIFIER, "UniqueIdentifier"); - DefaultSymbols.put(DN_QUALIFIER, "DN"); - DefaultSymbols.put(PSEUDONYM, "Pseudonym"); - DefaultSymbols.put(POSTAL_ADDRESS, "PostalAddress"); - DefaultSymbols.put(NAME_AT_BIRTH, "NameAtBirth"); - DefaultSymbols.put(COUNTRY_OF_CITIZENSHIP, "CountryOfCitizenship"); - DefaultSymbols.put(COUNTRY_OF_RESIDENCE, "CountryOfResidence"); - DefaultSymbols.put(GENDER, "Gender"); - DefaultSymbols.put(PLACE_OF_BIRTH, "PlaceOfBirth"); - DefaultSymbols.put(DATE_OF_BIRTH, "DateOfBirth"); - DefaultSymbols.put(POSTAL_CODE, "PostalCode"); - DefaultSymbols.put(BUSINESS_CATEGORY, "BusinessCategory"); - DefaultSymbols.put(TELEPHONE_NUMBER, "TelephoneNumber"); - DefaultSymbols.put(NAME, "Name"); - - RFC2253Symbols.put(C, "C"); - RFC2253Symbols.put(O, "O"); - RFC2253Symbols.put(OU, "OU"); - RFC2253Symbols.put(CN, "CN"); - RFC2253Symbols.put(L, "L"); - RFC2253Symbols.put(ST, "ST"); - RFC2253Symbols.put(STREET, "STREET"); - RFC2253Symbols.put(DC, "DC"); - RFC2253Symbols.put(UID, "UID"); - - RFC1779Symbols.put(C, "C"); - RFC1779Symbols.put(O, "O"); - RFC1779Symbols.put(OU, "OU"); - RFC1779Symbols.put(CN, "CN"); - RFC1779Symbols.put(L, "L"); - RFC1779Symbols.put(ST, "ST"); - RFC1779Symbols.put(STREET, "STREET"); - - DefaultLookUp.put("c", C); - DefaultLookUp.put("o", O); - DefaultLookUp.put("t", T); - DefaultLookUp.put("ou", OU); - DefaultLookUp.put("cn", CN); - DefaultLookUp.put("l", L); - DefaultLookUp.put("st", ST); - DefaultLookUp.put("sn", SN); - DefaultLookUp.put("serialnumber", SN); - DefaultLookUp.put("street", STREET); - DefaultLookUp.put("emailaddress", E); - DefaultLookUp.put("dc", DC); - DefaultLookUp.put("e", E); - DefaultLookUp.put("uid", UID); - DefaultLookUp.put("surname", SURNAME); - DefaultLookUp.put("givenname", GIVENNAME); - DefaultLookUp.put("initials", INITIALS); - DefaultLookUp.put("generation", GENERATION); - DefaultLookUp.put("unstructuredaddress", UnstructuredAddress); - DefaultLookUp.put("unstructuredname", UnstructuredName); - DefaultLookUp.put("uniqueidentifier", UNIQUE_IDENTIFIER); - DefaultLookUp.put("dn", DN_QUALIFIER); - DefaultLookUp.put("pseudonym", PSEUDONYM); - DefaultLookUp.put("postaladdress", POSTAL_ADDRESS); - DefaultLookUp.put("nameofbirth", NAME_AT_BIRTH); - DefaultLookUp.put("countryofcitizenship", COUNTRY_OF_CITIZENSHIP); - DefaultLookUp.put("countryofresidence", COUNTRY_OF_RESIDENCE); - DefaultLookUp.put("gender", GENDER); - DefaultLookUp.put("placeofbirth", PLACE_OF_BIRTH); - DefaultLookUp.put("dateofbirth", DATE_OF_BIRTH); - DefaultLookUp.put("postalcode", POSTAL_CODE); - DefaultLookUp.put("businesscategory", BUSINESS_CATEGORY); - DefaultLookUp.put("telephonenumber", TELEPHONE_NUMBER); - DefaultLookUp.put("name", NAME); - } - - private X509NameEntryConverter converter = null; - private Vector ordering = new Vector(); - private Vector values = new Vector(); - private Vector added = new Vector(); - - private ASN1Sequence seq; - - private boolean isHashCodeCalculated; - private int hashCodeValue; - - /** - * Return a X509Name based on the passed in tagged object. - * - * @param obj tag object holding name. - * @param explicit true if explicitly tagged false otherwise. - * @return the X509Name - */ - public static X509Name getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static X509Name getInstance( - Object obj) - { - if (obj == null || obj instanceof X509Name) - { - return (X509Name)obj; - } - else if (obj instanceof X500Name) - { - return new X509Name(ASN1Sequence.getInstance(((X500Name)obj).getDERObject())); - } - else if (obj != null) - { - return new X509Name(ASN1Sequence.getInstance(obj)); - } - - return null; - } - - protected X509Name() - { - // constructure use by new X500 Name class - } - /** - * Constructor from ASN1Sequence - * - * the principal will be a list of constructed sets, each containing an (OID, String) pair. - */ - public X509Name( - ASN1Sequence seq) - { - this.seq = seq; - - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1Set set = ASN1Set.getInstance(((DEREncodable)e.nextElement()).getDERObject()); - - for (int i = 0; i < set.size(); i++) - { - ASN1Sequence s = ASN1Sequence.getInstance(set.getObjectAt(i)); - - if (s.size() != 2) - { - throw new IllegalArgumentException("badly sized pair"); - } - - ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0))); - - DEREncodable value = s.getObjectAt(1); - if (value instanceof DERString && !(value instanceof DERUniversalString)) - { - String v = ((DERString)value).getString(); - if (v.length() > 0 && v.charAt(0) == '#') - { - values.addElement("\\" + v); - } - else - { - values.addElement(v); - } - } - else - { - values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()))); - } - added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility - } - } - } - - /** - * constructor from a table of attributes. - *

- * it's is assumed the table contains OID/String pairs, and the contents - * of the table are copied into an internal table as part of the - * construction process. - *

- * Note: if the name you are trying to generate should be - * following a specific ordering, you should use the constructor - * with the ordering specified below. - * @deprecated use an ordered constructor! The hashtable ordering is rarely correct - */ - public X509Name( - Hashtable attributes) - { - this(null, attributes); - } - - /** - * Constructor from a table of attributes with ordering. - *

- * it's is assumed the table contains OID/String pairs, and the contents - * of the table are copied into an internal table as part of the - * construction process. The ordering vector should contain the OIDs - * in the order they are meant to be encoded or printed in toString. - */ - public X509Name( - Vector ordering, - Hashtable attributes) - { - this(ordering, attributes, new X509DefaultEntryConverter()); - } - - /** - * Constructor from a table of attributes with ordering. - *

- * it's is assumed the table contains OID/String pairs, and the contents - * of the table are copied into an internal table as part of the - * construction process. The ordering vector should contain the OIDs - * in the order they are meant to be encoded or printed in toString. - *

- * The passed in converter will be used to convert the strings into their - * ASN.1 counterparts. - */ - public X509Name( - Vector ordering, - Hashtable attributes, - X509NameEntryConverter converter) - { - this.converter = converter; - - if (ordering != null) - { - for (int i = 0; i != ordering.size(); i++) - { - this.ordering.addElement(ordering.elementAt(i)); - this.added.addElement(FALSE); - } - } - else - { - Enumeration e = attributes.keys(); - - while (e.hasMoreElements()) - { - this.ordering.addElement(e.nextElement()); - this.added.addElement(FALSE); - } - } - - for (int i = 0; i != this.ordering.size(); i++) - { - DERObjectIdentifier oid = (DERObjectIdentifier)this.ordering.elementAt(i); - - if (attributes.get(oid) == null) - { - throw new IllegalArgumentException("No attribute for object id - " + oid.getId() + " - passed to distinguished name"); - } - - this.values.addElement(attributes.get(oid)); // copy the hash table - } - } - - /** - * Takes two vectors one of the oids and the other of the values. - */ - public X509Name( - Vector oids, - Vector values) - { - this(oids, values, new X509DefaultEntryConverter()); - } - - /** - * Takes two vectors one of the oids and the other of the values. - *

- * The passed in converter will be used to convert the strings into their - * ASN.1 counterparts. - */ - public X509Name( - Vector oids, - Vector values, - X509NameEntryConverter converter) - { - this.converter = converter; - - if (oids.size() != values.size()) - { - throw new IllegalArgumentException("oids vector must be same length as values."); - } - - for (int i = 0; i < oids.size(); i++) - { - this.ordering.addElement(oids.elementAt(i)); - this.values.addElement(values.elementAt(i)); - this.added.addElement(FALSE); - } - } - -// private Boolean isEncoded(String s) -// { -// if (s.charAt(0) == '#') -// { -// return TRUE; -// } -// -// return FALSE; -// } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. - */ - public X509Name( - String dirName) - { - this(DefaultReverse, DefaultLookUp, dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes with each - * string value being converted to its associated ASN.1 type using the passed - * in converter. - */ - public X509Name( - String dirName, - X509NameEntryConverter converter) - { - this(DefaultReverse, DefaultLookUp, dirName, converter); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. If reverse - * is true, create the encoded version of the sequence starting from the - * last element in the string. - */ - public X509Name( - boolean reverse, - String dirName) - { - this(reverse, DefaultLookUp, dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes with each - * string value being converted to its associated ASN.1 type using the passed - * in converter. If reverse is true the ASN.1 sequence representing the DN will - * be built by starting at the end of the string, rather than the start. - */ - public X509Name( - boolean reverse, - String dirName, - X509NameEntryConverter converter) - { - this(reverse, DefaultLookUp, dirName, converter); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. lookUp - * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids - * will be processed automatically. - *
- * If reverse is true, create the encoded version of the sequence - * starting from the last element in the string. - * @param reverse true if we should start scanning from the end (RFC 2553). - * @param lookUp table of names and their oids. - * @param dirName the X.500 string to be parsed. - */ - public X509Name( - boolean reverse, - Hashtable lookUp, - String dirName) - { - this(reverse, lookUp, dirName, new X509DefaultEntryConverter()); - } - - private DERObjectIdentifier decodeOID( - String name, - Hashtable lookUp) - { - if (Strings.toUpperCase(name).startsWith("OID.")) - { - return new DERObjectIdentifier(name.substring(4)); - } - else if (name.charAt(0) >= '0' && name.charAt(0) <= '9') - { - return new DERObjectIdentifier(name); - } - - DERObjectIdentifier oid = (DERObjectIdentifier)lookUp.get(Strings.toLowerCase(name)); - if (oid == null) - { - throw new IllegalArgumentException("Unknown object id - " + name + " - passed to distinguished name"); - } - - return oid; - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. lookUp - * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids - * will be processed automatically. The passed in converter is used to convert the - * string values to the right of each equals sign to their ASN.1 counterparts. - *
- * @param reverse true if we should start scanning from the end, false otherwise. - * @param lookUp table of names and oids. - * @param dirName the string dirName - * @param converter the converter to convert string values into their ASN.1 equivalents - */ - public X509Name( - boolean reverse, - Hashtable lookUp, - String dirName, - X509NameEntryConverter converter) - { - this.converter = converter; - X509NameTokenizer nTok = new X509NameTokenizer(dirName); - - while (nTok.hasMoreTokens()) - { - String token = nTok.nextToken(); - int index = token.indexOf('='); - - if (index == -1) - { - throw new IllegalArgumentException("badly formated directory string"); - } - - String name = token.substring(0, index); - String value = token.substring(index + 1); - DERObjectIdentifier oid = decodeOID(name, lookUp); - - if (value.indexOf('+') > 0) - { - X509NameTokenizer vTok = new X509NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - this.ordering.addElement(oid); - this.values.addElement(v); - this.added.addElement(FALSE); - - while (vTok.hasMoreTokens()) - { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); - - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); - this.ordering.addElement(decodeOID(nm, lookUp)); - this.values.addElement(vl); - this.added.addElement(TRUE); - } - } - else - { - this.ordering.addElement(oid); - this.values.addElement(value); - this.added.addElement(FALSE); - } - } - - if (reverse) - { - Vector o = new Vector(); - Vector v = new Vector(); - Vector a = new Vector(); - - int count = 1; - - for (int i = 0; i < this.ordering.size(); i++) - { - if (((Boolean)this.added.elementAt(i)).booleanValue()) - { - o.insertElementAt(this.ordering.elementAt(i), count); - v.insertElementAt(this.values.elementAt(i), count); - a.insertElementAt(this.added.elementAt(i), count); - count++; - } - else - { - o.insertElementAt(this.ordering.elementAt(i), 0); - v.insertElementAt(this.values.elementAt(i), 0); - a.insertElementAt(this.added.elementAt(i), 0); - count = 1; - } - } - - this.ordering = o; - this.values = v; - this.added = a; - } - } - - /** - * return a vector of the oids in the name, in the order they were found. - */ - public Vector getOIDs() - { - Vector v = new Vector(); - - for (int i = 0; i != ordering.size(); i++) - { - v.addElement(ordering.elementAt(i)); - } - - return v; - } - - /** - * return a vector of the values found in the name, in the order they - * were found. - */ - public Vector getValues() - { - Vector v = new Vector(); - - for (int i = 0; i != values.size(); i++) - { - v.addElement(values.elementAt(i)); - } - - return v; - } - - /** - * return a vector of the values found in the name, in the order they - * were found, with the DN label corresponding to passed in oid. - */ - public Vector getValues( - DERObjectIdentifier oid) - { - Vector v = new Vector(); - - for (int i = 0; i != values.size(); i++) - { - if (ordering.elementAt(i).equals(oid)) - { - String val = (String)values.elementAt(i); - - if (val.length() > 2 && val.charAt(0) == '\\' && val.charAt(1) == '#') - { - v.addElement(val.substring(1)); - } - else - { - v.addElement(val); - } - } - } - - return v; - } - - public DERObject toASN1Object() - { - if (seq == null) - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - ASN1EncodableVector sVec = new ASN1EncodableVector(); - DERObjectIdentifier lstOid = null; - - for (int i = 0; i != ordering.size(); i++) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); - - v.add(oid); - - String str = (String)values.elementAt(i); - - v.add(converter.getConvertedValue(oid, str)); - - if (lstOid == null - || ((Boolean)this.added.elementAt(i)).booleanValue()) - { - sVec.add(new DERSequence(v)); - } - else - { - vec.add(new DERSet(sVec)); - sVec = new ASN1EncodableVector(); - - sVec.add(new DERSequence(v)); - } - - lstOid = oid; - } - - vec.add(new DERSet(sVec)); - - seq = new DERSequence(vec); - } - - return seq; - } - - /** - * @param inOrder if true the order of both X509 names must be the same, - * as well as the values associated with each element. - */ - public boolean equals(Object obj, boolean inOrder) - { - if (!inOrder) - { - return this.equals(obj); - } - - if (obj == this) - { - return true; - } - - if (!(obj instanceof X509Name || obj instanceof ASN1Sequence)) - { - return false; - } - - DERObject derO = ((DEREncodable)obj).getDERObject(); - - if (this.getDERObject().equals(derO)) - { - return true; - } - - X509Name other; - - try - { - other = X509Name.getInstance(obj); - } - catch (IllegalArgumentException e) - { - return false; - } - - int orderingSize = ordering.size(); - - if (orderingSize != other.ordering.size()) - { - return false; - } - - for (int i = 0; i < orderingSize; i++) - { - DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); - DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(i); - - if (oid.equals(oOid)) - { - String value = (String)values.elementAt(i); - String oValue = (String)other.values.elementAt(i); - - if (!equivalentStrings(value, oValue)) - { - return false; - } - } - else - { - return false; - } - } - - return true; - } - - public int hashCode() - { - if (isHashCodeCalculated) - { - return hashCodeValue; - } - - isHashCodeCalculated = true; - - // this needs to be order independent, like equals - for (int i = 0; i != ordering.size(); i += 1) - { - String value = (String)values.elementAt(i); - - value = canonicalize(value); - value = stripInternalSpaces(value); - - hashCodeValue ^= ordering.elementAt(i).hashCode(); - hashCodeValue ^= value.hashCode(); - } - - return hashCodeValue; - } - - /** - * test for equality - note: case is ignored. - */ - public boolean equals(Object obj) - { - if (obj == this) - { - return true; - } - - if (!(obj instanceof X509Name || obj instanceof ASN1Sequence)) - { - return false; - } - - DERObject derO = ((DEREncodable)obj).getDERObject(); - - if (this.getDERObject().equals(derO)) - { - return true; - } - - X509Name other; - - try - { - other = X509Name.getInstance(obj); - } - catch (IllegalArgumentException e) - { - return false; - } - - int orderingSize = ordering.size(); - - if (orderingSize != other.ordering.size()) - { - return false; - } - - boolean[] indexes = new boolean[orderingSize]; - int start, end, delta; - - if (ordering.elementAt(0).equals(other.ordering.elementAt(0))) // guess forward - { - start = 0; - end = orderingSize; - delta = 1; - } - else // guess reversed - most common problem - { - start = orderingSize - 1; - end = -1; - delta = -1; - } - - for (int i = start; i != end; i += delta) - { - boolean found = false; - DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i); - String value = (String)values.elementAt(i); - - for (int j = 0; j < orderingSize; j++) - { - if (indexes[j]) - { - continue; - } - - DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(j); - - if (oid.equals(oOid)) - { - String oValue = (String)other.values.elementAt(j); - - if (equivalentStrings(value, oValue)) - { - indexes[j] = true; - found = true; - break; - } - } - } - - if (!found) - { - return false; - } - } - - return true; - } - - private boolean equivalentStrings(String s1, String s2) - { - String value = canonicalize(s1); - String oValue = canonicalize(s2); - - if (!value.equals(oValue)) - { - value = stripInternalSpaces(value); - oValue = stripInternalSpaces(oValue); - - if (!value.equals(oValue)) - { - return false; - } - } - - return true; - } - - private String canonicalize(String s) - { - String value = Strings.toLowerCase(s.trim()); - - if (value.length() > 0 && value.charAt(0) == '#') - { - DERObject obj = decodeObject(value); - - if (obj instanceof DERString) - { - value = Strings.toLowerCase(((DERString)obj).getString().trim()); - } - } - - return value; - } - - private ASN1Object decodeObject(String oValue) - { - try - { - return ASN1Object.fromByteArray(Hex.decode(oValue.substring(1))); - } - catch (IOException e) - { - throw new IllegalStateException("unknown encoding in name: " + e); - } - } - - private String stripInternalSpaces( - String str) - { - StringBuffer res = new StringBuffer(); - - if (str.length() != 0) - { - char c1 = str.charAt(0); - - res.append(c1); - - for (int k = 1; k < str.length(); k++) - { - char c2 = str.charAt(k); - if (!(c1 == ' ' && c2 == ' ')) - { - res.append(c2); - } - c1 = c2; - } - } - - return res.toString(); - } - - private void appendValue( - StringBuffer buf, - Hashtable oidSymbols, - DERObjectIdentifier oid, - String value) - { - String sym = (String)oidSymbols.get(oid); - - if (sym != null) - { - buf.append(sym); - } - else - { - buf.append(oid.getId()); - } - - buf.append('='); - - int index = buf.length(); - - buf.append(value); - - int end = buf.length(); - - if (value.length() >= 2 && value.charAt(0) == '\\' && value.charAt(1) == '#') - { - index += 2; - } - - while (index != end) - { - if ((buf.charAt(index) == ',') - || (buf.charAt(index) == '"') - || (buf.charAt(index) == '\\') - || (buf.charAt(index) == '+') - || (buf.charAt(index) == '=') - || (buf.charAt(index) == '<') - || (buf.charAt(index) == '>') - || (buf.charAt(index) == ';')) - { - buf.insert(index, "\\"); - index++; - end++; - } - - index++; - } - } - - /** - * convert the structure to a string - if reverse is true the - * oids and values are listed out starting with the last element - * in the sequence (ala RFC 2253), otherwise the string will begin - * with the first element of the structure. If no string definition - * for the oid is found in oidSymbols the string value of the oid is - * added. Two standard symbol tables are provided DefaultSymbols, and - * RFC2253Symbols as part of this class. - * - * @param reverse if true start at the end of the sequence and work back. - * @param oidSymbols look up table strings for oids. - */ - public String toString( - boolean reverse, - Hashtable oidSymbols) - { - StringBuffer buf = new StringBuffer(); - Vector components = new Vector(); - boolean first = true; - - StringBuffer ava = null; - - for (int i = 0; i < ordering.size(); i++) - { - if (((Boolean)added.elementAt(i)).booleanValue()) - { - ava.append('+'); - appendValue(ava, oidSymbols, - (DERObjectIdentifier)ordering.elementAt(i), - (String)values.elementAt(i)); - } - else - { - ava = new StringBuffer(); - appendValue(ava, oidSymbols, - (DERObjectIdentifier)ordering.elementAt(i), - (String)values.elementAt(i)); - components.addElement(ava); - } - } - - if (reverse) - { - for (int i = components.size() - 1; i >= 0; i--) - { - if (first) - { - first = false; - } - else - { - buf.append(','); - } - - buf.append(components.elementAt(i).toString()); - } - } - else - { - for (int i = 0; i < components.size(); i++) - { - if (first) - { - first = false; - } - else - { - buf.append(','); - } - - buf.append(components.elementAt(i).toString()); - } - } - - return buf.toString(); - } - - private String bytesToString( - byte[] data) - { - char[] cs = new char[data.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(data[i] & 0xff); - } - - return new String(cs); - } - - public String toString() - { - return toString(DefaultReverse, DefaultSymbols); - } -} diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java deleted file mode 100644 index 501132215..000000000 --- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java +++ /dev/null @@ -1,113 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERPrintableString; -import org.bouncycastle.util.Strings; - -import java.io.IOException; - -/** - * It turns out that the number of standard ways the fields in a DN should be - * encoded into their ASN.1 counterparts is rapidly approaching the - * number of machines on the internet. By default the X509Name class - * will produce UTF8Strings in line with the current recommendations (RFC 3280). - *

- * An example of an encoder look like below: - * 

- * public class X509DirEntryConverter
- *     extends X509NameEntryConverter
- * {
- *     public DERObject getConvertedValue(
- *         DERObjectIdentifier  oid,
- *         String               value)
- *     {
- *         if (str.length() != 0 && str.charAt(0) == '#')
- *         {
- *             return convertHexEncoded(str, 1);
- *         }
- *         if (oid.equals(EmailAddress))
- *         {
- *             return new DERIA5String(str);
- *         }
- *         else if (canBePrintable(str))
- *         {
- *             return new DERPrintableString(str);
- *         }
- *         else if (canBeUTF8(str))
- *         {
- *             return new DERUTF8String(str);
- *         }
- *         else
- *         {
- *             return new DERBMPString(str);
- *         }
- *     }
- * }
- */
-public abstract class X509NameEntryConverter
-{
-    /**
-     * Convert an inline encoded hex string rendition of an ASN.1
-     * object back into its corresponding ASN.1 object.
-     * 
-     * @param str the hex encoded object
-     * @param off the index at which the encoding starts
-     * @return the decoded object
-     */
-    protected DERObject convertHexEncoded(
-        String  str,
-        int     off)
-        throws IOException
-    {
-        str = Strings.toLowerCase(str);
-        byte[] data = new byte[(str.length() - off) / 2];
-        for (int index = 0; index != data.length; index++)
-        {
-            char left = str.charAt((index * 2) + off);
-            char right = str.charAt((index * 2) + off + 1);
-            
-            if (left < 'a')
-            {
-                data[index] = (byte)((left - '0') << 4);
-            }
-            else
-            {
-                data[index] = (byte)((left - 'a' + 10) << 4);
-            }
-            if (right < 'a')
-            {
-                data[index] |= (byte)(right - '0');
-            }
-            else
-            {
-                data[index] |= (byte)(right - 'a' + 10);
-            }
-        }
-
-        ASN1InputStream aIn = new ASN1InputStream(data);
-                                            
-        return aIn.readObject();
-    }
-    
-    /**
-     * return true if the passed in String can be represented without
-     * loss as a PrintableString, false otherwise.
-     */
-    protected boolean canBePrintable(
-        String  str)
-    {
-        return DERPrintableString.isPrintableString(str);
-    }
-    
-    /**
-     * Convert the passed in String value into the appropriate ASN.1
-     * encoded object.
-     * 
-     * @param oid the oid associated with the value in the DN.
-     * @param value the value of the particular DN component.
-     * @return the ASN.1 equivalent for the value.
-     */
-    public abstract DERObject getConvertedValue(DERObjectIdentifier oid, String value);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
deleted file mode 100644
index 1887fb647..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
+++ /dev/null
@@ -1,99 +0,0 @@
-package org.bouncycastle.asn1.x509;
-
-/**
- * class for breaking up an X500 Name into it's component tokens, ala
- * java.util.StringTokenizer. We need this class as some of the
- * lightweight Java environment don't support classes like
- * StringTokenizer.
- */
-public class X509NameTokenizer
-{
-    private String          value;
-    private int             index;
-    private char            seperator;
-    private StringBuffer    buf = new StringBuffer();
-
-    public X509NameTokenizer(
-        String  oid)
-    {
-        this(oid, ',');
-    }
-    
-    public X509NameTokenizer(
-        String  oid,
-        char    seperator)
-    {
-        this.value = oid;
-        this.index = -1;
-        this.seperator = seperator;
-    }
-
-    public boolean hasMoreTokens()
-    {
-        return (index != value.length());
-    }
-
-    public String nextToken()
-    {
-        if (index == value.length())
-        {
-            return null;
-        }
-
-        int     end = index + 1;
-        boolean quoted = false;
-        boolean escaped = false;
-
-        buf.setLength(0);
-
-        while (end != value.length())
-        {
-            char    c = value.charAt(end);
-
-            if (c == '"')
-            {
-                if (!escaped)
-                {
-                    quoted = !quoted;
-                }
-                else
-                {
-                    buf.append(c);
-                }
-                escaped = false;
-            }
-            else
-            {
-                if (escaped || quoted)
-                {
-                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
-                    {
-                        buf.append('\\');
-                    }
-                    else if (c == '+' && seperator != '+')
-                    {
-                        buf.append('\\');
-                    }
-                    buf.append(c);
-                    escaped = false;
-                }
-                else if (c == '\\')
-                {
-                    escaped = true;
-                }
-                else if (c == seperator)
-                {
-                    break;
-                }
-                else
-                {
-                    buf.append(c);
-                }
-            }
-            end++;
-        }
-
-        index = end;
-        return buf.toString().trim();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
deleted file mode 100644
index b1e0ed1df..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package org.bouncycastle.asn1.x509;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-public interface X509ObjectIdentifiers
-{
-    //
-    // base id
-    //
-    static final String                 id                      = "2.5.4";
-
-    static final ASN1ObjectIdentifier    commonName              = new ASN1ObjectIdentifier(id + ".3");
-    static final ASN1ObjectIdentifier    countryName             = new ASN1ObjectIdentifier(id + ".6");
-    static final ASN1ObjectIdentifier    localityName            = new ASN1ObjectIdentifier(id + ".7");
-    static final ASN1ObjectIdentifier    stateOrProvinceName     = new ASN1ObjectIdentifier(id + ".8");
-    static final ASN1ObjectIdentifier    organization            = new ASN1ObjectIdentifier(id + ".10");
-    static final ASN1ObjectIdentifier    organizationalUnitName  = new ASN1ObjectIdentifier(id + ".11");
-
-    static final ASN1ObjectIdentifier    id_at_telephoneNumber   = new ASN1ObjectIdentifier("2.5.4.20");
-    static final ASN1ObjectIdentifier    id_at_name              = new ASN1ObjectIdentifier(id + ".41");
-
-    // id-SHA1 OBJECT IDENTIFIER ::=    
-    //   {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 }    //
-    static final ASN1ObjectIdentifier    id_SHA1                 = new ASN1ObjectIdentifier("1.3.14.3.2.26");
-
-    //
-    // ripemd160 OBJECT IDENTIFIER ::=
-    //      {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) hashAlgorithm(2) RIPEMD-160(1)}
-    //
-    static final ASN1ObjectIdentifier    ripemd160               = new ASN1ObjectIdentifier("1.3.36.3.2.1");
-
-    //
-    // ripemd160WithRSAEncryption OBJECT IDENTIFIER ::=
-    //      {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) rsaSignatureWithripemd160(2) }
-    //
-    static final ASN1ObjectIdentifier    ripemd160WithRSAEncryption = new ASN1ObjectIdentifier("1.3.36.3.3.1.2");
-
-
-    static final ASN1ObjectIdentifier    id_ea_rsa = new ASN1ObjectIdentifier("2.5.8.1.1");
-    
-    // id-pkix
-    static final ASN1ObjectIdentifier id_pkix = new ASN1ObjectIdentifier("1.3.6.1.5.5.7");
-
-    //
-    // private internet extensions
-    //
-    static final ASN1ObjectIdentifier  id_pe = new ASN1ObjectIdentifier(id_pkix + ".1");
-
-    //
-    // authority information access
-    //
-    static final ASN1ObjectIdentifier  id_ad = new ASN1ObjectIdentifier(id_pkix + ".48");
-    static final ASN1ObjectIdentifier  id_ad_caIssuers = new ASN1ObjectIdentifier(id_ad + ".2");
-    static final ASN1ObjectIdentifier  id_ad_ocsp = new ASN1ObjectIdentifier(id_ad + ".1");
-
-    //
-    //    OID for ocsp and crl uri in AuthorityInformationAccess extension
-    //
-    static final ASN1ObjectIdentifier ocspAccessMethod = id_ad_ocsp;
-    static final ASN1ObjectIdentifier crlAccessMethod = id_ad_caIssuers;
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/package.html
deleted file mode 100644
index 728921a1d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Support classes useful for encoding and processing X.509 certificates.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java
deleted file mode 100644
index 9f373face..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java
+++ /dev/null
@@ -1,124 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * The BiometricData object.
- * 
- * BiometricData  ::=  SEQUENCE {
- *       typeOfBiometricData  TypeOfBiometricData,
- *       hashAlgorithm        AlgorithmIdentifier,
- *       biometricDataHash    OCTET STRING,
- *       sourceDataUri        IA5String OPTIONAL  }
- * 

- */
-public class BiometricData 
-    extends ASN1Encodable
-{
-    TypeOfBiometricData typeOfBiometricData;
-    AlgorithmIdentifier hashAlgorithm;
-    ASN1OctetString     biometricDataHash;
-    DERIA5String        sourceDataUri;    
-    
-    public static BiometricData getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof BiometricData)
-        {
-            return (BiometricData)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new BiometricData(ASN1Sequence.getInstance(obj));            
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown object in getInstance");
-        }
-    }                
-            
-    public BiometricData(ASN1Sequence seq)
-    {
-        Enumeration e = seq.getObjects();
-
-        // typeOfBiometricData
-        typeOfBiometricData = TypeOfBiometricData.getInstance(e.nextElement());
-        // hashAlgorithm
-        hashAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement());
-        // biometricDataHash
-        biometricDataHash = ASN1OctetString.getInstance(e.nextElement());
-        // sourceDataUri
-        if (e.hasMoreElements())
-        {
-            sourceDataUri = DERIA5String.getInstance(e.nextElement());
-        }
-    }
-    
-    public BiometricData(
-        TypeOfBiometricData typeOfBiometricData,
-        AlgorithmIdentifier hashAlgorithm,
-        ASN1OctetString     biometricDataHash,
-        DERIA5String        sourceDataUri)
-    {
-        this.typeOfBiometricData = typeOfBiometricData;
-        this.hashAlgorithm = hashAlgorithm;
-        this.biometricDataHash = biometricDataHash;
-        this.sourceDataUri = sourceDataUri;
-    }
-    
-    public BiometricData(
-        TypeOfBiometricData typeOfBiometricData,
-        AlgorithmIdentifier hashAlgorithm,
-        ASN1OctetString     biometricDataHash)
-    {
-        this.typeOfBiometricData = typeOfBiometricData;
-        this.hashAlgorithm = hashAlgorithm;
-        this.biometricDataHash = biometricDataHash;
-        this.sourceDataUri = null;
-    }
-
-    public TypeOfBiometricData getTypeOfBiometricData()
-    {
-        return typeOfBiometricData;
-    }
-    
-    public AlgorithmIdentifier getHashAlgorithm()
-    {
-        return hashAlgorithm;
-    }
-    
-    public ASN1OctetString getBiometricDataHash()
-    {
-        return biometricDataHash;
-    }
-    
-    public DERIA5String getSourceDataUri()
-    {
-        return sourceDataUri;
-    }
-    
-    public DERObject toASN1Object() 
-    {
-        ASN1EncodableVector seq = new ASN1EncodableVector();
-        seq.add(typeOfBiometricData);
-        seq.add(hashAlgorithm);
-        seq.add(biometricDataHash); 
-        
-        if (sourceDataUri != null)
-        {
-            seq.add(sourceDataUri);
-        }
-
-        return new DERSequence(seq);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java
deleted file mode 100644
index 19ef12ba5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-public interface ETSIQCObjectIdentifiers
-{
-    //
-    // base id
-    //
-    static final ASN1ObjectIdentifier    id_etsi_qcs                  = new ASN1ObjectIdentifier("0.4.0.1862.1");
-
-    static final ASN1ObjectIdentifier    id_etsi_qcs_QcCompliance     = id_etsi_qcs.branch("1");
-    static final ASN1ObjectIdentifier    id_etsi_qcs_LimiteValue      = id_etsi_qcs.branch("2");
-    static final ASN1ObjectIdentifier    id_etsi_qcs_RetentionPeriod  = id_etsi_qcs.branch("3");
-    static final ASN1ObjectIdentifier    id_etsi_qcs_QcSSCD           = id_etsi_qcs.branch("4");
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java
deleted file mode 100644
index 10ced5072..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import org.bouncycastle.asn1.ASN1Choice;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERPrintableString;
-
-/**
- * The Iso4217CurrencyCode object.
- * 
- * Iso4217CurrencyCode  ::=  CHOICE {
- *       alphabetic              PrintableString (SIZE 3), --Recommended
- *       numeric              INTEGER (1..999) }
- * -- Alphabetic or numeric currency code as defined in ISO 4217
- * -- It is recommended that the Alphabetic form is used
- * 

- */
-public class Iso4217CurrencyCode 
-    extends ASN1Encodable
-    implements ASN1Choice
-{
-    final int ALPHABETIC_MAXSIZE = 3;
-    final int NUMERIC_MINSIZE = 1;
-    final int NUMERIC_MAXSIZE = 999;
-    
-    DEREncodable obj;    
-    int          numeric;
-    
-    public static Iso4217CurrencyCode getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof Iso4217CurrencyCode)
-        {
-            return (Iso4217CurrencyCode)obj;
-        }
-
-        if (obj instanceof DERInteger)
-        {
-            DERInteger numericobj = DERInteger.getInstance(obj);
-            int numeric = numericobj.getValue().intValue();  
-            return new Iso4217CurrencyCode(numeric);            
-        }
-        else
-        if (obj instanceof DERPrintableString)
-        {
-            DERPrintableString alphabetic = DERPrintableString.getInstance(obj);
-            return new Iso4217CurrencyCode(alphabetic.getString());
-        }
-        throw new IllegalArgumentException("unknown object in getInstance");
-    }
-            
-    public Iso4217CurrencyCode(
-        int numeric)
-    {
-        if (numeric > NUMERIC_MAXSIZE || numeric < NUMERIC_MINSIZE)
-        {
-            throw new IllegalArgumentException("wrong size in numeric code : not in (" +NUMERIC_MINSIZE +".."+ NUMERIC_MAXSIZE +")");
-        }
-        obj = new DERInteger(numeric);
-    }
-    
-    public Iso4217CurrencyCode(
-        String alphabetic)
-    {
-        if (alphabetic.length() > ALPHABETIC_MAXSIZE)
-        {
-            throw new IllegalArgumentException("wrong size in alphabetic code : max size is " + ALPHABETIC_MAXSIZE);
-        }
-        obj = new DERPrintableString(alphabetic);
-    }            
-
-    public boolean isAlphabetic()
-    {
-        return obj instanceof DERPrintableString;
-    }
-    
-    public String getAlphabetic()
-    {
-        return ((DERPrintableString)obj).getString();
-    }
-    
-    public int getNumeric()
-    {
-        return ((DERInteger)obj).getValue().intValue();
-    }
-    
-    public DERObject toASN1Object() 
-    {    
-        return obj.getDERObject();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java
deleted file mode 100644
index c8c0ce363..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import java.math.BigInteger;
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-
-/**
- * The MonetaryValue object.
- * 
- * MonetaryValue  ::=  SEQUENCE {
- *       currency              Iso4217CurrencyCode,
- *       amount               INTEGER, 
- *       exponent             INTEGER }
- * -- value = amount * 10^exponent
- * 

- */
-public class MonetaryValue 
-    extends ASN1Encodable
-{
-    Iso4217CurrencyCode currency;
-    DERInteger          amount;
-    DERInteger          exponent;
-        
-    public static MonetaryValue getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof MonetaryValue)
-        {
-            return (MonetaryValue)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new MonetaryValue(ASN1Sequence.getInstance(obj));            
-        }
-        
-        throw new IllegalArgumentException("unknown object in getInstance");
-    }
-        
-    public MonetaryValue(
-        ASN1Sequence seq)
-    {
-        Enumeration e = seq.getObjects();    
-        // currency
-        currency = Iso4217CurrencyCode.getInstance(e.nextElement());
-        // hashAlgorithm
-        amount = DERInteger.getInstance(e.nextElement());
-        // exponent
-        exponent = DERInteger.getInstance(e.nextElement());            
-    }
-        
-    public MonetaryValue(
-        Iso4217CurrencyCode currency, 
-        int                 amount, 
-        int                 exponent)
-    {    
-        this.currency = currency;
-        this.amount = new DERInteger(amount);
-        this.exponent = new DERInteger(exponent);                  
-    }                    
-             
-    public Iso4217CurrencyCode getCurrency()
-    {
-        return currency;
-    }
-        
-    public BigInteger getAmount()
-    {
-        return amount.getValue();
-    }
-        
-    public BigInteger getExponent()
-    {
-        return exponent.getValue();
-    }   
-    
-    public DERObject toASN1Object() 
-    {
-        ASN1EncodableVector seq = new ASN1EncodableVector();
-        seq.add(currency);
-        seq.add(amount);
-        seq.add(exponent); 
-        
-        return new DERSequence(seq);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java
deleted file mode 100644
index 6b87ea08f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java
+++ /dev/null
@@ -1,95 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-
-/**
- * The QCStatement object.
- * 
- * QCStatement ::= SEQUENCE {
- *   statementId        OBJECT IDENTIFIER,
- *   statementInfo      ANY DEFINED BY statementId OPTIONAL} 
- * 

- */
-
-public class QCStatement 
-    extends ASN1Encodable 
-    implements ETSIQCObjectIdentifiers, RFC3739QCObjectIdentifiers
-{
-    DERObjectIdentifier qcStatementId;
-    ASN1Encodable       qcStatementInfo;
-
-    public static QCStatement getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof QCStatement)
-        {
-            return (QCStatement)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new QCStatement(ASN1Sequence.getInstance(obj));            
-        }
-        
-        throw new IllegalArgumentException("unknown object in getInstance");
-    }    
-    
-    public QCStatement(
-        ASN1Sequence seq)
-    {
-        Enumeration e = seq.getObjects();
-
-        // qcStatementId
-        qcStatementId = DERObjectIdentifier.getInstance(e.nextElement());
-        // qcstatementInfo
-        if (e.hasMoreElements())
-        {
-            qcStatementInfo = (ASN1Encodable) e.nextElement();
-        }
-    }    
-    
-    public QCStatement(
-        DERObjectIdentifier qcStatementId)
-    {
-        this.qcStatementId = qcStatementId;
-        this.qcStatementInfo = null;
-    }
-    
-    public QCStatement(
-        DERObjectIdentifier qcStatementId, 
-        ASN1Encodable       qcStatementInfo)
-    {
-        this.qcStatementId = qcStatementId;
-        this.qcStatementInfo = qcStatementInfo;
-    }    
-        
-    public DERObjectIdentifier getStatementId()
-    {
-        return qcStatementId;
-    }
-    
-    public ASN1Encodable getStatementInfo()
-    {
-        return qcStatementInfo;
-    }
-
-    public DERObject toASN1Object() 
-    {
-        ASN1EncodableVector seq = new ASN1EncodableVector();
-        seq.add(qcStatementId);       
-        
-        if (qcStatementInfo != null)
-        {
-            seq.add(qcStatementInfo);
-        }
-
-        return new DERSequence(seq);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java
deleted file mode 100644
index ecb5cce57..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-public interface RFC3739QCObjectIdentifiers
-{
-    //
-    // base id
-    //
-    static final ASN1ObjectIdentifier   id_qcs             = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.11");
-
-    static final ASN1ObjectIdentifier   id_qcs_pkixQCSyntax_v1  = id_qcs.branch("1");
-    static final ASN1ObjectIdentifier   id_qcs_pkixQCSyntax_v2  = id_qcs.branch("2");
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java
deleted file mode 100644
index 445e8b2f9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java
+++ /dev/null
@@ -1,130 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.GeneralName;
-
-/**
- * The SemanticsInformation object.
- * 
- *       SemanticsInformation ::= SEQUENCE {
- *         semanticsIdentifier        OBJECT IDENTIFIER   OPTIONAL,
- *         nameRegistrationAuthorities NameRegistrationAuthorities
- *                                                         OPTIONAL }
- *         (WITH COMPONENTS {..., semanticsIdentifier PRESENT}|
- *          WITH COMPONENTS {..., nameRegistrationAuthorities PRESENT})
- *
- *     NameRegistrationAuthorities ::=  SEQUENCE SIZE (1..MAX) OF
- *         GeneralName
- * 

- */
-public class SemanticsInformation extends ASN1Encodable
-{
-    DERObjectIdentifier semanticsIdentifier;
-    GeneralName[] nameRegistrationAuthorities;    
-    
-    public static SemanticsInformation getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof SemanticsInformation)
-        {
-            return (SemanticsInformation)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new SemanticsInformation(ASN1Sequence.getInstance(obj));            
-        }
-        
-        throw new IllegalArgumentException("unknown object in getInstance");
-    }
-        
-    public SemanticsInformation(ASN1Sequence seq)
-    {
-        Enumeration e = seq.getObjects();
-        if (seq.size() < 1)
-        {
-             throw new IllegalArgumentException("no objects in SemanticsInformation");
-        }
-        
-        Object object = e.nextElement();
-        if (object instanceof DERObjectIdentifier)
-        {
-            semanticsIdentifier = DERObjectIdentifier.getInstance(object);
-            if (e.hasMoreElements())
-            {
-                object = e.nextElement();
-            }
-            else
-            {
-                object = null;
-            }
-        }
-        
-        if (object != null)
-        {
-            ASN1Sequence generalNameSeq = ASN1Sequence.getInstance(object);
-            nameRegistrationAuthorities = new GeneralName[generalNameSeq.size()];
-            for (int i= 0; i < generalNameSeq.size(); i++)
-            {
-                nameRegistrationAuthorities[i] = GeneralName.getInstance(generalNameSeq.getObjectAt(i));
-            } 
-        }
-    }
-        
-    public SemanticsInformation(
-        DERObjectIdentifier semanticsIdentifier,
-        GeneralName[] generalNames)
-    {
-        this.semanticsIdentifier = semanticsIdentifier;
-        this.nameRegistrationAuthorities = generalNames;
-    }
-
-    public SemanticsInformation(DERObjectIdentifier semanticsIdentifier)
-    {
-        this.semanticsIdentifier = semanticsIdentifier;
-        this.nameRegistrationAuthorities = null;
-    }
-
-    public SemanticsInformation(GeneralName[] generalNames)
-    {
-        this.semanticsIdentifier = null;
-        this.nameRegistrationAuthorities = generalNames;
-    }        
-    
-    public DERObjectIdentifier getSemanticsIdentifier()
-    {
-        return semanticsIdentifier;
-    }
-        
-    public GeneralName[] getNameRegistrationAuthorities()
-    {
-        return nameRegistrationAuthorities;
-    } 
-    
-    public DERObject toASN1Object() 
-    {
-        ASN1EncodableVector seq = new ASN1EncodableVector();
-        
-        if (this.semanticsIdentifier != null)
-        {
-            seq.add(semanticsIdentifier);
-        }
-        if (this.nameRegistrationAuthorities != null)
-        {
-            ASN1EncodableVector seqname = new ASN1EncodableVector();
-            for (int i = 0; i < nameRegistrationAuthorities.length; i++) 
-            {
-                seqname.add(nameRegistrationAuthorities[i]);
-            }            
-            seq.add(new DERSequence(seqname));
-        }            
-        
-        return new DERSequence(seq);
-    }                   
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java
deleted file mode 100644
index 3ab384a6a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java
+++ /dev/null
@@ -1,90 +0,0 @@
-package org.bouncycastle.asn1.x509.qualified;
-
-import org.bouncycastle.asn1.ASN1Choice;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-
-/**
- * The TypeOfBiometricData object.
- * 
- * TypeOfBiometricData ::= CHOICE {
- *   predefinedBiometricType   PredefinedBiometricType,
- *   biometricDataOid          OBJECT IDENTIFIER }
- *
- * PredefinedBiometricType ::= INTEGER {
- *   picture(0),handwritten-signature(1)}
- *   (picture|handwritten-signature)
- * 

- */
-public class TypeOfBiometricData  
-    extends ASN1Encodable
-    implements ASN1Choice
-{
-    public static final int PICTURE                     = 0;
-    public static final int HANDWRITTEN_SIGNATURE       = 1;
-
-    DEREncodable      obj;
-
-    public static TypeOfBiometricData getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof TypeOfBiometricData)
-        {
-            return (TypeOfBiometricData)obj;
-        }
-
-        if (obj instanceof DERInteger)
-        {
-            DERInteger predefinedBiometricTypeObj = DERInteger.getInstance(obj);
-            int  predefinedBiometricType = predefinedBiometricTypeObj.getValue().intValue();
-
-            return new TypeOfBiometricData(predefinedBiometricType);
-        }
-        else if (obj instanceof DERObjectIdentifier)
-        {
-            DERObjectIdentifier BiometricDataID = DERObjectIdentifier.getInstance(obj);
-            return new TypeOfBiometricData(BiometricDataID);
-        }
-
-        throw new IllegalArgumentException("unknown object in getInstance");
-    }
-        
-    public TypeOfBiometricData(int predefinedBiometricType)
-    {
-        if (predefinedBiometricType == PICTURE || predefinedBiometricType == HANDWRITTEN_SIGNATURE)
-        {
-                obj = new DERInteger(predefinedBiometricType);
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknow PredefinedBiometricType : " + predefinedBiometricType);
-        }        
-    }
-    
-    public TypeOfBiometricData(DERObjectIdentifier BiometricDataID)
-    {
-        obj = BiometricDataID;
-    }
-    
-    public boolean isPredefined()
-    {
-        return obj instanceof DERInteger;
-    }
-    
-    public int getPredefinedBiometricType()
-    {
-        return ((DERInteger)obj).getValue().intValue();
-    }
-    
-    public DERObjectIdentifier getBiometricDataOid()
-    {
-        return (DERObjectIdentifier)obj;
-    }
-    
-    public DERObject toASN1Object() 
-    {        
-        return obj.getDERObject();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html
deleted file mode 100644
index 28cfef900..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Support classes useful for encoding and processing messages based around RFC3739
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
deleted file mode 100644
index 7fce7f450..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
+++ /dev/null
@@ -1,191 +0,0 @@
-package org.bouncycastle.asn1.x509.sigi;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Choice;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1String;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.DirectoryString;
-
-/**
- * Structure for a name or pseudonym.
- * 
- * 
- *       NameOrPseudonym ::= CHOICE {
- *            surAndGivenName SEQUENCE {
- *              surName DirectoryString,
- *              givenName SEQUENCE OF DirectoryString 
- *         },
- *            pseudonym DirectoryString 
- *       }
- * 

- * 
- * @see org.bouncycastle.asn1.x509.sigi.PersonalData
- * 
- */
-public class NameOrPseudonym
-    extends ASN1Encodable
-    implements ASN1Choice
-{
-    private DirectoryString pseudonym;
-
-    private DirectoryString surname;
-
-    private ASN1Sequence givenName;
-
-    public static NameOrPseudonym getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof NameOrPseudonym)
-        {
-            return (NameOrPseudonym)obj;
-        }
-
-        if (obj instanceof ASN1String)
-        {
-            return new NameOrPseudonym(DirectoryString.getInstance(obj));
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new NameOrPseudonym((ASN1Sequence)obj);
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: "
-            + obj.getClass().getName());
-    }
-
-    /**
-     * Constructor from DERString.
-     * 

-     * The sequence is of type NameOrPseudonym:
-     * 

-     * 
-     *       NameOrPseudonym ::= CHOICE {
-     *            surAndGivenName SEQUENCE {
-     *              surName DirectoryString,
-     *              givenName SEQUENCE OF DirectoryString
-     *         },
-     *            pseudonym DirectoryString
-     *       }
-     * 

-     * @param pseudonym pseudonym value to use.
-     */
-    public NameOrPseudonym(DirectoryString pseudonym)
-    {
-        this.pseudonym = pseudonym;
-    }
-
-    /**
-     * Constructor from ASN1Sequence.
-     * 

-     * The sequence is of type NameOrPseudonym:
-     * 

-     * 
-     *       NameOrPseudonym ::= CHOICE {
-     *            surAndGivenName SEQUENCE {
-     *              surName DirectoryString,
-     *              givenName SEQUENCE OF DirectoryString
-     *         },
-     *            pseudonym DirectoryString
-     *       }
-     * 

-     *
-     * @param seq The ASN.1 sequence.
-     */
-    private NameOrPseudonym(ASN1Sequence seq)
-    {
-        if (seq.size() != 2)
-        {
-            throw new IllegalArgumentException("Bad sequence size: "
-                + seq.size());
-        }
-
-        if (!(seq.getObjectAt(0) instanceof ASN1String))
-        {
-            throw new IllegalArgumentException("Bad object encountered: "
-                + seq.getObjectAt(0).getClass());
-        }
-
-        surname = DirectoryString.getInstance(seq.getObjectAt(0));
-        givenName = ASN1Sequence.getInstance(seq.getObjectAt(1));
-    }
-
-    /**
-     * Constructor from a given details.
-     *
-     * @param pseudonym The pseudonym.
-     */
-    public NameOrPseudonym(String pseudonym)
-    {
-        this(new DirectoryString(pseudonym));
-    }
-
-    /**
-     * Constructor from a given details.
-     *
-     * @param surname   The surname.
-     * @param givenName A sequence of directory strings making up the givenName
-     */
-    public NameOrPseudonym(DirectoryString surname, ASN1Sequence givenName)
-    {
-        this.surname = surname;
-        this.givenName = givenName;
-    }
-
-    public DirectoryString getPseudonym()
-    {
-        return pseudonym;
-    }
-
-    public DirectoryString getSurname()
-    {
-        return surname;
-    }
-
-    public DirectoryString[] getGivenName()
-    {
-        DirectoryString[] items = new DirectoryString[givenName.size()];
-        int count = 0;
-        for (Enumeration e = givenName.getObjects(); e.hasMoreElements();)
-        {
-            items[count++] = DirectoryString.getInstance(e.nextElement());
-        }
-        return items;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 

-     * Returns:
-     * 

-     * 
-     *       NameOrPseudonym ::= CHOICE {
-     *            surAndGivenName SEQUENCE {
-     *              surName DirectoryString,
-     *              givenName SEQUENCE OF DirectoryString
-     *         },
-     *            pseudonym DirectoryString
-     *       }
-     * 

-     *
-     * @return a DERObject
-     */
-    public DERObject toASN1Object()
-    {
-        if (pseudonym != null)
-        {
-            return pseudonym.toASN1Object();
-        }
-        else
-        {
-            ASN1EncodableVector vec1 = new ASN1EncodableVector();
-            vec1.add(surname);
-            vec1.add(givenName);
-            return new DERSequence(vec1);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
deleted file mode 100644
index b131b4dbf..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
+++ /dev/null
@@ -1,214 +0,0 @@
-package org.bouncycastle.asn1.x509.sigi;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERPrintableString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.x500.DirectoryString;
-
-import java.math.BigInteger;
-import java.util.Enumeration;
-
-/**
- * Contains personal data for the otherName field in the subjectAltNames
- * extension.
- * 

- * 
- *     PersonalData ::= SEQUENCE {
- *       nameOrPseudonym NameOrPseudonym,
- *       nameDistinguisher [0] INTEGER OPTIONAL,
- *       dateOfBirth [1] GeneralizedTime OPTIONAL,
- *       placeOfBirth [2] DirectoryString OPTIONAL,
- *       gender [3] PrintableString OPTIONAL,
- *       postalAddress [4] DirectoryString OPTIONAL
- *       }
- * 

- *
- * @see org.bouncycastle.asn1.x509.sigi.NameOrPseudonym
- * @see org.bouncycastle.asn1.x509.sigi.SigIObjectIdentifiers
- */
-public class PersonalData
-    extends ASN1Encodable
-{
-    private NameOrPseudonym nameOrPseudonym;
-    private BigInteger nameDistinguisher;
-    private DERGeneralizedTime dateOfBirth;
-    private DirectoryString placeOfBirth;
-    private String gender;
-    private DirectoryString postalAddress;
-
-    public static PersonalData getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof PersonalData)
-        {
-            return (PersonalData)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new PersonalData((ASN1Sequence)obj);
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * Constructor from ASN1Sequence.
-     * 

-     * The sequence is of type NameOrPseudonym:
-     * 

-     * 
-     *     PersonalData ::= SEQUENCE {
-     *       nameOrPseudonym NameOrPseudonym,
-     *       nameDistinguisher [0] INTEGER OPTIONAL,
-     *       dateOfBirth [1] GeneralizedTime OPTIONAL,
-     *       placeOfBirth [2] DirectoryString OPTIONAL,
-     *       gender [3] PrintableString OPTIONAL,
-     *       postalAddress [4] DirectoryString OPTIONAL
-     *       }
-     * 

-     *
-     * @param seq The ASN.1 sequence.
-     */
-    private PersonalData(ASN1Sequence seq)
-    {
-        if (seq.size() < 1)
-        {
-            throw new IllegalArgumentException("Bad sequence size: "
-                + seq.size());
-        }
-
-        Enumeration e = seq.getObjects();
-
-        nameOrPseudonym = NameOrPseudonym.getInstance(e.nextElement());
-
-        while (e.hasMoreElements())
-        {
-            ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement());
-            int tag = o.getTagNo();
-            switch (tag)
-            {
-                case 0:
-                    nameDistinguisher = DERInteger.getInstance(o, false).getValue();
-                    break;
-                case 1:
-                    dateOfBirth = DERGeneralizedTime.getInstance(o, false);
-                    break;
-                case 2:
-                    placeOfBirth = DirectoryString.getInstance(o, true);
-                    break;
-                case 3:
-                    gender = DERPrintableString.getInstance(o, false).getString();
-                    break;
-                case 4:
-                    postalAddress = DirectoryString.getInstance(o, true);
-                    break;
-                default:
-                    throw new IllegalArgumentException("Bad tag number: " + o.getTagNo());
-            }
-        }
-    }
-
-    /**
-     * Constructor from a given details.
-     *
-     * @param nameOrPseudonym   Name or pseudonym.
-     * @param nameDistinguisher Name distinguisher.
-     * @param dateOfBirth       Date of birth.
-     * @param placeOfBirth      Place of birth.
-     * @param gender            Gender.
-     * @param postalAddress     Postal Address.
-     */
-    public PersonalData(NameOrPseudonym nameOrPseudonym,
-                        BigInteger nameDistinguisher, DERGeneralizedTime dateOfBirth,
-                        DirectoryString placeOfBirth, String gender, DirectoryString postalAddress)
-    {
-        this.nameOrPseudonym = nameOrPseudonym;
-        this.dateOfBirth = dateOfBirth;
-        this.gender = gender;
-        this.nameDistinguisher = nameDistinguisher;
-        this.postalAddress = postalAddress;
-        this.placeOfBirth = placeOfBirth;
-    }
-
-    public NameOrPseudonym getNameOrPseudonym()
-    {
-        return nameOrPseudonym;
-    }
-
-    public BigInteger getNameDistinguisher()
-    {
-        return nameDistinguisher;
-    }
-
-    public DERGeneralizedTime getDateOfBirth()
-    {
-        return dateOfBirth;
-    }
-
-    public DirectoryString getPlaceOfBirth()
-    {
-        return placeOfBirth;
-    }
-
-    public String getGender()
-    {
-        return gender;
-    }
-
-    public DirectoryString getPostalAddress()
-    {
-        return postalAddress;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 

-     * Returns:
-     * 

-     * 
-     *     PersonalData ::= SEQUENCE {
-     *       nameOrPseudonym NameOrPseudonym,
-     *       nameDistinguisher [0] INTEGER OPTIONAL,
-     *       dateOfBirth [1] GeneralizedTime OPTIONAL,
-     *       placeOfBirth [2] DirectoryString OPTIONAL,
-     *       gender [3] PrintableString OPTIONAL,
-     *       postalAddress [4] DirectoryString OPTIONAL
-     *       }
-     * 

-     *
-     * @return a DERObject
-     */
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector vec = new ASN1EncodableVector();
-        vec.add(nameOrPseudonym);
-        if (nameDistinguisher != null)
-        {
-            vec.add(new DERTaggedObject(false, 0, new DERInteger(nameDistinguisher)));
-        }
-        if (dateOfBirth != null)
-        {
-            vec.add(new DERTaggedObject(false, 1, dateOfBirth));
-        }
-        if (placeOfBirth != null)
-        {
-            vec.add(new DERTaggedObject(true, 2, placeOfBirth));
-        }
-        if (gender != null)
-        {
-            vec.add(new DERTaggedObject(false, 3, new DERPrintableString(gender, true)));
-        }
-        if (postalAddress != null)
-        {
-            vec.add(new DERTaggedObject(true, 4, postalAddress));
-        }
-        return new DERSequence(vec);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java
deleted file mode 100644
index 8cac124b8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.asn1.x509.sigi;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-/**
- * Object Identifiers of SigI specifciation (German Signature Law
- * Interoperability specification).
- */
-public interface SigIObjectIdentifiers
-{
-    public final static ASN1ObjectIdentifier id_sigi = new ASN1ObjectIdentifier("1.3.36.8");
-
-    /**
-     * Key purpose IDs for German SigI (Signature Interoperability
-     * Specification)
-     */
-    public final static ASN1ObjectIdentifier id_sigi_kp = new ASN1ObjectIdentifier(id_sigi + ".2");
-
-    /**
-     * Certificate policy IDs for German SigI (Signature Interoperability
-     * Specification)
-     */
-    public final static ASN1ObjectIdentifier id_sigi_cp = new ASN1ObjectIdentifier(id_sigi + ".1");
-
-    /**
-     * Other Name IDs for German SigI (Signature Interoperability Specification)
-     */
-    public final static ASN1ObjectIdentifier id_sigi_on = new ASN1ObjectIdentifier(id_sigi + ".4");
-
-    /**
-     * To be used for for the generation of directory service certificates.
-     */
-    public static final ASN1ObjectIdentifier id_sigi_kp_directoryService = new ASN1ObjectIdentifier(id_sigi_kp + ".1");
-
-    /**
-     * ID for PersonalData
-     */
-    public static final ASN1ObjectIdentifier id_sigi_on_personalData = new ASN1ObjectIdentifier(id_sigi_on + ".1");
-
-    /**
-     * Certificate is conform to german signature law.
-     */
-    public static final ASN1ObjectIdentifier id_sigi_cp_sigconform = new ASN1ObjectIdentifier(id_sigi_cp + ".1");
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
deleted file mode 100644
index 78670906d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
+++ /dev/null
@@ -1,139 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-
-public class DHDomainParameters
-    extends ASN1Encodable
-{
-    private DERInteger p, g, q, j;
-    private DHValidationParms validationParms;
-
-    public static DHDomainParameters getInstance(ASN1TaggedObject obj, boolean explicit)
-    {
-        return getInstance(ASN1Sequence.getInstance(obj, explicit));
-    }
-
-    public static DHDomainParameters getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof DHDomainParameters)
-        {
-            return (DHDomainParameters)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new DHDomainParameters((ASN1Sequence)obj);
-        }
-
-        throw new IllegalArgumentException("Invalid DHDomainParameters: "
-            + obj.getClass().getName());
-    }
-
-    public DHDomainParameters(DERInteger p, DERInteger g, DERInteger q, DERInteger j,
-        DHValidationParms validationParms)
-    {
-        if (p == null)
-        {
-            throw new IllegalArgumentException("'p' cannot be null");
-        }
-        if (g == null)
-        {
-            throw new IllegalArgumentException("'g' cannot be null");
-        }
-        if (q == null)
-        {
-            throw new IllegalArgumentException("'q' cannot be null");
-        }
-
-        this.p = p;
-        this.g = g;
-        this.q = q;
-        this.j = j;
-        this.validationParms = validationParms;
-    }
-
-    private DHDomainParameters(ASN1Sequence seq)
-    {
-        if (seq.size() < 3 || seq.size() > 5)
-        {
-            throw new IllegalArgumentException("Bad sequence size: " + seq.size());
-        }
-
-        Enumeration e = seq.getObjects();
-        this.p = DERInteger.getInstance(e.nextElement());
-        this.g = DERInteger.getInstance(e.nextElement());
-        this.q = DERInteger.getInstance(e.nextElement());
-
-        DEREncodable next = getNext(e);
-
-        if (next != null && next instanceof DERInteger)
-        {
-            this.j = DERInteger.getInstance(next);
-            next = getNext(e);
-        }
-
-        if (next != null)
-        {
-            this.validationParms = DHValidationParms.getInstance(next.getDERObject());
-        }
-    }
-
-    private static DEREncodable getNext(Enumeration e)
-    {
-        return e.hasMoreElements() ? (DEREncodable)e.nextElement() : null;
-    }
-
-    public DERInteger getP()
-    {
-        return this.p;
-    }
-
-    public DERInteger getG()
-    {
-        return this.g;
-    }
-
-    public DERInteger getQ()
-    {
-        return this.q;
-    }
-
-    public DERInteger getJ()
-    {
-        return this.j;
-    }
-
-    public DHValidationParms getValidationParms()
-    {
-        return this.validationParms;
-    }
-
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(this.p);
-        v.add(this.g);
-        v.add(this.q);
-
-        if (this.j != null)
-        {
-            v.add(this.j);
-        }
-
-        if (this.validationParms != null)
-        {
-            v.add(this.validationParms);
-        }
-
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java
deleted file mode 100644
index daafbeba0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-
-public class DHPublicKey
-    extends ASN1Encodable
-{
-    private DERInteger y;
-
-    public static DHPublicKey getInstance(ASN1TaggedObject obj, boolean explicit)
-    {
-        return getInstance(DERInteger.getInstance(obj, explicit));
-    }
-
-    public static DHPublicKey getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof DHPublicKey)
-        {
-            return (DHPublicKey)obj;
-        }
-
-        if (obj instanceof DERInteger)
-        {
-            return new DHPublicKey((DERInteger)obj);
-        }
-
-        throw new IllegalArgumentException("Invalid DHPublicKey: " + obj.getClass().getName());
-    }
-
-    public DHPublicKey(DERInteger y)
-    {
-        if (y == null)
-        {
-            throw new IllegalArgumentException("'y' cannot be null");
-        }
-
-        this.y = y;
-    }
-
-    public DERInteger getY()
-    {
-        return this.y;
-    }
-
-    public DERObject toASN1Object()
-    {
-        return this.y;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
deleted file mode 100644
index e801e1cea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-
-public class DHValidationParms extends ASN1Encodable
-{
-    private DERBitString seed;
-    private DERInteger pgenCounter;
-
-    public static DHValidationParms getInstance(ASN1TaggedObject obj, boolean explicit)
-    {
-        return getInstance(ASN1Sequence.getInstance(obj, explicit));
-    }
-
-    public static DHValidationParms getInstance(Object obj)
-    {
-        if (obj == null || obj instanceof DHDomainParameters)
-        {
-            return (DHValidationParms)obj;
-        }
-
-        if (obj instanceof ASN1Sequence)
-        {
-            return new DHValidationParms((ASN1Sequence)obj);
-        }
-
-        throw new IllegalArgumentException("Invalid DHValidationParms: " + obj.getClass().getName());
-    }
-
-    public DHValidationParms(DERBitString seed, DERInteger pgenCounter)
-    {
-        if (seed == null)
-        {
-            throw new IllegalArgumentException("'seed' cannot be null");
-        }
-        if (pgenCounter == null)
-        {
-            throw new IllegalArgumentException("'pgenCounter' cannot be null");
-        }
-
-        this.seed = seed;
-        this.pgenCounter = pgenCounter;
-    }
-
-    private DHValidationParms(ASN1Sequence seq)
-    {
-        if (seq.size() != 2)
-        {
-            throw new IllegalArgumentException("Bad sequence size: " + seq.size());
-        }
-
-        this.seed = DERBitString.getInstance(seq.getObjectAt(0));
-        this.pgenCounter = DERInteger.getInstance(seq.getObjectAt(1));
-    }
-
-    public DERBitString getSeed()
-    {
-        return this.seed;
-    }
-
-    public DERInteger getPgenCounter()
-    {
-        return this.pgenCounter;
-    }
-
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(this.seed);
-        v.add(this.pgenCounter);
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/KeySpecificInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/KeySpecificInfo.java
deleted file mode 100644
index 5ad7360ed..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/KeySpecificInfo.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-
-/**
- * ASN.1 def for Diffie-Hellman key exchange KeySpecificInfo structure. See
- * RFC 2631, or X9.42, for further details.
- */
-public class KeySpecificInfo
-    extends ASN1Encodable
-{
-    private DERObjectIdentifier algorithm;
-    private ASN1OctetString      counter;
-
-    public KeySpecificInfo(
-        DERObjectIdentifier algorithm,
-        ASN1OctetString      counter)
-    {
-        this.algorithm = algorithm;
-        this.counter = counter;
-    }
-
-    public KeySpecificInfo(
-        ASN1Sequence  seq)
-    {
-        Enumeration e = seq.getObjects();
-
-        algorithm = (DERObjectIdentifier)e.nextElement();
-        counter = (ASN1OctetString)e.nextElement();
-    }
-
-    public DERObjectIdentifier getAlgorithm()
-    {
-        return algorithm;
-    }
-
-    public ASN1OctetString getCounter()
-    {
-        return counter;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     *  KeySpecificInfo ::= SEQUENCE {
-     *      algorithm OBJECT IDENTIFIER,
-     *      counter OCTET STRING SIZE (4..4)
-     *  }
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector  v = new ASN1EncodableVector();
-
-        v.add(algorithm);
-        v.add(counter);
-
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/OtherInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/OtherInfo.java
deleted file mode 100644
index f5ef21ed3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/OtherInfo.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERTaggedObject;
-
-/**
- * ANS.1 def for Diffie-Hellman key exchange OtherInfo structure. See
- * RFC 2631, or X9.42, for further details.
- */
-public class OtherInfo
-    extends ASN1Encodable
-{
-    private KeySpecificInfo     keyInfo;
-    private ASN1OctetString     partyAInfo;
-    private ASN1OctetString     suppPubInfo;
-
-    public OtherInfo(
-        KeySpecificInfo     keyInfo,
-        ASN1OctetString     partyAInfo,
-        ASN1OctetString     suppPubInfo)
-    {
-        this.keyInfo = keyInfo;
-        this.partyAInfo = partyAInfo;
-        this.suppPubInfo = suppPubInfo;
-    }
-
-    public OtherInfo(
-        ASN1Sequence  seq)
-    {
-        Enumeration e = seq.getObjects();
-
-        keyInfo = new KeySpecificInfo((ASN1Sequence)e.nextElement());
-
-        while (e.hasMoreElements())
-        {
-            DERTaggedObject o = (DERTaggedObject)e.nextElement();
-
-            if (o.getTagNo() == 0)
-            {
-                partyAInfo = (ASN1OctetString)o.getObject();
-            }
-            else if (o.getTagNo() == 2)
-            {
-                suppPubInfo = (ASN1OctetString)o.getObject();
-            }
-        }
-    }
-
-    public KeySpecificInfo getKeyInfo()
-    {
-        return keyInfo;
-    }
-
-    public ASN1OctetString getPartyAInfo()
-    {
-        return partyAInfo;
-    }
-
-    public ASN1OctetString getSuppPubInfo()
-    {
-        return suppPubInfo;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     *  OtherInfo ::= SEQUENCE {
-     *      keyInfo KeySpecificInfo,
-     *      partyAInfo [0] OCTET STRING OPTIONAL,
-     *      suppPubInfo [2] OCTET STRING
-     *  }
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector  v = new ASN1EncodableVector();
-
-        v.add(keyInfo);
-
-        if (partyAInfo != null)
-        {
-            v.add(new DERTaggedObject(0, partyAInfo));
-        }
-
-        v.add(new DERTaggedObject(2, suppPubInfo));
-
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
deleted file mode 100644
index bda8dad39..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
+++ /dev/null
@@ -1,621 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.encoders.Hex;
-
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-
-/**
- * table of the current named curves defined in X.962 EC-DSA.
- */
-public class X962NamedCurves
-{
-    static X9ECParametersHolder prime192v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp192v1 = new ECCurve.Fp(
-                new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
-                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
-                new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16));
-
-            return new X9ECParameters(
-                cFp192v1,
-                cFp192v1.decodePoint(
-                    Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")),
-                new BigInteger("ffffffffffffffffffffffff99def836146bc9b1b4d22831", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("3045AE6FC8422f64ED579528D38120EAE12196D5"));
-        }
-    };
-
-    static X9ECParametersHolder prime192v2 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp192v2 = new ECCurve.Fp(
-                new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
-                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
-                new BigInteger("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953", 16));
-
-            return new X9ECParameters(
-                cFp192v2,
-                cFp192v2.decodePoint(
-                    Hex.decode("03eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a")),
-                new BigInteger("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("31a92ee2029fd10d901b113e990710f0d21ac6b6"));
-        }
-    };
-
-    static X9ECParametersHolder prime192v3 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp192v3 = new ECCurve.Fp(
-                new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
-                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
-                new BigInteger("22123dc2395a05caa7423daeccc94760a7d462256bd56916", 16));
-
-            return new X9ECParameters(
-                cFp192v3,
-                cFp192v3.decodePoint(
-                    Hex.decode("027d29778100c65a1da1783716588dce2b8b4aee8e228f1896")),
-                new BigInteger("ffffffffffffffffffffffff7a62d031c83f4294f640ec13", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("c469684435deb378c4b65ca9591e2a5763059a2e"));
-        }
-    };
-
-    static X9ECParametersHolder prime239v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp239v1 = new ECCurve.Fp(
-                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
-                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
-                new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16));
-
-            return new X9ECParameters(
-                cFp239v1,
-                cFp239v1.decodePoint(
-                    Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")),
-                new BigInteger("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("e43bb460f0b80cc0c0b075798e948060f8321b7d"));
-        }
-    };
-
-    static X9ECParametersHolder prime239v2 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp239v2 = new ECCurve.Fp(
-                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
-                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
-                new BigInteger("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c", 16));
-
-            return new X9ECParameters(
-                cFp239v2,
-                cFp239v2.decodePoint(
-                    Hex.decode("0238af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7")),
-                new BigInteger("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("e8b4011604095303ca3b8099982be09fcb9ae616"));
-        }
-    };
-
-    static X9ECParametersHolder prime239v3 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp239v3 = new ECCurve.Fp(
-                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
-                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
-                new BigInteger("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e", 16));
-
-            return new X9ECParameters(
-                cFp239v3,
-                cFp239v3.decodePoint(
-                    Hex.decode("036768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a")),
-                new BigInteger("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("7d7374168ffe3471b60a857686a19475d3bfa2ff"));
-        }
-    };
-
-    static X9ECParametersHolder prime256v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            ECCurve cFp256v1 = new ECCurve.Fp(
-                new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951"),
-                new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-                new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16));
-
-            return new X9ECParameters(
-                cFp256v1,
-                cFp256v1.decodePoint(
-                    Hex.decode("036b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296")),
-                new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-                BigInteger.valueOf(1),
-                Hex.decode("c49d360886e704936a6678e1139d26b7819f7e90"));
-        }
-    };
-
-    /*
-     * F2m Curves
-     */
-    static X9ECParametersHolder c2pnb163v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m163v1n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16);
-            BigInteger c2m163v1h = BigInteger.valueOf(2);
-
-            ECCurve c2m163v1 = new ECCurve.F2m(
-                163,
-                1, 2, 8,
-                new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16),
-                new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16),
-                c2m163v1n, c2m163v1h);
-
-            return new X9ECParameters(
-                c2m163v1,
-                c2m163v1.decodePoint(
-                    Hex.decode("0307AF69989546103D79329FCC3D74880F33BBE803CB")),
-                c2m163v1n, c2m163v1h,
-                Hex.decode("D2COFB15760860DEF1EEF4D696E6768756151754"));
-        }
-    };
-
-    static X9ECParametersHolder c2pnb163v2 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m163v2n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16);
-            BigInteger c2m163v2h = BigInteger.valueOf(2);
-
-            ECCurve c2m163v2 = new ECCurve.F2m(
-                163,
-                1, 2, 8,
-                new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16),
-                new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16),
-                c2m163v2n, c2m163v2h);
-
-            return new X9ECParameters(
-                c2m163v2,
-                c2m163v2.decodePoint(
-                    Hex.decode("030024266E4EB5106D0A964D92C4860E2671DB9B6CC5")),
-                c2m163v2n, c2m163v2h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2pnb163v3 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m163v3n = new BigInteger("03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 16);
-            BigInteger c2m163v3h = BigInteger.valueOf(2);
-
-            ECCurve c2m163v3 = new ECCurve.F2m(
-                163,
-                1, 2, 8,
-                new BigInteger("07A526C63D3E25A256A007699F5447E32AE456B50E", 16),
-                new BigInteger("03F7061798EB99E238FD6F1BF95B48FEEB4854252B", 16),
-                c2m163v3n, c2m163v3h);
-
-            return new X9ECParameters(
-                c2m163v3,
-                c2m163v3.decodePoint(
-                    Hex.decode("0202F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB")),
-                c2m163v3n, c2m163v3h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2pnb176w1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m176w1n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16);
-            BigInteger c2m176w1h = BigInteger.valueOf(0xFF6E);
-
-            ECCurve c2m176w1 = new ECCurve.F2m(
-                176,
-                1, 2, 43,
-                new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16),
-                new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16),
-                c2m176w1n, c2m176w1h);
-
-            return new X9ECParameters(
-                c2m176w1,
-                c2m176w1.decodePoint(
-                    Hex.decode("038D16C2866798B600F9F08BB4A8E860F3298CE04A5798")),
-                c2m176w1n, c2m176w1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb191v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m191v1n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16);
-            BigInteger c2m191v1h = BigInteger.valueOf(2);
-
-            ECCurve c2m191v1 = new ECCurve.F2m(
-                191,
-                9,
-                new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16),
-                new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16),
-                c2m191v1n, c2m191v1h);
-
-            return new X9ECParameters(
-                c2m191v1,
-                c2m191v1.decodePoint(
-                    Hex.decode("0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D")),
-                c2m191v1n, c2m191v1h,
-                Hex.decode("4E13CA542744D696E67687561517552F279A8C84"));
-        }
-    };
-
-    static X9ECParametersHolder c2tnb191v2 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m191v2n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16);
-            BigInteger c2m191v2h = BigInteger.valueOf(4);
-
-            ECCurve c2m191v2 = new ECCurve.F2m(
-                191,
-                9,
-                new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16),
-                new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16),
-                c2m191v2n, c2m191v2h);
-
-            return new X9ECParameters(
-                c2m191v2,
-                c2m191v2.decodePoint(
-                    Hex.decode("023809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10")),
-                c2m191v2n, c2m191v2h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb191v3 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m191v3n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16);
-            BigInteger c2m191v3h = BigInteger.valueOf(6);
-
-            ECCurve c2m191v3 = new ECCurve.F2m(
-                191,
-                9,
-                new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16),
-                new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16),
-                c2m191v3n, c2m191v3h);
-
-            return new X9ECParameters(
-                c2m191v3,
-                c2m191v3.decodePoint(
-                    Hex.decode("03375D4CE24FDE434489DE8746E71786015009E66E38A926DD")),
-                c2m191v3n, c2m191v3h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2pnb208w1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m208w1n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16);
-            BigInteger c2m208w1h = BigInteger.valueOf(0xFE48);
-
-            ECCurve c2m208w1 = new ECCurve.F2m(
-                208,
-                1, 2, 83,
-                new BigInteger("0", 16),
-                new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16),
-                c2m208w1n, c2m208w1h);
-
-            return new X9ECParameters(
-                c2m208w1,
-                c2m208w1.decodePoint(
-                    Hex.decode("0289FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A")),
-                c2m208w1n, c2m208w1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb239v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m239v1n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16);
-            BigInteger c2m239v1h = BigInteger.valueOf(4);
-
-            ECCurve c2m239v1 = new ECCurve.F2m(
-                239,
-                36,
-                new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16),
-                new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16),
-                c2m239v1n, c2m239v1h);
-
-            return new X9ECParameters(
-                c2m239v1,
-                c2m239v1.decodePoint(
-                    Hex.decode("0257927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D")),
-                c2m239v1n, c2m239v1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb239v2 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m239v2n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16);
-            BigInteger c2m239v2h = BigInteger.valueOf(6);
-
-            ECCurve c2m239v2 = new ECCurve.F2m(
-                239,
-                36,
-                new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16),
-                new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16),
-                c2m239v2n, c2m239v2h);
-
-            return new X9ECParameters(
-                c2m239v2,
-                c2m239v2.decodePoint(
-                    Hex.decode("0228F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205")),
-                c2m239v2n, c2m239v2h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb239v3 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m239v3n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16);
-            BigInteger c2m239v3h = BigInteger.valueOf(10);
-
-            ECCurve c2m239v3 = new ECCurve.F2m(
-                239,
-                36,
-                new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16),
-                new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16),
-                c2m239v3n, c2m239v3h);
-
-            return new X9ECParameters(
-                c2m239v3,
-                c2m239v3.decodePoint(
-                    Hex.decode("0370F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92")),
-                c2m239v3n, c2m239v3h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2pnb272w1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m272w1n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16);
-            BigInteger c2m272w1h = BigInteger.valueOf(0xFF06);
-
-            ECCurve c2m272w1 = new ECCurve.F2m(
-                272,
-                1, 3, 56,
-                new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16),
-                new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16),
-                c2m272w1n, c2m272w1h);
-
-            return new X9ECParameters(
-                c2m272w1,
-                c2m272w1.decodePoint(
-                    Hex.decode("026108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D")),
-                c2m272w1n, c2m272w1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2pnb304w1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m304w1n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16);
-            BigInteger c2m304w1h = BigInteger.valueOf(0xFE2E);
-
-            ECCurve c2m304w1 = new ECCurve.F2m(
-                304,
-                1, 2, 11,
-                new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16),
-                new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16),
-                c2m304w1n, c2m304w1h);
-
-            return new X9ECParameters(
-                c2m304w1,
-                c2m304w1.decodePoint(
-                    Hex.decode("02197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614")),
-                c2m304w1n, c2m304w1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb359v1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m359v1n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16);
-            BigInteger c2m359v1h = BigInteger.valueOf(0x4C);
-
-            ECCurve c2m359v1 = new ECCurve.F2m(
-                359,
-                68,
-                new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16),
-                new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16),
-                c2m359v1n, c2m359v1h);
-
-            return new X9ECParameters(
-                c2m359v1,
-                c2m359v1.decodePoint(
-                    Hex.decode("033C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097")),
-                c2m359v1n, c2m359v1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2pnb368w1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m368w1n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16);
-            BigInteger c2m368w1h = BigInteger.valueOf(0xFF70);
-
-            ECCurve c2m368w1 = new ECCurve.F2m(
-                368,
-                1, 2, 85,
-                new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16),
-                new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16),
-                c2m368w1n, c2m368w1h);
-
-            return new X9ECParameters(
-                c2m368w1,
-                c2m368w1.decodePoint(
-                    Hex.decode("021085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F")),
-                c2m368w1n, c2m368w1h,
-                null);
-        }
-    };
-
-    static X9ECParametersHolder c2tnb431r1 = new X9ECParametersHolder()
-    {
-        protected X9ECParameters createParameters()
-        {
-            BigInteger c2m431r1n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16);
-            BigInteger c2m431r1h = BigInteger.valueOf(0x2760);
-
-            ECCurve c2m431r1 = new ECCurve.F2m(
-                431,
-                120,
-                new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16),
-                new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16),
-                c2m431r1n, c2m431r1h);
-
-            return new X9ECParameters(
-                c2m431r1,
-                c2m431r1.decodePoint(
-                    Hex.decode("02120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7")),
-                c2m431r1n, c2m431r1h,
-                null);
-        }
-    };
-
-    static final Hashtable objIds = new Hashtable();
-    static final Hashtable curves = new Hashtable();
-    static final Hashtable names = new Hashtable();
-
-    static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder)
-    {
-        objIds.put(name, oid);
-        names.put(oid, name);
-        curves.put(oid, holder);
-    }
-
-    static
-    {
-        defineCurve("prime192v1", X9ObjectIdentifiers.prime192v1, prime192v1);
-        defineCurve("prime192v2", X9ObjectIdentifiers.prime192v2, prime192v2);
-        defineCurve("prime192v3", X9ObjectIdentifiers.prime192v3, prime192v3);
-        defineCurve("prime239v1", X9ObjectIdentifiers.prime239v1, prime239v1);
-        defineCurve("prime239v2", X9ObjectIdentifiers.prime239v2, prime239v2);
-        defineCurve("prime239v3", X9ObjectIdentifiers.prime239v3, prime239v3);
-        defineCurve("prime256v1", X9ObjectIdentifiers.prime256v1, prime256v1);
-        defineCurve("c2pnb163v1", X9ObjectIdentifiers.c2pnb163v1, c2pnb163v1);
-        defineCurve("c2pnb163v2", X9ObjectIdentifiers.c2pnb163v2, c2pnb163v2);
-        defineCurve("c2pnb163v3", X9ObjectIdentifiers.c2pnb163v3, c2pnb163v3);
-        defineCurve("c2pnb176w1", X9ObjectIdentifiers.c2pnb176w1, c2pnb176w1);
-        defineCurve("c2tnb191v1", X9ObjectIdentifiers.c2tnb191v1, c2tnb191v1);
-        defineCurve("c2tnb191v2", X9ObjectIdentifiers.c2tnb191v2, c2tnb191v2);
-        defineCurve("c2tnb191v3", X9ObjectIdentifiers.c2tnb191v3, c2tnb191v3);
-        defineCurve("c2pnb208w1", X9ObjectIdentifiers.c2pnb208w1, c2pnb208w1);
-        defineCurve("c2tnb239v1", X9ObjectIdentifiers.c2tnb239v1, c2tnb239v1);
-        defineCurve("c2tnb239v2", X9ObjectIdentifiers.c2tnb239v2, c2tnb239v2);
-        defineCurve("c2tnb239v3", X9ObjectIdentifiers.c2tnb239v3, c2tnb239v3);
-        defineCurve("c2pnb272w1", X9ObjectIdentifiers.c2pnb272w1, c2pnb272w1);
-        defineCurve("c2pnb304w1", X9ObjectIdentifiers.c2pnb304w1, c2pnb304w1);
-        defineCurve("c2tnb359v1", X9ObjectIdentifiers.c2tnb359v1, c2tnb359v1);
-        defineCurve("c2pnb368w1", X9ObjectIdentifiers.c2pnb368w1, c2pnb368w1);
-        defineCurve("c2tnb431r1", X9ObjectIdentifiers.c2tnb431r1, c2tnb431r1);
-    }
-
-    public static X9ECParameters getByName(
-        String name)
-    {
-        DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
-
-        if (oid != null)
-        {
-            return getByOID(oid);
-        }
-
-        return null;
-    }
-
-    /**
-     * return the X9ECParameters object for the named curve represented by
-     * the passed in object identifier. Null if the curve isn't present.
-     *
-     * @param oid an object identifier representing a named curve, if present.
-     */
-    public static X9ECParameters getByOID(
-        DERObjectIdentifier oid)
-    {
-        X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid);
-
-        if (holder != null)
-        {
-            return holder.getParameters();
-        }
-
-        return null;
-    }
-
-    /**
-     * return the object identifier signified by the passed in name. Null
-     * if there is no object identifier associated with name.
-     *
-     * @return the object identifier associated with name, if present.
-     */
-    public static DERObjectIdentifier getOID(
-        String name)
-    {
-        return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
-    }
-
-    /**
-     * return the named curve name represented by the given object identifier.
-     */
-    public static String getName(
-        DERObjectIdentifier oid)
-    {
-        return (String)names.get(oid);
-    }
-
-    /**
-     * returns an enumeration containing the name strings for curves
-     * contained in this structure.
-     */
-    public static Enumeration getNames()
-    {
-        return objIds.keys();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
deleted file mode 100644
index de35186a6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.ASN1Choice;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-
-public class X962Parameters
-    extends ASN1Encodable
-    implements ASN1Choice
-{
-    private DERObject           params = null;
-
-    public static X962Parameters getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof X962Parameters) 
-        {
-            return (X962Parameters)obj;
-        }
-        
-        if (obj instanceof DERObject) 
-        {
-            return new X962Parameters((DERObject)obj);
-        }
-        
-        throw new IllegalArgumentException("unknown object in getInstance()");
-    }
-    
-    public static X962Parameters getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        return getInstance(obj.getObject()); // must be explicitly tagged
-    }
-    
-    public X962Parameters(
-        X9ECParameters      ecParameters)
-    {
-        this.params = ecParameters.getDERObject();
-    }
-
-    public X962Parameters(
-        DERObjectIdentifier  namedCurve)
-    {
-        this.params = namedCurve;
-    }
-
-    public X962Parameters(
-        DERObject           obj)
-    {
-        this.params = obj;
-    }
-
-    public boolean isNamedCurve()
-    {
-        return (params instanceof DERObjectIdentifier);
-    }
-
-    public boolean isImplicitlyCA()
-    {
-        return (params instanceof ASN1Null);
-    }
-
-    public DERObject getParameters()
-    {
-        return params;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     * Parameters ::= CHOICE {
-     *    ecParameters ECParameters,
-     *    namedCurve   CURVES.&id({CurveNames}),
-     *    implicitlyCA NULL
-     * }
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        return params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
deleted file mode 100644
index 8f46c075a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
+++ /dev/null
@@ -1,161 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.math.ec.ECCurve;
-
-/**
- * ASN.1 def for Elliptic-Curve Curve structure. See
- * X9.62, for further details.
- */
-public class X9Curve
-    extends ASN1Encodable
-    implements X9ObjectIdentifiers
-{
-    private ECCurve     curve;
-    private byte[]      seed;
-    private DERObjectIdentifier fieldIdentifier = null;
-
-    public X9Curve(
-        ECCurve     curve)
-    {
-        this.curve = curve;
-        this.seed = null;
-        setFieldIdentifier();
-    }
-
-    public X9Curve(
-        ECCurve     curve,
-        byte[]      seed)
-    {
-        this.curve = curve;
-        this.seed = seed;
-        setFieldIdentifier();
-    }
-
-    public X9Curve(
-        X9FieldID     fieldID,
-        ASN1Sequence  seq)
-    {
-        fieldIdentifier = fieldID.getIdentifier();
-        if (fieldIdentifier.equals(prime_field))
-        {
-            BigInteger      p = ((DERInteger)fieldID.getParameters()).getValue();
-            X9FieldElement  x9A = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(0));
-            X9FieldElement  x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1));
-            curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
-        }
-        else
-        {
-            if (fieldIdentifier.equals(characteristic_two_field)) 
-            {
-                // Characteristic two field
-                DERSequence parameters = (DERSequence)fieldID.getParameters();
-                int m = ((DERInteger)parameters.getObjectAt(0)).getValue().
-                    intValue();
-                DERObjectIdentifier representation
-                    = (DERObjectIdentifier)parameters.getObjectAt(1);
-
-                int k1 = 0;
-                int k2 = 0;
-                int k3 = 0;
-                if (representation.equals(tpBasis)) 
-                {
-                    // Trinomial basis representation
-                    k1 = ((DERInteger)parameters.getObjectAt(2)).getValue().
-                        intValue();
-                }
-                else 
-                {
-                    // Pentanomial basis representation
-                    DERSequence pentanomial
-                        = (DERSequence)parameters.getObjectAt(2);
-                    k1 = ((DERInteger)pentanomial.getObjectAt(0)).getValue().
-                        intValue();
-                    k2 = ((DERInteger)pentanomial.getObjectAt(1)).getValue().
-                        intValue();
-                    k3 = ((DERInteger)pentanomial.getObjectAt(2)).getValue().
-                        intValue();
-                }
-                X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0));
-                X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1));
-                // TODO Is it possible to get the order (n) and cofactor(h) too?
-                curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
-            }
-        }
-
-        if (seq.size() == 3)
-        {
-            seed = ((DERBitString)seq.getObjectAt(2)).getBytes();
-        }
-    }
-
-    private void setFieldIdentifier()
-    {
-        if (curve instanceof ECCurve.Fp)
-        {
-            fieldIdentifier = prime_field;
-        }
-        else if (curve instanceof ECCurve.F2m)
-        {
-            fieldIdentifier = characteristic_two_field;
-        }
-        else
-        {
-            throw new IllegalArgumentException("This type of ECCurve is not "
-                    + "implemented");
-        }
-    }
-
-    public ECCurve  getCurve()
-    {
-        return curve;
-    }
-
-    public byte[]   getSeed()
-    {
-        return seed;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     *  Curve ::= SEQUENCE {
-     *      a               FieldElement,
-     *      b               FieldElement,
-     *      seed            BIT STRING      OPTIONAL
-     *  }
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        if (fieldIdentifier.equals(prime_field)) 
-        { 
-            v.add(new X9FieldElement(curve.getA()).getDERObject());
-            v.add(new X9FieldElement(curve.getB()).getDERObject());
-        } 
-        else if (fieldIdentifier.equals(characteristic_two_field)) 
-        {
-            v.add(new X9FieldElement(curve.getA()).getDERObject());
-            v.add(new X9FieldElement(curve.getB()).getDERObject());
-        }
-
-        if (seed != null)
-        {
-            v.add(new DERBitString(seed));
-        }
-
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
deleted file mode 100644
index c3b0d66b5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
+++ /dev/null
@@ -1,161 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-
-import java.math.BigInteger;
-
-/**
- * ASN.1 def for Elliptic-Curve ECParameters structure. See
- * X9.62, for further details.
- */
-public class X9ECParameters
-    extends ASN1Encodable
-    implements X9ObjectIdentifiers
-{
-    private static final BigInteger   ONE = BigInteger.valueOf(1);
-
-    private X9FieldID           fieldID;
-    private ECCurve             curve;
-    private ECPoint             g;
-    private BigInteger          n;
-    private BigInteger          h;
-    private byte[]              seed;
-
-    public X9ECParameters(
-        ASN1Sequence  seq)
-    {
-        if (!(seq.getObjectAt(0) instanceof DERInteger)
-           || !((DERInteger)seq.getObjectAt(0)).getValue().equals(ONE))
-        {
-            throw new IllegalArgumentException("bad version in X9ECParameters");
-        }
-
-        X9Curve     x9c = new X9Curve(
-                        new X9FieldID((ASN1Sequence)seq.getObjectAt(1)),
-                        (ASN1Sequence)seq.getObjectAt(2));
-
-        this.curve = x9c.getCurve();
-        this.g = new X9ECPoint(curve, (ASN1OctetString)seq.getObjectAt(3)).getPoint();
-        this.n = ((DERInteger)seq.getObjectAt(4)).getValue();
-        this.seed = x9c.getSeed();
-
-        if (seq.size() == 6)
-        {
-            this.h = ((DERInteger)seq.getObjectAt(5)).getValue();
-        }
-    }
-
-    public X9ECParameters(
-        ECCurve     curve,
-        ECPoint     g,
-        BigInteger  n)
-    {
-        this(curve, g, n, ONE, null);
-    }
-
-    public X9ECParameters(
-        ECCurve     curve,
-        ECPoint     g,
-        BigInteger  n,
-        BigInteger  h)
-    {
-        this(curve, g, n, h, null);
-    }
-
-    public X9ECParameters(
-        ECCurve     curve,
-        ECPoint     g,
-        BigInteger  n,
-        BigInteger  h,
-        byte[]      seed)
-    {
-        this.curve = curve;
-        this.g = g;
-        this.n = n;
-        this.h = h;
-        this.seed = seed;
-
-        if (curve instanceof ECCurve.Fp)
-        {
-            this.fieldID = new X9FieldID(((ECCurve.Fp)curve).getQ());
-        }
-        else
-        {
-            if (curve instanceof ECCurve.F2m)
-            {
-                ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
-                this.fieldID = new X9FieldID(curveF2m.getM(), curveF2m.getK1(),
-                    curveF2m.getK2(), curveF2m.getK3());
-            }
-        }
-    }
-
-    public ECCurve getCurve()
-    {
-        return curve;
-    }
-
-    public ECPoint getG()
-    {
-        return g;
-    }
-
-    public BigInteger getN()
-    {
-        return n;
-    }
-
-    public BigInteger getH()
-    {
-        if (h == null)
-        {
-            return ONE;        // TODO - this should be calculated, it will cause issues with custom curves.
-        }
-
-        return h;
-    }
-
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     *  ECParameters ::= SEQUENCE {
-     *      version         INTEGER { ecpVer1(1) } (ecpVer1),
-     *      fieldID         FieldID {{FieldTypes}},
-     *      curve           X9Curve,
-     *      base            X9ECPoint,
-     *      order           INTEGER,
-     *      cofactor        INTEGER OPTIONAL
-     *  }
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(new DERInteger(1));
-        v.add(fieldID);
-        v.add(new X9Curve(curve, seed));
-        v.add(new X9ECPoint(g));
-        v.add(new DERInteger(n));
-
-        if (h != null)
-        {
-            v.add(new DERInteger(h));
-        }
-
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java
deleted file mode 100644
index 47361f893..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-public abstract class X9ECParametersHolder
-{
-    private X9ECParameters params;
-
-    public X9ECParameters getParameters()
-    {
-        if (params == null)
-        {
-            params = createParameters();
-        }
-
-        return params;
-    }
-
-    protected abstract X9ECParameters createParameters();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java
deleted file mode 100644
index 470b3d614..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-
-/**
- * class for describing an ECPoint as a DER object.
- */
-public class X9ECPoint
-    extends ASN1Encodable
-{
-    ECPoint p;
-
-    public X9ECPoint(
-        ECPoint p)
-    {
-        this.p = p;
-    }
-
-    public X9ECPoint(
-        ECCurve          c,
-        ASN1OctetString  s)
-    {
-        this.p = c.decodePoint(s.getOctets());
-    }
-
-    public ECPoint getPoint()
-    {
-        return p;
-    }
-
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     *  ECPoint ::= OCTET STRING
-     * 

-     * 

-     * Octet string produced using ECPoint.getEncoded().
-     */
-    public DERObject toASN1Object()
-    {
-        return new DEROctetString(p.getEncoded());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java
deleted file mode 100644
index 2173d2ae0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.math.ec.ECFieldElement;
-
-/**
- * class for processing an FieldElement as a DER object.
- */
-public class X9FieldElement
-    extends ASN1Encodable
-{
-    protected ECFieldElement  f;
-    
-    private static X9IntegerConverter converter = new X9IntegerConverter();
-
-    public X9FieldElement(ECFieldElement f)
-    {
-        this.f = f;
-    }
-    
-    public X9FieldElement(BigInteger p, ASN1OctetString s)
-    {
-        this(new ECFieldElement.Fp(p, new BigInteger(1, s.getOctets())));
-    }
-    
-    public X9FieldElement(int m, int k1, int k2, int k3, ASN1OctetString s)
-    {
-        this(new ECFieldElement.F2m(m, k1, k2, k3, new BigInteger(1, s.getOctets())));
-    }
-    
-    public ECFieldElement getValue()
-    {
-        return f;
-    }
-    
-    /**
-     * Produce an object suitable for an ASN1OutputStream.
-     * 
-     *  FieldElement ::= OCTET STRING
-     * 

-     * 

-     * 
    
-     * 
  1.  if q is an odd prime then the field element is
-     * processed as an Integer and converted to an octet string
-     * according to x 9.62 4.3.1.
    2. 
-     * 
  2.  if q is 2m then the bit string
-     * contained in the field element is converted into an octet
-     * string with the same ordering padded at the front if necessary.
-     * 
    3. 
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        int byteCount = converter.getByteLength(f);
-        byte[] paddedBigInteger = converter.integerToBytes(f.toBigInteger(), byteCount);
-
-        return new DEROctetString(paddedBigInteger);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
deleted file mode 100644
index c2c2ef9fd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
+++ /dev/null
@@ -1,109 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-
-/**
- * ASN.1 def for Elliptic-Curve Field ID structure. See
- * X9.62, for further details.
- */
-public class X9FieldID
-    extends ASN1Encodable
-    implements X9ObjectIdentifiers
-{
-    private DERObjectIdentifier     id;
-    private DERObject               parameters;
-
-    /**
-     * Constructor for elliptic curves over prime fields
-     * F2.
-     * @param primeP The prime p defining the prime field.
-     */
-    public X9FieldID(BigInteger primeP)
-    {
-        this.id = prime_field;
-        this.parameters = new DERInteger(primeP);
-    }
-
-    /**
-     * Constructor for elliptic curves over binary fields
-     * F2m.
-     * @param m  The exponent m of
-     * F2m.
-     * @param k1 The integer k1 where xm +
-     * xk3 + xk2 + xk1 + 1
-     * represents the reduction polynomial f(z).
-     * @param k2 The integer k2 where xm +
-     * xk3 + xk2 + xk1 + 1
-     * represents the reduction polynomial f(z).
-     * @param k3 The integer k3 where xm +
-     * xk3 + xk2 + xk1 + 1
-     * represents the reduction polynomial f(z)..
-     */
-    public X9FieldID(int m, int k1, int k2, int k3)
-    {
-        this.id = characteristic_two_field;
-        ASN1EncodableVector fieldIdParams = new ASN1EncodableVector();
-        fieldIdParams.add(new DERInteger(m));
-        
-        if (k2 == 0) 
-        {
-            fieldIdParams.add(tpBasis);
-            fieldIdParams.add(new DERInteger(k1));
-        } 
-        else 
-        {
-            fieldIdParams.add(ppBasis);
-            ASN1EncodableVector pentanomialParams = new ASN1EncodableVector();
-            pentanomialParams.add(new DERInteger(k1));
-            pentanomialParams.add(new DERInteger(k2));
-            pentanomialParams.add(new DERInteger(k3));
-            fieldIdParams.add(new DERSequence(pentanomialParams));
-        }
-        
-        this.parameters = new DERSequence(fieldIdParams);
-    }
-
-    public X9FieldID(
-        ASN1Sequence  seq)
-    {
-        this.id = (DERObjectIdentifier)seq.getObjectAt(0);
-        this.parameters = (DERObject)seq.getObjectAt(1);
-    }
-
-    public DERObjectIdentifier getIdentifier()
-    {
-        return id;
-    }
-
-    public DERObject getParameters()
-    {
-        return parameters;
-    }
-
-    /**
-     * Produce a DER encoding of the following structure.
-     * 
-     *  FieldID ::= SEQUENCE {
-     *      fieldType       FIELD-ID.&id({IOSet}),
-     *      parameters      FIELD-ID.&Type({IOSet}{@fieldType})
-     *  }
-     * 

-     */
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(this.id);
-        v.add(this.parameters);
-
-        return new DERSequence(v);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java
deleted file mode 100644
index ae820abb1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECFieldElement;
-
-import java.math.BigInteger;
-
-public class X9IntegerConverter
-{
-    public int getByteLength(
-        ECCurve c)
-    {
-        return (c.getFieldSize() + 7) / 8;
-    }
-
-    public int getByteLength(
-        ECFieldElement fe)
-    {
-        return (fe.getFieldSize() + 7) / 8;
-    }
-
-    public byte[] integerToBytes(
-        BigInteger s,
-        int        qLength)
-    {
-        byte[] bytes = s.toByteArray();
-        
-        if (qLength < bytes.length)
-        {
-            byte[] tmp = new byte[qLength];
-        
-            System.arraycopy(bytes, bytes.length - tmp.length, tmp, 0, tmp.length);
-            
-            return tmp;
-        }
-        else if (qLength > bytes.length)
-        {
-            byte[] tmp = new byte[qLength];
-        
-            System.arraycopy(bytes, 0, tmp, tmp.length - bytes.length, bytes.length);
-            
-            return tmp; 
-        }
-    
-        return bytes;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
deleted file mode 100644
index 6c1fcd706..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.bouncycastle.asn1.x9;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-public interface X9ObjectIdentifiers
-{
-    //
-    // X9.62
-    //
-    // ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-    //            us(840) ansi-x962(10045) }
-    //
-    static final ASN1ObjectIdentifier ansi_X9_62 = new ASN1ObjectIdentifier("1.2.840.10045");
-    static final ASN1ObjectIdentifier id_fieldType = ansi_X9_62.branch("1");
-
-    static final ASN1ObjectIdentifier prime_field = id_fieldType.branch("1");
-
-    static final ASN1ObjectIdentifier characteristic_two_field = id_fieldType.branch("2");
-
-    static final ASN1ObjectIdentifier gnBasis = id_fieldType.branch("2.3.1");
-
-    static final ASN1ObjectIdentifier tpBasis = id_fieldType.branch("2.3.2");
-
-    static final ASN1ObjectIdentifier ppBasis = id_fieldType.branch("2.3.3");
-
-    static final ASN1ObjectIdentifier id_ecSigType = ansi_X9_62.branch("4");
-
-    static final ASN1ObjectIdentifier ecdsa_with_SHA1 = new ASN1ObjectIdentifier(id_ecSigType + ".1");
-
-    static final ASN1ObjectIdentifier id_publicKeyType = ansi_X9_62.branch("2");
-
-    static final ASN1ObjectIdentifier id_ecPublicKey = id_publicKeyType.branch("1");
-
-    static final ASN1ObjectIdentifier ecdsa_with_SHA2 = id_ecSigType.branch("3");
-
-    static final ASN1ObjectIdentifier ecdsa_with_SHA224 = ecdsa_with_SHA2.branch("1");
-
-    static final ASN1ObjectIdentifier ecdsa_with_SHA256 = ecdsa_with_SHA2.branch("2");
-
-    static final ASN1ObjectIdentifier ecdsa_with_SHA384 = ecdsa_with_SHA2.branch("3");
-
-    static final ASN1ObjectIdentifier ecdsa_with_SHA512 = ecdsa_with_SHA2.branch("4");
-
-    //
-    // named curves
-    //
-    static final ASN1ObjectIdentifier ellipticCurve = ansi_X9_62.branch("3");
-
-    //
-    // Two Curves
-    //
-    static final ASN1ObjectIdentifier  cTwoCurve = ellipticCurve.branch("0");
-
-    static final ASN1ObjectIdentifier c2pnb163v1 = cTwoCurve.branch("1");
-    static final ASN1ObjectIdentifier c2pnb163v2 = cTwoCurve.branch("2");
-    static final ASN1ObjectIdentifier c2pnb163v3 = cTwoCurve.branch("3");
-    static final ASN1ObjectIdentifier c2pnb176w1 = cTwoCurve.branch("4");
-    static final ASN1ObjectIdentifier c2tnb191v1 = cTwoCurve.branch("5");
-    static final ASN1ObjectIdentifier c2tnb191v2 = cTwoCurve.branch("6");
-    static final ASN1ObjectIdentifier c2tnb191v3 = cTwoCurve.branch("7");
-    static final ASN1ObjectIdentifier c2onb191v4 = cTwoCurve.branch("8");
-    static final ASN1ObjectIdentifier c2onb191v5 = cTwoCurve.branch("9");
-    static final ASN1ObjectIdentifier c2pnb208w1 = cTwoCurve.branch("10");
-    static final ASN1ObjectIdentifier c2tnb239v1 = cTwoCurve.branch("11");
-    static final ASN1ObjectIdentifier c2tnb239v2 = cTwoCurve.branch("12");
-    static final ASN1ObjectIdentifier c2tnb239v3 = cTwoCurve.branch("13");
-    static final ASN1ObjectIdentifier c2onb239v4 = cTwoCurve.branch("14");
-    static final ASN1ObjectIdentifier c2onb239v5 = cTwoCurve.branch("15");
-    static final ASN1ObjectIdentifier c2pnb272w1 = cTwoCurve.branch("16");
-    static final ASN1ObjectIdentifier c2pnb304w1 = cTwoCurve.branch("17");
-    static final ASN1ObjectIdentifier c2tnb359v1 = cTwoCurve.branch("18");
-    static final ASN1ObjectIdentifier c2pnb368w1 = cTwoCurve.branch("19");
-    static final ASN1ObjectIdentifier c2tnb431r1 = cTwoCurve.branch("20");
-
-    //
-    // Prime
-    //
-    static final ASN1ObjectIdentifier primeCurve = ellipticCurve.branch("1");
-
-    static final ASN1ObjectIdentifier prime192v1 = primeCurve.branch("1");
-    static final ASN1ObjectIdentifier prime192v2 = primeCurve.branch("2");
-    static final ASN1ObjectIdentifier prime192v3 = primeCurve.branch("3");
-    static final ASN1ObjectIdentifier prime239v1 = primeCurve.branch("4");
-    static final ASN1ObjectIdentifier prime239v2 = primeCurve.branch("5");
-    static final ASN1ObjectIdentifier prime239v3 = primeCurve.branch("6");
-    static final ASN1ObjectIdentifier prime256v1 = primeCurve.branch("7");
-
-    //
-    // DSA
-    //
-    // dsapublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-    //            us(840) ansi-x957(10040) number-type(4) 1 }
-    static final ASN1ObjectIdentifier id_dsa = new ASN1ObjectIdentifier("1.2.840.10040.4.1");
-
-    /**
-     * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57
-     * (10040) x9cm(4) 3 }
-     */
-    public static final ASN1ObjectIdentifier id_dsa_with_sha1 = new ASN1ObjectIdentifier("1.2.840.10040.4.3");
-
-    /**
-     * X9.63
-     */
-    public static final ASN1ObjectIdentifier x9_63_scheme = new ASN1ObjectIdentifier("1.3.133.16.840.63.0");
-    public static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha1kdf_scheme = x9_63_scheme.branch("2");
-    public static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha1kdf_scheme = x9_63_scheme.branch("3");
-    public static final ASN1ObjectIdentifier mqvSinglePass_sha1kdf_scheme = x9_63_scheme.branch("16");
-
-    /**
-     * X9.42
-     */
-
-    static final ASN1ObjectIdentifier ansi_X9_42 = new ASN1ObjectIdentifier("1.2.840.10046");
-
-    //
-    // Diffie-Hellman
-    //
-    // dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-    //            us(840) ansi-x942(10046) number-type(2) 1 }
-    //
-    public static final ASN1ObjectIdentifier dhpublicnumber = ansi_X9_42.branch("2.1");
-
-    public static final ASN1ObjectIdentifier x9_42_schemes = ansi_X9_42.branch("3");
-    public static final ASN1ObjectIdentifier dhStatic = x9_42_schemes.branch("1");
-    public static final ASN1ObjectIdentifier dhEphem = x9_42_schemes.branch("2");
-    public static final ASN1ObjectIdentifier dhOneFlow = x9_42_schemes.branch("3");
-    public static final ASN1ObjectIdentifier dhHybrid1 = x9_42_schemes.branch("4");
-    public static final ASN1ObjectIdentifier dhHybrid2 = x9_42_schemes.branch("5");
-    public static final ASN1ObjectIdentifier dhHybridOneFlow = x9_42_schemes.branch("6");
-    public static final ASN1ObjectIdentifier mqv2 = x9_42_schemes.branch("7");
-    public static final ASN1ObjectIdentifier mqv1 = x9_42_schemes.branch("8");
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/package.html
deleted file mode 100644
index 42fc97c79..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/asn1/x9/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Support classes useful for encoding and supporting X9.62 elliptic curve.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/attr/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/attr/package.html
deleted file mode 100644
index 251824f6c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/attr/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Low level classes for dealing with OpenPGP user attributes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/package.html
deleted file mode 100644
index 9791e3c8f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/package.html
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
-Low level classes for dealing with OpenPGP objects.
-

-These classes deal with things at a raw OpenPGP packet level. For the most part
-you are probably better off looking at the org.bouncycastle.openpgp package
-for what you want.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/sig/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/sig/package.html
deleted file mode 100644
index 474a1a8ef..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/bcpg/sig/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Low level classes for dealing with OpenPGP signature attributes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java
deleted file mode 100644
index a68ba46d4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java
+++ /dev/null
@@ -1,358 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.Holder;
-import org.bouncycastle.asn1.x509.IssuerSerial;
-import org.bouncycastle.asn1.x509.ObjectDigestInfo;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-
-/**
- * The Holder object.
- * 
- * 
- *          Holder ::= SEQUENCE {
- *                baseCertificateID   [0] IssuerSerial OPTIONAL,
- *                         -- the issuer and serial number of
- *                         -- the holder's Public Key Certificate
- *                entityName          [1] GeneralNames OPTIONAL,
- *                         -- the name of the claimant or role
- *                objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
- *                         -- used to directly authenticate the holder,
- *                         -- for example, an executable
- *          }
- * 

- * 

- * Note: If objectDigestInfo comparisons are to be carried out the static
- * method setDigestCalculatorProvider must be called once to configure the class
- * to do the necessary calculations.
- * 

- */
-public class AttributeCertificateHolder
-    implements Selector
-{
-    private static DigestCalculatorProvider digestCalculatorProvider;
-
-    final Holder holder;
-
-    AttributeCertificateHolder(ASN1Sequence seq)
-    {
-        holder = Holder.getInstance(seq);
-    }
-
-    public AttributeCertificateHolder(X500Name issuerName,
-        BigInteger serialNumber)
-    {
-        holder = new Holder(new IssuerSerial(
-            new GeneralNames(new DERSequence(new GeneralName(issuerName))),
-            new DERInteger(serialNumber)));
-    }
-
-    public AttributeCertificateHolder(X509CertificateHolder cert)
-    {
-        holder = new Holder(new IssuerSerial(generateGeneralNames(cert.getIssuer()),
-            new DERInteger(cert.getSerialNumber())));
-    }
-
-    public AttributeCertificateHolder(X500Name principal)
-    {
-        holder = new Holder(generateGeneralNames(principal));
-    }
-
-    /**
-     * Constructs a holder for v2 attribute certificates with a hash value for
-     * some type of object.
-     * 

-     * digestedObjectType can be one of the following:
-     * 
    
-     * 
  • 0 - publicKey - A hash of the public key of the holder must be
-     * passed.
-     * 
  • 1 - publicKeyCert - A hash of the public key certificate of the
-     * holder must be passed.
-     * 
  • 2 - otherObjectDigest - A hash of some other object type must be
-     * passed. otherObjectTypeID must not be empty.
-     * 

-     * 

-     * This cannot be used if a v1 attribute certificate is used.
-     * 
-     * @param digestedObjectType The digest object type.
-     * @param digestAlgorithm The algorithm identifier for the hash.
-     * @param otherObjectTypeID The object type ID if
-     *            digestedObjectType is
-     *            otherObjectDigest.
-     * @param objectDigest The hash value.
-     */
-    public AttributeCertificateHolder(int digestedObjectType,
-        String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest)
-    {
-        holder = new Holder(new ObjectDigestInfo(digestedObjectType,
-            otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays
-                .clone(objectDigest)));
-    }
-
-    /**
-     * Returns the digest object type if an object digest info is used.
-     * 

-     * 
    
-     * 
  • 0 - publicKey - A hash of the public key of the holder must be
-     * passed.
-     * 
  • 1 - publicKeyCert - A hash of the public key certificate of the
-     * holder must be passed.
-     * 
  • 2 - otherObjectDigest - A hash of some other object type must be
-     * passed. otherObjectTypeID must not be empty.
-     * 

-     * 
-     * @return The digest object type or -1 if no object digest info is set.
-     */
-    public int getDigestedObjectType()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            return holder.getObjectDigestInfo().getDigestedObjectType()
-                .getValue().intValue();
-        }
-        return -1;
-    }
-
-    /**
-     * Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
-     * 
-     * @return digest AlgorithmIdentifier or null if ObjectDigestInfo is absent.
-     */
-    public AlgorithmIdentifier getDigestAlgorithm()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            return holder.getObjectDigestInfo().getDigestAlgorithm();
-        }
-        return null;
-    }
-
-    /**
-     * Returns the hash if an object digest info is used.
-     * 
-     * @return The hash or null if ObjectDigestInfo is absent.
-     */
-    public byte[] getObjectDigest()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            return holder.getObjectDigestInfo().getObjectDigest().getBytes();
-        }
-        return null;
-    }
-
-    /**
-     * Returns the digest algorithm ID if an object digest info is used.
-     * 
-     * @return The digest algorithm ID or null if no object
-     *         digest info is set.
-     */
-    public ASN1ObjectIdentifier getOtherObjectTypeID()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            new ASN1ObjectIdentifier(holder.getObjectDigestInfo().getOtherObjectTypeID().getId());
-        }
-        return null;
-    }
-
-    private GeneralNames generateGeneralNames(X500Name principal)
-    {
-        return new GeneralNames(new DERSequence(new GeneralName(principal)));
-    }
-
-    private boolean matchesDN(X500Name subject, GeneralNames targets)
-    {
-        GeneralName[] names = targets.getNames();
-
-        for (int i = 0; i != names.length; i++)
-        {
-            GeneralName gn = names[i];
-
-            if (gn.getTagNo() == GeneralName.directoryName)
-            {
-                if (X500Name.getInstance(gn.getName()).equals(subject))
-                {
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
-
-    private X500Name[] getPrincipals(GeneralName[] names)
-    {
-        List l = new ArrayList(names.length);
-
-        for (int i = 0; i != names.length; i++)
-        {
-            if (names[i].getTagNo() == GeneralName.directoryName)
-            {
-                l.add(X500Name.getInstance(names[i].getName()));
-            }
-        }
-
-        return (X500Name[])l.toArray(new X500Name[l.size()]);
-    }
-
-    /**
-     * Return any principal objects inside the attribute certificate holder
-     * entity names field.
-     * 
-     * @return an array of Principal objects (usually X500Principal), null if no
-     *         entity names field is set.
-     */
-    public X500Name[] getEntityNames()
-    {
-        if (holder.getEntityName() != null)
-        {
-            return getPrincipals(holder.getEntityName().getNames());
-        }
-
-        return null;
-    }
-
-    /**
-     * Return the principals associated with the issuer attached to this holder
-     * 
-     * @return an array of principals, null if no BaseCertificateID is set.
-     */
-    public X500Name[] getIssuer()
-    {
-        if (holder.getBaseCertificateID() != null)
-        {
-            return getPrincipals(holder.getBaseCertificateID().getIssuer().getNames());
-        }
-
-        return null;
-    }
-
-    /**
-     * Return the serial number associated with the issuer attached to this
-     * holder.
-     * 
-     * @return the certificate serial number, null if no BaseCertificateID is
-     *         set.
-     */
-    public BigInteger getSerialNumber()
-    {
-        if (holder.getBaseCertificateID() != null)
-        {
-            return holder.getBaseCertificateID().getSerial().getValue();
-        }
-
-        return null;
-    }
-
-    public Object clone()
-    {
-        return new AttributeCertificateHolder((ASN1Sequence)holder.toASN1Object());
-    }
-
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509CertificateHolder))
-        {
-            return false;
-        }
-
-        X509CertificateHolder x509Cert = (X509CertificateHolder)obj;
-
-        if (holder.getBaseCertificateID() != null)
-        {
-            return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
-                && matchesDN(x509Cert.getIssuer(), holder.getBaseCertificateID().getIssuer());
-        }
-
-        if (holder.getEntityName() != null)
-        {
-            if (matchesDN(x509Cert.getSubject(),
-                holder.getEntityName()))
-            {
-                return true;
-            }
-        }
-
-        if (holder.getObjectDigestInfo() != null)
-        {
-            try
-            {
-                DigestCalculator digCalc = digestCalculatorProvider.get(holder.getObjectDigestInfo().getDigestAlgorithm());
-                OutputStream     digOut = digCalc.getOutputStream();
-
-                switch (getDigestedObjectType())
-                {
-                case ObjectDigestInfo.publicKey:
-                    // TODO: DSA Dss-parms
-                    digOut.write(x509Cert.getSubjectPublicKeyInfo().getEncoded());
-                    break;
-                case ObjectDigestInfo.publicKeyCert:
-                    digOut.write(x509Cert.getEncoded());
-                    break;
-                }
-
-                digOut.close();
-
-                if (!Arrays.areEqual(digCalc.getDigest(), getObjectDigest()))
-                {
-                    return false;
-                }
-            }
-            catch (Exception e)
-            {
-                return false;
-            }
-        }
-
-        return false;
-    }
-
-    public boolean equals(Object obj)
-    {
-        if (obj == this)
-        {
-            return true;
-        }
-
-        if (!(obj instanceof AttributeCertificateHolder))
-        {
-            return false;
-        }
-
-        AttributeCertificateHolder other = (AttributeCertificateHolder)obj;
-
-        return this.holder.equals(other.holder);
-    }
-
-    public int hashCode()
-    {
-        return this.holder.hashCode();
-    }
-
-    /**
-     * Set a digest calculator provider to be used if matches are attempted using
-     * ObjectDigestInfo,
-     *
-     * @param digCalcProvider a provider of digest calculators.
-     */
-    public static void setDigestCalculatorProvider(DigestCalculatorProvider digCalcProvider)
-    {
-        digestCalculatorProvider = digCalcProvider;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateIssuer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateIssuer.java
deleted file mode 100644
index 72cb12937..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/AttributeCertificateIssuer.java
+++ /dev/null
@@ -1,148 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.V2Form;
-import org.bouncycastle.util.Selector;
-
-/**
- * Carrying class for an attribute certificate issuer.
- */
-public class AttributeCertificateIssuer
-    implements Selector
-{
-    final ASN1Encodable form;
-
-    /**
-     * Set the issuer directly with the ASN.1 structure.
-     *
-     * @param issuer The issuer
-     */
-    public AttributeCertificateIssuer(AttCertIssuer issuer)
-    {
-        form = issuer.getIssuer();
-    }
-
-    public AttributeCertificateIssuer(X500Name principal)
-    {
-        form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal))));
-    }
-
-    public X500Name[] getNames()
-    {
-        GeneralNames name;
-
-        if (form instanceof V2Form)
-        {
-            name = ((V2Form)form).getIssuerName();
-        }
-        else
-        {
-            name = (GeneralNames)form;
-        }
-
-        GeneralName[] names = name.getNames();
-
-        List l = new ArrayList(names.length);
-
-        for (int i = 0; i != names.length; i++)
-        {
-            if (names[i].getTagNo() == GeneralName.directoryName)
-            {
-                l.add(X500Name.getInstance(names[i].getName()));
-            }
-        }
-
-        return (X500Name[])l.toArray(new X500Name[l.size()]);
-    }
-
-    private boolean matchesDN(X500Name subject, GeneralNames targets)
-    {
-        GeneralName[] names = targets.getNames();
-
-        for (int i = 0; i != names.length; i++)
-        {
-            GeneralName gn = names[i];
-
-            if (gn.getTagNo() == GeneralName.directoryName)
-            {
-                if (X500Name.getInstance(gn.getName()).equals(subject))
-                {
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
-
-    public Object clone()
-    {
-        return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form));
-    }
-
-    public boolean equals(Object obj)
-    {
-        if (obj == this)
-        {
-            return true;
-        }
-
-        if (!(obj instanceof AttributeCertificateIssuer))
-        {
-            return false;
-        }
-
-        AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj;
-
-        return this.form.equals(other.form);
-    }
-
-    public int hashCode()
-    {
-        return this.form.hashCode();
-    }
-
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509CertificateHolder))
-        {
-            return false;
-        }
-
-        X509CertificateHolder x509Cert = (X509CertificateHolder)obj;
-
-        if (form instanceof V2Form)
-        {
-            V2Form issuer = (V2Form)form;
-            if (issuer.getBaseCertificateID() != null)
-            {
-                return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
-                    && matchesDN(x509Cert.getIssuer(), issuer.getBaseCertificateID().getIssuer());
-            }
-
-            GeneralNames name = issuer.getIssuerName();
-            if (matchesDN(x509Cert.getSubject(), name))
-            {
-                return true;
-            }
-        }
-        else
-        {
-            GeneralNames name = (GeneralNames)form;
-            if (matchesDN(x509Cert.getSubject(), name))
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertException.java
deleted file mode 100644
index eb67a5d9d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertException.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.cert;
-
-/**
- * General checked Exception thrown in the cert package and its sub-packages.
- */
-public class CertException
-    extends Exception
-{
-    private Throwable cause;
-
-    public CertException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public CertException(String msg)
-    {
-        super(msg);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertIOException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertIOException.java
deleted file mode 100644
index 929d95e83..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertIOException.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.IOException;
-
-/**
- * General IOException thrown in the cert package and its sub-packages.
- */
-public class CertIOException
-    extends IOException
-{
-    private Throwable cause;
-
-    public CertIOException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public CertIOException(String msg)
-    {
-        super(msg);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertUtils.java
deleted file mode 100644
index fb0a0a7ae..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/CertUtils.java
+++ /dev/null
@@ -1,196 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.operator.ContentSigner;
-
-class CertUtils
-{
-    private static Set EMPTY_SET = Collections.unmodifiableSet(new HashSet());
-    private static List EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
-
-    static X509CertificateHolder generateFullCert(ContentSigner signer, TBSCertificateStructure tbsCert)
-    {
-        try
-        {
-            return new X509CertificateHolder(generateStructure(tbsCert, signer.getAlgorithmIdentifier(), generateSig(signer, tbsCert)));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("cannot produce certificate signature");
-        }
-    }
-
-    static X509AttributeCertificateHolder generateFullAttrCert(ContentSigner signer, AttributeCertificateInfo attrInfo)
-    {
-        try
-        {
-            return new X509AttributeCertificateHolder(generateAttrStructure(attrInfo, signer.getAlgorithmIdentifier(), generateSig(signer, attrInfo)));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("cannot produce attribute certificate signature");
-        }
-    }
-
-    static X509CRLHolder generateFullCRL(ContentSigner signer, TBSCertList tbsCertList)
-    {
-        try
-        {
-            return new X509CRLHolder(generateCRLStructure(tbsCertList, signer.getAlgorithmIdentifier(), generateSig(signer, tbsCertList)));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("cannot produce certificate signature");
-        }
-    }
-
-    private static byte[] generateSig(ContentSigner signer, ASN1Encodable tbsObj)
-        throws IOException
-    {
-        OutputStream sOut = signer.getOutputStream();
-
-        sOut.write(tbsObj.getDEREncoded());
-
-        sOut.close();
-
-        return signer.getSignature();
-    }
-
-    private static X509CertificateStructure generateStructure(TBSCertificateStructure tbsCert, AlgorithmIdentifier sigAlgId, byte[] signature)
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(tbsCert);
-        v.add(sigAlgId);
-        v.add(new DERBitString(signature));
-
-        return X509CertificateStructure.getInstance(new DERSequence(v));
-    }
-
-    private static AttributeCertificate generateAttrStructure(AttributeCertificateInfo attrInfo, AlgorithmIdentifier sigAlgId, byte[] signature)
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(attrInfo);
-        v.add(sigAlgId);
-        v.add(new DERBitString(signature));
-
-        return AttributeCertificate.getInstance(new DERSequence(v));
-    }
-
-    private static CertificateList generateCRLStructure(TBSCertList tbsCertList, AlgorithmIdentifier sigAlgId, byte[] signature)
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(tbsCertList);
-        v.add(sigAlgId);
-        v.add(new DERBitString(signature));
-
-        return CertificateList.getInstance(new DERSequence(v));
-    }
-
-    static Set getCriticalExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_SET;
-        }
-
-        return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getCriticalExtensionOIDs())));
-    }
-
-    static Set getNonCriticalExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_SET;
-        }
-
-        // TODO: should probably produce a set that imposes correct ordering
-        return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getNonCriticalExtensionOIDs())));
-    }
-
-    static List getExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_LIST;
-        }
-
-        return Collections.unmodifiableList(Arrays.asList(extensions.getExtensionOIDs()));
-    }
-
-    static DERBitString booleanToBitString(boolean[] id)
-    {
-        byte[] bytes = new byte[(id.length + 7) / 8];
-
-        for (int i = 0; i != id.length; i++)
-        {
-            bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0;
-        }
-
-        int pad = id.length % 8;
-
-        if (pad == 0)
-        {
-            return new DERBitString(bytes);
-        }
-        else
-        {
-            return new DERBitString(bytes, 8 - pad);
-        }
-    }
-
-    static boolean[] bitStringToBoolean(DERBitString bitString)
-    {
-        if (bitString != null)
-        {
-            byte[]          bytes = bitString.getBytes();
-            boolean[]       boolId = new boolean[bytes.length * 8 - bitString.getPadBits()];
-
-            for (int i = 0; i != boolId.length; i++)
-            {
-                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
-            }
-
-            return boolId;
-        }
-
-        return null;
-    }
-
-    static Date recoverDate(DERGeneralizedTime time)
-    {
-        try
-        {
-            return time.getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("unable to recover date: " + e.getMessage());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java
deleted file mode 100644
index 03291b5b8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java
+++ /dev/null
@@ -1,354 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-
-/**
- * Holding class for an X.509 AttributeCertificate structure.
- */
-public class X509AttributeCertificateHolder
-{
-    private static Attribute[] EMPTY_ARRAY = new Attribute[0];
-    
-    private AttributeCertificate attrCert;
-    private X509Extensions extensions;
-
-    private static AttributeCertificate parseBytes(byte[] certEncoding)
-        throws IOException
-    {
-        try
-        {
-            return AttributeCertificate.getInstance(ASN1Object.fromByteArray(certEncoding));
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Create a X509AttributeCertificateHolder from the passed in bytes.
-     *
-     * @param certEncoding BER/DER encoding of the certificate.
-     * @throws IOException in the event of corrupted data, or an incorrect structure.
-     */
-    public X509AttributeCertificateHolder(byte[] certEncoding)
-        throws IOException
-    {
-        this(parseBytes(certEncoding));
-    }
-
-    /**
-     * Create a X509AttributeCertificateHolder from the passed in ASN.1 structure.
-     *
-     * @param attrCert an ASN.1 AttributeCertificate structure.
-     */
-    public X509AttributeCertificateHolder(AttributeCertificate attrCert)
-    {
-        this.attrCert = attrCert;
-        this.extensions = attrCert.getAcinfo().getExtensions();
-    }
-
-    /**
-     * Return the ASN.1 encoding of this holder's attribute certificate.
-     *
-     * @return a DER encoded byte array.
-     * @throws IOException if an encoding cannot be generated.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return attrCert.getEncoded();
-    }
-
-    public int getVersion()
-    {
-        return attrCert.getAcinfo().getVersion().getValue().intValue() + 1;
-    }
-
-    /**
-     * Return the serial number of this attribute certificate.
-     *
-     * @return the serial number.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return attrCert.getAcinfo().getSerialNumber().getValue();
-    }
-
-    /**
-     * Return the holder details for this attribute certificate.
-     *
-     * @return this attribute certificate's holder structure.
-     */
-    public AttributeCertificateHolder getHolder()
-    {
-        return new AttributeCertificateHolder((ASN1Sequence)attrCert.getAcinfo().getHolder().toASN1Object());
-    }
-
-    /**
-     * Return the issuer details for this attribute certificate.
-     *
-     * @return this attribute certificate's issuer structure,
-     */
-    public AttributeCertificateIssuer getIssuer()
-    {
-        return new AttributeCertificateIssuer(attrCert.getAcinfo().getIssuer());
-    }
-
-    /**
-     * Return the date before which this attribute certificate is not valid.
-     *
-     * @return the start date for the attribute certificate's validity period.
-     */
-    public Date getNotBefore()
-    {
-        return CertUtils.recoverDate(attrCert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime());
-    }
-
-    /**
-     * Return the date after which this attribute certificate is not valid.
-     *
-     * @return the final date for the attribute certificate's validity period.
-     */
-    public Date getNotAfter()
-    {
-        return CertUtils.recoverDate(attrCert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime());
-    }
-
-    /**
-     * Return the attributes, if any associated with this request.
-     *
-     * @return an array of Attribute, zero length if none present.
-     */
-    public Attribute[] getAttributes()
-    {
-        ASN1Sequence seq = attrCert.getAcinfo().getAttributes();
-        Attribute[] attrs = new Attribute[seq.size()];
-
-        for (int i = 0; i != seq.size(); i++)
-        {
-            attrs[i] = Attribute.getInstance(seq.getObjectAt(i));
-        }
-
-        return attrs;
-    }
-
-    /**
-     * Return an  array of attributes matching the passed in type OID.
-     *
-     * @param type the type of the attribute being looked for.
-     * @return an array of Attribute of the requested type, zero length if none present.
-     */
-    public Attribute[] getAttributes(ASN1ObjectIdentifier type)
-    {
-        ASN1Sequence    seq = attrCert.getAcinfo().getAttributes();
-        List            list = new ArrayList();
-
-        for (int i = 0; i != seq.size(); i++)
-        {
-            Attribute attr = Attribute.getInstance(seq.getObjectAt(i));
-            if (attr.getAttrType().equals(type))
-            {
-                list.add(attr);
-            }
-        }
-
-        if (list.size() == 0)
-        {
-            return EMPTY_ARRAY;
-        }
-
-        return (Attribute[])list.toArray(new Attribute[list.size()]);
-    }
-
-    /**
-     * Return whether or not the holder's attribute certificate contains extensions.
-     *
-     * @return true if extension are present, false otherwise.
-     */
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    /**
-     * Look up the extension associated with the passed in OID.
-     *
-     * @param oid the OID of the extension of interest.
-     *
-     * @return the extension if present, null otherwise.
-     */
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    /**
-     * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the
-     * extensions contained in this holder's attribute certificate.
-     *
-     * @return a list of extension OIDs.
-     */
-    public List getExtensionOIDs()
-    {
-        return CertUtils.getExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * critical extensions contained in this holder's attribute certificate.
-     *
-     * @return a set of critical extension OIDs.
-     */
-    public Set getCriticalExtensionOIDs()
-    {
-        return CertUtils.getCriticalExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * non-critical extensions contained in this holder's attribute certificate.
-     *
-     * @return a set of non-critical extension OIDs.
-     */
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return CertUtils.getNonCriticalExtensionOIDs(extensions);
-    }
-
-    public boolean[] getIssuerUniqueID()
-    {
-        return CertUtils.bitStringToBoolean(attrCert.getAcinfo().getIssuerUniqueID());
-    }
-
-    /**
-     * Return the details of the signature algorithm used to create this attribute certificate.
-     *
-     * @return the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate.
-     */
-    public AlgorithmIdentifier getSignatureAlgorithm()
-    {
-        return attrCert.getSignatureAlgorithm();
-    }
-
-    /**
-     * Return the bytes making up the signature associated with this attribute certificate.
-     *
-     * @return the attribute certificate signature bytes.
-     */
-    public byte[] getSignature()
-    {
-        return attrCert.getSignatureValue().getBytes();
-    }
-
-    /**
-     * Return the underlying ASN.1 structure for the attribute certificate in this holder.
-     *
-     * @return a AttributeCertificate object.
-     */
-    public AttributeCertificate toASN1Structure()
-    {
-        return attrCert;
-    }
-
-    /**
-     * Return whether or not this attribute certificate is valid on a particular date.
-     *
-     * @param date the date of interest.
-     * @return true if the attribute certificate is valid, false otherwise.
-     */
-    public boolean isValidOn(Date date)
-    {
-        AttCertValidityPeriod certValidityPeriod = attrCert.getAcinfo().getAttrCertValidityPeriod();
-
-        return !date.before(CertUtils.recoverDate(certValidityPeriod.getNotBeforeTime())) && !date.after(CertUtils.recoverDate(certValidityPeriod.getNotAfterTime()));
-    }
-
-    /**
-     * Validate the signature on the attribute certificate in this holder.
-     *
-     * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
-     * @return true if the signature is valid, false otherwise.
-     * @throws CertException if the signature cannot be processed or is inappropriate.
-     */
-    public boolean isSignatureValid(ContentVerifierProvider verifierProvider)
-        throws CertException
-    {
-        AttributeCertificateInfo acinfo = attrCert.getAcinfo();
-
-        if (!acinfo.getSignature().equals(attrCert.getSignatureAlgorithm()))
-        {
-            throw new CertException("signature invalid - algorithm identifier mismatch");
-        }
-
-        ContentVerifier verifier;
-
-        try
-        {
-            verifier = verifierProvider.get((acinfo.getSignature()));
-
-            OutputStream sOut = verifier.getOutputStream();
-
-            sOut.write(acinfo.getDEREncoded());
-
-            sOut.close();
-        }
-        catch (Exception e)
-        {
-            throw new CertException("unable to process signature: " + e.getMessage(), e);
-        }
-
-        return verifier.verify(attrCert.getSignatureValue().getBytes());
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof X509AttributeCertificateHolder))
-        {
-            return false;
-        }
-
-        X509AttributeCertificateHolder other = (X509AttributeCertificateHolder)o;
-
-        return this.attrCert.equals(other.attrCert);
-    }
-
-    public int hashCode()
-    {
-        return this.attrCert.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java
deleted file mode 100644
index a67112832..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLEntryHolder.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * Holding class for an X.509 CRL Entry structure.
- */
-public class X509CRLEntryHolder
-{
-    private TBSCertList.CRLEntry entry;
-    private X509Extensions extensions;
-
-    X509CRLEntryHolder(TBSCertList.CRLEntry entry)
-    {
-        this.entry = entry;
-        this.extensions = entry.getExtensions();
-    }
-
-    /**
-     * Return the serial number of the certificate associated with this CRLEntry.
-     *
-     * @return the revoked certificate's serial number.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return entry.getUserCertificate().getValue();
-    }
-
-    /**
-     * Return the date on which the certificate associated with this CRLEntry was revoked.
-     *
-     * @return the revocation date for the revoked certificate.
-     */
-    public Date getRevocationDate()
-    {
-        return entry.getRevocationDate().getDate();
-    }
-
-    /**
-     * Return whether or not the holder's CRL entry contains extensions.
-     *
-     * @return true if extension are present, false otherwise.
-     */
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    /**
-     * Look up the extension associated with the passed in OID.
-     *
-     * @param oid the OID of the extension of interest.
-     *
-     * @return the extension if present, null otherwise.
-     */
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    /**
-     * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the
-     * extensions contained in this holder's CRL entry.
-     *
-     * @return a list of extension OIDs.
-     */
-    public List getExtensionOIDs()
-    {
-        return CertUtils.getExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * critical extensions contained in this holder's CRL entry.
-     *
-     * @return a set of critical extension OIDs.
-     */
-    public Set getCriticalExtensionOIDs()
-    {
-        return CertUtils.getCriticalExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * non-critical extensions contained in this holder's CRL entry.
-     *
-     * @return a set of non-critical extension OIDs.
-     */
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return CertUtils.getNonCriticalExtensionOIDs(extensions);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLHolder.java
deleted file mode 100644
index d7415e499..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CRLHolder.java
+++ /dev/null
@@ -1,259 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-
-/**
- * Holding class for an X.509 CRL structure.
- */
-public class X509CRLHolder
-{
-    private CertificateList x509CRL;
-    private X509Extensions extensions;
-
-    private static CertificateList parseBytes(byte[] crlEncoding)
-        throws IOException
-    {
-        try
-        {
-            return CertificateList.getInstance(ASN1Object.fromByteArray(crlEncoding));
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Create a X509CRLHolder from the passed in bytes.
-     *
-     * @param crlEncoding BER/DER encoding of the CRL
-     * @throws IOException in the event of corrupted data, or an incorrect structure.
-     */
-    public X509CRLHolder(byte[] crlEncoding)
-        throws IOException
-    {
-        this(parseBytes(crlEncoding));
-    }
-
-    /**
-     * Create a X509CRLHolder from the passed in ASN.1 structure.
-     *
-     * @param x509CRL an ASN.1 CertificateList structure.
-     */
-    public X509CRLHolder(CertificateList x509CRL)
-    {
-        this.x509CRL = x509CRL;
-        this.extensions = x509CRL.getTBSCertList().getExtensions();
-    }
-
-    /**
-     * Return the ASN.1 encoding of this holder's CRL.
-     *
-     * @return a DER encoded byte array.
-     * @throws IOException if an encoding cannot be generated.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return x509CRL.getEncoded();
-    }
-
-    /**
-     * Return the issuer of this holder's CRL.
-     *
-     * @return the CRL issuer.
-     */
-    public X500Name getIssuer()
-    {
-        return X500Name.getInstance(x509CRL.getIssuer());
-    }
-
-    public X509CRLEntryHolder getRevokedCertificate(BigInteger serialNumber)
-    {
-        for (Enumeration en = x509CRL.getRevokedCertificateEnumeration(); en.hasMoreElements();)
-        {
-            TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)en.nextElement();
-
-            if (entry.getUserCertificate().getValue().equals(serialNumber))
-            {
-                return new X509CRLEntryHolder(entry);
-            }
-        }
-
-        return null;
-    }
-
-    /**
-     * Return a collection of X509CRLEntryHolder objects, giving the details of the
-     * revoked certificates that appear on this CRL.
-     *
-     * @return the revoked certificates as a collection of X509CRLEntryHolder objects.
-     */
-    public Collection getRevokedCertificates()
-    {
-        TBSCertList.CRLEntry[] entries = x509CRL.getRevokedCertificates();
-        List l = new ArrayList(entries.length);
-
-        for (Enumeration en = x509CRL.getRevokedCertificateEnumeration(); en.hasMoreElements();)
-        {
-            TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)en.nextElement();
-
-
-                l.add(new X509CRLEntryHolder(entry));
-
-        }
-
-        return l;
-    }
-    
-    /**
-     * Return whether or not the holder's CRL contains extensions.
-     *
-     * @return true if extension are present, false otherwise.
-     */
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    /**
-     * Look up the extension associated with the passed in OID.
-     *
-     * @param oid the OID of the extension of interest.
-     *
-     * @return the extension if present, null otherwise.
-     */
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    /**
-     * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the
-     * extensions contained in this holder's CRL.
-     *
-     * @return a list of extension OIDs.
-     */
-    public List getExtensionOIDs()
-    {
-        return CertUtils.getExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * critical extensions contained in this holder's CRL.
-     *
-     * @return a set of critical extension OIDs.
-     */
-    public Set getCriticalExtensionOIDs()
-    {
-        return CertUtils.getCriticalExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * non-critical extensions contained in this holder's CRL.
-     *
-     * @return a set of non-critical extension OIDs.
-     */
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return CertUtils.getNonCriticalExtensionOIDs(extensions);
-    }
-
-    /**
-     * Return the underlying ASN.1 structure for the CRL in this holder.
-     *
-     * @return a CertificateList object.
-     */
-    public CertificateList toASN1Structure()
-    {
-        return x509CRL;
-    }
-
-    /**
-     * Validate the signature on the CRL.
-     *
-     * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
-     * @return true if the signature is valid, false otherwise.
-     * @throws CertException if the signature cannot be processed or is inappropriate.
-     */
-    public boolean isSignatureValid(ContentVerifierProvider verifierProvider)
-        throws CertException
-    {
-        TBSCertList tbsCRL = x509CRL.getTBSCertList();
-
-        if (!tbsCRL.getSignature().equals(x509CRL.getSignatureAlgorithm()))
-        {
-            throw new CertException("signature invalid - algorithm identifier mismatch");
-        }
-
-        ContentVerifier verifier;
-
-        try
-        {
-            verifier = verifierProvider.get((tbsCRL.getSignature()));
-
-            OutputStream sOut = verifier.getOutputStream();
-
-            sOut.write(tbsCRL.getDEREncoded());
-
-            sOut.close();
-        }
-        catch (Exception e)
-        {
-            throw new CertException("unable to process signature: " + e.getMessage(), e);
-        }
-
-        return verifier.verify(x509CRL.getSignature().getBytes());
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof X509CRLHolder))
-        {
-            return false;
-        }
-
-        X509CRLHolder other = (X509CRLHolder)o;
-
-        return this.x509CRL.equals(other.x509CRL);
-    }
-
-    public int hashCode()
-    {
-        return this.x509CRL.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java
deleted file mode 100644
index f2b7c8a35..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java
+++ /dev/null
@@ -1,313 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-
-/**
- * Holding class for an X.509 Certificate structure.
- */
-public class X509CertificateHolder
-{
-    private X509CertificateStructure x509Certificate;
-    private X509Extensions extensions;
-
-    private static X509CertificateStructure parseBytes(byte[] certEncoding)
-        throws IOException
-    {
-        try
-        {
-            return X509CertificateStructure.getInstance(ASN1Object.fromByteArray(certEncoding));
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Create a X509CertificateHolder from the passed in bytes.
-     *
-     * @param certEncoding BER/DER encoding of the certificate.
-     * @throws IOException in the event of corrupted data, or an incorrect structure.
-     */
-    public X509CertificateHolder(byte[] certEncoding)
-        throws IOException
-    {
-        this(parseBytes(certEncoding));
-    }
-
-    /**
-     * Create a X509CertificateHolder from the passed in ASN.1 structure.
-     *
-     * @param x509Certificate an ASN.1 Certificate structure.
-     */
-    public X509CertificateHolder(X509CertificateStructure x509Certificate)
-    {
-        this.x509Certificate = x509Certificate;
-        this.extensions = x509Certificate.getTBSCertificate().getExtensions();
-    }
-
-    public int getVersion()
-    {
-        return x509Certificate.getVersion();
-    }
-
-    /**
-     * Return whether or not the holder's certificate contains extensions.
-     *
-     * @return true if extension are present, false otherwise.
-     */
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    /**
-     * Look up the extension associated with the passed in OID.
-     *
-     * @param oid the OID of the extension of interest.
-     *
-     * @return the extension if present, null otherwise.
-     */
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    /**
-     * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the
-     * extensions contained in this holder's certificate.
-     *
-     * @return a list of extension OIDs.
-     */
-    public List getExtensionOIDs()
-    {
-        return CertUtils.getExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * critical extensions contained in this holder's certificate.
-     *
-     * @return a set of critical extension OIDs.
-     */
-    public Set getCriticalExtensionOIDs()
-    {
-        return CertUtils.getCriticalExtensionOIDs(extensions);
-    }
-
-    /**
-     * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the
-     * non-critical extensions contained in this holder's certificate.
-     *
-     * @return a set of non-critical extension OIDs.
-     */
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return CertUtils.getNonCriticalExtensionOIDs(extensions);
-    }
-
-    public IssuerAndSerialNumber getIssuerAndSerialNumber()
-    {
-        return new IssuerAndSerialNumber(x509Certificate.getIssuer(), x509Certificate.getSerialNumber());
-    }
-
-    /**
-     * Return the serial number of this attribute certificate.
-     *
-     * @return the serial number.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return x509Certificate.getSerialNumber().getValue();
-    }
-
-    /**
-     * Return the issuer of this certificate.
-     *
-     * @return the certificate issuer.
-     */
-    public X500Name getIssuer()
-    {
-        return X500Name.getInstance(x509Certificate.getIssuer());
-    }
-
-    /**
-     * Return the subject this certificate is for.
-     *
-     * @return the subject for the certificate.
-     */
-    public X500Name getSubject()
-    {
-        return X500Name.getInstance(x509Certificate.getSubject());
-    }
-
-    /**
-     * Return the date before which this certificate is not valid.
-     *
-     * @return the start time for the certificate's validity period.
-     */
-    public Date getNotBefore()
-    {
-        return x509Certificate.getStartDate().getDate();
-    }
-
-    /**
-     * Return the date after which this certificate is not valid.
-     *
-     * @return the final time for the certificate's validity period.
-     */
-    public Date getNotAfter()
-    {
-        return x509Certificate.getEndDate().getDate();
-    }
-
-    /**
-     * Return the SubjectPublicKeyInfo describing the public key this certificate is carrying.
-     *
-     * @return the public key ASN.1 structure contained in the certificate.
-     */
-    public SubjectPublicKeyInfo getSubjectPublicKeyInfo()
-    {
-        return x509Certificate.getSubjectPublicKeyInfo();
-    }
-
-    /**
-     * Return the underlying ASN.1 structure for the certificate in this holder.
-     *
-     * @return a X509CertificateStructure object.
-     */
-    public X509CertificateStructure toASN1Structure()
-    {
-        return x509Certificate;
-    }
-
-    /**
-     * Return the details of the signature algorithm used to create this attribute certificate.
-     *
-     * @return the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate.
-     */
-    public AlgorithmIdentifier getSignatureAlgorithm()
-    {
-        return x509Certificate.getSignatureAlgorithm();
-    }
-
-    /**
-     * Return the bytes making up the signature associated with this attribute certificate.
-     *
-     * @return the attribute certificate signature bytes.
-     */
-    public byte[] getSignature()
-    {
-        return x509Certificate.getSignature().getBytes();
-    }
-
-    /**
-     * Return whether or not this certificate is valid on a particular date.
-     *
-     * @param date the date of interest.
-     * @return true if the certificate is valid, false otherwise.
-     */
-    public boolean isValidOn(Date date)
-    {
-        return !date.before(x509Certificate.getStartDate().getDate()) && !date.after(x509Certificate.getEndDate().getDate());
-    }
-
-    /**
-     * Validate the signature on the certificate in this holder.
-     *
-     * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
-     * @return true if the signature is valid, false otherwise.
-     * @throws CertException if the signature cannot be processed or is inappropriate.
-     */
-    public boolean isSignatureValid(ContentVerifierProvider verifierProvider)
-        throws CertException
-    {
-        TBSCertificateStructure tbsCert = x509Certificate.getTBSCertificate();
-
-        if (!tbsCert.getSignature().equals(x509Certificate.getSignatureAlgorithm()))
-        {
-            throw new CertException("signature invalid - algorithm identifier mismatch");
-        }
-
-        ContentVerifier verifier;
-
-        try
-        {
-            verifier = verifierProvider.get((tbsCert.getSignature()));
-
-            OutputStream sOut = verifier.getOutputStream();
-
-            sOut.write(tbsCert.getDEREncoded());
-
-            sOut.close();
-        }
-        catch (Exception e)
-        {
-            throw new CertException("unable to process signature: " + e.getMessage(), e);
-        }
-
-        return verifier.verify(x509Certificate.getSignature().getBytes());
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof X509CertificateHolder))
-        {
-            return false;
-        }
-
-        X509CertificateHolder other = (X509CertificateHolder)o;
-
-        return this.x509Certificate.equals(other.x509Certificate);
-    }
-
-    public int hashCode()
-    {
-        return this.x509Certificate.hashCode();
-    }
-
-    /**
-     * Return the ASN.1 encoding of this holder's certificate.
-     *
-     * @return a DER encoded byte array.
-     * @throws IOException if an encoding cannot be generated.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return x509Certificate.getEncoded();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v1CertificateBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v1CertificateBuilder.java
deleted file mode 100644
index a7695cada..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v1CertificateBuilder.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.math.BigInteger;
-import java.util.Date;
-
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
-import org.bouncycastle.operator.ContentSigner;
-
-
-/**
- * class to produce an X.509 Version 1 certificate.
- */
-public class X509v1CertificateBuilder
-{
-    private V1TBSCertificateGenerator   tbsGen;
-
-    /**
-     * Create a builder for a version 1 certificate.
-     *
-     * @param issuer the certificate issuer
-     * @param serial the certificate serial number
-     * @param notBefore the date before which the certificate is not valid
-     * @param notAfter the date after which the certificate is not valid
-     * @param subject the certificate subject
-     * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
-     */
-    public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
-    {
-        if (issuer == null)
-        {
-            throw new IllegalArgumentException("issuer must not be null");
-        }
-
-        if (publicKeyInfo == null)
-        {
-            throw new IllegalArgumentException("publicKeyInfo must not be null");
-        }
-
-        tbsGen = new V1TBSCertificateGenerator();
-        tbsGen.setSerialNumber(new DERInteger(serial));
-        tbsGen.setIssuer(issuer);
-        tbsGen.setStartDate(new Time(notBefore));
-        tbsGen.setEndDate(new Time(notAfter));
-        tbsGen.setSubject(subject);
-        tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
-    }
-
-    /**
-     * Generate an X509 certificate, based on the current issuer and subject
-     * using the passed in signer.
-     *
-     * @param signer the content signer to be used to generate the signature validating the certificate.
-     * @return a holder containing the resulting signed certificate.
-     */
-    public X509CertificateHolder build(
-        ContentSigner signer)
-    {
-        tbsGen.setSignature(signer.getAlgorithmIdentifier());
-
-        return CertUtils.generateFullCert(signer, tbsGen.generateTBSCertificate());
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java
deleted file mode 100644
index 99aad1cad..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java
+++ /dev/null
@@ -1,108 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.math.BigInteger;
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.V2AttributeCertificateInfoGenerator;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.operator.ContentSigner;
-
-/**
- * class to produce an X.509 Version 2 AttributeCertificate.
- */
-public class X509v2AttributeCertificateBuilder
-{
-    private V2AttributeCertificateInfoGenerator   acInfoGen;
-    private X509ExtensionsGenerator               extGenerator;
-
-    public X509v2AttributeCertificateBuilder(AttributeCertificateHolder     holder, AttributeCertificateIssuer  issuer, BigInteger      serialNumber, Date notBefore, Date notAfter)
-    {
-        acInfoGen = new V2AttributeCertificateInfoGenerator();
-        extGenerator = new X509ExtensionsGenerator();
-
-        acInfoGen.setHolder(holder.holder);
-        acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
-        acInfoGen.setSerialNumber(new DERInteger(serialNumber));
-        acInfoGen.setStartDate(new DERGeneralizedTime(notBefore));
-        acInfoGen.setEndDate(new DERGeneralizedTime(notAfter));
-    }
-
-    /**
-     * Add an attribute to the certification request we are building.
-     *
-     * @param attrType the OID giving the type of the attribute.
-     * @param attrValue the ASN.1 structure that forms the value of the attribute.
-     * @return this builder object.
-     */
-    public X509v2AttributeCertificateBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue)
-    {
-        acInfoGen.addAttribute(new Attribute(attrType, new DERSet(attrValue)));
-
-        return this;
-    }
-
-    /**
-     * Add an attribute with multiple values to the certification request we are building.
-     *
-     * @param attrType the OID giving the type of the attribute.
-     * @param attrValues an array of ASN.1 structures that form the value of the attribute.
-     * @return this builder object.
-     */
-    public X509v2AttributeCertificateBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable[] attrValues)
-    {
-        acInfoGen.addAttribute(new Attribute(attrType, new DERSet(attrValues)));
-
-        return this;
-    }
-
-    public void setIssuerUniqueId(
-        boolean[] iui)
-    {
-        acInfoGen.setIssuerUniqueID(CertUtils.booleanToBitString(iui));
-    }
-
-    /**
-     * Add a given extension field for the standard extensions tag
-     *
-     * @param oid the OID defining the extension type.
-     * @param isCritical true if the extension is critical, false otherwise.
-     * @param value the ASN.1 structure that forms the extension's value.
-     * @return this builder object.
-     */
-    public X509v2AttributeCertificateBuilder addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean isCritical,
-        ASN1Encodable value)
-    {
-        extGenerator.addExtension(oid, isCritical, value);
-
-        return this;
-    }
-
-   /**
-     * Generate an X509 certificate, based on the current issuer and subject
-     * using the passed in signer.
-     *
-     * @param signer the content signer to be used to generate the signature validating the certificate.
-     * @return a holder containing the resulting signed certificate.
-     */
-    public X509AttributeCertificateHolder build(
-        ContentSigner signer)
-    {
-        acInfoGen.setSignature(signer.getAlgorithmIdentifier());
-
-        if (!extGenerator.isEmpty())
-        {
-            acInfoGen.setExtensions(extGenerator.generate());
-        }
-
-        return CertUtils.generateFullAttrCert(signer, acInfoGen.generateAttributeCertificateInfo());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2CRLBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2CRLBuilder.java
deleted file mode 100644
index cfd152bf1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v2CRLBuilder.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.operator.ContentSigner;
-
-/**
- * class to produce an X.509 Version 2 CRL.
- */
-public class X509v2CRLBuilder
-{
-    private V2TBSCertListGenerator      tbsGen;
-    private X509ExtensionsGenerator     extGenerator;
-
-    /**
-     * Basic constructor.
-     *
-     * @param issuer the issuer this CRL is associated with.
-     * @param thisUpdate  the date of this update.
-     */
-    public X509v2CRLBuilder(
-        X500Name issuer,
-        Date     thisUpdate)
-    {
-        tbsGen = new V2TBSCertListGenerator();
-        extGenerator = new X509ExtensionsGenerator();
-
-        tbsGen.setIssuer(issuer);
-        tbsGen.setThisUpdate(new Time(thisUpdate));
-    }
-
-    /**
-     * Set the date by which the next CRL will become available.
-     *
-     * @param date  date of next CRL update.
-     * @return the current builder.
-     */
-    public X509v2CRLBuilder setNextUpdate(
-        Date    date)
-    {
-        tbsGen.setNextUpdate(new Time(date));
-
-        return this;
-    }
-
-    /**
-     * Add a CRL entry with the just reasonCode extension.
-     *
-     * @param userCertificateSerial serial number of revoked certificate.
-     * @param revocationDate date of certificate revocation.
-     * @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
-     * @return the current builder.
-     */
-    public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason)
-    {
-        tbsGen.addCRLEntry(new DERInteger(userCertificateSerial), new Time(revocationDate), reason);
-
-        return this;
-    }
-
-    /**
-     * Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used
-     * where the date of revocation might be after issues with the certificate may have occurred.
-     *
-     * @param userCertificateSerial serial number of revoked certificate.
-     * @param revocationDate date of certificate revocation.
-     * @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
-     * @param invalidityDate the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
-     * @return the current builder.
-     */
-    public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason, Date invalidityDate)
-    {
-        tbsGen.addCRLEntry(new DERInteger(userCertificateSerial), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate));
-
-        return this;
-    }
-   
-    /**
-     * Add a CRL entry with extensions.
-     *
-     * @param userCertificateSerial serial number of revoked certificate.
-     * @param revocationDate date of certificate revocation.
-     * @param extensions extension set to be associated with this CRLEntry.
-     * @return the current builder.
-     */
-    public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, X509Extensions extensions)
-    {
-        tbsGen.addCRLEntry(new DERInteger(userCertificateSerial), new Time(revocationDate), extensions);
-
-        return this;
-    }
-    
-    /**
-     * Add the CRLEntry objects contained in a previous CRL.
-     * 
-     * @param other the X509CRLHolder to source the other entries from.
-     * @return the current builder.
-     */
-    public X509v2CRLBuilder addCRL(X509CRLHolder other)
-    {
-        TBSCertList revocations = other.toASN1Structure().getTBSCertList();
-
-        if (revocations != null)
-        {
-            for (Enumeration en = revocations.getRevokedCertificateEnumeration(); en.hasMoreElements();)
-            {
-                    tbsGen.addCRLEntry(ASN1Sequence.getInstance(((ASN1Encodable)en.nextElement()).getDERObject()));
-            }
-        }
-
-        return this;
-    }
-
-    /**
-     * Add a given extension field for the standard extensions tag (tag 3)
-     *
-     * @param oid the OID defining the extension type.
-     * @param isCritical true if the extension is critical, false otherwise.
-     * @param value the ASN.1 structure that forms the extension's value.
-     * @return this builder object.
-     */
-    public X509v2CRLBuilder addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean isCritical,
-        ASN1Encodable value)
-    {
-        extGenerator.addExtension(oid, isCritical, value);
-
-        return this;
-    }
-
-    /**
-     * Generate an X.509 CRL, based on the current issuer and subject
-     * using the passed in signer.
-     *
-     * @param signer the content signer to be used to generate the signature validating the certificate.
-     * @return a holder containing the resulting signed certificate.
-     */
-    public X509CRLHolder build(
-        ContentSigner signer)
-    {
-        tbsGen.setSignature(signer.getAlgorithmIdentifier());
-
-        if (!extGenerator.isEmpty())
-        {
-            tbsGen.setExtensions(extGenerator.generate());
-        }
-
-        return CertUtils.generateFullCRL(signer, tbsGen.generateTBSCertList());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v3CertificateBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v3CertificateBuilder.java
deleted file mode 100644
index 6746ff9a3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/X509v3CertificateBuilder.java
+++ /dev/null
@@ -1,141 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.math.BigInteger;
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.operator.ContentSigner;
-
-
-/**
- * class to produce an X.509 Version 3 certificate.
- */
-public class X509v3CertificateBuilder
-{
-    private V3TBSCertificateGenerator   tbsGen;
-    private X509ExtensionsGenerator     extGenerator;
-
-    /**
-     * Create a builder for a version 3 certificate.
-     *
-     * @param issuer the certificate issuer
-     * @param serial the certificate serial number
-     * @param notBefore the date before which the certificate is not valid
-     * @param notAfter the date after which the certificate is not valid
-     * @param subject the certificate subject
-     * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
-     */
-    public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
-    {
-        tbsGen = new V3TBSCertificateGenerator();
-        tbsGen.setSerialNumber(new DERInteger(serial));
-        tbsGen.setIssuer(issuer);
-        tbsGen.setStartDate(new Time(notBefore));
-        tbsGen.setEndDate(new Time(notAfter));
-        tbsGen.setSubject(subject);
-        tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
-
-        extGenerator = new X509ExtensionsGenerator();
-    }
-
-    /**
-     * Set the subjectUniqueID - note: it is very rare that it is correct to do this.
-     *
-     * @param uniqueID a boolean array representing the bits making up the subjectUniqueID.
-     * @return this builder object.
-     */
-    public X509v3CertificateBuilder setSubjectUniqueID(boolean[] uniqueID)
-    {
-        tbsGen.setSubjectUniqueID(CertUtils.booleanToBitString(uniqueID));
-
-        return this;
-    }
-
-    /**
-     * Set the issuerUniqueID - note: it is very rare that it is correct to do this.
-     *
-     * @param uniqueID a boolean array representing the bits making up the issuerUniqueID.
-     * @return this builder object.
-     */
-    public X509v3CertificateBuilder setIssuerUniqueID(boolean[] uniqueID)
-    {
-        tbsGen.setIssuerUniqueID(CertUtils.booleanToBitString(uniqueID));
-
-        return this;
-    }
-
-    /**
-     * Add a given extension field for the standard extensions tag (tag 3)
-     *
-     * @param oid the OID defining the extension type.
-     * @param isCritical true if the extension is critical, false otherwise.
-     * @param value the ASN.1 structure that forms the extension's value.
-     * @return this builder object.
-     */
-    public X509v3CertificateBuilder addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean isCritical,
-        ASN1Encodable value)
-    {
-        extGenerator.addExtension(oid, isCritical, value);
-
-        return this;
-    }
-
-    /**
-     * Add a given extension field for the standard extensions tag (tag 3)
-     * copying the extension value from another certificate.
-     *
-     * @param oid the OID defining the extension type.
-     * @param isCritical true if the copied extension is to be marked as critical, false otherwise.
-     * @param certHolder the holder for the certificate that the extension is to be copied from.
-     * @return this builder object.
-     */
-    public X509v3CertificateBuilder copyAndAddExtension(
-        ASN1ObjectIdentifier oid,
-        boolean isCritical,
-        X509CertificateHolder certHolder)
-    {
-        X509CertificateStructure cert = certHolder.toASN1Structure();
-
-        X509Extension extension = cert.getTBSCertificate().getExtensions().getExtension(oid);
-
-        if (extension == null)
-        {
-            throw new NullPointerException("extension " + oid + " not present");
-        }
-
-        extGenerator.addExtension(oid, isCritical, extension.getValue().getOctets());
-
-        return this;
-    }
-
-    /**
-     * Generate an X.509 certificate, based on the current issuer and subject
-     * using the passed in signer.
-     *
-     * @param signer the content signer to be used to generate the signature validating the certificate.
-     * @return a holder containing the resulting signed certificate.
-     */
-    public X509CertificateHolder build(
-        ContentSigner signer)
-    {
-        tbsGen.setSignature(signer.getAlgorithmIdentifier());
-
-        if (!extGenerator.isEmpty())
-        {
-            tbsGen.setExtensions(extGenerator.generate());
-        }
-
-        return CertUtils.generateFullCert(signer, tbsGen.generateTBSCertificate());
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPException.java
deleted file mode 100644
index 2a1cc865d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPException.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-public class CMPException
-    extends Exception
-{
-    private Throwable cause;
-
-    public CMPException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public CMPException(String msg)
-    {
-        super(msg);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPRuntimeException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPRuntimeException.java
deleted file mode 100644
index 35b2d3fa1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPRuntimeException.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-public class CMPRuntimeException
-    extends RuntimeException
-{
-    private Throwable cause;
-
-    public CMPRuntimeException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPUtil.java
deleted file mode 100644
index cc2ef04a1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CMPUtil.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEROutputStream;
-
-class CMPUtil
-{
-    static void derEncodeToStream(ASN1Encodable obj, OutputStream stream)
-    {
-        DEROutputStream dOut = new DEROutputStream(stream);
-
-        try
-        {
-            dOut.writeObject(obj);
-
-            dOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new CMPRuntimeException("unable to DER encode object: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContent.java
deleted file mode 100644
index d1a2e643e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContent.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import org.bouncycastle.asn1.cmp.CertConfirmContent;
-import org.bouncycastle.asn1.cmp.CertStatus;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-
-public class CertificateConfirmationContent
-{
-    private DigestAlgorithmIdentifierFinder digestAlgFinder;
-    private CertConfirmContent content;
-
-    public CertificateConfirmationContent(CertConfirmContent content)
-    {
-        this(content, new DefaultDigestAlgorithmIdentifierFinder());
-    }
-
-    public CertificateConfirmationContent(CertConfirmContent content, DigestAlgorithmIdentifierFinder digestAlgFinder)
-    {
-        this.digestAlgFinder = digestAlgFinder;
-        this.content = content;
-    }
-
-    public CertConfirmContent toASN1Structure()
-    {
-        return content;
-    }
-
-    public CertificateStatus[] getStatusMessages()
-    {
-        CertStatus[] statusArray = content.toCertStatusArray();
-        CertificateStatus[] ret = new CertificateStatus[statusArray.length];
-
-        for (int i = 0; i != ret.length; i++)
-        {
-            ret[i] = new CertificateStatus(digestAlgFinder, statusArray[i]);
-        }
-
-        return ret;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContentBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContentBuilder.java
deleted file mode 100644
index 578ae1480..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateConfirmationContentBuilder.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cmp.CertConfirmContent;
-import org.bouncycastle.asn1.cmp.CertStatus;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class CertificateConfirmationContentBuilder
-{
-    private DigestAlgorithmIdentifierFinder digestAlgFinder;
-    private List acceptedCerts = new ArrayList();
-    private List acceptedReqIds = new ArrayList();
-
-    public CertificateConfirmationContentBuilder()
-    {
-        this(new DefaultDigestAlgorithmIdentifierFinder());
-    }
-
-    public CertificateConfirmationContentBuilder(DigestAlgorithmIdentifierFinder digestAlgFinder)
-    {
-        this.digestAlgFinder = digestAlgFinder;
-    }
-    
-    public CertificateConfirmationContentBuilder addAcceptedCertificate(X509CertificateHolder certHolder, BigInteger certReqID)
-    {
-        acceptedCerts.add(certHolder);
-        acceptedReqIds.add(certReqID);
-
-        return this;
-    }
-
-    public CertificateConfirmationContent build(DigestCalculatorProvider digesterProvider)
-        throws CMPException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        for (int i = 0; i != acceptedCerts.size(); i++)
-        {
-            X509CertificateHolder certHolder = (X509CertificateHolder)acceptedCerts.get(i);
-            BigInteger reqID = (BigInteger)acceptedReqIds.get(i);
-
-            AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
-            if (digAlg == null)
-            {
-                throw new CMPException("cannot find algorithm for digest from signature");
-            }
-
-            DigestCalculator digester;
-
-            try
-            {
-                digester = digesterProvider.get(digAlg);
-            }
-            catch (OperatorCreationException e)
-            {
-                throw new CMPException("unable to create digest: " + e.getMessage(), e);
-            }
-
-            CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
-
-            v.add(new CertStatus(digester.getDigest(), reqID));
-        }
-
-        return new CertificateConfirmationContent(CertConfirmContent.getInstance(new DERSequence(v)), digestAlgFinder);
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateStatus.java
deleted file mode 100644
index 50df835f4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/CertificateStatus.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.cmp.CertStatus;
-import org.bouncycastle.asn1.cmp.PKIStatusInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.Arrays;
-
-public class CertificateStatus
-{
-    private DigestAlgorithmIdentifierFinder digestAlgFinder;    
-    private CertStatus certStatus;
-
-    CertificateStatus(DigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus)
-    {
-        this.digestAlgFinder = digestAlgFinder;
-        this.certStatus = certStatus;
-    }
-
-    public PKIStatusInfo getStatusInfo()
-    {
-        return certStatus.getStatusInfo();
-    }
-
-    public BigInteger getCertRequestID()
-    {
-        return certStatus.getCertReqId().getValue();
-    }
-
-    public boolean isVerified(X509CertificateHolder certHolder, DigestCalculatorProvider digesterProvider)
-        throws CMPException
-    {
-        AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
-        if (digAlg == null)
-        {
-            throw new CMPException("cannot find algorithm for digest from signature");
-        }
-
-        DigestCalculator digester;
-
-        try
-        {
-            digester = digesterProvider.get(digAlg);
-        }
-        catch (OperatorCreationException e)
-        {
-            throw new CMPException("unable to create digester: " + e.getMessage(), e);
-        }
-
-        CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
-
-        return Arrays.areEqual(certStatus.getCertHash().getOctets(), digester.getDigest());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/GeneralPKIMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/GeneralPKIMessage.java
deleted file mode 100644
index a77b4876e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/GeneralPKIMessage.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.cmp.PKIBody;
-import org.bouncycastle.asn1.cmp.PKIHeader;
-import org.bouncycastle.asn1.cmp.PKIMessage;
-import org.bouncycastle.cert.CertIOException;
-
-/**
- * General wrapper for a generic PKIMessage
- */
-public class GeneralPKIMessage
-{
-    private final PKIMessage pkiMessage;
-
-    private static PKIMessage parseBytes(byte[] encoding)
-        throws IOException
-    {
-        try
-        {
-            return PKIMessage.getInstance(ASN1Object.fromByteArray(encoding));
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Create a PKIMessage from the passed in bytes.
-     *
-     * @param encoding BER/DER encoding of the PKIMessage
-     * @throws IOException in the event of corrupted data, or an incorrect structure.
-     */
-    public GeneralPKIMessage(byte[] encoding)
-        throws IOException
-    {
-        this(parseBytes(encoding));
-    }
-
-    /**
-     * Wrap a PKIMessage ASN.1 structure.
-     *
-     * @param pkiMessage base PKI message.
-     */
-    public GeneralPKIMessage(PKIMessage pkiMessage)
-    {
-        this.pkiMessage = pkiMessage;
-    }
-
-    public PKIHeader getHeader()
-    {
-        return pkiMessage.getHeader();
-    }
-
-    public PKIBody getBody()
-    {
-        return pkiMessage.getBody();
-    }
-
-    /**
-     * Return true if this message has protection bits on it. A return value of true
-     * indicates the message can be used to construct a ProtectedPKIMessage.
-     *
-     * @return true if message has protection, false otherwise.
-     */
-    public boolean hasProtection()
-    {
-        return pkiMessage.getHeader().getProtectionAlg() != null;
-    }
-
-    public PKIMessage toASN1Structure()
-    {
-        return pkiMessage;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessage.java
deleted file mode 100644
index 1f04a1378..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessage.java
+++ /dev/null
@@ -1,197 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cmp.CMPCertificate;
-import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
-import org.bouncycastle.asn1.cmp.PBMParameter;
-import org.bouncycastle.asn1.cmp.PKIBody;
-import org.bouncycastle.asn1.cmp.PKIHeader;
-import org.bouncycastle.asn1.cmp.PKIMessage;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.crmf.PKMACBuilder;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.MacCalculator;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Wrapper for a PKIMessage with protection attached to it.
- */
-public class ProtectedPKIMessage
-{
-    private PKIMessage pkiMessage;
-
-    /**
-     * Base constructor.
-     *
-     * @param pkiMessage a GeneralPKIMessage with
-     */
-    public ProtectedPKIMessage(GeneralPKIMessage pkiMessage)
-    {
-        if (!pkiMessage.hasProtection())
-        {
-            throw new IllegalArgumentException("PKIMessage not protected");
-        }
-        
-        this.pkiMessage = pkiMessage.toASN1Structure();
-    }
-
-    ProtectedPKIMessage(PKIMessage pkiMessage)
-    {
-        if (pkiMessage.getHeader().getProtectionAlg() == null)
-        {
-            throw new IllegalArgumentException("PKIMessage not protected");
-        }
-
-        this.pkiMessage = pkiMessage;
-    }
-
-    /**
-     * Return the message header.
-     *
-     * @return the message's PKIHeader structure.
-     */
-    public PKIHeader getHeader()
-    {
-        return pkiMessage.getHeader();
-    }
-
-    /**
-     * Return the message body.
-     *
-     * @return the message's PKIBody structure.
-     */
-    public PKIBody getBody()
-    {
-        return pkiMessage.getBody();
-    }
-
-    /**
-     * Return the underlying ASN.1 structure contained in this object.
-     *
-     * @return a PKIMessage structure.
-     */
-    public PKIMessage toASN1Structure()
-    {
-        return pkiMessage;
-    }
-
-    /**
-     * Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[])
-     * to verify the message if this method returns true.
-     *
-     * @return true if protection MAC PBE based, false otherwise.
-     */
-    public boolean hasPasswordBasedMacProtection()
-    {
-        return pkiMessage.getHeader().getProtectionAlg().getAlgorithm().equals(CMPObjectIdentifiers.passwordBasedMac);
-    }
-
-    /**
-     * Return the extra certificates associated with this message.
-     *
-     * @return an array of extra certificates, zero length if none present.
-     */
-    public X509CertificateHolder[] getCertificates()
-    {
-        CMPCertificate[] certs = pkiMessage.getExtraCerts();
-
-        if (certs == null)
-        {
-            return new X509CertificateHolder[0];
-        }
-
-        X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
-        for (int i = 0; i != certs.length; i++)
-        {
-            res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
-        }
-
-        return res;
-    }
-
-    /**
-     * Verify a message with a public key based signature attached.
-     *
-     * @param verifierProvider a provider of signature verifiers.
-     * @return true if the provider is able to create a verifier that validates
-     * the signature, false otherwise.
-     * @throws CMPException if an exception is thrown trying to verify the signature.
-     */
-    public boolean verify(ContentVerifierProvider verifierProvider)
-        throws CMPException
-    {
-        ContentVerifier verifier;
-        try
-        {
-            verifier = verifierProvider.get(pkiMessage.getHeader().getProtectionAlg());
-
-            return verifySignature(pkiMessage.getProtection().getBytes(), verifier);
-        }
-        catch (Exception e)
-        {
-            throw new CMPException("unable to verify signature: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Verify a message with password based MAC protection.
-     *
-     * @param pkMacBuilder MAC builder that can be used to construct the appropriate MacCalculator
-     * @param password the MAC password
-     * @return true if the passed in password and MAC builder verify the message, false otherwise.
-     * @throws CMPException if algorithm not MAC based, or an exception is thrown verifying the MAC.
-     */
-    public boolean verify(PKMACBuilder pkMacBuilder, char[] password)
-        throws CMPException
-    {
-        if (!CMPObjectIdentifiers.passwordBasedMac.equals(pkiMessage.getHeader().getProtectionAlg().getAlgorithm()))
-        {
-            throw new CMPException("protection algorithm not mac based");
-        }
-
-        try
-        {
-            pkMacBuilder.setParameters(PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters()));
-            MacCalculator calculator = pkMacBuilder.build(password);
-
-            OutputStream macOut = calculator.getOutputStream();
-
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            v.add(pkiMessage.getHeader());
-            v.add(pkiMessage.getBody());
-
-            macOut.write(new DERSequence(v).getDEREncoded());
-
-            macOut.close();
-
-            return Arrays.areEqual(calculator.getMac(), pkiMessage.getProtection().getBytes());
-        }
-        catch (Exception e)
-        {
-            throw new CMPException("unable to verify MAC: " + e.getMessage(), e);
-        }
-    }
-
-    private boolean verifySignature(byte[] signature, ContentVerifier verifier)
-        throws IOException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(pkiMessage.getHeader());
-        v.add(pkiMessage.getBody());
-
-        OutputStream sOut = verifier.getOutputStream();
-
-        sOut.write(new DERSequence(v).getDEREncoded());
-
-        sOut.close();
-
-        return verifier.verify(signature);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java
deleted file mode 100644
index e2b9c897f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java
+++ /dev/null
@@ -1,305 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cmp.CMPCertificate;
-import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
-import org.bouncycastle.asn1.cmp.PKIBody;
-import org.bouncycastle.asn1.cmp.PKIFreeText;
-import org.bouncycastle.asn1.cmp.PKIHeader;
-import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
-import org.bouncycastle.asn1.cmp.PKIMessage;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.MacCalculator;
-
-/**
- * Builder for creating a protected PKI message.
- */
-public class ProtectedPKIMessageBuilder
-{
-    private PKIHeaderBuilder hdrBuilder;
-    private PKIBody body;
-    private List generalInfos = new ArrayList();
-    private List extraCerts = new ArrayList();
-
-    /**
-     * Commence a message with the header version CMP_2000.
-     *
-     * @param sender message sender.
-     * @param recipient intended recipient.
-     */
-    public ProtectedPKIMessageBuilder(GeneralName sender, GeneralName recipient)
-    {
-        this(PKIHeader.CMP_2000, sender, recipient);
-    }
-
-    /**
-     * Commence a message with a specific header type.
-     *
-     * @param pvno  the version CMP_1999 or CMP_2000.
-     * @param sender message sender.
-     * @param recipient intended recipient.
-     */
-    public ProtectedPKIMessageBuilder(int pvno, GeneralName sender, GeneralName recipient)
-    {
-        hdrBuilder = new PKIHeaderBuilder(pvno, sender, recipient);
-    }
-
-    /**
-     * Set the identifier for the transaction the new message will belong to.
-     *
-     * @param tid  the transaction ID.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setTransactionID(byte[] tid)
-    {
-        hdrBuilder.setTransactionID(tid);
-
-        return this;
-    }
-
-    /**
-     * Include a human-readable message in the new message.
-     *
-     * @param freeText the contents of the human readable message,
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setFreeText(PKIFreeText freeText)
-    {
-        hdrBuilder.setFreeText(freeText);
-
-        return this;
-    }
-
-    /**
-     * Add a generalInfo data record to the header of the new message.
-     *
-     * @param genInfo the generalInfo data to be added.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder addGeneralInfo(InfoTypeAndValue genInfo)
-    {
-        generalInfos.add(genInfo);
-
-        return this;
-    }
-
-    /**
-     * Set the creation time for the new message.
-     *
-     * @param time the message creation time.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setMessageTime(Date time)
-    {
-        hdrBuilder.setMessageTime(new DERGeneralizedTime(time));
-
-        return this;
-    }
-
-    /**
-     * Set the recipient key identifier for the key to be used to verify the new message.
-     *
-     * @param kid a key identifier.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setRecipKID(byte[] kid)
-    {
-        hdrBuilder.setRecipKID(kid);
-
-        return this;
-    }
-
-    /**
-     * Set the recipient nonce field on the new message.
-     *
-     * @param nonce a NONCE, typically copied from the sender nonce of the previous message.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setRecipNonce(byte[] nonce)
-    {
-        hdrBuilder.setRecipNonce(nonce);
-
-        return this;
-    }
-
-    /**
-     * Set the sender key identifier for the key used to protect the new message.
-     *
-     * @param kid a key identifier.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setSenderKID(byte[] kid)
-    {
-        hdrBuilder.setSenderKID(kid);
-
-        return this;
-    }
-
-    /**
-     * Set the sender nonce field on the new message.
-     *
-     * @param nonce a NONCE, typically 128 bits of random data.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setSenderNonce(byte[] nonce)
-    {
-        hdrBuilder.setSenderNonce(nonce);
-
-        return this;
-    }
-
-    /**
-     * Set the body for the new message
-     *
-     * @param body the message body.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder setBody(PKIBody body)
-    {
-        this.body = body;
-
-        return this;
-    }
-
-    /**
-     * Add an "extra certificate" to the message.
-     *
-     * @param extraCert the extra certificate to add.
-     * @return the current builder instance.
-     */
-    public ProtectedPKIMessageBuilder addCMPCertificate(X509CertificateHolder extraCert)
-    {
-        extraCerts.add(extraCert);
-
-        return this;
-    }
-
-    /**
-     * Build a protected PKI message which has MAC based integrity protection.
-     *
-     * @param macCalculator MAC calculator.
-     * @return the resulting protected PKI message.
-     * @throws CMPException if the protection MAC cannot be calculated.
-     */
-    public ProtectedPKIMessage build(MacCalculator macCalculator)
-        throws CMPException
-    {
-        finaliseHeader(macCalculator.getAlgorithmIdentifier());
-
-        PKIHeader header = hdrBuilder.build();
-
-        try
-        {
-            DERBitString protection = new DERBitString(calculateMac(macCalculator, header, body));
-
-            return finaliseMessage(header, protection);
-        }
-        catch (IOException e)
-        {
-            throw new CMPException("unable to encode MAC input: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Build a protected PKI message which has MAC based integrity protection.
-     *
-     * @param signer the ContentSigner to be used to calculate the signature.
-     * @return the resulting protected PKI message.
-     * @throws CMPException if the protection signature cannot be calculated.
-     */
-    public ProtectedPKIMessage build(ContentSigner signer)
-        throws CMPException
-    {
-        finaliseHeader(signer.getAlgorithmIdentifier());
-
-        PKIHeader header = hdrBuilder.build();
-        
-        try
-        {
-            DERBitString protection = new DERBitString(calculateSignature(signer, header, body));
-
-            return finaliseMessage(header, protection);
-        }
-        catch (IOException e)
-        {
-            throw new CMPException("unable to encode signature input: " + e.getMessage(), e);
-        }
-    }
-
-    private void finaliseHeader(AlgorithmIdentifier algorithmIdentifier)
-    {
-        hdrBuilder.setProtectionAlg(algorithmIdentifier);
-
-        if (!generalInfos.isEmpty())
-        {
-            InfoTypeAndValue[] genInfos = new InfoTypeAndValue[generalInfos.size()];
-
-            hdrBuilder.setGeneralInfo((InfoTypeAndValue[])generalInfos.toArray(genInfos));
-        }
-    }
-
-    private ProtectedPKIMessage finaliseMessage(PKIHeader header, DERBitString protection)
-    {
-        if (!extraCerts.isEmpty())
-        {
-            CMPCertificate[] cmpCerts = new CMPCertificate[extraCerts.size()];
-
-            for (int i = 0; i != cmpCerts.length; i++)
-            {
-                cmpCerts[i] = new CMPCertificate(((X509CertificateHolder)extraCerts.get(i)).toASN1Structure());
-            }
-
-            return new ProtectedPKIMessage(new PKIMessage(header, body, protection, cmpCerts));
-        }
-        else
-        {
-            return new ProtectedPKIMessage(new PKIMessage(header, body, protection));
-        }
-    }
-
-    private byte[] calculateSignature(ContentSigner signer, PKIHeader header, PKIBody body)
-        throws IOException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(header);
-        v.add(body);
-
-        OutputStream sOut = signer.getOutputStream();
-
-        sOut.write(new DERSequence(v).getDEREncoded());
-
-        sOut.close();
-
-        return signer.getSignature();
-    }
-
-    private byte[] calculateMac(MacCalculator macCalculator, PKIHeader header, PKIBody body)
-        throws IOException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(header);
-        v.add(body);
-
-        OutputStream sOut = macCalculator.getOutputStream();
-
-        sOut.write(new DERSequence(v).getDEREncoded());
-
-        sOut.close();
-
-        return macCalculator.getMac();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetails.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetails.java
deleted file mode 100644
index f382c69c8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetails.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.cmp.RevDetails;
-import org.bouncycastle.asn1.x500.X500Name;
-
-public class RevocationDetails
-{
-    private RevDetails revDetails;
-
-    public RevocationDetails(RevDetails revDetails)
-    {
-        this.revDetails = revDetails;
-    }
-
-    public X500Name getSubject()
-    {
-        return revDetails.getCertDetails().getSubject();
-    }
-
-    public X500Name getIssuer()
-    {
-        return revDetails.getCertDetails().getIssuer();
-    }
-
-    public BigInteger getSerialNumber()
-    {
-        return revDetails.getCertDetails().getSerialNumber().getValue();
-    }
-
-    public RevDetails toASN1Structure()
-    {
-        return revDetails;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetailsBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetailsBuilder.java
deleted file mode 100644
index baf488b1a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/RevocationDetailsBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package org.bouncycastle.cert.cmp;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.cmp.RevDetails;
-import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-public class RevocationDetailsBuilder
-{
-    private CertTemplateBuilder templateBuilder = new CertTemplateBuilder();
-    
-    public RevocationDetailsBuilder setPublicKey(SubjectPublicKeyInfo publicKey)
-    {
-        if (publicKey != null)
-        {
-            templateBuilder.setPublicKey(publicKey);
-        }
-
-        return this;
-    }
-
-    public RevocationDetailsBuilder setIssuer(X500Name issuer)
-    {
-        if (issuer != null)
-        {
-            templateBuilder.setIssuer(issuer);
-        }
-
-        return this;
-    }
-
-    public RevocationDetailsBuilder setSerialNumber(BigInteger serialNumber)
-    {
-        if (serialNumber != null)
-        {
-            templateBuilder.setSerialNumber(new DERInteger(serialNumber));
-        }
-
-        return this;
-    }
-
-    public RevocationDetailsBuilder setSubject(X500Name subject)
-    {
-        if (subject != null)
-        {
-            templateBuilder.setSubject(subject);
-        }
-
-        return this;
-    }
-
-    public RevocationDetails build()
-    {
-        return new RevocationDetails(new RevDetails(templateBuilder.build()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/package.html
deleted file mode 100644
index a58af189b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/cmp/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-Basic support package for handling and creating CMP (RFC 4210) certificate management messages.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java
deleted file mode 100644
index 3cb7f4706..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-
-/**
- * Carrier for an authenticator control.
- */
-public class AuthenticatorControl
-    implements Control
-{
-    private static final ASN1ObjectIdentifier type = CRMFObjectIdentifiers.id_regCtrl_authenticator;
-
-    private final DERUTF8String token;
-
-    /**
-     * Basic constructor - build from a UTF-8 string representing the token.
-     *
-     * @param token UTF-8 string representing the token.
-     */
-    public AuthenticatorControl(DERUTF8String token)
-    {
-        this.token = token;
-    }
-
-    /**
-     * Basic constructor - build from a string representing the token.
-     *
-     * @param token string representing the token.
-     */
-    public AuthenticatorControl(String token)
-    {
-        this.token = new DERUTF8String(token);
-    }
-
-    /**
-     * Return the type of this control.
-     *
-     * @return CRMFObjectIdentifiers.id_regCtrl_authenticator
-     */
-    public ASN1ObjectIdentifier getType()
-    {
-        return type;
-    }
-
-    /**
-     * Return the token associated with this control (a UTF8String).
-     *
-     * @return a UTF8String.
-     */
-    public ASN1Encodable getValue()
-    {
-        return token;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java
deleted file mode 100644
index 8ea6ecdcd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-public class CRMFException
-    extends Exception
-{
-    private Throwable cause;
-
-    public CRMFException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java
deleted file mode 100644
index 89d6a537f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-public class CRMFRuntimeException
-    extends RuntimeException
-{
-    private Throwable cause;
-
-    public CRMFRuntimeException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java
deleted file mode 100644
index dad8f8dc4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEROutputStream;
-
-class CRMFUtil
-{
-    static void derEncodeToStream(ASN1Encodable obj, OutputStream stream)
-    {
-        DEROutputStream dOut = new DEROutputStream(stream);
-
-        try
-        {
-            dOut.writeObject(obj);
-
-            dOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new CRMFRuntimeException("unable to DER encode object: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java
deleted file mode 100644
index b5bb55e0a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java
+++ /dev/null
@@ -1,302 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-import org.bouncycastle.asn1.crmf.CertReqMsg;
-import org.bouncycastle.asn1.crmf.CertTemplate;
-import org.bouncycastle.asn1.crmf.Controls;
-import org.bouncycastle.asn1.crmf.PKIArchiveOptions;
-import org.bouncycastle.asn1.crmf.PKMACValue;
-import org.bouncycastle.asn1.crmf.POPOSigningKey;
-import org.bouncycastle.asn1.crmf.ProofOfPossession;
-import org.bouncycastle.cert.CertIOException;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-/**
- * Carrier for a CRMF CertReqMsg.
- */
-public class CertificateRequestMessage
-{
-    public static final int popRaVerified = ProofOfPossession.TYPE_RA_VERIFIED;
-    public static final int popSigningKey = ProofOfPossession.TYPE_SIGNING_KEY;
-    public static final int popKeyEncipherment = ProofOfPossession.TYPE_KEY_ENCIPHERMENT;
-    public static final int popKeyAgreement = ProofOfPossession.TYPE_KEY_AGREEMENT;
-
-    private final CertReqMsg certReqMsg;
-    private final Controls controls;
-
-    private static CertReqMsg parseBytes(byte[] encoding)
-        throws IOException
-    {
-        try
-        {
-            return CertReqMsg.getInstance(ASN1Object.fromByteArray(encoding));
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Create a CertificateRequestMessage from the passed in bytes.
-     *
-     * @param certReqMsg BER/DER encoding of the CertReqMsg structure.
-     * @throws IOException in the event of corrupted data, or an incorrect structure.
-     */
-    public CertificateRequestMessage(byte[] certReqMsg)
-        throws IOException
-    {
-        this(parseBytes(certReqMsg));
-    }
-
-    public CertificateRequestMessage(CertReqMsg certReqMsg)
-    {
-        this.certReqMsg = certReqMsg;
-        this.controls = certReqMsg.getCertReq().getControls();
-    }
-
-    /**
-     * Return the underlying ASN.1 object defining this CertificateRequestMessage object.
-     *
-     * @return a CertReqMsg.
-     */
-    public CertReqMsg toASN1Structure()
-    {
-        return certReqMsg;
-    }
-
-    /**
-     * Return the certificate template contained in this message.
-     *
-     * @return  a CertTemplate structure.
-     */
-    public CertTemplate getCertTemplate()
-    {
-        return this.certReqMsg.getCertReq().getCertTemplate();
-    }
-
-    /**
-     * Return whether or not this request has control values associated with it.
-     *
-     * @return true if there are control values present, false otherwise.
-     */
-    public boolean hasControls()
-    {
-        return controls != null;
-    }
-
-    /**
-     * Return whether or not this request has a specific type of control value.
-     *
-     * @param type the type OID for the control value we are checking for.
-     * @return true if a control value of type is present, false otherwise.
-     */
-    public boolean hasControl(ASN1ObjectIdentifier type)
-    {
-        return findControl(type) != null;
-    }
-
-    /**
-     * Return a control value of the specified type.
-     *
-     * @param type the type OID for the control value we are checking for.
-     * @return the control value if present, null otherwise.
-     */
-    public Control getControl(ASN1ObjectIdentifier type)
-    {
-        AttributeTypeAndValue found = findControl(type);
-
-        if (found != null)
-        {
-            if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions))
-            {
-                return new PKIArchiveControl(PKIArchiveOptions.getInstance(found.getValue()));
-            }
-            if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_regToken))
-            {
-                return new RegTokenControl(DERUTF8String.getInstance(found.getValue()));
-            }
-            if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_authenticator))
-            {
-                return new AuthenticatorControl(DERUTF8String.getInstance(found.getValue()));
-            }
-        }
-
-        return null;
-    }
-
-    private AttributeTypeAndValue findControl(ASN1ObjectIdentifier type)
-    {
-        if (controls == null)
-        {
-            return null;
-        }
-
-        AttributeTypeAndValue[] tAndVs = controls.toAttributeTypeAndValueArray();
-        AttributeTypeAndValue found = null;
-
-        for (int i = 0; i != tAndVs.length; i++)
-        {
-            if (tAndVs[i].getType().equals(type))
-            {
-                found = tAndVs[i];
-                break;
-            }
-        }
-
-        return found;
-    }
-
-    /**
-     * Return whether or not this request message has a proof-of-possession field in it.
-     *
-     * @return true if proof-of-possession is present, false otherwise.
-     */
-    public boolean hasProofOfPossession()
-    {
-        return this.certReqMsg.getPopo() != null;
-    }
-
-    /**
-     * Return the type of the proof-of-possession this request message provides.
-     *
-     * @return one of: popRaVerified, popSigningKey, popKeyEncipherment, popKeyAgreement
-     */
-    public int getProofOfPossessionType()
-    {
-        return this.certReqMsg.getPopo().getType();
-    }
-
-    /**
-     * Return whether or not the proof-of-possession (POP) is of the type popSigningKey and
-     * it has a public key MAC associated with it.
-     *
-     * @return true if POP is popSigningKey and a PKMAC is present, false otherwise.
-     */
-    public boolean hasSigningKeyProofOfPossessionWithPKMAC()
-    {
-        ProofOfPossession pop = certReqMsg.getPopo();
-
-        if (pop.getType() == popSigningKey)
-        {
-            POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
-
-            return popoSign.getPoposkInput().getPublicKeyMAC() != null;
-        }
-
-        return false;
-    }
-
-    /**
-     * Return whether or not a signing key proof-of-possession (POP) is valid.
-     *
-     * @param verifierProvider a provider that can produce content verifiers for the signature contained in this POP.
-     * @return true if the POP is valid, false otherwise.
-     * @throws CRMFException if there is a problem in verification or content verifier creation.
-     * @throws IllegalStateException if POP not appropriate.
-     */
-    public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider)
-        throws CRMFException, IllegalStateException
-    {
-        ProofOfPossession pop = certReqMsg.getPopo();
-
-        if (pop.getType() == popSigningKey)
-        {
-            POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
-
-            if (popoSign.getPoposkInput().getPublicKeyMAC() != null)
-            {
-                throw new IllegalStateException("verification requires password check");
-            }
-
-            return verifySignature(verifierProvider, popoSign);
-        }
-        else
-        {
-            throw new IllegalStateException("not Signing Key type of proof of possession");
-        }
-    }
-
-    /**
-     * Return whether or not a signing key proof-of-possession (POP), with an associated PKMAC, is valid.
-     *
-     * @param verifierProvider a provider that can produce content verifiers for the signature contained in this POP.
-     * @param macBuilder a suitable PKMACBuilder to create the MAC verifier.
-     * @param password the password used to key the MAC calculation.
-     * @return true if the POP is valid, false otherwise.
-     * @throws CRMFException if there is a problem in verification or content verifier creation.
-     * @throws IllegalStateException if POP not appropriate.
-     */
-    public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider, PKMACBuilder macBuilder, char[] password)
-        throws CRMFException, IllegalStateException
-    {
-        ProofOfPossession pop = certReqMsg.getPopo();
-
-        if (pop.getType() == popSigningKey)
-        {
-            POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject());
-
-            if (popoSign.getPoposkInput().getSender() != null)
-            {
-                throw new IllegalStateException("no PKMAC present in proof of possession");
-            }
-
-            PKMACValue pkMAC = popoSign.getPoposkInput().getPublicKeyMAC();
-            PKMACValueVerifier macVerifier = new PKMACValueVerifier(macBuilder);
-
-            if (macVerifier.isValid(pkMAC, password, this.getCertTemplate().getPublicKey()))
-            {
-                return verifySignature(verifierProvider, popoSign);
-            }
-
-            return false;
-        }
-        else
-        {
-            throw new IllegalStateException("not Signing Key type of proof of possession");
-        }
-    }
-
-    private boolean verifySignature(ContentVerifierProvider verifierProvider, POPOSigningKey popoSign)
-        throws CRMFException
-    {
-        ContentVerifier verifier;
-
-        try
-        {
-            verifier = verifierProvider.get(popoSign.getAlgorithmIdentifier());
-        }
-        catch (OperatorCreationException e)
-        {
-            throw new CRMFException("unable to create verifier: " + e.getMessage(), e);
-        }
-
-        CRMFUtil.derEncodeToStream(popoSign.getPoposkInput(), verifier.getOutputStream());
-
-        return verifier.verify(popoSign.getSignature().getBytes());
-    }
-
-    /**
-     * Return the ASN.1 encoding of the certReqMsg we wrap.
-     *
-     * @return a byte array containing the binary encoding of the certReqMsg.
-     * @throws IOException if there is an exception creating the encoding.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return certReqMsg.getEncoded();
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java
deleted file mode 100644
index e3688570e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java
+++ /dev/null
@@ -1,238 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
-import org.bouncycastle.asn1.crmf.CertReqMsg;
-import org.bouncycastle.asn1.crmf.CertRequest;
-import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
-import org.bouncycastle.asn1.crmf.POPOPrivKey;
-import org.bouncycastle.asn1.crmf.ProofOfPossession;
-import org.bouncycastle.asn1.crmf.SubsequentMessage;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.operator.ContentSigner;
-
-public class CertificateRequestMessageBuilder
-{
-    private final BigInteger certReqId;
-
-    private X509ExtensionsGenerator extGenerator;
-    private CertTemplateBuilder templateBuilder;
-    private List controls;
-    private ContentSigner popSigner;
-    private PKMACBuilder pkmacBuilder;
-    private char[] password;
-    private GeneralName sender;
-    private POPOPrivKey popoPrivKey;
-    private ASN1Null popRaVerified;
-
-    public CertificateRequestMessageBuilder(BigInteger certReqId)
-    {
-        this.certReqId = certReqId;
-
-        this.extGenerator = new X509ExtensionsGenerator();
-        this.templateBuilder = new CertTemplateBuilder();
-        this.controls = new ArrayList();
-    }
-
-    public CertificateRequestMessageBuilder setPublicKey(SubjectPublicKeyInfo publicKey)
-    {
-        if (publicKey != null)
-        {
-            templateBuilder.setPublicKey(publicKey);
-        }
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setIssuer(X500Name issuer)
-    {
-        if (issuer != null)
-        {
-            templateBuilder.setIssuer(issuer);
-        }
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setSubject(X500Name subject)
-    {
-        if (subject != null)
-        {
-            templateBuilder.setSubject(subject);
-        }
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setSerialNumber(BigInteger serialNumber)
-    {
-        if (serialNumber != null)
-        {
-            templateBuilder.setSerialNumber(new ASN1Integer(serialNumber));
-        }
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean              critical,
-        ASN1Encodable        value)
-    {
-        extGenerator.addExtension(oid, critical,  value);
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean              critical,
-        byte[]               value)
-    {
-        extGenerator.addExtension(oid, critical, value);
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder addControl(Control control)
-    {
-        controls.add(control);
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setProofOfPossessionSigningKeySigner(ContentSigner popSigner)
-    {
-        if (popoPrivKey != null || popRaVerified != null)
-        {
-            throw new IllegalStateException("only one proof of possession allowed");
-        }
-
-        this.popSigner = popSigner;
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setProofOfPossessionSubsequentMessage(SubsequentMessage msg)
-    {
-        if (popSigner != null || popRaVerified != null)
-        {
-            throw new IllegalStateException("only one proof of possession allowed");
-        }
-
-        this.popoPrivKey = new POPOPrivKey(msg);
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setProofOfPossessionRaVerified()
-    {
-        if (popSigner != null || popoPrivKey != null)
-        {
-            throw new IllegalStateException("only one proof of possession allowed");
-        }
-
-        this.popRaVerified = DERNull.INSTANCE;
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setAuthInfoPKMAC(PKMACBuilder pkmacBuilder, char[] password)
-    {
-        this.pkmacBuilder = pkmacBuilder;
-        this.password = password;
-
-        return this;
-    }
-
-    public CertificateRequestMessageBuilder setAuthInfoSender(X500Name sender)
-    {
-        return setAuthInfoSender(new GeneralName(sender));
-    }
-
-    public CertificateRequestMessageBuilder setAuthInfoSender(GeneralName sender)
-    {
-        this.sender = sender;
-
-        return this;
-    }
-
-    public CertificateRequestMessage build()
-        throws CRMFException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(new DERInteger(certReqId));
-
-        if (!extGenerator.isEmpty())
-        {
-            templateBuilder.setExtensions(extGenerator.generate());
-        }
-
-        v.add(templateBuilder.build());
-
-        if (!controls.isEmpty())
-        {
-            ASN1EncodableVector controlV = new ASN1EncodableVector();
-
-            for (Iterator it = controls.iterator(); it.hasNext();)
-            {
-                Control control = (Control)it.next();
-
-                controlV.add(new AttributeTypeAndValue(control.getType(), control.getValue()));
-            }
-
-            v.add(new DERSequence(controlV));
-        }
-
-        CertRequest request = CertRequest.getInstance(new DERSequence(v));
-
-        v = new ASN1EncodableVector();
-
-        v.add(request);
-
-        if (popSigner != null)
-        {
-            SubjectPublicKeyInfo pubKeyInfo = request.getCertTemplate().getPublicKey();
-            ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo);
-
-            if (sender != null)
-            {
-                builder.setSender(sender);
-            }
-            else
-            {
-                PKMACValueGenerator pkmacGenerator = new PKMACValueGenerator(pkmacBuilder);
-
-                builder.setPublicKeyMac(pkmacGenerator, password);
-            }
-
-            v.add(new ProofOfPossession(builder.build(popSigner)));
-        }
-        else if (popoPrivKey != null)
-        {
-            v.add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, popoPrivKey));
-        }
-        else if (popRaVerified != null)
-        {
-            v.add(new ProofOfPossession());
-        }
-
-        return new CertificateRequestMessage(CertReqMsg.getInstance(new DERSequence(v)));
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/Control.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/Control.java
deleted file mode 100644
index f86f8a0f1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/Control.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-/**
- * Generic interface for a CertificateRequestMessage control value.
- */
-public interface Control
-{
-    /**
-     * Return the type of this control.
-     *
-     * @return an ASN1ObjectIdentifier representing the type.
-     */
-    ASN1ObjectIdentifier getType();
-
-    /**
-     * Return the value contained in this control object.
-     *
-     * @return the value of the control.
-     */
-    ASN1Encodable getValue();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java
deleted file mode 100644
index 55187b5b8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java
+++ /dev/null
@@ -1,133 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.crmf.EncryptedValue;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.KeyWrapper;
-import org.bouncycastle.operator.OperatorException;
-import org.bouncycastle.operator.OutputEncryptor;
-import org.bouncycastle.util.Strings;
-
-/**
- * Builder for EncryptedValue structures.
- */
-public class EncryptedValueBuilder
-{
-    private KeyWrapper wrapper;
-    private OutputEncryptor encryptor;
-    private EncryptedValuePadder padder;
-
-    /**
-     * Create a builder that makes EncryptedValue structures.
-     *
-     * @param wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue.
-     * @param encryptor  an output encryptor to encrypt the actual data contained in the EncryptedValue. 
-     */
-    public EncryptedValueBuilder(KeyWrapper wrapper, OutputEncryptor encryptor)
-    {
-        this(wrapper, encryptor, null);
-    }
-
-    /**
-     * Create a builder that makes EncryptedValue structures with fixed length blocks padded using the passed in padder.
-     *
-     * @param wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue.
-     * @param encryptor  an output encryptor to encrypt the actual data contained in the EncryptedValue.
-     * @param padder a padder to ensure that the EncryptedValue created will always be a constant length.
-     */
-    public EncryptedValueBuilder(KeyWrapper wrapper, OutputEncryptor encryptor, EncryptedValuePadder padder)
-    {
-        this.wrapper = wrapper;
-        this.encryptor = encryptor;
-        this.padder = padder;
-    }
-
-    /**
-     * Build an EncryptedValue structure containing the passed in pass phrase.
-     *
-     * @param revocationPassphrase  a revocation pass phrase.
-     * @return an EncryptedValue containing the encrypted pass phrase.
-     * @throws CRMFException on a failure to encrypt the data, or wrap the symmetric key for this value.
-     */
-    public EncryptedValue build(char[] revocationPassphrase)
-        throws CRMFException
-    {
-        return encryptData(padData(Strings.toUTF8ByteArray(revocationPassphrase)));
-    }
-
-    /**
-     * Build an EncryptedValue structure containing the certificate contained in
-     * the passed in holder.
-     *
-     * @param holder  a holder containing a certificate.
-     * @return an EncryptedValue containing the encrypted certificate.
-     * @throws CRMFException on a failure to encrypt the data, or wrap the symmetric key for this value.
-     */
-    public EncryptedValue build(X509CertificateHolder holder)
-        throws CRMFException
-    {
-        try
-        {
-            return encryptData(padData(holder.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new CRMFException("cannot encode certificate: " + e.getMessage(), e);
-        }
-    }
-
-    private EncryptedValue encryptData(byte[] data)
-       throws CRMFException
-    {
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-        OutputStream eOut = encryptor.getOutputStream(bOut);
-
-        try
-        {
-            eOut.write(data);
-
-            eOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new CRMFException("cannot process data: " + e.getMessage(), e);
-        }
-
-        AlgorithmIdentifier intendedAlg = null;
-        AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier();
-        DERBitString encSymmKey;
-
-        try
-        {
-            wrapper.generateWrappedKey(encryptor.getKey());
-            encSymmKey = new DERBitString(wrapper.generateWrappedKey(encryptor.getKey()));
-        }
-        catch (OperatorException e)
-        {
-            throw new CRMFException("cannot wrap key: " + e.getMessage(), e);
-        }
-
-        AlgorithmIdentifier keyAlg = wrapper.getAlgorithmIdentifier();
-        ASN1OctetString valueHint = null;
-        DERBitString encValue = new DERBitString(bOut.toByteArray());
-
-        return new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, encValue);
-    }
-
-    private byte[] padData(byte[] data)
-    {
-        if (padder != null)
-        {
-            return padder.getPaddedData(data);
-        }
-
-        return data;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java
deleted file mode 100644
index 41ca86680..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-/**
- * An encrypted value padder is used to make sure that prior to a value been
- * encrypted the data is padded to a standard length.
- */
-public interface EncryptedValuePadder
-{
-    /**
-     * Return a byte array of padded data.
-     *
-     * @param data the data to be padded.
-     * @return a padded byte array containing data.
-     */
-    byte[] getPaddedData(byte[] data);
-
-    /**
-     * Return a byte array of with padding removed.
-     *
-     * @param paddedData the data to be padded.
-     * @return an array containing the original unpadded data.
-     */
-    byte[] getUnpaddedData(byte[] paddedData);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java
deleted file mode 100644
index 27b6b923b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java
+++ /dev/null
@@ -1,103 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.crmf.EncryptedValue;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.InputDecryptor;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.io.Streams;
-
-/**
- * Parser for EncryptedValue structures.
- */
-public class EncryptedValueParser
-{
-    private EncryptedValue value;
-    private EncryptedValuePadder padder;
-
-    /**
-     * Basic constructor - create a parser to read the passed in value.
-     *
-     * @param value the value to be parsed.
-     */
-    public EncryptedValueParser(EncryptedValue value)
-    {
-        this.value = value;
-    }
-
-    /**
-     * Create a parser to read the passed in value, assuming the padder was
-     * applied to the data prior to encryption.
-     *
-     * @param value  the value to be parsed.
-     * @param padder the padder to be used to remove padding from the decrypted value..
-     */
-    public EncryptedValueParser(EncryptedValue value, EncryptedValuePadder padder)
-    {
-        this.value = value;
-        this.padder = padder;
-    }
-
-    private byte[] decryptValue(ValueDecryptorGenerator decGen)
-        throws CRMFException
-    {
-        if (value.getIntendedAlg() != null)
-        {
-            throw new UnsupportedOperationException();
-        }
-        if (value.getValueHint() != null)
-        {
-            throw new UnsupportedOperationException();
-        }
-
-        InputDecryptor decryptor = decGen.getValueDecryptor(value.getKeyAlg(),
-            value.getSymmAlg(), value.getEncSymmKey().getBytes());
-        InputStream dataIn = decryptor.getInputStream(new ByteArrayInputStream(
-            value.getEncValue().getBytes()));
-        try
-        {
-            byte[] data = Streams.readAll(dataIn);
-
-            if (padder != null)
-            {
-                return padder.getUnpaddedData(data);
-            }
-            
-            return data;
-        }
-        catch (IOException e)
-        {
-            throw new CRMFException("Cannot parse decrypted data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Read a X.509 certificate.
-     *
-     * @param decGen the decryptor generator to decrypt the encrypted value.
-     * @return an X509CertificateHolder containing the certificate read.
-     * @throws CRMFException if the decrypted data cannot be parsed, or a decryptor cannot be generated.
-     */
-    public X509CertificateHolder readCertificateHolder(ValueDecryptorGenerator decGen)
-        throws CRMFException
-    {
-        return new X509CertificateHolder(X509CertificateStructure.getInstance(decryptValue(decGen)));
-    }
-
-    /**
-     * Read a pass phrase.
-     *
-     * @param decGen the decryptor generator to decrypt the encrypted value.
-     * @return a pass phrase as recovered from the encrypted value.
-     * @throws CRMFException if the decrypted data cannot be parsed, or a decryptor cannot be generated.
-     */
-    public char[] readPassphrase(ValueDecryptorGenerator decGen)
-        throws CRMFException
-    {
-        return Strings.fromUTF8ByteArray(decryptValue(decGen)).toCharArray();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java
deleted file mode 100644
index 673ff8573..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java
+++ /dev/null
@@ -1,122 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.generators.MGF1BytesGenerator;
-import org.bouncycastle.crypto.params.MGFParameters;
-
-/**
- * An encrypted value padder that uses MGF1 as the basis of the padding.
- */
-public class FixedLengthMGF1Padder
-    implements EncryptedValuePadder
-{
-    private int length;
-    private SecureRandom random;
-    private Digest dig = new SHA1Digest();
-
-    /**
-     * Create a padder to so that padded output will always be at least
-     * length bytes long.
-     *
-     * @param length fixed length for padded output.
-     */
-    public FixedLengthMGF1Padder(int length)
-    {
-        this(length, null);
-    }
-
-    /**
-     * Create a padder to so that padded output will always be at least
-     * length bytes long, using the passed in source of randomness to
-     * provide the random material for the padder.
-     *
-     * @param length fixed length for padded output.
-     * @param random a source of randomness.
-     */
-    public FixedLengthMGF1Padder(int length, SecureRandom random)
-    {
-        this.length = length;
-        this.random = random;
-    }
-
-    public byte[] getPaddedData(byte[] data)
-    {
-        byte[] bytes = new byte[length];
-        byte[] seed = new byte[dig.getDigestSize()];
-        byte[] mask = new byte[length - dig.getDigestSize()];
-
-        if (random == null)
-        {
-            random = new SecureRandom();
-        }
-
-        random.nextBytes(seed);
-
-        MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig);
-
-        maskGen.init(new MGFParameters(seed));
-
-        maskGen.generateBytes(mask, 0, mask.length);
-
-        System.arraycopy(seed, 0, bytes, 0, seed.length);
-        System.arraycopy(data, 0, bytes, seed.length, data.length);
-
-        for (int i = seed.length + data.length + 1; i != bytes.length; i++)
-        {
-            byte b = (byte)random.nextInt();
-
-            bytes[i] = (b == 0) ? 1 : b;
-        }
-        
-        for (int i = 0; i != mask.length; i++)
-        {
-            bytes[i + seed.length] ^= mask[i];
-        }
-
-        return bytes;
-    }
-
-    public byte[] getUnpaddedData(byte[] paddedData)
-    {
-        byte[] seed = new byte[dig.getDigestSize()];
-        byte[] mask = new byte[length - dig.getDigestSize()];
-
-        System.arraycopy(paddedData, 0, seed, 0, seed.length);
-
-        MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig);
-
-        maskGen.init(new MGFParameters(seed));
-
-        maskGen.generateBytes(mask, 0, mask.length);
-
-        for (int i = 0; i != mask.length; i++)
-        {
-            paddedData[i + seed.length] ^= mask[i];
-        }
-
-        int end = 0;
-
-        for (int i = paddedData.length - 1; i != seed.length; i--)
-        {
-            if (paddedData[i] == 0)
-            {
-                end = i;
-                break;
-            }
-        }
-
-        if (end == 0)
-        {
-            throw new IllegalStateException("bad padding in encoding");
-        }
-
-        byte[] data = new byte[end - seed.length];
-
-        System.arraycopy(paddedData, seed.length, data, 0, data.length);
-
-        return data;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java
deleted file mode 100644
index 727677c5a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.EnvelopedData;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-import org.bouncycastle.asn1.crmf.EncryptedKey;
-import org.bouncycastle.asn1.crmf.PKIArchiveOptions;
-import org.bouncycastle.cms.CMSEnvelopedData;
-
-/**
- * Carrier for a PKIArchiveOptions structure.
- */
-public class PKIArchiveControl
-    implements Control
-{
-    public static final int encryptedPrivKey = PKIArchiveOptions.encryptedPrivKey;
-    public static final int keyGenParameters = PKIArchiveOptions.keyGenParameters;
-    public static final int archiveRemGenPrivKey = PKIArchiveOptions.archiveRemGenPrivKey;
-
-    private static final ASN1ObjectIdentifier type = CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions;
-
-    private final PKIArchiveOptions pkiArchiveOptions;
-
-    /**
-     * Basic constructor - build from an PKIArchiveOptions structure.
-     *
-     * @param pkiArchiveOptions  the ASN.1 structure that will underlie this control.
-     */
-    public PKIArchiveControl(PKIArchiveOptions pkiArchiveOptions)
-    {
-        this.pkiArchiveOptions = pkiArchiveOptions;
-    }
-
-    /**
-     * Return the type of this control.
-     *
-     * @return CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions
-     */
-    public ASN1ObjectIdentifier getType()
-    {
-        return type;
-    }
-
-    /**
-     * Return the underlying ASN.1 object.
-     *
-     * @return a PKIArchiveOptions structure.
-     */
-    public ASN1Encodable getValue()
-    {
-        return pkiArchiveOptions;
-    }
-
-    /**
-     * Return the archive control type, one of: encryptedPrivKey,keyGenParameters,or archiveRemGenPrivKey.
-     *
-     * @return the archive control type.
-     */
-    public int getArchiveType()
-    {
-        return pkiArchiveOptions.getType();
-    }
-
-    /**
-     * Return whether this control contains enveloped data.
-     *
-     * @return true if the control contains enveloped data, false otherwise.
-     */
-    public boolean isEnvelopedData()
-    {
-        EncryptedKey encKey = EncryptedKey.getInstance(pkiArchiveOptions.getValue());
-
-        return !encKey.isEncryptedValue();
-    }
-
-    /**
-     * Return the enveloped data structure contained in this control.
-     *
-     * @return a CMSEnvelopedData object.
-     */
-    public CMSEnvelopedData getEnvelopedData()
-    {
-        EncryptedKey encKey = EncryptedKey.getInstance(pkiArchiveOptions.getValue());
-        EnvelopedData data = EnvelopedData.getInstance(encKey.getValue());
-        
-        return new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.envelopedData, data));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java
deleted file mode 100644
index 1d68d5ded..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.cms.EnvelopedData;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-import org.bouncycastle.asn1.crmf.EncKeyWithID;
-import org.bouncycastle.asn1.crmf.EncryptedKey;
-import org.bouncycastle.asn1.crmf.PKIArchiveOptions;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.RecipientInfoGenerator;
-import org.bouncycastle.operator.OutputEncryptor;
-
-/**
- * Builder for a PKIArchiveControl structure.
- */
-public class PKIArchiveControlBuilder
-{
-    private CMSEnvelopedDataGenerator envGen;
-    private CMSProcessableByteArray keyContent;
-
-    /**
-     * Basic constructor - specify the contents of the PKIArchiveControl structure.
-     *
-     * @param privateKeyInfo the private key to be archived.
-     * @param generalName the general name to be associated with the private key.
-     */
-    public PKIArchiveControlBuilder(PrivateKeyInfo privateKeyInfo, GeneralName generalName)
-    {
-        EncKeyWithID encKeyWithID = new EncKeyWithID(privateKeyInfo, generalName);
-
-        try
-        {
-            this.keyContent = new CMSProcessableByteArray(CRMFObjectIdentifiers.id_ct_encKeyWithID, encKeyWithID.getEncoded());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("unable to encode key and general name info");
-        }
-
-        this.envGen = new CMSEnvelopedDataGenerator();
-    }
-
-    /**
-     * Add a recipient generator to this control.
-     *
-     * @param recipientGen recipient generator created for a specific recipient.
-     * @return this builder object.
-     */
-    public PKIArchiveControlBuilder addRecipientGenerator(RecipientInfoGenerator recipientGen)
-    {
-        envGen.addRecipientInfoGenerator(recipientGen);
-
-        return this;
-    }
-
-    /**
-     * Build the PKIArchiveControl using the passed in encryptor to encrypt its contents.
-     *
-     * @param contentEncryptor a suitable content encryptor.
-     * @return a PKIArchiveControl object.
-     * @throws CMSException in the event the build fails.
-     */
-    public PKIArchiveControl build(OutputEncryptor contentEncryptor)
-        throws CMSException
-    {
-        CMSEnvelopedData envContent = envGen.generate(keyContent, contentEncryptor);
-
-        EnvelopedData envD = EnvelopedData.getInstance(envContent.getContentInfo().getContent());
-
-        return new PKIArchiveControl(new PKIArchiveOptions(new EncryptedKey(envD)));
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java
deleted file mode 100644
index 8d024c591..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java
+++ /dev/null
@@ -1,199 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.security.SecureRandom;
-
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
-import org.bouncycastle.asn1.cmp.PBMParameter;
-import org.bouncycastle.asn1.iana.IANAObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-import org.bouncycastle.operator.RuntimeOperatorException;
-import org.bouncycastle.util.Strings;
-
-public class PKMACBuilder
-{
-    private AlgorithmIdentifier owf;
-    private int iterationCount;
-    private AlgorithmIdentifier mac;
-    private int saltLength = 20;
-    private SecureRandom random;
-    private PKMACValuesCalculator calculator;
-    private PBMParameter parameters;
-    private int maxIterations;
-
-    public PKMACBuilder(PKMACValuesCalculator calculator)
-    {
-        this(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1), 1000, new AlgorithmIdentifier(IANAObjectIdentifiers.hmacSHA1, DERNull.INSTANCE), calculator);
-    }
-
-    /**
-     * Create a PKMAC builder enforcing a ceiling on the maximum iteration count.
-     *
-     * @param calculator     supporting calculator
-     * @param maxIterations  max allowable value for iteration count.
-     */
-    public PKMACBuilder(PKMACValuesCalculator calculator, int maxIterations)
-    {
-        this.maxIterations = maxIterations;
-        this.calculator = calculator;
-    }
-
-    private PKMACBuilder(AlgorithmIdentifier hashAlgorithm, int iterationCount, AlgorithmIdentifier macAlgorithm, PKMACValuesCalculator calculator)
-    {
-        this.owf = hashAlgorithm;
-        this.iterationCount = iterationCount;
-        this.mac = macAlgorithm;
-        this.calculator = calculator;
-    }
-
-    /**
-     * Set the salt length in octets.
-     *
-     * @param saltLength length in octets of the salt to be generated.
-     * @return the generator
-     */
-    public PKMACBuilder setSaltLength(int saltLength)
-    {
-        if (saltLength < 8)
-        {
-            throw new IllegalArgumentException("salt length must be at least 8 bytes");
-        }
-
-        this.saltLength = saltLength;
-
-        return this;
-    }
-
-    public PKMACBuilder setIterationCount(int iterationCount)
-    {
-        if (iterationCount < 100)
-        {
-            throw new IllegalArgumentException("iteration count must be at least 100");
-        }
-        checkIterationCountCeiling(iterationCount);
-
-        this.iterationCount = iterationCount;
-
-        return this;
-    }
-
-    public PKMACBuilder setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public PKMACBuilder setParameters(PBMParameter parameters)
-    {
-        checkIterationCountCeiling(parameters.getIterationCount().getValue().intValue());
-
-        this.parameters = parameters;
-
-        return this;
-    }
-
-    public MacCalculator build(char[] password)
-        throws CRMFException
-    {
-        if (parameters != null)
-        {
-            return genCalculator(parameters, password);
-        }
-        else
-        {
-            byte[] salt = new byte[saltLength];
-
-            if (random == null)
-            {
-                this.random = new SecureRandom();
-            }
-
-            random.nextBytes(salt);
-
-            return genCalculator(new PBMParameter(salt, owf, iterationCount, mac), password);
-        }
-    }
-
-    private void checkIterationCountCeiling(int iterationCount)
-    {
-        if (maxIterations > 0 && iterationCount > maxIterations)
-        {
-            throw new IllegalArgumentException("iteration count exceeds limit (" + iterationCount + " > " + maxIterations + ")");
-        }
-    }
-
-    private MacCalculator genCalculator(final PBMParameter params, char[] password)
-        throws CRMFException
-    {
-        // From RFC 4211
-        //
-        //   1.  Generate a random salt value S
-        //
-        //   2.  Append the salt to the pw.  K = pw || salt.
-        //
-        //   3.  Hash the value of K.  K = HASH(K)
-        //
-        //   4.  Iter = Iter - 1.  If Iter is greater than zero.  Goto step 3.
-        //
-        //   5.  Compute an HMAC as documented in [HMAC].
-        //
-        //       MAC = HASH( K XOR opad, HASH( K XOR ipad, data) )
-        //
-        //       Where opad and ipad are defined in [HMAC].
-        byte[] pw = Strings.toUTF8ByteArray(password);
-        byte[] salt = params.getSalt().getOctets();
-        byte[] K = new byte[pw.length + salt.length];
-
-        System.arraycopy(pw, 0, K, 0, pw.length);
-        System.arraycopy(salt, 0, K, pw.length, salt.length);
-
-        calculator.setup(params.getOwf(), params.getMac());
-
-        int iter = params.getIterationCount().getValue().intValue();
-        do
-        {
-            K = calculator.calculateDigest(K);
-        }
-        while (--iter > 0);
-
-        final byte[] key = K;
-
-        return new MacCalculator()
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return new AlgorithmIdentifier(CMPObjectIdentifiers.passwordBasedMac, params);
-            }
-
-            public GenericKey getKey()
-            {
-                return new GenericKey(key);
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return bOut;
-            }
-
-            public byte[] getMac()
-            {
-                try
-                {
-                    return calculator.calculateMac(key, bOut.toByteArray());
-                }
-                catch (CRMFException e)
-                {
-                    throw new RuntimeOperatorException("exception calculating mac: " + e.getMessage(), e);
-                }
-            }
-        };
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java
deleted file mode 100644
index ea3d3efba..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.crmf.PKMACValue;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.MacCalculator;
-
-class PKMACValueGenerator
-{
-    private PKMACBuilder builder;
-
-    public PKMACValueGenerator(PKMACBuilder builder)
-    {
-        this.builder = builder;
-    }
-
-    public PKMACValue generate(char[] password, SubjectPublicKeyInfo keyInfo)
-        throws CRMFException
-    {
-        MacCalculator calculator = builder.build(password);
-
-        OutputStream macOut = calculator.getOutputStream();
-
-        try
-        {
-            macOut.write(keyInfo.getDEREncoded());
-
-            macOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new CRMFException("exception encoding mac input: " + e.getMessage(), e);
-        }
-
-        return new PKMACValue(calculator.getAlgorithmIdentifier(), new DERBitString(calculator.getMac()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java
deleted file mode 100644
index b89bd7453..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.cmp.PBMParameter;
-import org.bouncycastle.asn1.crmf.PKMACValue;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.MacCalculator;
-import org.bouncycastle.util.Arrays;
-
-class PKMACValueVerifier
-{
-    private final PKMACBuilder builder;
-
-    public PKMACValueVerifier(PKMACBuilder builder)
-    {
-        this.builder = builder;
-    }
-
-    public boolean isValid(PKMACValue value, char[] password, SubjectPublicKeyInfo keyInfo)
-        throws CRMFException
-    {
-        builder.setParameters(PBMParameter.getInstance(value.getAlgId().getParameters()));
-        MacCalculator calculator = builder.build(password);
-
-        OutputStream macOut = calculator.getOutputStream();
-
-        try
-        {
-            macOut.write(keyInfo.getDEREncoded());
-
-            macOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new CRMFException("exception encoding mac input: " + e.getMessage(), e);
-        }
-
-        return Arrays.areEqual(calculator.getMac(), value.getValue().getBytes());
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java
deleted file mode 100644
index 2813b6c09..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface PKMACValuesCalculator
-{
-    void setup(AlgorithmIdentifier digestAlg, AlgorithmIdentifier macAlg)
-        throws CRMFException;
-
-    byte[] calculateDigest(byte[] data)
-        throws CRMFException;
-
-    byte[] calculateMac(byte[] pwd, byte[] data)
-        throws CRMFException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java
deleted file mode 100644
index bce1c57fb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.crmf.PKMACValue;
-import org.bouncycastle.asn1.crmf.POPOSigningKey;
-import org.bouncycastle.asn1.crmf.POPOSigningKeyInput;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.ContentSigner;
-
-public class ProofOfPossessionSigningKeyBuilder
-{
-    private SubjectPublicKeyInfo pubKeyInfo;
-    private GeneralName name;
-    private PKMACValue publicKeyMAC;
-
-    public ProofOfPossessionSigningKeyBuilder(SubjectPublicKeyInfo pubKeyInfo)
-    {
-        this.pubKeyInfo = pubKeyInfo;
-    }
-
-    public ProofOfPossessionSigningKeyBuilder setSender(GeneralName name)
-    {
-        this.name = name;
-
-        return this;
-    }
-
-    public ProofOfPossessionSigningKeyBuilder setPublicKeyMac(PKMACValueGenerator generator, char[] password)
-        throws CRMFException
-    {
-        this.publicKeyMAC = generator.generate(password, pubKeyInfo);
-
-        return this;
-    }
-
-    public POPOSigningKey build(ContentSigner signer)
-    {
-        if (name != null && publicKeyMAC != null)
-        {
-            throw new IllegalStateException("name and publicKeyMAC cannot both be set.");
-        }
-
-        POPOSigningKeyInput popo;
-
-        if (name != null)
-        {
-            popo = new POPOSigningKeyInput(name, pubKeyInfo);
-        }
-        else
-        {
-            popo = new POPOSigningKeyInput(publicKeyMAC, pubKeyInfo);
-        }
-
-        CRMFUtil.derEncodeToStream(popo, signer.getOutputStream());
-
-        return new POPOSigningKey(popo, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java
deleted file mode 100644
index 81af172ca..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-
-/**
- * Carrier for a registration token control.
- */
-public class RegTokenControl
-    implements Control
-{
-    private static final ASN1ObjectIdentifier type = CRMFObjectIdentifiers.id_regCtrl_regToken;
-
-    private final DERUTF8String token;
-
-    /**
-     * Basic constructor - build from a UTF-8 string representing the token.
-     *
-     * @param token UTF-8 string representing the token.
-     */
-    public RegTokenControl(DERUTF8String token)
-    {
-        this.token = token;
-    }
-
-    /**
-     * Basic constructor - build from a string representing the token.
-     *
-     * @param token string representing the token.
-     */
-    public RegTokenControl(String token)
-    {
-        this.token = new DERUTF8String(token);
-    }
-
-    /**
-     * Return the type of this control.
-     *
-     * @return CRMFObjectIdentifiers.id_regCtrl_regToken
-     */
-    public ASN1ObjectIdentifier getType()
-    {
-        return type;
-    }
-
-    /**
-     * Return the token associated with this control (a UTF8String).
-     *
-     * @return a UTF8String.
-     */
-    public ASN1Encodable getValue()
-    {
-        return token;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java
deleted file mode 100644
index 7125f56fb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.cert.crmf;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.InputDecryptor;
-
-public interface ValueDecryptorGenerator
-{
-    InputDecryptor getValueDecryptor(AlgorithmIdentifier keyAlg, AlgorithmIdentifier symmAlg, byte[] encKey)
-        throws CRMFException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java
deleted file mode 100644
index e38cfb356..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java
+++ /dev/null
@@ -1,450 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.io.IOException;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.InvalidParameterSpecException;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.iana.IANAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.cert.crmf.CRMFException;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.jcajce.JcaJceHelper;
-
-class CRMFHelper
-{
-    protected static final Map BASE_CIPHER_NAMES = new HashMap();
-    protected static final Map CIPHER_ALG_NAMES = new HashMap();
-    protected static final Map DIGEST_ALG_NAMES = new HashMap();
-    protected static final Map KEY_ALG_NAMES = new HashMap();
-    protected static final Map MAC_ALG_NAMES = new HashMap();
-
-    static
-    {
-        BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.des_EDE3_CBC,  "DESEDE");
-        BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes128_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes192_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes256_CBC,  "AES");
-        
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC,  "DESEDE/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()), "RSA/ECB/PKCS1Padding");
-        
-        DIGEST_ALG_NAMES.put(OIWObjectIdentifiers.idSHA1, "SHA1");
-        DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha224, "SHA224");
-        DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha256, "SHA256");
-        DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha384, "SHA384");
-        DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha512, "SHA512");
-
-        MAC_ALG_NAMES.put(IANAObjectIdentifiers.hmacSHA1, "HMACSHA1");
-        MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA1, "HMACSHA1");
-        MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA224, "HMACSHA224");
-        MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA256, "HMACSHA256");
-        MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA384, "HMACSHA384");
-        MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA512, "HMACSHA512");
-
-        KEY_ALG_NAMES.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
-        KEY_ALG_NAMES.put(X9ObjectIdentifiers.id_dsa, "DSA");
-    }
-
-    private JcaJceHelper helper;
-
-    CRMFHelper(JcaJceHelper helper)
-    {
-        this.helper = helper;
-    }
-
-    PublicKey toPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo)
-        throws CRMFException
-    {
-        X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes());
-        AlgorithmIdentifier keyAlg = subjectPublicKeyInfo.getAlgorithmId();
-
-        try
-        {
-            return createKeyFactory(keyAlg.getAlgorithm()).generatePublic(xspec);
-        }
-        catch (InvalidKeySpecException e)
-        {
-            throw new CRMFException("invalid key: " + e.getMessage(), e);
-        }
-    }
-
-    Cipher createCipher(ASN1ObjectIdentifier algorithm)
-        throws CRMFException
-    {
-        try
-        {
-            String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createCipher(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createCipher(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-    
-    public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm)
-        throws CRMFException
-    {
-        try
-        {
-            String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createKeyGenerator(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createKeyGenerator(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("cannot create key generator: " + e.getMessage(), e);
-        }
-    }
-    
-    Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID)
-        throws CRMFException
-    {
-        return (Cipher)execute(new JCECallback()
-        {
-            public Object doInJCE()
-                throws CRMFException, InvalidAlgorithmParameterException,
-                InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException,
-                NoSuchPaddingException, NoSuchProviderException
-            {
-                Cipher cipher = createCipher(encryptionAlgID.getAlgorithm());
-                ASN1Object sParams = (ASN1Object)encryptionAlgID.getParameters();
-                String encAlg = encryptionAlgID.getAlgorithm().getId();
-
-                if (sParams != null && !(sParams instanceof ASN1Null))
-                {
-                    try
-                    {
-                        AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm());
-
-                        try
-                        {
-                            params.init(sParams.getEncoded(), "ASN.1");
-                        }
-                        catch (IOException e)
-                        {
-                            throw new CRMFException("error decoding algorithm parameters.", e);
-                        }
-
-                        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
-                    }
-                    catch (NoSuchAlgorithmException e)
-                    {
-                        if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC))
-                        {
-                            cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(
-                                ASN1OctetString.getInstance(sParams).getOctets()));
-                        }
-                        else
-                        {
-                            throw e;
-                        }
-                    }
-                }
-                else
-                {
-                    if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC)
-                        || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC)
-                        || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC))
-                    {
-                        cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8]));
-                    }
-                    else
-                    {
-                        cipher.init(Cipher.DECRYPT_MODE, sKey);
-                    }
-                }
-
-                return cipher;
-            }
-        });
-    }
-    
-    AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-        if (algorithmName != null)
-        {
-            try
-            {
-                // this is reversed as the Sun policy files now allow unlimited strength RSA
-                return helper.createAlgorithmParameters(algorithmName);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-        return helper.createAlgorithmParameters(algorithm.getId());
-    }
-    
-    KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm)
-        throws CRMFException
-    {
-        try
-        {
-            String algName = (String)KEY_ALG_NAMES.get(algorithm);
-
-            if (algName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createKeyFactory(algName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createKeyFactory(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-
-    MessageDigest createDigest(ASN1ObjectIdentifier algorithm)
-        throws CRMFException
-    {
-        try
-        {
-            String digestName = (String)DIGEST_ALG_NAMES.get(algorithm);
-
-            if (digestName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createDigest(digestName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createDigest(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-
-    Mac createMac(ASN1ObjectIdentifier algorithm)
-        throws CRMFException
-    {
-        try
-        {
-            String macName = (String)MAC_ALG_NAMES.get(algorithm);
-
-            if (macName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createMac(macName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createMac(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("cannot create mac: " + e.getMessage(), e);
-        }
-    }
-
-    AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm)
-        throws GeneralSecurityException
-    {
-        String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-        if (algorithmName != null)
-        {
-            try
-            {
-                // this is reversed as the Sun policy files now allow unlimited strength RSA
-                return helper.createAlgorithmParameterGenerator(algorithmName);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-        return helper.createAlgorithmParameterGenerator(algorithm.getId());
-    }
-
-    AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand)
-        throws CRMFException
-    {
-        try
-        {
-            AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID);
-
-            if (encryptionOID.equals(CMSEnvelopedDataGenerator.RC2_CBC))
-            {
-                byte[]  iv = new byte[8];
-
-                rand.nextBytes(iv);
-
-                try
-                {
-                    pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand);
-                }
-                catch (InvalidAlgorithmParameterException e)
-                {
-                    throw new CRMFException("parameters generation error: " + e, e);
-                }
-            }
-
-            return pGen.generateParameters();
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            return null;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("exception creating algorithm parameter generator: " + e, e);
-        }
-    }
-
-    AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params)
-        throws CRMFException
-    {
-        DEREncodable asn1Params;
-        if (params != null)
-        {
-            try
-            {
-                asn1Params = ASN1Object.fromByteArray(params.getEncoded("ASN.1"));
-            }
-            catch (IOException e)
-            {
-                throw new CRMFException("cannot encode parameters: " + e.getMessage(), e);
-            }
-        }
-        else
-        {
-            asn1Params = DERNull.INSTANCE;
-        }
-
-        return new AlgorithmIdentifier(
-            encryptionOID,
-            asn1Params);
-    }
-    
-    static Object execute(JCECallback callback) throws CRMFException
-    {
-        try
-        {
-            return callback.doInJCE();
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CRMFException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CRMFException("key invalid in message.", e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new CRMFException("can't find provider.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CRMFException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CRMFException("algorithm parameters invalid.", e);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-            throw new CRMFException("MAC algorithm parameter spec invalid.", e);
-        }
-    }
-    
-    static interface JCECallback
-    {
-        Object doInJCE()
-            throws CRMFException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException,
-            NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java
deleted file mode 100644
index 6f288e940..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.security.Provider;
-import java.security.PublicKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.crmf.CertReqMsg;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.crmf.CRMFException;
-import org.bouncycastle.cert.crmf.CertificateRequestMessage;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-
-public class JcaCertificateRequestMessage
-    extends CertificateRequestMessage
-{
-    private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper());
-
-    public JcaCertificateRequestMessage(CertificateRequestMessage certReqMsg)
-    {
-        this(certReqMsg.toASN1Structure());
-    }
-
-    public JcaCertificateRequestMessage(CertReqMsg certReqMsg)
-    {
-        super(certReqMsg);
-    }
-
-    public JcaCertificateRequestMessage setProvider(String providerName)
-    {
-        this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JcaCertificateRequestMessage setProvider(Provider provider)
-    {
-        this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public X500Principal getSubjectX500Principal()
-    {
-        X500Name subject = this.getCertTemplate().getSubject();
-
-        if (subject != null)
-        {
-            return new X500Principal(subject.getDEREncoded());
-        }
-
-        return null;
-    }
-
-    public PublicKey getPublicKey()
-        throws CRMFException
-    {
-        SubjectPublicKeyInfo subjectPublicKeyInfo = getCertTemplate().getPublicKey();
-
-        if (subjectPublicKeyInfo != null)
-        {
-            return helper.toPublicKey(subjectPublicKeyInfo);
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java
deleted file mode 100644
index 63eea67fb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.math.BigInteger;
-import java.security.PublicKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.crmf.CertificateRequestMessageBuilder;
-
-public class JcaCertificateRequestMessageBuilder
-    extends CertificateRequestMessageBuilder
-{
-    public JcaCertificateRequestMessageBuilder(BigInteger certReqId)
-    {
-        super(certReqId);
-    }
-
-    public JcaCertificateRequestMessageBuilder setIssuer(X500Principal issuer)
-    {
-        if (issuer != null)
-        {
-            setIssuer(X500Name.getInstance(issuer.getEncoded()));
-        }
-
-        return this;
-    }
-
-    public JcaCertificateRequestMessageBuilder setSubject(X500Principal subject)
-    {
-        if (subject != null)
-        {
-            setSubject(X500Name.getInstance(subject.getEncoded()));
-        }
-
-        return this;
-    }
-
-    public JcaCertificateRequestMessageBuilder setAuthInfoSender(X500Principal sender)
-    {
-        if (sender != null)
-        {
-            setAuthInfoSender(new GeneralName(X500Name.getInstance(sender.getEncoded())));
-        }
-
-        return this;
-    }
-
-    public JcaCertificateRequestMessageBuilder setPublicKey(PublicKey publicKey)
-    {
-        setPublicKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-
-        return this;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java
deleted file mode 100644
index 91d22a0ec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.crmf.EncryptedValue;
-import org.bouncycastle.cert.crmf.CRMFException;
-import org.bouncycastle.cert.crmf.EncryptedValueBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.operator.KeyWrapper;
-import org.bouncycastle.operator.OutputEncryptor;
-
-public class JcaEncryptedValueBuilder
-    extends EncryptedValueBuilder
-{
-    public JcaEncryptedValueBuilder(KeyWrapper wrapper, OutputEncryptor encryptor)
-    {
-        super(wrapper, encryptor);
-    }
-
-    public EncryptedValue build(X509Certificate certificate)
-        throws CertificateEncodingException, CRMFException
-    {
-        return build(new JcaX509CertificateHolder(certificate));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java
deleted file mode 100644
index ab892416f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.security.PrivateKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.crmf.PKIArchiveControlBuilder;
-
-public class JcaPKIArchiveControlBuilder
-    extends PKIArchiveControlBuilder
-{
-    public JcaPKIArchiveControlBuilder(PrivateKey privateKey, X500Name name)
-    {
-        this(privateKey, new GeneralName(name));
-    }
-
-    public JcaPKIArchiveControlBuilder(PrivateKey privateKey, X500Principal name)
-    {
-        this(privateKey, X500Name.getInstance(name.getEncoded()));
-    }
-
-    public JcaPKIArchiveControlBuilder(PrivateKey privateKey, GeneralName generalName)
-    {
-        super(PrivateKeyInfo.getInstance(privateKey.getEncoded()), generalName);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java
deleted file mode 100644
index 176b0ab60..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java
+++ /dev/null
@@ -1,120 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.ProviderException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.crmf.CRMFException;
-import org.bouncycastle.cert.crmf.ValueDecryptorGenerator;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.InputDecryptor;
-
-public class JceAsymmetricValueDecryptorGenerator
-    implements ValueDecryptorGenerator
-{
-    private PrivateKey recipientKey;
-    private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper());
-
-    public JceAsymmetricValueDecryptorGenerator(PrivateKey recipientKey)
-    {
-        this.recipientKey = recipientKey;
-    }
-
-    public JceAsymmetricValueDecryptorGenerator setProvider(Provider provider)
-    {
-        this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceAsymmetricValueDecryptorGenerator setProvider(String providerName)
-    {
-        this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    private Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CRMFException
-    {
-        try
-        {
-            Key sKey = null;
-
-            Cipher keyCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm());
-
-            try
-            {
-                keyCipher.init(Cipher.UNWRAP_MODE, recipientKey);
-                sKey = keyCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY);
-            }
-            catch (GeneralSecurityException e)
-            {
-            }
-            catch (IllegalStateException e)
-            {
-            }
-            catch (UnsupportedOperationException e)
-            {
-            }
-            catch (ProviderException e)
-            {
-            }
-
-            // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms)
-            if (sKey == null)
-            {
-                keyCipher.init(Cipher.DECRYPT_MODE, recipientKey);
-                sKey = new SecretKeySpec(keyCipher.doFinal(encryptedContentEncryptionKey), contentEncryptionAlgorithm.getAlgorithm().getId());
-            }
-
-            return sKey;
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CRMFException("key invalid in message.", e);
-        }
-        catch (IllegalBlockSizeException e)
-        {
-            throw new CRMFException("illegal blocksize in message.", e);
-        }
-        catch (BadPaddingException e)
-        {
-            throw new CRMFException("bad padding in message.", e);
-        }
-    }
-
-    public InputDecryptor getValueDecryptor(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CRMFException
-    {
-        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey);
-
-        final Cipher dataCipher = helper.createContentCipher(secretKey, contentEncryptionAlgorithm);
-
-        return new InputDecryptor()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentEncryptionAlgorithm;
-            }
-
-            public InputStream getInputStream(InputStream dataIn)
-            {
-                return new CipherInputStream(dataIn, dataCipher);
-            }
-        };
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java
deleted file mode 100644
index 00906cb1b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.io.OutputStream;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherOutputStream;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.crmf.CRMFException;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OutputEncryptor;
-
-public class JceCRMFEncryptorBuilder
-{
-    private final ASN1ObjectIdentifier encryptionOID;
-    private final int                  keySize;
-
-    private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper());
-    private SecureRandom random;
-
-    public JceCRMFEncryptorBuilder(ASN1ObjectIdentifier encryptionOID)
-    {
-        this(encryptionOID, -1);
-    }
-
-    public JceCRMFEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize)
-    {
-        this.encryptionOID = encryptionOID;
-        this.keySize = keySize;
-    }
-
-    public JceCRMFEncryptorBuilder setProvider(Provider provider)
-    {
-        this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceCRMFEncryptorBuilder setProvider(String providerName)
-    {
-        this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JceCRMFEncryptorBuilder setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public OutputEncryptor build()
-        throws CRMFException
-    {
-        return new CRMFOutputEncryptor(encryptionOID, keySize, random);
-    }
-
-    private class CRMFOutputEncryptor
-        implements OutputEncryptor
-    {
-        private SecretKey encKey;
-        private AlgorithmIdentifier algorithmIdentifier;
-        private Cipher cipher;
-
-        CRMFOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random)
-            throws CRMFException
-        {
-            KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID);
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            if (keySize < 0)
-            {
-                keyGen.init(random);
-            }
-            else
-            {
-                keyGen.init(keySize, random);
-            }
-
-            cipher = helper.createCipher(encryptionOID);
-            encKey = keyGen.generateKey();
-            AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random);
-
-            try
-            {
-                cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CRMFException("unable to initialize cipher: " + e.getMessage(), e);
-            }
-
-            //
-            // If params are null we try and second guess on them as some providers don't provide
-            // algorithm parameter generation explicity but instead generate them under the hood.
-            //
-            if (params == null)
-            {
-                params = cipher.getParameters();
-            }
-
-            algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params);
-        }
-
-        public AlgorithmIdentifier getAlgorithmIdentifier()
-        {
-            return algorithmIdentifier;
-        }
-
-        public OutputStream getOutputStream(OutputStream dOut)
-        {
-            return new CipherOutputStream(dOut, cipher);
-        }
-
-        public GenericKey getKey()
-        {
-            return new GenericKey(encKey);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java
deleted file mode 100644
index 7b34bd558..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package org.bouncycastle.cert.crmf.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.Provider;
-
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.crmf.CRMFException;
-import org.bouncycastle.cert.crmf.PKMACValuesCalculator;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-
-public class JcePKMACValuesCalculator
-    implements PKMACValuesCalculator
-{
-    private MessageDigest digest;
-    private Mac           mac;
-    private CRMFHelper    helper;
-
-    public JcePKMACValuesCalculator()
-    {
-        this.helper = new CRMFHelper(new DefaultJcaJceHelper());
-    }
-
-    public JcePKMACValuesCalculator setProvider(Provider provider)
-    {
-        this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JcePKMACValuesCalculator setProvider(String providerName)
-    {
-        this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public void setup(AlgorithmIdentifier digAlg, AlgorithmIdentifier macAlg)
-        throws CRMFException
-    {
-        digest = helper.createDigest(digAlg.getAlgorithm());
-        mac = helper.createMac(macAlg.getAlgorithm());
-    }
-
-    public byte[] calculateDigest(byte[] data)
-    {
-        return digest.digest(data);
-    }
-
-    public byte[] calculateMac(byte[] pwd, byte[] data)
-        throws CRMFException
-    {
-        try
-        {
-            mac.init(new SecretKeySpec(pwd, mac.getAlgorithm()));
-
-            return mac.doFinal(data);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CRMFException("failure in setup: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html
deleted file mode 100644
index e9bc53fd7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-JCA extensions to the CRMF online certificate request package.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/package.html
deleted file mode 100644
index 521fc4406..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/crmf/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-Basic support package for handling and creating CRMF (RFC 4211) certificate request messages.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/CertHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/CertHelper.java
deleted file mode 100644
index dee699672..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/CertHelper.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-abstract class CertHelper
-{
-    public CertificateFactory getCertificateFactory(String type)
-        throws NoSuchProviderException, CertificateException
-    {
-        return createCertificateFactory(type);
-    }
-
-    protected abstract CertificateFactory createCertificateFactory(String type)
-        throws CertificateException, NoSuchProviderException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/DefaultCertHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/DefaultCertHelper.java
deleted file mode 100644
index 3966b4937..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/DefaultCertHelper.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-class DefaultCertHelper
-    extends CertHelper
-{
-    protected CertificateFactory createCertificateFactory(String type)
-        throws CertificateException
-    {
-        return CertificateFactory.getInstance(type);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaAttrCertStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaAttrCertStore.java
deleted file mode 100644
index b857d966b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaAttrCertStore.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.x509.X509AttributeCertificate;
-
-/**
- * Class for storing Attribute Certificates for later lookup.
- * 

- * The class will convert X509AttributeCertificate objects into X509AttributeCertificateHolder objects.
- * 

- */
-public class JcaAttrCertStore
-    extends CollectionStore
-{
-    /**
-     * Basic constructor.
-     *
-     * @param collection - initial contents for the store, this is copied.
-     */
-    public JcaAttrCertStore(Collection collection)
-        throws IOException
-    {
-        super(convertCerts(collection));
-    }
-
-    public JcaAttrCertStore(X509AttributeCertificate attrCert)
-        throws IOException
-    {
-        this(Collections.singletonList(attrCert));
-    }
-
-    private static Collection convertCerts(Collection collection)
-        throws IOException
-    {
-        List list = new ArrayList(collection.size());
-
-        for (Iterator it = collection.iterator(); it.hasNext();)
-        {
-            Object o = it.next();
-
-            if (o instanceof X509AttributeCertificate)
-            {
-                X509AttributeCertificate cert = (X509AttributeCertificate)o;
-
-                list.add(new JcaX509AttributeCertificateHolder(cert));
-            }
-            else
-            {
-                list.add(o);
-            }
-        }
-
-        return list;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCRLStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCRLStore.java
deleted file mode 100644
index 2e8209e93..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCRLStore.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.io.IOException;
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.cert.X509CRLHolder;
-import org.bouncycastle.util.CollectionStore;
-
-/**
- * Class for storing CRLs for later lookup.
- * 

- * The class will convert X509CRL objects into X509CRLHolder objects.
- * 

- */
-public class JcaCRLStore
-    extends CollectionStore
-{
-    /**
-     * Basic constructor.
-     *
-     * @param collection - initial contents for the store, this is copied.
-     */
-    public JcaCRLStore(Collection collection)
-        throws CRLException
-    {
-        super(convertCRLs(collection));
-    }
-
-    private static Collection convertCRLs(Collection collection)
-        throws CRLException
-    {
-        List list = new ArrayList(collection.size());
-
-        for (Iterator it = collection.iterator(); it.hasNext();)
-        {
-            Object crl = it.next();
-
-            if (crl instanceof X509CRL)
-            {
-                try
-                {
-                    list.add(new X509CRLHolder(((X509CRL)crl).getEncoded()));
-                }
-                catch (IOException e)
-                {
-                    throw new CRLException("cannot read encoding: " + e.getMessage());
-                    
-                }
-            }
-            else
-            {
-                list.add((X509CRLHolder)crl);
-            }
-        }
-
-        return list;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCertStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCertStore.java
deleted file mode 100644
index e7433642f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaCertStore.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.io.IOException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.util.CollectionStore;
-
-/**
- * Class for storing Certificates for later lookup.
- * 

- * The class will convert X509Certificate objects into X509CertificateHolder objects.
- * 

- */
-public class JcaCertStore
-    extends CollectionStore
-{
-    /**
-     * Basic constructor.
-     *
-     * @param collection - initial contents for the store, this is copied.
-     */
-    public JcaCertStore(Collection collection)
-        throws CertificateEncodingException
-    {
-        super(convertCerts(collection));
-    }
-
-    private static Collection convertCerts(Collection collection)
-        throws CertificateEncodingException
-    {
-        List list = new ArrayList(collection.size());
-
-        for (Iterator it = collection.iterator(); it.hasNext();)
-        {
-            Object o = it.next();
-
-            if (o instanceof X509Certificate)
-            {
-                X509Certificate cert = (X509Certificate)o;
-
-                try
-                {
-                    list.add(new X509CertificateHolder(cert.getEncoded()));
-                }
-                catch (IOException e)
-                {
-                    throw new CertificateEncodingException("unable to read encoding: " + e.getMessage());
-                }
-            }
-            else
-            {
-                list.add((X509CertificateHolder)o);
-            }
-        }
-
-        return list;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509AttributeCertificateHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509AttributeCertificateHolder.java
deleted file mode 100644
index 1ceafce04..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509AttributeCertificateHolder.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.x509.X509AttributeCertificate;
-
-/**
- * JCA helper class for converting an old style X509AttributeCertificate into a X509AttributeCertificateHolder object.
- */
-public class JcaX509AttributeCertificateHolder
-    extends X509AttributeCertificateHolder
-{
-    /**
-     * Base constructor.
-     *
-     * @param cert AttributeCertificate to be used a the source for the holder creation.
-     * @throws IOException if there is a problem extracting the attribute certificate information.
-     */
-    public JcaX509AttributeCertificateHolder(X509AttributeCertificate cert)
-        throws IOException
-    {
-        super(AttributeCertificate.getInstance(cert.getEncoded()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLConverter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLConverter.java
deleted file mode 100644
index ae06334f3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLConverter.java
+++ /dev/null
@@ -1,103 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-
-import org.bouncycastle.cert.X509CRLHolder;
-
-/**
- * Class for converting an X509CRLHolder into a corresponding X509CRL object tied to a
- * particular JCA provider.
- */
-public class JcaX509CRLConverter
-{
-    private CertHelper helper = new DefaultCertHelper();
-
-    /**
-     * Base constructor, configure with the default provider.
-     */
-    public JcaX509CRLConverter()
-    {
-        this.helper = new DefaultCertHelper();
-    }
-
-    /**
-     * Set the provider to use from a Provider object.
-     *
-     * @param provider the provider to use.
-     * @return the converter instance.
-     */
-    public JcaX509CRLConverter setProvider(Provider provider)
-    {
-        this.helper = new ProviderCertHelper(provider);
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use by name.
-     *
-     * @param providerName name of the provider to use.
-     * @return the converter instance.
-     */
-    public JcaX509CRLConverter setProvider(String providerName)
-    {
-        this.helper = new NamedCertHelper(providerName);
-
-        return this;
-    }
-
-    /**
-     * Use the configured converter to produce a X509CRL object from a X509CRLHolder object.
-     *
-     * @param crlHolder  the holder to be converted
-     * @return a X509CRL object
-     * @throws CRLException if the conversion is unable to be made.
-     */
-    public X509CRL getCRL(X509CRLHolder crlHolder)
-        throws CRLException
-    {
-        try
-        {
-            CertificateFactory cFact = helper.getCertificateFactory("X.509");
-
-            return (X509CRL)cFact.generateCRL(new ByteArrayInputStream(crlHolder.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new ExCRLException("exception parsing certificate: " + e.getMessage(), e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new ExCRLException("cannot find required provider:" + e.getMessage(), e);
-        }
-        catch (CertificateException e)
-        {
-            throw new ExCRLException("cannot create factory: " + e.getMessage(), e);
-        }
-    }
-
-    private class ExCRLException
-        extends CRLException
-    {
-        private Throwable cause;
-
-        public ExCRLException(String msg, Throwable cause)
-        {
-            super(msg);
-
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLHolder.java
deleted file mode 100644
index 43665c02b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CRLHolder.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.cert.X509CRLHolder;
-
-/**
- * JCA helper class for converting an X509CRL into a X509CRLHolder object.
- */
-public class JcaX509CRLHolder
-    extends X509CRLHolder
-{
-    /**
-     * Base constructor.
-     *
-     * @param crl CRL to be used a the source for the holder creation.
-     * @throws CRLException if there is a problem extracting the CRL information.
-     */
-    public JcaX509CRLHolder(X509CRL crl)
-        throws CRLException
-    {
-        super(CertificateList.getInstance(crl.getEncoded()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateConverter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateConverter.java
deleted file mode 100644
index 39e63aa4c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateConverter.java
+++ /dev/null
@@ -1,116 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-
-/**
- * Converter for producing X509Certificate objects tied to a specific provider from X509CertificateHolder objects.
- */
-public class JcaX509CertificateConverter
-{
-    private CertHelper helper = new DefaultCertHelper();
-
-    /**
-     * Base constructor, configure with the default provider.
-     */
-    public JcaX509CertificateConverter()
-    {
-        this.helper = new DefaultCertHelper();
-    }
-
-    /**
-     * Set the provider to use from a Provider object.
-     *
-     * @param provider the provider to use.
-     * @return the converter instance.
-     */
-    public JcaX509CertificateConverter setProvider(Provider provider)
-    {
-        this.helper = new ProviderCertHelper(provider);
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use by name.
-     *
-     * @param providerName name of the provider to use.
-     * @return the converter instance.
-     */
-    public JcaX509CertificateConverter setProvider(String providerName)
-    {
-        this.helper = new NamedCertHelper(providerName);
-
-        return this;
-    }
-
-    /**
-     * Use the configured converter to produce a X509Certificate object from a X509CertificateHolder object.
-     *
-     * @param certHolder  the holder to be converted
-     * @return a X509Certificate object
-     * @throws CertificateException if the conversion is unable to be made.
-     */
-    public X509Certificate getCertificate(X509CertificateHolder certHolder)
-        throws CertificateException
-    {
-        try
-        {
-            CertificateFactory cFact = helper.getCertificateFactory("X.509");
-
-            return (X509Certificate)cFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new ExCertificateParsingException("exception parsing certificate: " + e.getMessage(), e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new ExCertificateException("cannot find required provider:" + e.getMessage(), e);
-        }
-    }
-
-    private class ExCertificateParsingException
-        extends CertificateParsingException
-    {
-        private Throwable cause;
-
-        public ExCertificateParsingException(String msg, Throwable cause)
-        {
-            super(msg);
-
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-    
-    private class ExCertificateException
-        extends CertificateException
-    {
-        private Throwable cause;
-
-        public ExCertificateException(String msg, Throwable cause)
-        {
-            super(msg);
-
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateHolder.java
deleted file mode 100644
index 0c84b358f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509CertificateHolder.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.cert.X509CertificateHolder;
-
-/**
- * JCA helper class for converting an X509Certificate into a X509CertificateHolder object.
- */
-public class JcaX509CertificateHolder
-    extends X509CertificateHolder
-{
-    /**
-     * Base constructor.
-     *
-     * @param cert certificate to be used a the source for the holder creation.
-     * @throws CertificateEncodingException if there is a problem extracting the certificate information.
-     */
-    public JcaX509CertificateHolder(X509Certificate cert)
-        throws CertificateEncodingException
-    {
-        super(X509CertificateStructure.getInstance(cert.getEncoded()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v1CertificateBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v1CertificateBuilder.java
deleted file mode 100644
index e453fc713..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v1CertificateBuilder.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.util.Date;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-
-/**
- * JCA helper class to allow JCA objects to be used in the construction of a Version 1 certificate.
- */
-public class JcaX509v1CertificateBuilder
-    extends X509v1CertificateBuilder
-{
-    /**
-     * Initialise the builder using a PublicKey.
-     *
-     * @param issuer X500Name representing the issuer of this certificate.
-     * @param serial the serial number for the certificate.
-     * @param notBefore date before which the certificate is not valid.
-     * @param notAfter date after which the certificate is not valid.
-     * @param subject X500Name representing the subject of this certificate.
-     * @param publicKey the public key to be associated with the certificate.
-     */
-    public JcaX509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, PublicKey publicKey)
-    {
-        super(issuer, serial, notBefore, notAfter, subject, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-    }
-
-    /**
-     * Initialise the builder using X500Principal objects and a PublicKey.
-     *
-     * @param issuer principal representing the issuer of this certificate.
-     * @param serial the serial number for the certificate.
-     * @param notBefore date before which the certificate is not valid.
-     * @param notAfter date after which the certificate is not valid.
-     * @param subject principal representing the subject of this certificate.
-     * @param publicKey the public key to be associated with the certificate.
-     */
-    public JcaX509v1CertificateBuilder(X500Principal issuer, BigInteger serial, Date notBefore, Date notAfter, X500Principal subject, PublicKey publicKey)
-    {
-        super(X500Name.getInstance(issuer.getEncoded()), serial, notBefore, notAfter, X500Name.getInstance(subject.getEncoded()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v2CRLBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v2CRLBuilder.java
deleted file mode 100644
index bd7312055..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v2CRLBuilder.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.util.Date;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cert.X509v2CRLBuilder;
-
-public class JcaX509v2CRLBuilder
-    extends X509v2CRLBuilder
-{
-    public JcaX509v2CRLBuilder(X500Principal issuer, Date now)
-    {
-        super(X500Name.getInstance(issuer.getEncoded()), now);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v3CertificateBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v3CertificateBuilder.java
deleted file mode 100644
index 9910f84d9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/JcaX509v3CertificateBuilder.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.math.BigInteger;
-import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-
-/**
- * JCA helper class to allow JCA objects to be used in the construction of a Version 3 certificate.
- */
-public class JcaX509v3CertificateBuilder
-    extends X509v3CertificateBuilder
-{
-    /**
-     * Initialise the builder using a PublicKey.
-     *
-     * @param issuer X500Name representing the issuer of this certificate.
-     * @param serial the serial number for the certificate.
-     * @param notBefore date before which the certificate is not valid.
-     * @param notAfter date after which the certificate is not valid.
-     * @param subject X500Name representing the subject of this certificate.
-     * @param publicKey the public key to be associated with the certificate.
-     */
-    public JcaX509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, PublicKey publicKey)
-    {
-        super(issuer, serial, notBefore, notAfter, subject, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-    }
-
-    /**
-     * Initialise the builder using X500Principal objects and a PublicKey.
-     *
-     * @param issuer principal representing the issuer of this certificate.
-     * @param serial the serial number for the certificate.
-     * @param notBefore date before which the certificate is not valid.
-     * @param notAfter date after which the certificate is not valid.
-     * @param subject principal representing the subject of this certificate.
-     * @param publicKey the public key to be associated with the certificate.
-     */
-    public JcaX509v3CertificateBuilder(X500Principal issuer, BigInteger serial, Date notBefore, Date notAfter, X500Principal subject, PublicKey publicKey)
-    {
-        super(X500Name.getInstance(issuer.getEncoded()), serial, notBefore, notAfter, X500Name.getInstance(subject.getEncoded()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-    }
-
-    /**
-     * Initialise the builder using the subject from the passed in issuerCert as the issuer, as well as
-     * passing through and converting the other objects provided.
-     *
-     * @param issuerCert certificate who's subject is the issuer of the certificate we are building.
-     * @param serial the serial number for the certificate.
-     * @param notBefore date before which the certificate is not valid.
-     * @param notAfter date after which the certificate is not valid.
-     * @param subject principal representing the subject of this certificate.
-     * @param publicKey the public key to be associated with the certificate.
-     */
-    public JcaX509v3CertificateBuilder(X509Certificate issuerCert, BigInteger serial, Date notBefore, Date notAfter, X500Principal subject, PublicKey publicKey)
-    {
-        this(issuerCert.getSubjectX500Principal(), serial, notBefore, notAfter, subject, publicKey);
-    }
-
-    /**
-     * Add a given extension field for the standard extensions tag (tag 3)
-     * copying the extension value from another certificate.
-     *
-     * @param oid the type of the extension to be copied.
-     * @param critical true if the extension is to be marked critical, false otherwise.
-     * @param certificate the source of the extension to be copied.
-     * @return the builder instance.
-     */
-    public JcaX509v3CertificateBuilder copyAndAddExtension(
-        ASN1ObjectIdentifier oid,
-        boolean critical,
-        X509Certificate certificate)
-        throws CertificateEncodingException
-    {
-        this.copyAndAddExtension(oid, critical, new JcaX509CertificateHolder(certificate));
-
-        return this;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/NamedCertHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/NamedCertHelper.java
deleted file mode 100644
index 5cd2feb40..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/NamedCertHelper.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-class NamedCertHelper
-    extends CertHelper
-{
-    private final String providerName;
-
-    NamedCertHelper(String providerName)
-    {
-        this.providerName = providerName;
-    }
-
-    protected CertificateFactory createCertificateFactory(String type)
-        throws CertificateException, NoSuchProviderException
-    {
-        return CertificateFactory.getInstance(type, providerName);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/ProviderCertHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/ProviderCertHelper.java
deleted file mode 100644
index 15c9e729b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/ProviderCertHelper.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.cert.jcajce;
-
-import java.security.Provider;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-class ProviderCertHelper
-    extends CertHelper
-{
-    private final Provider provider;
-
-    ProviderCertHelper(Provider provider)
-    {
-        this.provider = provider;
-    }
-
-    protected CertificateFactory createCertificateFactory(String type)
-        throws CertificateException
-    {
-        return CertificateFactory.getInstance(type, provider);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/package.html
deleted file mode 100644
index cc15e01ab..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/jcajce/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-JCA extensions to the certificate building and processing package.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPResp.java
deleted file mode 100644
index 7f49817a6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPResp.java
+++ /dev/null
@@ -1,204 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-
-/**
- * 
- * BasicOCSPResponse       ::= SEQUENCE {
- *    tbsResponseData      ResponseData,
- *    signatureAlgorithm   AlgorithmIdentifier,
- *    signature            BIT STRING,
- *    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- * 

- */
-public class BasicOCSPResp
-{
-    private BasicOCSPResponse   resp;
-    private ResponseData        data;
-    private X509Extensions extensions;
-
-    public BasicOCSPResp(
-        BasicOCSPResponse   resp)
-    {
-        this.resp = resp;
-        this.data = resp.getTbsResponseData();
-        this.extensions = resp.getTbsResponseData().getResponseExtensions();
-    }
-
-    /**
-     * Return the DER encoding of the tbsResponseData field.
-     * @return DER encoding of tbsResponseData
-     */
-    public byte[] getTBSResponseData()
-    {
-        return resp.getTbsResponseData().getDEREncoded();
-    }
-
-    public int getVersion()
-    {
-        return data.getVersion().getValue().intValue() + 1;
-    }
-
-    public RespID getResponderId()
-    {
-        return new RespID(data.getResponderID());
-    }
-
-    public Date getProducedAt()
-    {
-        return OCSPUtils.extractDate(data.getProducedAt());
-    }
-
-    public SingleResp[] getResponses()
-    {
-        ASN1Sequence    s = data.getResponses();
-        SingleResp[]    rs = new SingleResp[s.size()];
-
-        for (int i = 0; i != rs.length; i++)
-        {
-            rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i)));
-        }
-
-        return rs;
-    }
-
-    public boolean hasExtensions()
-   {
-       return extensions != null;
-   }
-
-   public X509Extension getExtension(ASN1ObjectIdentifier oid)
-   {
-       if (extensions != null)
-       {
-           return extensions.getExtension(oid);
-       }
-
-       return null;
-   }
-
-   public List getExtensionOIDs()
-   {
-       return OCSPUtils.getExtensionOIDs(extensions);
-   }
-
-   public Set getCriticalExtensionOIDs()
-   {
-       return OCSPUtils.getCriticalExtensionOIDs(extensions);
-   }
-
-   public Set getNonCriticalExtensionOIDs()
-   {
-       return OCSPUtils.getNonCriticalExtensionOIDs(extensions);
-   }
-
-
-    public ASN1ObjectIdentifier getSignatureAlgOID()
-    {
-        return resp.getSignatureAlgorithm().getAlgorithm();
-    }
-
-    public byte[] getSignature()
-    {
-        return resp.getSignature().getBytes();
-    }
-
-    public X509CertificateHolder[] getCerts()
-    {
-        //
-        // load the certificates if we have any
-        //
-        if (resp.getCerts() != null)
-        {
-            ASN1Sequence s = resp.getCerts();
-
-            if (s != null)
-            {
-                X509CertificateHolder[] certs = new X509CertificateHolder[s.size()];
-
-                for (int i = 0; i != certs.length; i++)
-                {
-                    certs[i] = new X509CertificateHolder(X509CertificateStructure.getInstance(s.getObjectAt(i)));
-                }
-
-                return certs;
-            }
-
-            return OCSPUtils.EMPTY_CERTS;
-        }
-        else
-        {
-            return OCSPUtils.EMPTY_CERTS;
-        }
-    }
-
-    /**
-     * verify the signature against the tbsResponseData object we contain.
-     */
-    public boolean isSignatureValid(
-        ContentVerifierProvider verifierProvider)
-        throws OCSPException
-    {
-        try
-        {
-            ContentVerifier verifier = verifierProvider.get(resp.getSignatureAlgorithm());
-            OutputStream vOut = verifier.getOutputStream();
-
-            vOut.write(resp.getTbsResponseData().getDEREncoded());
-            vOut.close();
-
-            return verifier.verify(this.getSignature());
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing sig: " + e, e);
-        }
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-    	return resp.getEncoded();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-        
-        if (!(o instanceof BasicOCSPResp))
-        {
-            return false;
-        }
-        
-        BasicOCSPResp r = (BasicOCSPResp)o;
-        
-        return resp.equals(r.resp);
-    }
-    
-    public int hashCode()
-    {
-        return resp.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPRespBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPRespBuilder.java
deleted file mode 100644
index 8cd8e2d57..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/BasicOCSPRespBuilder.java
+++ /dev/null
@@ -1,263 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.CertStatus;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DigestCalculator;
-
-/**
- * Generator for basic OCSP response objects.
- */
-public class BasicOCSPRespBuilder
-{
-    private List            list = new ArrayList();
-    private X509Extensions  responseExtensions = null;
-    private RespID          responderID;
-
-    private class ResponseObject
-    {
-        CertificateID         certId;
-        CertStatus            certStatus;
-        DERGeneralizedTime    thisUpdate;
-        DERGeneralizedTime    nextUpdate;
-        X509Extensions        extensions;
-
-        public ResponseObject(
-            CertificateID     certId,
-            CertificateStatus certStatus,
-            Date              thisUpdate,
-            Date              nextUpdate,
-            X509Extensions    extensions)
-        {
-            this.certId = certId;
-
-            if (certStatus == null)
-            {
-                this.certStatus = new CertStatus();
-            }
-            else if (certStatus instanceof UnknownStatus)
-            {
-                this.certStatus = new CertStatus(2, new DERNull());
-            }
-            else
-            {
-                RevokedStatus rs = (RevokedStatus)certStatus;
-
-                if (rs.hasRevocationReason())
-                {
-                    this.certStatus = new CertStatus(
-                                            new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), new CRLReason(rs.getRevocationReason())));
-                }
-                else
-                {
-                    this.certStatus = new CertStatus(
-                                            new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), null));
-                }
-            }
-
-            this.thisUpdate = new DERGeneralizedTime(thisUpdate);
-
-            if (nextUpdate != null)
-            {
-                this.nextUpdate = new DERGeneralizedTime(nextUpdate);
-            }
-            else
-            {
-                this.nextUpdate = null;
-            }
-
-            this.extensions = extensions;
-        }
-
-        public SingleResponse toResponse()
-            throws Exception
-        {
-            return new SingleResponse(certId.toASN1Object(), certStatus, thisUpdate, nextUpdate, extensions);
-        }
-    }
-
-    /**
-     * basic constructor
-     */
-    public BasicOCSPRespBuilder(
-        RespID  responderID)
-    {
-        this.responderID = responderID;
-    }
-
-    /**
-     * construct with the responderID to be the SHA-1 keyHash of the passed in public key.
-     *
-     * @param key the key info of the responder public key.
-     * @param digCalc  a SHA-1 digest calculator
-     */
-    public BasicOCSPRespBuilder(
-        SubjectPublicKeyInfo key,
-        DigestCalculator     digCalc)
-        throws OCSPException
-    {
-        this.responderID = new RespID(key, digCalc);
-    }
-
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param certStatus status of the certificate - null if okay
-     */
-    public BasicOCSPRespBuilder addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), null, null));
-
-        return this;
-    }
-
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public BasicOCSPRespBuilder addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions));
-
-        return this;
-    }
-    
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param nextUpdate date when next update should be requested
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public BasicOCSPRespBuilder addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        Date                nextUpdate,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions));
-
-        return this;
-    }
-    
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param thisUpdate date this response was valid on
-     * @param nextUpdate date when next update should be requested
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public BasicOCSPRespBuilder addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        Date                thisUpdate,
-        Date                nextUpdate,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions));
-
-        return this;
-    }
-    
-    /**
-     * Set the extensions for the response.
-     * 
-     * @param responseExtensions the extension object to carry.
-     */
-    public BasicOCSPRespBuilder setResponseExtensions(
-        X509Extensions  responseExtensions)
-    {
-        this.responseExtensions = responseExtensions;
-
-        return this;
-    }
-
-    public BasicOCSPResp build(
-        ContentSigner signer,
-        X509CertificateHolder[]   chain,
-        Date                producedAt)
-        throws OCSPException
-    {
-        Iterator    it = list.iterator();
-
-        ASN1EncodableVector responses = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            try
-            {
-                responses.add(((ResponseObject)it.next()).toResponse());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception creating Request", e);
-            }
-        }
-
-        ResponseData  tbsResp = new ResponseData(responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
-        DERBitString    bitSig;
-
-        try
-        {
-            OutputStream sigOut = signer.getOutputStream();
-
-            sigOut.write(tbsResp.getEncoded(ASN1Encodable.DER));
-            sigOut.close();
-
-            bitSig = new DERBitString(signer.getSignature());
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing TBSRequest: " + e.getMessage(), e);
-        }
-
-        AlgorithmIdentifier sigAlgId = signer.getAlgorithmIdentifier();
-
-        DERSequence chainSeq = null;
-        if (chain != null && chain.length > 0)
-        {
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            for (int i = 0; i != chain.length; i++)
-            {
-                v.add(chain[i].toASN1Structure());
-            }
-
-            chainSeq = new DERSequence(v);
-        }
-
-        return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateID.java
deleted file mode 100644
index da0e3e55c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateID.java
+++ /dev/null
@@ -1,155 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.OutputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.CertID;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class CertificateID
-{
-    public static final AlgorithmIdentifier HASH_SHA1 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
-
-    private final CertID id;
-
-    public CertificateID(
-        CertID id)
-    {
-        if (id == null)
-        {
-            throw new IllegalArgumentException("'id' cannot be null");
-        }
-        this.id = id;
-    }
-
-    /**
-     * create from an issuer certificate and the serial number of the
-     * certificate it signed.
-     *
-     * @param issuerCert issuing certificate
-     * @param number serial number
-     *
-     * @exception OCSPException if any problems occur creating the id fields.
-     */
-    public CertificateID(
-        DigestCalculator digestCalculator, X509CertificateHolder issuerCert,
-        BigInteger number)
-        throws OCSPException
-    {
-        this.id = createCertID(digestCalculator, issuerCert, new DERInteger(number));
-    }
-
-    public ASN1ObjectIdentifier getHashAlgOID()
-    {
-        return id.getHashAlgorithm().getAlgorithm();
-    }
-
-    public byte[] getIssuerNameHash()
-    {
-        return id.getIssuerNameHash().getOctets();
-    }
-
-    public byte[] getIssuerKeyHash()
-    {
-        return id.getIssuerKeyHash().getOctets();
-    }
-
-    /**
-     * return the serial number for the certificate associated
-     * with this request.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return id.getSerialNumber().getValue();
-    }
-
-    public boolean matchesIssuer(X509CertificateHolder issuerCert, DigestCalculatorProvider digCalcProvider)
-        throws OCSPException
-    {
-        try
-        {
-            return createCertID(digCalcProvider.get(id.getHashAlgorithm()), issuerCert, id.getSerialNumber()).equals(id);
-        }
-        catch (OperatorCreationException e)
-        {
-            throw new OCSPException("unable to create digest calculator: " + e.getMessage(), e);
-        }
-    }
-
-    public CertID toASN1Object()
-    {
-        return id;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof CertificateID))
-        {
-            return false;
-        }
-
-        CertificateID obj = (CertificateID)o;
-
-        return id.getDERObject().equals(obj.id.getDERObject());
-    }
-
-    public int hashCode()
-    {
-        return id.getDERObject().hashCode();
-    }
-
-    /**
-     * Create a new CertificateID for a new serial number derived from a previous one
-     * calculated for the same CA certificate.
-     *
-     * @param original the previously calculated CertificateID for the CA.
-     * @param newSerialNumber the serial number for the new certificate of interest.
-     *
-     * @return a new CertificateID for newSerialNumber
-     */
-    public static CertificateID deriveCertificateID(CertificateID original, BigInteger newSerialNumber)
-    {
-        return new CertificateID(new CertID(original.id.getHashAlgorithm(), original.id.getIssuerNameHash(), original.id.getIssuerKeyHash(), new DERInteger(newSerialNumber)));
-    }
-
-    private static CertID createCertID(DigestCalculator digCalc, X509CertificateHolder issuerCert, DERInteger serialNumber)
-        throws OCSPException
-    {
-        try
-        {
-            OutputStream dgOut = digCalc.getOutputStream();
-
-            dgOut.write(issuerCert.toASN1Structure().getSubject().getDEREncoded());
-            dgOut.close();
-
-            ASN1OctetString issuerNameHash = new DEROctetString(digCalc.getDigest());
-
-            SubjectPublicKeyInfo info = issuerCert.getSubjectPublicKeyInfo();
-
-            dgOut = digCalc.getOutputStream();
-
-            dgOut.write(info.getPublicKeyData().getBytes());
-            dgOut.close();
-
-            ASN1OctetString issuerKeyHash = new DEROctetString(digCalc.getDigest());
-
-            return new CertID(digCalc.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, serialNumber);
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("problem creating ID: " + e, e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateStatus.java
deleted file mode 100644
index 3aa117dfe..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/CertificateStatus.java
+++ /dev/null
@@ -1,6 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-public interface CertificateStatus
-{
-    public static final CertificateStatus GOOD = null;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPException.java
deleted file mode 100644
index 6489788c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPException.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-public class OCSPException
-    extends Exception
-{
-    private Throwable   cause;
-
-    public OCSPException(
-        String name)
-    {
-        super(name);
-    }
-
-    public OCSPException(
-        String name,
-        Throwable cause)
-    {
-        super(name);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReq.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReq.java
deleted file mode 100644
index 3579485f5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReq.java
+++ /dev/null
@@ -1,249 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ocsp.OCSPRequest;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cert.CertIOException;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-
-/**
- * 
- * OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- *
- *   TBSRequest      ::=     SEQUENCE {
- *       version             [0]     EXPLICIT Version DEFAULT v1,
- *       requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
- *       requestList                 SEQUENCE OF Request,
- *       requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
- *
- *   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm      AlgorithmIdentifier,
- *       signature               BIT STRING,
- *       certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
- *
- *   Version         ::=             INTEGER  {  v1(0) }
- *
- *   Request         ::=     SEQUENCE {
- *       reqCert                     CertID,
- *       singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
- *
- *   CertID          ::=     SEQUENCE {
- *       hashAlgorithm       AlgorithmIdentifier,
- *       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
- *       serialNumber        CertificateSerialNumber }
- * 

- */
-public class OCSPReq
-{
-    private static final X509CertificateHolder[] EMPTY_CERTS = new X509CertificateHolder[0];
-
-    private OCSPRequest    req;
-    private X509Extensions extensions;
-
-    public OCSPReq(
-        OCSPRequest req)
-    {
-        this.req = req;
-        this.extensions = req.getTbsRequest().getRequestExtensions();
-    }
-    
-    public OCSPReq(
-        byte[]          req)
-        throws IOException
-    {
-        this(new ASN1InputStream(req));
-    }
-
-    private OCSPReq(
-        ASN1InputStream aIn)
-        throws IOException
-    {
-        try
-        {
-            this.req = OCSPRequest.getInstance(aIn.readObject());
-            this.extensions = req.getTbsRequest().getRequestExtensions();
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed request: " + e.getMessage(), e);
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed request: " + e.getMessage(), e);
-        }
-    }
-
-    public int getVersion()
-    {
-        return req.getTbsRequest().getVersion().getValue().intValue() + 1;
-    }
-
-    public GeneralName getRequestorName()
-    {
-        return GeneralName.getInstance(req.getTbsRequest().getRequestorName());
-    }
-
-    public Req[] getRequestList()
-    {
-        ASN1Sequence    seq = req.getTbsRequest().getRequestList();
-        Req[]           requests = new Req[seq.size()];
-
-        for (int i = 0; i != requests.length; i++)
-        {
-            requests[i] = new Req(Request.getInstance(seq.getObjectAt(i)));
-        }
-
-        return requests;
-    }
-
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    public List getExtensionOIDs()
-    {
-        return OCSPUtils.getExtensionOIDs(extensions);
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return OCSPUtils.getCriticalExtensionOIDs(extensions);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return OCSPUtils.getNonCriticalExtensionOIDs(extensions);
-    }
-
-    /**
-     * return the object identifier representing the signature algorithm
-     */
-    public ASN1ObjectIdentifier getSignatureAlgOID()
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-
-        return req.getOptionalSignature().getSignatureAlgorithm().getAlgorithm();
-    }
-
-    public byte[] getSignature()
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-
-        return req.getOptionalSignature().getSignature().getBytes();
-    }
-
-    public X509CertificateHolder[] getCerts()
-    {
-        //
-        // load the certificates if we have any
-        //
-        if (req.getOptionalSignature() != null)
-        {
-            ASN1Sequence s = req.getOptionalSignature().getCerts();
-
-            if (s != null)
-            {
-                X509CertificateHolder[] certs = new X509CertificateHolder[s.size()];
-
-                for (int i = 0; i != certs.length; i++)
-                {
-                    certs[i] = new X509CertificateHolder(X509CertificateStructure.getInstance(s.getObjectAt(i)));
-                }
-
-                return certs;
-            }
-
-            return EMPTY_CERTS;
-        }
-        else
-        {
-            return EMPTY_CERTS;
-        }
-    }
-    
-    /**
-     * Return whether or not this request is signed.
-     * 
-     * @return true if signed false otherwise.
-     */
-    public boolean isSigned()
-    {
-        return req.getOptionalSignature() != null;
-    }
-
-    /**
-     * verify the signature against the TBSRequest object we contain.
-     */
-    public boolean isSignatureValid(
-        ContentVerifierProvider verifierProvider)
-        throws OCSPException
-    {
-        if (!this.isSigned())
-        {
-            throw new OCSPException("attempt to verify signature on unsigned object");
-        }
-
-        try
-        {
-            ContentVerifier verifier = verifierProvider.get(req.getOptionalSignature().getSignatureAlgorithm());
-            OutputStream sOut = verifier.getOutputStream();
-
-            sOut.write(req.getTbsRequest().getDEREncoded());
-
-            return verifier.verify(this.getSignature());
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing signature: " + e, e);
-        }
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-        aOut.writeObject(req);
-
-        return bOut.toByteArray();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReqBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReqBuilder.java
deleted file mode 100644
index 7b50ac314..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPReqBuilder.java
+++ /dev/null
@@ -1,198 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.ocsp.OCSPRequest;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.ocsp.Signature;
-import org.bouncycastle.asn1.ocsp.TBSRequest;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentSigner;
-
-public class OCSPReqBuilder
-{
-    private List            list = new ArrayList();
-    private GeneralName     requestorName = null;
-    private X509Extensions  requestExtensions = null;
-    
-    private class RequestObject
-    {
-        CertificateID   certId;
-        X509Extensions  extensions;
-
-        public RequestObject(
-            CertificateID   certId,
-            X509Extensions  extensions)
-        {
-            this.certId = certId;
-            this.extensions = extensions;
-        }
-
-        public Request toRequest()
-            throws Exception
-        {
-            return new Request(certId.toASN1Object(), extensions);
-        }
-    }
-
-    /**
-     * Add a request for the given CertificateID.
-     * 
-     * @param certId certificate ID of interest
-     */
-    public OCSPReqBuilder addRequest(
-        CertificateID   certId)
-    {
-        list.add(new RequestObject(certId, null));
-
-        return this;
-    }
-
-    /**
-     * Add a request with extensions
-     * 
-     * @param certId certificate ID of interest
-     * @param singleRequestExtensions the extensions to attach to the request
-     */
-    public OCSPReqBuilder addRequest(
-        CertificateID   certId,
-        X509Extensions  singleRequestExtensions)
-    {
-        list.add(new RequestObject(certId, singleRequestExtensions));
-
-        return this;
-    }
-
-    /**
-     * Set the requestor name to the passed in X500Principal
-     * 
-     * @param requestorName a X500Principal representing the requestor name.
-     */
-    public OCSPReqBuilder setRequestorName(
-        X500Name requestorName)
-    {
-        this.requestorName = new GeneralName(GeneralName.directoryName, requestorName);
-
-        return this;
-    }
-
-    public OCSPReqBuilder setRequestorName(
-        GeneralName         requestorName)
-    {
-        this.requestorName = requestorName;
-
-        return this;
-    }
-    
-    public OCSPReqBuilder setRequestExtensions(
-        X509Extensions      requestExtensions)
-    {
-        this.requestExtensions = requestExtensions;
-
-        return this;
-    }
-
-    private OCSPReq generateRequest(
-        ContentSigner           contentSigner,
-        X509CertificateHolder[] chain)
-        throws OCSPException
-    {
-        Iterator    it = list.iterator();
-
-        ASN1EncodableVector requests = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            try
-            {
-                requests.add(((RequestObject)it.next()).toRequest());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception creating Request", e);
-            }
-        }
-
-        TBSRequest  tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
-
-        Signature               signature = null;
-
-        if (contentSigner != null)
-        {
-            if (requestorName == null)
-            {
-                throw new OCSPException("requestorName must be specified if request is signed.");
-            }
-
-            try
-            {
-                OutputStream sOut = contentSigner.getOutputStream();
-
-                sOut.write(tbsReq.getDEREncoded());
-
-                sOut.close();
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception processing TBSRequest: " + e, e);
-            }
-
-            DERBitString    bitSig = new DERBitString(contentSigner.getSignature());
-
-            AlgorithmIdentifier sigAlgId = contentSigner.getAlgorithmIdentifier();
-
-            if (chain != null && chain.length > 0)
-            {
-                ASN1EncodableVector v = new ASN1EncodableVector();
-
-                for (int i = 0; i != chain.length; i++)
-                {
-                    v.add(chain[i].toASN1Structure());
-                }
-
-                signature = new Signature(sigAlgId, bitSig, new DERSequence(v));
-            }
-            else
-            {
-                signature = new Signature(sigAlgId, bitSig);
-            }
-        }
-
-        return new OCSPReq(new OCSPRequest(tbsReq, signature));
-    }
-    
-    /**
-     * Generate an unsigned request
-     * 
-     * @return the OCSPReq
-     * @throws org.bouncycastle.ocsp.OCSPException
-     */
-    public OCSPReq build()
-        throws OCSPException
-    {
-        return generateRequest(null, null);
-    }
-
-    public OCSPReq build(
-        ContentSigner             signer,
-        X509CertificateHolder[]   chain)
-        throws OCSPException, IllegalArgumentException
-    {
-        if (signer == null)
-        {
-            throw new IllegalArgumentException("no signer specified");
-        }
-
-        return generateRequest(signer, chain);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPResp.java
deleted file mode 100644
index cbfe78a20..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPResp.java
+++ /dev/null
@@ -1,109 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.asn1.ocsp.ResponseBytes;
-import org.bouncycastle.cert.CertIOException;
-
-public class OCSPResp
-{
-    private OCSPResponse    resp;
-
-    public OCSPResp(
-        OCSPResponse    resp)
-    {
-        this.resp = resp;
-    }
-
-    public OCSPResp(
-        byte[]          resp)
-        throws IOException
-    {
-        this(new ASN1InputStream(resp));
-    }
-
-    private OCSPResp(
-        ASN1InputStream aIn)
-        throws IOException
-    {
-        try
-        {
-            this.resp = OCSPResponse.getInstance(aIn.readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CertIOException("malformed response: " + e.getMessage(), e);
-        }
-        catch (ClassCastException e)
-        {
-            throw new CertIOException("malformed response: " + e.getMessage(), e);
-        }
-    }
-
-    public int getStatus()
-    {
-        return this.resp.getResponseStatus().getValue().intValue();
-    }
-
-    public Object getResponseObject()
-        throws OCSPException
-    {
-        ResponseBytes   rb = this.resp.getResponseBytes();
-
-        if (rb == null)
-        {
-            return null;
-        }
-
-        if (rb.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic))
-        {
-            try
-            {
-                ASN1Object obj = ASN1Object.fromByteArray(rb.getResponse().getOctets());
-                return new BasicOCSPResp(BasicOCSPResponse.getInstance(obj));
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("problem decoding object: " + e, e);
-            }
-        }
-
-        return rb.getResponse();
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-    	return resp.getEncoded();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-        
-        if (!(o instanceof OCSPResp))
-        {
-            return false;
-        }
-        
-        OCSPResp r = (OCSPResp)o;
-        
-        return resp.equals(r.resp);
-    }
-    
-    public int hashCode()
-    {
-        return resp.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPRespBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPRespBuilder.java
deleted file mode 100644
index c372ebff6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPRespBuilder.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
-import org.bouncycastle.asn1.ocsp.ResponseBytes;
-
-/**
- * base generator for an OCSP response - at the moment this only supports the
- * generation of responses containing BasicOCSP responses.
- */
-public class OCSPRespBuilder
-{
-    public static final int SUCCESSFUL = 0;  // Response has valid confirmations
-    public static final int MALFORMED_REQUEST = 1;  // Illegal confirmation request
-    public static final int INTERNAL_ERROR = 2;  // Internal error in issuer
-    public static final int TRY_LATER = 3;  // Try again later
-    // (4) is not used
-    public static final int SIG_REQUIRED = 5;  // Must sign the request
-    public static final int UNAUTHORIZED = 6;  // Request unauthorized
-
-    public OCSPResp build(
-        int status,
-        Object response)
-        throws OCSPException
-    {
-        if (response == null)
-        {
-            return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(status), null));
-        }
-
-        if (response instanceof BasicOCSPResp)
-        {
-            BasicOCSPResp r = (BasicOCSPResp)response;
-            ASN1OctetString octs;
-
-            try
-            {
-                octs = new DEROctetString(r.getEncoded());
-            }
-            catch (IOException e)
-            {
-                throw new OCSPException("can't encode object.", e);
-            }
-
-            ResponseBytes rb = new ResponseBytes(
-                OCSPObjectIdentifiers.id_pkix_ocsp_basic, octs);
-
-            return new OCSPResp(new OCSPResponse(
-                new OCSPResponseStatus(status), rb));
-        }
-
-        throw new OCSPException("unknown response object");
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPUtils.java
deleted file mode 100644
index dd9167a03..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/OCSPUtils.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cert.X509CertificateHolder;
-
-class OCSPUtils
-{
-    static final X509CertificateHolder[] EMPTY_CERTS = new X509CertificateHolder[0];
-
-    static Set EMPTY_SET = Collections.unmodifiableSet(new HashSet());
-    static List EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
-
-    static Date extractDate(DERGeneralizedTime time)
-    {
-        try
-        {
-            return time.getDate();
-        }
-        catch (Exception e)
-        {
-            throw new IllegalStateException("exception processing GeneralizedTime: " + e.getMessage());
-        }
-    }
-
-    static Set getCriticalExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_SET;
-        }
-
-        return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getCriticalExtensionOIDs())));
-    }
-
-    static Set getNonCriticalExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_SET;
-        }
-
-        // TODO: should probably produce a set that imposes correct ordering
-        return Collections.unmodifiableSet(new HashSet(Arrays.asList(extensions.getNonCriticalExtensionOIDs())));
-    }
-
-    static List getExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_LIST;
-        }
-
-        return Collections.unmodifiableList(Arrays.asList(extensions.getExtensionOIDs()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/Req.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/Req.java
deleted file mode 100644
index bb64dc3ec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/Req.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class Req
-{
-    private Request req;
-
-    public Req(
-        Request req)
-    {
-        this.req = req;
-    }
-
-    public CertificateID getCertID()
-    {
-        return new CertificateID(req.getReqCert());
-    }
-
-    public X509Extensions getSingleRequestExtensions()
-    {
-        return req.getSingleRequestExtensions();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespData.java
deleted file mode 100644
index b64f828b5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespData.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class RespData
-{
-    private ResponseData    data;
-
-    public RespData(
-        ResponseData    data)
-    {
-        this.data = data;
-    }
-
-    public int getVersion()
-    {
-        return data.getVersion().getValue().intValue() + 1;
-    }
-
-    public RespID getResponderId()
-    {
-        return new RespID(data.getResponderID());
-    }
-
-    public Date getProducedAt()
-    {
-        return OCSPUtils.extractDate(data.getProducedAt());
-    }
-
-    public SingleResp[] getResponses()
-    {
-        ASN1Sequence    s = data.getResponses();
-        SingleResp[]    rs = new SingleResp[s.size()];
-
-        for (int i = 0; i != rs.length; i++)
-        {
-            rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i)));
-        }
-
-        return rs;
-    }
-
-    public X509Extensions getResponseExtensions()
-    {
-        return data.getResponseExtensions();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespID.java
deleted file mode 100644
index 4322ab5b8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RespID.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.ResponderID;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.DigestCalculator;
-
-/**
- * Carrier for a ResponderID.
- */
-public class RespID
-{
-    public static final AlgorithmIdentifier HASH_SHA1 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
-
-    ResponderID id;
-
-    public RespID(
-        ResponderID id)
-    {
-        this.id = id;
-    }
-
-    public RespID(
-        X500Name name)
-    {
-        this.id = new ResponderID(name);
-    }
-
-    /**
-     * Calculate a RespID based on the public key of the responder.
-     *
-     * @param subjectPublicKeyInfo the info structure for the responder public key.
-     * @param digCalc a SHA-1 digest calculator.
-     * @throws OCSPException on exception creating ID.
-     */
-    public RespID(
-        SubjectPublicKeyInfo     subjectPublicKeyInfo,
-        DigestCalculator         digCalc)
-        throws OCSPException
-    {
-        try
-        {
-            if (!digCalc.getAlgorithmIdentifier().equals(HASH_SHA1))
-            {
-                throw new IllegalArgumentException("only SHA-1 can be used with RespID");
-            }
-
-            OutputStream     digOut = digCalc.getOutputStream();
-
-            digOut.write(subjectPublicKeyInfo.getPublicKeyData().getBytes());
-            digOut.close();
-
-            this.id = new ResponderID(new DEROctetString(digCalc.getDigest()));
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("problem creating ID: " + e, e);
-        }
-    }
-
-    public ResponderID toASN1Object()
-    {
-        return id;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof RespID))
-        {
-            return false;
-        }
-
-        RespID obj = (RespID)o;
-
-        return id.equals(obj.id);
-    }
-
-    public int hashCode()
-    {
-        return id.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RevokedStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RevokedStatus.java
deleted file mode 100644
index 667cfdeca..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/RevokedStatus.java
+++ /dev/null
@@ -1,55 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.util.Date;
-
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.x509.CRLReason;
-
-/**
- * wrapper for the RevokedInfo object
- */
-public class RevokedStatus
-    implements CertificateStatus
-{
-    RevokedInfo info;
-
-    public RevokedStatus(
-        RevokedInfo info)
-    {
-        this.info = info;
-    }
-    
-    public RevokedStatus(
-        Date        revocationDate,
-        int         reason)
-    {
-        this.info = new RevokedInfo(new DERGeneralizedTime(revocationDate), new CRLReason(reason));
-    }
-
-    public Date getRevocationTime()
-    {
-        return OCSPUtils.extractDate(info.getRevocationTime());
-    }
-
-    public boolean hasRevocationReason()
-    {
-        return (info.getRevocationReason() != null);
-    }
-
-    /**
-     * return the revocation reason. Note: this field is optional, test for it
-     * with hasRevocationReason() first.
-     * @return the revocation reason value.
-     * @exception IllegalStateException if a reason is asked for and none is avaliable
-     */
-    public int getRevocationReason()
-    {
-        if (info.getRevocationReason() == null)
-        {
-            throw new IllegalStateException("attempt to get a reason where none is available");
-        }
-
-        return info.getRevocationReason().getValue().intValue();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/SingleResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/SingleResp.java
deleted file mode 100644
index dbb2a523f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/SingleResp.java
+++ /dev/null
@@ -1,102 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.CertStatus;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class SingleResp
-{
-    private SingleResponse  resp;
-    private X509Extensions extensions;
-
-    public SingleResp(
-        SingleResponse  resp)
-    {
-        this.resp = resp;
-        this.extensions = resp.getSingleExtensions();
-    }
-
-    public CertificateID getCertID()
-    {
-        return new CertificateID(resp.getCertID());
-    }
-
-    /**
-     * Return the status object for the response - null indicates good.
-     * 
-     * @return the status object for the response, null if it is good.
-     */
-    public CertificateStatus getCertStatus()
-    {
-        CertStatus  s = resp.getCertStatus();
-
-        if (s.getTagNo() == 0)
-        {
-            return null;            // good
-        }
-        else if (s.getTagNo() == 1)
-        {
-            return new RevokedStatus(RevokedInfo.getInstance(s.getStatus()));
-        }
-
-        return new UnknownStatus();
-    }
-
-    public Date getThisUpdate()
-    {
-        return OCSPUtils.extractDate(resp.getThisUpdate());
-    }
-
-    /**
-     * return the NextUpdate value - note: this is an optional field so may
-     * be returned as null.
-     *
-     * @return nextUpdate, or null if not present.
-     */
-    public Date getNextUpdate()
-    {
-        if (resp.getNextUpdate() == null)
-        {
-            return null;
-        }
-
-        return OCSPUtils.extractDate(resp.getNextUpdate());
-    }
-
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    public List getExtensionOIDs()
-    {
-        return OCSPUtils.getExtensionOIDs(extensions);
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return OCSPUtils.getCriticalExtensionOIDs(extensions);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return OCSPUtils.getNonCriticalExtensionOIDs(extensions);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/UnknownStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/UnknownStatus.java
deleted file mode 100644
index 8d60e2ba1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/UnknownStatus.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.cert.ocsp;
-
-/**
- * wrapper for the UnknownInfo object
- */
-public class UnknownStatus
-    implements CertificateStatus
-{
-    public UnknownStatus()
-    {
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaBasicOCSPRespBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaBasicOCSPRespBuilder.java
deleted file mode 100644
index 94bf52f08..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaBasicOCSPRespBuilder.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.cert.ocsp.jcajce;
-
-import java.security.PublicKey;
-
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
-import org.bouncycastle.cert.ocsp.OCSPException;
-import org.bouncycastle.operator.DigestCalculator;
-
-public class JcaBasicOCSPRespBuilder
-    extends BasicOCSPRespBuilder
-{
-    public JcaBasicOCSPRespBuilder(PublicKey key, DigestCalculator digCalc)
-        throws OCSPException
-    {
-        super(SubjectPublicKeyInfo.getInstance(key.getEncoded()), digCalc);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaCertificateID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaCertificateID.java
deleted file mode 100644
index 446b38bb2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaCertificateID.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.cert.ocsp.jcajce;
-
-import java.math.BigInteger;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cert.ocsp.CertificateID;
-import org.bouncycastle.cert.ocsp.OCSPException;
-import org.bouncycastle.operator.DigestCalculator;
-
-public class JcaCertificateID
-    extends CertificateID
-{
-    public JcaCertificateID(DigestCalculator digestCalculator, X509Certificate issuerCert, BigInteger number)
-        throws OCSPException, CertificateEncodingException
-    {
-        super(digestCalculator, new JcaX509CertificateHolder(issuerCert), number);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaRespID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaRespID.java
deleted file mode 100644
index 8bc9edbd1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/JcaRespID.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cert.ocsp.jcajce;
-
-import java.security.PublicKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.ocsp.OCSPException;
-import org.bouncycastle.cert.ocsp.RespID;
-import org.bouncycastle.operator.DigestCalculator;
-
-public class JcaRespID
-    extends RespID
-{
-    public JcaRespID(X500Principal name)
-    {
-        super(X500Name.getInstance(name.getEncoded()));
-    }
-
-    public JcaRespID(PublicKey pubKey, DigestCalculator digCalc)
-        throws OCSPException
-    {
-        super(SubjectPublicKeyInfo.getInstance(pubKey.getEncoded()), digCalc);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/package.html
deleted file mode 100644
index cfe87f22a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/jcajce/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-JCA extensions to the OCSP online certificate status package.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/package.html
deleted file mode 100644
index 234cb327e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/ocsp/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-Basic support package for handling and creating OCSP (RFC 2560) online certificate status requests.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/package.html
deleted file mode 100644
index 1b2a30530..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Basic support package for handling and creating X.509 certificates, CRLs, and attribute certificates.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelector.java
deleted file mode 100644
index a673072ad..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelector.java
+++ /dev/null
@@ -1,269 +0,0 @@
-package org.bouncycastle.cert.selector;
-
-import java.math.BigInteger;
-import java.util.Collection;
-import java.util.Date;
-
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.Target;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.asn1.x509.Targets;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.AttributeCertificateHolder;
-import org.bouncycastle.cert.AttributeCertificateIssuer;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.util.Selector;
-
-/**
- * This class is an Selector like implementation to select
- * attribute certificates from a given set of criteria.
- */
-public class X509AttributeCertificateSelector
-    implements Selector
-{
-
-    // TODO: name constraints???
-
-    private final AttributeCertificateHolder holder;
-
-    private final AttributeCertificateIssuer issuer;
-
-    private final BigInteger serialNumber;
-
-    private final Date attributeCertificateValid;
-
-    private final X509AttributeCertificateHolder attributeCert;
-
-    private final Collection targetNames;
-
-    private final Collection targetGroups;
-
-    X509AttributeCertificateSelector(
-        AttributeCertificateHolder holder,
-        AttributeCertificateIssuer issuer,
-        BigInteger                 serialNumber,
-        Date                       attributeCertificateValid,
-        X509AttributeCertificateHolder attributeCert,
-        Collection                 targetNames,
-        Collection                 targetGroups)
-    {
-        this.holder = holder;
-        this.issuer = issuer;
-        this.serialNumber = serialNumber;
-        this.attributeCertificateValid = attributeCertificateValid;
-        this.attributeCert = attributeCert;
-        this.targetNames = targetNames;
-        this.targetGroups = targetGroups;
-    }
-
-    /**
-     * Decides if the given attribute certificate should be selected.
-     *
-     * @param obj The X509AttributeCertificateHolder which should be checked.
-     * @return true if the attribute certificate is a match
-     *         false otherwise.
-     */
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509AttributeCertificateHolder))
-        {
-            return false;
-        }
-
-        X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder)obj;
-
-        if (this.attributeCert != null)
-        {
-            if (!this.attributeCert.equals(attrCert))
-            {
-                return false;
-            }
-        }
-        if (serialNumber != null)
-        {
-            if (!attrCert.getSerialNumber().equals(serialNumber))
-            {
-                return false;
-            }
-        }
-        if (holder != null)
-        {
-            if (!attrCert.getHolder().equals(holder))
-            {
-                return false;
-            }
-        }
-        if (issuer != null)
-        {
-            if (!attrCert.getIssuer().equals(issuer))
-            {
-                return false;
-            }
-        }
-
-        if (attributeCertificateValid != null)
-        {
-            if (!attrCert.isValidOn(attributeCertificateValid))
-            {
-                return false;
-            }
-        }
-        if (!targetNames.isEmpty() || !targetGroups.isEmpty())
-        {
-
-            X509Extension targetInfoExt = attrCert.getExtension(X509Extension.targetInformation);
-            if (targetInfoExt != null)
-            {
-                TargetInformation targetinfo;
-                try
-                {
-                    targetinfo = TargetInformation.getInstance(targetInfoExt.getParsedValue());
-                }
-                catch (IllegalArgumentException e)
-                {
-                    return false;
-                }
-                Targets[] targetss = targetinfo.getTargetsObjects();
-                if (!targetNames.isEmpty())
-                {
-                    boolean found = false;
-
-                    for (int i=0; i
-     * The returned collection is immutable.
-     *
-     * @return The collection of target names
-     */
-    public Collection getTargetNames()
-    {
-        return targetNames;
-    }
-
-    /**
-     * Gets the target groups. The collection consists of GeneralName objects.
-     * 

-     * The returned collection is immutable.
-     *
-     * @return The collection of target groups.
-     */
-    public Collection getTargetGroups()
-    {
-        return targetGroups;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelectorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelectorBuilder.java
deleted file mode 100644
index 6a64e85d8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cert/selector/X509AttributeCertificateSelectorBuilder.java
+++ /dev/null
@@ -1,194 +0,0 @@
-package org.bouncycastle.cert.selector;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.AttributeCertificateHolder;
-import org.bouncycastle.cert.AttributeCertificateIssuer;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-
-/**
- * This class builds selectors according to the set criteria.
- */
-public class X509AttributeCertificateSelectorBuilder
-{
-
-    // TODO: name constraints???
-
-    private AttributeCertificateHolder holder;
-
-    private AttributeCertificateIssuer issuer;
-
-    private BigInteger serialNumber;
-
-    private Date attributeCertificateValid;
-
-    private X509AttributeCertificateHolder attributeCert;
-
-    private Collection targetNames = new HashSet();
-
-    private Collection targetGroups = new HashSet();
-
-    public X509AttributeCertificateSelectorBuilder()
-    {
-    }
-
-    /**
-     * Set the attribute certificate to be matched. If null is
-     * given any will do.
-     *
-     * @param attributeCert The attribute certificate holder to set.
-     */
-    public void setAttributeCert(X509AttributeCertificateHolder attributeCert)
-    {
-        this.attributeCert = attributeCert;
-    }
-
-    /**
-     * Set the time, when the certificate must be valid. If null
-     * is given any will do.
-     *
-     * @param attributeCertificateValid The attribute certificate validation
-     *            time to set.
-     */
-    public void setAttributeCertificateValid(Date attributeCertificateValid)
-    {
-        if (attributeCertificateValid != null)
-        {
-            this.attributeCertificateValid = new Date(attributeCertificateValid
-                .getTime());
-        }
-        else
-        {
-            this.attributeCertificateValid = null;
-        }
-    }
-
-    /**
-     * Sets the holder. If null is given any will do.
-     *
-     * @param holder The holder to set.
-     */
-    public void setHolder(AttributeCertificateHolder holder)
-    {
-        this.holder = holder;
-    }
-
-    /**
-     * Sets the issuer the attribute certificate must have. If null
-     * is given any will do.
-     *
-     * @param issuer The issuer to set.
-     */
-    public void setIssuer(AttributeCertificateIssuer issuer)
-    {
-        this.issuer = issuer;
-    }
-
-    /**
-     * Sets the serial number the attribute certificate must have. If
-     * null is given any will do.
-     *
-     * @param serialNumber The serialNumber to set.
-     */
-    public void setSerialNumber(BigInteger serialNumber)
-    {
-        this.serialNumber = serialNumber;
-    }
-
-    /**
-     * Adds a target name criterion for the attribute certificate to the target
-     * information extension criteria. The X509AttributeCertificateHolder
-     * must contain at least one of the specified target names.
-     * 

-     * Each attribute certificate may contain a target information extension
-     * limiting the servers where this attribute certificate can be used. If
-     * this extension is not present, the attribute certificate is not targeted
-     * and may be accepted by any server.
-     *
-     * @param name The name as a GeneralName (not null)
-     */
-    public void addTargetName(GeneralName name)
-    {
-        targetNames.add(name);
-    }
-
-    /**
-     * Adds a collection with target names criteria. If null is
-     * given any will do.
-     * 

-     * The collection consists of either GeneralName objects or byte[] arrays representing
-     * DER encoded GeneralName structures.
-     *
-     * @param names A collection of target names.
-     * @throws java.io.IOException if a parsing error occurs.
-     * @see #addTargetName(org.bouncycastle.asn1.x509.GeneralName)
-     */
-    public void setTargetNames(Collection names) throws IOException
-    {
-        targetNames = extractGeneralNames(names);
-    }
-
-    /**
-     * Adds a target group criterion for the attribute certificate to the target
-     * information extension criteria. The X509AttributeCertificateHolder
-     * must contain at least one of the specified target groups.
-     * 

-     * Each attribute certificate may contain a target information extension
-     * limiting the servers where this attribute certificate can be used. If
-     * this extension is not present, the attribute certificate is not targeted
-     * and may be accepted by any server.
-     *
-     * @param group The group as GeneralName form (not null)
-     */
-    public void addTargetGroup(GeneralName group)
-    {
-        targetGroups.add(group);
-    }
-
-    /**
-     * Adds a collection with target groups criteria. If null is
-     * given any will do.
-     * 

-     * The collection consists of GeneralName objects or byte[]
-
-
-Specialised Selector classes for certificates, CRLs, and attribute certificates.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java
deleted file mode 100644
index a17325bd3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.ASN1Set;
-
-interface AuthAttributesProvider
-{
-    ASN1Set getAuthAttributes();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/BaseDigestCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/BaseDigestCalculator.java
deleted file mode 100644
index b8178317f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/BaseDigestCalculator.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.util.Arrays;
-
-class BaseDigestCalculator
-    implements IntDigestCalculator
-{
-    private final byte[] digest;
-
-    BaseDigestCalculator(byte[] digest)
-    {
-        this.digest = digest;
-    }
-
-    public byte[] getDigest()
-    {
-        return Arrays.clone(digest);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java
deleted file mode 100644
index 9e9eb47a2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-
-/**
- * a holding class for a byte array of data to be processed.
- */
-public class CMSAbsentContent
-    implements CMSTypedData, CMSReadable
-{
-    private final ASN1ObjectIdentifier type;
-
-    public CMSAbsentContent()
-    {
-        this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()));
-    }
-
-    public CMSAbsentContent(
-        ASN1ObjectIdentifier type)
-    {
-        this.type = type;
-    }
-
-    public InputStream getInputStream()
-    {
-        return null;
-    }
-
-    public void write(OutputStream zOut)
-        throws IOException, CMSException
-    {
-        // do nothing
-    }
-
-    public Object getContent()
-    {
-        return null;
-    }
-
-    public ASN1ObjectIdentifier getContentType()
-    {
-        return type;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java
deleted file mode 100644
index 4014ede81..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-
-public class CMSAlgorithm
-{
-    public static final ASN1ObjectIdentifier  DES_EDE3_CBC    = PKCSObjectIdentifiers.des_EDE3_CBC;
-    public static final ASN1ObjectIdentifier  RC2_CBC         = PKCSObjectIdentifiers.RC2_CBC;
-    public static final ASN1ObjectIdentifier  IDEA_CBC        = new ASN1ObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2");
-    public static final ASN1ObjectIdentifier  CAST5_CBC       = new ASN1ObjectIdentifier("1.2.840.113533.7.66.10");
-    public static final ASN1ObjectIdentifier  AES128_CBC      = NISTObjectIdentifiers.id_aes128_CBC;
-    public static final ASN1ObjectIdentifier  AES192_CBC      = NISTObjectIdentifiers.id_aes192_CBC;
-    public static final ASN1ObjectIdentifier  AES256_CBC      = NISTObjectIdentifiers.id_aes256_CBC;
-    public static final ASN1ObjectIdentifier  CAMELLIA128_CBC = NTTObjectIdentifiers.id_camellia128_cbc;
-    public static final ASN1ObjectIdentifier  CAMELLIA192_CBC = NTTObjectIdentifiers.id_camellia192_cbc;
-    public static final ASN1ObjectIdentifier  CAMELLIA256_CBC = NTTObjectIdentifiers.id_camellia256_cbc;
-    public static final ASN1ObjectIdentifier  SEED_CBC        = KISAObjectIdentifiers.id_seedCBC;
-
-    public static final ASN1ObjectIdentifier  DES_EDE3_WRAP   = PKCSObjectIdentifiers.id_alg_CMS3DESwrap;
-    public static final ASN1ObjectIdentifier  AES128_WRAP     = NISTObjectIdentifiers.id_aes128_wrap;
-    public static final ASN1ObjectIdentifier  AES192_WRAP     = NISTObjectIdentifiers.id_aes192_wrap;
-    public static final ASN1ObjectIdentifier  AES256_WRAP     = NISTObjectIdentifiers.id_aes256_wrap;
-    public static final ASN1ObjectIdentifier  CAMELLIA128_WRAP = NTTObjectIdentifiers.id_camellia128_wrap;
-    public static final ASN1ObjectIdentifier  CAMELLIA192_WRAP = NTTObjectIdentifiers.id_camellia192_wrap;
-    public static final ASN1ObjectIdentifier  CAMELLIA256_WRAP = NTTObjectIdentifiers.id_camellia256_wrap;
-    public static final ASN1ObjectIdentifier  SEED_WRAP       = KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap;
-
-    public static final ASN1ObjectIdentifier  ECDH_SHA1KDF    = X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme;
-    public static final ASN1ObjectIdentifier  ECMQV_SHA1KDF   = X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme;
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java
deleted file mode 100644
index e3cab8a58..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.cms;
-
-public class CMSAttributeTableGenerationException
-    extends CMSRuntimeException
-{
-    Exception   e;
-
-    public CMSAttributeTableGenerationException(
-        String name)
-    {
-        super(name);
-    }
-
-    public CMSAttributeTableGenerationException(
-        String name,
-        Exception e)
-    {
-        super(name);
-
-        this.e = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return e;
-    }
-    
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java
deleted file mode 100644
index 528c738bc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.cms.AttributeTable;
-
-import java.util.Map;
-
-/**
- * Note: The SIGNATURE parameter is only available when generating unsigned attributes.
- */
-public interface CMSAttributeTableGenerator
-{
-    static final String CONTENT_TYPE = "contentType";
-    static final String DIGEST = "digest";
-    static final String SIGNATURE = "encryptedDigest";
-    static final String DIGEST_ALGORITHM_IDENTIFIER = "digestAlgID";
-
-    AttributeTable getAttributes(Map parameters)
-        throws CMSAttributeTableGenerationException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java
deleted file mode 100644
index 46f931147..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.Provider;
-
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.cms.AuthEnvelopedData;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.EncryptedContentInfo;
-import org.bouncycastle.asn1.cms.OriginatorInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * containing class for an CMS AuthEnveloped Data object
- */
-class CMSAuthEnvelopedData
-{
-    RecipientInformationStore recipientInfoStore;
-    ContentInfo contentInfo;
-
-    private OriginatorInfo      originator;
-    private AlgorithmIdentifier authEncAlg;
-    private ASN1Set             authAttrs;
-    private byte[]              mac;
-    private ASN1Set             unauthAttrs;
-
-    public CMSAuthEnvelopedData(byte[] authEnvData) throws CMSException
-    {
-        this(CMSUtils.readContentInfo(authEnvData));
-    }
-
-    public CMSAuthEnvelopedData(InputStream authEnvData) throws CMSException
-    {
-        this(CMSUtils.readContentInfo(authEnvData));
-    }
-
-    public CMSAuthEnvelopedData(ContentInfo contentInfo) throws CMSException
-    {
-        this.contentInfo = contentInfo;
-
-        AuthEnvelopedData authEnvData = AuthEnvelopedData.getInstance(contentInfo.getContent());
-
-        this.originator = authEnvData.getOriginatorInfo();
-
-        //
-        // read the recipients
-        //
-        ASN1Set recipientInfos = authEnvData.getRecipientInfos();
-
-        //
-        // read the auth-encrypted content info
-        //
-        EncryptedContentInfo authEncInfo = authEnvData.getAuthEncryptedContentInfo();
-        this.authEncAlg = authEncInfo.getContentEncryptionAlgorithm();
-//        final CMSProcessable processable = new CMSProcessableByteArray(
-//            authEncInfo.getEncryptedContent().getOctets());
-        CMSSecureReadable secureReadable = new CMSSecureReadable()
-        {
-            public AlgorithmIdentifier getAlgorithm()
-            {
-                return CMSAuthEnvelopedData.this.authEncAlg;
-            }
-
-            public Object getCryptoObject()
-            {
-                return null;
-            }
-
-            public CMSReadable getReadable(SecretKey key, Provider provider) throws CMSException
-            {
-                // TODO Create AEAD cipher instance to decrypt and calculate tag ( MAC)
-                throw new CMSException("AuthEnveloped data decryption not yet implemented");
-
-//              RFC 5084 ASN.1 Module
-//                -- Parameters for AlgorithmIdentifier
-//
-//                CCMParameters ::= SEQUENCE {
-//                  aes-nonce         OCTET STRING (SIZE(7..13)),
-//                  aes-ICVlen        AES-CCM-ICVlen DEFAULT 12 }
-//
-//                AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)
-//
-//                GCMParameters ::= SEQUENCE {
-//                  aes-nonce        OCTET STRING, -- recommended size is 12 octets
-//                  aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 }
-//
-//                AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
-            }
-
-            public InputStream getInputStream()
-                throws IOException, CMSException
-            {
-                return null;
-            }
-        };
-
-        //
-        // build the RecipientInformationStore
-        //
-        this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
-            recipientInfos, this.authEncAlg, secureReadable);
-
-        // FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data)
-        this.authAttrs = authEnvData.getAuthAttrs();
-        this.mac = authEnvData.getMac().getOctets();
-        this.unauthAttrs = authEnvData.getUnauthAttrs();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java
deleted file mode 100644
index 906585747..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-
-class CMSAuthEnvelopedGenerator
-{
-    public static final String AES128_CCM = NISTObjectIdentifiers.id_aes128_CCM.getId();
-    public static final String AES192_CCM = NISTObjectIdentifiers.id_aes192_CCM.getId();
-    public static final String AES256_CCM = NISTObjectIdentifiers.id_aes256_CCM.getId();
-    public static final String AES128_GCM = NISTObjectIdentifiers.id_aes128_GCM.getId();
-    public static final String AES192_GCM = NISTObjectIdentifiers.id_aes192_GCM.getId();
-    public static final String AES256_GCM = NISTObjectIdentifiers.id_aes256_GCM.getId();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java
deleted file mode 100644
index ccbd65a22..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java
+++ /dev/null
@@ -1,268 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.AlgorithmParameters;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.AuthenticatedData;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.Arrays;
-
-/**
- * containing class for an CMS Authenticated Data object
- */
-public class CMSAuthenticatedData
-{
-    RecipientInformationStore   recipientInfoStore;
-    ContentInfo                 contentInfo;
-
-    private AlgorithmIdentifier macAlg;
-    private ASN1Set authAttrs;
-    private ASN1Set unauthAttrs;
-    private byte[] mac;
-
-    public CMSAuthenticatedData(
-        byte[]    authData)
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(authData));
-    }
-
-    public CMSAuthenticatedData(
-        byte[]    authData,
-        DigestCalculatorProvider digestCalculatorProvider)
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(authData), digestCalculatorProvider);
-    }
-
-    public CMSAuthenticatedData(
-        InputStream    authData)
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(authData));
-    }
-
-    public CMSAuthenticatedData(
-        InputStream    authData,
-        DigestCalculatorProvider digestCalculatorProvider)
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(authData), digestCalculatorProvider);
-    }
-
-    public CMSAuthenticatedData(
-        ContentInfo contentInfo)
-        throws CMSException
-    {
-        this(contentInfo, null);
-    }
-
-    public CMSAuthenticatedData(
-        ContentInfo contentInfo,
-        DigestCalculatorProvider digestCalculatorProvider)
-        throws CMSException
-    {
-        this.contentInfo = contentInfo;
-
-        AuthenticatedData authData = AuthenticatedData.getInstance(contentInfo.getContent());
-
-        //
-        // read the recipients
-        //
-        ASN1Set recipientInfos = authData.getRecipientInfos();
-
-        this.macAlg = authData.getMacAlgorithm();
-
-
-        this.authAttrs = authData.getAuthAttrs();
-        this.mac = authData.getMac().getOctets();
-        this.unauthAttrs = authData.getUnauthAttrs();
-
-        //
-        // read the authenticated content info
-        //
-        ContentInfo encInfo = authData.getEncapsulatedContentInfo();
-        CMSReadable readable = new CMSProcessableByteArray(
-            ASN1OctetString.getInstance(encInfo.getContent()).getOctets());
-
-        //
-        // build the RecipientInformationStore
-        //
-        if (authAttrs != null)
-        {
-            if (digestCalculatorProvider == null)
-            {
-                throw new CMSException("a digest calculator provider is required if authenticated attributes are present");
-            }
-
-            try
-            {
-                CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable(digestCalculatorProvider.get(authData.getDigestAlgorithm()), readable);
-
-                this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable, new AuthAttributesProvider()
-                {
-                    public ASN1Set getAuthAttributes()
-                    {
-                        return authAttrs;
-                    }
-                });
-            }
-            catch (OperatorCreationException e)
-            {
-                throw new CMSException("unable to create digest calculator: " + e.getMessage(), e);
-            }
-        }
-        else
-        {
-            CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSAuthenticatedSecureReadable(this.macAlg, readable);
-
-            this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable);
-        }
-    }
-
-    public byte[] getMac()
-    {
-        return Arrays.clone(mac);
-    }
-
-    private byte[] encodeObj(
-        DEREncodable    obj)
-        throws IOException
-    {
-        if (obj != null)
-        {
-            return obj.getDERObject().getEncoded();
-        }
-
-        return null;
-    }
-
-    /**
-     * return the object identifier for the content MAC algorithm.
-     */
-    public String getMacAlgOID()
-    {
-        return macAlg.getObjectId().getId();
-    }
-
-    /**
-     * return the ASN.1 encoded MAC algorithm parameters, or null if
-     * there aren't any.
-     */
-    public byte[] getMacAlgParams()
-    {
-        try
-        {
-            return encodeObj(macAlg.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the MAC parameters
-     * used to digest the message content.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     * @throws java.security.NoSuchProviderException if the provider cannot be found.
-     */
-    public AlgorithmParameters getMacAlgorithmParameters(
-        String  provider)
-    throws CMSException, NoSuchProviderException
-    {
-        return getMacAlgorithmParameters(CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the MAC parameters
-     * used to digest the message content.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     */
-    public AlgorithmParameters getMacAlgorithmParameters(
-        Provider provider)
-    throws CMSException
-    {
-        return CMSEnvelopedHelper.INSTANCE.getEncryptionAlgorithmParameters(getMacAlgOID(), getMacAlgParams(), provider);
-    }
-
-    /**
-     * return a store of the intended recipients for this message
-     */
-    public RecipientInformationStore getRecipientInfos()
-    {
-        return recipientInfoStore;
-    }
-
-    /**
-     * return the ContentInfo
-     */
-    public ContentInfo getContentInfo()
-    {
-        return contentInfo;
-    }
-
-    /**
-     * return a table of the digested attributes indexed by
-     * the OID of the attribute.
-     */
-    public AttributeTable getAuthAttrs()
-    {
-        if (authAttrs == null)
-        {
-            return null;
-        }
-
-        return new AttributeTable(authAttrs);
-    }
-
-    /**
-     * return a table of the undigested attributes indexed by
-     * the OID of the attribute.
-     */
-    public AttributeTable getUnauthAttrs()
-    {
-        if (unauthAttrs == null)
-        {
-            return null;
-        }
-
-        return new AttributeTable(unauthAttrs);
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return contentInfo.getEncoded();
-    }
-
-    public byte[] getContentDigest()
-    {
-        if (authAttrs != null)
-        {
-            return ASN1OctetString.getInstance(getAuthAttrs().get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0)).getOctets();
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java
deleted file mode 100644
index 5b01c6d03..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java
+++ /dev/null
@@ -1,340 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.BERSet;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.AuthenticatedData;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.io.TeeOutputStream;
-
-/**
- * General class for generating a CMS authenticated-data message.
- *
- * A simple example of usage.
- *
- * 
- *      CMSAuthenticatedDataGenerator  fact = new CMSAuthenticatedDataGenerator();
- *
- *      adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC"));
- *
- *      CMSAuthenticatedData         data = fact.generate(new CMSProcessableByteArray(data),
- *                              new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()));
- * 

- */
-public class CMSAuthenticatedDataGenerator
-    extends CMSAuthenticatedGenerator
-{
-    /**
-     * base constructor
-     */
-    public CMSAuthenticatedDataGenerator()
-    {
-    }
-
-    /**
-     * Generate an authenticated data object from the passed in typedData and MacCalculator.
-     *
-     * @param typedData the data to have a MAC attached.
-     * @param macCalculator the calculator of the MAC to be attached.
-     * @return the resulting CMSAuthenticatedData object.
-     * @throws CMSException on failure in encoding data or processing recipients.
-     */
-    public CMSAuthenticatedData generate(CMSTypedData typedData, MacCalculator macCalculator)
-        throws CMSException
-    {
-        return generate(typedData, macCalculator, null);
-    }
-
-    /**
-     * Generate an authenticated data object from the passed in typedData and MacCalculator.
-     *
-     * @param typedData the data to have a MAC attached.
-     * @param macCalculator the calculator of the MAC to be attached.
-     * @param digestCalculator calculator for computing digest of the encapsulated data.
-     * @return the resulting CMSAuthenticatedData object.
-     * @throws CMSException on failure in encoding data or processing recipients.    
-     */
-    public CMSAuthenticatedData generate(CMSTypedData typedData, MacCalculator macCalculator, final DigestCalculator digestCalculator)
-        throws CMSException
-    {
-        ASN1EncodableVector     recipientInfos = new ASN1EncodableVector();
-        ASN1OctetString         encContent;
-        ASN1OctetString         macResult;
-
-        for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(macCalculator.getKey()));
-        }
-
-        AuthenticatedData authData;
-
-        if (digestCalculator != null)
-        {
-            try
-            {
-                ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-                OutputStream out = new TeeOutputStream(digestCalculator.getOutputStream(), bOut);
-
-                typedData.write(out);
-
-                out.close();
-
-                encContent = new BERConstructedOctetString(bOut.toByteArray());
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("unable to perform digest calculation: " + e.getMessage(), e);
-            }
-
-            Map parameters = getBaseParameters(typedData.getContentType(), digestCalculator.getAlgorithmIdentifier(), digestCalculator.getDigest());
-
-            if (authGen == null)
-            {
-                authGen = new DefaultAuthenticatedAttributeTableGenerator();
-            }
-            ASN1Set authed = new DERSet(authGen.getAttributes(Collections.unmodifiableMap(parameters)).toASN1EncodableVector());
-
-            try
-            {
-                OutputStream mOut = macCalculator.getOutputStream();
-
-                mOut.write(authed.getDEREncoded());
-
-                mOut.close();
-
-                macResult = new DEROctetString(macCalculator.getMac());
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("exception decoding algorithm parameters.", e);
-            }
-            ASN1Set unauthed = (unauthGen != null) ? new BERSet(unauthGen.getAttributes(Collections.unmodifiableMap(parameters)).toASN1EncodableVector()) : null;
-
-            ContentInfo  eci = new ContentInfo(
-                            CMSObjectIdentifiers.data,
-                            encContent);
-
-            authData = new AuthenticatedData(null, new DERSet(recipientInfos), macCalculator.getAlgorithmIdentifier(), digestCalculator.getAlgorithmIdentifier(), eci, authed, macResult, unauthed);
-        }
-        else
-        {
-            try
-            {
-                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-                OutputStream mOut = new TeeOutputStream(bOut, macCalculator.getOutputStream());
-
-                typedData.write(mOut);
-
-                mOut.close();
-
-                encContent = new BERConstructedOctetString(bOut.toByteArray());
-
-                macResult = new DEROctetString(macCalculator.getMac());
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("exception decoding algorithm parameters.", e);
-            }
-
-            ASN1Set unauthed = (unauthGen != null) ? new BERSet(unauthGen.getAttributes(Collections.EMPTY_MAP).toASN1EncodableVector()) : null;
-
-            ContentInfo  eci = new ContentInfo(
-                            CMSObjectIdentifiers.data,
-                            encContent);
-
-            authData = new AuthenticatedData(null, new DERSet(recipientInfos), macCalculator.getAlgorithmIdentifier(), null, eci, null, macResult, unauthed);
-        }
-
-        ContentInfo contentInfo = new ContentInfo(
-                CMSObjectIdentifiers.authenticatedData, authData);
-
-        return new CMSAuthenticatedData(contentInfo, new DigestCalculatorProvider()
-        {
-            public DigestCalculator get(AlgorithmIdentifier digestAlgorithmIdentifier)
-                throws OperatorCreationException
-            {
-                return digestCalculator;
-            }
-        });
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     * @deprecated no longer required, use simple constructor.
-     */
-    public CMSAuthenticatedDataGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    /**
-     * generate an authenticated object that contains an CMS Authenticated Data
-     * object using the given provider and the passed in key generator.
-     * @deprecated
-     */
-    private CMSAuthenticatedData generate(
-        CMSProcessable  content,
-        String          macOID,
-        KeyGenerator    keyGen,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        Provider                encProvider = keyGen.getProvider();
-        ASN1EncodableVector     recipientInfos = new ASN1EncodableVector();
-        AlgorithmIdentifier     macAlgId;
-        SecretKey               encKey;
-        ASN1OctetString         encContent;
-        ASN1OctetString         macResult;
-
-        try
-        {
-            Mac mac = CMSEnvelopedHelper.INSTANCE.getMac(macOID, encProvider);
-
-            AlgorithmParameterSpec params;
-
-            encKey = keyGen.generateKey();
-            params = generateParameterSpec(macOID, encKey, encProvider);
-
-            mac.init(encKey, params);
-
-            macAlgId = getAlgorithmIdentifier(macOID, params, encProvider);
-
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            OutputStream mOut = new TeeOutputStream(bOut, new MacOutputStream(mac));
-
-            content.write(mOut);
-
-            mOut.close();
-            bOut.close();
-
-            encContent = new BERConstructedOctetString(bOut.toByteArray());
-
-            macResult = new DEROctetString(mac.doFinal());
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("algorithm parameters invalid.", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception decoding algorithm parameters.", e);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-           throw new CMSException("exception setting up parameters.", e);
-        }
-
-        Iterator it = oldRecipientInfoGenerators.iterator();
-
-        while (it.hasNext())
-        {
-            IntRecipientInfoGenerator recipient = (IntRecipientInfoGenerator)it.next();
-
-            try
-            {
-                recipientInfos.add(recipient.generate(encKey, rand, provider));
-            }
-            catch (InvalidKeyException e)
-            {
-                throw new CMSException("key inappropriate for algorithm.", e);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CMSException("error making encrypted content.", e);
-            }
-        }
-
-        for (it = recipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(new GenericKey(encKey)));
-        }
-
-        ContentInfo  eci = new ContentInfo(
-                CMSObjectIdentifiers.data,
-                encContent);
-
-        ContentInfo contentInfo = new ContentInfo(
-                CMSObjectIdentifiers.authenticatedData,
-                new AuthenticatedData(null, new DERSet(recipientInfos), macAlgId, null, eci, null, macResult, null));
-
-        return new CMSAuthenticatedData(contentInfo);
-    }
-
-    /**
-     * generate an authenticated object that contains an CMS Authenticated Data
-     * object using the given provider.
-     * @deprecated use addRecipientInfoGenerator method.
-     */
-    public CMSAuthenticatedData generate(
-        CMSProcessable  content,
-        String          macOID,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return generate(content, macOID, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * generate an authenticated object that contains an CMS Authenticated Data
-     * object using the given provider
-     * @deprecated use addRecipientInfoGenerator method..
-     */
-    public CMSAuthenticatedData generate(
-        CMSProcessable  content,
-        String          encryptionOID,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(rand);
-
-        return generate(content, encryptionOID, keyGen, provider);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java
deleted file mode 100644
index a4e1552ce..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java
+++ /dev/null
@@ -1,355 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.AlgorithmParameters;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1OctetStringParser;
-import org.bouncycastle.asn1.ASN1SequenceParser;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1SetParser;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTags;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.AuthenticatedDataParser;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.ContentInfoParser;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Parsing class for an CMS Authenticated Data object from an input stream.
- * 

- * Note: that because we are in a streaming mode only one recipient can be tried and it is important
- * that the methods on the parser are called in the appropriate order.
- * 

- * 

- * Example of use - assuming the first recipient matches the private key we have.
- * 
- *      CMSAuthenticatedDataParser     ad = new CMSAuthenticatedDataParser(inputStream);
- *
- *      RecipientInformationStore  recipients = ad.getRecipientInfos();
- *
- *      Collection  c = recipients.getRecipients();
- *      Iterator    it = c.iterator();
- *
- *      if (it.hasNext())
- *      {
- *          RecipientInformation   recipient = (RecipientInformation)it.next();
- *
- *          CMSTypedStream recData = recipient.getContentStream(new JceKeyTransAuthenticatedRecipient(privateKey).setProvider("BC"));
- *
- *          processDataStream(recData.getContentStream());
- *
- *          if (!Arrays.equals(ad.getMac(), recipient.getMac())
- *          {
- *              System.err.println("Data corrupted!!!!");
- *          }
- *      }
- *  

- *  Note: this class does not introduce buffering - if you are processing large files you should create
- *  the parser with:
- *  
- *          CMSAuthenticatedDataParser     ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize));
- *  

- *  where bufSize is a suitably large buffer size.
- */
-public class CMSAuthenticatedDataParser
-    extends CMSContentInfoParser
-{
-    RecipientInformationStore recipientInfoStore;
-    AuthenticatedDataParser authData;
-
-    private AlgorithmIdentifier macAlg;
-    private byte[] mac;
-    private AttributeTable authAttrs;
-    private ASN1Set authAttrSet;
-    private AttributeTable unauthAttrs;
-
-    private boolean authAttrNotRead;
-    private boolean unauthAttrNotRead;
-
-    public CMSAuthenticatedDataParser(
-        byte[] envelopedData)
-        throws CMSException, IOException
-    {
-        this(new ByteArrayInputStream(envelopedData));
-    }
-
-    public CMSAuthenticatedDataParser(
-        byte[] envelopedData,
-        DigestCalculatorProvider digestCalculatorProvider)
-        throws CMSException, IOException
-    {
-        this(new ByteArrayInputStream(envelopedData), digestCalculatorProvider);
-    }
-
-    public CMSAuthenticatedDataParser(
-        InputStream envelopedData)
-        throws CMSException, IOException
-    {
-        this(envelopedData, null);
-    }
-
-    public CMSAuthenticatedDataParser(
-        InputStream envelopedData,
-        DigestCalculatorProvider digestCalculatorProvider)
-        throws CMSException, IOException
-    {
-        super(envelopedData);
-
-        this.authAttrNotRead = true;
-        this.authData = new AuthenticatedDataParser((ASN1SequenceParser)_contentInfo.getContent(DERTags.SEQUENCE));
-
-        // TODO Validate version?
-        //DERInteger version = this.authData.getVersion();
-
-        //
-        // read the recipients
-        //
-        ASN1Set recipientInfos = ASN1Set.getInstance(authData.getRecipientInfos().getDERObject());
-
-        this.macAlg = authData.getMacAlgorithm();
-
-        //
-        // build the RecipientInformationStore
-        //
-        AlgorithmIdentifier digestAlgorithm = authData.getDigestAlgorithm();
-
-        if (digestAlgorithm != null)
-        {
-            if (digestCalculatorProvider == null)
-            {
-                throw new CMSException("a digest calculator provider is required if authenticated attributes are present");
-            }
-
-            //
-            // read the authenticated content info
-            //
-            ContentInfoParser data = authData.getEnapsulatedContentInfo();
-            CMSReadable readable = new CMSProcessableInputStream(
-                ((ASN1OctetStringParser)data.getContent(DERTags.OCTET_STRING)).getOctetStream());
-
-            try
-            {
-                CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable(digestCalculatorProvider.get(digestAlgorithm), readable);
-
-                this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable, new AuthAttributesProvider()
-                {
-                    public ASN1Set getAuthAttributes()
-                    {
-                        try
-                        {
-                            return getAuthAttrSet();
-                        }
-                        catch (IOException e)
-                        {
-                            e.printStackTrace();
-                            throw new IllegalStateException("can't parse authenticated attributes!");
-                        }
-                    }
-                });
-            }
-            catch (OperatorCreationException e)
-            {
-                throw new CMSException("unable to create digest calculator: " + e.getMessage(), e);
-            }
-        }
-        else
-        {
-            //
-            // read the authenticated content info
-            //
-            ContentInfoParser data = authData.getEnapsulatedContentInfo();
-            CMSReadable readable = new CMSProcessableInputStream(
-                ((ASN1OctetStringParser)data.getContent(DERTags.OCTET_STRING)).getOctetStream());
-
-            CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSAuthenticatedSecureReadable(this.macAlg, readable);
-
-            this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable);
-        }
-
-
-    }
-
-    /**
-     * return the object identifier for the mac algorithm.
-     */
-    public String getMacAlgOID()
-    {
-        return macAlg.getObjectId().toString();
-    }
-
-    /**
-     * return the ASN.1 encoded encryption algorithm parameters, or null if
-     * there aren't any.
-     */
-    public byte[] getMacAlgParams()
-    {
-        try
-        {
-            return encodeObj(macAlg.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the message content.
-     *
-     * @param provider the name of the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     * @throws java.security.NoSuchProviderException if the provider cannot be found.
-     */
-    public AlgorithmParameters getMacAlgorithmParameters(
-        String provider)
-        throws CMSException, NoSuchProviderException
-    {
-        return getMacAlgorithmParameters(CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the message content.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     */
-    public AlgorithmParameters getMacAlgorithmParameters(
-        Provider provider)
-        throws CMSException
-    {
-        return CMSEnvelopedHelper.INSTANCE.getEncryptionAlgorithmParameters(getMacAlgOID(), getMacAlgParams(), provider);
-    }
-
-    /**
-     * return a store of the intended recipients for this message
-     */
-    public RecipientInformationStore getRecipientInfos()
-    {
-        return recipientInfoStore;
-    }
-
-    public byte[] getMac()
-        throws IOException
-    {
-        if (mac == null)
-        {
-            getAuthAttrs();
-            mac = authData.getMac().getOctets();
-        }
-        return Arrays.clone(mac);
-    }
-
-    private ASN1Set getAuthAttrSet()
-        throws IOException
-    {
-        if (authAttrs == null && authAttrNotRead)
-        {
-            ASN1SetParser set = authData.getAuthAttrs();
-
-            if (set != null)
-            {
-                authAttrSet = (ASN1Set)set.getDERObject();
-            }
-
-            authAttrNotRead = false;
-        }
-
-        return authAttrSet;
-    }
-
-    /**
-     * return a table of the unauthenticated attributes indexed by
-     * the OID of the attribute.
-     * @exception java.io.IOException
-     */
-    public AttributeTable getAuthAttrs()
-        throws IOException
-    {
-        if (authAttrs == null && authAttrNotRead)
-        {
-            ASN1Set set = getAuthAttrSet();
-
-            if (set != null)
-            {
-                authAttrs = new AttributeTable(set);
-            }
-        }
-
-        return authAttrs;
-    }
-
-    /**
-     * return a table of the unauthenticated attributes indexed by
-     * the OID of the attribute.
-     * @exception java.io.IOException
-     */
-    public AttributeTable getUnauthAttrs()
-        throws IOException
-    {
-        if (unauthAttrs == null && unauthAttrNotRead)
-        {
-            ASN1SetParser set = authData.getUnauthAttrs();
-
-            unauthAttrNotRead = false;
-
-            if (set != null)
-            {
-                ASN1EncodableVector v = new ASN1EncodableVector();
-                DEREncodable o;
-
-                while ((o = set.readObject()) != null)
-                {
-                    ASN1SequenceParser seq = (ASN1SequenceParser)o;
-
-                    v.add(seq.getDERObject());
-                }
-
-                unauthAttrs = new AttributeTable(new DERSet(v));
-            }
-        }
-
-        return unauthAttrs;
-    }
-
-    private byte[] encodeObj(
-        DEREncodable obj)
-        throws IOException
-    {
-        if (obj != null)
-        {
-            return obj.getDERObject().getEncoded();
-        }
-
-        return null;
-    }
-
-    /**
-     * This will only be valid after the content has been read.
-     *
-     * @return the contents of the messageDigest attribute, if available. Null if not present.
-     */
-    public byte[] getContentDigest()
-    {
-        if (authAttrs != null)
-        {
-            return ASN1OctetString.getInstance(authAttrs.get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0)).getOctets();
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java
deleted file mode 100644
index 31ce429ae..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java
+++ /dev/null
@@ -1,595 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERSequenceGenerator;
-import org.bouncycastle.asn1.BERSet;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.cms.AuthenticatedData;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-import org.bouncycastle.util.io.TeeOutputStream;
-
-/**
- * General class for generating a CMS authenticated-data message stream.
- * 

- * A simple example of usage.
- * 
- *      CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator();
- *
- *      edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC"));
- *
- *      ByteArrayOutputStream  bOut = new ByteArrayOutputStream();
- *
- *      OutputStream out = edGen.open(
- *                              bOut, new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC").build());*
- *      out.write(data);
- *
- *      out.close();
- * 

- */
-public class CMSAuthenticatedDataStreamGenerator
-    extends CMSAuthenticatedGenerator
-{
-    // Currently not handled
-//    private Object              _originatorInfo = null;
-//    private Object              _unprotectedAttributes = null;
-    private int bufferSize;
-    private boolean berEncodeRecipientSet;
-    private MacCalculator macCalculator;
-
-    /**
-     * base constructor
-     */
-    public CMSAuthenticatedDataStreamGenerator()
-    {
-    }
-
-    /**
-     * Set the underlying string size for encapsulated data
-     *
-     * @param bufferSize length of octet strings to buffer the data.
-     */
-    public void setBufferSize(
-        int bufferSize)
-    {
-        this.bufferSize = bufferSize;
-    }
-
-    /**
-     * Use a BER Set to store the recipient information. By default recipients are
-     * stored in a DER encoding.
-     *
-     * @param useBerEncodingForRecipients true if a BER set should be used, false if DER.
-     */
-    public void setBEREncodeRecipients(
-        boolean useBerEncodingForRecipients)
-    {
-        berEncodeRecipientSet = useBerEncodingForRecipients;
-    }
-
-    /**
-     * generate an authenticated data structure with the encapsulated bytes marked as DATA.
-     *
-     * @param out the stream to store the authenticated structure in.
-     * @param macCalculator calculator for the MAC to be attached to the data.
-     */
-    public OutputStream open(
-        OutputStream    out,
-        MacCalculator   macCalculator)
-        throws CMSException
-    {
-        return open(CMSObjectIdentifiers.data, out, macCalculator);
-    }
-
-    public OutputStream open(
-        OutputStream    out,
-        MacCalculator   macCalculator,
-        DigestCalculator digestCalculator)
-        throws CMSException
-    {
-        return open(CMSObjectIdentifiers.data, out, macCalculator, digestCalculator);
-    }
-
-    /**
-     * generate an authenticated data structure with the encapsulated bytes marked as type dataType.
-     *
-     * @param dataType the type of the data been written to the object.
-     * @param out the stream to store the authenticated structure in.
-     * @param macCalculator calculator for the MAC to be attached to the data.
-     */
-    public OutputStream open(
-        ASN1ObjectIdentifier dataType,
-        OutputStream         out,
-        MacCalculator        macCalculator)
-        throws CMSException
-    {
-        return open(dataType, out, macCalculator, null);
-    }
-
-    /**
-     * generate an authenticated data structure with the encapsulated bytes marked as type dataType.
-     *
-     * @param dataType the type of the data been written to the object.
-     * @param out the stream to store the authenticated structure in.
-     * @param macCalculator calculator for the MAC to be attached to the data.
-     * @param digestCalculator calculator for computing digest of the encapsulated data.
-     */
-    public OutputStream open(
-        ASN1ObjectIdentifier dataType,
-        OutputStream         out,
-        MacCalculator        macCalculator,
-        DigestCalculator     digestCalculator)
-        throws CMSException
-    {
-        this.macCalculator = macCalculator;
-
-        try
-        {
-            ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
-
-            for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();)
-            {
-                RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-                recipientInfos.add(recipient.generate(macCalculator.getKey()));
-            }
-
-            //
-            // ContentInfo
-            //
-            BERSequenceGenerator cGen = new BERSequenceGenerator(out);
-
-            cGen.addObject(CMSObjectIdentifiers.authenticatedData);
-
-            //
-            // Authenticated Data
-            //
-            BERSequenceGenerator authGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true);
-
-            authGen.addObject(new DERInteger(AuthenticatedData.calculateVersion(null)));
-
-            if (berEncodeRecipientSet)
-            {
-                authGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded());
-            }
-            else
-            {
-                authGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded());
-            }
-
-            AlgorithmIdentifier macAlgId = macCalculator.getAlgorithmIdentifier();
-
-            authGen.getRawOutputStream().write(macAlgId.getEncoded());
-
-            if (digestCalculator != null)
-            {
-                authGen.addObject(new DERTaggedObject(false, 1, digestCalculator.getAlgorithmIdentifier()));
-            }
-            
-            BERSequenceGenerator eiGen = new BERSequenceGenerator(authGen.getRawOutputStream());
-
-            eiGen.addObject(dataType);
-
-            OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-                    eiGen.getRawOutputStream(), 0, false, bufferSize);
-
-            OutputStream mOut;
-
-            if (digestCalculator != null)
-            {
-                mOut = new TeeOutputStream(octetStream, digestCalculator.getOutputStream());
-            }
-            else
-            {
-                mOut = new TeeOutputStream(octetStream, macCalculator.getOutputStream());
-            }
-
-            return new CmsAuthenticatedDataOutputStream(macCalculator, digestCalculator, dataType, mOut, cGen, authGen, eiGen);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception decoding algorithm parameters.", e);
-        }
-    }
-
-    private class CmsAuthenticatedDataOutputStream
-        extends OutputStream
-    {
-        private OutputStream dataStream;
-        private BERSequenceGenerator cGen;
-        private BERSequenceGenerator envGen;
-        private BERSequenceGenerator eiGen;
-        private MacCalculator macCalculator;
-        private DigestCalculator digestCalculator;
-        private ASN1ObjectIdentifier contentType;
-
-        public CmsAuthenticatedDataOutputStream(
-            MacCalculator   macCalculator,
-            DigestCalculator digestCalculator,
-            ASN1ObjectIdentifier contentType,
-            OutputStream dataStream,
-            BERSequenceGenerator cGen,
-            BERSequenceGenerator envGen,
-            BERSequenceGenerator eiGen)
-        {
-            this.macCalculator = macCalculator;
-            this.digestCalculator = digestCalculator;
-            this.contentType = contentType;
-            this.dataStream = dataStream;
-            this.cGen = cGen;
-            this.envGen = envGen;
-            this.eiGen = eiGen;
-        }
-
-        public void write(
-            int b)
-            throws IOException
-        {
-            dataStream.write(b);
-        }
-
-        public void write(
-            byte[] bytes,
-            int    off,
-            int    len)
-            throws IOException
-        {
-            dataStream.write(bytes, off, len);
-        }
-
-        public void write(
-            byte[] bytes)
-            throws IOException
-        {
-            dataStream.write(bytes);
-        }
-
-        public void close()
-            throws IOException
-        {
-            dataStream.close();
-            eiGen.close();
-
-            Map parameters;
-
-            if (digestCalculator != null)
-            {
-                parameters = Collections.unmodifiableMap(getBaseParameters(contentType, digestCalculator.getAlgorithmIdentifier(), digestCalculator.getDigest()));
-
-                if (authGen == null)
-                {
-                    authGen = new DefaultAuthenticatedAttributeTableGenerator();
-                }
-                
-                ASN1Set authed = new DERSet(authGen.getAttributes(parameters).toASN1EncodableVector());
-
-                OutputStream mOut = macCalculator.getOutputStream();
-
-                mOut.write(authed.getDEREncoded());
-
-                mOut.close();
-
-                envGen.addObject(new DERTaggedObject(false, 2, authed));
-            }
-            else
-            {
-                parameters = Collections.unmodifiableMap(new HashMap());                
-            }
-
-            envGen.addObject(new DEROctetString(macCalculator.getMac()));
-
-            if (unauthGen != null)
-            {
-                envGen.addObject(new DERTaggedObject(false, 3, new BERSet(unauthGen.getAttributes(parameters).toASN1EncodableVector())));
-            }
-
-            envGen.close();
-            cGen.close();
-        }
-    }
-
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     * @deprecated no longer of any use, use basic constructor.
-     */
-    public CMSAuthenticatedDataStreamGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    private class OldCmsAuthenticatedDataOutputStream
-        extends OutputStream
-    {
-        private OutputStream dataStream;
-        private Mac mac;
-        private BERSequenceGenerator cGen;
-        private BERSequenceGenerator envGen;
-        private BERSequenceGenerator eiGen;
-
-        public OldCmsAuthenticatedDataOutputStream(
-            OutputStream dataStream,
-            Mac mac,
-            BERSequenceGenerator cGen,
-            BERSequenceGenerator envGen,
-            BERSequenceGenerator eiGen)
-        {
-            this.dataStream = dataStream;
-            this.mac = mac;
-            this.cGen = cGen;
-            this.envGen = envGen;
-            this.eiGen = eiGen;
-        }
-
-        public void write(
-            int b)
-            throws IOException
-        {
-            dataStream.write(b);
-        }
-
-        public void write(
-            byte[] bytes,
-            int    off,
-            int    len)
-            throws IOException
-        {
-            dataStream.write(bytes, off, len);
-        }
-
-        public void write(
-            byte[] bytes)
-            throws IOException
-        {
-            dataStream.write(bytes);
-        }
-
-        public void close()
-            throws IOException
-        {
-            dataStream.close();
-            eiGen.close();
-
-            // [TODO] auth attributes go here
-            envGen.addObject(new DEROctetString(mac.doFinal()));
-            // [TODO] unauth attributes go here
-
-            envGen.close();
-            cGen.close();
-        }
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider and the passed in key generator.
-     * @throws java.io.IOException
-     * @deprecated
-     */
-    private OutputStream open(
-        OutputStream out,
-        String       macOID,
-        KeyGenerator keyGen,
-        Provider     provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        Provider            encProvider = keyGen.getProvider();
-        SecretKey           encKey = keyGen.generateKey();
-        AlgorithmParameterSpec params = generateParameterSpec(macOID, encKey, encProvider);
-
-        Iterator it = oldRecipientInfoGenerators.iterator();
-        ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            IntRecipientInfoGenerator recipient = (IntRecipientInfoGenerator)it.next();
-
-            try
-            {
-                recipientInfos.add(recipient.generate(encKey, rand, provider));
-            }
-            catch (InvalidKeyException e)
-            {
-                throw new CMSException("key inappropriate for algorithm.", e);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CMSException("error making encrypted content.", e);
-            }
-        }
-
-        for (it = recipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(new GenericKey(encKey)));
-        }
-
-        return open(out, macOID, encKey, params, recipientInfos, encProvider);
-    }
-
-    protected OutputStream open(
-        OutputStream        out,
-        String              macOID,
-        SecretKey           encKey,
-        AlgorithmParameterSpec params,
-        ASN1EncodableVector recipientInfos,
-        String              provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return open(out, macOID, encKey, params, recipientInfos, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * @deprecated
-     */
-    protected OutputStream open(
-        OutputStream        out,
-        String              macOID,
-        SecretKey           encKey,
-        AlgorithmParameterSpec params,
-        ASN1EncodableVector recipientInfos,
-        Provider            provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        try
-        {
-            //
-            // ContentInfo
-            //
-            BERSequenceGenerator cGen = new BERSequenceGenerator(out);
-
-            cGen.addObject(CMSObjectIdentifiers.authenticatedData);
-
-            //
-            // Authenticated Data
-            //
-            BERSequenceGenerator authGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true);
-
-            authGen.addObject(new DERInteger(AuthenticatedData.calculateVersion(null)));
-
-            if (berEncodeRecipientSet)
-            {
-                authGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded());
-            }
-            else
-            {
-                authGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded());
-            }
-
-            Mac mac = CMSEnvelopedHelper.INSTANCE.getMac(macOID, provider);
-
-            mac.init(encKey, params);
-
-            AlgorithmIdentifier macAlgId = getAlgorithmIdentifier(macOID, params, provider);
-
-            authGen.getRawOutputStream().write(macAlgId.getEncoded());
-
-            BERSequenceGenerator eiGen = new BERSequenceGenerator(authGen.getRawOutputStream());
-
-            eiGen.addObject(CMSObjectIdentifiers.data);
-
-            OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-                    eiGen.getRawOutputStream(), 0, false, bufferSize);
-
-            OutputStream mOut = new TeeOutputStream(octetStream, new MacOutputStream(mac));
-
-            return new OldCmsAuthenticatedDataOutputStream(mOut, mac, cGen, authGen, eiGen);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("algorithm parameter invalid.", e);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-            throw new CMSException("algorithm parameter spec invalid.", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception decoding algorithm parameters.", e);
-        }
-    }
-
-    /**
-     * generate an authenticated object that contains an CMS Authenticated Data
-     * object using the given provider.
-     * @throws java.io.IOException
-     * @deprecated use open(out, MacCalculator)
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
-    {
-        return open(out, encryptionOID, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * @deprecated use open(out, MacCalculator)
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException, IOException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(rand);
-
-        return open(out, encryptionOID, keyGen, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated use open(out, MacCalculator)
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        int             keySize,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
-    {
-        return open(out, encryptionOID, keySize, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated use open(out, MacCalculator)
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        int             keySize,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException, IOException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(keySize, rand);
-
-        return open(out, encryptionOID, keyGen, provider);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java
deleted file mode 100644
index c3ec1c187..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java
+++ /dev/null
@@ -1,99 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public class CMSAuthenticatedGenerator
-    extends CMSEnvelopedGenerator
-{
-    protected CMSAttributeTableGenerator authGen;
-    protected CMSAttributeTableGenerator unauthGen;
-
-    /**
-     * base constructor
-     */
-    public CMSAuthenticatedGenerator()
-    {
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     *
-     * @param rand instance of SecureRandom to use
-     */
-    public CMSAuthenticatedGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    protected AlgorithmIdentifier getAlgorithmIdentifier(String encryptionOID, AlgorithmParameterSpec paramSpec, Provider provider)
-        throws IOException, NoSuchAlgorithmException, InvalidParameterSpecException
-    {
-        AlgorithmParameters params = CMSEnvelopedHelper.INSTANCE.createAlgorithmParameters(encryptionOID, provider);
-        params.init(paramSpec);
-
-        return getAlgorithmIdentifier(encryptionOID, params);
-    }
-
-    protected AlgorithmParameterSpec generateParameterSpec(String encryptionOID, SecretKey encKey, Provider encProvider)
-        throws CMSException
-    {
-        try
-        {
-            if (encryptionOID.equals(RC2_CBC))
-            {
-                byte[] iv = new byte[8];
-
-                rand.nextBytes(iv);
-
-                return new RC2ParameterSpec(encKey.getEncoded().length * 8, iv);
-            }
-
-            AlgorithmParameterGenerator pGen = CMSEnvelopedHelper.INSTANCE.createAlgorithmParameterGenerator(encryptionOID, encProvider);
-
-            AlgorithmParameters p = pGen.generateParameters();
-
-            return p.getParameterSpec(IvParameterSpec.class);
-        }
-        catch (GeneralSecurityException e)
-        {
-            return null;
-        }
-    }
-
-    public void setAuthenticatedAttributeGenerator(CMSAttributeTableGenerator authGen)
-    {
-        this.authGen = authGen;
-    }
-
-    public void setUnauthenticatedAttributeGenerator(CMSAttributeTableGenerator unauthGen)
-    {
-        this.unauthGen = unauthGen;
-    }
-
-    protected Map getBaseParameters(DERObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash)
-    {
-        Map param = new HashMap();
-        param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType);
-        param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId);
-        param.put(CMSAttributeTableGenerator.DIGEST,  hash.clone());
-        return param;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedData.java
deleted file mode 100644
index c6b9d76fd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedData.java
+++ /dev/null
@@ -1,152 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.zip.InflaterInputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.cms.CompressedData;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.operator.InputExpander;
-import org.bouncycastle.operator.InputExpanderProvider;
-
-/**
- * containing class for an CMS Compressed Data object
- * 
- *     CMSCompressedData cd = new CMSCompressedData(inputStream);
- *
- *     process(cd.getContent(new ZlibExpanderProvider()));
- * 

- */
-public class CMSCompressedData
-{
-    ContentInfo                 contentInfo;
-
-    public CMSCompressedData(
-        byte[]    compressedData) 
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(compressedData));
-    }
-
-    public CMSCompressedData(
-        InputStream    compressedData) 
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(compressedData));
-    }
-
-    public CMSCompressedData(
-        ContentInfo contentInfo)
-        throws CMSException
-    {
-        this.contentInfo = contentInfo;
-    }
-
-    /**
-     * Return the uncompressed content.
-     *
-     * @return the uncompressed content
-     * @throws CMSException if there is an exception uncompressing the data.
-     * @deprecated use getContent(InputExpanderProvider)
-     */
-    public byte[] getContent()
-        throws CMSException
-    {
-        CompressedData  comData = CompressedData.getInstance(contentInfo.getContent());
-        ContentInfo     content = comData.getEncapContentInfo();
-
-        ASN1OctetString bytes = (ASN1OctetString)content.getContent();
-
-        InflaterInputStream     zIn = new InflaterInputStream(bytes.getOctetStream());
-
-        try
-        {
-            return CMSUtils.streamToByteArray(zIn);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception reading compressed stream.", e);
-        }
-    }
-
-    /**
-     * Return the uncompressed content, throwing an exception if the data size
-     * is greater than the passed in limit. If the content is exceeded getCause()
-     * on the CMSException will contain a StreamOverflowException
-     *
-     * @param limit maximum number of bytes to read
-     * @return the content read
-     * @throws CMSException if there is an exception uncompressing the data.
-     * @deprecated use getContent(InputExpanderProvider)
-     */
-    public byte[] getContent(int limit)
-        throws CMSException
-    {
-        CompressedData  comData = CompressedData.getInstance(contentInfo.getContent());
-        ContentInfo     content = comData.getEncapContentInfo();
-
-        ASN1OctetString bytes = (ASN1OctetString)content.getContent();
-
-        InflaterInputStream     zIn = new InflaterInputStream(bytes.getOctetStream());
-
-        try
-        {
-            return CMSUtils.streamToByteArray(zIn, limit);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception reading compressed stream.", e);
-        }
-    }
-
-    public ASN1ObjectIdentifier getContentType()
-    {
-        return contentInfo.getContentType();
-    }
-
-    /**
-     * Return the uncompressed content.
-     *
-     * @param expanderProvider a provider of expander algorithm implementations.
-     * @return the uncompressed content
-     * @throws CMSException if there is an exception un-compressing the data.
-     */
-    public byte[] getContent(InputExpanderProvider expanderProvider)
-        throws CMSException
-    {
-        CompressedData  comData = CompressedData.getInstance(contentInfo.getContent());
-        ContentInfo     content = comData.getEncapContentInfo();
-
-        ASN1OctetString bytes = (ASN1OctetString)content.getContent();
-        InputExpander   expander = expanderProvider.get(comData.getCompressionAlgorithmIdentifier());
-        InputStream     zIn = expander.getInputStream(bytes.getOctetStream());
-
-        try
-        {
-            return CMSUtils.streamToByteArray(zIn);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception reading compressed stream.", e);
-        }
-    }
-
-    /**
-     * return the ContentInfo 
-     */
-    public ContentInfo getContentInfo()
-    {
-        return contentInfo;
-    }
-    
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return contentInfo.getEncoded();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java
deleted file mode 100644
index e51345cb6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java
+++ /dev/null
@@ -1,115 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.zip.DeflaterOutputStream;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.CompressedData;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.OutputCompressor;
-
-/**
- * General class for generating a compressed CMS message.
- * 

- * A simple example of usage.
- * 

- * 
- *      CMSCompressedDataGenerator  fact = new CMSCompressedDataGenerator();
- *
- *      CMSCompressedData           data = fact.generate(content, new ZlibCompressor());
- * 

- */
-public class CMSCompressedDataGenerator
-{
-    public static final String  ZLIB    = "1.2.840.113549.1.9.16.3.8";
-
-    /**
-     * base constructor
-     */
-    public CMSCompressedDataGenerator()
-    {
-    }
-
-    /**
-     * generate an object that contains an CMS Compressed Data
-     * @deprecated use generate(CMSTypedData, OutputCompressor)
-     */
-    public CMSCompressedData generate(
-        CMSProcessable  content,
-        String          compressionOID)
-        throws CMSException
-    {
-        AlgorithmIdentifier     comAlgId;
-        ASN1OctetString         comOcts;
-
-        try
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            DeflaterOutputStream  zOut = new DeflaterOutputStream(bOut);
-
-            content.write(zOut);
-
-            zOut.close();
-
-            comAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(compressionOID));
-            comOcts = new BERConstructedOctetString(bOut.toByteArray());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception encoding data.", e);
-        }
-
-        ContentInfo     comContent = new ContentInfo(
-                                    CMSObjectIdentifiers.data, comOcts);
-
-        ContentInfo     contentInfo = new ContentInfo(
-                                    CMSObjectIdentifiers.compressedData,
-                                    new CompressedData(comAlgId, comContent));
-
-        return new CMSCompressedData(contentInfo);
-    }
-
-    /**
-     * generate an object that contains an CMS Compressed Data
-     */
-    public CMSCompressedData generate(
-        CMSTypedData content,
-        OutputCompressor compressor)
-        throws CMSException
-    {
-        AlgorithmIdentifier     comAlgId;
-        ASN1OctetString         comOcts;
-
-        try
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            OutputStream zOut = compressor.getOutputStream(bOut);
-
-            content.write(zOut);
-
-            zOut.close();
-
-            comAlgId = compressor.getAlgorithmIdentifier();
-            comOcts = new BERConstructedOctetString(bOut.toByteArray());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception encoding data.", e);
-        }
-
-        ContentInfo     comContent = new ContentInfo(
-                                    content.getContentType(), comOcts);
-
-        ContentInfo     contentInfo = new ContentInfo(
-                                    CMSObjectIdentifiers.compressedData,
-                                    new CompressedData(comAlgId, comContent));
-
-        return new CMSCompressedData(contentInfo);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java
deleted file mode 100644
index 325399dda..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java
+++ /dev/null
@@ -1,94 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.zip.InflaterInputStream;
-
-import org.bouncycastle.asn1.ASN1OctetStringParser;
-import org.bouncycastle.asn1.ASN1SequenceParser;
-import org.bouncycastle.asn1.DERTags;
-import org.bouncycastle.asn1.cms.CompressedDataParser;
-import org.bouncycastle.asn1.cms.ContentInfoParser;
-import org.bouncycastle.operator.InputExpander;
-import org.bouncycastle.operator.InputExpanderProvider;
-
-/**
- * Class for reading a CMS Compressed Data stream.
- * 
- *     CMSCompressedDataParser cp = new CMSCompressedDataParser(inputStream);
- *      
- *     process(cp.getContent(new ZlibExpanderProvider()).getContentStream());
- * 

- *  Note: this class does not introduce buffering - if you are processing large files you should create
- *  the parser with:
- *  
- *      CMSCompressedDataParser     ep = new CMSCompressedDataParser(new BufferedInputStream(inputStream, bufSize));
- *  

- *  where bufSize is a suitably large buffer size.
- */
-public class CMSCompressedDataParser
-    extends CMSContentInfoParser
-{
-    public CMSCompressedDataParser(
-        byte[]    compressedData) 
-        throws CMSException
-    {
-        this(new ByteArrayInputStream(compressedData));
-    }
-
-    public CMSCompressedDataParser(
-        InputStream    compressedData) 
-        throws CMSException
-    {
-        super(compressedData);
-    }
-
-    /**
-     * @deprecated  use getContent(InputExpandedProvider)
-     */
-    public CMSTypedStream  getContent()
-        throws CMSException
-    {
-        try
-        {
-            CompressedDataParser  comData = new CompressedDataParser((ASN1SequenceParser)_contentInfo.getContent(DERTags.SEQUENCE));
-            ContentInfoParser     content = comData.getEncapContentInfo();
-    
-            ASN1OctetStringParser bytes = (ASN1OctetStringParser)content.getContent(DERTags.OCTET_STRING);
-    
-            return new CMSTypedStream(content.getContentType().toString(), new InflaterInputStream(bytes.getOctetStream()));
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("IOException reading compressed content.", e);
-        }
-    }
-
-    /**
-     * Return a typed stream which will allow the reading of the compressed content in
-     * expanded form.
-     *
-     * @param expanderProvider a provider of expander algorithm implementations.
-     * @return a type stream which will yield the un-compressed content.
-     * @throws CMSException if there is an exception parsing the CompressedData object.
-     */
-    public CMSTypedStream  getContent(InputExpanderProvider expanderProvider)
-        throws CMSException
-    {
-        try
-        {
-            CompressedDataParser  comData = new CompressedDataParser((ASN1SequenceParser)_contentInfo.getContent(DERTags.SEQUENCE));
-            ContentInfoParser     content = comData.getEncapContentInfo();
-            InputExpander expander = expanderProvider.get(comData.getCompressionAlgorithmIdentifier());
-
-            ASN1OctetStringParser bytes = (ASN1OctetStringParser)content.getContent(DERTags.OCTET_STRING);
-
-            return new CMSTypedStream(content.getContentType().getId(), expander.getInputStream(bytes.getOctetStream()));
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("IOException reading compressed content.", e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java
deleted file mode 100644
index f27312939..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java
+++ /dev/null
@@ -1,214 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.zip.DeflaterOutputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.BERSequenceGenerator;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequenceGenerator;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.operator.OutputCompressor;
-
-/**
- * General class for generating a compressed CMS message stream.
- * 

- * A simple example of usage.
- * 

- * 
- *      CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
- *      
- *      OutputStream cOut = gen.open(outputStream, new ZlibCompressor());
- *      
- *      cOut.write(data);
- *      
- *      cOut.close();
- * 

- */
-public class CMSCompressedDataStreamGenerator
-{
-    public static final String  ZLIB    = "1.2.840.113549.1.9.16.3.8";
-
-    private int _bufferSize;
-    
-    /**
-     * base constructor
-     */
-    public CMSCompressedDataStreamGenerator()
-    {
-    }
-
-    /**
-     * Set the underlying string size for encapsulated data
-     *
-     * @param bufferSize length of octet strings to buffer the data.
-     */
-    public void setBufferSize(
-        int bufferSize)
-    {
-        _bufferSize = bufferSize;
-    }
-
-    /**
-     * @deprecated use open(OutputStream, ContentCompressor)
-     */
-    public OutputStream open(
-        OutputStream out,
-        String       compressionOID) 
-        throws IOException
-    {
-        return open(out, CMSObjectIdentifiers.data.getId(), compressionOID);
-    }
-
-    /**
-     * @deprecated use open(OutputStream, ASN1ObjectIdentifier, ContentCompressor)
-     */
-    public OutputStream open(
-        OutputStream  out,        
-        String        contentOID,
-        String        compressionOID) 
-        throws IOException
-    {
-        BERSequenceGenerator sGen = new BERSequenceGenerator(out);
-        
-        sGen.addObject(CMSObjectIdentifiers.compressedData);
-        
-        //
-        // Compressed Data
-        //
-        BERSequenceGenerator cGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
-        
-        cGen.addObject(new DERInteger(0));
-        
-        //
-        // AlgorithmIdentifier
-        //
-        DERSequenceGenerator algGen = new DERSequenceGenerator(cGen.getRawOutputStream());
-        
-        algGen.addObject(new DERObjectIdentifier(ZLIB));
-
-        algGen.close();
-        
-        //
-        // Encapsulated ContentInfo
-        //
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(cGen.getRawOutputStream());
-        
-        eiGen.addObject(new DERObjectIdentifier(contentOID));
-
-        OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-            eiGen.getRawOutputStream(), 0, true, _bufferSize);
-        
-        return new CmsCompressedOutputStream(
-            new DeflaterOutputStream(octetStream), sGen, cGen, eiGen);
-    }
-
-    public OutputStream open(
-        OutputStream out,
-        OutputCompressor compressor)
-        throws IOException
-    {
-        return open(CMSObjectIdentifiers.data, out, compressor);
-    }
-
-    /**
-     * Open a compressing output stream.
-     *
-     * @param contentOID
-     * @param out
-     * @param compressor
-     * @return
-     * @throws IOException
-     */
-    public OutputStream open(
-        ASN1ObjectIdentifier contentOID,
-        OutputStream out,
-        OutputCompressor compressor)
-        throws IOException
-    {
-        BERSequenceGenerator sGen = new BERSequenceGenerator(out);
-
-        sGen.addObject(CMSObjectIdentifiers.compressedData);
-
-        //
-        // Compressed Data
-        //
-        BERSequenceGenerator cGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
-
-        cGen.addObject(new DERInteger(0));
-
-        //
-        // AlgorithmIdentifier
-        //
-        cGen.addObject(compressor.getAlgorithmIdentifier());
-
-        //
-        // Encapsulated ContentInfo
-        //
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(cGen.getRawOutputStream());
-
-        eiGen.addObject(contentOID);
-
-        OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-            eiGen.getRawOutputStream(), 0, true, _bufferSize);
-
-        return new CmsCompressedOutputStream(
-            compressor.getOutputStream(octetStream), sGen, cGen, eiGen);
-    }
-
-    private class CmsCompressedOutputStream
-        extends OutputStream
-    {
-        private OutputStream _out;
-        private BERSequenceGenerator _sGen;
-        private BERSequenceGenerator _cGen;
-        private BERSequenceGenerator _eiGen;
-        
-        CmsCompressedOutputStream(
-            OutputStream out,
-            BERSequenceGenerator sGen,
-            BERSequenceGenerator cGen,
-            BERSequenceGenerator eiGen)
-        {
-            _out = out;
-            _sGen = sGen;
-            _cGen = cGen;
-            _eiGen = eiGen;
-        }
-        
-        public void write(
-            int b)
-            throws IOException
-        {
-            _out.write(b); 
-        }
-        
-        
-        public void write(
-            byte[] bytes,
-            int    off,
-            int    len)
-            throws IOException
-        {
-            _out.write(bytes, off, len);
-        }
-        
-        public void write(
-            byte[] bytes)
-            throws IOException
-        {
-            _out.write(bytes);
-        }
-        
-        public void close()
-            throws IOException
-        {
-            _out.close();
-            _eiGen.close();
-            _cGen.close();
-            _sGen.close();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSConfig.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSConfig.java
deleted file mode 100644
index 3a93ce4d6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSConfig.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-
-public class CMSConfig
-{
-    /**
-     * Set the mapping for the encryption algorithm used in association with a SignedData generation
-     * or interpretation.
-     *
-     * @param oid object identifier to map.
-     * @param algorithmName algorithm name to use.
-     */
-    public static void setSigningEncryptionAlgorithmMapping(String oid, String algorithmName)
-    {
-        DERObjectIdentifier id = new DERObjectIdentifier(oid);
-
-        CMSSignedHelper.INSTANCE.setSigningEncryptionAlgorithmMapping(id, algorithmName);
-    }
-
-    /**
-     * Set the mapping for the digest algorithm to use in conjunction with a SignedData generation
-     * or interpretation.
-     *
-     * @param oid object identifier to map.
-     * @param algorithmName algorithm name to use.
-     */
-    public static void setSigningDigestAlgorithmMapping(String oid, String algorithmName)
-    {
-        DERObjectIdentifier id = new DERObjectIdentifier(oid);
-
-        CMSSignedHelper.INSTANCE.setSigningDigestAlgorithmMapping(id, algorithmName);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java
deleted file mode 100644
index a8e5a8da3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.ASN1SequenceParser;
-import org.bouncycastle.asn1.ASN1StreamParser;
-import org.bouncycastle.asn1.cms.ContentInfoParser;
-
-public class CMSContentInfoParser
-{
-    protected ContentInfoParser _contentInfo;
-    protected InputStream       _data;
-
-    protected CMSContentInfoParser(
-        InputStream data)
-        throws CMSException
-    {
-        _data = data;
-        
-        try
-        {
-            ASN1StreamParser in = new ASN1StreamParser(data);
-    
-            _contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("IOException reading content.", e);
-        }
-        catch (ClassCastException e)
-        {
-            throw new CMSException("Unexpected object reading content.", e);
-        }
-    }
-    
-    /**
-     * Close the underlying data stream.
-     * @throws IOException if the close fails.
-     */
-    public void close() throws IOException
-    {
-        _data.close();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java
deleted file mode 100644
index 21035fdde..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java
+++ /dev/null
@@ -1,196 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.AlgorithmParameters;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.EncryptedContentInfo;
-import org.bouncycastle.asn1.cms.EnvelopedData;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * containing class for an CMS Enveloped Data object
- * 

- * Example of use - assuming the first recipient matches the private key we have.
- * 
- *      CMSEnvelopedData     ed = new CMSEnvelopedData(inputStream);
- *
- *      RecipientInformationStore  recipients = ed.getRecipientInfos();
- *
- *      Collection  c = recipients.getRecipients();
- *      Iterator    it = c.iterator();
- *
- *      if (it.hasNext())
- *      {
- *          RecipientInformation   recipient = (RecipientInformation)it.next();
- *
- *          byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC"));
- *
- *          processData(recData);
- *      }
- *  

- */
-public class CMSEnvelopedData
-{
-    RecipientInformationStore   recipientInfoStore;
-    ContentInfo                 contentInfo;
-    
-    private AlgorithmIdentifier    encAlg;
-    private ASN1Set                unprotectedAttributes;
-
-    public CMSEnvelopedData(
-        byte[]    envelopedData) 
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(envelopedData));
-    }
-
-    public CMSEnvelopedData(
-        InputStream    envelopedData) 
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(envelopedData));
-    }
-
-    public CMSEnvelopedData(
-        ContentInfo contentInfo)
-    {
-        this.contentInfo = contentInfo;
-
-        EnvelopedData  envData = EnvelopedData.getInstance(contentInfo.getContent());
-
-        //
-        // read the recipients
-        //
-        ASN1Set recipientInfos = envData.getRecipientInfos();
-
-        //
-        // read the encrypted content info
-        //
-        EncryptedContentInfo encInfo = envData.getEncryptedContentInfo();
-        this.encAlg = encInfo.getContentEncryptionAlgorithm();
-        CMSReadable readable = new CMSProcessableByteArray(encInfo.getEncryptedContent().getOctets());
-        CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSEnvelopedSecureReadable(
-            this.encAlg, readable);
-
-        //
-        // build the RecipientInformationStore
-        //
-        this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
-            recipientInfos, this.encAlg, secureReadable);
-
-        this.unprotectedAttributes = envData.getUnprotectedAttrs();
-    }
-
-    private byte[] encodeObj(
-        DEREncodable    obj)
-        throws IOException
-    {
-        if (obj != null)
-        {
-            return obj.getDERObject().getEncoded();
-        }
-
-        return null;
-    }
-    
-    /**
-     * return the object identifier for the content encryption algorithm.
-     */
-    public String getEncryptionAlgOID()
-    {
-        return encAlg.getObjectId().getId();
-    }
-
-    /**
-     * return the ASN.1 encoded encryption algorithm parameters, or null if
-     * there aren't any.
-     */
-    public byte[] getEncryptionAlgParams()
-    {
-        try
-        {
-            return encodeObj(encAlg.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-    
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the message content.
-     * 
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     * @throws NoSuchProviderException if the provider cannot be found.
-     */
-    public AlgorithmParameters getEncryptionAlgorithmParameters(
-        String  provider) 
-    throws CMSException, NoSuchProviderException    
-    {
-        return getEncryptionAlgorithmParameters(CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the message content.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     */
-    public AlgorithmParameters getEncryptionAlgorithmParameters(
-        Provider provider)
-    throws CMSException
-    {
-        return CMSEnvelopedHelper.INSTANCE.getEncryptionAlgorithmParameters(getEncryptionAlgOID(), getEncryptionAlgParams(), provider);
-    }
-
-    /**
-     * return a store of the intended recipients for this message
-     */
-    public RecipientInformationStore getRecipientInfos()
-    {
-        return recipientInfoStore;
-    }
-
-    /**
-     * return the ContentInfo 
-     */
-    public ContentInfo getContentInfo()
-    {
-        return contentInfo;
-    }
-
-    /**
-     * return a table of the unprotected attributes indexed by
-     * the OID of the attribute.
-     */
-    public AttributeTable getUnprotectedAttributes()
-    {
-        if (unprotectedAttributes == null)
-        {
-            return null;
-        }
-
-        return new AttributeTable(unprotectedAttributes);
-    }
-    
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return contentInfo.getEncoded();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java
deleted file mode 100644
index 3836cf25c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java
+++ /dev/null
@@ -1,343 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.util.HashMap;
-import java.util.Iterator;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherOutputStream;
-import javax.crypto.KeyGenerator;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.BERSet;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.EncryptedContentInfo;
-import org.bouncycastle.asn1.cms.EnvelopedData;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OutputEncryptor;
-
-/**
- * General class for generating a CMS enveloped-data message.
- *
- * A simple example of usage.
- *
- * 
- *       CMSTypedData msg     = new CMSProcessableByteArray("Hello World!".getBytes());
- *
- *       CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
- *
- *       edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC"));
- *
- *       CMSEnvelopedData ed = edGen.generate(
- *                                       msg,
- *                                       new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC)
- *                                              .setProvider("BC").build());
- *
- * 

- */
-public class CMSEnvelopedDataGenerator
-    extends CMSEnvelopedGenerator
-{
-    /**
-     * base constructor
-     */
-    public CMSEnvelopedDataGenerator()
-    {
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     */
-    public CMSEnvelopedDataGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider and the passed in key generator.
-     */
-    private CMSEnvelopedData generate(
-        CMSProcessable  content,
-        String          encryptionOID,
-        KeyGenerator    keyGen,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        Provider                encProvider = keyGen.getProvider();
-        ASN1EncodableVector     recipientInfos = new ASN1EncodableVector();
-        AlgorithmIdentifier     encAlgId;
-        SecretKey               encKey;
-        ASN1OctetString         encContent;
-
-        try
-        {
-            Cipher cipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(encryptionOID, encProvider);
-
-            AlgorithmParameters params;
-            
-            encKey = keyGen.generateKey();
-            params = generateParameters(encryptionOID, encKey, encProvider);
-
-            cipher.init(Cipher.ENCRYPT_MODE, encKey, params, rand);
-
-            //
-            // If params are null we try and second guess on them as some providers don't provide
-            // algorithm parameter generation explicity but instead generate them under the hood.
-            //
-            if (params == null)
-            {
-                params = cipher.getParameters();
-            }
-            
-            encAlgId = getAlgorithmIdentifier(encryptionOID, params);
-
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            CipherOutputStream      cOut = new CipherOutputStream(bOut, cipher);
-
-            content.write(cOut);
-
-            cOut.close();
-
-            encContent = new BERConstructedOctetString(bOut.toByteArray());
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("algorithm parameters invalid.", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception decoding algorithm parameters.", e);
-        }
-
-        for (Iterator it = oldRecipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            IntRecipientInfoGenerator recipient = (IntRecipientInfoGenerator)it.next();
-
-            try
-            {
-                recipientInfos.add(recipient.generate(encKey, rand, provider));
-            }
-            catch (InvalidKeyException e)
-            {
-                throw new CMSException("key inappropriate for algorithm.", e);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CMSException("error making encrypted content.", e);
-            }
-        }
-
-        for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(new GenericKey(encKey)));
-        }
-
-        EncryptedContentInfo  eci;
-
-        if (content instanceof CMSTypedData)
-        {
-            eci = new EncryptedContentInfo(
-                        ((CMSTypedData)content).getContentType(),
-                        encAlgId,
-                        encContent);
-        }
-        else
-        {
-            eci = new EncryptedContentInfo(
-                        CMSObjectIdentifiers.data,
-                        encAlgId,
-                        encContent);
-        }
-
-        ASN1Set unprotectedAttrSet = null;
-        if (unprotectedAttributeGenerator != null)
-        {
-            AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap());
-
-            unprotectedAttrSet = new BERSet(attrTable.toASN1EncodableVector());
-        }
-
-        ContentInfo contentInfo = new ContentInfo(
-                CMSObjectIdentifiers.envelopedData,
-                new EnvelopedData(null, new DERSet(recipientInfos), eci, unprotectedAttrSet));
-
-        return new CMSEnvelopedData(contentInfo);
-    }
-
-    private CMSEnvelopedData doGenerate(
-        CMSTypedData content,
-        OutputEncryptor contentEncryptor)
-        throws CMSException
-    {
-        if (!oldRecipientInfoGenerators.isEmpty())
-        {
-            throw new IllegalStateException("can only use addRecipientGenerator() with this method");
-        }
-
-        ASN1EncodableVector     recipientInfos = new ASN1EncodableVector();
-        AlgorithmIdentifier     encAlgId;
-        ASN1OctetString         encContent;
-
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-        try
-        {
-            OutputStream cOut = contentEncryptor.getOutputStream(bOut);
-
-            content.write(cOut);
-
-            cOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("");
-        }
-
-        byte[] encryptedContent = bOut.toByteArray();
-
-        encAlgId = contentEncryptor.getAlgorithmIdentifier();
-
-        encContent = new BERConstructedOctetString(encryptedContent);
-
-        GenericKey encKey = contentEncryptor.getKey();
-
-        for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(encKey));
-        }
-
-        EncryptedContentInfo  eci = new EncryptedContentInfo(
-                        content.getContentType(),
-                        encAlgId,
-                        encContent);
-
-        ASN1Set unprotectedAttrSet = null;
-        if (unprotectedAttributeGenerator != null)
-        {
-            AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap());
-
-            unprotectedAttrSet = new BERSet(attrTable.toASN1EncodableVector());
-        }
-
-        ContentInfo contentInfo = new ContentInfo(
-                CMSObjectIdentifiers.envelopedData,
-                new EnvelopedData(null, new DERSet(recipientInfos), eci, unprotectedAttrSet));
-
-        return new CMSEnvelopedData(contentInfo);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated use OutputEncryptor method.
-     */
-    public CMSEnvelopedData generate(
-        CMSProcessable  content,
-        String          encryptionOID,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return generate(content, encryptionOID, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated use OutputEncryptor method.
-     */
-    public CMSEnvelopedData generate(
-        CMSProcessable  content,
-        String          encryptionOID,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(rand);
-
-        return generate(content, encryptionOID, keyGen, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated use OutputEncryptor method.
-     */
-    public CMSEnvelopedData generate(
-        CMSProcessable  content,
-        String          encryptionOID,
-        int             keySize,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return generate(content, encryptionOID, keySize, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated use OutputEncryptor method.
-     */
-    public CMSEnvelopedData generate(
-        CMSProcessable  content,
-        String          encryptionOID,
-        int             keySize,
-        Provider        provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(keySize, rand);
-
-        return generate(content, encryptionOID, keyGen, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     *
-     * @param content the content to be encrypted
-     * @param contentEncryptor the symmetric key based encryptor to encrypt the content with.
-     */
-    public CMSEnvelopedData generate(
-        CMSTypedData content,
-        OutputEncryptor contentEncryptor)
-        throws CMSException
-    {
-        return doGenerate(content, contentEncryptor);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java
deleted file mode 100644
index 033c35c76..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java
+++ /dev/null
@@ -1,213 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.AlgorithmParameters;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetStringParser;
-import org.bouncycastle.asn1.ASN1SequenceParser;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1SetParser;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTags;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.EncryptedContentInfoParser;
-import org.bouncycastle.asn1.cms.EnvelopedDataParser;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * Parsing class for an CMS Enveloped Data object from an input stream.
- * 

- * Note: that because we are in a streaming mode only one recipient can be tried and it is important 
- * that the methods on the parser are called in the appropriate order.
- * 

- * 

- * Example of use - assuming the first recipient matches the private key we have.
- * 
- *      CMSEnvelopedDataParser     ep = new CMSEnvelopedDataParser(inputStream);
- *
- *      RecipientInformationStore  recipients = ep.getRecipientInfos();
- *
- *      Collection  c = recipients.getRecipients();
- *      Iterator    it = c.iterator();
- *      
- *      if (it.hasNext())
- *      {
- *          RecipientInformation   recipient = (RecipientInformation)it.next();
- *
- *          CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC"));
- *          
- *          processDataStream(recData.getContentStream());
- *      }
- *  

- *  Note: this class does not introduce buffering - if you are processing large files you should create
- *  the parser with:
- *  
- *          CMSEnvelopedDataParser     ep = new CMSEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize));
- *  

- *  where bufSize is a suitably large buffer size.
- */
-public class CMSEnvelopedDataParser
-    extends CMSContentInfoParser
-{
-    RecipientInformationStore   _recipientInfoStore;
-    EnvelopedDataParser         _envelopedData;
-    
-    private AlgorithmIdentifier _encAlg;
-    private AttributeTable      _unprotectedAttributes;
-    private boolean             _attrNotRead;
-
-    public CMSEnvelopedDataParser(
-        byte[]    envelopedData) 
-        throws CMSException, IOException
-    {
-        this(new ByteArrayInputStream(envelopedData));
-    }
-
-    public CMSEnvelopedDataParser(
-        InputStream    envelopedData) 
-        throws CMSException, IOException
-    {
-        super(envelopedData);
-
-        this._attrNotRead = true;
-        this._envelopedData = new EnvelopedDataParser((ASN1SequenceParser)_contentInfo.getContent(DERTags.SEQUENCE));
-
-        // TODO Validate version?
-        //DERInteger version = this._envelopedData.getVersion();
-
-        //
-        // read the recipients
-        //
-        ASN1Set recipientInfos = ASN1Set.getInstance(_envelopedData.getRecipientInfos().getDERObject());
-
-        //
-        // read the encrypted content info
-        //
-        EncryptedContentInfoParser encInfo = _envelopedData.getEncryptedContentInfo();
-        this._encAlg = encInfo.getContentEncryptionAlgorithm();
-        CMSReadable readable = new CMSProcessableInputStream(
-            ((ASN1OctetStringParser)encInfo.getEncryptedContent(DERTags.OCTET_STRING)).getOctetStream());
-        CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSEnvelopedSecureReadable(
-            this._encAlg, readable);
-
-        //
-        // build the RecipientInformationStore
-        //
-        this._recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
-            recipientInfos, this._encAlg, secureReadable);
-    }
-
-    /**
-     * return the object identifier for the content encryption algorithm.
-     */
-    public String getEncryptionAlgOID()
-    {
-        return _encAlg.getObjectId().toString();
-    }
-
-    /**
-     * return the ASN.1 encoded encryption algorithm parameters, or null if
-     * there aren't any.
-     */
-    public byte[] getEncryptionAlgParams()
-    {
-        try
-        {
-            return encodeObj(_encAlg.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-    
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the message content.
-     * 
-     * @param provider the name of the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     * @throws NoSuchProviderException if the provider cannot be found.
-     */
-    public AlgorithmParameters getEncryptionAlgorithmParameters(
-        String  provider) 
-        throws CMSException, NoSuchProviderException
-    {
-        return getEncryptionAlgorithmParameters(CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the message content.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     */
-    public AlgorithmParameters getEncryptionAlgorithmParameters(
-        Provider provider)
-        throws CMSException
-    {
-        return CMSEnvelopedHelper.INSTANCE.getEncryptionAlgorithmParameters(getEncryptionAlgOID(), getEncryptionAlgParams(), provider);
-    }
-
-    /**
-     * return a store of the intended recipients for this message
-     */
-    public RecipientInformationStore getRecipientInfos()
-    {
-        return _recipientInfoStore;
-    }
-
-    /**
-     * return a table of the unprotected attributes indexed by
-     * the OID of the attribute.
-     * @exception IOException 
-     */
-    public AttributeTable getUnprotectedAttributes() 
-        throws IOException
-    {
-        if (_unprotectedAttributes == null && _attrNotRead)
-        {
-            ASN1SetParser             set = _envelopedData.getUnprotectedAttrs();
-            
-            _attrNotRead = false;
-            
-            if (set != null)
-            {
-                ASN1EncodableVector v = new ASN1EncodableVector();
-                DEREncodable        o;
-                
-                while ((o = set.readObject()) != null)
-                {
-                    ASN1SequenceParser    seq = (ASN1SequenceParser)o;
-                    
-                    v.add(seq.getDERObject());
-                }
-                
-                _unprotectedAttributes = new AttributeTable(new DERSet(v));
-            }
-        }
-
-        return _unprotectedAttributes;
-    }
-
-    private byte[] encodeObj(
-        DEREncodable    obj)
-        throws IOException
-    {
-        if (obj != null)
-        {
-            return obj.getDERObject().getEncoded();
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java
deleted file mode 100644
index c79200195..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java
+++ /dev/null
@@ -1,523 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.util.HashMap;
-import java.util.Iterator;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherOutputStream;
-import javax.crypto.KeyGenerator;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERSequenceGenerator;
-import org.bouncycastle.asn1.BERSet;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OutputEncryptor;
-
-/**
- * General class for generating a CMS enveloped-data message stream.
- * 

- * A simple example of usage.
- * 
- *      CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
- *
- *      edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC"));
- *
- *      ByteArrayOutputStream  bOut = new ByteArrayOutputStream();
- *      
- *      OutputStream out = edGen.open(
- *                              bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC)
- *                                              .setProvider("BC").build());
- *      out.write(data);
- *      
- *      out.close();
- * 

- */
-public class CMSEnvelopedDataStreamGenerator
-    extends CMSEnvelopedGenerator
-{
-    private Object              _originatorInfo = null;
-    private Object              _unprotectedAttributes = null;
-    private int                 _bufferSize;
-    private boolean             _berEncodeRecipientSet;
-
-    /**
-     * base constructor
-     */
-    public CMSEnvelopedDataStreamGenerator()
-    {
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     */
-    public CMSEnvelopedDataStreamGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    /**
-     * Set the underlying string size for encapsulated data
-     * 
-     * @param bufferSize length of octet strings to buffer the data.
-     */
-    public void setBufferSize(
-        int bufferSize)
-    {
-        _bufferSize = bufferSize;
-    }
-
-    /**
-     * Use a BER Set to store the recipient information
-     */
-    public void setBEREncodeRecipients(
-        boolean berEncodeRecipientSet)
-    {
-        _berEncodeRecipientSet = berEncodeRecipientSet;
-    }
-
-    private DERInteger getVersion()
-    {
-        if (_originatorInfo != null || _unprotectedAttributes != null)
-        {
-            return new DERInteger(2);
-        }
-        else
-        {
-            return new DERInteger(0);
-        }
-    }
-    
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider and the passed in key generator.
-     * @throws IOException
-     * @deprecated
-     */
-    private OutputStream open(
-        OutputStream out,
-        String       encryptionOID,
-        KeyGenerator keyGen,
-        Provider     provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        Provider            encProvider = keyGen.getProvider();
-        SecretKey           encKey = keyGen.generateKey();
-        AlgorithmParameters params = generateParameters(encryptionOID, encKey, encProvider);
-
-        Iterator it = oldRecipientInfoGenerators.iterator();
-        ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
-        
-        while (it.hasNext())
-        {
-            IntRecipientInfoGenerator recipient = (IntRecipientInfoGenerator)it.next();
-
-            try
-            {
-                recipientInfos.add(recipient.generate(encKey, rand, provider));
-            }
-            catch (InvalidKeyException e)
-            {
-                throw new CMSException("key inappropriate for algorithm.", e);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CMSException("error making encrypted content.", e);
-            }
-        }
-
-        it = recipientInfoGenerators.iterator();
-
-        while (it.hasNext())
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(new GenericKey(encKey)));
-        }
-
-        return open(out, encryptionOID, encKey, params, recipientInfos, encProvider);
-    }
-
-    private OutputStream doOpen(
-        ASN1ObjectIdentifier dataType,
-        OutputStream         out,
-        OutputEncryptor encryptor)
-        throws IOException, CMSException
-    {
-        ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
-        GenericKey encKey = encryptor.getKey();
-        Iterator it = recipientInfoGenerators.iterator();
-
-        while (it.hasNext())
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(encKey));
-        }
-
-        return open(dataType, out, recipientInfos, encryptor);
-    }
-
-    protected OutputStream open(
-        ASN1ObjectIdentifier dataType,
-        OutputStream         out,
-        ASN1EncodableVector  recipientInfos,
-        OutputEncryptor      encryptor)
-        throws IOException
-    {
-        //
-        // ContentInfo
-        //
-        BERSequenceGenerator cGen = new BERSequenceGenerator(out);
-
-        cGen.addObject(CMSObjectIdentifiers.envelopedData);
-
-        //
-        // Encrypted Data
-        //
-        BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true);
-
-        envGen.addObject(getVersion());
-
-        if (_berEncodeRecipientSet)
-        {
-            envGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded());
-        }
-        else
-        {
-            envGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded());
-        }
-
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream());
-
-        eiGen.addObject(dataType);
-
-        AlgorithmIdentifier encAlgId = encryptor.getAlgorithmIdentifier();
-
-        eiGen.getRawOutputStream().write(encAlgId.getEncoded());
-
-        OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-            eiGen.getRawOutputStream(), 0, false, _bufferSize);
-
-        OutputStream cOut = encryptor.getOutputStream(octetStream);
-
-        return new CmsEnvelopedDataOutputStream(cOut, cGen, envGen, eiGen);
-    }
-
-    protected OutputStream open(
-        OutputStream        out,
-        String              encryptionOID,
-        SecretKey           encKey,
-        AlgorithmParameters params,
-        ASN1EncodableVector recipientInfos,
-        String              provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return open(out, encryptionOID, encKey, params, recipientInfos, CMSUtils.getProvider(provider));
-    }
-
-    protected OutputStream open(
-        OutputStream        out,
-        String              encryptionOID,
-        SecretKey           encKey,
-        AlgorithmParameters params,
-        ASN1EncodableVector recipientInfos,
-        Provider            provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        try
-        {
-            //
-            // ContentInfo
-            //
-            BERSequenceGenerator cGen = new BERSequenceGenerator(out);
-            
-            cGen.addObject(CMSObjectIdentifiers.envelopedData);
-            
-            //
-            // Encrypted Data
-            //
-            BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true);
-            
-            envGen.addObject(getVersion());
-
-            if (_berEncodeRecipientSet)
-            {
-                envGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded());
-            }
-            else
-            {
-                envGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded());
-            }
-
-            BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream());
-            
-            eiGen.addObject(CMSObjectIdentifiers.data);
-
-            Cipher cipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(encryptionOID, provider);
-
-            cipher.init(Cipher.ENCRYPT_MODE, encKey, params, rand);
-
-            //
-            // If params are null we try and second guess on them as some providers don't provide
-            // algorithm parameter generation explicitly but instead generate them under the hood.
-            //
-            if (params == null)
-            {
-                params = cipher.getParameters();
-            }
-
-            AlgorithmIdentifier encAlgId = getAlgorithmIdentifier(encryptionOID, params);
-                        
-            eiGen.getRawOutputStream().write(encAlgId.getEncoded());
-
-            OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-                eiGen.getRawOutputStream(), 0, false, _bufferSize);
-
-            CipherOutputStream cOut = new CipherOutputStream(octetStream, cipher);
-
-            return new CmsEnvelopedDataOutputStream(cOut, cGen, envGen, eiGen);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("algorithm parameters invalid.", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception decoding algorithm parameters.", e);
-        }
-    }
-
-    protected OutputStream open(
-        OutputStream        out,
-        ASN1EncodableVector recipientInfos,
-        OutputEncryptor     encryptor)
-        throws CMSException
-    {
-        try
-        {
-            //
-            // ContentInfo
-            //
-            BERSequenceGenerator cGen = new BERSequenceGenerator(out);
-
-            cGen.addObject(CMSObjectIdentifiers.envelopedData);
-
-            //
-            // Encrypted Data
-            //
-            BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true);
-
-            envGen.addObject(getVersion());
-
-            if (_berEncodeRecipientSet)
-            {
-                envGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded());
-            }
-            else
-            {
-                envGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded());
-            }
-
-            BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream());
-
-            eiGen.addObject(CMSObjectIdentifiers.data);
-
-            AlgorithmIdentifier encAlgId = encryptor.getAlgorithmIdentifier();
-
-            eiGen.getRawOutputStream().write(encAlgId.getEncoded());
-
-            OutputStream octetStream = CMSUtils.createBEROctetOutputStream(
-                eiGen.getRawOutputStream(), 0, false, _bufferSize);
-
-            return new CmsEnvelopedDataOutputStream(encryptor.getOutputStream(octetStream), cGen, envGen, eiGen);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception decoding algorithm parameters.", e);
-        }
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @throws IOException
-     * @deprecated
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
-    {
-        return open(out, encryptionOID, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * @deprecated
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException, IOException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(rand);
-
-        return open(out, encryptionOID, keyGen, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        int             keySize,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
-    {
-        return open(out, encryptionOID, keySize, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given provider.
-     * @deprecated
-     */
-    public OutputStream open(
-        OutputStream    out,
-        String          encryptionOID,
-        int             keySize,
-        Provider        provider)
-        throws NoSuchAlgorithmException, CMSException, IOException
-    {
-        KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider);
-
-        keyGen.init(keySize, rand);
-
-        return open(out, encryptionOID, keyGen, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given encryptor.
-     */
-    public OutputStream open(
-        OutputStream    out,
-        OutputEncryptor encryptor)
-        throws CMSException, IOException
-    {
-        return doOpen(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), out, encryptor);
-    }
-
-    /**
-     * generate an enveloped object that contains an CMS Enveloped Data
-     * object using the given encryptor and marking the data as being of the passed
-     * in type.
-     */
-    public OutputStream open(
-        ASN1ObjectIdentifier dataType,
-        OutputStream         out,
-        OutputEncryptor      encryptor)
-        throws CMSException, IOException
-    {
-        return doOpen(dataType, out, encryptor);
-    }
-
-    private class CmsEnvelopedDataOutputStream
-        extends OutputStream
-    {
-        private OutputStream   _out;
-        private BERSequenceGenerator _cGen;
-        private BERSequenceGenerator _envGen;
-        private BERSequenceGenerator _eiGen;
-    
-        public CmsEnvelopedDataOutputStream(
-            OutputStream   out,
-            BERSequenceGenerator cGen,
-            BERSequenceGenerator envGen,
-            BERSequenceGenerator eiGen)
-        {
-            _out = out;
-            _cGen = cGen;
-            _envGen = envGen;
-            _eiGen = eiGen;
-        }
-    
-        public void write(
-            int b)
-            throws IOException
-        {
-            _out.write(b);
-        }
-        
-        public void write(
-            byte[] bytes,
-            int    off,
-            int    len)
-            throws IOException
-        {
-            _out.write(bytes, off, len);
-        }
-        
-        public void write(
-            byte[] bytes)
-            throws IOException
-        {
-            _out.write(bytes);
-        }
-        
-        public void close()
-            throws IOException
-        {
-            _out.close();
-            _eiGen.close();
-
-            if (unprotectedAttributeGenerator != null)
-            {
-                AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap());
-      
-                ASN1Set unprotectedAttrs = new BERSet(attrTable.toASN1EncodableVector());
-
-                _envGen.addObject(new DERTaggedObject(false, 1, unprotectedAttrs));
-            }
-    
-            _envGen.close();
-            _cGen.close();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java
deleted file mode 100644
index ef5998a63..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java
+++ /dev/null
@@ -1,355 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.KEKIdentifier;
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PBKDF2Params;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-
-/**
- * General class for generating a CMS enveloped-data message.
- */
-public class CMSEnvelopedGenerator
-{
-    public static final String  DES_EDE3_CBC    = PKCSObjectIdentifiers.des_EDE3_CBC.getId();
-    public static final String  RC2_CBC         = PKCSObjectIdentifiers.RC2_CBC.getId();
-    public static final String  IDEA_CBC        = "1.3.6.1.4.1.188.7.1.1.2";
-    public static final String  CAST5_CBC       = "1.2.840.113533.7.66.10";
-    public static final String  AES128_CBC      = NISTObjectIdentifiers.id_aes128_CBC.getId();
-    public static final String  AES192_CBC      = NISTObjectIdentifiers.id_aes192_CBC.getId();
-    public static final String  AES256_CBC      = NISTObjectIdentifiers.id_aes256_CBC.getId();
-    public static final String  CAMELLIA128_CBC = NTTObjectIdentifiers.id_camellia128_cbc.getId();
-    public static final String  CAMELLIA192_CBC = NTTObjectIdentifiers.id_camellia192_cbc.getId();
-    public static final String  CAMELLIA256_CBC = NTTObjectIdentifiers.id_camellia256_cbc.getId();
-    public static final String  SEED_CBC        = KISAObjectIdentifiers.id_seedCBC.getId();
-
-    public static final String  DES_EDE3_WRAP   = PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId();
-    public static final String  AES128_WRAP     = NISTObjectIdentifiers.id_aes128_wrap.getId();
-    public static final String  AES192_WRAP     = NISTObjectIdentifiers.id_aes192_wrap.getId();
-    public static final String  AES256_WRAP     = NISTObjectIdentifiers.id_aes256_wrap.getId();
-    public static final String  CAMELLIA128_WRAP = NTTObjectIdentifiers.id_camellia128_wrap.getId();
-    public static final String  CAMELLIA192_WRAP = NTTObjectIdentifiers.id_camellia192_wrap.getId();
-    public static final String  CAMELLIA256_WRAP = NTTObjectIdentifiers.id_camellia256_wrap.getId();
-    public static final String  SEED_WRAP       = KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap.getId();
-
-    public static final String  ECDH_SHA1KDF    = X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme.getId();
-    public static final String  ECMQV_SHA1KDF   = X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme.getId();
-
-    final List oldRecipientInfoGenerators = new ArrayList();
-    final List recipientInfoGenerators = new ArrayList();
-
-    protected CMSAttributeTableGenerator unprotectedAttributeGenerator = null;
-
-    final SecureRandom rand;
-
-    /**
-     * base constructor
-     */
-    public CMSEnvelopedGenerator()
-    {
-        this(new SecureRandom());
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     */
-    public CMSEnvelopedGenerator(
-        SecureRandom rand)
-    {
-        this.rand = rand;
-    }
-
-    public void setUnprotectedAttributeGenerator(CMSAttributeTableGenerator unprotectedAttributeGenerator)
-    {
-        this.unprotectedAttributeGenerator = unprotectedAttributeGenerator;
-    }
-
-    /**
-     * add a recipient.
-     *
-     * @deprecated use the addRecipientGenerator and JceKeyTransRecipientInfoGenerator
-     * @param cert recipient's public key certificate
-     * @exception IllegalArgumentException if there is a problem with the certificate
-     */
-    public void addKeyTransRecipient(
-        X509Certificate cert)
-        throws IllegalArgumentException
-    {
-        KeyTransIntRecipientInfoGenerator ktrig = new KeyTransIntRecipientInfoGenerator();
-        ktrig.setRecipientCert(cert);
-
-        oldRecipientInfoGenerators.add(ktrig);
-    }
-
-    /**
-     * add a recipient
-     *
-     * @deprecated use the addRecipientGenerator and JceKeyTransRecipientInfoGenerator
-     * @param key the public key used by the recipient
-     * @param subKeyId the identifier for the recipient's public key
-     * @exception IllegalArgumentException if there is a problem with the key
-     */
-    public void addKeyTransRecipient(
-        PublicKey   key,
-        byte[]      subKeyId)
-        throws IllegalArgumentException
-    {
-        KeyTransIntRecipientInfoGenerator ktrig = new KeyTransIntRecipientInfoGenerator();
-        ktrig.setRecipientPublicKey(key);
-        ktrig.setSubjectKeyIdentifier(new DEROctetString(subKeyId));
-
-        oldRecipientInfoGenerators.add(ktrig);
-    }
-
-    /**
-     * add a KEK recipient.
-     *
-     * @deprecated use the addRecipientGenerator and JceKEKRecipientInfoGenerator
-     * @param key the secret key to use for wrapping
-     * @param keyIdentifier the byte string that identifies the key
-     */
-    public void addKEKRecipient(
-        SecretKey   key,
-        byte[]      keyIdentifier)
-    {
-        addKEKRecipient(key, new KEKIdentifier(keyIdentifier, null, null));
-    }
-
-    /**
-     * add a KEK recipient.
-     *
-     * @deprecated use the addRecipientGenerator and JceKEKRecipientInfoGenerator
-     * @param key the secret key to use for wrapping
-     * @param kekIdentifier a KEKIdentifier structure (identifies the key)
-     */
-    public void addKEKRecipient(
-        SecretKey       key,
-        KEKIdentifier   kekIdentifier)
-    {
-        KEKIntRecipientInfoGenerator kekrig = new KEKIntRecipientInfoGenerator();
-        kekrig.setKEKIdentifier(kekIdentifier);
-        kekrig.setKeyEncryptionKey(key);
-
-        oldRecipientInfoGenerators.add(kekrig);
-    }
-
-    /**
-     * @deprecated use addRecipientGenerator and JcePasswordRecipientInfoGenerator
-     * @param pbeKey PBE key
-     * @param kekAlgorithmOid key encryption algorithm to use.
-     */
-    public void addPasswordRecipient(
-        CMSPBEKey pbeKey,
-        String    kekAlgorithmOid)
-    {
-        PBKDF2Params params = new PBKDF2Params(pbeKey.getSalt(), pbeKey.getIterationCount());
-
-        PasswordIntRecipientInfoGenerator prig = new PasswordIntRecipientInfoGenerator();
-        prig.setKeyDerivationAlgorithm(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, params));
-        prig.setKeyEncryptionKey(new SecretKeySpec(pbeKey.getEncoded(kekAlgorithmOid), kekAlgorithmOid));
-
-        oldRecipientInfoGenerators.add(prig);
-    }
-
-    /**
-     * Add a key agreement based recipient.
-     *
-     * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator
-     * @param agreementAlgorithm key agreement algorithm to use.
-     * @param senderPrivateKey private key to initialise sender side of agreement with.
-     * @param senderPublicKey sender public key to include with message.
-     * @param recipientCert recipient's public key certificate.
-     * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
-     * @param provider provider to use for the agreement calculation.
-     * @exception NoSuchProviderException if the specified provider cannot be found
-     * @exception NoSuchAlgorithmException if the algorithm requested cannot be found
-     * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
-     */
-    public void addKeyAgreementRecipient(
-        String           agreementAlgorithm,
-        PrivateKey       senderPrivateKey,
-        PublicKey        senderPublicKey,
-        X509Certificate  recipientCert,
-        String           cekWrapAlgorithm,
-        String           provider)
-        throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException
-    {
-        addKeyAgreementRecipient(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCert,  cekWrapAlgorithm, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Add a key agreement based recipient.
-     *
-     * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator
-     * @param agreementAlgorithm key agreement algorithm to use.
-     * @param senderPrivateKey private key to initialise sender side of agreement with.
-     * @param senderPublicKey sender public key to include with message.
-     * @param recipientCert recipient's public key certificate.
-     * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
-     * @param provider provider to use for the agreement calculation.
-     * @exception NoSuchAlgorithmException if the algorithm requested cannot be found
-     * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
-     */
-    public void addKeyAgreementRecipient(
-        String           agreementAlgorithm,
-        PrivateKey       senderPrivateKey,
-        PublicKey        senderPublicKey,
-        X509Certificate  recipientCert,
-        String           cekWrapAlgorithm,
-        Provider         provider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        addKeyAgreementRecipients(agreementAlgorithm, senderPrivateKey, senderPublicKey,
-            Collections.singletonList(recipientCert), cekWrapAlgorithm, provider);
-    }
-
-    /**
-     * Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure).
-     *
-     * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator
-     * @param agreementAlgorithm key agreement algorithm to use.
-     * @param senderPrivateKey private key to initialise sender side of agreement with.
-     * @param senderPublicKey sender public key to include with message.
-     * @param recipientCerts recipients' public key certificates.
-     * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
-     * @param provider provider to use for the agreement calculation.
-     * @exception NoSuchAlgorithmException if the algorithm requested cannot be found
-     * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
-     */
-    public void addKeyAgreementRecipients(
-        String           agreementAlgorithm,
-        PrivateKey       senderPrivateKey,
-        PublicKey        senderPublicKey,
-        Collection       recipientCerts,
-        String           cekWrapAlgorithm,
-        String           provider)
-        throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException
-    {
-        addKeyAgreementRecipients(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCerts, cekWrapAlgorithm, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure).
-     *
-     * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator
-     * @param agreementAlgorithm key agreement algorithm to use.
-     * @param senderPrivateKey private key to initialise sender side of agreement with.
-     * @param senderPublicKey sender public key to include with message.
-     * @param recipientCerts recipients' public key certificates.
-     * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
-     * @param provider provider to use for the agreement calculation.
-     * @exception NoSuchAlgorithmException if the algorithm requested cannot be found
-     * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
-     */
-    public void addKeyAgreementRecipients(
-        String           agreementAlgorithm,
-        PrivateKey       senderPrivateKey,
-        PublicKey        senderPublicKey,
-        Collection       recipientCerts,
-        String           cekWrapAlgorithm,
-        Provider         provider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        /* TODO
-         * "a recipient X.509 version 3 certificate that contains a key usage extension MUST
-         * assert the keyAgreement bit."
-         */
-
-        KeyAgreeIntRecipientInfoGenerator karig = new KeyAgreeIntRecipientInfoGenerator();
-        karig.setKeyAgreementOID(new DERObjectIdentifier(agreementAlgorithm));
-        karig.setKeyEncryptionOID(new DERObjectIdentifier(cekWrapAlgorithm));
-        karig.setRecipientCerts(recipientCerts);
-        karig.setSenderKeyPair(new KeyPair(senderPublicKey, senderPrivateKey));
-
-        oldRecipientInfoGenerators.add(karig);
-    }
-
-    /**
-     * Add a generator to produce the recipient info required.
-     * 
-     * @param recipientGenerator a generator of a recipient info object.
-     */
-    public void addRecipientInfoGenerator(RecipientInfoGenerator recipientGenerator)
-    {
-        recipientInfoGenerators.add(recipientGenerator);
-    }
-
-    protected AlgorithmIdentifier getAlgorithmIdentifier(String encryptionOID, AlgorithmParameters params) throws IOException
-    {
-        DEREncodable asn1Params;
-        if (params != null)
-        {
-            asn1Params = ASN1Object.fromByteArray(params.getEncoded("ASN.1"));
-        }
-        else
-        {
-            asn1Params = DERNull.INSTANCE;
-        }
-
-        return new AlgorithmIdentifier(
-            new DERObjectIdentifier(encryptionOID),
-            asn1Params);
-    }
-
-    protected AlgorithmParameters generateParameters(String encryptionOID, SecretKey encKey, Provider encProvider)
-        throws CMSException
-    {
-        try
-        {
-            AlgorithmParameterGenerator pGen = AlgorithmParameterGenerator.getInstance(encryptionOID, encProvider);
-
-            if (encryptionOID.equals(RC2_CBC))
-            {
-                byte[]  iv = new byte[8];
-
-                rand.nextBytes(iv);
-
-                try
-                {
-                    pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand);
-                }
-                catch (InvalidAlgorithmParameterException e)
-                {
-                    throw new CMSException("parameters generation error: " + e, e);
-                }
-            }
-
-            return pGen.generateParameters();
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            return null;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java
deleted file mode 100644
index 4a52a5081..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java
+++ /dev/null
@@ -1,737 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.cms.KEKRecipientInfo;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
-import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
-import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.util.io.TeeInputStream;
-
-class CMSEnvelopedHelper
-{
-    static final CMSEnvelopedHelper INSTANCE = new CMSEnvelopedHelper();
-
-    private static final Map KEYSIZES = new HashMap();
-    private static final Map BASE_CIPHER_NAMES = new HashMap();
-    private static final Map CIPHER_ALG_NAMES = new HashMap();
-    private static final Map MAC_ALG_NAMES = new HashMap();
-
-    static
-    {
-        KEYSIZES.put(CMSEnvelopedGenerator.DES_EDE3_CBC,  new Integer(192));
-        KEYSIZES.put(CMSEnvelopedGenerator.AES128_CBC,  new Integer(128));
-        KEYSIZES.put(CMSEnvelopedGenerator.AES192_CBC,  new Integer(192));
-        KEYSIZES.put(CMSEnvelopedGenerator.AES256_CBC,  new Integer(256));
-
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC,  "DESEDE");
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES128_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES192_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES256_CBC,  "AES");
-
-        CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC,  "DESEDE/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES128_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES192_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC,  "AES/CBC/PKCS5Padding");
-
-        MAC_ALG_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC,  "DESEDEMac");
-        MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES128_CBC,  "AESMac");
-        MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES192_CBC,  "AESMac");
-        MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC,  "AESMac");
-    }
-
-    String getAsymmetricEncryptionAlgName(
-        String encryptionAlgOID)
-    {
-        if (PKCSObjectIdentifiers.rsaEncryption.getId().equals(encryptionAlgOID))
-        {
-            return "RSA/ECB/PKCS1Padding";
-        }
-        
-        return encryptionAlgOID;    
-    }
-
-    Cipher createAsymmetricCipher(
-        String encryptionOid,
-        String provName)
-        throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException
-    {
-        String asymName = getAsymmetricEncryptionAlgName(encryptionOid);
-        if (!asymName.equals(encryptionOid))
-        {
-            try
-            {
-                // this is reversed as the Sun policy files now allow unlimited strength RSA
-                return Cipher.getInstance(asymName, provName);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-        return Cipher.getInstance(encryptionOid, provName);
-    }
-
-    Cipher createAsymmetricCipher(
-        String encryptionOid,
-        Provider provider)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        String asymName = getAsymmetricEncryptionAlgName(encryptionOid);
-        if (!asymName.equals(encryptionOid))
-        {
-            try
-            {
-                // this is reversed as the Sun policy files now allow unlimited strength RSA
-                return getCipherInstance(asymName, provider);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-        return getCipherInstance(encryptionOid, provider);
-    }
-
-    KeyGenerator createSymmetricKeyGenerator(
-        String encryptionOID, 
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        try
-        {
-            return createKeyGenerator(encryptionOID, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            try
-            {
-                String algName = (String)BASE_CIPHER_NAMES.get(encryptionOID);
-                if (algName != null)
-                {
-                    return createKeyGenerator(algName, provider);
-                }
-            }
-            catch (NoSuchAlgorithmException ex)
-            {
-                // ignore
-            }
-            if (provider != null)
-            {
-                return createSymmetricKeyGenerator(encryptionOID, null);
-            }
-            throw e;
-        }
-    }
-
-    AlgorithmParameters createAlgorithmParameters(
-        String encryptionOID, 
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        try
-        {
-            return createAlgorithmParams(encryptionOID, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            try
-            {
-                String algName = (String)BASE_CIPHER_NAMES.get(encryptionOID);
-                if (algName != null)
-                {
-                    return createAlgorithmParams(algName, provider);
-                }
-            }
-            catch (NoSuchAlgorithmException ex)
-            {
-                // ignore
-            }
-            //
-            // can't try with default provider here as parameters must be from the specified provider.
-            //
-            throw e;
-        }
-    }
-
-    AlgorithmParameterGenerator createAlgorithmParameterGenerator(
-        String encryptionOID,
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        try
-        {
-            return createAlgorithmParamsGenerator(encryptionOID, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            try
-            {
-                String algName = (String)BASE_CIPHER_NAMES.get(encryptionOID);
-                if (algName != null)
-                {
-                    return createAlgorithmParamsGenerator(algName, provider);
-                }
-            }
-            catch (NoSuchAlgorithmException ex)
-            {
-                // ignore
-            }
-            //
-            // can't try with default provider here as parameters must be from the specified provider.
-            //
-            throw e;
-        }
-    }
-
-    String getRFC3211WrapperName(String oid)
-    {
-        String alg = (String)BASE_CIPHER_NAMES.get(oid);
-
-        if (alg == null)
-        {
-            throw new IllegalArgumentException("no name for " + oid);
-        }
-
-        return alg + "RFC3211Wrap";
-    }
-
-    int getKeySize(String oid)
-    {
-        Integer keySize = (Integer)KEYSIZES.get(oid);
-
-        if (keySize == null)
-        {
-            throw new IllegalArgumentException("no keysize for " + oid);
-        }
-
-        return keySize.intValue();
-    }
-
-    private Cipher getCipherInstance(
-        String algName,
-        Provider provider)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        if (provider != null)
-        {
-            return Cipher.getInstance(algName, provider);
-        }
-        else
-        {
-            return Cipher.getInstance(algName);
-        }
-    }
-
-    private AlgorithmParameters createAlgorithmParams(
-        String algName,
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return AlgorithmParameters.getInstance(algName, provider);
-        }
-        else
-        {
-            return AlgorithmParameters.getInstance(algName);
-        }
-    }
-
-    private AlgorithmParameterGenerator createAlgorithmParamsGenerator(
-        String algName,
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return AlgorithmParameterGenerator.getInstance(algName, provider);
-        }
-        else
-        {
-            return AlgorithmParameterGenerator.getInstance(algName);
-        }
-    }
-
-    private KeyGenerator createKeyGenerator(
-        String algName,
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return KeyGenerator.getInstance(algName, provider);
-        }
-        else
-        {
-            return KeyGenerator.getInstance(algName);
-        }
-    }
-
-    Cipher createSymmetricCipher(String encryptionOID, Provider provider)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        try
-        {
-            return getCipherInstance(encryptionOID, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            String alternate = (String)CIPHER_ALG_NAMES.get(encryptionOID);
-
-            try
-            {
-                return getCipherInstance(alternate, provider);
-            }
-            catch (NoSuchAlgorithmException ex)
-            {
-                if (provider != null)
-                {
-                    return createSymmetricCipher(encryptionOID, null); // roll back to default
-                }
-                throw e;
-            }
-        }
-    }
-
-    private Mac createMac(
-        String algName,
-        Provider provider)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        if (provider != null)
-        {
-            return Mac.getInstance(algName, provider);
-        }
-        else
-        {
-            return Mac.getInstance(algName);
-        }
-    }
-
-    Mac getMac(String macOID, Provider provider)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        try
-        {
-            return createMac(macOID, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            String alternate = (String)MAC_ALG_NAMES.get(macOID);
-
-            try
-            {
-                return createMac(alternate, provider);
-            }
-            catch (NoSuchAlgorithmException ex)
-            {
-                if (provider != null)
-                {
-                    return getMac(macOID, null); // roll back to default
-                }
-                throw e;
-            }
-        }
-    }
-
-    AlgorithmParameters getEncryptionAlgorithmParameters(
-        String encOID,
-        byte[] encParams,
-        Provider provider)
-        throws CMSException
-    {
-        if (encParams == null)
-        {
-            return null;
-        }
-
-        try
-        {
-            AlgorithmParameters params = createAlgorithmParameters(encOID, provider);
-
-            params.init(encParams, "ASN.1");
-
-            return params;
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find parameters for algorithm", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("can't find parse parameters", e);
-        }
-    }
-
-    String getSymmetricCipherName(String oid)
-    {
-        String algName = (String)BASE_CIPHER_NAMES.get(oid);
-        if (algName != null)
-        {
-            return algName;
-        }
-        return oid;
-    }
-
-    static RecipientInformationStore buildRecipientInformationStore(
-        ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable)
-    {
-        return buildRecipientInformationStore(recipientInfos, messageAlgorithm, secureReadable, null);
-    }
-
-    static RecipientInformationStore buildRecipientInformationStore(
-        ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData)
-    {
-        List infos = new ArrayList();
-        for (int i = 0; i != recipientInfos.size(); i++)
-        {
-            RecipientInfo info = RecipientInfo.getInstance(recipientInfos.getObjectAt(i));
-
-            readRecipientInfo(infos, info, messageAlgorithm, secureReadable, additionalData);
-        }
-        return new RecipientInformationStore(infos);
-    }
-
-    private static void readRecipientInfo(
-        List infos, RecipientInfo info, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData)
-    {
-        DEREncodable recipInfo = info.getInfo();
-        if (recipInfo instanceof KeyTransRecipientInfo)
-        {
-            infos.add(new KeyTransRecipientInformation(
-                (KeyTransRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData));
-        }
-        else if (recipInfo instanceof KEKRecipientInfo)
-        {
-            infos.add(new KEKRecipientInformation(
-                (KEKRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData));
-        }
-        else if (recipInfo instanceof KeyAgreeRecipientInfo)
-        {
-            KeyAgreeRecipientInformation.readRecipientInfo(infos,
-                (KeyAgreeRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData);
-        }
-        else if (recipInfo instanceof PasswordRecipientInfo)
-        {
-            infos.add(new PasswordRecipientInformation(
-                (PasswordRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData));
-        }
-    }
-
-    static class CMSDigestAuthenticatedSecureReadable
-        implements CMSSecureReadable
-    {
-        private DigestCalculator digestCalculator;
-        private CMSReadable readable;
-
-        public CMSDigestAuthenticatedSecureReadable(DigestCalculator digestCalculator, CMSReadable readable)
-        {
-            this.digestCalculator = digestCalculator;
-            this.readable = readable;
-        }
-
-        public AlgorithmIdentifier getAlgorithm()
-        {
-            return null;  //To change body of implemented methods use File | Settings | File Templates.
-        }
-
-        public Object getCryptoObject()
-        {
-            return null;  //To change body of implemented methods use File | Settings | File Templates.
-        }
-
-        public CMSReadable getReadable(SecretKey key, Provider provider)
-            throws CMSException
-        {
-            return null;  //To change body of implemented methods use File | Settings | File Templates.
-        }
-
-        public InputStream getInputStream()
-            throws IOException, CMSException
-        {
-            return new FilterInputStream(readable.getInputStream())
-            {
-                public int read()
-                    throws IOException
-                {
-                    int b = in.read();
-
-                    if (b >= 0)
-                    {
-                        digestCalculator.getOutputStream().write(b);
-                    }
-
-                    return b;
-                }
-
-                public int read(byte[] inBuf, int inOff, int inLen)
-                    throws IOException
-                {
-                    int n = in.read(inBuf, inOff, inLen);
-                    
-                    if (n >= 0)
-                    {
-                        digestCalculator.getOutputStream().write(inBuf, inOff, n);
-                    }
-
-                    return n;
-                }
-            };
-        }
-
-        public byte[] getDigest()
-        {
-            return digestCalculator.getDigest();
-        }
-    }
-
-    static class CMSAuthenticatedSecureReadable implements CMSSecureReadable
-    {
-        private AlgorithmIdentifier algorithm;
-        private Mac mac;
-        private CMSReadable readable;
-
-        CMSAuthenticatedSecureReadable(AlgorithmIdentifier algorithm, CMSReadable readable)
-        {
-            this.algorithm = algorithm;
-            this.readable = readable;
-        }
-
-        public AlgorithmIdentifier getAlgorithm()
-        {
-            return this.algorithm;
-        }
-
-        public Object getCryptoObject()
-        {
-            return this.mac;
-        }
-
-        public InputStream getInputStream()
-            throws IOException, CMSException
-        {
-            return readable.getInputStream();
-        }
-
-        public CMSReadable getReadable(final SecretKey sKey, final Provider provider)
-            throws CMSException
-        {
-            final String macAlg = this.algorithm.getObjectId().getId();
-            final ASN1Object sParams = (ASN1Object)this.algorithm.getParameters();
-
-            this.mac = (Mac)execute(new JCECallback()
-            {
-                public Object doInJCE() throws CMSException, InvalidAlgorithmParameterException,
-                    InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException,
-                    NoSuchPaddingException
-                {
-                    Mac mac = CMSEnvelopedHelper.INSTANCE.getMac(macAlg, provider);
-
-                    if (sParams != null && !(sParams instanceof ASN1Null))
-                    {
-                        AlgorithmParameters params = CMSEnvelopedHelper.INSTANCE.createAlgorithmParameters(
-                            macAlg, provider);
-
-                        try
-                        {
-                            params.init(sParams.getEncoded(), "ASN.1");
-                        }
-                        catch (IOException e)
-                        {
-                            throw new CMSException("error decoding algorithm parameters.", e);
-                        }
-
-                        mac.init(sKey, params.getParameterSpec(IvParameterSpec.class));
-                    }
-                    else
-                    {
-                        mac.init(sKey);
-                    }
-
-                    return mac;
-                }
-            });
-
-            try
-            {
-                return new CMSProcessableInputStream(
-                    new TeeInputStream(readable.getInputStream(), new MacOutputStream(this.mac)));
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("error reading content.", e);
-            }
-        }
-    }
-
-    static class CMSEnvelopedSecureReadable implements CMSSecureReadable
-    {
-        private AlgorithmIdentifier algorithm;
-        private Cipher cipher;
-        private CMSReadable readable;
-
-        CMSEnvelopedSecureReadable(AlgorithmIdentifier algorithm, CMSReadable readable)
-        {
-            this.algorithm = algorithm;
-            this.readable = readable;
-        }
-
-        public AlgorithmIdentifier getAlgorithm()
-        {
-            return this.algorithm;
-        }
-        public InputStream getInputStream()
-            throws IOException, CMSException
-        {
-            return readable.getInputStream();
-        }
-        public Object getCryptoObject()
-        {
-            return this.cipher;
-        }
-
-        public CMSReadable getReadable(final SecretKey sKey, final Provider provider)
-            throws CMSException
-        {
-            final String encAlg = this.algorithm.getObjectId().getId();
-            final ASN1Object sParams = (ASN1Object)this.algorithm.getParameters();
-
-            this.cipher = (Cipher)execute(new JCECallback()
-            {
-                public Object doInJCE() throws CMSException, InvalidAlgorithmParameterException,
-                    InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException,
-                    NoSuchPaddingException
-                {
-                    Cipher cipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(encAlg, provider);
-
-                    if (sParams != null && !(sParams instanceof ASN1Null))
-                    {
-                        try
-                        {
-                            AlgorithmParameters params = CMSEnvelopedHelper.INSTANCE.createAlgorithmParameters(
-                                encAlg, cipher.getProvider());
-
-                            try
-                            {
-                                params.init(sParams.getEncoded(), "ASN.1");
-                            }
-                            catch (IOException e)
-                            {
-                                throw new CMSException("error decoding algorithm parameters.", e);
-                            }
-
-                            cipher.init(Cipher.DECRYPT_MODE, sKey, params);
-                        }
-                        catch (NoSuchAlgorithmException e)
-                        {
-                            if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC)
-                                || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC)
-                                || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC)
-                                || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC)
-                                || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC))
-                            {
-                                cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(
-                                    ASN1OctetString.getInstance(sParams).getOctets()));
-                            }
-                            else
-                            {
-                                throw e;
-                            }
-                        }
-                    }
-                    else
-                    {
-                        if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC))
-                        {
-                            cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8]));
-                        }
-                        else
-                        {
-                            cipher.init(Cipher.DECRYPT_MODE, sKey);
-                        }
-                    }
-
-                    return cipher;
-                }
-            });
-
-            try
-            {
-                return new CMSProcessableInputStream(new CipherInputStream(readable.getInputStream(), cipher));
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("error reading content.", e);
-            }
-        }
-    }
-
-    static Object execute(JCECallback callback) throws CMSException
-    {
-        try
-        {
-            return callback.doInJCE();
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("algorithm parameters invalid.", e);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-            throw new CMSException("MAC algorithm parameter spec invalid.", e);
-        }
-    }
-
-    static interface JCECallback
-    {
-        Object doInJCE()
-            throws CMSException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException,
-                NoSuchAlgorithmException, NoSuchPaddingException;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSException.java
deleted file mode 100644
index 04bbd69c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.cms;
-
-public class CMSException
-    extends Exception
-{
-    Exception   e;
-
-    public CMSException(
-        String msg)
-    {
-        super(msg);
-    }
-
-    public CMSException(
-        String msg,
-        Exception e)
-    {
-        super(msg);
-
-        this.e = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return e;
-    }
-    
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSPBEKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSPBEKey.java
deleted file mode 100644
index d37bb3173..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSPBEKey.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.spec.InvalidParameterSpecException;
-
-import javax.crypto.interfaces.PBEKey;
-import javax.crypto.spec.PBEParameterSpec;
-
-public abstract class CMSPBEKey
-    implements PBEKey
-{
-    private char[] password;
-    private byte[] salt;
-    private int    iterationCount;
-
-    protected static PBEParameterSpec getParamSpec(AlgorithmParameters algParams)
-        throws InvalidAlgorithmParameterException
-    {
-        try
-        {
-            return (PBEParameterSpec)algParams.getParameterSpec(PBEParameterSpec.class);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-            throw new InvalidAlgorithmParameterException("cannot process PBE spec: " + e.getMessage());
-        }
-    }
-
-    public CMSPBEKey(char[] password, byte[] salt, int iterationCount)
-    {
-        this.password = password;
-        this.salt = salt;
-        this.iterationCount = iterationCount;
-    }
-
-    public CMSPBEKey(char[] password, PBEParameterSpec pbeSpec)
-    {
-        this(password, pbeSpec.getSalt(), pbeSpec.getIterationCount());
-    }
-    
-    public char[] getPassword()
-    {
-        return password;
-    }
-
-    public byte[] getSalt()
-    {
-        return salt;
-    }
-
-    public int getIterationCount()
-    {
-        return iterationCount;
-    }
-
-    public String getAlgorithm()
-    {
-        return "PKCS5S2";
-    }
-
-    public String getFormat()
-    {
-        return "RAW";
-    }
-
-    public byte[] getEncoded()
-    {
-        return null;
-    }
-
-    abstract byte[] getEncoded(String algorithmOid);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessable.java
deleted file mode 100644
index 9f34b9a12..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessable.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * Use CMSTypedData instead of this. See CMSProcessableFile/ByteArray for defaults.
- */
-public interface CMSProcessable
-{
-    /**
-     * generic routine to copy out the data we want processed - the OutputStream
-     * passed in will do the handling on it's own.
-     * 

-     * Note: this routine may be called multiple times.
-     */
-    public void write(OutputStream out)
-        throws IOException, CMSException;
-
-    public Object getContent();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java
deleted file mode 100644
index 2b2c35479..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-
-/**
- * a holding class for a byte array of data to be processed.
- */
-public class CMSProcessableByteArray
-    implements CMSTypedData, CMSReadable
-{
-    private final ASN1ObjectIdentifier type;
-    private final byte[]  bytes;
-
-    public CMSProcessableByteArray(
-        byte[]  bytes)
-    {
-        this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), bytes);
-    }
-
-    public CMSProcessableByteArray(
-        ASN1ObjectIdentifier type,
-        byte[]  bytes)
-    {
-        this.type = type;
-        this.bytes = bytes;
-    }
-
-    public InputStream getInputStream()
-    {
-        return new ByteArrayInputStream(bytes);
-    }
-
-    public void write(OutputStream zOut)
-        throws IOException, CMSException
-    {
-        zOut.write(bytes);
-    }
-
-    public Object getContent()
-    {
-        return bytes.clone();
-    }
-
-    public ASN1ObjectIdentifier getContentType()
-    {
-        return type;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java
deleted file mode 100644
index b1e452779..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-
-/**
- * a holding class for a file of data to be processed.
- */
-public class CMSProcessableFile
-    implements CMSTypedData, CMSReadable
-{
-    private static final int DEFAULT_BUF_SIZE = 32 * 1024;
-
-    private final ASN1ObjectIdentifier type;
-    private final File file;
-    private final byte[] buf;
-
-    public CMSProcessableFile(
-        File file)
-    {
-        this(file, DEFAULT_BUF_SIZE);
-    }
-    
-    public CMSProcessableFile(
-        File file,
-        int  bufSize)
-    {
-        this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), file, bufSize);
-    }
-
-    public CMSProcessableFile(
-        ASN1ObjectIdentifier type,
-        File file,
-        int  bufSize)
-    {
-        this.type = type;
-        this.file = file;
-        buf = new byte[bufSize];
-    }
-
-    public InputStream getInputStream()
-        throws IOException, CMSException
-    {
-        return new BufferedInputStream(new FileInputStream(file), DEFAULT_BUF_SIZE);
-    }
-
-    public void write(OutputStream zOut)
-        throws IOException, CMSException
-    {
-        FileInputStream     fIn = new FileInputStream(file);
-        int                 len;
-        
-        while ((len = fIn.read(buf, 0, buf.length)) > 0)
-        {
-            zOut.write(buf, 0, len);
-        }
-        
-        fIn.close();
-    }
-
-    /**
-     * Return the file handle.
-     */
-    public Object getContent()
-    {
-        return file;
-    }
-
-    public ASN1ObjectIdentifier getContentType()
-    {
-        return type;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java
deleted file mode 100644
index a73e2329c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.util.io.Streams;
-
-class CMSProcessableInputStream implements CMSProcessable, CMSReadable
-{
-    private InputStream input;
-    private boolean used = false;
-
-    public CMSProcessableInputStream(
-        InputStream input)
-    {
-        this.input = input;
-    }
-
-    public InputStream getInputStream()
-    {
-        checkSingleUsage();
-
-        return input;
-    }
-
-    public void write(OutputStream zOut)
-        throws IOException, CMSException
-    {
-        checkSingleUsage();
-
-        Streams.pipeAll(input, zOut);
-        input.close();
-    }
-
-    public Object getContent()
-    {
-        return getInputStream();
-    }
-
-    private synchronized void checkSingleUsage()
-    {
-        if (used)
-        {
-            throw new IllegalStateException("CMSProcessableInputStream can only be used once");
-        }
-
-        used = true;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSReadable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSReadable.java
deleted file mode 100644
index ca8676667..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSReadable.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-interface CMSReadable
-{
-    public InputStream getInputStream()
-        throws IOException, CMSException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java
deleted file mode 100644
index d9f8acc00..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.cms;
-
-public class CMSRuntimeException
-    extends RuntimeException
-{
-    Exception   e;
-
-    public CMSRuntimeException(
-        String name)
-    {
-        super(name);
-    }
-
-    public CMSRuntimeException(
-        String name,
-        Exception e)
-    {
-        super(name);
-
-        this.e = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return e;
-    }
-    
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java
deleted file mode 100644
index 93199c6ce..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.Provider;
-
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-interface CMSSecureReadable
-{
-    AlgorithmIdentifier getAlgorithm();
-    Object getCryptoObject();
-    CMSReadable getReadable(SecretKey key, Provider provider)
-        throws CMSException;
-    InputStream getInputStream()
-            throws IOException, CMSException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedData.java
deleted file mode 100644
index 84e3446c8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedData.java
+++ /dev/null
@@ -1,715 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.BERSequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.SignedData;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.NoSuchStoreException;
-import org.bouncycastle.x509.X509Store;
-
-/**
- * general class for handling a pkcs7-signature message.
- *
- * A simple example of usage - note, in the example below the validity of
- * the certificate isn't verified, just the fact that one of the certs 
- * matches the given signer...
- *
- * 
- *  CertStore               certs = s.getCertificatesAndCRLs("Collection", "BC");
- *  SignerInformationStore  signers = s.getSignerInfos();
- *  Collection              c = signers.getSigners();
- *  Iterator                it = c.iterator();
- *  
- *  while (it.hasNext())
- *  {
- *      SignerInformation   signer = (SignerInformation)it.next();
- *      Collection          certCollection = certStore.getMatches(signer.getSID());
- *
- *      Iterator        certIt = certCollection.iterator();
- *      X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
- *  
- *      if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)))
- *      {
- *          verified++;
- *      }   
- *  }
- * 

- */
-public class CMSSignedData
-{
-    private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE;
-    
-    SignedData              signedData;
-    ContentInfo             contentInfo;
-    CMSProcessable          signedContent;
-    SignerInformationStore  signerInfoStore;
-    X509Store               attributeStore;
-    X509Store               certificateStore;
-    X509Store               crlStore;
-    private Map             hashes;
-
-    private CMSSignedData(
-        CMSSignedData   c)
-    {
-        this.signedData = c.signedData;
-        this.contentInfo = c.contentInfo;
-        this.signedContent = c.signedContent;
-        this.signerInfoStore = c.signerInfoStore;
-    }
-
-    public CMSSignedData(
-        byte[]      sigBlock)
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(sigBlock));
-    }
-
-    public CMSSignedData(
-        CMSProcessable  signedContent,
-        byte[]          sigBlock)
-        throws CMSException
-    {
-        this(signedContent, CMSUtils.readContentInfo(sigBlock));
-    }
-
-    /**
-     * Content with detached signature, digests precomputed
-     *
-     * @param hashes a map of precomputed digests for content indexed by name of hash.
-     * @param sigBlock the signature object.
-     */
-    public CMSSignedData(
-        Map     hashes,
-        byte[]  sigBlock)
-        throws CMSException
-    {
-        this(hashes, CMSUtils.readContentInfo(sigBlock));
-    }
-
-    /**
-     * base constructor - content with detached signature.
-     *
-     * @param signedContent the content that was signed.
-     * @param sigData the signature object.
-     */
-    public CMSSignedData(
-        CMSProcessable  signedContent,
-        InputStream     sigData)
-        throws CMSException
-    {
-        this(signedContent, CMSUtils.readContentInfo(new ASN1InputStream(sigData)));
-    }
-
-    /**
-     * base constructor - with encapsulated content
-     */
-    public CMSSignedData(
-        InputStream sigData)
-        throws CMSException
-    {
-        this(CMSUtils.readContentInfo(sigData));
-    }
-
-    public CMSSignedData(
-        CMSProcessable  signedContent,
-        ContentInfo     sigData)
-    {
-        this.signedContent = signedContent;
-        this.contentInfo = sigData;
-        this.signedData = SignedData.getInstance(contentInfo.getContent());
-    }
-
-    public CMSSignedData(
-        Map             hashes,
-        ContentInfo     sigData)
-    {
-        this.hashes = hashes;
-        this.contentInfo = sigData;
-        this.signedData = SignedData.getInstance(contentInfo.getContent());
-    }
-
-    public CMSSignedData(
-        ContentInfo sigData)
-    {
-        this.contentInfo = sigData;
-        this.signedData = SignedData.getInstance(contentInfo.getContent());
-
-        //
-        // this can happen if the signed message is sent simply to send a
-        // certificate chain.
-        //
-        if (signedData.getEncapContentInfo().getContent() != null)
-        {
-            this.signedContent = new CMSProcessableByteArray(
-                    ((ASN1OctetString)(signedData.getEncapContentInfo()
-                                                .getContent())).getOctets());
-        }
-        else
-        {
-            this.signedContent = null;
-        }
-    }
-
-    /**
-     * Return the version number for this object
-     */
-    public int getVersion()
-    {
-        return signedData.getVersion().getValue().intValue();
-    }
-
-    /**
-     * return the collection of signers that are associated with the
-     * signatures for the message.
-     */
-    public SignerInformationStore getSignerInfos()
-    {
-        if (signerInfoStore == null)
-        {
-            ASN1Set         s = signedData.getSignerInfos();
-            List            signerInfos = new ArrayList();
-            SignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
-
-            for (int i = 0; i != s.size(); i++)
-            {
-                SignerInfo info = SignerInfo.getInstance(s.getObjectAt(i));
-                ASN1ObjectIdentifier contentType = signedData.getEncapContentInfo().getContentType();
-
-                if (hashes == null)
-                {
-                    signerInfos.add(new SignerInformation(info, contentType, signedContent, null, sigAlgFinder));
-                }
-                else
-                {
-
-                    byte[] hash = (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm().getId());
-
-                    signerInfos.add(new SignerInformation(info, contentType, null, new BaseDigestCalculator(hash), sigAlgFinder));
-                }
-            }
-
-            signerInfoStore = new SignerInformationStore(signerInfos);
-        }
-
-        return signerInfoStore;
-    }
-
-    /**
-     * return a X509Store containing the attribute certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider name of provider to use
-     * @return a store of attribute certificates
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use base Store returning method
-     */
-    public X509Store getAttributeCertificates(
-        String type,
-        String provider)
-        throws NoSuchStoreException, NoSuchProviderException, CMSException
-    {
-        return getAttributeCertificates(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a X509Store containing the attribute certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of attribute certificates
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use base Store returning method
-     */
-    public X509Store getAttributeCertificates(
-        String type,
-        Provider provider)
-        throws NoSuchStoreException, CMSException
-    {
-        if (attributeStore == null)
-        {
-            attributeStore = HELPER.createAttributeStore(type, provider, signedData.getCertificates());
-        }
-
-        return attributeStore;
-    }
-
-    /**
-     * return a X509Store containing the public key certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider name of provider to use
-     * @return a store of public key certificates
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use base Store returning method
-     */
-    public X509Store getCertificates(
-        String type,
-        String provider)
-        throws NoSuchStoreException, NoSuchProviderException, CMSException
-    {
-        return getCertificates(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a X509Store containing the public key certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of public key certificates
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use base Store returning method
-     */
-    public X509Store getCertificates(
-        String type,
-        Provider provider)
-        throws NoSuchStoreException, CMSException
-    {
-        if (certificateStore == null)
-        {
-            certificateStore = HELPER.createCertificateStore(type, provider, signedData.getCertificates());
-        }
-
-        return certificateStore;
-    }
-
-    /**
-     * return a X509Store containing CRLs, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider name of provider to use
-     * @return a store of CRLs
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use base Store returning method
-     */
-    public X509Store getCRLs(
-        String type,
-        String provider)
-        throws NoSuchStoreException, NoSuchProviderException, CMSException
-    {
-        return getCRLs(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a X509Store containing CRLs, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of CRLs
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use base Store returning method
-     */
-    public X509Store getCRLs(
-        String type,
-        Provider provider)
-        throws NoSuchStoreException, CMSException
-    {
-        if (crlStore == null)
-        {
-            crlStore = HELPER.createCRLsStore(type, provider, signedData.getCRLs());
-        }
-
-        return crlStore;
-    }
-  
-    /**
-     * return a CertStore containing the certificates and CRLs associated with
-     * this message.
-     *
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchAlgorithmException if the cert store isn't available.
-     * @exception CMSException if a general exception prevents creation of the CertStore
-     * @deprecated use base Store returning method
-     */
-    public CertStore getCertificatesAndCRLs(
-        String  type,
-        String  provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a CertStore containing the certificates and CRLs associated with
-     * this message.
-     *
-     * @exception NoSuchAlgorithmException if the cert store isn't available.
-     * @exception CMSException if a general exception prevents creation of the CertStore
-     * @deprecated use base Store returning method
-     */
-    public CertStore getCertificatesAndCRLs(
-        String  type,
-        Provider  provider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        ASN1Set certSet = signedData.getCertificates();
-        ASN1Set crlSet = signedData.getCRLs();
-
-        return HELPER.createCertStore(type, provider, certSet, crlSet);
-    }
-
-    public Store getCertificates()
-    {
-        ASN1Set certSet = signedData.getCertificates();
-
-        if (certSet != null)
-        {
-            List    certList = new ArrayList(certSet.size());
-
-            for (Enumeration en = certSet.getObjects(); en.hasMoreElements();)
-            {
-                DERObject obj = ((DEREncodable)en.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1Sequence)
-                {
-                    certList.add(new X509CertificateHolder(X509CertificateStructure.getInstance(obj)));
-                }
-            }
-
-            return new CollectionStore(certList);
-        }
-
-        return new CollectionStore(new ArrayList());
-    }
-
-    public Store getCRLs()
-    {
-        ASN1Set crlSet = signedData.getCRLs();
-
-        if (crlSet != null)
-        {
-            List    crlList = new ArrayList(crlSet.size());
-
-            for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
-            {
-                DERObject obj = ((DEREncodable)en.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1Sequence)
-                {
-                    crlList.add(CertificateList.getInstance(obj));
-                }
-            }
-
-            return new CollectionStore(crlList);
-        }
-
-        return new CollectionStore(new ArrayList());
-    }
-
-    public Store getAttributeCertificates()
-    {
-        ASN1Set certSet = signedData.getCertificates();
-
-        if (certSet != null)
-        {
-            List    certList = new ArrayList(certSet.size());
-
-            for (Enumeration en = certSet.getObjects(); en.hasMoreElements();)
-            {
-                DERObject obj = ((DEREncodable)en.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1TaggedObject)
-                {
-                    certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject())));
-                }
-            }
-
-            return new CollectionStore(certList);
-        }
-
-        return new CollectionStore(new ArrayList());
-    }
-
-    /**
-     * Return the a string representation of the OID associated with the
-     * encapsulated content info structure carried in the signed data.
-     * 
-     * @return the OID for the content type.
-     */
-    public String getSignedContentTypeOID()
-    {
-        return signedData.getEncapContentInfo().getContentType().getId();
-    }
-    
-    public CMSProcessable getSignedContent()
-    {
-        return signedContent;
-    }
-
-    /**
-     * return the ContentInfo 
-     */
-    public ContentInfo getContentInfo()
-    {
-        return contentInfo;
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return contentInfo.getEncoded();
-    }
-    
-    /**
-     * Replace the signerinformation store associated with this
-     * CMSSignedData object with the new one passed in. You would
-     * probably only want to do this if you wanted to change the unsigned 
-     * attributes associated with a signer, or perhaps delete one.
-     * 
-     * @param signedData the signed data object to be used as a base.
-     * @param signerInformationStore the new signer information store to use.
-     * @return a new signed data object.
-     */
-    public static CMSSignedData replaceSigners(
-        CMSSignedData           signedData,
-        SignerInformationStore  signerInformationStore)
-    {
-        //
-        // copy
-        //
-        CMSSignedData   cms = new CMSSignedData(signedData);
-        
-        //
-        // replace the store
-        //
-        cms.signerInfoStore = signerInformationStore;
-
-        //
-        // replace the signers in the SignedData object
-        //
-        ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
-        ASN1EncodableVector vec = new ASN1EncodableVector();
-        
-        Iterator    it = signerInformationStore.getSigners().iterator();
-        while (it.hasNext())
-        {
-            SignerInformation signer = (SignerInformation)it.next();
-            digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
-            vec.add(signer.toSignerInfo());
-        }
-
-        ASN1Set             digests = new DERSet(digestAlgs);
-        ASN1Set             signers = new DERSet(vec);
-        ASN1Sequence        sD = (ASN1Sequence)signedData.signedData.getDERObject();
-
-        vec = new ASN1EncodableVector();
-        
-        //
-        // signers are the last item in the sequence.
-        //
-        vec.add(sD.getObjectAt(0)); // version
-        vec.add(digests);
-
-        for (int i = 2; i != sD.size() - 1; i++)
-        {
-            vec.add(sD.getObjectAt(i));
-        }
-        
-        vec.add(signers);
-        
-        cms.signedData = SignedData.getInstance(new BERSequence(vec));
-        
-        //
-        // replace the contentInfo with the new one
-        //
-        cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
-        
-        return cms;
-    }
-
-    /**
-     * Replace the certificate and CRL information associated with this
-     * CMSSignedData object with the new one passed in.
-     * 
-     * @param signedData the signed data object to be used as a base.
-     * @param certsAndCrls the new certificates and CRLs to be used.
-     * @return a new signed data object.
-     * @exception CMSException if there is an error processing the CertStore
-     */
-    public static CMSSignedData replaceCertificatesAndCRLs(
-        CMSSignedData   signedData,
-        CertStore       certsAndCrls)
-        throws CMSException
-    {
-        //
-        // copy
-        //
-        CMSSignedData   cms = new CMSSignedData(signedData);
-        
-        //
-        // replace the certs and crls in the SignedData object
-        //
-        ASN1Set             certs = null;
-        ASN1Set             crls = null;
-
-        try
-        {
-            ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls));
-
-            if (set.size() != 0)
-            {
-                certs = set;
-            }
-        }
-        catch (CertStoreException e)
-        {
-            throw new CMSException("error getting certs from certStore", e);
-        }
-
-        try
-        {
-            ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls));
-
-            if (set.size() != 0)
-            {
-                crls = set;
-            }
-        }
-        catch (CertStoreException e)
-        {
-            throw new CMSException("error getting crls from certStore", e);
-        }
-        
-        //
-        // replace the CMS structure.
-        //
-        cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), 
-                                   signedData.signedData.getEncapContentInfo(),
-                                   certs,
-                                   crls,
-                                   signedData.signedData.getSignerInfos());
-        
-        //
-        // replace the contentInfo with the new one
-        //
-        cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
-        
-        return cms;
-    }
-
-    /**
-     * Replace the certificate and CRL information associated with this
-     * CMSSignedData object with the new one passed in.
-     *
-     * @param signedData the signed data object to be used as a base.
-     * @param certificates the new certificates to be used.
-     * @param attrCerts the new attribute certificates to be used.
-     * @param crls the new CRLs to be used.
-     * @return a new signed data object.
-     * @exception CMSException if there is an error processing the CertStore
-     */
-    public static CMSSignedData replaceCertificatesAndCRLs(
-        CMSSignedData   signedData,
-        Store           certificates,
-        Store           attrCerts,
-        Store           crls)
-        throws CMSException
-    {
-        //
-        // copy
-        //
-        CMSSignedData   cms = new CMSSignedData(signedData);
-
-        //
-        // replace the certs and crls in the SignedData object
-        //
-        ASN1Set certSet = null;
-        ASN1Set crlSet = null;
-
-        if (certificates != null || attrCerts != null)
-        {
-            List certs = new ArrayList();
-
-            if (certificates != null)
-            {
-                certs.addAll(CMSUtils.getCertificatesFromStore(certificates));
-            }
-            if (attrCerts != null)
-            {
-                certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));   
-            }
-
-            ASN1Set set = CMSUtils.createBerSetFromList(certs);
-
-            if (set.size() != 0)
-            {
-                certSet = set;
-            }
-        }
-
-        if (crls != null)
-        {
-            ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls));
-
-            if (set.size() != 0)
-            {
-                crlSet = set;
-            }
-        }
-
-        //
-        // replace the CMS structure.
-        //
-        cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(),
-                                   signedData.signedData.getEncapContentInfo(),
-                                   certSet,
-                                   crlSet,
-                                   signedData.signedData.getSignerInfos());
-
-        //
-        // replace the contentInfo with the new one
-        //
-        cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
-
-        return cms;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
deleted file mode 100644
index bec9b84c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
+++ /dev/null
@@ -1,957 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.BufferedOutputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.SignedData;
-import org.bouncycastle.asn1.cms.SignerIdentifier;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * general class for generating a pkcs7-signature message.
- * 

- * A simple example of usage, generating a detached signature.
- *
- * 
- *      List             certList = new ArrayList();
- *      CMSTypedData     msg = new CMSProcessableByteArray("Hello world!".getBytes());
- *
- *      certList.add(signCert);
- *
- *      Store           certs = new JcaCertStore(certList);
- *
- *      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- *      ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate());
- *
- *      gen.addSignerInfoGenerator(
- *                new JcaSignerInfoGeneratorBuilder(
- *                     new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
- *                     .build(sha1Signer, signCert));
- *
- *      gen.addCertificates(certs);
- *
- *      CMSSignedData sigData = gen.generate(msg, false);
- * 

- */
-public class CMSSignedDataGenerator
-    extends CMSSignedGenerator
-{
-    private List signerInfs = new ArrayList();
-
-    private class SignerInf
-    {
-        final PrivateKey                  key;
-        final SignerIdentifier            signerIdentifier;
-        final String                      digestOID;
-        final String                      encOID;
-        final CMSAttributeTableGenerator  sAttr;
-        final CMSAttributeTableGenerator  unsAttr;
-        final AttributeTable              baseSignedTable;
-
-        SignerInf(
-            PrivateKey                 key,
-            SignerIdentifier           signerIdentifier,
-            String                     digestOID,
-            String                     encOID,
-            CMSAttributeTableGenerator sAttr,
-            CMSAttributeTableGenerator unsAttr,
-            AttributeTable             baseSignedTable)
-        {
-            this.key = key;
-            this.signerIdentifier = signerIdentifier;
-            this.digestOID = digestOID;
-            this.encOID = encOID;
-            this.sAttr = sAttr;
-            this.unsAttr = unsAttr;
-            this.baseSignedTable = baseSignedTable;
-        }
-
-        AlgorithmIdentifier getDigestAlgorithmID()
-        {
-            return new AlgorithmIdentifier(new DERObjectIdentifier(digestOID), new DERNull());
-        }
-
-        SignerInfo toSignerInfo(
-            DERObjectIdentifier contentType,
-            CMSProcessable      content,
-            SecureRandom        random,
-            Provider            sigProvider,
-            boolean             addDefaultAttributes)
-            throws IOException, SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException, CMSException
-        {
-            AlgorithmIdentifier digAlgId = getDigestAlgorithmID();
-            String              digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
-            String              signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID);
-            Signature           sig = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, sigProvider);
-            MessageDigest       dig = CMSSignedHelper.INSTANCE.getDigestInstance(digestName, sigProvider);               
-            AlgorithmIdentifier encAlgId = getEncAlgorithmIdentifier(encOID, sig);
-
-            if (content != null)
-            {
-                content.write(new DigOutputStream(dig));
-            }
-
-            byte[] hash = dig.digest();
-            digests.put(digestOID, hash.clone());
-
-            AttributeTable signed;
-            if (addDefaultAttributes)
-            {
-                Map parameters = getBaseParameters(contentType, digAlgId, hash);
-                signed = (sAttr != null) ? sAttr.getAttributes(Collections.unmodifiableMap(parameters)) : null;
-            }
-            else
-            {
-                signed = baseSignedTable;
-            }
-
-            sig.initSign(key, random);
-            OutputStream sigStr = new BufferedOutputStream(new SigOutputStream(sig));
-
-            ASN1Set signedAttr = null;
-            if (signed != null)
-            {
-                if (contentType == null) //counter signature
-                {
-                    if (signed.get(CMSAttributes.contentType) != null)
-                    {
-                        Hashtable tmpSigned = signed.toHashtable();
-                        tmpSigned.remove(CMSAttributes.contentType);
-                        signed = new AttributeTable(tmpSigned);
-                    }
-                }
-
-                // TODO Validate proposed signed attributes
-
-                signedAttr = getAttributeSet(signed);
-
-                // sig must be composed from the DER encoding.
-                new DEROutputStream(sigStr).writeObject(signedAttr);
-            }
-            else if (content != null)
-            {
-                // TODO Use raw signature of the hash value instead
-                content.write(sigStr);
-            }
-
-            sigStr.close();
-            byte[] sigBytes = sig.sign();
-
-            ASN1Set unsignedAttr = null;
-            if (unsAttr != null)
-            {
-                Map parameters = getBaseParameters(contentType, digAlgId, hash);
-                parameters.put(CMSAttributeTableGenerator.SIGNATURE, sigBytes.clone());
-
-                AttributeTable unsigned = unsAttr.getAttributes(Collections.unmodifiableMap(parameters));
-
-                // TODO Validate proposed unsigned attributes
-
-                unsignedAttr = getAttributeSet(unsigned);
-            }
-
-            return new SignerInfo(signerIdentifier, digAlgId,
-                signedAttr, encAlgId, new DEROctetString(sigBytes), unsignedAttr);
-        }
-    }
-    
-    /**
-     * base constructor
-     */
-    public CMSSignedDataGenerator()
-    {
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     */
-    public CMSSignedDataGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     *
-     * @param key signing key to use
-     * @param cert certificate containing corresponding public key
-     * @param digestOID digest algorithm OID
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID)
-        throws IllegalArgumentException
-    {
-        addSigner(key, cert, getEncOID(key, digestOID), digestOID);
-    }
-
-    /**
-     * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
-     * provided here.
-     *
-     * @param key signing key to use
-     * @param cert certificate containing corresponding public key
-     * @param encryptionOID digest encryption algorithm OID
-     * @param digestOID digest algorithm OID
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID)
-        throws IllegalArgumentException
-    {
-        doAddSigner(key, getSignerIdentifier(cert), encryptionOID, digestOID,
-            new DefaultSignedAttributeTableGenerator(), null, null);
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          digestOID)
-        throws IllegalArgumentException
-    {
-        addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID);
-    }
-
-    /**
-     * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
-     * provided here.
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          encryptionOID,
-        String          digestOID)
-        throws IllegalArgumentException
-    {
-        doAddSigner(key, getSignerIdentifier(subjectKeyID), encryptionOID, digestOID,
-            new DefaultSignedAttributeTableGenerator(), null, null);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes.
-     *
-     * @param key signing key to use
-     * @param cert certificate containing corresponding public key
-     * @param digestOID digest algorithm OID
-     * @param signedAttr table of attributes to be included in signature
-     * @param unsignedAttr table of attributes to be included as unsigned
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException
-    {
-        addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttr, unsignedAttr);
-    }
-
-    /**
-     * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
-     *
-     * @param key signing key to use
-     * @param cert certificate containing corresponding public key
-     * @param encryptionOID digest encryption algorithm OID
-     * @param digestOID digest algorithm OID
-     * @param signedAttr table of attributes to be included in signature
-     * @param unsignedAttr table of attributes to be included as unsigned
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException
-    {
-        doAddSigner(key, getSignerIdentifier(cert), encryptionOID, digestOID,
-          new DefaultSignedAttributeTableGenerator(signedAttr),
-          new SimpleAttributeTableGenerator(unsignedAttr), signedAttr);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes.
-     *
-     * @param key signing key to use
-     * @param subjectKeyID subjectKeyID of corresponding public key
-     * @param digestOID digest algorithm OID
-     * @param signedAttr table of attributes to be included in signature
-     * @param unsignedAttr table of attributes to be included as unsigned
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException
-    {
-        addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttr,
-            unsignedAttr); 
-    }
-
-    /**
-     * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
-     *
-     * @param key signing key to use
-     * @param subjectKeyID subjectKeyID of corresponding public key
-     * @param encryptionOID digest encryption algorithm OID
-     * @param digestOID digest algorithm OID
-     * @param signedAttr table of attributes to be included in signature
-     * @param unsignedAttr table of attributes to be included as unsigned
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          encryptionOID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException
-    {
-        doAddSigner(key, getSignerIdentifier(subjectKeyID), encryptionOID, digestOID,
-            new DefaultSignedAttributeTableGenerator(signedAttr),
-            new SimpleAttributeTableGenerator(unsignedAttr), signedAttr);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes based on generators.
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGen,
-        CMSAttributeTableGenerator  unsignedAttrGen)
-        throws IllegalArgumentException
-    {
-        addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttrGen, unsignedAttrGen);
-    }
-
-    /**
-     * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators.
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGen,
-        CMSAttributeTableGenerator  unsignedAttrGen)
-        throws IllegalArgumentException
-    {
-        doAddSigner(key, getSignerIdentifier(cert), encryptionOID, digestOID, signedAttrGen,
-            unsignedAttrGen, null);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes based on generators.
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGen,
-        CMSAttributeTableGenerator  unsignedAttrGen)
-        throws IllegalArgumentException
-    {
-        addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttrGen,
-            unsignedAttrGen);
-    }
-
-    /**
-     * add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators.
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGen,
-        CMSAttributeTableGenerator  unsignedAttrGen)
-        throws IllegalArgumentException
-    {
-        doAddSigner(key, getSignerIdentifier(subjectKeyID), encryptionOID, digestOID,
-            signedAttrGen, unsignedAttrGen, null);
-    }
-
-    private void doAddSigner(
-        PrivateKey                  key,
-        SignerIdentifier            signerIdentifier,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGen,
-        CMSAttributeTableGenerator  unsignedAttrGen,
-        AttributeTable              baseSignedTable)
-        throws IllegalArgumentException
-    {
-        signerInfs.add(new SignerInf(key, signerIdentifier, digestOID, encryptionOID,
-            signedAttrGen, unsignedAttrGen, baseSignedTable));
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider.
-     */
-    public CMSSignedData generate(
-        CMSProcessable content,
-        String         sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return generate(content, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider.
-     */
-    public CMSSignedData generate(
-        CMSProcessable content,
-        Provider       sigProvider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        return generate(content, false, sigProvider);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature. The content type
-     * is set according to the OID represented by the string signedContentType.
-     * @deprecated use generate(CMSTypedData, boolean)
-     */
-    public CMSSignedData generate(
-        String          eContentType,
-        CMSProcessable  content,
-        boolean         encapsulate,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider),
-            true);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature. The content type
-     * is set according to the OID represented by the string signedContentType.
-     * @deprecated use generate(CMSTypedData, boolean)
-     */
-    public CMSSignedData generate(
-        String          eContentType,
-        CMSProcessable  content,
-        boolean         encapsulate,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        return generate(eContentType, content, encapsulate, sigProvider, true);
-    }
-
-    /**
-     * Similar method to the other generate methods. The additional argument
-     * addDefaultAttributes indicates whether or not a default set of signed attributes
-     * need to be added automatically. If the argument is set to false, no
-     * attributes will get added at all.
-     * @deprecated use generate(CMSTypedData, boolean)
-     */
-    public CMSSignedData generate(
-        String                  eContentType,
-        CMSProcessable          content,
-        boolean                 encapsulate,
-        String                  sigProvider,
-        boolean                 addDefaultAttributes)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider),
-            addDefaultAttributes);
-    }
-
-    /**
-     * Similar method to the other generate methods. The additional argument
-     * addDefaultAttributes indicates whether or not a default set of signed attributes
-     * need to be added automatically. If the argument is set to false, no
-     * attributes will get added at all.
-     */
-    public CMSSignedData generate(
-        String                  eContentType,
-        // FIXME Avoid accessing more than once to support CMSProcessableInputStream
-        CMSProcessable          content,
-        boolean                 encapsulate,
-        Provider                sigProvider,
-        boolean                 addDefaultAttributes)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        // TODO
-//        if (signerInfs.isEmpty())
-//        {
-//            /* RFC 3852 5.2
-//             * "In the degenerate case where there are no signers, the
-//             * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
-//             * case, the content type within the EncapsulatedContentInfo value being
-//             * "signed" MUST be id-data (as defined in section 4), and the content
-//             * field of the EncapsulatedContentInfo value MUST be omitted."
-//             */
-//            if (encapsulate)
-//            {
-//                throw new IllegalArgumentException("no signers, encapsulate must be false");
-//            }
-//            if (!DATA.equals(eContentType))
-//            {
-//                throw new IllegalArgumentException("no signers, eContentType must be id-data");
-//            }
-//        }
-//
-//        if (!DATA.equals(eContentType))
-//        {
-//            /* RFC 3852 5.3
-//             * [The 'signedAttrs']...
-//             * field is optional, but it MUST be present if the content type of
-//             * the EncapsulatedContentInfo value being signed is not id-data.
-//             */
-//            // TODO signedAttrs must be present for all signers
-//        }
-
-        ASN1EncodableVector  digestAlgs = new ASN1EncodableVector();
-        ASN1EncodableVector  signerInfos = new ASN1EncodableVector();
-
-        digests.clear();  // clear the current preserved digest state
-
-        //
-        // add the precalculated SignerInfo objects.
-        //
-        for (Iterator it = _signers.iterator(); it.hasNext();)
-        {
-            SignerInformation signer = (SignerInformation)it.next();
-            digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
-
-            // TODO Verify the content type and calculated digest match the precalculated SignerInfo
-            signerInfos.add(signer.toSignerInfo());
-        }
-        
-        //
-        // add the SignerInfo objects
-        //
-        boolean isCounterSignature = (eContentType == null);
-
-        ASN1ObjectIdentifier contentTypeOID = isCounterSignature
-            ?   null
-            :   new ASN1ObjectIdentifier(eContentType);
-
-        for (Iterator it = signerGens.iterator(); it.hasNext();)
-        {
-            SignerInfoGenerator sGen = (SignerInfoGenerator)it.next();
-
-            if (content != null)
-            {
-                OutputStream cOut = sGen.getCalculatingOutputStream();
-
-                try
-                {
-                    content.write(cOut);
-
-                    cOut.close();
-                }
-                catch (IOException e)
-                {
-                    throw new CMSException("data processing exception: " + e.getMessage(), e);
-                }
-            }
-
-            SignerInfo inf = sGen.generate(contentTypeOID);
-
-            digestAlgs.add(inf.getDigestAlgorithm());
-            signerInfos.add(inf);
-        }
-
-        for (Iterator it = signerInfs.iterator(); it.hasNext();)
-        {
-            SignerInf signer = (SignerInf)it.next();
-
-            try
-            {
-                digestAlgs.add(signer.getDigestAlgorithmID());
-                signerInfos.add(signer.toSignerInfo(contentTypeOID, content, rand, sigProvider,
-                    addDefaultAttributes));
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("encoding error.", e);
-            }
-            catch (InvalidKeyException e)
-            {
-                throw new CMSException("key inappropriate for signature.", e);
-            }
-            catch (SignatureException e)
-            {
-                throw new CMSException("error creating signature.", e);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new CMSException("error creating sid.", e);
-            }
-        }
-
-        ASN1Set certificates = null;
-
-        if (certs.size() != 0)
-        {
-            certificates = CMSUtils.createBerSetFromList(certs);
-        }
-
-        ASN1Set certrevlist = null;
-
-        if (crls.size() != 0)
-        {
-            certrevlist = CMSUtils.createBerSetFromList(crls);
-        }
-
-        ASN1OctetString octs = null;
-        if (encapsulate)
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-
-            if (content != null)
-            {
-                try
-                {
-                    content.write(bOut);
-                }
-                catch (IOException e)
-                {
-                    throw new CMSException("encapsulation error.", e);
-                }
-            }
-
-            octs = new BERConstructedOctetString(bOut.toByteArray());
-        }
-
-        ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
-
-        SignedData  sd = new SignedData(
-                                 new DERSet(digestAlgs),
-                                 encInfo, 
-                                 certificates, 
-                                 certrevlist, 
-                                 new DERSet(signerInfos));
-
-        ContentInfo contentInfo = new ContentInfo(
-            CMSObjectIdentifiers.signedData, sd);
-
-        return new CMSSignedData(content, contentInfo);
-    }
-    
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature with the
-     * default content type "data".
-     * @deprecated use generate(CMSTypedData, boolean)
-     */
-    public CMSSignedData generate(
-        CMSProcessable  content,
-        boolean         encapsulate,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        if (content instanceof CMSTypedData)
-        {
-            return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider);
-        }
-        else
-        {
-            return this.generate(DATA, content, encapsulate, sigProvider);
-        }
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature with the
-     * default content type "data".
-     * @deprecated use generate(CMSTypedData, boolean)
-     */
-    public CMSSignedData generate(
-        CMSProcessable  content,
-        boolean         encapsulate,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        if (content instanceof CMSTypedData)
-        {
-            return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider);
-        }
-        else
-        {
-            return this.generate(DATA, content, encapsulate, sigProvider);
-        }
-    }
-
-    public CMSSignedData generate(
-        CMSTypedData content)
-        throws CMSException
-    {
-        return generate(content, false);
-    }
-
-    public CMSSignedData generate(
-        CMSTypedData content,
-        boolean encapsulate)
-        throws CMSException
-    {
-        if (!signerInfs.isEmpty())
-        {
-            throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
-        }
-
-                // TODO
-//        if (signerInfs.isEmpty())
-//        {
-//            /* RFC 3852 5.2
-//             * "In the degenerate case where there are no signers, the
-//             * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
-//             * case, the content type within the EncapsulatedContentInfo value being
-//             * "signed" MUST be id-data (as defined in section 4), and the content
-//             * field of the EncapsulatedContentInfo value MUST be omitted."
-//             */
-//            if (encapsulate)
-//            {
-//                throw new IllegalArgumentException("no signers, encapsulate must be false");
-//            }
-//            if (!DATA.equals(eContentType))
-//            {
-//                throw new IllegalArgumentException("no signers, eContentType must be id-data");
-//            }
-//        }
-//
-//        if (!DATA.equals(eContentType))
-//        {
-//            /* RFC 3852 5.3
-//             * [The 'signedAttrs']...
-//             * field is optional, but it MUST be present if the content type of
-//             * the EncapsulatedContentInfo value being signed is not id-data.
-//             */
-//            // TODO signedAttrs must be present for all signers
-//        }
-
-        ASN1EncodableVector  digestAlgs = new ASN1EncodableVector();
-        ASN1EncodableVector  signerInfos = new ASN1EncodableVector();
-
-        digests.clear();  // clear the current preserved digest state
-
-        //
-        // add the precalculated SignerInfo objects.
-        //
-        for (Iterator it = _signers.iterator(); it.hasNext();)
-        {
-            SignerInformation signer = (SignerInformation)it.next();
-            digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
-
-            // TODO Verify the content type and calculated digest match the precalculated SignerInfo
-            signerInfos.add(signer.toSignerInfo());
-        }
-
-        //
-        // add the SignerInfo objects
-        //
-        ASN1ObjectIdentifier contentTypeOID = content.getContentType();
-
-        ASN1OctetString octs = null;
-
-        if (encapsulate)
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-
-            if (content != null)
-            {
-                try
-                {
-                    content.write(bOut);
-                }
-                catch (IOException e)
-                {
-                    throw new CMSException("encapsulation error.", e);
-                }
-            }
-
-            octs = new BERConstructedOctetString(bOut.toByteArray());
-        }
-
-        if (content != null)
-        {
-            ByteArrayOutputStream bOut = null;
-
-            if (encapsulate)
-            {
-                bOut = new ByteArrayOutputStream();
-            }
-
-            OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
-
-            // Just in case it's unencapsulated and there are no signers!
-            cOut = CMSUtils.getSafeOutputStream(cOut);
-
-            try
-            {
-                content.write(cOut);
-
-                cOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("data processing exception: " + e.getMessage(), e);
-            }
-
-            if (encapsulate)
-            {
-                octs = new BERConstructedOctetString(bOut.toByteArray());
-            }
-        }
-
-        for (Iterator it = signerGens.iterator(); it.hasNext();)
-        {
-            SignerInfoGenerator sGen = (SignerInfoGenerator)it.next();
-            SignerInfo inf = sGen.generate(contentTypeOID);
-
-            digestAlgs.add(inf.getDigestAlgorithm());
-            signerInfos.add(inf);
-
-            byte[] calcDigest = sGen.getCalculatedDigest();
-
-            if (calcDigest != null)
-            {
-                digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
-            }
-        }
-
-        ASN1Set certificates = null;
-
-        if (certs.size() != 0)
-        {
-            certificates = CMSUtils.createBerSetFromList(certs);
-        }
-
-        ASN1Set certrevlist = null;
-
-        if (crls.size() != 0)
-        {
-            certrevlist = CMSUtils.createBerSetFromList(crls);
-        }
-
-        ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
-
-        SignedData  sd = new SignedData(
-                                 new DERSet(digestAlgs),
-                                 encInfo,
-                                 certificates,
-                                 certrevlist,
-                                 new DERSet(signerInfos));
-
-        ContentInfo contentInfo = new ContentInfo(
-            CMSObjectIdentifiers.signedData, sd);
-
-        return new CMSSignedData(content, contentInfo);
-    }
-
-    /**
-     * generate a set of one or more SignerInformation objects representing counter signatures on
-     * the passed in SignerInformation object.
-     *
-     * @param signer the signer to be countersigned
-     * @param sigProvider the provider to be used for counter signing.
-     * @return a store containing the signers.
-     * @deprecated use generateCounterSigners(SignerInformation)
-     */
-    public SignerInformationStore generateCounterSigners(SignerInformation signer, Provider sigProvider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, sigProvider).getSignerInfos();
-    }
-
-    /**
-     * generate a set of one or more SignerInformation objects representing counter signatures on
-     * the passed in SignerInformation object.
-     *
-     * @param signer the signer to be countersigned
-     * @param sigProvider the provider to be used for counter signing.
-     * @return a store containing the signers.
-     * @deprecated use generateCounterSigners(SignerInformation)
-     */
-    public SignerInformationStore generateCounterSigners(SignerInformation signer, String sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, CMSUtils.getProvider(sigProvider)).getSignerInfos();
-    }
-
-    /**
-     * generate a set of one or more SignerInformation objects representing counter signatures on
-     * the passed in SignerInformation object.
-     *
-     * @param signer the signer to be countersigned
-     * @return a store containing the signers.
-     */
-    public SignerInformationStore generateCounterSigners(SignerInformation signer)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return this.generate(new CMSProcessableByteArray(null, signer.getSignature()), false).getSignerInfos();
-    }
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java
deleted file mode 100644
index 5a28546cc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java
+++ /dev/null
@@ -1,942 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Generator;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetStringParser;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1SequenceParser;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1SetParser;
-import org.bouncycastle.asn1.ASN1StreamParser;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.BERSequenceGenerator;
-import org.bouncycastle.asn1.BERSetParser;
-import org.bouncycastle.asn1.BERTaggedObject;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.DERTags;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfoParser;
-import org.bouncycastle.asn1.cms.SignedDataParser;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CRLHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.io.Streams;
-import org.bouncycastle.x509.NoSuchStoreException;
-import org.bouncycastle.x509.X509Store;
-
-/**
- * Parsing class for an CMS Signed Data object from an input stream.
- * 

- * Note: that because we are in a streaming mode only one signer can be tried and it is important 
- * that the methods on the parser are called in the appropriate order.
- * 

- * 

- * A simple example of usage for an encapsulated signature.
- * 

- * 

- * Two notes: first, in the example below the validity of
- * the certificate isn't verified, just the fact that one of the certs 
- * matches the given signer, and, second, because we are in a streaming
- * mode the order of the operations is important.
- * 

- * 
- *      CMSSignedDataParser     sp = new CMSSignedDataParser(encapSigData);
- *
- *      sp.getSignedContent().drain();
- *
- *      CertStore               certs = sp.getCertificatesAndCRLs("Collection", "BC");
- *      SignerInformationStore  signers = sp.getSignerInfos();
- *      
- *      Collection              c = signers.getSigners();
- *      Iterator                it = c.iterator();
- *
- *      while (it.hasNext())
- *      {
- *          SignerInformation   signer = (SignerInformation)it.next();
- *          Collection          certCollection = certStore.getMatches(signer.getSID());
- *
- *          Iterator        certIt = certCollection.iterator();
- *          X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
- *
- *          System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
- *      }
- * 

- *  Note also: this class does not introduce buffering - if you are processing large files you should create
- *  the parser with:
- *  
- *          CMSSignedDataParser     ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
- *  

- *  where bufSize is a suitably large buffer size.
- */
-public class CMSSignedDataParser
-    extends CMSContentInfoParser
-{
-    private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE;
-
-    private SignedDataParser        _signedData;
-    private ASN1ObjectIdentifier    _signedContentType;
-    private CMSTypedStream          _signedContent;
-    private Map                     _digests;
-    
-    private CertStore               _certStore;
-    private SignerInformationStore  _signerInfoStore;
-    private X509Store               _attributeStore;
-    private ASN1Set                 _certSet, _crlSet;
-    private boolean                 _isCertCrlParsed;
-    private X509Store               _certificateStore;
-    private X509Store               _crlStore;
-
-    public CMSSignedDataParser(
-        byte[]      sigBlock)
-        throws CMSException
-    {
-        this(new ByteArrayInputStream(sigBlock));
-    }
-
-    public CMSSignedDataParser(
-        CMSTypedStream  signedContent,
-        byte[]          sigBlock)
-        throws CMSException
-    {
-        this(signedContent, new ByteArrayInputStream(sigBlock));
-    }
-
-    /**
-     * base constructor - with encapsulated content
-     */
-    public CMSSignedDataParser(
-        InputStream sigData)
-        throws CMSException
-    {
-        this(null, sigData);
-    }
-
-    /**
-     * base constructor
-     *
-     * @param signedContent the content that was signed.
-     * @param sigData the signature object stream.
-     */
-    public CMSSignedDataParser(
-        CMSTypedStream  signedContent,
-        InputStream     sigData) 
-        throws CMSException
-    {
-        super(sigData);
-        
-        try
-        {
-            _signedContent = signedContent;
-            _signedData = SignedDataParser.getInstance(_contentInfo.getContent(DERTags.SEQUENCE));
-            _digests = new HashMap();
-            
-            ASN1SetParser digAlgs = _signedData.getDigestAlgorithms();
-            DEREncodable  o;
-            
-            while ((o = digAlgs.readObject()) != null)
-            {
-                AlgorithmIdentifier id = AlgorithmIdentifier.getInstance(o.getDERObject());
-                try
-                {
-                    String        digestName = HELPER.getDigestAlgName(id.getObjectId().toString());
-                    MessageDigest dig = HELPER.getDigestInstance(digestName, null);
-
-                    this._digests.put(digestName, dig);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                     //  ignore
-                }
-            }
-
-            //
-            // If the message is simply a certificate chain message getContent() may return null.
-            //
-            ContentInfoParser     cont = _signedData.getEncapContentInfo();
-            ASN1OctetStringParser octs = (ASN1OctetStringParser)
-                cont.getContent(DERTags.OCTET_STRING);
-
-            if (octs != null)
-            {
-                CMSTypedStream ctStr = new CMSTypedStream(
-                    cont.getContentType().getId(), octs.getOctetStream());
-
-                if (_signedContent == null)
-                {
-                    _signedContent = ctStr; 
-                }
-                else
-                {
-                    //
-                    // content passed in, need to read past empty encapsulated content info object if present
-                    //
-                    ctStr.drain();
-                }
-            }
-
-            if (signedContent == null)
-            {
-                _signedContentType = cont.getContentType();
-            }
-            else
-            {
-                _signedContentType = _signedContent.getContentType();
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("io exception: " + e.getMessage(), e);
-        }
-        
-        if (_digests.isEmpty())
-        {
-            throw new CMSException("no digests could be created for message.");
-        }
-    }
-
-    /**
-     * Return the version number for the SignedData object
-     *
-     * @return the version number
-     */
-    public int getVersion()
-    {
-        return _signedData.getVersion().getValue().intValue();
-    }
-
-    /**
-     * return the collection of signers that are associated with the
-     * signatures for the message.
-     * @throws CMSException 
-     */
-    public SignerInformationStore getSignerInfos() 
-        throws CMSException
-    {
-        if (_signerInfoStore == null)
-        {
-            populateCertCrlSets();
-            
-            List      signerInfos = new ArrayList();
-            Map       hashes = new HashMap();
-            
-            Iterator  it = _digests.keySet().iterator();
-            while (it.hasNext())
-            {
-                Object digestKey = it.next();
-                
-                hashes.put(digestKey, ((MessageDigest)_digests.get(digestKey)).digest());
-            }
-            
-            try
-            {
-                ASN1SetParser     s = _signedData.getSignerInfos();
-                DEREncodable      o;
-                SignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
-                
-                while ((o = s.readObject()) != null)
-                {
-                    SignerInfo info = SignerInfo.getInstance(o.getDERObject());
-                    String     digestName = HELPER.getDigestAlgName(info.getDigestAlgorithm().getAlgorithm().getId());
-                    
-                    byte[] hash = (byte[])hashes.get(digestName);
-                    
-                    signerInfos.add(new SignerInformation(info, _signedContentType, null, new BaseDigestCalculator(hash), sigAlgFinder));
-                }
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("io exception: " + e.getMessage(), e);
-            }
-
-            _signerInfoStore = new SignerInformationStore(signerInfos);
-        }
-
-        return _signerInfoStore;
-    }
-
-    /**
-     * return a X509Store containing the attribute certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider name of provider to use
-     * @return a store of attribute certificates
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     */
-    public X509Store getAttributeCertificates(
-        String type,
-        String provider)
-        throws NoSuchStoreException, NoSuchProviderException, CMSException
-    {
-        return getAttributeCertificates(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a X509Store containing the attribute certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of attribute certificates
-     * @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     */
-    public X509Store getAttributeCertificates(
-        String type,
-        Provider provider)
-        throws NoSuchStoreException, CMSException
-    {
-        if (_attributeStore == null)
-        {
-            populateCertCrlSets();
-
-            _attributeStore = HELPER.createAttributeStore(type, provider, _certSet);
-        }
-
-        return _attributeStore;
-    }
-
-    /**
-     * return a X509Store containing the public key certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of public key certificates
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use getCertificates()
-     */
-    public X509Store getCertificates(
-        String type,
-        String provider)
-        throws NoSuchStoreException, NoSuchProviderException, CMSException
-    {
-        return getCertificates(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a X509Store containing the public key certificates, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of public key certificates
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use getCertificates()
-     */
-    public X509Store getCertificates(
-        String type,
-        Provider provider)
-        throws NoSuchStoreException, CMSException
-    {
-        if (_certificateStore == null)
-        {
-            populateCertCrlSets();
-
-            _certificateStore = HELPER.createCertificateStore(type, provider, _certSet);
-        }
-
-        return _certificateStore;
-    }
-
-    /**
-     * return a X509Store containing CRLs, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider name of provider to use
-     * @return a store of CRLs
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use getCRLs()
-     */
-    public X509Store getCRLs(
-        String type,
-        String provider)
-        throws NoSuchStoreException, NoSuchProviderException, CMSException
-    {
-        return getCRLs(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a X509Store containing CRLs, if any, contained
-     * in this message.
-     *
-     * @param type type of store to create
-     * @param provider provider to use
-     * @return a store of CRLs
-     * @exception NoSuchStoreException if the store type isn't available.
-     * @exception CMSException if a general exception prevents creation of the X509Store
-     * @deprecated use getCRLs()
-     */
-    public X509Store getCRLs(
-        String type,
-        Provider provider)
-        throws NoSuchStoreException, CMSException
-    {
-        if (_crlStore == null)
-        {
-            populateCertCrlSets();
-
-            _crlStore = HELPER.createCRLsStore(type, provider, _crlSet);
-        }
-
-        return _crlStore;
-    }
-
-    /**
-     * return a CertStore containing the certificates and CRLs associated with
-     * this message.
-     *
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchAlgorithmException if the cert store isn't available.
-     * @exception CMSException if a general exception prevents creation of the CertStore
-     * @deprecated use getCertificates()
-     */
-    public CertStore getCertificatesAndCRLs(
-        String  type,
-        String  provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * return a CertStore containing the certificates and CRLs associated with
-     * this message.
-     *
-     * @exception NoSuchProviderException if the provider requested isn't available.
-     * @exception NoSuchAlgorithmException if the cert store isn't available.
-     * @exception CMSException if a general exception prevents creation of the CertStore
-     * @deprecated use getCertificates()
-     */
-    public CertStore getCertificatesAndCRLs(
-        String  type,
-        Provider  provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        populateCertCrlSets();
-
-        return HELPER.createCertStore(type, provider, _certSet, _crlSet);
-    }
-
-    public Store getCertificates()
-        throws CMSException
-    {
-        populateCertCrlSets();
-
-        ASN1Set certSet = _certSet;
-
-        if (certSet != null)
-        {
-            List    certList = new ArrayList(certSet.size());
-
-            for (Enumeration en = certSet.getObjects(); en.hasMoreElements();)
-            {
-                DERObject obj = ((DEREncodable)en.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1Sequence)
-                {
-                    certList.add(new X509CertificateHolder(X509CertificateStructure.getInstance(obj)));
-                }
-            }
-
-            return new CollectionStore(certList);
-        }
-
-        return new CollectionStore(new ArrayList());
-    }
-
-    public Store getCRLs()
-        throws CMSException
-    {
-        populateCertCrlSets();
-
-        ASN1Set crlSet = _crlSet;
-
-        if (crlSet != null)
-        {
-            List    crlList = new ArrayList(crlSet.size());
-
-            for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
-            {
-                DERObject obj = ((DEREncodable)en.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1Sequence)
-                {
-                    crlList.add(new X509CRLHolder(CertificateList.getInstance(obj)));
-                }
-            }
-
-            return new CollectionStore(crlList);
-        }
-
-        return new CollectionStore(new ArrayList());
-    }
-
-    public Store getAttributeCertificates()
-        throws CMSException
-    {
-        populateCertCrlSets();
-
-        ASN1Set certSet = _certSet;
-
-        if (certSet != null)
-        {
-            List    certList = new ArrayList(certSet.size());
-
-            for (Enumeration en = certSet.getObjects(); en.hasMoreElements();)
-            {
-                DERObject obj = ((DEREncodable)en.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1TaggedObject)
-                {
-                    ASN1TaggedObject tagged = (ASN1TaggedObject)obj;
-
-                    if (tagged.getTagNo() == 2)
-                    {
-                        certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(ASN1Sequence.getInstance(tagged, false))));
-                    }
-                }
-            }
-
-            return new CollectionStore(certList);
-        }
-
-        return new CollectionStore(new ArrayList());
-    }
-
-    private void populateCertCrlSets()
-        throws CMSException
-    {
-        if (_isCertCrlParsed)
-        {
-            return;
-        }
-
-        _isCertCrlParsed = true;
-
-        try
-        {
-            // care! Streaming - these must be done in exactly this order.
-            _certSet = getASN1Set(_signedData.getCertificates());
-            _crlSet = getASN1Set(_signedData.getCrls());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("problem parsing cert/crl sets", e);
-        }
-    }
-
-    /**
-     * Return the a string representation of the OID associated with the
-     * encapsulated content info structure carried in the signed data.
-     * 
-     * @return the OID for the content type.
-     */
-    public String getSignedContentTypeOID()
-    {
-        return _signedContentType.getId();
-    }
-
-    public CMSTypedStream getSignedContent()
-    {
-        if (_signedContent == null)
-        {
-            return null;
-        }
-
-        InputStream digStream = CMSUtils.attachDigestsToInputStream(
-            _digests.values(), _signedContent.getContentStream());
-
-        return new CMSTypedStream(_signedContent.getContentType(), digStream);
-    }
-
-    /**
-     * Replace the signerinformation store associated with the passed
-     * in message contained in the stream original with the new one passed in.
-     * You would probably only want to do this if you wanted to change the unsigned
-     * attributes associated with a signer, or perhaps delete one.
-     * 

-     * The output stream is returned unclosed.
-     * 

-     * @param original the signed data stream to be used as a base.
-     * @param signerInformationStore the new signer information store to use.
-     * @param out the stream to write the new signed data object to.
-     * @return out.
-     */
-    public static OutputStream replaceSigners(
-        InputStream             original,
-        SignerInformationStore  signerInformationStore,
-        OutputStream            out)
-        throws CMSException, IOException
-    {
-        ASN1StreamParser in = new ASN1StreamParser(original, CMSUtils.getMaximumMemory());
-        ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject());
-        SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(DERTags.SEQUENCE));
-
-        BERSequenceGenerator sGen = new BERSequenceGenerator(out);
-
-        sGen.addObject(CMSObjectIdentifiers.signedData);
-
-        BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
-
-        // version number
-        sigGen.addObject(signedData.getVersion());
-
-        // digests
-        signedData.getDigestAlgorithms().getDERObject();  // skip old ones
-
-        ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
-
-        for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();)
-        {
-            SignerInformation signer = (SignerInformation)it.next();
-            digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
-        }
-
-        sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded());
-
-        // encap content info
-        ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
-
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
-
-        eiGen.addObject(encapContentInfo.getContentType());
-
-        pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
-
-        eiGen.close();
-
-
-        writeSetToGeneratorTagged(sigGen, signedData.getCertificates(), 0);
-        writeSetToGeneratorTagged(sigGen, signedData.getCrls(), 1);
-
-
-        ASN1EncodableVector signerInfos = new ASN1EncodableVector();
-        for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();)
-        {
-            SignerInformation        signer = (SignerInformation)it.next();
-
-            signerInfos.add(signer.toSignerInfo());
-        }
-
-        sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded());
-
-        sigGen.close();
-
-        sGen.close();
-
-        return out;
-    }
-
-    /**
-     * Replace the certificate and CRL information associated with this
-     * CMSSignedData object with the new one passed in.
-     * 

-     * The output stream is returned unclosed.
-     * 

-     * @param original the signed data stream to be used as a base.
-     * @param certsAndCrls the new certificates and CRLs to be used.
-     * @param out the stream to write the new signed data object to.
-     * @return out.
-     * @exception CMSException if there is an error processing the CertStore
-     * @deprecated use method that takes Store objects.
-     */
-    public static OutputStream replaceCertificatesAndCRLs(
-        InputStream   original,
-        CertStore     certsAndCrls,
-        OutputStream  out)
-        throws CMSException, IOException
-    {
-        ASN1StreamParser in = new ASN1StreamParser(original, CMSUtils.getMaximumMemory());
-        ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject());
-        SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(DERTags.SEQUENCE));
-
-        BERSequenceGenerator sGen = new BERSequenceGenerator(out);
-
-        sGen.addObject(CMSObjectIdentifiers.signedData);
-
-        BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
-
-        // version number
-        sigGen.addObject(signedData.getVersion());
-
-        // digests
-        sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().getDERObject().getEncoded());
-
-        // encap content info
-        ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
-
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
-
-        eiGen.addObject(encapContentInfo.getContentType());
-
-        pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
-
-        eiGen.close();
-
-        //
-        // skip existing certs and CRLs
-        //
-        getASN1Set(signedData.getCertificates());
-        getASN1Set(signedData.getCrls());
-
-        //
-        // replace the certs and crls in the SignedData object
-        //
-        ASN1Set certs;
-
-        try
-        {
-            certs = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls));
-        }
-        catch (CertStoreException e)
-        {
-            throw new CMSException("error getting certs from certStore", e);
-        }
-
-        if (certs.size() > 0)
-        {
-            sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, certs).getEncoded());
-        }
-
-        ASN1Set crls;
-
-        try
-        {
-            crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls));
-        }
-        catch (CertStoreException e)
-        {
-            throw new CMSException("error getting crls from certStore", e);
-        }
-
-        if (crls.size() > 0)
-        {
-            sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, crls).getEncoded());
-        }
-
-        sigGen.getRawOutputStream().write(signedData.getSignerInfos().getDERObject().getEncoded());
-
-        sigGen.close();
-
-        sGen.close();
-
-        return out;
-    }
-
-    /**
-     * Replace the certificate and CRL information associated with this
-     * CMSSignedData object with the new one passed in.
-     * 

-     * The output stream is returned unclosed.
-     * 

-     * @param original the signed data stream to be used as a base.
-     * @param certs new certificates to be used, if any.
-     * @param crls new CRLs to be used, if any.
-     * @param attrCerts new attribute certificates to be used, if any.
-     * @param out the stream to write the new signed data object to.
-     * @return out.
-     * @exception CMSException if there is an error processing the CertStore
-     */
-    public static OutputStream replaceCertificatesAndCRLs(
-        InputStream   original,
-        Store         certs,
-        Store         crls,
-        Store         attrCerts,
-        OutputStream  out)
-        throws CMSException, IOException
-    {
-        ASN1StreamParser in = new ASN1StreamParser(original, CMSUtils.getMaximumMemory());
-        ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject());
-        SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(DERTags.SEQUENCE));
-
-        BERSequenceGenerator sGen = new BERSequenceGenerator(out);
-
-        sGen.addObject(CMSObjectIdentifiers.signedData);
-
-        BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
-
-        // version number
-        sigGen.addObject(signedData.getVersion());
-
-        // digests
-        sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().getDERObject().getEncoded());
-
-        // encap content info
-        ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
-
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
-
-        eiGen.addObject(encapContentInfo.getContentType());
-
-        pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
-
-        eiGen.close();
-
-        //
-        // skip existing certs and CRLs
-        //
-        getASN1Set(signedData.getCertificates());
-        getASN1Set(signedData.getCrls());
-
-        //
-        // replace the certs and crls in the SignedData object
-        //
-        if (certs != null || attrCerts != null)
-        {
-            List certificates = new ArrayList();
-
-            if (certs != null)
-            {
-                certificates.addAll(CMSUtils.getCertificatesFromStore(certs));
-            }
-            if (attrCerts != null)
-            {
-                certificates.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));
-            }
-
-            ASN1Set asn1Certs = CMSUtils.createBerSetFromList(certificates);
-
-            if (asn1Certs.size() > 0)
-            {
-                sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, asn1Certs).getEncoded());
-            }
-        }
-
-        if (crls != null)
-        {
-            ASN1Set asn1Crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls));
-
-            if (asn1Crls.size() > 0)
-            {
-                sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, asn1Crls).getEncoded());
-            }
-        }
-
-        sigGen.getRawOutputStream().write(signedData.getSignerInfos().getDERObject().getEncoded());
-
-        sigGen.close();
-
-        sGen.close();
-
-        return out;
-    }
-
-    private static void writeSetToGeneratorTagged(
-        ASN1Generator asn1Gen,
-        ASN1SetParser asn1SetParser,
-        int           tagNo)
-        throws IOException
-    {
-        ASN1Set asn1Set = getASN1Set(asn1SetParser);
-
-        if (asn1Set != null)
-        {
-            ASN1TaggedObject taggedObj = (asn1SetParser instanceof BERSetParser)
-                ?   new BERTaggedObject(false, tagNo, asn1Set)
-                :   new DERTaggedObject(false, tagNo, asn1Set);
-
-            asn1Gen.getRawOutputStream().write(taggedObj.getEncoded());                
-        }
-    }
-
-    private static ASN1Set getASN1Set(
-        ASN1SetParser asn1SetParser)
-    {
-        return asn1SetParser == null
-            ?   null
-            :   ASN1Set.getInstance(asn1SetParser.getDERObject());
-    }
-
-    private static void pipeEncapsulatedOctetString(ContentInfoParser encapContentInfo,
-        OutputStream rawOutputStream) throws IOException
-    {
-        ASN1OctetStringParser octs = (ASN1OctetStringParser)
-            encapContentInfo.getContent(DERTags.OCTET_STRING);
-
-        if (octs != null)
-        {
-            pipeOctetString(octs, rawOutputStream);
-        }
-
-//        BERTaggedObjectParser contentObject = (BERTaggedObjectParser)encapContentInfo.getContentObject();
-//        if (contentObject != null)
-//        {
-//            // Handle IndefiniteLengthInputStream safely
-//            InputStream input = ASN1StreamParser.getSafeRawInputStream(contentObject.getContentStream(true));
-//
-//            // TODO BerTaggedObjectGenerator?
-//            BEROutputStream berOut = new BEROutputStream(rawOutputStream);
-//            berOut.write(DERTags.CONSTRUCTED | DERTags.TAGGED | 0);
-//            berOut.write(0x80);
-//
-//            pipeRawOctetString(input, rawOutputStream);
-//
-//            berOut.write(0x00);
-//            berOut.write(0x00);
-//
-//            input.close();
-//        }
-    }
-
-    private static void pipeOctetString(
-        ASN1OctetStringParser octs,
-        OutputStream          output)
-        throws IOException
-    {
-        // TODO Allow specification of a specific fragment size?
-        OutputStream outOctets = CMSUtils.createBEROctetOutputStream(
-            output, 0, true, 0);
-        Streams.pipeAll(octs.getOctetStream(), outOctets);
-        outOctets.close();
-    }
-
-//    private static void pipeRawOctetString(
-//        InputStream     rawInput,
-//        OutputStream    rawOutput)
-//        throws IOException
-//    {
-//        InputStream tee = new TeeInputStream(rawInput, rawOutput);
-//        ASN1StreamParser sp = new ASN1StreamParser(tee);
-//        ASN1OctetStringParser octs = (ASN1OctetStringParser)sp.readObject();
-//        Streams.drain(octs.getOctetStream());
-//    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java
deleted file mode 100644
index 68a112ccd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java
+++ /dev/null
@@ -1,1201 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.BERSequenceGenerator;
-import org.bouncycastle.asn1.BERTaggedObject;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.SignerIdentifier;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DigestInfo;
-
-/**
- * General class for generating a pkcs7-signature message stream.
- * 

- * A simple example of usage.
- * 

- * 
- *      X509Certificate signCert = ...
- *      certList.add(signCert);
- *
- *      Store           certs = new JcaCertStore(certList);
- *      ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate());
- *
- *      CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
- *  
- *      gen.addSignerInfoGenerator(
- *                new JcaSignerInfoGeneratorBuilder(
- *                     new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
- *                     .build(sha1Signer, signCert));
- *
- *      gen.addCertificates(certs);
- *  
- *      OutputStream sigOut = gen.open(bOut);
- *  
- *      sigOut.write("Hello World!".getBytes());
- *      
- *      sigOut.close();
- * 

- */
-public class CMSSignedDataStreamGenerator
-    extends CMSSignedGenerator
-{
-    private List _signerInfs = new ArrayList();
-    private List _messageDigests = new ArrayList();
-    private int  _bufferSize;
-
-    private class DigestAndSignerInfoGeneratorHolder
-    {
-        SignerIntInfoGenerator signerInf;
-        MessageDigest       digest;
-        String              digestOID;
-
-        DigestAndSignerInfoGeneratorHolder(SignerIntInfoGenerator signerInf, MessageDigest digest, String digestOID)
-        {
-            this.signerInf = signerInf;
-            this.digest = digest;
-            this.digestOID = digestOID;
-        }
-
-        AlgorithmIdentifier getDigestAlgorithm()
-        {
-            return new AlgorithmIdentifier(new DERObjectIdentifier(digestOID), DERNull.INSTANCE);
-        }
-    }
-
-    private class SignerIntInfoGeneratorImpl
-        implements SignerIntInfoGenerator
-    {
-        private final SignerIdentifier            _signerIdentifier;
-        private final String                      _encOID;
-        private final CMSAttributeTableGenerator  _sAttr;
-        private final CMSAttributeTableGenerator  _unsAttr;
-        private final String                      _encName;
-        private final Signature                   _sig;
-
-        SignerIntInfoGeneratorImpl(
-            PrivateKey                  key,
-            SignerIdentifier            signerIdentifier,
-            String                      digestOID,
-            String                      encOID,
-            CMSAttributeTableGenerator  sAttr,
-            CMSAttributeTableGenerator  unsAttr,
-            Provider                    sigProvider,
-            SecureRandom                random)
-            throws NoSuchAlgorithmException, InvalidKeyException
-        {
-            _signerIdentifier = signerIdentifier;
-            _encOID = encOID;
-            _sAttr = sAttr;
-            _unsAttr = unsAttr;
-            _encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(_encOID);
-
-            String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
-            String signatureName = digestName + "with" + _encName;
-
-            if (_sAttr != null)
-            {
-                _sig = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, sigProvider);
-            }
-            else
-            {
-                // Note: Need to use raw signatures here since we have already calculated the digest
-                if (_encName.equals("RSA"))
-                {
-                    _sig = CMSSignedHelper.INSTANCE.getSignatureInstance("RSA", sigProvider);
-                }
-                else if (_encName.equals("DSA"))
-                {
-                    _sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEwithDSA", sigProvider);
-                }
-                // TODO Add support for raw PSS
-//                else if (_encName.equals("RSAandMGF1"))
-//                {
-//                    sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEWITHRSAPSS", _sigProvider);
-//                    try
-//                    {
-//                        // Init the params this way to avoid having a 'raw' version of each PSS algorithm
-//                        Signature sig2 = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, _sigProvider);
-//                        PSSParameterSpec spec = (PSSParameterSpec)sig2.getParameters().getParameterSpec(PSSParameterSpec.class);
-//                        sig.setParameter(spec);
-//                    }
-//                    catch (Exception e)
-//                    {
-//                        throw new SignatureException("algorithm: " + _encName + " could not be configured.");
-//                    }
-//                }
-                else
-                {
-                    throw new NoSuchAlgorithmException("algorithm: " + _encName + " not supported in base signatures.");
-                }
-            }
-
-            _sig.initSign(key, random);
-        }
-
-        public SignerInfo generate(DERObjectIdentifier contentType, AlgorithmIdentifier digestAlgorithm,
-            byte[] calculatedDigest) throws CMSStreamException
-        {
-            try
-            {
-                byte[] bytesToSign = calculatedDigest;
-
-                /* RFC 3852 5.4
-                 * The result of the message digest calculation process depends on
-                 * whether the signedAttrs field is present.  When the field is absent,
-                 * the result is just the message digest of the content as described
-                 * 
-                 * above.  When the field is present, however, the result is the message
-                 * digest of the complete DER encoding of the SignedAttrs value
-                 * contained in the signedAttrs field.
-                 */
-                ASN1Set signedAttr = null;
-                if (_sAttr != null)
-                {
-                    Map parameters = getBaseParameters(contentType, digestAlgorithm, calculatedDigest);
-                    AttributeTable signed = _sAttr.getAttributes(Collections.unmodifiableMap(parameters));
-
-                    if (contentType == null) //counter signature
-                    {
-                        if (signed != null && signed.get(CMSAttributes.contentType) != null)
-                        {
-                            Hashtable tmpSigned = signed.toHashtable();
-                            tmpSigned.remove(CMSAttributes.contentType);
-                            signed = new AttributeTable(tmpSigned);
-                        }
-                    }
-                    
-                    signedAttr = getAttributeSet(signed);
-    
-                    // sig must be composed from the DER encoding.
-                    bytesToSign = signedAttr.getEncoded(ASN1Encodable.DER);
-                }
-                else
-                {
-                    // Note: Need to use raw signatures here since we have already calculated the digest
-                    if (_encName.equals("RSA"))
-                    {
-                        DigestInfo dInfo = new DigestInfo(digestAlgorithm, calculatedDigest);
-                        bytesToSign = dInfo.getEncoded(ASN1Encodable.DER);
-                    }
-                }
-    
-                _sig.update(bytesToSign);
-                byte[] sigBytes = _sig.sign();
-     
-                ASN1Set unsignedAttr = null;
-                if (_unsAttr != null)
-                {
-                    Map parameters = getBaseParameters(contentType, digestAlgorithm, calculatedDigest);
-                    parameters.put(CMSAttributeTableGenerator.SIGNATURE, sigBytes.clone());
-    
-                    AttributeTable unsigned = _unsAttr.getAttributes(Collections.unmodifiableMap(parameters));
-    
-                    unsignedAttr = getAttributeSet(unsigned);
-                }
-    
-                AlgorithmIdentifier digestEncryptionAlgorithm = getEncAlgorithmIdentifier(_encOID, _sig);
-    
-                return new SignerInfo(_signerIdentifier, digestAlgorithm,
-                    signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr);
-            }
-            catch (IOException e)
-            {
-                throw new CMSStreamException("encoding error.", e);
-            }
-            catch (SignatureException e)
-            {
-                throw new CMSStreamException("error creating signature.", e);
-            }
-        }
-    }
-
-    /**
-     * base constructor
-     */
-    public CMSSignedDataStreamGenerator()
-    {
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     */
-    public CMSSignedDataStreamGenerator(
-        SecureRandom rand)
-    {
-        super(rand);
-    }
-
-    /**
-     * Set the underlying string size for encapsulated data
-     * 
-     * @param bufferSize length of octet strings to buffer the data.
-     */
-    public void setBufferSize(
-        int bufferSize)
-    {
-        _bufferSize = bufferSize;
-    }
-    
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchProviderException 
-     * @throws NoSuchAlgorithmException 
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, cert, digestOID, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-       addSigner(key, cert, digestOID, new DefaultSignedAttributeTableGenerator(),
-           (CMSAttributeTableGenerator)null, sigProvider);
-    }
-
-    /**
-     * add a signer, specifying the digest encryption algorithm - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchProviderException
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, cert, encryptionOID, digestOID, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * add a signer, specifying digest encryptionOID - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-       addSigner(key, cert, encryptionOID, digestOID, new DefaultSignedAttributeTableGenerator(),
-           (CMSAttributeTableGenerator)null, sigProvider);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes.
-     * @throws NoSuchProviderException 
-     * @throws NoSuchAlgorithmException 
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, cert, digestOID, signedAttr, unsignedAttr,
-            CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes.
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        addSigner(key, cert, digestOID, new DefaultSignedAttributeTableGenerator(signedAttr),
-            new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes - specifying digest
-     * encryption algorithm.
-     * @throws NoSuchProviderException
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, cert, encryptionOID, digestOID, signedAttr, unsignedAttr,
-            CMSUtils.getProvider(sigProvider));
-    }
-
-   /**
-     * add a signer with extra signed/unsigned attributes and the digest encryption algorithm.
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        addSigner(key, cert, encryptionOID, digestOID,
-            new DefaultSignedAttributeTableGenerator(signedAttr),
-            new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
-    }
-
-    /**
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        String                      sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, cert, digestOID, signedAttrGenerator, unsignedAttrGenerator,
-            CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttrGenerator,
-            unsignedAttrGenerator, sigProvider);
-    }
-
-    /**
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        String                      sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, cert, encryptionOID, digestOID, signedAttrGenerator, unsignedAttrGenerator,
-            CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        doAddSigner(key, getSignerIdentifier(cert), encryptionOID, digestOID, signedAttrGenerator,
-            unsignedAttrGenerator, sigProvider, sigProvider);
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchProviderException
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          digestOID,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, digestOID, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          digestOID,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-       addSigner(key, subjectKeyID, digestOID, new DefaultSignedAttributeTableGenerator(),
-           (CMSAttributeTableGenerator)null, sigProvider);
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     * @throws NoSuchProviderException
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignedInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          encryptionOID,
-        String          digestOID,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, encryptionOID, digestOID, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here, specifying the digest encryption algorithm.
-     *
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          encryptionOID,
-        String          digestOID,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-       addSigner(key, subjectKeyID, encryptionOID, digestOID,
-           new DefaultSignedAttributeTableGenerator(), (CMSAttributeTableGenerator)null,
-           sigProvider);
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes.
-     * @throws NoSuchProviderException
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, digestOID, signedAttr, unsignedAttr,
-            CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * add a signer with extra signed/unsigned attributes.
-     * @throws NoSuchAlgorithmException
-     * @throws InvalidKeyException
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey      key,
-        byte[]          subjectKeyID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, digestOID,
-            new DefaultSignedAttributeTableGenerator(signedAttr),
-            new SimpleAttributeTableGenerator(unsignedAttr), sigProvider);
-    }
-
-    /**
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        String                      sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, digestOID, signedAttrGenerator, unsignedAttrGenerator,
-            CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttrGenerator,
-            unsignedAttrGenerator, sigProvider);
-    }
-
-    /**
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        String                      sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        addSigner(key, subjectKeyID, encryptionOID, digestOID, signedAttrGenerator,
-            unsignedAttrGenerator, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        doAddSigner(key, getSignerIdentifier(subjectKeyID), encryptionOID, digestOID,
-            signedAttrGenerator, unsignedAttrGenerator, sigProvider, sigProvider);
-    }
-
-    /**
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        X509Certificate             cert,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider,
-        Provider                    digProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        doAddSigner(key, getSignerIdentifier(cert), encryptionOID, digestOID,
-            signedAttrGenerator, unsignedAttrGenerator, sigProvider, digProvider);
-    }
-
-    /**
-     * @deprecated use addSignerInfoGenerator
-     */
-    public void addSigner(
-        PrivateKey                  key,
-        byte[]                      subjectKeyID,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider,
-        Provider                    digProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        doAddSigner(key, getSignerIdentifier(subjectKeyID), encryptionOID, digestOID,
-            signedAttrGenerator, unsignedAttrGenerator, sigProvider, digProvider);
-    }
-
-    private void doAddSigner(
-        PrivateKey                  key,
-        SignerIdentifier            signerIdentifier,
-        String                      encryptionOID,
-        String                      digestOID,
-        CMSAttributeTableGenerator  signedAttrGenerator,
-        CMSAttributeTableGenerator  unsignedAttrGenerator,
-        Provider                    sigProvider,
-        Provider                    digProvider)
-        throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        String          digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
-        MessageDigest   dig = CMSSignedHelper.INSTANCE.getDigestInstance(digestName, digProvider);
-
-        SignerIntInfoGeneratorImpl signerInf = new SignerIntInfoGeneratorImpl(key, signerIdentifier, digestOID, encryptionOID,
-            signedAttrGenerator, unsignedAttrGenerator, sigProvider, rand);
-
-        _signerInfs.add(new DigestAndSignerInfoGeneratorHolder(signerInf, dig, digestOID));
-        _messageDigests.add(dig);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider.
-     */
-    public OutputStream open(
-        OutputStream out)
-        throws IOException
-    {
-        return open(out, false);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature with the
-     * default content type "data".
-     */
-    public OutputStream open(
-        OutputStream out,
-        boolean      encapsulate)
-        throws IOException
-    {
-        return open(CMSObjectIdentifiers.data, out, encapsulate);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature with the
-     * default content type "data". If dataOutputStream is non null the data
-     * being signed will be written to the stream as it is processed.
-     * @param out stream the CMS object is to be written to.
-     * @param encapsulate true if data should be encapsulated.
-     * @param dataOutputStream output stream to copy the data being signed to.
-     */
-    public OutputStream open(
-        OutputStream out,
-        boolean      encapsulate,
-        OutputStream dataOutputStream)
-        throws IOException
-    {
-        return open(CMSObjectIdentifiers.data, out, encapsulate, dataOutputStream);
-    }
-
-    /**
-     * @deprecated use open(ASN1ObjectIdentifier, OutputStream, boolean)
-     */
-    public OutputStream open(
-        OutputStream out,
-        String       eContentType,
-        boolean      encapsulate)
-        throws IOException
-    {
-        return open(out, eContentType, encapsulate, null);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature. The content type
-     * is set according to the OID represented by the string signedContentType.
-     */
-    public OutputStream open(
-        ASN1ObjectIdentifier eContentType,
-        OutputStream out,
-        boolean encapsulate)
-        throws IOException
-    {
-        return open(eContentType, out, encapsulate, null);
-    }
-
-    /**
-     * @deprecated use open(ASN1ObjectIdenfier, OutputStream, boolean, OutputStream)
-     */
-    public OutputStream open(
-        OutputStream out,
-        String eContentType,
-        boolean      encapsulate,
-        OutputStream dataOutputStream)
-        throws IOException
-    {
-        return open(new ASN1ObjectIdentifier(eContentType), out, encapsulate, dataOutputStream);
-    }
-
-    /**
-     * generate a signed object that for a CMS Signed Data
-     * object using the given provider - if encapsulate is true a copy
-     * of the message will be included in the signature. The content type
-     * is set according to the OID represented by the string signedContentType.
-     * @param eContentType OID for data to be signed.
-     * @param out stream the CMS object is to be written to.
-     * @param encapsulate true if data should be encapsulated.
-     * @param dataOutputStream output stream to copy the data being signed to.
-     */
-    public OutputStream open(
-        ASN1ObjectIdentifier eContentType,
-        OutputStream out,
-        boolean encapsulate,
-        OutputStream dataOutputStream)
-        throws IOException
-    {
-        // TODO
-//        if (_signerInfs.isEmpty())
-//        {
-//            /* RFC 3852 5.2
-//             * "In the degenerate case where there are no signers, the
-//             * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
-//             * case, the content type within the EncapsulatedContentInfo value being
-//             * "signed" MUST be id-data (as defined in section 4), and the content
-//             * field of the EncapsulatedContentInfo value MUST be omitted."
-//             */
-//            if (encapsulate)
-//            {
-//                throw new IllegalArgumentException("no signers, encapsulate must be false");
-//            }
-//            if (!DATA.equals(eContentType))
-//            {
-//                throw new IllegalArgumentException("no signers, eContentType must be id-data");
-//            }
-//        }
-//
-//        if (!DATA.equals(eContentType))
-//        {
-//            /* RFC 3852 5.3
-//             * [The 'signedAttrs']...
-//             * field is optional, but it MUST be present if the content type of
-//             * the EncapsulatedContentInfo value being signed is not id-data.
-//             */
-//            // TODO signedAttrs must be present for all signers
-//        }
-
-        //
-        // ContentInfo
-        //
-        BERSequenceGenerator sGen = new BERSequenceGenerator(out);
-        
-        sGen.addObject(CMSObjectIdentifiers.signedData);
-        
-        //
-        // Signed Data
-        //
-        BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
-        
-        sigGen.addObject(calculateVersion(eContentType));
-        
-        ASN1EncodableVector  digestAlgs = new ASN1EncodableVector();
-        
-        //
-        // add the precalculated SignerInfo digest algorithms.
-        //
-        for (Iterator it = _signers.iterator(); it.hasNext();)
-        {
-            SignerInformation signer = (SignerInformation)it.next();
-            digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
-        }
-        
-        //
-        // add the new digests
-        //
-        for (Iterator it = _signerInfs.iterator(); it.hasNext();)
-        {
-            DigestAndSignerInfoGeneratorHolder holder = (DigestAndSignerInfoGeneratorHolder)it.next();
-            digestAlgs.add(holder.getDigestAlgorithm());
-        }
-
-        for (Iterator it = signerGens.iterator(); it.hasNext();)
-        {
-            SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next();
-
-            digestAlgs.add(signerGen.getDigestAlgorithm());
-        }
-
-        sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded());
-        
-        BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
-        eiGen.addObject(eContentType);
-
-        // If encapsulating, add the data as an octet string in the sequence
-        OutputStream encapStream = encapsulate
-            ? CMSUtils.createBEROctetOutputStream(eiGen.getRawOutputStream(), 0, true, _bufferSize)
-            : null;
-
-        // Also send the data to 'dataOutputStream' if necessary
-        OutputStream contentStream = CMSUtils.getSafeTeeOutputStream(dataOutputStream, encapStream);
-
-        // Let all the digests see the data as it is written
-        OutputStream digStream = CMSUtils.attachDigestsToOutputStream(_messageDigests, contentStream);
-
-        // Let all the signers see the data as it is written
-        OutputStream sigStream = CMSUtils.attachSignersToOutputStream(signerGens, digStream);
-
-        return new CmsSignedDataOutputStream(sigStream, eContentType, sGen, sigGen, eiGen);
-    }
-
-    // TODO Make public?
-    void generate(
-        OutputStream    out,
-        String          eContentType,
-        boolean         encapsulate,
-        OutputStream    dataOutputStream,
-        CMSProcessable  content)
-        throws CMSException, IOException
-    {
-        OutputStream signedOut = open(out, eContentType, encapsulate, dataOutputStream);
-        if (content != null)
-        {
-            content.write(signedOut);
-        }
-        signedOut.close();
-    }
-
-    // RFC3852, section 5.1:
-    // IF ((certificates is present) AND
-    //    (any certificates with a type of other are present)) OR
-    //    ((crls is present) AND
-    //    (any crls with a type of other are present))
-    // THEN version MUST be 5
-    // ELSE
-    //    IF (certificates is present) AND
-    //       (any version 2 attribute certificates are present)
-    //    THEN version MUST be 4
-    //    ELSE
-    //       IF ((certificates is present) AND
-    //          (any version 1 attribute certificates are present)) OR
-    //          (any SignerInfo structures are version 3) OR
-    //          (encapContentInfo eContentType is other than id-data)
-    //       THEN version MUST be 3
-    //       ELSE version MUST be 1
-    //
-    private DERInteger calculateVersion(
-        ASN1ObjectIdentifier contentOid)
-    {
-        boolean otherCert = false;
-        boolean otherCrl = false;
-        boolean attrCertV1Found = false;
-        boolean attrCertV2Found = false;
-
-        if (certs != null)
-        {
-            for (Iterator it = certs.iterator(); it.hasNext();)
-            {
-                Object obj = it.next();
-                if (obj instanceof ASN1TaggedObject)
-                {
-                    ASN1TaggedObject tagged = (ASN1TaggedObject)obj;
-
-                    if (tagged.getTagNo() == 1)
-                    {
-                        attrCertV1Found = true;
-                    }
-                    else if (tagged.getTagNo() == 2)
-                    {
-                        attrCertV2Found = true;
-                    }
-                    else if (tagged.getTagNo() == 3)
-                    {
-                        otherCert = true;
-                    }
-                }
-            }
-        }
-
-        if (otherCert)
-        {
-            return new DERInteger(5);
-        }
-
-        if (crls != null)         // no need to check if otherCert is true
-        {
-            for (Iterator it = crls.iterator(); it.hasNext();)
-            {
-                Object obj = it.next();
-                if (obj instanceof ASN1TaggedObject)
-                {
-                    otherCrl = true;
-                }
-            }
-        }
-
-        if (otherCrl)
-        {
-            return new DERInteger(5);
-        }
-
-        if (attrCertV2Found)
-        {
-            return new DERInteger(4);
-        }
-
-        if (attrCertV1Found)
-        {
-            return new DERInteger(3);
-        }
-
-        if (checkForVersion3(_signers))
-        {
-            return new DERInteger(3);
-        }
-
-        if (!CMSObjectIdentifiers.data.equals(contentOid))
-        {
-            return new DERInteger(3);
-        }
-
-        return new DERInteger(1);
-    }
-
-    private boolean checkForVersion3(List signerInfos)
-    {
-        for (Iterator it = signerInfos.iterator(); it.hasNext();)
-        {
-            SignerInfo s = SignerInfo.getInstance(((SignerInformation)it.next()).toSignerInfo());
-
-            if (s.getVersion().getValue().intValue() == 3)
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    private class CmsSignedDataOutputStream
-        extends OutputStream
-    {
-        private OutputStream         _out;
-        private ASN1ObjectIdentifier _contentOID;
-        private BERSequenceGenerator _sGen;
-        private BERSequenceGenerator _sigGen;
-        private BERSequenceGenerator _eiGen;
-
-        public CmsSignedDataOutputStream(
-            OutputStream         out,
-            ASN1ObjectIdentifier contentOID,
-            BERSequenceGenerator sGen,
-            BERSequenceGenerator sigGen,
-            BERSequenceGenerator eiGen)
-        {
-            _out = out;
-            _contentOID = contentOID;
-            _sGen = sGen;
-            _sigGen = sigGen;
-            _eiGen = eiGen;
-        }
-
-        public void write(
-            int b)
-            throws IOException
-        {
-            _out.write(b);
-        }
-        
-        public void write(
-            byte[] bytes,
-            int    off,
-            int    len)
-            throws IOException
-        {
-            _out.write(bytes, off, len);
-        }
-        
-        public void write(
-            byte[] bytes)
-            throws IOException
-        {
-            _out.write(bytes);
-        }
-        
-        public void close()
-            throws IOException
-        {
-            _out.close();
-            _eiGen.close();
-
-            digests.clear();    // clear the current preserved digest state
-
-            if (certs.size() != 0)
-            {
-                ASN1Set certSet = CMSUtils.createBerSetFromList(certs);
-
-                _sigGen.getRawOutputStream().write(new BERTaggedObject(false, 0, certSet).getEncoded());
-            }
-
-            if (crls.size() != 0)
-            {
-                ASN1Set crlSet = CMSUtils.createBerSetFromList(crls);
-
-                _sigGen.getRawOutputStream().write(new BERTaggedObject(false, 1, crlSet).getEncoded());
-            }
-
-            //
-            // collect all the SignerInfo objects
-            //
-            ASN1EncodableVector signerInfos = new ASN1EncodableVector();
-
-            //
-            // add the generated SignerInfo objects
-            //
-            {
-                Iterator it = _signerInfs.iterator();
-                while (it.hasNext())
-                {
-                    DigestAndSignerInfoGeneratorHolder holder = (DigestAndSignerInfoGeneratorHolder)it.next();
-    
-                    byte[] calculatedDigest = holder.digest.digest();
-                    digests.put(holder.digestOID, calculatedDigest.clone());
-                    AlgorithmIdentifier digestAlgorithm = holder.getDigestAlgorithm();
-    
-                    signerInfos.add(holder.signerInf.generate(_contentOID, digestAlgorithm, calculatedDigest));
-                }
-            }
-
-            for (Iterator it = signerGens.iterator(); it.hasNext();)
-            {
-                SignerInfoGenerator sigGen = (SignerInfoGenerator)it.next();
-
-
-                try
-                {
-                    signerInfos.add(sigGen.generate(_contentOID));
-
-                    byte[] calculatedDigest = sigGen.getCalculatedDigest();
-
-                    digests.put(sigGen.getDigestAlgorithm().getAlgorithm().getId(), calculatedDigest);
-                }
-                catch (CMSException e)
-                {
-                    throw new CMSStreamException("exception generating signers: " + e.getMessage(), e);
-                }
-            }
-
-            //
-            // add the precalculated SignerInfo objects
-            //
-            {
-                Iterator it = _signers.iterator();
-                while (it.hasNext())
-                {
-                    SignerInformation signer = (SignerInformation)it.next();
-
-                    // TODO Verify the content type and calculated digest match the precalculated SignerInfo
-//                    if (!signer.getContentType().equals(_contentOID))
-//                    {
-//                        // TODO The precalculated content type did not match - error?
-//                    }
-//                    
-//                    byte[] calculatedDigest = (byte[])_digests.get(signer.getDigestAlgOID());
-//                    if (calculatedDigest == null)
-//                    {
-//                        // TODO We can't confirm this digest because we didn't calculate it - error?
-//                    }
-//                    else
-//                    {
-//                        if (!Arrays.areEqual(signer.getContentDigest(), calculatedDigest))
-//                        {
-//                            // TODO The precalculated digest did not match - error?
-//                        }
-//                    }
-
-                    signerInfos.add(signer.toSignerInfo());
-                }
-            }
-            
-            _sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded());
-
-            _sigGen.close();
-            _sGen.close();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
deleted file mode 100644
index 6e3cd024a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
+++ /dev/null
@@ -1,318 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.SignerIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509Store;
-
-public class CMSSignedGenerator
-{
-    /**
-     * Default type for the signed data.
-     */
-    public static final String  DATA = CMSObjectIdentifiers.data.getId();
-    
-    public static final String  DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId();
-    public static final String  DIGEST_SHA224 = NISTObjectIdentifiers.id_sha224.getId();
-    public static final String  DIGEST_SHA256 = NISTObjectIdentifiers.id_sha256.getId();
-    public static final String  DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId();
-    public static final String  DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId();
-    public static final String  DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId();
-    public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
-    public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
-    public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
-    public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-
-    public static final String  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId();
-    public static final String  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId();
-    public static final String  ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
-    public static final String  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId();
-    public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
-    public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-
-    private static final String  ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
-    private static final String  ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId();
-    private static final String  ENCRYPTION_ECDSA_WITH_SHA256 = X9ObjectIdentifiers.ecdsa_with_SHA256.getId();
-    private static final String  ENCRYPTION_ECDSA_WITH_SHA384 = X9ObjectIdentifiers.ecdsa_with_SHA384.getId();
-    private static final String  ENCRYPTION_ECDSA_WITH_SHA512 = X9ObjectIdentifiers.ecdsa_with_SHA512.getId();
-
-    private static final Set NO_PARAMS = new HashSet();
-    private static final Map EC_ALGORITHMS = new HashMap();
-
-    static
-    {
-        NO_PARAMS.add(ENCRYPTION_DSA);
-        NO_PARAMS.add(ENCRYPTION_ECDSA);
-        NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA1);
-        NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA224);
-        NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA256);
-        NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA384);
-        NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA512);
-
-        EC_ALGORITHMS.put(DIGEST_SHA1, ENCRYPTION_ECDSA_WITH_SHA1);
-        EC_ALGORITHMS.put(DIGEST_SHA224, ENCRYPTION_ECDSA_WITH_SHA224);
-        EC_ALGORITHMS.put(DIGEST_SHA256, ENCRYPTION_ECDSA_WITH_SHA256);
-        EC_ALGORITHMS.put(DIGEST_SHA384, ENCRYPTION_ECDSA_WITH_SHA384);
-        EC_ALGORITHMS.put(DIGEST_SHA512, ENCRYPTION_ECDSA_WITH_SHA512);
-    }
-
-    protected List certs = new ArrayList();
-    protected List crls = new ArrayList();
-    protected List _signers = new ArrayList();
-    protected List signerGens = new ArrayList();
-    protected Map digests = new HashMap();
-
-    protected final SecureRandom rand;
-
-    /**
-     * base constructor
-     */
-    protected CMSSignedGenerator()
-    {
-        this(new SecureRandom());
-    }
-
-    /**
-     * constructor allowing specific source of randomness
-     * @param rand instance of SecureRandom to use
-     */
-    protected CMSSignedGenerator(
-        SecureRandom rand)
-    {
-        this.rand = rand;
-    }
-    
-    protected String getEncOID(
-        PrivateKey key,
-        String     digestOID)
-    {
-        String encOID = null;
-        
-        if (key instanceof RSAPrivateKey || "RSA".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            encOID = ENCRYPTION_RSA;
-        }
-        else if (key instanceof DSAPrivateKey || "DSA".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            encOID = ENCRYPTION_DSA;
-            if (!digestOID.equals(DIGEST_SHA1))
-            {
-                throw new IllegalArgumentException("can't mix DSA with anything but SHA1");
-            }
-        }
-        else if ("ECDSA".equalsIgnoreCase(key.getAlgorithm()) || "EC".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            encOID = (String)EC_ALGORITHMS.get(digestOID);
-            if (encOID == null)
-            {
-                throw new IllegalArgumentException("can't mix ECDSA with anything but SHA family digests");
-            }
-        }
-        else if (key instanceof GOST3410PrivateKey || "GOST3410".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            encOID = ENCRYPTION_GOST3410;
-        }
-        else if ("ECGOST3410".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            encOID = ENCRYPTION_ECGOST3410;
-        }
-        
-        return encOID;
-    }
-
-    protected AlgorithmIdentifier getEncAlgorithmIdentifier(String encOid, Signature sig)
-        throws IOException
-    {
-        if (NO_PARAMS.contains(encOid))
-        {
-            return new AlgorithmIdentifier(
-                  new DERObjectIdentifier(encOid));
-        }
-        else
-        {
-            if (encOid.equals(CMSSignedGenerator.ENCRYPTION_RSA_PSS))
-            {
-                AlgorithmParameters sigParams = sig.getParameters();
-
-                return new AlgorithmIdentifier(
-                    new DERObjectIdentifier(encOid), ASN1Object.fromByteArray(sigParams.getEncoded()));
-            }
-            else
-            {
-                return new AlgorithmIdentifier(
-                    new DERObjectIdentifier(encOid), new DERNull());
-            }
-        }
-    }
-
-    protected Map getBaseParameters(DERObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash)
-    {
-        Map param = new HashMap();
-        param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType);
-        param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId);
-        param.put(CMSAttributeTableGenerator.DIGEST,  hash.clone());
-        return param;
-    }
-
-    protected ASN1Set getAttributeSet(
-        AttributeTable attr)
-    {
-        if (attr != null)
-        {
-            return new DERSet(attr.toASN1EncodableVector());
-        }
-        
-        return null;
-    }
-
-    /**
-     * add the certificates and CRLs contained in the given CertStore
-     * to the pool that will be included in the encoded signature block.
-     * 

-     * Note: this assumes the CertStore will support null in the get
-     * methods.
-     * @param certStore CertStore containing the public key certificates and CRLs
-     * @throws java.security.cert.CertStoreException  if an issue occurs processing the CertStore
-     * @throws CMSException  if an issue occurse transforming data from the CertStore into the message
-     * @deprecated use addCertificates and addCRLs
-     */
-    public void addCertificatesAndCRLs(
-        CertStore certStore)
-        throws CertStoreException, CMSException
-    {
-        certs.addAll(CMSUtils.getCertificatesFromStore(certStore));
-        crls.addAll(CMSUtils.getCRLsFromStore(certStore));
-    }
-
-    public void addCertificates(
-        Store certStore)
-        throws CMSException
-    {
-        certs.addAll(CMSUtils.getCertificatesFromStore(certStore));
-    }
-
-    public void addCRLs(
-        Store crlStore)
-        throws CMSException
-    {
-        crls.addAll(CMSUtils.getCRLsFromStore(crlStore));
-    }
-
-    public void addAttributeCertificates(
-        Store attrStore)
-        throws CMSException
-    {
-        certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore));
-    }
-
-    /**
-     * Add the attribute certificates contained in the passed in store to the
-     * generator.
-     *
-     * @param store a store of Version 2 attribute certificates
-     * @throws CMSException if an error occurse processing the store.
-     * @deprecated use basic Store method
-     */
-    public void addAttributeCertificates(
-        X509Store store)
-        throws CMSException
-    {
-        try
-        {
-            for (Iterator it = store.getMatches(null).iterator(); it.hasNext();)
-            {
-                X509AttributeCertificate attrCert = (X509AttributeCertificate)it.next();
-
-                certs.add(new DERTaggedObject(false, 2,
-                             AttributeCertificate.getInstance(ASN1Object.fromByteArray(attrCert.getEncoded()))));
-            }
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("error processing attribute certs", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("error processing attribute certs", e);
-        }
-    }
-
-
-    /**
-     * Add a store of precalculated signers to the generator.
-     *
-     * @param signerStore store of signers
-     */
-    public void addSigners(
-        SignerInformationStore    signerStore)
-    {
-        Iterator    it = signerStore.getSigners().iterator();
-
-        while (it.hasNext())
-        {
-            _signers.add(it.next());
-        }
-    }
-
-    public void addSignerInfoGenerator(SignerInfoGenerator infoGen)
-    {
-         signerGens.add(infoGen);
-    }
-
-    /**
-     * Return a map of oids and byte arrays representing the digests calculated on the content during
-     * the last generate.
-     *
-     * @return a map of oids (as String objects) and byte[] representing digests.
-     */
-    public Map getGeneratedDigests()
-    {
-        return new HashMap(digests);
-    }
-
-    static SignerIdentifier getSignerIdentifier(X509Certificate cert)
-    {
-        return new SignerIdentifier(CMSUtils.getIssuerAndSerialNumber(cert));
-    }
-
-    static SignerIdentifier getSignerIdentifier(byte[] subjectKeyIdentifier)
-    {
-        return new SignerIdentifier(new DEROctetString(subjectKeyIdentifier));    
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
deleted file mode 100644
index 96deaee30..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
+++ /dev/null
@@ -1,476 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.Signature;
-import java.security.cert.CRLException;
-import java.security.cert.CertStore;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.x509.NoSuchStoreException;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509Store;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-
-class CMSSignedHelper
-{
-    static final CMSSignedHelper INSTANCE = new CMSSignedHelper();
-
-    private static final Map     encryptionAlgs = new HashMap();
-    private static final Map     digestAlgs = new HashMap();
-    private static final Map     digestAliases = new HashMap();
-
-    private static void addEntries(DERObjectIdentifier alias, String digest, String encryption)
-    {
-        digestAlgs.put(alias.getId(), digest);
-        encryptionAlgs.put(alias.getId(), encryption);
-    }
-
-    static
-    {
-        addEntries(NISTObjectIdentifiers.dsa_with_sha224, "SHA224", "DSA");
-        addEntries(NISTObjectIdentifiers.dsa_with_sha256, "SHA256", "DSA");
-        addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
-        addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
-        addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
-        addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
-        addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
-        addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
-        addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
-        addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
-        addEntries(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256", "RSA");
-        addEntries(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384", "RSA");
-        addEntries(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512", "RSA");
-        addEntries(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1", "ECDSA");
-        addEntries(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224", "ECDSA");
-        addEntries(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256", "ECDSA");
-        addEntries(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384", "ECDSA");
-        addEntries(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512", "ECDSA");
-        addEntries(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1", "DSA");
-        addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1", "ECDSA");
-        addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224", "ECDSA");
-        addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256", "ECDSA");
-        addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384", "ECDSA");
-        addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512", "ECDSA");
-        addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_1, "SHA1", "RSA");
-        addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA");
-        addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1");
-        addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1");
-
-        encryptionAlgs.put(X9ObjectIdentifiers.id_dsa.getId(), "DSA");
-        encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
-        encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
-        encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA");
-        encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
-        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
-        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
-        encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
-        encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
-        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
-        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
-
-        digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
-        digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
-        digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5");
-        digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
-        digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224");
-        digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256");
-        digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384");
-        digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512");
-        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
-        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
-        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
-        digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(),  "GOST3411");
-        digestAlgs.put("1.3.6.1.4.1.5849.1.2.1",  "GOST3411");
-
-        digestAliases.put("SHA1", new String[] { "SHA-1" });
-        digestAliases.put("SHA224", new String[] { "SHA-224" });
-        digestAliases.put("SHA256", new String[] { "SHA-256" });
-        digestAliases.put("SHA384", new String[] { "SHA-384" });
-        digestAliases.put("SHA512", new String[] { "SHA-512" });
-    }
-    
-    /**
-     * Return the digest algorithm using one of the standard JCA string
-     * representations rather than the algorithm identifier (if possible).
-     */
-    String getDigestAlgName(
-        String digestAlgOID)
-    {
-        String algName = (String)digestAlgs.get(digestAlgOID);
-
-        if (algName != null)
-        {
-            return algName;
-        }
-
-        return digestAlgOID;
-    }
-
-    String[] getDigestAliases(
-        String algName)
-    {
-        String[] aliases = (String[])digestAliases.get(algName);
-
-        if (aliases != null)
-        {
-            return aliases;
-        }
-
-        return new String[0];
-    }
-
-    /**
-     * Return the digest encryption algorithm using one of the standard
-     * JCA string representations rather the the algorithm identifier (if
-     * possible).
-     */
-    String getEncryptionAlgName(
-        String encryptionAlgOID)
-    {
-        String algName = (String)encryptionAlgs.get(encryptionAlgOID);
-
-        if (algName != null)
-        {
-            return algName;
-        }
-
-        return encryptionAlgOID;
-    }
-    
-    MessageDigest getDigestInstance(
-        String algorithm, 
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        try
-        {
-            return createDigestInstance(algorithm, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            String[] aliases = getDigestAliases(algorithm);
-            for (int i = 0; i != aliases.length; i++)
-            {
-                try
-                {
-                    return createDigestInstance(aliases[i], provider);
-                }
-                catch (NoSuchAlgorithmException ex)
-                {
-                    // continue
-                }
-            }
-            if (provider != null)
-            {
-                return getDigestInstance(algorithm, null); // try rolling back
-            }
-            throw e;
-        }
-    }
-
-    private MessageDigest createDigestInstance(
-        String algorithm,
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return MessageDigest.getInstance(algorithm, provider);
-        }
-        else
-        {
-            return MessageDigest.getInstance(algorithm);
-        }
-    }
-
-    Signature getSignatureInstance(
-        String algorithm, 
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return Signature.getInstance(algorithm, provider);
-        }
-        else
-        {
-            return Signature.getInstance(algorithm);
-        }
-    }
-
-    X509Store createAttributeStore(
-        String type,
-        Provider provider,
-        ASN1Set certSet)
-        throws NoSuchStoreException, CMSException
-    {
-        List certs = new ArrayList();
-
-        if (certSet != null)
-        {
-            Enumeration e = certSet.getObjects();
-
-            while (e.hasMoreElements())
-            {
-                try
-                {
-                    DERObject obj = ((DEREncodable)e.nextElement()).getDERObject();
-
-                    if (obj instanceof ASN1TaggedObject)
-                    {
-                        ASN1TaggedObject tagged = (ASN1TaggedObject)obj;
-
-                        if (tagged.getTagNo() == 2)
-                        {
-                            certs.add(new X509V2AttributeCertificate(ASN1Sequence.getInstance(tagged, false).getEncoded()));
-                        }
-                    }
-                }
-                catch (IOException ex)
-                {
-                    throw new CMSException(
-                            "can't re-encode attribute certificate!", ex);
-                }
-            }
-        }
-
-        try
-        {
-            return X509Store.getInstance(
-                         "AttributeCertificate/" +type, new X509CollectionStoreParameters(certs), provider);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("can't setup the X509Store", e);
-        }
-    }
-
-    X509Store createCertificateStore(
-        String type,
-        Provider provider,
-        ASN1Set certSet)
-        throws NoSuchStoreException, CMSException
-    {
-        List certs = new ArrayList();
-
-        if (certSet != null)
-        {
-            addCertsFromSet(certs, certSet, provider);
-        }
-
-        try
-        {
-            return X509Store.getInstance(
-                         "Certificate/" +type, new X509CollectionStoreParameters(certs), provider);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("can't setup the X509Store", e);
-        }
-    }
-
-    X509Store createCRLsStore(
-        String type,
-        Provider provider,
-        ASN1Set crlSet)
-        throws NoSuchStoreException, CMSException
-    {
-        List crls = new ArrayList();
-
-        if (crlSet != null)
-        {
-            addCRLsFromSet(crls, crlSet, provider);
-        }
-
-        try
-        {
-            return X509Store.getInstance(
-                         "CRL/" +type, new X509CollectionStoreParameters(crls), provider);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("can't setup the X509Store", e);
-        }
-    }
-
-    CertStore createCertStore(
-        String type,
-        Provider provider,
-        ASN1Set certSet,
-        ASN1Set crlSet)
-        throws CMSException, NoSuchAlgorithmException
-    {
-        List certsAndcrls = new ArrayList();
-
-        //
-        // load the certificates and revocation lists if we have any
-        //
-
-        if (certSet != null)
-        {
-            addCertsFromSet(certsAndcrls, certSet, provider);
-        }
-
-        if (crlSet != null)
-        {
-            addCRLsFromSet(certsAndcrls, crlSet, provider);
-        }
-
-        try
-        {
-            if (provider != null)
-            {
-                return CertStore.getInstance(type, new CollectionCertStoreParameters(certsAndcrls), provider);
-            }
-            else
-            {
-                return CertStore.getInstance(type, new CollectionCertStoreParameters(certsAndcrls));
-            }
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("can't setup the CertStore", e);
-        }
-    }
-
-    private void addCertsFromSet(List certs, ASN1Set certSet, Provider provider)
-        throws CMSException
-    {
-        CertificateFactory cf;
-
-        try
-        {
-            if (provider != null)
-            {
-                cf = CertificateFactory.getInstance("X.509", provider);
-            }
-            else
-            {
-                cf = CertificateFactory.getInstance("X.509");
-            }
-        }
-        catch (CertificateException ex)
-        {
-            throw new CMSException("can't get certificate factory.", ex);
-        }
-        Enumeration e = certSet.getObjects();
-
-        while (e.hasMoreElements())
-        {
-            try
-            {
-                DERObject obj = ((DEREncodable)e.nextElement()).getDERObject();
-
-                if (obj instanceof ASN1Sequence)
-                {
-                    certs.add(cf.generateCertificate(
-                        new ByteArrayInputStream(obj.getEncoded())));
-                }
-            }
-            catch (IOException ex)
-            {
-                throw new CMSException(
-                        "can't re-encode certificate!", ex);
-            }
-            catch (CertificateException ex)
-            {
-                throw new CMSException(
-                        "can't re-encode certificate!", ex);
-            }
-        }
-    }
-
-    private void addCRLsFromSet(List crls, ASN1Set certSet, Provider provider)
-        throws CMSException
-    {
-        CertificateFactory cf;
-
-        try
-        {
-            if (provider != null)
-            {
-                cf = CertificateFactory.getInstance("X.509", provider);
-            }
-            else
-            {
-                cf = CertificateFactory.getInstance("X.509");
-            }
-        }
-        catch (CertificateException ex)
-        {
-            throw new CMSException("can't get certificate factory.", ex);
-        }
-        Enumeration e = certSet.getObjects();
-
-        while (e.hasMoreElements())
-        {
-            try
-            {
-                DERObject obj = ((DEREncodable)e.nextElement()).getDERObject();
-
-                crls.add(cf.generateCRL(
-                    new ByteArrayInputStream(obj.getEncoded())));
-            }
-            catch (IOException ex)
-            {
-                throw new CMSException("can't re-encode CRL!", ex);
-            }
-            catch (CRLException ex)
-            {
-                throw new CMSException("can't re-encode CRL!", ex);
-            }
-        }
-    }
-
-    AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId)
-    {
-        if (algId.getParameters() == null)
-        {
-            return new AlgorithmIdentifier(algId.getObjectId(), DERNull.INSTANCE);
-        }
-
-        return algId;
-    }
-
-    void setSigningEncryptionAlgorithmMapping(DERObjectIdentifier oid, String algorithmName)
-    {
-        encryptionAlgs.put(oid.getId(), algorithmName);
-    }
-
-    void setSigningDigestAlgorithmMapping(DERObjectIdentifier oid, String algorithmName)
-    {
-        digestAlgs.put(oid.getId(), algorithmName);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java
deleted file mode 100644
index 0db54bcb0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.cms;
-
-public class CMSSignerDigestMismatchException
-    extends CMSException
-{
-    public CMSSignerDigestMismatchException(
-        String msg)
-    {
-        super(msg);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSStreamException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSStreamException.java
deleted file mode 100644
index fff00489a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSStreamException.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-
-public class CMSStreamException
-    extends IOException
-{
-    private final Throwable underlying;
-
-    CMSStreamException(String msg)
-    {
-        super(msg);
-        this.underlying = null;
-    }
-
-    CMSStreamException(String msg, Throwable underlying)
-    {
-        super(msg);
-        this.underlying = underlying;
-    }
-
-    public Throwable getCause()
-    {
-        return underlying;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedData.java
deleted file mode 100644
index f7f0a9cd2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedData.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-
-public interface CMSTypedData
-    extends CMSProcessable
-{
-    ASN1ObjectIdentifier getContentType();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedStream.java
deleted file mode 100644
index eda3bde32..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSTypedStream.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.BufferedInputStream;
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.util.io.Streams;
-
-public class CMSTypedStream
-{
-    private static final int BUF_SIZ = 32 * 1024;
-    
-    private final ASN1ObjectIdentifier      _oid;
-    private final InputStream _in;
-
-    public CMSTypedStream(
-        InputStream in)
-    {
-        this(PKCSObjectIdentifiers.data.getId(), in, BUF_SIZ);
-    }
-    
-    public CMSTypedStream(
-         String oid,
-         InputStream in)
-    {
-        this(new ASN1ObjectIdentifier(oid), in, BUF_SIZ);
-    }
-    
-    public CMSTypedStream(
-        String      oid,
-        InputStream in,
-        int         bufSize)
-    {
-        this(new ASN1ObjectIdentifier(oid), in, bufSize);
-    }
-
-    public CMSTypedStream(
-         ASN1ObjectIdentifier oid,
-         InputStream in)
-    {
-        this(oid, in, BUF_SIZ);
-    }
-
-    public CMSTypedStream(
-        ASN1ObjectIdentifier      oid,
-        InputStream in,
-        int         bufSize)
-    {
-        _oid = oid;
-        _in = new FullReaderStream(new BufferedInputStream(in, bufSize));
-    }
-
-    public ASN1ObjectIdentifier getContentType()
-    {
-        return _oid;
-    }
-    
-    public InputStream getContentStream()
-    {
-        return _in;
-    }
-
-    public void drain() 
-        throws IOException
-    {
-        Streams.drain(_in);
-        _in.close();
-    }
-
-    private static class FullReaderStream extends FilterInputStream
-    {
-        FullReaderStream(InputStream in)
-        {
-            super(in);
-        }
-
-        public int read(byte[] buf, int off, int len) throws IOException
-        {
-            int totalRead = Streams.readFully(super.in, buf, off, len);
-            return totalRead > 0 ? totalRead : -1;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSUtils.java
deleted file mode 100644
index 0a4fad4dc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSUtils.java
+++ /dev/null
@@ -1,363 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.cert.CRLException;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BEROctetStringGenerator;
-import org.bouncycastle.asn1.BERSet;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CRLHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.io.Streams;
-import org.bouncycastle.util.io.TeeInputStream;
-import org.bouncycastle.util.io.TeeOutputStream;
-
-class CMSUtils
-{
-    private static final Runtime RUNTIME = Runtime.getRuntime();
-    
-    static int getMaximumMemory()
-    {
-        long maxMem = RUNTIME.maxMemory();
-        
-        if (maxMem > Integer.MAX_VALUE)
-        {
-            return Integer.MAX_VALUE;
-        }
-        
-        return (int)maxMem;
-    }
-    
-    static ContentInfo readContentInfo(
-        byte[] input)
-        throws CMSException
-    {
-        // enforce limit checking as from a byte array
-        return readContentInfo(new ASN1InputStream(input));
-    }
-
-    static ContentInfo readContentInfo(
-        InputStream input)
-        throws CMSException
-    {
-        // enforce some limit checking
-        return readContentInfo(new ASN1InputStream(input, getMaximumMemory()));
-    } 
-
-    static List getCertificatesFromStore(CertStore certStore)
-        throws CertStoreException, CMSException
-    {
-        List certs = new ArrayList();
-
-        try
-        {
-            for (Iterator it = certStore.getCertificates(null).iterator(); it.hasNext();)
-            {
-                X509Certificate c = (X509Certificate)it.next();
-
-                certs.add(X509CertificateStructure.getInstance(
-                                                       ASN1Object.fromByteArray(c.getEncoded())));
-            }
-
-            return certs;
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("error processing certs", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("error processing certs", e);
-        }
-        catch (CertificateEncodingException e)
-        {
-            throw new CMSException("error encoding certs", e);
-        }
-    }
-
-    static List getCertificatesFromStore(Store certStore)
-        throws CMSException
-    {
-        List certs = new ArrayList();
-
-        try
-        {
-            for (Iterator it = certStore.getMatches(null).iterator(); it.hasNext();)
-            {
-                X509CertificateHolder c = (X509CertificateHolder)it.next();
-
-                certs.add(c.toASN1Structure());
-            }
-
-            return certs;
-        }
-        catch (ClassCastException e)
-        {
-            throw new CMSException("error processing certs", e);
-        }
-    }
-
-    static List getAttributeCertificatesFromStore(Store attrStore)
-        throws CMSException
-    {
-        List certs = new ArrayList();
-
-        try
-        {
-            for (Iterator it = attrStore.getMatches(null).iterator(); it.hasNext();)
-            {
-                X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder)it.next();
-
-                certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure()));
-            }
-
-            return certs;
-        }
-        catch (ClassCastException e)
-        {
-            throw new CMSException("error processing certs", e);
-        }
-    }
-
-    static List getCRLsFromStore(CertStore certStore)
-        throws CertStoreException, CMSException
-    {
-        List crls = new ArrayList();
-
-        try
-        {
-            for (Iterator it = certStore.getCRLs(null).iterator(); it.hasNext();)
-            {
-                X509CRL c = (X509CRL)it.next();
-
-                crls.add(CertificateList.getInstance(ASN1Object.fromByteArray(c.getEncoded())));
-            }
-
-            return crls;
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("error processing crls", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("error processing crls", e);
-        }
-        catch (CRLException e)
-        {
-            throw new CMSException("error encoding crls", e);
-        }
-    }
-
-    static List getCRLsFromStore(Store crlStore)
-        throws CMSException
-    {
-        List certs = new ArrayList();
-
-        try
-        {
-            for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext();)
-            {
-                X509CRLHolder c = (X509CRLHolder)it.next();
-
-                certs.add(c.toASN1Structure());
-            }
-
-            return certs;
-        }
-        catch (ClassCastException e)
-        {
-            throw new CMSException("error processing certs", e);
-        }
-    }
-
-    static ASN1Set createBerSetFromList(List derObjects)
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        for (Iterator it = derObjects.iterator(); it.hasNext();)
-        {
-            v.add((DEREncodable)it.next());
-        }
-
-        return new BERSet(v);
-    }
-
-    static ASN1Set createDerSetFromList(List derObjects)
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        for (Iterator it = derObjects.iterator(); it.hasNext();)
-        {
-            v.add((DEREncodable)it.next());
-        }
-
-        return new DERSet(v);
-    }
-
-    static OutputStream createBEROctetOutputStream(OutputStream s,
-            int tagNo, boolean isExplicit, int bufferSize) throws IOException
-    {
-        BEROctetStringGenerator octGen = new BEROctetStringGenerator(s, tagNo, isExplicit);
-
-        if (bufferSize != 0)
-        {
-            return octGen.getOctetOutputStream(new byte[bufferSize]);
-        }
-
-        return octGen.getOctetOutputStream();
-    }
-
-    static TBSCertificateStructure getTBSCertificateStructure(
-        X509Certificate cert)
-    {
-        try
-        {
-            return TBSCertificateStructure.getInstance(
-                ASN1Object.fromByteArray(cert.getTBSCertificate()));
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException(
-                "can't extract TBS structure from this cert");
-        }
-    }
-
-    static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert)
-    {
-        TBSCertificateStructure tbsCert = getTBSCertificateStructure(cert);
-        return new IssuerAndSerialNumber(tbsCert.getIssuer(), tbsCert.getSerialNumber().getValue());
-    }
-
-    private static ContentInfo readContentInfo(
-        ASN1InputStream in)
-        throws CMSException
-    {
-        try
-        {
-            return ContentInfo.getInstance(in.readObject());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("IOException reading content.", e);
-        }
-        catch (ClassCastException e)
-        {
-            throw new CMSException("Malformed content.", e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("Malformed content.", e);
-        }
-    }
-    
-    public static byte[] streamToByteArray(
-        InputStream in) 
-        throws IOException
-    {
-        return Streams.readAll(in);
-    }
-
-    public static byte[] streamToByteArray(
-        InputStream in,
-        int         limit)
-        throws IOException
-    {
-        return Streams.readAllLimited(in, limit);
-    }
-
-    public static Provider getProvider(String providerName)
-        throws NoSuchProviderException
-    {
-        if (providerName != null)
-        {
-            Provider prov = Security.getProvider(providerName);
-
-            if (prov != null)
-            {
-                return prov;
-            }
-
-            throw new NoSuchProviderException("provider " + providerName + " not found.");
-        }
-
-        return null; 
-    }
-
-    static InputStream attachDigestsToInputStream(Collection digests, InputStream s)
-    {
-        InputStream result = s;
-        Iterator it = digests.iterator();
-        while (it.hasNext())
-        {
-            MessageDigest digest = (MessageDigest)it.next();
-            result = new TeeInputStream(result, new DigOutputStream(digest));
-        }
-        return result;
-    }
-
-    static OutputStream attachDigestsToOutputStream(Collection digests, OutputStream s)
-    {
-        OutputStream result = s;
-        Iterator it = digests.iterator();
-        while (it.hasNext())
-        {
-            MessageDigest digest = (MessageDigest)it.next();
-            result = getSafeTeeOutputStream(result, new DigOutputStream(digest));
-        }
-        return result;
-    }
-
-    static OutputStream attachSignersToOutputStream(Collection signers, OutputStream s)
-    {
-        OutputStream result = s;
-        Iterator it = signers.iterator();
-        while (it.hasNext())
-        {
-            SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next();
-            result = getSafeTeeOutputStream(result, signerGen.getCalculatingOutputStream());
-        }
-        return result;
-    }
-
-    static OutputStream getSafeOutputStream(OutputStream s)
-    {
-        return s == null ? new NullOutputStream() : s;
-    }
-
-    static OutputStream getSafeTeeOutputStream(OutputStream s1,
-            OutputStream s2)
-    {
-        return s1 == null ? getSafeOutputStream(s2)
-                : s2 == null ? getSafeOutputStream(s1) : new TeeOutputStream(
-                        s1, s2);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java
deleted file mode 100644
index 6bd8c0ace..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.cms;
-
-public class CMSVerifierCertificateNotValidException
-    extends CMSException
-{
-    public CMSVerifierCertificateNotValidException(
-        String msg)
-    {
-        super(msg);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CounterSignatureDigestCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CounterSignatureDigestCalculator.java
deleted file mode 100644
index 62574590e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/CounterSignatureDigestCalculator.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-
-
-class CounterSignatureDigestCalculator
-    implements IntDigestCalculator
-{
-    private final String alg;
-    private final Provider provider;
-    private final byte[] data;
-
-    CounterSignatureDigestCalculator(String alg, Provider provider, byte[] data)
-    {
-        this.alg = alg;
-        this.provider = provider;
-        this.data = data;
-    }
-
-    public byte[] getDigest()
-        throws NoSuchAlgorithmException
-    {
-        MessageDigest digest = CMSSignedHelper.INSTANCE.getDigestInstance(alg, provider);
-
-        return digest.digest(data);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java
deleted file mode 100644
index e4fd5d09f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.util.Hashtable;
-import java.util.Map;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-
-/**
- * Default authenticated attributes generator.
- */
-public class DefaultAuthenticatedAttributeTableGenerator
-    implements CMSAttributeTableGenerator
-{
-    private final Hashtable table;
-
-    /**
-     * Initialise to use all defaults
-     */
-    public DefaultAuthenticatedAttributeTableGenerator()
-    {
-        table = new Hashtable();
-    }
-
-    /**
-     * Initialise with some extra attributes or overrides.
-     *
-     * @param attributeTable initial attribute table to use.
-     */
-    public DefaultAuthenticatedAttributeTableGenerator(
-        AttributeTable attributeTable)
-    {
-        if (attributeTable != null)
-        {
-            table = attributeTable.toHashtable();
-        }
-        else
-        {
-            table = new Hashtable();
-        }
-    }
-
-    /**
-     * Create a standard attribute table from the passed in parameters - this will
-     * normally include contentType and messageDigest. If the constructor
-     * using an AttributeTable was used, entries in it for contentType and
-     * messageDigest will override the generated ones.
-     *
-     * @param parameters source parameters for table generation.
-     *
-     * @return a filled in Hashtable of attributes.
-     */
-    protected Hashtable createStandardAttributeTable(
-        Map parameters)
-    {
-        Hashtable std = (Hashtable)table.clone();
-
-        if (!std.containsKey(CMSAttributes.contentType))
-        {
-            DERObjectIdentifier contentType = (DERObjectIdentifier)
-                parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE);
-            Attribute attr = new Attribute(CMSAttributes.contentType,
-                new DERSet(contentType));
-            std.put(attr.getAttrType(), attr);
-        }
-
-        if (!std.containsKey(CMSAttributes.messageDigest))
-        {
-            byte[] messageDigest = (byte[])parameters.get(
-                CMSAttributeTableGenerator.DIGEST);
-            Attribute attr = new Attribute(CMSAttributes.messageDigest,
-                new DERSet(new DEROctetString(messageDigest)));
-            std.put(attr.getAttrType(), attr);
-        }
-
-        return std;
-    }
-
-    /**
-     * @param parameters source parameters
-     * @return the populated attribute table
-     */
-    public AttributeTable getAttributes(Map parameters)
-    {
-        return new AttributeTable(createStandardAttributeTable(parameters));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java
deleted file mode 100644
index 965d12177..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Map;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.Time;
-
-/**
- * Default signed attributes generator.
- */
-public class DefaultSignedAttributeTableGenerator
-    implements CMSAttributeTableGenerator
-{
-    private final Hashtable table;
-
-    /**
-     * Initialise to use all defaults
-     */
-    public DefaultSignedAttributeTableGenerator()
-    {
-        table = new Hashtable();
-    }
-
-    /**
-     * Initialise with some extra attributes or overrides.
-     *
-     * @param attributeTable initial attribute table to use.
-     */
-    public DefaultSignedAttributeTableGenerator(
-        AttributeTable attributeTable)
-    {
-        if (attributeTable != null)
-        {
-            table = attributeTable.toHashtable();
-        }
-        else
-        {
-            table = new Hashtable();
-        }
-    }
-
-    /**
-     * Create a standard attribute table from the passed in parameters - this will
-     * normally include contentType, signingTime, and messageDigest. If the constructor
-     * using an AttributeTable was used, entries in it for contentType, signingTime, and
-     * messageDigest will override the generated ones.
-     *
-     * @param parameters source parameters for table generation.
-     *
-     * @return a filled in Hashtable of attributes.
-     */
-    protected Hashtable createStandardAttributeTable(
-        Map parameters)
-    {
-        Hashtable std = (Hashtable)table.clone();
-
-        if (!std.containsKey(CMSAttributes.contentType))
-        {
-            DERObjectIdentifier contentType = (DERObjectIdentifier)
-                parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE);
-
-            // contentType will be null if we're trying to generate a counter signature.
-            if (contentType != null)
-            {
-                Attribute attr = new Attribute(CMSAttributes.contentType,
-                    new DERSet(contentType));
-                std.put(attr.getAttrType(), attr);
-            }
-        }
-
-        if (!std.containsKey(CMSAttributes.signingTime))
-        {
-            Date signingTime = new Date();
-            Attribute attr = new Attribute(CMSAttributes.signingTime,
-                new DERSet(new Time(signingTime)));
-            std.put(attr.getAttrType(), attr);
-        }
-
-        if (!std.containsKey(CMSAttributes.messageDigest))
-        {
-            byte[] messageDigest = (byte[])parameters.get(
-                CMSAttributeTableGenerator.DIGEST);
-            Attribute attr = new Attribute(CMSAttributes.messageDigest,
-                new DERSet(new DEROctetString(messageDigest)));
-            std.put(attr.getAttrType(), attr);
-        }
-
-        return std;
-    }
-
-    /**
-     * @param parameters source parameters
-     * @return the populated attribute table
-     */
-    public AttributeTable getAttributes(Map parameters)
-    {
-        return new AttributeTable(createStandardAttributeTable(parameters));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DigOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DigOutputStream.java
deleted file mode 100644
index b0f07043f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/DigOutputStream.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-
-class DigOutputStream extends OutputStream
-{
-    private final MessageDigest dig;
-
-    DigOutputStream(MessageDigest dig)
-    {
-        this.dig = dig;
-    }
-
-    public void write(byte[] b, int off, int len) throws IOException
-    {
-        dig.update(b, off, len);
-    }
-
-    public void write(int b) throws IOException
-    {
-        dig.update((byte) b);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntDigestCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntDigestCalculator.java
deleted file mode 100644
index aca85533e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntDigestCalculator.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.NoSuchAlgorithmException;
-
-interface IntDigestCalculator
-{
-    byte[] getDigest()
-        throws NoSuchAlgorithmException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntRecipientInfoGenerator.java
deleted file mode 100644
index f642246d3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/IntRecipientInfoGenerator.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.cms.RecipientInfo;
-
-interface IntRecipientInfoGenerator
-{
-    /**
-     * Generate a RecipientInfo object for the given key.
-     * @param contentEncryptionKey the SecretKey to encrypt
-     * @param random a source of randomness
-     * @param prov the default provider to use
-     * @return a RecipientInfo object for the given key
-     * @throws GeneralSecurityException
-     */
-    RecipientInfo generate(SecretKey contentEncryptionKey, SecureRandom random,
-        Provider prov) throws GeneralSecurityException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKIntRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKIntRecipientInfoGenerator.java
deleted file mode 100644
index 9273beef2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKIntRecipientInfoGenerator.java
+++ /dev/null
@@ -1,134 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.KEKIdentifier;
-import org.bouncycastle.asn1.cms.KEKRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-class KEKIntRecipientInfoGenerator
-    implements IntRecipientInfoGenerator
-{
-    private SecretKey keyEncryptionKey;
-    private KEKIdentifier kekIdentifier;
-
-    // Derived
-    private AlgorithmIdentifier keyEncryptionAlgorithm;
-
-    KEKIntRecipientInfoGenerator()
-    {
-    }
-
-    void setKeyEncryptionKey(SecretKey keyEncryptionKey)
-    {
-        this.keyEncryptionKey = keyEncryptionKey;
-        this.keyEncryptionAlgorithm = determineKeyEncAlg(keyEncryptionKey);
-    }
-
-    void setKEKIdentifier(KEKIdentifier kekIdentifier)
-    {
-        this.kekIdentifier = kekIdentifier;
-    }
-
-    public RecipientInfo generate(SecretKey contentEncryptionKey, SecureRandom random,
-            Provider prov) throws GeneralSecurityException
-    {
-        Cipher keyEncryptionCipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(
-            keyEncryptionAlgorithm.getObjectId().getId(), prov);
-        keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
-        byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(contentEncryptionKey);
-        ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
-
-        return new RecipientInfo(new KEKRecipientInfo(kekIdentifier, keyEncryptionAlgorithm, encryptedKey));
-    }
-
-    private static AlgorithmIdentifier determineKeyEncAlg(SecretKey key)
-    {
-        String algorithm = key.getAlgorithm();
-
-        if (algorithm.startsWith("DES"))
-        {
-            return new AlgorithmIdentifier(new DERObjectIdentifier(
-                    "1.2.840.113549.1.9.16.3.6"), new DERNull());
-        }
-        else if (algorithm.startsWith("RC2"))
-        {
-            return new AlgorithmIdentifier(new DERObjectIdentifier(
-                    "1.2.840.113549.1.9.16.3.7"), new DERInteger(58));
-        }
-        else if (algorithm.startsWith("AES"))
-        {
-            int length = key.getEncoded().length * 8;
-            DERObjectIdentifier wrapOid;
-
-            if (length == 128)
-            {
-                wrapOid = NISTObjectIdentifiers.id_aes128_wrap;
-            }
-            else if (length == 192)
-            {
-                wrapOid = NISTObjectIdentifiers.id_aes192_wrap;
-            }
-            else if (length == 256)
-            {
-                wrapOid = NISTObjectIdentifiers.id_aes256_wrap;
-            }
-            else
-            {
-                throw new IllegalArgumentException("illegal keysize in AES");
-            }
-
-            return new AlgorithmIdentifier(wrapOid); // parameters absent
-        }
-        else if (algorithm.startsWith("SEED"))
-        {
-            // parameters absent
-            return new AlgorithmIdentifier(
-                    KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
-        }
-        else if (algorithm.startsWith("Camellia"))
-        {
-            int length = key.getEncoded().length * 8;
-            DERObjectIdentifier wrapOid;
-
-            if (length == 128)
-            {
-                wrapOid = NTTObjectIdentifiers.id_camellia128_wrap;
-            }
-            else if (length == 192)
-            {
-                wrapOid = NTTObjectIdentifiers.id_camellia192_wrap;
-            }
-            else if (length == 256)
-            {
-                wrapOid = NTTObjectIdentifiers.id_camellia256_wrap;
-            }
-            else
-            {
-                throw new IllegalArgumentException(
-                        "illegal keysize in Camellia");
-            }
-
-            return new AlgorithmIdentifier(wrapOid); // parameters must be
-                                                     // absent
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown algorithm");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipient.java
deleted file mode 100644
index b9679b3d0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipient.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface KEKRecipient
-    extends Recipient
-{
-    RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey)
-        throws CMSException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientId.java
deleted file mode 100644
index 3939376e0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientId.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.util.Arrays;
-
-public class KEKRecipientId
-    extends RecipientId
-{
-    private byte[] keyIdentifier;
-
-    /**
-     * Construct a recipient ID with the key identifier of a KEK recipient.
-     *
-     * @param keyIdentifier a subjectKeyId
-     */
-    public KEKRecipientId(byte[] keyIdentifier)
-    {
-        super(kek);
-
-        this.keyIdentifier = keyIdentifier;
-    }
-
-    public int hashCode()
-    {
-        return Arrays.hashCode(keyIdentifier);
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof KEKRecipientId))
-        {
-            return false;
-        }
-
-        KEKRecipientId id = (KEKRecipientId)o;
-
-        return Arrays.areEqual(keyIdentifier, id.keyIdentifier);
-    }
-
-    public boolean match(Object obj)
-    {
-        if (obj instanceof byte[])
-        {
-            return Arrays.areEqual(keyIdentifier, (byte[])obj);
-        }
-        else if (obj instanceof KEKRecipientInformation)
-        {
-            return ((KEKRecipientInformation)obj).getRID().equals(this);
-        }
-
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java
deleted file mode 100644
index e3bff3ca6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.KEKIdentifier;
-import org.bouncycastle.asn1.cms.KEKRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-import org.bouncycastle.operator.SymmetricKeyWrapper;
-
-public abstract class KEKRecipientInfoGenerator
-    implements RecipientInfoGenerator
-{
-    private final KEKIdentifier kekIdentifier;
-
-    protected final SymmetricKeyWrapper wrapper;
-
-    protected KEKRecipientInfoGenerator(KEKIdentifier kekIdentifier, SymmetricKeyWrapper wrapper)
-    {
-        this.kekIdentifier = kekIdentifier;
-        this.wrapper = wrapper;
-    }
-
-    public final RecipientInfo generate(GenericKey contentEncryptionKey)
-        throws CMSException
-    {
-        try
-        {
-            ASN1OctetString encryptedKey = new DEROctetString(wrapper.generateWrappedKey(contentEncryptionKey));
-
-            return new RecipientInfo(new KEKRecipientInfo(kekIdentifier, wrapper.getAlgorithmIdentifier(), encryptedKey));
-        }
-        catch (OperatorException e)
-        {
-            throw new CMSException("exception wrapping content key: " + e.getMessage(), e);
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java
deleted file mode 100644
index 1b8d8d275..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-
-import org.bouncycastle.asn1.cms.KEKIdentifier;
-import org.bouncycastle.asn1.cms.KEKRecipientInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * the RecipientInfo class for a recipient who has been sent a message
- * encrypted using a secret key known to the other side.
- */
-public class KEKRecipientInformation
-    extends RecipientInformation
-{
-    private KEKRecipientInfo      info;
-
-    KEKRecipientInformation(
-        KEKRecipientInfo        info,
-        AlgorithmIdentifier     messageAlgorithm,
-        CMSSecureReadable       secureReadable,
-        AuthAttributesProvider  additionalData)
-    {
-        super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData);
-
-        this.info = info;
-
-        KEKIdentifier kekId = info.getKekid();
-
-        this.rid = new KEKRecipientId(kekId.getKeyIdentifier().getOctets());
-    }
-
-    /**
-     * decrypt the content and return an input stream.
-     */
-    public CMSTypedStream getContentStream(
-        Key      key,
-        String   prov)
-        throws CMSException, NoSuchProviderException
-    {
-        return getContentStream(key, CMSUtils.getProvider(prov));
-    }
-
-    /**
-     * decrypt the content and return an input stream.
-     */
-    public CMSTypedStream getContentStream(
-        Key      key,
-        Provider prov)
-        throws CMSException
-    {
-        try
-        {
-            Cipher keyCipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(
-                keyEncAlg.getObjectId().getId(), prov);
-            keyCipher.init(Cipher.UNWRAP_MODE, key);
-            Key sKey = keyCipher.unwrap(info.getEncryptedKey().getOctets(), getContentAlgorithmName(),
-                Cipher.SECRET_KEY);
-
-            return getContentFromSessionKey(sKey, prov);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-    }
-
-    protected RecipientOperator getRecipientOperator(Recipient recipient)
-        throws CMSException, IOException
-    {
-        return ((KEKRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, info.getEncryptedKey().getOctets());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeIntRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeIntRecipientInfoGenerator.java
deleted file mode 100644
index 5c9cbfa40..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeIntRecipientInfoGenerator.java
+++ /dev/null
@@ -1,181 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
-import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey;
-import org.bouncycastle.asn1.cms.OriginatorPublicKey;
-import org.bouncycastle.asn1.cms.RecipientEncryptedKey;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.MQVPrivateKeySpec;
-import org.bouncycastle.jce.spec.MQVPublicKeySpec;
-
-class KeyAgreeIntRecipientInfoGenerator
-    implements IntRecipientInfoGenerator
-{
-    private DERObjectIdentifier keyAgreementOID;
-    private DERObjectIdentifier keyEncryptionOID;
-    private ArrayList recipientCerts;
-    private KeyPair senderKeyPair;
-
-    KeyAgreeIntRecipientInfoGenerator()
-    {
-    }
-
-    void setKeyAgreementOID(DERObjectIdentifier keyAgreementOID)
-    {
-        this.keyAgreementOID = keyAgreementOID;
-    }
-
-    void setKeyEncryptionOID(DERObjectIdentifier keyEncryptionOID)
-    {
-        this.keyEncryptionOID = keyEncryptionOID;
-    }
-
-    void setRecipientCerts(Collection recipientCerts)
-    {
-        this.recipientCerts = new ArrayList(recipientCerts);
-    }
-
-    void setSenderKeyPair(KeyPair senderKeyPair)
-    {
-        this.senderKeyPair = senderKeyPair;
-    }
-
-    public RecipientInfo generate(SecretKey contentEncryptionKey, SecureRandom random,
-            Provider prov) throws GeneralSecurityException
-    {
-        PublicKey senderPublicKey = senderKeyPair.getPublic();
-        PrivateKey senderPrivateKey = senderKeyPair.getPrivate();
-
-
-        OriginatorIdentifierOrKey originator;
-        try
-        {
-            originator = new OriginatorIdentifierOrKey(
-                createOriginatorPublicKey(senderPublicKey));
-        }
-        catch (IOException e)
-        {
-            throw new InvalidKeyException("cannot extract originator public key: " + e);
-        }
-
-
-        ASN1OctetString ukm = null;
-        if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF))
-        {
-            try
-            {
-                ECParameterSpec ecParamSpec = ((ECPublicKey)senderPublicKey).getParameters();
-
-                KeyPairGenerator ephemKPG = KeyPairGenerator.getInstance(
-                    keyAgreementOID.getId(), prov);
-                ephemKPG.initialize(ecParamSpec, random);
-
-                KeyPair ephemKP = ephemKPG.generateKeyPair();
-
-                ukm = new DEROctetString(
-                    new MQVuserKeyingMaterial(
-                        createOriginatorPublicKey(ephemKP.getPublic()), null));
-
-                senderPrivateKey = new MQVPrivateKeySpec(
-                    senderPrivateKey, ephemKP.getPrivate(), ephemKP.getPublic());
-            }
-            catch (InvalidAlgorithmParameterException e)
-            {
-                throw new InvalidKeyException(
-                    "cannot determine MQV ephemeral key pair parameters from public key: " + e);
-            }
-            catch (IOException e)
-            {
-                throw new InvalidKeyException("cannot extract MQV ephemeral public key: " + e);
-            }
-        }
-
-
-        ASN1EncodableVector params = new ASN1EncodableVector();
-        params.add(keyEncryptionOID);
-        params.add(DERNull.INSTANCE);
-        AlgorithmIdentifier keyEncAlg = new AlgorithmIdentifier(keyAgreementOID,
-            new DERSequence(params));
-
-
-        ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
-        Iterator it = recipientCerts.iterator();
-        while (it.hasNext())
-        {
-            X509Certificate recipientCert = (X509Certificate)it.next();
-
-            // TODO Should there be a SubjectKeyIdentifier-based alternative?
-            KeyAgreeRecipientIdentifier karid = new KeyAgreeRecipientIdentifier(
-                CMSUtils.getIssuerAndSerialNumber(recipientCert));
-
-            PublicKey recipientPublicKey = recipientCert.getPublicKey();
-
-            if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF))
-            {
-                recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey);
-            }
-
-            // Use key agreement to choose a wrap key for this recipient
-            KeyAgreement keyAgreement = KeyAgreement.getInstance(keyAgreementOID.getId(), prov);
-            keyAgreement.init(senderPrivateKey, random);
-            keyAgreement.doPhase(recipientPublicKey, true);
-            SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionOID.getId());
-
-            // Wrap the content encryption key with the agreement key
-            Cipher keyEncryptionCipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(
-                keyEncryptionOID.getId(), prov);
-            keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
-            byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(contentEncryptionKey);
-
-            ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
-
-            recipientEncryptedKeys.add(new RecipientEncryptedKey(karid, encryptedKey));
-        }
-
-        return new RecipientInfo(new KeyAgreeRecipientInfo(originator, ukm,
-                keyEncAlg, new DERSequence(recipientEncryptedKeys)));
-    }
-
-    // TODO Make this a public helper?
-    private static OriginatorPublicKey createOriginatorPublicKey(PublicKey publicKey)
-        throws IOException
-    {
-        SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(
-            ASN1Object.fromByteArray(publicKey.getEncoded()));
-        return new OriginatorPublicKey(
-            new AlgorithmIdentifier(spki.getAlgorithmId().getObjectId(), DERNull.INSTANCE),
-            spki.getPublicKeyData().getBytes());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java
deleted file mode 100644
index 08d838045..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-public interface KeyAgreeRecipient
-    extends Recipient
-{
-    RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey)
-        throws CMSException;
-
-    AlgorithmIdentifier getPrivateKeyAlgorithmIdentifier();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java
deleted file mode 100644
index d9c82c005..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.util.Arrays;
-
-public class KeyAgreeRecipientId
-    extends RecipientId
-{
-    private byte[] subjectKeyId;
-
-    private X500Name issuer;
-    private BigInteger serialNumber;
-
-    /**
-     * Construct a key agree recipient ID with the value of a public key's subjectKeyId.
-     *
-     * @param subjectKeyId a subjectKeyId
-     */
-    public KeyAgreeRecipientId(byte[] subjectKeyId)
-    {
-        super(keyAgree);
-        super.setSubjectKeyIdentifier(new DEROctetString(subjectKeyId).getDEREncoded());
-
-        this.subjectKeyId = subjectKeyId;
-    }
-
-    /**
-     * Construct a key agree recipient ID based on the issuer and serial number of the recipient's associated
-     * certificate.
-     *
-     * @param issuer the issuer of the recipient's associated certificate.
-     * @param serialNumber the serial number of the recipient's associated certificate.
-     */
-    public KeyAgreeRecipientId(X500Name issuer, BigInteger serialNumber)
-    {
-        super(keyAgree);
-        this.issuer = issuer;
-        this.serialNumber = serialNumber;
-
-        try
-        {
-            this.setIssuer(issuer.getDEREncoded());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid issuer: " + e.getMessage());
-        }
-        this.setSerialNumber(serialNumber);
-    }
-
-    public int hashCode()
-    {
-        int code = Arrays.hashCode(subjectKeyId);
-
-        if (this.serialNumber != null)
-        {
-            code ^= this.serialNumber.hashCode();
-        }
-
-        if (this.issuer != null)
-        {
-            code ^= this.issuer.hashCode();
-        }
-
-        return code;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof KeyAgreeRecipientId))
-        {
-            return false;
-        }
-
-        KeyAgreeRecipientId id = (KeyAgreeRecipientId)o;
-
-        return Arrays.areEqual(subjectKeyId, id.subjectKeyId)
-            && equalsObj(this.serialNumber, id.serialNumber)
-            && equalsObj(this.issuer, id.issuer);
-    }
-
-    private boolean equalsObj(Object a, Object b)
-    {
-        return (a != null) ? a.equals(b) : b == null;
-    }
-
-    public boolean match(Object obj)
-    {
-        if (obj instanceof X509CertificateHolder)
-        {
-            X509CertificateHolder certHldr = (X509CertificateHolder)obj;
-
-            if (this.getSerialNumber() != null)
-            {
-                IssuerAndSerialNumber iAndS = certHldr.getIssuerAndSerialNumber();
-
-                return iAndS.getName().equals(this.issuer)
-                    && iAndS.getSerialNumber().getValue().equals(this.getSerialNumber());
-            }
-            else if (this.getSubjectKeyIdentifier() != null)
-            {
-                X509Extension ext = certHldr.getExtension(X509Extension.subjectKeyIdentifier);
-
-                if (ext == null)
-                {
-                    Digest dig = new SHA1Digest();
-                    byte[] hash = new byte[dig.getDigestSize()];
-                    byte[] spkiEnc = certHldr.getSubjectPublicKeyInfo().getDEREncoded();
-
-                    // try the outlook 2010 calculation
-                    dig.update(spkiEnc, 0, spkiEnc.length);
-
-                    dig.doFinal(hash, 0);
-
-                    return Arrays.areEqual(subjectKeyId, hash);
-                }
-
-                byte[] subKeyID = ASN1OctetString.getInstance(ext.getParsedValue()).getOctets();
-
-                return Arrays.areEqual(subjectKeyId, subKeyID);
-            }
-        }
-        else if (obj instanceof byte[])
-        {
-            return Arrays.areEqual(subjectKeyId, (byte[])obj);
-        }
-        else if (obj instanceof KeyAgreeRecipientInformation)
-        {
-            return ((KeyAgreeRecipientInformation)obj).getRID().equals(this);
-        }
-
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java
deleted file mode 100644
index aa3536bee..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
-import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey;
-import org.bouncycastle.asn1.cms.OriginatorPublicKey;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.GenericKey;
-
-public abstract class KeyAgreeRecipientInfoGenerator
-    implements RecipientInfoGenerator
-{
-    private ASN1ObjectIdentifier keyAgreementOID;
-    private ASN1ObjectIdentifier keyEncryptionOID;
-    private SubjectPublicKeyInfo originatorKeyInfo;
-
-    protected KeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, SubjectPublicKeyInfo originatorKeyInfo, ASN1ObjectIdentifier keyEncryptionOID)
-    {
-        this.originatorKeyInfo = originatorKeyInfo;
-        this.keyAgreementOID = keyAgreementOID;
-        this.keyEncryptionOID = keyEncryptionOID;
-    }
-
-    public RecipientInfo generate(GenericKey contentEncryptionKey)
-        throws CMSException
-    {
-        OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(
-                createOriginatorPublicKey(originatorKeyInfo));
-
-        ASN1EncodableVector params = new ASN1EncodableVector();
-        params.add(keyEncryptionOID);
-        params.add(DERNull.INSTANCE);
-        AlgorithmIdentifier keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, DERNull.INSTANCE);
-        AlgorithmIdentifier keyAgreeAlg = new AlgorithmIdentifier(keyAgreementOID, keyEncAlg);
-
-        ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlg, keyEncAlg, contentEncryptionKey);
-        ASN1Encodable userKeyingMaterial = getUserKeyingMaterial(keyAgreeAlg);
-
-        if (userKeyingMaterial != null)
-        {
-            return new RecipientInfo(new KeyAgreeRecipientInfo(originator, new DEROctetString(userKeyingMaterial),
-                keyAgreeAlg, recipients));
-        }
-        else
-        {
-            return new RecipientInfo(new KeyAgreeRecipientInfo(originator, null,
-                keyAgreeAlg, recipients));
-        }
-    }
-
-    protected OriginatorPublicKey createOriginatorPublicKey(SubjectPublicKeyInfo originatorKeyInfo)
-    {
-        return new OriginatorPublicKey(
-            new AlgorithmIdentifier(originatorKeyInfo.getAlgorithmId().getAlgorithm(), DERNull.INSTANCE),
-            originatorKeyInfo.getPublicKeyData().getBytes());
-    }
-
-    protected abstract ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncAlgorithm, GenericKey contentEncryptionKey)
-        throws CMSException;
-
-    protected abstract ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlgorithm)
-        throws CMSException;
-
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java
deleted file mode 100644
index 82197cbbd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java
+++ /dev/null
@@ -1,273 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.List;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
-import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey;
-import org.bouncycastle.asn1.cms.OriginatorPublicKey;
-import org.bouncycastle.asn1.cms.RecipientEncryptedKey;
-import org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
-import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.jce.spec.MQVPrivateKeySpec;
-import org.bouncycastle.jce.spec.MQVPublicKeySpec;
-
-/**
- * the RecipientInfo class for a recipient who has been sent a message
- * encrypted using key agreement.
- */
-public class KeyAgreeRecipientInformation
-    extends RecipientInformation
-{
-    private KeyAgreeRecipientInfo info;
-    private ASN1OctetString       encryptedKey;
-
-    static void readRecipientInfo(List infos, KeyAgreeRecipientInfo info,
-        AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData)
-    {
-        ASN1Sequence s = info.getRecipientEncryptedKeys();
-
-        for (int i = 0; i < s.size(); ++i)
-        {
-            RecipientEncryptedKey id = RecipientEncryptedKey.getInstance(
-                s.getObjectAt(i));
-
-            RecipientId rid;
-
-            KeyAgreeRecipientIdentifier karid = id.getIdentifier();
-            IssuerAndSerialNumber iAndSN = karid.getIssuerAndSerialNumber();
-
-            if (iAndSN != null)
-            {
-                rid = new KeyAgreeRecipientId(iAndSN.getName(), iAndSN.getSerialNumber().getValue());
-            }
-            else
-            {
-                RecipientKeyIdentifier rKeyID = karid.getRKeyID();
-
-                // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational
-
-                rid = new KeyAgreeRecipientId(rKeyID.getSubjectKeyIdentifier().getOctets());
-            }
-
-            infos.add(new KeyAgreeRecipientInformation(info, rid, id.getEncryptedKey(), messageAlgorithm,
-                secureReadable, additionalData));
-        }
-    }
-
-    KeyAgreeRecipientInformation(
-        KeyAgreeRecipientInfo   info,
-        RecipientId             rid,
-        ASN1OctetString         encryptedKey,
-        AlgorithmIdentifier     messageAlgorithm,
-        CMSSecureReadable       secureReadable,
-        AuthAttributesProvider  additionalData)
-    {
-        super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData);
-
-        this.info = info;
-        this.rid = rid;
-        this.encryptedKey = encryptedKey;
-    }
-
-    private SubjectPublicKeyInfo getSenderPublicKeyInfo(AlgorithmIdentifier recKeyAlgId,
-        OriginatorIdentifierOrKey originator)
-        throws CMSException, IOException
-    {
-        OriginatorPublicKey opk = originator.getOriginatorKey();
-        if (opk != null)
-        {
-            return getPublicKeyInfoFromOriginatorPublicKey(recKeyAlgId, opk);
-        }
-
-        OriginatorId origID = new OriginatorId();
-
-        IssuerAndSerialNumber iAndSN = originator.getIssuerAndSerialNumber();
-        if (iAndSN != null)
-        {
-            origID.setIssuer(iAndSN.getName().getEncoded());
-            origID.setSerialNumber(iAndSN.getSerialNumber().getValue());
-        }
-        else
-        {
-            SubjectKeyIdentifier ski = originator.getSubjectKeyIdentifier();
-
-            origID.setSubjectKeyIdentifier(ski.getKeyIdentifier());
-        }
-
-        return getPublicKeyInfoFromOriginatorId(origID);
-    }
-
-    private SubjectPublicKeyInfo getPublicKeyInfoFromOriginatorPublicKey(AlgorithmIdentifier recKeyAlgId,
-            OriginatorPublicKey originatorPublicKey)
-    {
-        SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(
-            recKeyAlgId,
-            originatorPublicKey.getPublicKey().getBytes());
-
-        return pubInfo;
-    }
-
-    private SubjectPublicKeyInfo getPublicKeyInfoFromOriginatorId(OriginatorId origID)
-            throws CMSException
-    {
-        // TODO Support all alternatives for OriginatorIdentifierOrKey
-        // see RFC 3852 6.2.2
-        throw new CMSException("No support for 'originator' as IssuerAndSerialNumber or SubjectKeyIdentifier");
-    }
-
-    private PublicKey getSenderPublicKey(Key receiverPrivateKey,
-        OriginatorIdentifierOrKey originator, Provider prov)
-        throws CMSException, GeneralSecurityException, IOException
-    {
-        SubjectPublicKeyInfo pubInfo = getSenderPublicKeyInfo(PrivateKeyInfo.getInstance(receiverPrivateKey.getEncoded()).getAlgorithmId(), originator);
-
-        X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
-        KeyFactory fact = KeyFactory.getInstance(keyEncAlg.getAlgorithm().getId(), prov);
-        return fact.generatePublic(pubSpec);
-    }
-
-    private PublicKey getPublicKeyFromOriginatorPublicKey(Key receiverPrivateKey,
-            OriginatorPublicKey originatorPublicKey, Provider prov)
-            throws CMSException, GeneralSecurityException, IOException
-    {
-        SubjectPublicKeyInfo pubInfo = getPublicKeyInfoFromOriginatorPublicKey(PrivateKeyInfo.getInstance(receiverPrivateKey.getEncoded()).getAlgorithmId(), originatorPublicKey);
-
-        X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
-        KeyFactory fact = KeyFactory.getInstance(keyEncAlg.getAlgorithm().getId(), prov);
-        return fact.generatePublic(pubSpec);
-    }
-
-    private SecretKey calculateAgreedWrapKey(String wrapAlg,
-        PublicKey senderPublicKey, PrivateKey receiverPrivateKey, Provider prov)
-        throws CMSException, GeneralSecurityException, IOException
-    {
-        String agreeAlg = keyEncAlg.getAlgorithm().getId();
-
-        if (agreeAlg.equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF))
-        {
-            byte[] ukmEncoding = info.getUserKeyingMaterial().getOctets();
-            MQVuserKeyingMaterial ukm = MQVuserKeyingMaterial.getInstance(
-                ASN1Object.fromByteArray(ukmEncoding));
-
-            PublicKey ephemeralKey = getPublicKeyFromOriginatorPublicKey(receiverPrivateKey,
-                ukm.getEphemeralPublicKey(), prov);
-
-            senderPublicKey = new MQVPublicKeySpec(senderPublicKey, ephemeralKey);
-            receiverPrivateKey = new MQVPrivateKeySpec(receiverPrivateKey, receiverPrivateKey);
-        }
-
-        KeyAgreement agreement = KeyAgreement.getInstance(agreeAlg, prov);
-        agreement.init(receiverPrivateKey);
-        agreement.doPhase(senderPublicKey, true);
-        return agreement.generateSecret(wrapAlg);
-    }
-
-    private Key unwrapSessionKey(String wrapAlg, SecretKey agreedKey,
-        Provider prov)
-        throws GeneralSecurityException
-    {
-        Cipher keyCipher = CMSEnvelopedHelper.INSTANCE.createSymmetricCipher(wrapAlg, prov);
-        keyCipher.init(Cipher.UNWRAP_MODE, agreedKey);
-        return keyCipher.unwrap(encryptedKey.getOctets(), getContentAlgorithmName(), Cipher.SECRET_KEY);
-    }
-
-    protected Key getSessionKey(Key receiverPrivateKey, Provider prov)
-        throws CMSException
-    {
-        try
-        {
-            String wrapAlg = 
-                AlgorithmIdentifier.getInstance(keyEncAlg.getParameters()).getAlgorithm().getId();
-
-            PublicKey senderPublicKey = getSenderPublicKey(receiverPrivateKey,
-                info.getOriginator(), prov);
-
-            SecretKey agreedWrapKey = calculateAgreedWrapKey(wrapAlg,
-                senderPublicKey, (PrivateKey)receiverPrivateKey, prov);
-
-            return unwrapSessionKey(wrapAlg, agreedWrapKey, prov);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (InvalidKeySpecException e)
-        {
-            throw new CMSException("originator key spec invalid.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (Exception e)
-        {
-            throw new CMSException("originator key invalid.", e);
-        }
-    }
-
-    /**
-     * decrypt the content and return it
-     * @deprecated use getContentStream(Recipient) method
-     */
-    public CMSTypedStream getContentStream(
-        Key key,
-        String prov)
-        throws CMSException, NoSuchProviderException
-    {
-        return getContentStream(key, CMSUtils.getProvider(prov));
-    }
-
-    /**
-     * decrypt the content and return it
-     * @deprecated use getContentStream(Recipient) method
-     */
-    public CMSTypedStream getContentStream(
-        Key key,
-        Provider prov)
-        throws CMSException
-    {
-        Key sKey = getSessionKey(key, prov);
-
-        return getContentFromSessionKey(sKey, prov);
-    }
-
-    protected RecipientOperator getRecipientOperator(Recipient recipient)
-        throws CMSException, IOException
-    {
-        KeyAgreeRecipient agreeRecipient = (KeyAgreeRecipient)recipient;
-                AlgorithmIdentifier    recKeyAlgId = agreeRecipient.getPrivateKeyAlgorithmIdentifier();
-
-        return ((KeyAgreeRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, getSenderPublicKeyInfo(recKeyAlgId,
-                        info.getOriginator()), info.getUserKeyingMaterial(), encryptedKey.getOctets());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransIntRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransIntRecipientInfoGenerator.java
deleted file mode 100644
index 79c9f18d1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransIntRecipientInfoGenerator.java
+++ /dev/null
@@ -1,118 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.ProviderException;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientIdentifier;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-
-class KeyTransIntRecipientInfoGenerator
-    implements IntRecipientInfoGenerator
-{
-    // TODO Pass recipId, keyEncAlg instead?
-    private TBSCertificateStructure recipientTBSCert;
-    private PublicKey recipientPublicKey;
-    private ASN1OctetString subjectKeyIdentifier;
-
-    // Derived fields
-    private SubjectPublicKeyInfo info;
-
-    KeyTransIntRecipientInfoGenerator()
-    {
-    }
-
-    void setRecipientCert(X509Certificate recipientCert)
-    {
-        this.recipientTBSCert = CMSUtils.getTBSCertificateStructure(recipientCert);
-        this.recipientPublicKey = recipientCert.getPublicKey();
-        this.info = recipientTBSCert.getSubjectPublicKeyInfo();
-    }
-
-    void setRecipientPublicKey(PublicKey recipientPublicKey)
-    {
-        this.recipientPublicKey = recipientPublicKey;
-
-        try
-        {
-            info = SubjectPublicKeyInfo.getInstance(
-                ASN1Object.fromByteArray(recipientPublicKey.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException(
-                    "can't extract key algorithm from this key");
-        }
-    }
-
-    void setSubjectKeyIdentifier(ASN1OctetString subjectKeyIdentifier)
-    {
-        this.subjectKeyIdentifier = subjectKeyIdentifier;
-    }
-
-    public RecipientInfo generate(SecretKey contentEncryptionKey, SecureRandom random,
-            Provider prov) throws GeneralSecurityException
-    {
-        AlgorithmIdentifier keyEncryptionAlgorithm = info.getAlgorithmId();
-
-        byte[] encryptedKeyBytes = null;
-
-        Cipher keyEncryptionCipher = CMSEnvelopedHelper.INSTANCE.createAsymmetricCipher(
-            keyEncryptionAlgorithm.getObjectId().getId(), prov);
-
-        try
-        {
-            keyEncryptionCipher.init(Cipher.WRAP_MODE, recipientPublicKey, random);
-            encryptedKeyBytes = keyEncryptionCipher.wrap(contentEncryptionKey);
-        }
-        catch (GeneralSecurityException e)
-        {
-        }
-        catch (IllegalStateException e)
-        {
-        }
-        catch (UnsupportedOperationException e)
-        {
-        }
-        catch (ProviderException e)   
-        {
-        }
-
-        // some providers do not support WRAP (this appears to be only for asymmetric algorithms) 
-        if (encryptedKeyBytes == null)
-        {
-            keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, recipientPublicKey, random);
-            encryptedKeyBytes = keyEncryptionCipher.doFinal(contentEncryptionKey.getEncoded());
-        }
-
-        RecipientIdentifier recipId;
-        if (recipientTBSCert != null)
-        {
-            IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber(
-                recipientTBSCert.getIssuer(), recipientTBSCert.getSerialNumber().getValue());
-            recipId = new RecipientIdentifier(issuerAndSerial);
-        }
-        else
-        {
-            recipId = new RecipientIdentifier(subjectKeyIdentifier);
-        }
-
-        return new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm,
-            new DEROctetString(encryptedKeyBytes)));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java
deleted file mode 100644
index b61fbbed3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface KeyTransRecipient
-    extends Recipient
-{
-    RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey)
-        throws CMSException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java
deleted file mode 100644
index 19e1f2f31..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.util.Arrays;
-
-public class KeyTransRecipientId
-    extends RecipientId
-{
-    private byte[] subjectKeyId;
-
-    private X500Name issuer;
-    private BigInteger serialNumber;
-
-    /**
-     * Construct a key trans recipient ID with the value of a public key's subjectKeyId.
-     *
-     * @param subjectKeyId a subjectKeyId
-     */
-    public KeyTransRecipientId(byte[] subjectKeyId)
-    {
-        super(keyTrans);
-        super.setSubjectKeyIdentifier(new DEROctetString(subjectKeyId).getDEREncoded());
-
-        this.subjectKeyId = subjectKeyId;
-    }
-
-    /**
-     * Construct a key trans recipient ID based on the issuer and serial number of the recipient's associated
-     * certificate.
-     *
-     * @param issuer the issuer of the recipient's associated certificate.
-     * @param serialNumber the serial number of the recipient's associated certificate.
-     */
-    public KeyTransRecipientId(X500Name issuer, BigInteger serialNumber)
-    {
-        super(keyTrans);
-        this.issuer = issuer;
-        this.serialNumber = serialNumber;
-
-        try
-        {
-            this.setIssuer(issuer.getDEREncoded());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid issuer: " + e.getMessage());
-        }
-        this.setSerialNumber(serialNumber);
-    }
-
-    public int hashCode()
-    {
-        int code = Arrays.hashCode(subjectKeyId);
-
-        if (this.serialNumber != null)
-        {
-            code ^= this.serialNumber.hashCode();
-        }
-
-        if (this.issuer != null)
-        {
-            code ^= this.issuer.hashCode();
-        }
-
-        return code;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof KeyTransRecipientId))
-        {
-            return false;
-        }
-
-        KeyTransRecipientId id = (KeyTransRecipientId)o;
-
-        return Arrays.areEqual(subjectKeyId, id.subjectKeyId)
-            && equalsObj(this.serialNumber, id.serialNumber)
-            && equalsObj(this.issuer, id.issuer);
-    }
-
-    private boolean equalsObj(Object a, Object b)
-    {
-        return (a != null) ? a.equals(b) : b == null;
-    }
-
-    public boolean match(Object obj)
-    {
-        if (obj instanceof X509CertificateHolder)
-        {
-            X509CertificateHolder certHldr = (X509CertificateHolder)obj;
-
-            if (this.getSerialNumber() != null)
-            {
-                IssuerAndSerialNumber iAndS = certHldr.getIssuerAndSerialNumber();
-
-                return iAndS.getName().equals(this.issuer)
-                    && iAndS.getSerialNumber().getValue().equals(this.getSerialNumber());
-            }
-            else if (this.getSubjectKeyIdentifier() != null)
-            {
-                X509Extension ext = certHldr.getExtension(X509Extension.subjectKeyIdentifier);
-
-                if (ext == null)
-                {
-                    Digest dig = new SHA1Digest();
-                    byte[] hash = new byte[dig.getDigestSize()];
-                    byte[] spkiEnc = certHldr.getSubjectPublicKeyInfo().getDEREncoded();
-
-                    // try the outlook 2010 calculation
-                    dig.update(spkiEnc, 0, spkiEnc.length);
-
-                    dig.doFinal(hash, 0);
-
-                    return Arrays.areEqual(subjectKeyId, hash);
-                }
-
-                byte[] subKeyID = ASN1OctetString.getInstance(ext.getParsedValue()).getOctets();
-
-                return Arrays.areEqual(subjectKeyId, subKeyID);
-            }
-        }
-        else if (obj instanceof byte[])
-        {
-            return Arrays.areEqual(subjectKeyId, (byte[])obj);
-        }
-        else if (obj instanceof KeyTransRecipientInformation)
-        {
-            return ((KeyTransRecipientInformation)obj).getRID().equals(this);
-        }
-
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java
deleted file mode 100644
index e576f03f7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientIdentifier;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.operator.AsymmetricKeyWrapper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-
-public abstract class KeyTransRecipientInfoGenerator
-    implements RecipientInfoGenerator
-{
-    protected final AsymmetricKeyWrapper wrapper;
-
-    private IssuerAndSerialNumber issuerAndSerial;
-    private byte[] subjectKeyIdentifier;
-
-    protected KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerial, AsymmetricKeyWrapper wrapper)
-    {
-        this.issuerAndSerial = issuerAndSerial;
-        this.wrapper = wrapper;
-    }
-
-    protected KeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, AsymmetricKeyWrapper wrapper)
-    {
-        this.subjectKeyIdentifier = subjectKeyIdentifier;
-        this.wrapper = wrapper;
-    }
-
-    public final RecipientInfo generate(GenericKey contentEncryptionKey)
-        throws CMSException
-    {
-        byte[] encryptedKeyBytes;
-        try
-        {
-            encryptedKeyBytes = wrapper.generateWrappedKey(contentEncryptionKey);
-        }
-        catch (OperatorException e)
-        {
-            throw new CMSException("exception wrapping content key: " + e.getMessage(), e);
-        }
-
-        RecipientIdentifier recipId;
-        if (issuerAndSerial != null)
-        {
-            recipId = new RecipientIdentifier(issuerAndSerial);
-        }
-        else
-        {
-            recipId = new RecipientIdentifier(new DEROctetString(subjectKeyIdentifier));
-        }
-
-        return new RecipientInfo(new KeyTransRecipientInfo(recipId, wrapper.getAlgorithmIdentifier(),
-            new DEROctetString(encryptedKeyBytes)));
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java
deleted file mode 100644
index eca3c921b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java
+++ /dev/null
@@ -1,172 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.ProviderException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-
-/**
- * the KeyTransRecipientInformation class for a recipient who has been sent a secret
- * key encrypted using their public key that needs to be used to
- * extract the message.
- */
-public class KeyTransRecipientInformation
-    extends RecipientInformation
-{
-    private KeyTransRecipientInfo info;
-
-    KeyTransRecipientInformation(
-        KeyTransRecipientInfo   info,
-        AlgorithmIdentifier     messageAlgorithm,
-        CMSSecureReadable       secureReadable,
-        AuthAttributesProvider  additionalData)
-    {
-        super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData);
-
-        this.info = info;
-
-        RecipientIdentifier r = info.getRecipientIdentifier();
-
-        if (r.isTagged())
-        {
-            ASN1OctetString octs = ASN1OctetString.getInstance(r.getId());
-
-            rid = new KeyTransRecipientId(octs.getOctets());
-        }
-        else
-        {
-            IssuerAndSerialNumber   iAnds = IssuerAndSerialNumber.getInstance(r.getId());
-
-            rid = new KeyTransRecipientId(iAnds.getName(), iAnds.getSerialNumber().getValue());
-        }
-    }
-
-    private String getExchangeEncryptionAlgorithmName(
-        DERObjectIdentifier oid)
-    {
-        if (PKCSObjectIdentifiers.rsaEncryption.equals(oid))
-        {
-            return "RSA/ECB/PKCS1Padding";
-        }
-        
-        return oid.getId();
-    }
-
-    /**
-     * @deprecated
-     */
-    protected Key getSessionKey(Key receiverPrivateKey, Provider prov)
-        throws CMSException
-    {
-        CMSEnvelopedHelper helper = CMSEnvelopedHelper.INSTANCE;
-
-        String keyExchangeAlgorithm = getExchangeEncryptionAlgorithmName(keyEncAlg.getObjectId());
-
-        try
-        {
-            Key sKey = null;
-
-            Cipher keyCipher = helper.createAsymmetricCipher(keyExchangeAlgorithm, prov);
-
-            byte[] encryptedKeyBytes = info.getEncryptedKey().getOctets();
-            String contentAlgorithmName = getContentAlgorithmName();
-
-            try
-            {
-                keyCipher.init(Cipher.UNWRAP_MODE, receiverPrivateKey);
-                sKey = keyCipher.unwrap(encryptedKeyBytes, contentAlgorithmName, Cipher.SECRET_KEY);
-            }
-            catch (GeneralSecurityException e)
-            {
-            }
-            catch (IllegalStateException e)
-            {
-            }
-            catch (UnsupportedOperationException e)
-            {
-            }
-            catch (ProviderException e)   
-            {
-            }
-
-            // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms) 
-            if (sKey == null)
-            {
-                keyCipher.init(Cipher.DECRYPT_MODE, receiverPrivateKey);
-                sKey = new SecretKeySpec(keyCipher.doFinal(encryptedKeyBytes), contentAlgorithmName);
-            }
-
-            return sKey;
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (IllegalBlockSizeException e)
-        {
-            throw new CMSException("illegal blocksize in message.", e);
-        }
-        catch (BadPaddingException e)
-        {
-            throw new CMSException("bad padding in message.", e);
-        }
-    }
-
-    /**
-     * decrypt the content and return it
-     * @deprecated use getContentStream(Recipient) method
-     */
-    public CMSTypedStream getContentStream(
-        Key key,
-        String prov)
-        throws CMSException, NoSuchProviderException
-    {
-        return getContentStream(key, CMSUtils.getProvider(prov));
-    }
-
-    /**
-     * decrypt the content and return it
-     * @deprecated use getContentStream(Recipient) method
-     */
-    public CMSTypedStream getContentStream(
-        Key key,
-        Provider prov)
-        throws CMSException
-    {
-        Key sKey = getSessionKey(key, prov);
-
-        return getContentFromSessionKey(sKey, prov);
-    }
-
-    protected RecipientOperator getRecipientOperator(Recipient recipient)
-        throws CMSException
-    {
-        return ((KeyTransRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, info.getEncryptedKey().getOctets());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/MacOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/MacOutputStream.java
deleted file mode 100644
index 5eab134ed..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/MacOutputStream.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.crypto.Mac;
-
-class MacOutputStream extends OutputStream
-{
-    private final Mac mac;
-
-    MacOutputStream(Mac mac)
-    {
-        this.mac = mac;
-    }
-
-    public void write(byte[] b, int off, int len) throws IOException
-    {
-        mac.update(b, off, len);
-    }
-
-    public void write(int b) throws IOException
-    {
-        mac.update((byte) b);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/NullOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/NullOutputStream.java
deleted file mode 100644
index 03c058a56..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/NullOutputStream.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * 
- */
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-class NullOutputStream
-    extends OutputStream
-{
-    public void write(byte[] buf)
-        throws IOException
-    {
-        // do nothing
-    }
-
-    public void write(byte[] buf, int off, int len)
-        throws IOException
-    {
-        // do nothing
-    }
-    
-    public void write(int b) throws IOException
-    {
-        // do nothing
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/OriginatorId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/OriginatorId.java
deleted file mode 100644
index 0ca2af193..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/OriginatorId.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.util.Arrays;
-
-import java.security.cert.X509CertSelector;
-
-/**
- * a basic index for an originator.
- */
-class OriginatorId
-    extends X509CertSelector
-{
-    public int hashCode()
-    {
-        int code = Arrays.hashCode(this.getSubjectKeyIdentifier());
-
-        if (this.getSerialNumber() != null)
-        {
-            code ^= this.getSerialNumber().hashCode();
-        }
-
-        if (this.getIssuerAsString() != null)
-        {
-            code ^= this.getIssuerAsString().hashCode();
-        }
-
-        return code;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof OriginatorId))
-        {
-            return false;
-        }
-
-        OriginatorId id = (OriginatorId)o;
-
-        return Arrays.areEqual(this.getSubjectKeyIdentifier(), id.getSubjectKeyIdentifier())
-            && equalsObj(this.getSerialNumber(), id.getSerialNumber())
-            && equalsObj(this.getIssuerAsString(), id.getIssuerAsString());
-    }
-
-    private boolean equalsObj(Object a, Object b)
-    {
-        return (a != null) ? a.equals(b) : b == null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java
deleted file mode 100644
index b5be483ea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * PKCS5 scheme-2 - password converted to bytes assuming ASCII.
- */
-public class PKCS5Scheme2PBEKey
-    extends CMSPBEKey
-{
-    public PKCS5Scheme2PBEKey(char[] password, byte[] salt, int iterationCount)
-    {
-        super(password, salt, iterationCount);
-    }
-
-    public PKCS5Scheme2PBEKey(char[] password, AlgorithmParameters pbeParams)
-        throws InvalidAlgorithmParameterException
-    {
-        super(password, getParamSpec(pbeParams));
-    }
-
-    byte[] getEncoded(String algorithmOid)
-    {
-        PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();
-
-        gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(this.getPassword()), this.getSalt(), this.getIterationCount());
-
-        return ((KeyParameter)gen.generateDerivedParameters(CMSEnvelopedHelper.INSTANCE.getKeySize(algorithmOid))).getKey();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java
deleted file mode 100644
index 436ba66d9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * PKCS5 scheme-2 - password converted to bytes using UTF-8.
- */
-public class PKCS5Scheme2UTF8PBEKey
-    extends CMSPBEKey
-{
-    public PKCS5Scheme2UTF8PBEKey(char[] password, byte[] salt, int iterationCount)
-    {
-        super(password, salt, iterationCount);
-    }
-
-    public PKCS5Scheme2UTF8PBEKey(char[] password, AlgorithmParameters pbeParams)
-        throws InvalidAlgorithmParameterException
-    {
-        super(password, getParamSpec(pbeParams));
-    }
-
-    byte[] getEncoded(String algorithmOid)
-    {
-        PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();
-
-        gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(this.getPassword()), this.getSalt(), this.getIterationCount());
-
-        return ((KeyParameter)gen.generateDerivedParameters(CMSEnvelopedHelper.INSTANCE.getKeySize(algorithmOid))).getKey();
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordIntRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordIntRecipientInfoGenerator.java
deleted file mode 100644
index 46ed81f2d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordIntRecipientInfoGenerator.java
+++ /dev/null
@@ -1,65 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-class PasswordIntRecipientInfoGenerator
-    implements IntRecipientInfoGenerator
-{
-    private AlgorithmIdentifier keyDerivationAlgorithm;
-    private SecretKey keyEncryptionKey;
-
-    PasswordIntRecipientInfoGenerator()
-    {
-    }
-
-    void setKeyDerivationAlgorithm(AlgorithmIdentifier keyDerivationAlgorithm)
-    {
-        this.keyDerivationAlgorithm = keyDerivationAlgorithm;
-    }
-
-    void setKeyEncryptionKey(SecretKey keyEncryptionKey)
-    {
-        this.keyEncryptionKey = keyEncryptionKey;
-    }
-
-    public RecipientInfo generate(SecretKey contentEncryptionKey, SecureRandom random,
-            Provider prov) throws GeneralSecurityException
-    {
-        // TODO Consider passing in the wrapAlgorithmOID instead
-
-        CMSEnvelopedHelper helper = CMSEnvelopedHelper.INSTANCE;
-        String wrapAlgName = helper.getRFC3211WrapperName(keyEncryptionKey.getAlgorithm());
-        Cipher keyCipher = helper.createSymmetricCipher(wrapAlgName, prov);        
-        keyCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
-        byte[] encryptedKeyBytes = keyCipher.wrap(contentEncryptionKey);
-
-        ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
-
-
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(new DERObjectIdentifier(keyEncryptionKey.getAlgorithm()));
-        v.add(new DEROctetString(keyCipher.getIV()));
-        AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(
-            PKCSObjectIdentifiers.id_alg_PWRI_KEK, new DERSequence(v));
-
-
-        return new RecipientInfo(new PasswordRecipientInfo(keyDerivationAlgorithm,
-            keyEncryptionAlgorithm, encryptedKey));
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipient.java
deleted file mode 100644
index a7702a679..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipient.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface PasswordRecipient
-    extends Recipient
-{
-    public static final int PKCS5_SCHEME2 = 0;
-    public static final int PKCS5_SCHEME2_UTF8 = 1;
-
-    RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedEncryptedContentKey)
-        throws CMSException;
-
-    int getPasswordConversionScheme();
-
-    char[] getPassword();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java
deleted file mode 100644
index a50934584..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.cms;
-
-public class PasswordRecipientId
-    extends RecipientId
-{
-    /**
-     * Construct a recipient ID of the password type.
-     */
-    public PasswordRecipientId()
-    {
-        super(password);
-    }
-
-    public int hashCode()
-    {
-        return password;
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof PasswordRecipientId))
-        {
-            return false;
-        }
-
-        return true;
-    }
-
-    public boolean match(Object obj)
-    {
-        if (obj instanceof PasswordRecipientInformation)
-        {
-            return true;
-        }
-        
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java
deleted file mode 100644
index 7f0afccf0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.asn1.pkcs.PBKDF2Params;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.operator.GenericKey;
-
-public abstract class PasswordRecipientInfoGenerator
-    implements RecipientInfoGenerator
-{
-    private char[] password;
-    private AlgorithmIdentifier keyDerivationAlgorithm;
-    private ASN1ObjectIdentifier kekAlgorithm;
-    private SecureRandom random;
-    private int schemeID;
-    private int keySize;
-    private int blockSize;
-
-    protected PasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password)
-    {
-        this(kekAlgorithm, password, getKeySize(kekAlgorithm), ((Integer)PasswordRecipientInformation.BLOCKSIZES.get(kekAlgorithm)).intValue());
-    }
-
-    protected PasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password, int keySize, int blockSize)
-    {
-        this.password = password;
-        this.schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8;
-        this.kekAlgorithm = kekAlgorithm;
-        this.keySize = keySize;
-        this.blockSize = blockSize;
-    }
-
-    private static int getKeySize(ASN1ObjectIdentifier kekAlgorithm)
-    {
-        Integer size = (Integer)PasswordRecipientInformation.KEYSIZES.get(kekAlgorithm);
-
-        if (size == null)
-        {
-            throw new IllegalArgumentException("cannot find key size for algorithm: " +  kekAlgorithm);
-        }
-
-        return size.intValue();
-    }
-
-    public PasswordRecipientInfoGenerator setPasswordConversionScheme(int schemeID)
-    {
-        this.schemeID = schemeID;
-
-        return this;
-    }
-
-    public PasswordRecipientInfoGenerator setSaltAndIterationCount(byte[] salt, int iterationCount)
-    {
-        this.keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));
-
-        return this;
-    }
-
-    public PasswordRecipientInfoGenerator setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public RecipientInfo generate(GenericKey contentEncryptionKey)
-        throws CMSException
-    {
-        byte[] iv = new byte[blockSize];     /// TODO: set IV size properly!
-
-        if (random == null)
-        {
-            random = new SecureRandom();
-        }
-        
-        random.nextBytes(iv);
-
-        if (keyDerivationAlgorithm == null)
-        {
-            byte[] salt = new byte[20];
-
-            random.nextBytes(salt);
-
-            keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, 1024));
-        }
-
-        PBKDF2Params params = PBKDF2Params.getInstance(keyDerivationAlgorithm.getParameters());
-        byte[] derivedKey;
-
-        if (schemeID == PasswordRecipient.PKCS5_SCHEME2)
-        {
-            PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();
-
-            gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), params.getSalt(), params.getIterationCount().intValue());
-
-            derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey();
-        }
-        else
-        {
-            PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();
-
-            gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), params.getSalt(), params.getIterationCount().intValue());
-
-            derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey();
-        }
-
-        AlgorithmIdentifier kekAlgorithmId = new AlgorithmIdentifier(kekAlgorithm, new DEROctetString(iv));
-
-        byte[] encryptedKeyBytes = generateEncryptedBytes(kekAlgorithmId, derivedKey, contentEncryptionKey);
-
-        ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
-
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(kekAlgorithm);
-        v.add(new DEROctetString(iv));
-
-        AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(
-            PKCSObjectIdentifiers.id_alg_PWRI_KEK, new DERSequence(v));
-
-        return new RecipientInfo(new PasswordRecipientInfo(keyDerivationAlgorithm,
-            keyEncryptionAlgorithm, encryptedKey));
-    }
-
-    protected abstract byte[] generateEncryptedBytes(AlgorithmIdentifier algorithm, byte[] derivedKey, GenericKey contentEncryptionKey)
-        throws CMSException;
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java
deleted file mode 100644
index b046d7c52..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java
+++ /dev/null
@@ -1,239 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
-import org.bouncycastle.asn1.pkcs.PBKDF2Params;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * the RecipientInfo class for a recipient who has been sent a message
- * encrypted using a password.
- */
-public class PasswordRecipientInformation
-    extends RecipientInformation
-{
-    static Map KEYSIZES = new HashMap();
-    static Map BLOCKSIZES = new HashMap();
-
-    static
-    {
-        BLOCKSIZES.put(CMSAlgorithm.DES_EDE3_CBC,  new Integer(8));
-        BLOCKSIZES.put(CMSAlgorithm.AES128_CBC,  new Integer(16));
-        BLOCKSIZES.put(CMSAlgorithm.AES192_CBC,  new Integer(16));
-        BLOCKSIZES.put(CMSAlgorithm.AES256_CBC,  new Integer(16));
-
-        KEYSIZES.put(CMSAlgorithm.DES_EDE3_CBC,  new Integer(192));
-        KEYSIZES.put(CMSAlgorithm.AES128_CBC,  new Integer(128));
-        KEYSIZES.put(CMSAlgorithm.AES192_CBC,  new Integer(192));
-        KEYSIZES.put(CMSAlgorithm.AES256_CBC,  new Integer(256));
-    }
-
-    private PasswordRecipientInfo info;
-
-    PasswordRecipientInformation(
-        PasswordRecipientInfo   info,
-        AlgorithmIdentifier     messageAlgorithm,
-        CMSSecureReadable       secureReadable,
-        AuthAttributesProvider  additionalData)
-    {
-        super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData);
-
-        this.info = info;
-        this.rid = new PasswordRecipientId();
-    }
-
-    /**
-     * return the object identifier for the key derivation algorithm, or null
-     * if there is none present.
-     *
-     * @return OID for key derivation algorithm, if present.
-     */
-    public String getKeyDerivationAlgOID()
-    {
-        if (info.getKeyDerivationAlgorithm() != null)
-        {
-            return info.getKeyDerivationAlgorithm().getObjectId().getId();
-        }
-
-        return null;
-    }
-
-    /**
-     * return the ASN.1 encoded key derivation algorithm parameters, or null if
-     * there aren't any.
-     * @return ASN.1 encoding of key derivation algorithm parameters.
-     */
-    public byte[] getKeyDerivationAlgParams()
-    {
-        try
-        {
-            if (info.getKeyDerivationAlgorithm() != null)
-            {
-                DEREncodable params = info.getKeyDerivationAlgorithm().getParameters();
-                if (params != null)
-                {
-                    return params.getDERObject().getEncoded();
-                }
-            }
-
-            return null;
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-
-    /**
-     * return an AlgorithmParameters object representing the parameters to the
-     * key derivation algorithm to the recipient.
-     *
-     * @return AlgorithmParameters object, null if there aren't any.
-     */
-    public AlgorithmParameters getKeyDerivationAlgParameters(String provider)
-        throws NoSuchProviderException
-    {
-        return getKeyDerivationAlgParameters(CMSUtils.getProvider(provider));
-    }
-    
-   /**
-     * return an AlgorithmParameters object representing the parameters to the
-     * key derivation algorithm to the recipient.
-     *
-     * @return AlgorithmParameters object, null if there aren't any.
-     */
-    public AlgorithmParameters getKeyDerivationAlgParameters(Provider provider)
-    {
-        try
-        {
-            if (info.getKeyDerivationAlgorithm() != null)
-            {
-                DEREncodable params = info.getKeyDerivationAlgorithm().getParameters();
-                if (params != null)
-                {
-                    AlgorithmParameters algP = AlgorithmParameters.getInstance(info.getKeyDerivationAlgorithm().getObjectId().toString(), provider);
-
-                    algP.init(params.getDERObject().getEncoded());
-
-                    return algP;
-                }
-            }
-
-            return null;
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-
-    /**
-     * decrypt the content and return an input stream.
-     * @deprecated use getContentStream(Recipient)
-     */
-    public CMSTypedStream getContentStream(
-        Key key,
-        String   prov)
-        throws CMSException, NoSuchProviderException
-    {
-        return getContentStream(key, CMSUtils.getProvider(prov));
-    }
-
-    /**
-     * decrypt the content and return an input stream.
-     * @deprecated use getContentStream(Recipient)
-     */
-    public CMSTypedStream getContentStream(
-        Key key,
-        Provider prov)
-        throws CMSException
-    {
-        try
-        {
-            CMSEnvelopedHelper  helper = CMSEnvelopedHelper.INSTANCE;
-            AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm());
-            ASN1Sequence        kekAlgParams = (ASN1Sequence)kekAlg.getParameters();
-            String              kekAlgName = DERObjectIdentifier.getInstance(kekAlgParams.getObjectAt(0)).getId();
-            String              wrapAlgName = helper.getRFC3211WrapperName(kekAlgName);
-
-            Cipher keyCipher = helper.createSymmetricCipher(wrapAlgName, prov);
-            IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(kekAlgParams.getObjectAt(1)).getOctets());
-            keyCipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(((CMSPBEKey)key).getEncoded(kekAlgName), kekAlgName), ivSpec);
-
-            Key sKey = keyCipher.unwrap(info.getEncryptedKey().getOctets(), getContentAlgorithmName(),
-                Cipher.SECRET_KEY);
-
-            return getContentFromSessionKey(sKey, prov);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("invalid iv.", e);
-        }
-    }
-
-    protected RecipientOperator getRecipientOperator(Recipient recipient)
-        throws CMSException, IOException
-    {
-        PasswordRecipient pbeRecipient = (PasswordRecipient)recipient;
-        AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm());
-        ASN1Sequence        kekAlgParams = (ASN1Sequence)kekAlg.getParameters();
-        DERObjectIdentifier kekAlgName = DERObjectIdentifier.getInstance(kekAlgParams.getObjectAt(0));
-        PBKDF2Params        params = PBKDF2Params.getInstance(info.getKeyDerivationAlgorithm().getParameters());
-
-        byte[]              derivedKey;
-        int keySize = ((Integer)KEYSIZES.get(kekAlgName)).intValue();
-
-        if (pbeRecipient.getPasswordConversionScheme() == PasswordRecipient.PKCS5_SCHEME2)
-        {
-            PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();
-
-            gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(pbeRecipient.getPassword()), params.getSalt(), params.getIterationCount().intValue());
-
-            derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey();
-        }
-        else
-        {
-            PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();
-
-            gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeRecipient.getPassword()), params.getSalt(), params.getIterationCount().intValue());
-
-            derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey();
-        }
-        
-        return pbeRecipient.getRecipientOperator(AlgorithmIdentifier.getInstance(kekAlg.getParameters()), messageAlgorithm, derivedKey, info.getEncryptedKey().getOctets());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/Recipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/Recipient.java
deleted file mode 100644
index 88c88a61c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/Recipient.java
+++ /dev/null
@@ -1,5 +0,0 @@
-package org.bouncycastle.cms;
-
-public interface Recipient
-{
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientId.java
deleted file mode 100644
index 33632fddb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientId.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.security.cert.X509CertSelector;
-
-import org.bouncycastle.util.Selector;
-
-public abstract class RecipientId
-    extends X509CertSelector
-    implements Selector
-{
-    public static final int keyTrans = 0;
-    public static final int kek = 1;
-    public static final int keyAgree = 2;
-    public static final int password = 3;
-
-    private final int type;
-
-    protected RecipientId(int type)
-    {
-        this.type = type;
-    }
-
-    /**
-     * Return the type code for this recipient ID.
-     *
-     * @return one of keyTrans, kek, keyAgree, password
-     */
-    public int getType()
-    {
-        return type;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java
deleted file mode 100644
index 6ab41d35a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.cms.RecipientInfo;
-import org.bouncycastle.operator.GenericKey;
-
-public interface RecipientInfoGenerator
-{
-    RecipientInfo generate(GenericKey contentEncryptionKey)
-        throws CMSException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformation.java
deleted file mode 100644
index 6d7534f6f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformation.java
+++ /dev/null
@@ -1,311 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.util.io.Streams;
-
-public abstract class RecipientInformation
-{
-    protected RecipientId rid;
-    protected AlgorithmIdentifier   keyEncAlg;
-    protected AlgorithmIdentifier messageAlgorithm;
-    private CMSSecureReadable     secureReadable;
-
-    private AuthAttributesProvider additionalData;
-
-    private byte[] resultMac;
-    private RecipientOperator     operator;
-
-    RecipientInformation(
-        AlgorithmIdentifier     keyEncAlg,
-        AlgorithmIdentifier     messageAlgorithm,
-        CMSSecureReadable       secureReadable,
-        AuthAttributesProvider  additionalData)
-    {
-        this.keyEncAlg = keyEncAlg;
-        this.messageAlgorithm = messageAlgorithm;
-        this.secureReadable = secureReadable;
-        this.additionalData = additionalData;
-    }
-
-    String getContentAlgorithmName()
-    {
-        AlgorithmIdentifier algorithm = secureReadable.getAlgorithm();
-        return CMSEnvelopedHelper.INSTANCE.getSymmetricCipherName(algorithm.getObjectId().getId());
-    }
-
-    public RecipientId getRID()
-    {
-        return rid;
-    }
-
-    private byte[] encodeObj(
-        DEREncodable obj)
-        throws IOException
-    {
-        if (obj != null)
-        {
-            return obj.getDERObject().getEncoded();
-        }
-
-        return null;
-    }
-
-    /**
-     * return the object identifier for the key encryption algorithm.
-     *
-     * @return OID for key encryption algorithm.
-     */
-    public String getKeyEncryptionAlgOID()
-    {
-        return keyEncAlg.getObjectId().getId();
-    }
-
-    /**
-     * return the ASN.1 encoded key encryption algorithm parameters, or null if
-     * there aren't any.
-     *
-     * @return ASN.1 encoding of key encryption algorithm parameters.
-     */
-    public byte[] getKeyEncryptionAlgParams()
-    {
-        try
-        {
-            return encodeObj(keyEncAlg.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the key this recipient holds.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws CMSException            if the algorithm cannot be found, or the parameters can't be parsed.
-     * @throws NoSuchProviderException if the provider cannot be found.
-     */
-    public AlgorithmParameters getKeyEncryptionAlgorithmParameters(
-        String provider)
-        throws CMSException, NoSuchProviderException
-    {
-        return getKeyEncryptionAlgorithmParameters(CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * Return an AlgorithmParameters object giving the encryption parameters
-     * used to encrypt the key this recipient holds.
-     *
-     * @param provider the provider to generate the parameters for.
-     * @return the parameters object, null if there is not one.
-     * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed.
-     */
-    public AlgorithmParameters getKeyEncryptionAlgorithmParameters(
-        Provider provider)
-        throws CMSException
-    {
-        try
-        {
-            byte[] enc = this.encodeObj(keyEncAlg.getParameters());
-            if (enc == null)
-            {
-                return null;
-            }
-
-            AlgorithmParameters params = CMSEnvelopedHelper.INSTANCE.createAlgorithmParameters(getKeyEncryptionAlgOID(), provider);
-
-            params.init(enc, "ASN.1");
-
-            return params;
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find parameters for algorithm", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("can't find parse parameters", e);
-        }
-    }
-
-    protected CMSTypedStream getContentFromSessionKey(
-        Key sKey,
-        Provider provider)
-        throws CMSException
-    {
-        CMSReadable readable = secureReadable.getReadable((SecretKey)sKey, provider); 
-
-        try
-        {
-            return new CMSTypedStream(readable.getInputStream());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("error getting .", e);
-        }
-    }
-
-    /**
-     * @deprecated use getContent(Recipient)
-     */
-    public byte[] getContent(
-        Key key,
-        String provider)
-        throws CMSException, NoSuchProviderException
-    {
-        return getContent(key, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * @deprecated use getContent(Recipient)
-     */
-    public byte[] getContent(
-        Key key,
-        Provider provider)
-        throws CMSException
-    {
-        try
-        {
-            return CMSUtils.streamToByteArray(getContentStream(key, provider).getContentStream());
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("unable to parse internal stream: " + e);
-        }
-    }
-
-    /**
-     * Return the content digest calculated during the read of the content if one has been generated. This will
-     * only happen if we are dealing with authenticated data and authenticated attributes are present.
-     *
-     * @return byte array containing the digest.
-     */
-    public byte[] getContentDigest()
-    {
-        if (secureReadable instanceof CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable)
-        {
-            return ((CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable)secureReadable).getDigest();
-        }
-
-        return null;
-    }
-
-    /**
-     * Return the MAC calculated for the recipient. Note: this call is only meaningful once all
-     * the content has been read.
-     *
-     * @return  byte array containing the mac.
-     */
-    public byte[] getMac()
-    {
-        if (resultMac == null)
-        {
-            if (operator != null)
-            {
-                if (operator.isMacBased())
-                {
-                    if (additionalData != null)
-                    {
-                        try
-                        {
-                            Streams.drain(operator.getInputStream(new ByteArrayInputStream(additionalData.getAuthAttributes().getDEREncoded())));
-                        }
-                        catch (IOException e)
-                        {
-                            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
-                        }
-                    }
-                    resultMac = operator.getMac();
-                }
-            }
-            else
-            {
-                Object cryptoObject = secureReadable.getCryptoObject();
-                if (cryptoObject instanceof Mac)
-                {
-                    resultMac = ((Mac)cryptoObject).doFinal();
-                }
-            }
-        }
-
-        return resultMac;
-    }
-
-    /**
-     * Return the decrypted/encapsulated content in the EnvelopedData after recovering the content
-     * encryption/MAC key using the passed in Recipient.
-     *
-     * @param recipient recipient object to use to recover content encryption key
-     * @return  the content inside the EnvelopedData this RecipientInformation is associated with.
-     * @throws CMSException if the content-encryption/MAC key cannot be recovered.
-     */
-    public byte[] getContent(
-        Recipient recipient)
-        throws CMSException
-    {
-        try
-        {
-            return CMSUtils.streamToByteArray(getContentStream(recipient).getContentStream());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("unable to parse internal stream: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * decrypt the content and return it
-     * @deprecated use getContentStream(Recipient) method
-     */
-    public CMSTypedStream getContentStream(Key key, String provider)
-        throws CMSException, NoSuchProviderException
-    {
-        return getContentStream(key, CMSUtils.getProvider(provider));
-    }
-
-    /**
-     * decrypt the content and return it
-     * @deprecated use getContentStream(Recipient) method
-     */
-    public abstract CMSTypedStream getContentStream(Key key, Provider provider)
-        throws CMSException;
-
-
-    /**
-     * Return a CMSTypedStream representing the content in the EnvelopedData after recovering the content
-     * encryption/MAC key using the passed in Recipient.
-     *
-     * @param recipient recipient object to use to recover content encryption key
-     * @return  the content inside the EnvelopedData this RecipientInformation is associated with.
-     * @throws CMSException if the content-encryption/MAC key cannot be recovered.
-     */
-    public CMSTypedStream getContentStream(Recipient recipient)
-        throws CMSException, IOException
-    {
-        operator = getRecipientOperator(recipient);
-
-        if (additionalData != null)
-        {
-            return new CMSTypedStream(secureReadable.getInputStream());
-        }
-
-        return new CMSTypedStream(operator.getInputStream(secureReadable.getInputStream()));
-    }
-
-    protected abstract RecipientOperator getRecipientOperator(Recipient recipient)
-        throws CMSException, IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java
deleted file mode 100644
index 7ad2668f7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-public class RecipientInformationStore
-{
-    private final List      all; //ArrayList[RecipientInformation]
-    private final Map       table = new HashMap(); // HashMap[RecipientID, ArrayList[RecipientInformation]]
-
-    public RecipientInformationStore(
-        Collection  recipientInfos)
-    {
-        Iterator it = recipientInfos.iterator();
-
-        while (it.hasNext())
-        {
-            RecipientInformation recipientInformation = (RecipientInformation)it.next();
-            RecipientId rid = recipientInformation.getRID();
-
-            List list = (ArrayList)table.get(rid);
-            if (list == null)
-            {
-                list = new ArrayList(1);
-                table.put(rid, list);
-            }
-
-            list.add(recipientInformation);
-        }
-
-        this.all = new ArrayList(recipientInfos);
-    }
-
-    /**
-     * Return the first RecipientInformation object that matches the
-     * passed in selector. Null if there are no matches.
-     *
-     * @param selector to identify a recipient
-     * @return a single RecipientInformation object. Null if none matches.
-     */
-    public RecipientInformation get(
-        RecipientId selector)
-    {
-        List list = (ArrayList)table.get(selector);
-
-        return list == null ? null : (RecipientInformation) list.get(0);
-    }
-
-    /**
-     * Return the number of recipients in the collection.
-     *
-     * @return number of recipients identified.
-     */
-    public int size()
-    {
-        return all.size();
-    }
-
-    /**
-     * Return all recipients in the collection
-     *
-     * @return a collection of recipients.
-     */
-    public Collection getRecipients()
-    {
-        return new ArrayList(all);
-    }
-
-    /**
-     * Return possible empty collection with recipients matching the passed in RecipientId
-     *
-     * @param selector a recipient id to select against.
-     * @return a collection of RecipientInformation objects.
-     */
-    public Collection getRecipients(
-        RecipientId selector)
-    {
-        List list = (ArrayList)table.get(selector);
-
-        return list == null ? new ArrayList() : new ArrayList(list);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientOperator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientOperator.java
deleted file mode 100644
index 7b3e3e588..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/RecipientOperator.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.InputDecryptor;
-import org.bouncycastle.operator.MacCalculator;
-import org.bouncycastle.util.io.TeeInputStream;
-
-public class RecipientOperator
-{
-    private final AlgorithmIdentifier algorithmIdentifier;
-    private final Object operator;
-
-    public RecipientOperator(InputDecryptor decryptor)
-    {
-        this.algorithmIdentifier = decryptor.getAlgorithmIdentifier();
-        this.operator = decryptor;
-    }
-
-    public RecipientOperator(MacCalculator macCalculator)
-    {
-        this.algorithmIdentifier = macCalculator.getAlgorithmIdentifier();
-        this.operator = macCalculator;
-    }
-
-    public InputStream getInputStream(InputStream dataIn)
-    {
-        if (operator instanceof InputDecryptor)
-        {
-            return ((InputDecryptor)operator).getInputStream(dataIn);
-        }
-        else
-        {
-            return new TeeInputStream(dataIn, ((MacCalculator)operator).getOutputStream());
-        }
-    }
-
-    public boolean isMacBased()
-    {
-        return operator instanceof MacCalculator;
-    }
-
-    public byte[] getMac()
-    {
-        return ((MacCalculator)operator).getMac();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SigOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SigOutputStream.java
deleted file mode 100644
index 7d69f2b89..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SigOutputStream.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.Signature;
-import java.security.SignatureException;
-
-class SigOutputStream extends OutputStream
-{
-    private final Signature sig;
-
-    SigOutputStream(Signature sig)
-    {
-        this.sig = sig;
-    }
-
-    public void write(byte[] b, int off, int len) throws IOException
-    {
-        try
-        {
-            sig.update(b, off, len);
-        }
-        catch (SignatureException e)
-        {
-            throw new CMSStreamException("signature problem: " + e, e);
-        }
-    }
-
-    public void write(int b) throws IOException
-    {
-        try
-        {
-            sig.update((byte) b);
-        }
-        catch (SignatureException e)
-        {
-            throw new CMSStreamException("signature problem: " + e, e);
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerId.java
deleted file mode 100644
index da2be9460..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerId.java
+++ /dev/null
@@ -1,156 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.X509CertSelector;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-
-/**
- * a basic index for a signer.
- */
-public class SignerId
-    extends X509CertSelector
-    implements Selector
-{
-    private byte[] subjectKeyId;
-
-    private X500Name issuer;
-    private BigInteger serialNumber;
-
-    /**
-     * @deprecated use specific constructor.
-     */
-    public SignerId()
-    {
-
-    }
-
-    /**
-     * Construct a signer ID with the value of a public key's subjectKeyId.
-     *
-     * @param subjectKeyId a subjectKeyId
-     */
-    public SignerId(byte[] subjectKeyId)
-    {
-        super.setSubjectKeyIdentifier(new DEROctetString(subjectKeyId).getDEREncoded());
-
-        this.subjectKeyId = subjectKeyId;
-    }
-
-    /**
-     * Construct a signer ID based on the issuer and serial number of the signer's associated
-     * certificate.
-     *
-     * @param issuer the issuer of the signer's associated certificate.
-     * @param serialNumber the serial number of the signer's associated certificate.
-     */
-    public SignerId(X500Name issuer, BigInteger serialNumber)
-    {
-        this.issuer = issuer;
-        this.serialNumber = serialNumber;
-        try
-        {
-            this.setIssuer(issuer.getDEREncoded());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid issuer: " + e.getMessage());
-        }
-        this.setSerialNumber(serialNumber);
-    }
-
-    public int hashCode()
-    {
-        int code = Arrays.hashCode(subjectKeyId);
-
-        if (this.serialNumber != null)
-        {
-            code ^= this.serialNumber.hashCode();
-        }
-
-        if (this.issuer != null)
-        {
-            code ^= this.issuer.hashCode();
-        }
-
-        return code;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof SignerId))
-        {
-            return false;
-        }
-
-        SignerId id = (SignerId)o;
-
-        return Arrays.areEqual(subjectKeyId, id.subjectKeyId)
-            && equalsObj(this.serialNumber, id.serialNumber)
-            && equalsObj(this.issuer, id.issuer);
-    }
-
-    private boolean equalsObj(Object a, Object b)
-    {
-        return (a != null) ? a.equals(b) : b == null;
-    }
-
-    public boolean match(Object obj)
-    {
-        if (obj instanceof X509CertificateHolder)
-        {
-            X509CertificateHolder certHldr = (X509CertificateHolder)obj;
-
-            if (this.getSerialNumber() != null)
-            {
-                IssuerAndSerialNumber iAndS = certHldr.getIssuerAndSerialNumber();
-
-                return iAndS.getName().equals(this.issuer)
-                    && iAndS.getSerialNumber().getValue().equals(this.serialNumber);
-            }
-            else if (this.getSubjectKeyIdentifier() != null)
-            {
-                X509Extension ext = certHldr.getExtension(X509Extension.subjectKeyIdentifier);
-
-                if (ext == null)
-                {
-                    Digest dig = new SHA1Digest();
-                    byte[] hash = new byte[dig.getDigestSize()];
-                    byte[] spkiEnc = certHldr.getSubjectPublicKeyInfo().getDEREncoded();
-
-                    // try the outlook 2010 calculation
-                    dig.update(spkiEnc, 0, spkiEnc.length);
-
-                    dig.doFinal(hash, 0);
-
-                    return Arrays.areEqual(subjectKeyId, hash);
-                }
-
-                byte[] subKeyID = ASN1OctetString.getInstance(ext.getParsedValue()).getOctets();
-
-                return Arrays.areEqual(subjectKeyId, subKeyID);
-            }
-        }
-        else if (obj instanceof byte[])
-        {
-            return Arrays.areEqual(subjectKeyId, (byte[])obj);
-        }
-        else if (obj instanceof SignerInformation)
-        {
-            return ((SignerInformation)obj).getSID().equals(this);
-        }
-
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
deleted file mode 100644
index fbb7ab45b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
+++ /dev/null
@@ -1,312 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.SignerIdentifier;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.io.TeeOutputStream;
-
-public class SignerInfoGenerator
-{
-    private static final Set RSA_PKCS1d5 = new HashSet();
-
-    static
-    {
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.md5WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption);
-        RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA);
-        RSA_PKCS1d5.add(OIWObjectIdentifiers.md5WithRSA);
-        RSA_PKCS1d5.add(OIWObjectIdentifiers.sha1WithRSA);
-        RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-    }
-
-    private final SignerIdentifier signerIdentifier;
-    private final CMSAttributeTableGenerator sAttrGen;
-    private final CMSAttributeTableGenerator unsAttrGen;
-    private final ContentSigner signer;
-    private final DigestCalculator digester;
-    private final DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
-    private byte[] calculatedDigest = null;
-    private X509CertificateHolder certHolder;
-
-    public SignerInfoGenerator(
-        SignerIdentifier signerIdentifier,
-        ContentSigner signer,
-        DigestCalculatorProvider digesterProvider)
-        throws OperatorCreationException
-    {
-        this(signerIdentifier, signer, digesterProvider, false);
-    }
-
-    public SignerInfoGenerator(
-        SignerIdentifier signerIdentifier,
-        ContentSigner signer,
-        DigestCalculatorProvider digesterProvider,
-        boolean isDirectSignature)
-        throws OperatorCreationException
-    {
-        this.signerIdentifier = signerIdentifier;
-        this.signer = signer;
-
-        if (digesterProvider != null)
-        {
-            this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier()));
-        }
-        else
-        {
-            this.digester = null;
-        }
-
-        if (isDirectSignature)
-        {
-            this.sAttrGen = null;
-            this.unsAttrGen = null;
-        }
-        else
-        {
-            this.sAttrGen = new DefaultSignedAttributeTableGenerator();
-            this.unsAttrGen = null;
-        }
-    }
-
-    public SignerInfoGenerator(
-        SignerInfoGenerator original,
-        CMSAttributeTableGenerator sAttrGen,
-        CMSAttributeTableGenerator unsAttrGen)
-    {
-        this.signerIdentifier = original.signerIdentifier;
-        this.signer = original.signer;
-        this.digester = original.digester;
-        this.sAttrGen = sAttrGen;
-        this.unsAttrGen = unsAttrGen;
-    }
-
-    public SignerInfoGenerator(
-        SignerIdentifier signerIdentifier,
-        ContentSigner signer,
-        DigestCalculatorProvider digesterProvider,
-        CMSAttributeTableGenerator sAttrGen,
-        CMSAttributeTableGenerator unsAttrGen)
-        throws OperatorCreationException
-    {
-        this.signerIdentifier = signerIdentifier;
-        this.signer = signer;
-
-        if (digesterProvider != null)
-        {
-            this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier()));
-        }
-        else
-        {
-            this.digester = null;
-        }
-
-        this.sAttrGen = sAttrGen;
-        this.unsAttrGen = unsAttrGen;
-    }
-
-    public boolean hasAssociatedCertificate()
-    {
-        return certHolder != null;
-    }
-
-    public X509CertificateHolder getAssociatedCertificate()
-    {
-        return certHolder;
-    }
-    
-    public AlgorithmIdentifier getDigestAlgorithm()
-    {
-        if (digester != null)
-        {
-            return digester.getAlgorithmIdentifier();
-        }
-
-        return digAlgFinder.find(signer.getAlgorithmIdentifier());
-    }
-    
-    public OutputStream getCalculatingOutputStream()
-    {
-        if (digester != null)
-        {
-            if (sAttrGen == null)
-            {
-                return new TeeOutputStream(digester.getOutputStream(), signer.getOutputStream());    
-            }
-            return digester.getOutputStream();
-        }
-        else
-        {
-            return signer.getOutputStream();
-        }
-    }
-
-    public SignerInfo generate(ASN1ObjectIdentifier contentType)
-        throws CMSException
-    {
-        try
-        {
-            /* RFC 3852 5.4
-             * The result of the message digest calculation process depends on
-             * whether the signedAttrs field is present.  When the field is absent,
-             * the result is just the message digest of the content as described
-             *
-             * above.  When the field is present, however, the result is the message
-             * digest of the complete DER encoding of the SignedAttrs value
-             * contained in the signedAttrs field.
-             */
-            ASN1Set signedAttr = null;
-
-            AlgorithmIdentifier digestAlg = null;
-
-            if (sAttrGen != null)
-            {
-                digestAlg = digester.getAlgorithmIdentifier();
-                calculatedDigest = digester.getDigest();
-                Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), calculatedDigest);
-                AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
-
-                signedAttr = getAttributeSet(signed);
-
-                // sig must be composed from the DER encoding.
-                OutputStream sOut = signer.getOutputStream();
-
-                sOut.write(signedAttr.getEncoded(ASN1Encodable.DER));
-
-                sOut.close();
-            }
-            else
-            {
-                if (digester != null)
-                {
-                    digestAlg = digester.getAlgorithmIdentifier();
-                    calculatedDigest = digester.getDigest();
-                }
-                else
-                {
-                    digestAlg = digAlgFinder.find(signer.getAlgorithmIdentifier());
-                    calculatedDigest = null;
-                }
-            }
-
-            byte[] sigBytes = signer.getSignature();
-
-            ASN1Set unsignedAttr = null;
-            if (unsAttrGen != null)
-            {
-                Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest);
-                parameters.put(CMSAttributeTableGenerator.SIGNATURE, sigBytes.clone());
-
-                AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
-
-                unsignedAttr = getAttributeSet(unsigned);
-            }
-
-            AlgorithmIdentifier digestEncryptionAlgorithm = getSignatureAlgorithm(signer.getAlgorithmIdentifier());
-
-            return new SignerInfo(signerIdentifier, digestAlg,
-                signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("encoding error.", e);
-        }
-    }
-
-    void setAssociatedCertificate(X509CertificateHolder certHolder)
-    {
-        this.certHolder = certHolder;
-    }
-
-    private ASN1Set getAttributeSet(
-        AttributeTable attr)
-    {
-        if (attr != null)
-        {
-            return new DERSet(attr.toASN1EncodableVector());
-        }
-
-        return null;
-    }
-
-    private Map getBaseParameters(DERObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash)
-    {
-        Map param = new HashMap();
-
-        if (contentType != null)
-        {
-            param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType);
-        }
-
-        param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId);
-        param.put(CMSAttributeTableGenerator.DIGEST,  hash.clone());
-        return param;
-    }
-
-    private AlgorithmIdentifier getSignatureAlgorithm(AlgorithmIdentifier sigAlgID)
-        throws IOException
-    {
-        // RFC3370 section 3.2
-        if (RSA_PKCS1d5.contains(sigAlgID.getAlgorithm()))
-        {
-            return new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
-        }
-
-        return sigAlgID;
-    }
-
-    public byte[] getCalculatedDigest()
-    {
-        if (calculatedDigest != null)
-        {
-            return (byte[])calculatedDigest.clone();
-        }
-
-        return null;
-    }
-
-    public CMSAttributeTableGenerator getSignedAttributeTableGenerator()
-    {
-        return sAttrGen;
-    }
-
-    public CMSAttributeTableGenerator getUnsignedAttributeTableGenerator()
-    {
-        return unsAttrGen;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java
deleted file mode 100644
index b75eea3f6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cms.SignerIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class SignerInfoGeneratorBuilder
-{
-    private DigestCalculatorProvider digestProvider;
-    private boolean directSignature;
-    private CMSAttributeTableGenerator signedGen;
-    private CMSAttributeTableGenerator unsignedGen;
-
-    public SignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider)
-    {
-        this.digestProvider = digestProvider;
-    }
-
-    /**
-     * If the passed in flag is true, the signer signature will be based on the data, not
-     * a collection of signed attributes, and no signed attributes will be included.
-     *
-     * @return the builder object
-     */
-    public SignerInfoGeneratorBuilder setDirectSignature(boolean hasNoSignedAttributes)
-    {
-        this.directSignature = hasNoSignedAttributes;
-
-        return this;
-    }
-
-    public SignerInfoGeneratorBuilder setSignedAttributeGenerator(CMSAttributeTableGenerator signedGen)
-    {
-        this.signedGen = signedGen;
-
-        return this;
-    }
-
-    public SignerInfoGeneratorBuilder setUnsignedAttributeGenerator(CMSAttributeTableGenerator unsignedGen)
-    {
-        this.unsignedGen = unsignedGen;
-
-        return this;
-    }
-
-    public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder)
-        throws OperatorCreationException
-    {
-        SignerIdentifier sigId = new SignerIdentifier(certHolder.getIssuerAndSerialNumber());
-
-        SignerInfoGenerator sigInfoGen = createGenerator(contentSigner, sigId);
-
-        sigInfoGen.setAssociatedCertificate(certHolder);
-
-        return sigInfoGen;
-    }
-
-    public SignerInfoGenerator build(ContentSigner contentSigner, byte[] keyIdentifier)
-        throws OperatorCreationException
-    {
-        SignerIdentifier sigId = new SignerIdentifier(new DEROctetString(keyIdentifier));
-
-        return createGenerator(contentSigner, sigId);
-    }
-
-    private SignerInfoGenerator createGenerator(ContentSigner contentSigner, SignerIdentifier sigId)
-        throws OperatorCreationException
-    {
-        if (directSignature)
-        {
-            return new SignerInfoGenerator(sigId, contentSigner, digestProvider, true);
-        }
-
-        if (signedGen != null || unsignedGen != null)
-        {
-            if (signedGen == null)
-            {
-                signedGen = new DefaultSignedAttributeTableGenerator();
-            }
-
-            return new SignerInfoGenerator(sigId, contentSigner, digestProvider, signedGen, unsignedGen);
-        }
-        
-        return new SignerInfoGenerator(sigId, contentSigner, digestProvider);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformation.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformation.java
deleted file mode 100644
index 5b943c69b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformation.java
+++ /dev/null
@@ -1,1122 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.crypto.Cipher;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTags;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.cms.SignerIdentifier;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.cms.Time;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DigestInfo;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.RawContentVerifier;
-import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.util.Arrays;
-
-/**
- * an expanded SignerInfo block from a CMS Signed message
- */
-public class SignerInformation
-{
-    private SignerId                sid;
-    private SignerInfo              info;
-    private AlgorithmIdentifier     digestAlgorithm;
-    private AlgorithmIdentifier     encryptionAlgorithm;
-    private final ASN1Set           signedAttributeSet;
-    private final ASN1Set           unsignedAttributeSet;
-    private CMSProcessable          content;
-    private byte[]                  signature;
-    private ASN1ObjectIdentifier    contentType;
-    private IntDigestCalculator     digestCalculator;
-    private byte[]                  resultDigest;
-    private SignatureAlgorithmIdentifierFinder sigAlgFinder;
-
-    // Derived
-    private AttributeTable          signedAttributeValues;
-    private AttributeTable          unsignedAttributeValues;
-    private boolean                 isCounterSignature;
-
-    SignerInformation(
-        SignerInfo          info,
-        ASN1ObjectIdentifier contentType,
-        CMSProcessable      content,
-        IntDigestCalculator digestCalculator,
-        SignatureAlgorithmIdentifierFinder sigAlgFinder)
-    {
-        this.info = info;
-        this.contentType = contentType;
-        this.sigAlgFinder = sigAlgFinder;
-        this.isCounterSignature = contentType == null;
-
-        SignerIdentifier   s = info.getSID();
-
-        if (s.isTagged())
-        {
-            ASN1OctetString octs = ASN1OctetString.getInstance(s.getId());
-
-            sid = new SignerId(octs.getOctets());
-        }
-        else
-        {
-            IssuerAndSerialNumber   iAnds = IssuerAndSerialNumber.getInstance(s.getId());
-
-            sid = new SignerId(iAnds.getName(), iAnds.getSerialNumber().getValue());
-        }
-
-        this.digestAlgorithm = info.getDigestAlgorithm();
-        this.signedAttributeSet = info.getAuthenticatedAttributes();
-        this.unsignedAttributeSet = info.getUnauthenticatedAttributes();
-        this.encryptionAlgorithm = info.getDigestEncryptionAlgorithm();
-        this.signature = info.getEncryptedDigest().getOctets();
-
-        this.content = content;
-        this.digestCalculator = digestCalculator;
-    }
-
-    public boolean isCounterSignature()
-    {
-        return isCounterSignature;
-    }
-
-    public ASN1ObjectIdentifier getContentType()
-    {
-        return this.contentType;
-    }
-
-    private byte[] encodeObj(
-        DEREncodable    obj)
-        throws IOException
-    {
-        if (obj != null)
-        {
-            return obj.getDERObject().getEncoded();
-        }
-
-        return null;
-    }
-
-    public SignerId getSID()
-    {
-        return sid;
-    }
-
-    /**
-     * return the version number for this objects underlying SignerInfo structure.
-     */
-    public int getVersion()
-    {
-        return info.getVersion().getValue().intValue();
-    }
-
-    public AlgorithmIdentifier getDigestAlgorithmID()
-    {
-        return digestAlgorithm;
-    }
-
-    /**
-     * return the object identifier for the signature.
-     */
-    public String getDigestAlgOID()
-    {
-        return digestAlgorithm.getObjectId().getId();
-    }
-
-    /**
-     * return the signature parameters, or null if there aren't any.
-     */
-    public byte[] getDigestAlgParams()
-    {
-        try
-        {
-            return encodeObj(digestAlgorithm.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting digest parameters " + e);
-        }
-    }
-
-    /**
-     * return the content digest that was calculated during verification.
-     */
-    public byte[] getContentDigest()
-    {
-        if (resultDigest == null)
-        {
-            throw new IllegalStateException("method can only be called after verify.");
-        }
-        
-        return (byte[])resultDigest.clone();
-    }
-    
-    /**
-     * return the object identifier for the signature.
-     */
-    public String getEncryptionAlgOID()
-    {
-        return encryptionAlgorithm.getObjectId().getId();
-    }
-
-    /**
-     * return the signature/encryption algorithm parameters, or null if
-     * there aren't any.
-     */
-    public byte[] getEncryptionAlgParams()
-    {
-        try
-        {
-            return encodeObj(encryptionAlgorithm.getParameters());
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("exception getting encryption parameters " + e);
-        }
-    }  
-
-    /**
-     * return a table of the signed attributes - indexed by
-     * the OID of the attribute.
-     */
-    public AttributeTable getSignedAttributes()
-    {
-        if (signedAttributeSet != null && signedAttributeValues == null)
-        {
-            signedAttributeValues = new AttributeTable(signedAttributeSet);
-        }
-
-        return signedAttributeValues;
-    }
-
-    /**
-     * return a table of the unsigned attributes indexed by
-     * the OID of the attribute.
-     */
-    public AttributeTable getUnsignedAttributes()
-    {
-        if (unsignedAttributeSet != null && unsignedAttributeValues == null)
-        {
-            unsignedAttributeValues = new AttributeTable(unsignedAttributeSet);
-        }
-
-        return unsignedAttributeValues;
-    }
-
-    /**
-     * return the encoded signature
-     */
-    public byte[] getSignature()
-    {
-        return (byte[])signature.clone();
-    }
-
-    /**
-     * Return a SignerInformationStore containing the counter signatures attached to this
-     * signer. If no counter signatures are present an empty store is returned.
-     */
-    public SignerInformationStore getCounterSignatures()
-    {
-        // TODO There are several checks implied by the RFC3852 comments that are missing
-
-        /*
-        The countersignature attribute MUST be an unsigned attribute; it MUST
-        NOT be a signed attribute, an authenticated attribute, an
-        unauthenticated attribute, or an unprotected attribute.
-        */        
-        AttributeTable unsignedAttributeTable = getUnsignedAttributes();
-        if (unsignedAttributeTable == null)
-        {
-            return new SignerInformationStore(new ArrayList(0));
-        }
-
-        List counterSignatures = new ArrayList();
-
-        /*
-        The UnsignedAttributes syntax is defined as a SET OF Attributes.  The
-        UnsignedAttributes in a signerInfo may include multiple instances of
-        the countersignature attribute.
-        */
-        ASN1EncodableVector allCSAttrs = unsignedAttributeTable.getAll(CMSAttributes.counterSignature);
-
-        for (int i = 0; i < allCSAttrs.size(); ++i)
-        {
-            Attribute counterSignatureAttribute = (Attribute)allCSAttrs.get(i);            
-
-            /*
-            A countersignature attribute can have multiple attribute values.  The
-            syntax is defined as a SET OF AttributeValue, and there MUST be one
-            or more instances of AttributeValue present.
-            */
-            ASN1Set values = counterSignatureAttribute.getAttrValues();
-            if (values.size() < 1)
-            {
-                // TODO Throw an appropriate exception?
-            }
-
-            for (Enumeration en = values.getObjects(); en.hasMoreElements();)
-            {
-                /*
-                Countersignature values have the same meaning as SignerInfo values
-                for ordinary signatures, except that:
-
-                   1. The signedAttributes field MUST NOT contain a content-type
-                      attribute; there is no content type for countersignatures.
-
-                   2. The signedAttributes field MUST contain a message-digest
-                      attribute if it contains any other attributes.
-
-                   3. The input to the message-digesting process is the contents
-                      octets of the DER encoding of the signatureValue field of the
-                      SignerInfo value with which the attribute is associated.
-                */
-                SignerInfo si = SignerInfo.getInstance(en.nextElement());
-
-                String          digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(si.getDigestAlgorithm().getObjectId().getId());
-                
-                counterSignatures.add(new SignerInformation(si, null, null, new CounterSignatureDigestCalculator(digestName, null, getSignature()), new DefaultSignatureAlgorithmIdentifierFinder()));
-            }
-        }
-
-        return new SignerInformationStore(counterSignatures);
-    }
-    
-    /**
-     * return the DER encoding of the signed attributes.
-     * @throws IOException if an encoding error occurs.
-     */
-    public byte[] getEncodedSignedAttributes()
-        throws IOException
-    {
-        if (signedAttributeSet != null)
-        {
-            return signedAttributeSet.getEncoded(ASN1Encodable.DER);
-        }
-
-        return null;
-    }
-
-    /**
-     * @deprecated
-     */
-    private boolean doVerify(
-        PublicKey       key,
-        Provider        sigProvider)
-        throws CMSException, NoSuchAlgorithmException
-    {
-        String          digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(this.getDigestAlgOID());
-        String          encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
-        String          signatureName = digestName + "with" + encName;
-        Signature       sig = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, sigProvider);
-        MessageDigest   digest = CMSSignedHelper.INSTANCE.getDigestInstance(digestName, sigProvider); 
-
-        // TODO [BJA-109] Note: PSSParameterSpec requires JDK1.4+ 
-/*
-        try
-        {
-            DERObjectIdentifier sigAlgOID = encryptionAlgorithm.getObjectId();
-            DEREncodable sigParams = this.encryptionAlgorithm.getParameters();
-            if (sigAlgOID.equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            {
-                // RFC 4056
-                // When the id-RSASSA-PSS algorithm identifier is used for a signature,
-                // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params.
-                if (sigParams == null)
-                {
-                    throw new CMSException(
-                        "RSASSA-PSS signature must specify algorithm parameters");
-                }
-
-                AlgorithmParameters params = AlgorithmParameters.getInstance(
-                    sigAlgOID.getId(), sig.getProvider().getName());
-                params.init(sigParams.getDERObject().getEncoded(), "ASN.1");
-
-                PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class);
-                sig.setParameter(spec);
-            }
-            else
-            {
-                // TODO Are there other signature algorithms that provide parameters?
-                if (sigParams != null)
-                {
-                    throw new CMSException("unrecognised signature parameters provided");
-                }
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("error encoding signature parameters.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("error setting signature parameters.", e);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-            throw new CMSException("error processing signature parameters.", e);
-        }
-*/
-
-        try
-        {
-            if (digestCalculator != null)
-            {
-                resultDigest = digestCalculator.getDigest();
-            }
-            else
-            {
-                if (content != null)
-                {
-                    content.write(new DigOutputStream(digest));
-                }
-                else if (signedAttributeSet == null)
-                {
-                    // TODO Get rid of this exception and just treat content==null as empty not missing?
-                    throw new CMSException("data not encapsulated in signature - use detached constructor.");
-                }
-
-                resultDigest = digest.digest();
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("can't process mime object to create signature.", e);
-        }
-
-        // RFC 3852 11.1 Check the content-type attribute is correct
-        {
-            DERObject validContentType = getSingleValuedSignedAttribute(
-                CMSAttributes.contentType, "content-type");
-            if (validContentType == null)
-            {
-                if (!isCounterSignature && signedAttributeSet != null)
-                {
-                    throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
-                }
-            }
-            else
-            {
-                if (isCounterSignature)
-                {
-                    throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
-                }
-    
-                if (!(validContentType instanceof DERObjectIdentifier))
-                {
-                    throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
-                }
-    
-                DERObjectIdentifier signedContentType = (DERObjectIdentifier)validContentType;
-    
-                if (!signedContentType.equals(contentType))
-                {
-                    throw new CMSException("content-type attribute value does not match eContentType");
-                }
-            }
-        }
-
-        // RFC 3852 11.2 Check the message-digest attribute is correct
-        {
-            DERObject validMessageDigest = getSingleValuedSignedAttribute(
-                CMSAttributes.messageDigest, "message-digest");
-            if (validMessageDigest == null)
-            {
-                if (signedAttributeSet != null)
-                {
-                    throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
-                }
-            }
-            else
-            {
-                if (!(validMessageDigest instanceof ASN1OctetString))
-                {
-                    throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
-                }
-    
-                ASN1OctetString signedMessageDigest = (ASN1OctetString)validMessageDigest;
-    
-                if (!Arrays.constantTimeAreEqual(resultDigest, signedMessageDigest.getOctets()))
-                {
-                    throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
-                }
-            }
-        }
-
-        // RFC 3852 11.4 Validate countersignature attribute(s)
-        {
-            AttributeTable signedAttrTable = this.getSignedAttributes();
-            if (signedAttrTable != null
-                && signedAttrTable.getAll(CMSAttributes.counterSignature).size() > 0)
-            {
-                throw new CMSException("A countersignature attribute MUST NOT be a signed attribute");
-            }
-
-            AttributeTable unsignedAttrTable = this.getUnsignedAttributes();
-            if (unsignedAttrTable != null)
-            {
-                ASN1EncodableVector csAttrs = unsignedAttrTable.getAll(CMSAttributes.counterSignature);
-                for (int i = 0; i < csAttrs.size(); ++i)
-                {
-                    Attribute csAttr = (Attribute)csAttrs.get(i);            
-                    if (csAttr.getAttrValues().size() < 1)
-                    {
-                        throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue");
-                    }
-
-                    // Note: We don't recursively validate the countersignature value
-                }
-            }
-        }
-
-        try
-        {
-            sig.initVerify(key);
-
-            if (signedAttributeSet == null)
-            {
-                if (digestCalculator != null)
-                {
-                    // need to decrypt signature and check message bytes
-                    return verifyDigest(resultDigest, key, this.getSignature(), sigProvider);
-                }
-                else if (content != null)
-                {
-                    // TODO Use raw signature of the hash value instead
-                    content.write(new SigOutputStream(sig));
-                }
-            }
-            else
-            {
-                sig.update(this.getEncodedSignedAttributes());
-            }
-
-            return sig.verify(this.getSignature());
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key not appropriate to signature in message.", e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("can't process mime object to create signature.", e);
-        }
-        catch (SignatureException e)
-        {
-            throw new CMSException("invalid signature format in message: " + e.getMessage(), e);
-        }
-    }
-
-    private boolean doVerify(
-        SignerInformationVerifier verifier)
-        throws CMSException
-    {
-        String          digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(this.getDigestAlgOID());
-        String          encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
-        String          signatureName = digestName + "with" + encName;
-
-        try
-        {
-            if (digestCalculator != null)
-            {
-                resultDigest = digestCalculator.getDigest();
-            }
-            else
-            {
-                DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
-                if (content != null)
-                {
-                    OutputStream      digOut = calc.getOutputStream();
-
-                    content.write(digOut);
-
-                    digOut.close();
-                }
-                else if (signedAttributeSet == null)
-                {
-                    // TODO Get rid of this exception and just treat content==null as empty not missing?
-                    throw new CMSException("data not encapsulated in signature - use detached constructor.");
-                }
-
-                resultDigest = calc.getDigest();
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("can't process mime object to create signature.", e);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm: " + e.getMessage(), e);
-        }
-        catch (OperatorCreationException e)
-        {
-            throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
-        }
-
-        // RFC 3852 11.1 Check the content-type attribute is correct
-        {
-            DERObject validContentType = getSingleValuedSignedAttribute(
-                CMSAttributes.contentType, "content-type");
-            if (validContentType == null)
-            {
-                if (!isCounterSignature && signedAttributeSet != null)
-                {
-                    throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
-                }
-            }
-            else
-            {
-                if (isCounterSignature)
-                {
-                    throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
-                }
-
-                if (!(validContentType instanceof DERObjectIdentifier))
-                {
-                    throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
-                }
-
-                DERObjectIdentifier signedContentType = (DERObjectIdentifier)validContentType;
-
-                if (!signedContentType.equals(contentType))
-                {
-                    throw new CMSException("content-type attribute value does not match eContentType");
-                }
-            }
-        }
-
-        // RFC 3852 11.2 Check the message-digest attribute is correct
-        {
-            DERObject validMessageDigest = getSingleValuedSignedAttribute(
-                CMSAttributes.messageDigest, "message-digest");
-            if (validMessageDigest == null)
-            {
-                if (signedAttributeSet != null)
-                {
-                    throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
-                }
-            }
-            else
-            {
-                if (!(validMessageDigest instanceof ASN1OctetString))
-                {
-                    throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
-                }
-
-                ASN1OctetString signedMessageDigest = (ASN1OctetString)validMessageDigest;
-
-                if (!Arrays.constantTimeAreEqual(resultDigest, signedMessageDigest.getOctets()))
-                {
-                    throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
-                }
-            }
-        }
-
-        // RFC 3852 11.4 Validate countersignature attribute(s)
-        {
-            AttributeTable signedAttrTable = this.getSignedAttributes();
-            if (signedAttrTable != null
-                && signedAttrTable.getAll(CMSAttributes.counterSignature).size() > 0)
-            {
-                throw new CMSException("A countersignature attribute MUST NOT be a signed attribute");
-            }
-
-            AttributeTable unsignedAttrTable = this.getUnsignedAttributes();
-            if (unsignedAttrTable != null)
-            {
-                ASN1EncodableVector csAttrs = unsignedAttrTable.getAll(CMSAttributes.counterSignature);
-                for (int i = 0; i < csAttrs.size(); ++i)
-                {
-                    Attribute csAttr = (Attribute)csAttrs.get(i);
-                    if (csAttr.getAttrValues().size() < 1)
-                    {
-                        throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue");
-                    }
-
-                    // Note: We don't recursively validate the countersignature value
-                }
-            }
-        }
-
-        try
-        {
-            ContentVerifier contentVerifier = verifier.getContentVerifier(sigAlgFinder.find(signatureName));
-            OutputStream sigOut = contentVerifier.getOutputStream();
-
-            if (signedAttributeSet == null)
-            {
-                if (digestCalculator != null)
-                {
-                    if (contentVerifier instanceof RawContentVerifier)
-                    {           
-                        RawContentVerifier rawVerifier = (RawContentVerifier)contentVerifier;
-
-                        if (encName.equals("RSA"))
-                        {
-                            DigestInfo digInfo = new DigestInfo(digestAlgorithm, resultDigest);
-
-                            return rawVerifier.verify(digInfo.getDEREncoded(), this.getSignature());
-                        }
-
-                        return rawVerifier.verify(resultDigest, this.getSignature());
-                    }
-
-                    throw new CMSException("verifier unable to process raw signature");
-                }
-                else if (content != null)
-                {
-                    // TODO Use raw signature of the hash value instead
-                    content.write(sigOut);
-                }
-            }
-            else
-            {
-                sigOut.write(this.getEncodedSignedAttributes());
-            }
-
-            sigOut.close();
-
-            return contentVerifier.verify(this.getSignature());
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("can't process mime object to create signature.", e);
-        }
-        catch (OperatorCreationException e)
-        {
-            throw new CMSException("can't create content verifier: " + e.getMessage(), e);
-        }
-    }
-
-    private boolean isNull(
-        DEREncodable    o)
-    {
-        return (o instanceof ASN1Null) || (o == null);
-    }
-    
-    private DigestInfo derDecode(
-        byte[]  encoding)
-        throws IOException, CMSException
-    {
-        if (encoding[0] != (DERTags.CONSTRUCTED | DERTags.SEQUENCE))
-        {
-            throw new IOException("not a digest info object");
-        }
-        
-        ASN1InputStream         aIn = new ASN1InputStream(encoding);
-
-        DigestInfo digInfo = new DigestInfo((ASN1Sequence)aIn.readObject());
-
-        // length check to avoid Bleichenbacher vulnerability
-
-        if (digInfo.getEncoded().length != encoding.length)
-        {
-            throw new CMSException("malformed RSA signature");
-        }
-
-        return digInfo;
-    }
-
-    /**
-     * @deprecated
-     */
-    private boolean verifyDigest(
-        byte[]    digest, 
-        PublicKey key,
-        byte[]    signature,
-        Provider  sigProvider)
-        throws NoSuchAlgorithmException, CMSException
-    {
-        String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
-
-        try
-        {
-            if (encName.equals("RSA"))
-            {
-                Cipher c = CMSEnvelopedHelper.INSTANCE.createAsymmetricCipher("RSA/ECB/PKCS1Padding", sigProvider);
-
-                c.init(Cipher.DECRYPT_MODE, key);
-                
-                DigestInfo digInfo = derDecode(c.doFinal(signature));
-
-                if (!digInfo.getAlgorithmId().getObjectId().equals(digestAlgorithm.getObjectId()))
-                {
-                    return false;
-                }
-             
-                if (!isNull(digInfo.getAlgorithmId().getParameters()))
-                {
-                    return false;
-                }
-
-                byte[]  sigHash = digInfo.getDigest();
-
-                return Arrays.constantTimeAreEqual(digest, sigHash);
-            }
-            else if (encName.equals("DSA"))
-            {
-                Signature sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEwithDSA", sigProvider);
-
-                sig.initVerify(key);
-                
-                sig.update(digest);
-                
-                return sig.verify(signature);
-            }
-            else
-            {
-                throw new CMSException("algorithm: " + encName + " not supported in base signatures.");
-            }
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("Exception processing signature: " + e, e);
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("Exception decoding signature: " + e, e);
-        }
-    }
-
-//    private boolean verifyDigest(
-//        byte[]    digest, 
-//        PublicKey key,
-//        byte[]    signature,
-//        Provider  sigProvider)
-//        throws NoSuchAlgorithmException, CMSException
-//    {
-//        String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
-//        String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(this.getDigestAlgOID());
-//        String signatureName = digestName + "with" + encName;
-//
-//        try
-//        {
-//            byte[] bytesToSign = digest;
-//            Signature sig;
-//
-//            if (encName.equals("RSA"))
-//            {
-//                bytesToSign = RSADigestSigner.encodeDERSig(digestAlgorithm.getObjectId(), digest);
-//                sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEwithRSA", sigProvider);
-//            }
-//            else if (encName.equals("DSA"))
-//            {
-//                sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEwithDSA", sigProvider);
-//            }
-//            else if (encName.equals("RSAandMGF1"))
-//            {
-//                sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEWITHRSAPSS", sigProvider);
-//                try
-//                {
-//                    // Init the params this way to avoid having a 'raw' version of each PSS algorithm
-//                    Signature sig2 = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, sigProvider);
-//                    PSSParameterSpec spec = (PSSParameterSpec)sig2.getParameters().getParameterSpec(PSSParameterSpec.class);
-//                    sig.setParameter(spec);
-//                }
-//                catch (Exception e)
-//                {
-//                    throw new CMSException("algorithm: " + encName + " could not be configured.");
-//                }
-//            }
-//            else
-//            {
-//                throw new CMSException("algorithm: " + encName + " not supported in base signatures.");
-//            }
-//
-//            sig.initVerify(key);
-//            sig.update(bytesToSign);
-//            return sig.verify(signature);
-//        }
-//        catch (GeneralSecurityException e)
-//        {
-//            throw new CMSException("Exception processing signature: " + e, e);
-//        }
-//    }
-    
-    /**
-     * verify that the given public key successfully handles and confirms the
-     * signature associated with this signer.
-     * @deprecated use verify(ContentVerifierProvider)
-     */
-    public boolean verify(
-        PublicKey   key,
-        String      sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return verify(key, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * verify that the given public key successfully handles and confirms the
-     * signature associated with this signer
-     * @deprecated use verify(ContentVerifierProvider)
-     */
-    public boolean verify(
-        PublicKey   key,
-        Provider    sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        // Optional, but still need to validate if present
-        getSigningTime();
-
-        return doVerify(key, sigProvider);
-    }
-
-    /**
-     * verify that the given certificate successfully handles and confirms
-     * the signature associated with this signer and, if a signingTime
-     * attribute is available, that the certificate was valid at the time the
-     * signature was generated.
-     * @deprecated use verify(ContentVerifierProvider)
-     */
-    public boolean verify(
-        X509Certificate cert,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-            CertificateExpiredException, CertificateNotYetValidException,
-            CMSException
-    {
-        return verify(cert, CMSUtils.getProvider(sigProvider));
-    }
-
-    /**
-     * verify that the given certificate successfully handles and confirms
-     * the signature associated with this signer and, if a signingTime
-     * attribute is available, that the certificate was valid at the time the
-     * signature was generated.
-     * @deprecated use verify(ContentVerifierProvider)
-     */
-    public boolean verify(
-        X509Certificate cert,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException,
-            CertificateExpiredException, CertificateNotYetValidException,
-            CMSException
-    {
-        Time signingTime = getSigningTime();
-        if (signingTime != null)
-        {
-            cert.checkValidity(signingTime.getDate());
-        }
-
-        return doVerify(cert.getPublicKey(), sigProvider); 
-    }
-
-    /**
-     * Verify that the given verifier can successfully verify the signature on
-     * this SignerInformation object.
-     *
-     * @param verifier a suitably configured SignerInformationVerifier.
-     * @return true if the signer information is verified, false otherwise.
-     * @throws org.bouncycastle.cms.CMSVerifierCertificateNotValidException if the provider has an associated certificate and the certificate is not valid at the time given as the SignerInfo's signing time.
-     * @throws org.bouncycastle.cms.CMSException if the verifier is unable to create a ContentVerifiers or DigestCalculators.
-     */
-    public boolean verify(SignerInformationVerifier verifier)
-        throws CMSException
-    {
-        Time signingTime = getSigningTime();   // has to be validated if present.
-
-        if (verifier.hasAssociatedCertificate())
-        {
-            if (signingTime != null)
-            {
-                X509CertificateHolder dcv = verifier.getAssociatedCertificate();
-
-                if (!dcv.isValidOn(signingTime.getDate()))
-                {
-                    throw new CMSVerifierCertificateNotValidException("verifier not valid at signingTime");
-                }
-            }
-        }
-
-        return doVerify(verifier);
-    }
-
-    /**
-     * Return the base ASN.1 CMS structure that this object contains.
-     * 
-     * @return an object containing a CMS SignerInfo structure.
-     * @deprecated use toASN1Structure()
-     */
-    public SignerInfo toSignerInfo()
-    {
-        return info;
-    }
-
-    /**
-     * Return the underlying ASN.1 object defining this SignerInformation object.
-     *
-     * @return a SignerInfo.
-     */
-    public SignerInfo toASN1Structure()
-    {
-        return info;
-    }
-
-    private DERObject getSingleValuedSignedAttribute(
-        DERObjectIdentifier attrOID, String printableName)
-        throws CMSException
-    {
-        AttributeTable unsignedAttrTable = this.getUnsignedAttributes();
-        if (unsignedAttrTable != null
-            && unsignedAttrTable.getAll(attrOID).size() > 0)
-        {
-            throw new CMSException("The " + printableName
-                + " attribute MUST NOT be an unsigned attribute");
-        }
-
-        AttributeTable signedAttrTable = this.getSignedAttributes();
-        if (signedAttrTable == null)
-        {
-            return null;
-        }
-
-        ASN1EncodableVector v = signedAttrTable.getAll(attrOID);
-        switch (v.size())
-        {
-            case 0:
-                return null;
-            case 1:
-            {
-                Attribute t = (Attribute)v.get(0);
-                ASN1Set attrValues = t.getAttrValues();
-                if (attrValues.size() != 1)
-                {
-                    throw new CMSException("A " + printableName
-                        + " attribute MUST have a single attribute value");
-                }
-
-                return attrValues.getObjectAt(0).getDERObject();
-            }
-            default:
-                throw new CMSException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the "
-                    + printableName + " attribute");
-        }
-    }
-
-    private Time getSigningTime() throws CMSException
-    {
-        DERObject validSigningTime = getSingleValuedSignedAttribute(
-            CMSAttributes.signingTime, "signing-time");
-
-        if (validSigningTime == null)
-        {
-            return null;
-        }
-
-        try
-        {
-            return Time.getInstance(validSigningTime);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("signing-time attribute value not a valid 'Time' structure");
-        }
-    }
-
-    /**
-     * Return a signer information object with the passed in unsigned
-     * attributes replacing the ones that are current associated with
-     * the object passed in.
-     * 
-     * @param signerInformation the signerInfo to be used as the basis.
-     * @param unsignedAttributes the unsigned attributes to add.
-     * @return a copy of the original SignerInformationObject with the changed attributes.
-     */
-    public static SignerInformation replaceUnsignedAttributes(
-        SignerInformation   signerInformation,
-        AttributeTable      unsignedAttributes)
-    {
-        SignerInfo  sInfo = signerInformation.info;
-        ASN1Set     unsignedAttr = null;
-        
-        if (unsignedAttributes != null)
-        {
-            unsignedAttr = new DERSet(unsignedAttributes.toASN1EncodableVector());
-        }
-        
-        return new SignerInformation(
-                new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(),
-                    sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), unsignedAttr),
-                    signerInformation.contentType, signerInformation.content, null, new DefaultSignatureAlgorithmIdentifierFinder());
-    }
-
-    /**
-     * Return a signer information object with passed in SignerInformationStore representing counter
-     * signatures attached as an unsigned attribute.
-     *
-     * @param signerInformation the signerInfo to be used as the basis.
-     * @param counterSigners signer info objects carrying counter signature.
-     * @return a copy of the original SignerInformationObject with the changed attributes.
-     */
-    public static SignerInformation addCounterSigners(
-        SignerInformation        signerInformation,
-        SignerInformationStore   counterSigners)
-    {
-        // TODO Perform checks from RFC 3852 11.4
-
-        SignerInfo          sInfo = signerInformation.info;
-        AttributeTable      unsignedAttr = signerInformation.getUnsignedAttributes();
-        ASN1EncodableVector v;
-
-        if (unsignedAttr != null)
-        {
-            v = unsignedAttr.toASN1EncodableVector();
-        }
-        else
-        {
-            v = new ASN1EncodableVector();
-        }
-
-        ASN1EncodableVector sigs = new ASN1EncodableVector();
-
-        for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext();)
-        {
-            sigs.add(((SignerInformation)it.next()).toSignerInfo());
-        }
-
-        v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs)));
-
-        return new SignerInformation(
-                new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(),
-                    sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)),
-                    signerInformation.contentType, signerInformation.content, null, new DefaultSignatureAlgorithmIdentifierFinder());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationStore.java
deleted file mode 100644
index 26a1d436d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationStore.java
+++ /dev/null
@@ -1,117 +0,0 @@
-package org.bouncycastle.cms;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-public class SignerInformationStore
-{
-    private ArrayList all = new ArrayList();
-    private Map table = new HashMap();
-
-    public SignerInformationStore(
-        Collection  signerInfos)
-    {
-        Iterator    it = signerInfos.iterator();
-
-        while (it.hasNext())
-        {
-            SignerInformation   signer = (SignerInformation)it.next();
-            SignerId            sid = signer.getSID();
-
-            if (table.get(sid) == null)
-            {
-                table.put(sid, signer);
-            }
-            else
-            {
-                Object o = table.get(sid);
-                
-                if (o instanceof List)
-                {
-                    ((List)o).add(signer);
-                }
-                else
-                {
-                    List l = new ArrayList();
-                    
-                    l.add(o);
-                    l.add(signer);
-                    
-                    table.put(sid, l);
-                }
-            }
-
-            this.all = new ArrayList(signerInfos);
-        }
-    }
-
-    /**
-     * Return the first SignerInformation object that matches the
-     * passed in selector. Null if there are no matches.
-     * 
-     * @param selector to identify a signer
-     * @return a single SignerInformation object. Null if none matches.
-     */
-    public SignerInformation get(
-        SignerId        selector)
-    {
-        Object o = table.get(selector);
-        
-        if (o instanceof List)
-        {
-            return (SignerInformation)((List)o).get(0);
-        }
-        else
-        {
-            return (SignerInformation)o;
-        }
-    }
-
-    /**
-     * Return the number of signers in the collection.
-     * 
-     * @return number of signers identified.
-     */
-    public int size()
-    {
-        return all.size();
-    }
-
-    /**
-     * Return all signers in the collection
-     * 
-     * @return a collection of signers.
-     */
-    public Collection getSigners()
-    {
-        return new ArrayList(all);
-    }
-
-    /**
-     * Return possible empty collection with signers matching the passed in SignerId
-     * 
-     * @param selector a signer id to select against.
-     * @return a collection of SignerInformation objects.
-     */
-    public Collection getSigners(
-        SignerId selector)
-    {
-        Object o = table.get(selector);
-        
-        if (o instanceof List)
-        {
-            return new ArrayList((List)o);
-        }
-        else if (o != null)
-        {
-            return Collections.singletonList(o);
-        }
-        
-        return new ArrayList();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java
deleted file mode 100644
index 038efd2aa..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class SignerInformationVerifier
-{
-    private ContentVerifierProvider verifierProvider;
-    private DigestCalculatorProvider digestProvider;
-
-    public SignerInformationVerifier(ContentVerifierProvider verifierProvider, DigestCalculatorProvider digestProvider)
-    {
-        this.verifierProvider = verifierProvider;
-        this.digestProvider = digestProvider;
-    }
-
-    public boolean hasAssociatedCertificate()
-    {
-        return verifierProvider.hasAssociatedCertificate();
-    }
-
-    public X509CertificateHolder getAssociatedCertificate()
-    {
-        return verifierProvider.getAssociatedCertificate();
-    }
-
-    public ContentVerifier getContentVerifier(AlgorithmIdentifier algorithmIdentifier)
-        throws OperatorCreationException
-    {
-        return verifierProvider.get(algorithmIdentifier);
-    }
-
-    public DigestCalculator getDigestCalculator(AlgorithmIdentifier algorithmIdentifier)
-        throws OperatorCreationException
-    {
-        return digestProvider.get(algorithmIdentifier);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerIntInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerIntInfoGenerator.java
deleted file mode 100644
index f24c5699a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SignerIntInfoGenerator.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cms.SignerInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-interface SignerIntInfoGenerator
-{
-    SignerInfo generate(DERObjectIdentifier contentType, AlgorithmIdentifier digestAlgorithm,
-        byte[] calculatedDigest) throws CMSStreamException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java
deleted file mode 100644
index f182431fd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.cms;
-
-import org.bouncycastle.asn1.cms.AttributeTable;
-
-import java.util.Map;
-
-/**
- * Basic generator that just returns a preconstructed attribute table
- */
-public class SimpleAttributeTableGenerator
-    implements CMSAttributeTableGenerator
-{
-    private final AttributeTable attributes;
-
-    public SimpleAttributeTableGenerator(
-        AttributeTable attributes)
-    {
-        this.attributes = attributes;
-    }
-
-    public AttributeTable getAttributes(Map parameters)
-    {
-        return attributes;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java
deleted file mode 100644
index 0ca325ae3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.cms.bc;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.KeyTransRecipientInfoGenerator;
-import org.bouncycastle.operator.bc.BcAsymmetricKeyWrapper;
-
-public abstract class BcKeyTransRecipientInfoGenerator
-    extends KeyTransRecipientInfoGenerator
-{
-    public BcKeyTransRecipientInfoGenerator(X509CertificateHolder recipientCert, BcAsymmetricKeyWrapper wrapper)
-    {
-        super(recipientCert.getIssuerAndSerialNumber(), wrapper);
-    }
-
-    public BcKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, BcAsymmetricKeyWrapper wrapper)
-    {
-        super(subjectKeyIdentifier, wrapper);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java
deleted file mode 100644
index b571b9ae1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.cms.bc;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.operator.bc.BcRSAAsymmetricKeyWrapper;
-
-public class BcRSAKeyTransRecipientInfoGenerator
-    extends BcKeyTransRecipientInfoGenerator
-{
-    public BcRSAKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, AlgorithmIdentifier encAlgId, AsymmetricKeyParameter publicKey)
-    {
-        super(subjectKeyIdentifier, new BcRSAAsymmetricKeyWrapper(encAlgId, publicKey));
-    }
-
-    public BcRSAKeyTransRecipientInfoGenerator(X509CertificateHolder recipientCert)
-        throws IOException
-    {
-        super(recipientCert, new BcRSAAsymmetricKeyWrapper(recipientCert.getSubjectPublicKeyInfo().getAlgorithmId(), recipientCert.getSubjectPublicKeyInfo()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java
deleted file mode 100644
index c358b2759..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.cms.bc;
-
-import java.security.cert.CertificateException;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.SignerInformationVerifier;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
-
-public class BcRSASignerInfoVerifierBuilder
-{
-    private BcRSAContentVerifierProviderBuilder contentVerifierProviderBuilder;
-    private DigestCalculatorProvider digestCalculatorProvider;
-
-    public BcRSASignerInfoVerifierBuilder(DigestAlgorithmIdentifierFinder digestAlgorithmFinder, DigestCalculatorProvider digestCalculatorProvider)
-    {
-        this.contentVerifierProviderBuilder = new BcRSAContentVerifierProviderBuilder(digestAlgorithmFinder);
-        this.digestCalculatorProvider = digestCalculatorProvider;
-    }
-
-    public SignerInformationVerifier build(X509CertificateHolder certHolder)
-        throws OperatorCreationException, CertificateException
-    {
-        return new SignerInformationVerifier(contentVerifierProviderBuilder.build(certHolder), digestCalculatorProvider);
-    }
-
-    public SignerInformationVerifier build(AsymmetricKeyParameter pubKey)
-        throws OperatorCreationException
-    {
-        return new SignerInformationVerifier(contentVerifierProviderBuilder.build(pubKey), digestCalculatorProvider);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java
deleted file mode 100644
index 57a4fcc74..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.Key;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.operator.GenericKey;
-
-class CMSUtils
-{
-    static TBSCertificateStructure getTBSCertificateStructure(
-        X509Certificate cert)
-        throws CertificateEncodingException
-    {
-            return TBSCertificateStructure.getInstance(cert.getTBSCertificate());
-    }
-
-    static Key getJceKey(GenericKey key)
-    {
-        if (key.getRepresentation() instanceof Key)
-        {
-            return (Key)key.getRepresentation();
-        }
-
-        if (key.getRepresentation() instanceof byte[])
-        {
-            return new SecretKeySpec((byte[])key.getRepresentation(), "ENC");
-        }
-
-        throw new IllegalArgumentException("unknown generic key type");
-    }
-
-    static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert)
-        throws CertificateEncodingException
-    {
-        X509CertificateStructure certStruct = X509CertificateStructure.getInstance(cert.getEncoded());
-
-        return new IssuerAndSerialNumber(certStruct.getIssuer(), certStruct.getSerialNumber());
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java
deleted file mode 100644
index eba905419..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java
+++ /dev/null
@@ -1,616 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.IOException;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.jcajce.JcaJceHelper;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-
-class EnvelopedDataHelper
-{
-    protected static final Map BASE_CIPHER_NAMES = new HashMap();
-    protected static final Map CIPHER_ALG_NAMES = new HashMap();
-    protected static final Map MAC_ALG_NAMES = new HashMap();
-
-    static
-    {
-        BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_EDE3_CBC,  "DESEDE");
-        BASE_CIPHER_NAMES.put(CMSAlgorithm.AES128_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(CMSAlgorithm.AES192_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(CMSAlgorithm.AES256_CBC,  "AES");
-
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC,  "DESEDE/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC,  "AES/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()), "RSA/ECB/PKCS1Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia/CBC/PKCS5Padding");
-        CIPHER_ALG_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED/CBC/PKCS5Padding");
-
-        MAC_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC,  "DESEDEMac");
-        MAC_ALG_NAMES.put(CMSAlgorithm.AES128_CBC,  "AESMac");
-        MAC_ALG_NAMES.put(CMSAlgorithm.AES192_CBC,  "AESMac");
-        MAC_ALG_NAMES.put(CMSAlgorithm.AES256_CBC,  "AESMac");
-        MAC_ALG_NAMES.put(CMSAlgorithm.RC2_CBC,  "RC2Mac");
-    }
-
-    private static final short[] rc2Table = {
-        0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-        0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-        0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-        0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-        0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-        0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-        0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-        0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-        0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-        0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-        0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-        0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-        0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-        0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-        0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-        0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-    };
-
-    private static final short[] rc2Ekb = {
-        0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-        0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-        0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-        0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-        0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-        0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-        0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-        0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-        0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-        0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-        0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-        0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-        0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-        0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-        0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-        0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-    };
-
-    private JcaJceHelper        helper;
-
-    EnvelopedDataHelper(JcaJceHelper helper)
-    {
-        this.helper = helper;
-    }
-
-    String getBaseCipherName(ASN1ObjectIdentifier algorithm)
-    {
-        String name = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-        if (name == null)
-        {
-            return algorithm.getId();
-        }
-
-        return name;
-    }
-    
-    Cipher createCipher(ASN1ObjectIdentifier algorithm)
-        throws CMSException
-    {
-        try
-        {
-            String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createCipher(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createCipher(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-
-    Mac createMac(ASN1ObjectIdentifier algorithm)
-        throws CMSException
-    {
-        try
-        {
-            String macName = (String)MAC_ALG_NAMES.get(algorithm);
-
-            if (macName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createMac(macName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createMac(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create mac: " + e.getMessage(), e);
-        }
-    }
-
-    Cipher createRFC3211Wrapper(ASN1ObjectIdentifier algorithm)
-        throws CMSException
-    {
-        String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-        if (cipherName == null)
-        {
-            throw new CMSException("no name for " + algorithm);
-        }
-
-        cipherName += "RFC3211Wrap";
-
-        try
-        {
-             return helper.createCipher(cipherName);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-
-    KeyAgreement createKeyAgreement(ASN1ObjectIdentifier algorithm)
-        throws CMSException
-    {
-        try
-        {
-            String agreementName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-            if (agreementName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createKeyAgreement(agreementName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createKeyAgreement(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create key pair generator: " + e.getMessage(), e);
-        }
-    }
-
-    AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm)
-        throws GeneralSecurityException
-    {
-        String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-        if (algorithmName != null)
-        {
-            try
-            {
-                // this is reversed as the Sun policy files now allow unlimited strength RSA
-                return helper.createAlgorithmParameterGenerator(algorithmName);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-        return helper.createAlgorithmParameterGenerator(algorithm.getId());
-    }
-
-    Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID)
-        throws CMSException
-    {
-        return (Cipher)execute(new JCECallback()
-        {
-            public Object doInJCE()
-                throws CMSException, InvalidAlgorithmParameterException,
-                InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException,
-                NoSuchPaddingException, NoSuchProviderException
-            {
-                Cipher cipher = createCipher(encryptionAlgID.getAlgorithm());
-                ASN1Object sParams = (ASN1Object)encryptionAlgID.getParameters().getDERObject();
-                String encAlg = encryptionAlgID.getAlgorithm().getId();
-
-                if (sParams != null && !(sParams instanceof ASN1Null))
-                {
-                    try
-                    {
-                        AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm());
-
-                        try
-                        {
-                            params.init(sParams.getEncoded(), "ASN.1");
-                        }
-                        catch (IOException e)
-                        {
-                            throw new CMSException("error decoding algorithm parameters.", e);
-                        }
-
-                        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
-                    }
-                    catch (NoSuchAlgorithmException e)
-                    {
-                        if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC)
-                            || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC))
-                        {
-                            cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(
-                                ASN1OctetString.getInstance(sParams).getOctets()));
-                        }
-                        else
-                        {
-                            throw e;
-                        }
-                    }
-                }
-                else
-                {
-                    if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC)
-                        || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC)
-                        || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC))
-                    {
-                        cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8]));
-                    }
-                    else
-                    {
-                        cipher.init(Cipher.DECRYPT_MODE, sKey);
-                    }
-                }
-
-                return cipher;
-            }
-        });
-    }
-
-    Mac createContentMac(final Key sKey, final AlgorithmIdentifier macAlgId)
-        throws CMSException
-    {
-        return (Mac)execute(new JCECallback()
-        {
-            public Object doInJCE()
-                throws CMSException, InvalidAlgorithmParameterException,
-                InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException,
-                NoSuchPaddingException, NoSuchProviderException
-            {
-                Mac mac = createMac(macAlgId.getAlgorithm());
-                ASN1Object sParams = (ASN1Object)macAlgId.getParameters().getDERObject();
-                String macAlg = macAlgId.getAlgorithm().getId();
-
-                if (sParams != null && !(sParams instanceof ASN1Null))
-                {
-                    try
-                    {
-                        AlgorithmParameters params = createAlgorithmParameters(macAlgId.getAlgorithm());
-
-                        try
-                        {
-                            params.init(sParams.getEncoded(), "ASN.1");
-                        }
-                        catch (IOException e)
-                        {
-                            throw new CMSException("error decoding algorithm parameters.", e);
-                        }
-
-                        mac.init(sKey, params.getParameterSpec(IvParameterSpec.class));
-                    }
-                    catch (NoSuchAlgorithmException e)
-                    {
-                        throw e;
-                    }
-                }
-                else
-                {
-                    mac.init(sKey);
-                }
-
-                return mac;
-            }
-        });
-    }
-
-    AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-        if (algorithmName != null)
-        {
-            try
-            {
-                // this is reversed as the Sun policy files now allow unlimited strength RSA
-                return helper.createAlgorithmParameters(algorithmName);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-        return helper.createAlgorithmParameters(algorithm.getId());
-    }
-
-
-    KeyPairGenerator createKeyPairGenerator(DERObjectIdentifier algorithm)
-        throws CMSException
-    {
-        try
-        {
-            String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createKeyPairGenerator(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createKeyPairGenerator(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create key pair generator: " + e.getMessage(), e);
-        }
-    }
-
-    public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm)
-        throws CMSException
-    {
-        try
-        {
-            String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createKeyGenerator(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createKeyGenerator(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create key generator: " + e.getMessage(), e);
-        }
-    }
-
-    AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand)
-        throws CMSException
-    {
-        try
-        {
-            AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID);
-
-            if (encryptionOID.equals(CMSEnvelopedDataGenerator.RC2_CBC))
-            {
-                byte[]  iv = new byte[8];
-
-                rand.nextBytes(iv);
-
-                try
-                {
-                    pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand);
-                }
-                catch (InvalidAlgorithmParameterException e)
-                {
-                    throw new CMSException("parameters generation error: " + e, e);
-                }
-            }
-
-            return pGen.generateParameters();
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            return null;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("exception creating algorithm parameter generator: " + e, e);
-        }
-    }
-
-    AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params)
-        throws CMSException
-    {
-        DEREncodable asn1Params;
-        if (params != null)
-        {
-            try
-            {
-                asn1Params = ASN1Object.fromByteArray(params.getEncoded("ASN.1"));
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("cannot encode parameters: " + e.getMessage(), e);
-            }
-        }
-        else
-        {
-            asn1Params = DERNull.INSTANCE;
-        }
-
-        return new AlgorithmIdentifier(
-            encryptionOID,
-            asn1Params);
-    }
-
-    static Object execute(JCECallback callback) throws CMSException
-    {
-        try
-        {
-            return callback.doInJCE();
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new CMSException("can't find provider.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new CMSException("algorithm parameters invalid.", e);
-        }
-        catch (InvalidParameterSpecException e)
-        {
-            throw new CMSException("MAC algorithm parameter spec invalid.", e);
-        }
-    }
-
-    public KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm)
-        throws CMSException
-    {
-        try
-        {
-            String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createKeyFactory(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createKeyFactory(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot create key factory: " + e.getMessage(), e);
-        }
-    }
-
-    public AsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey)
-    {
-        return helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey);
-    }
-
-    public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey)
-    {
-        return helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey);
-    }
-
-    public AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier macOID, AlgorithmParameterSpec paramSpec)
-    {
-        if (paramSpec instanceof IvParameterSpec)
-        {
-            return new AlgorithmIdentifier(macOID, new DEROctetString(((IvParameterSpec)paramSpec).getIV()));
-        }
-        if (paramSpec instanceof RC2ParameterSpec)
-        {
-            RC2ParameterSpec rc2Spec = (RC2ParameterSpec)paramSpec;
-
-            int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-
-            if (effKeyBits != -1)
-            {
-                int parameterVersion;
-                            
-                if (effKeyBits < 256)
-                {
-                    parameterVersion = rc2Table[effKeyBits];
-                }
-                else
-                {
-                    parameterVersion = effKeyBits;
-                }
-
-                return new AlgorithmIdentifier(macOID, new RC2CBCParameter(parameterVersion, rc2Spec.getIV()));
-            }
-
-            return new AlgorithmIdentifier(macOID, new RC2CBCParameter(rc2Spec.getIV()));
-        }
-
-        throw new IllegalStateException("unknown parameter spec");
-    }
-
-    static interface JCECallback
-    {
-        Object doInJCE()
-            throws CMSException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException,
-            NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java
deleted file mode 100644
index ccc44a1ec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSAttributeTableGenerator;
-import org.bouncycastle.cms.SignerInfoGenerator;
-import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class JcaSignerInfoGeneratorBuilder
-    extends SignerInfoGeneratorBuilder
-{
-    public JcaSignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider)
-    {
-        super(digestProvider);
-    }
-
-    /**
-     * If the passed in flag is true, the signer signature will be based on the data, not
-     * a collection of signed attributes, and no signed attributes will be included.
-     *
-     * @return the builder object
-     */
-    public SignerInfoGeneratorBuilder setDirectSignature(boolean hasNoSignedAttributes)
-    {
-        super.setDirectSignature(hasNoSignedAttributes);
-
-        return this;
-    }
-
-    public SignerInfoGeneratorBuilder setSignedAttributeGenerator(CMSAttributeTableGenerator signedGen)
-    {
-        super.setSignedAttributeGenerator(signedGen);
-
-        return this;
-    }
-
-    public SignerInfoGeneratorBuilder setUnsignedAttributeGenerator(CMSAttributeTableGenerator unsignedGen)
-    {
-        super.setUnsignedAttributeGenerator(unsignedGen);
-
-        return this;
-    }
-
-    public SignerInfoGenerator build(ContentSigner contentSigner, X509Certificate certificate)
-        throws OperatorCreationException, CertificateEncodingException
-    {
-        return super.build(contentSigner, new JcaX509CertificateHolder(certificate));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java
deleted file mode 100644
index 0de417aa5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java
+++ /dev/null
@@ -1,202 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSAttributeTableGenerator;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.SignerInfoGenerator;
-import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-
-/**
- * Use this class if you are using a provider that has all the facilities you
- * need.
- * 

- * For example:
- * 
- *      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- *      ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate());
- *
- *      gen.addSignerInfoGenerator(
- *                new JcaSignerInfoGeneratorBuilder(
- *                     new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
- *                     .build(sha1Signer, signCert));
- * 

- * becomes:
- * 
- *      CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- *
- *      gen.addSignerInfoGenerator(
- *                new JcaSimpleSignerInfoGeneratorBuilder()
- *                     .setProvider("BC")
- *                     .build("SHA1withRSA", signKP.getPrivate(), signCert));
- * 

- */
-public class JcaSimpleSignerInfoGeneratorBuilder
-{
-    private Helper helper;
-
-    private boolean hasNoSignedAttributes;
-    private CMSAttributeTableGenerator signedGen;
-    private CMSAttributeTableGenerator unsignedGen;
-
-    public JcaSimpleSignerInfoGeneratorBuilder()
-        throws OperatorCreationException
-    {
-        this.helper = new Helper();
-    }
-
-    public JcaSimpleSignerInfoGeneratorBuilder setProvider(String providerName)
-        throws OperatorCreationException
-    {
-        this.helper = new NamedHelper(providerName);
-
-        return this;
-    }
-
-    public JcaSimpleSignerInfoGeneratorBuilder setProvider(Provider provider)
-        throws OperatorCreationException
-    {
-        this.helper = new ProviderHelper(provider);
-
-        return this;
-    }
-
-    /**
-     * If the passed in flag is true, the signer signature will be based on the data, not
-     * a collection of signed attributes, and no signed attributes will be included.
-     *
-     * @return the builder object
-     */
-    public JcaSimpleSignerInfoGeneratorBuilder setDirectSignature(boolean hasNoSignedAttributes)
-    {
-        this.hasNoSignedAttributes = hasNoSignedAttributes;
-
-        return this;
-    }
-
-    public JcaSimpleSignerInfoGeneratorBuilder setSignedAttributeGenerator(CMSAttributeTableGenerator signedGen)
-    {
-        this.signedGen = signedGen;
-
-        return this;
-    }
-
-    /**
-     * set up a DefaultSignedAttributeTableGenerator primed with the passed in AttributeTable.
-     *
-     * @param attrTable table of attributes for priming generator
-     * @return this.
-     */
-    public JcaSimpleSignerInfoGeneratorBuilder setSignedAttributeGenerator(AttributeTable attrTable)
-    {
-        this.signedGen = new DefaultSignedAttributeTableGenerator(attrTable);
-
-        return this;
-    }
-
-    public JcaSimpleSignerInfoGeneratorBuilder setUnsignedAttributeGenerator(CMSAttributeTableGenerator unsignedGen)
-    {
-        this.unsignedGen = unsignedGen;
-
-        return this;
-    }
-
-    public SignerInfoGenerator build(String algorithmName, PrivateKey privateKey, X509Certificate certificate)
-        throws OperatorCreationException, CertificateEncodingException
-    {
-        ContentSigner contentSigner = helper.createContentSigner(algorithmName, privateKey);
-
-        return configureAndBuild().build(contentSigner, new JcaX509CertificateHolder(certificate));
-    }
-
-    public SignerInfoGenerator build(String algorithmName, PrivateKey privateKey, byte[] keyIdentifier)
-        throws OperatorCreationException, CertificateEncodingException
-    {
-        ContentSigner contentSigner = helper.createContentSigner(algorithmName, privateKey);
-
-        return configureAndBuild().build(contentSigner, keyIdentifier);
-    }
-
-    private SignerInfoGeneratorBuilder configureAndBuild()
-        throws OperatorCreationException
-    {
-        SignerInfoGeneratorBuilder infoGeneratorBuilder = new SignerInfoGeneratorBuilder(helper.createDigestCalculatorProvider());
-
-        infoGeneratorBuilder.setDirectSignature(hasNoSignedAttributes);
-        infoGeneratorBuilder.setSignedAttributeGenerator(signedGen);
-        infoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedGen);
-
-        return infoGeneratorBuilder;
-    }
-
-    private class Helper
-    {
-        ContentSigner createContentSigner(String algorithm, PrivateKey privateKey)
-            throws OperatorCreationException
-        {
-            return new JcaContentSignerBuilder(algorithm).build(privateKey);
-        }
-
-        DigestCalculatorProvider createDigestCalculatorProvider()
-            throws OperatorCreationException
-        {
-            return new JcaDigestCalculatorProviderBuilder().build();
-        }
-    }
-
-    private class NamedHelper
-        extends Helper
-    {
-        private final String providerName;
-
-        public NamedHelper(String providerName)
-        {
-            this.providerName = providerName;
-        }
-
-        ContentSigner createContentSigner(String algorithm, PrivateKey privateKey)
-            throws OperatorCreationException
-        {
-            return new JcaContentSignerBuilder(algorithm).setProvider(providerName).build(privateKey);
-        }
-
-        DigestCalculatorProvider createDigestCalculatorProvider()
-            throws OperatorCreationException
-        {
-            return new JcaDigestCalculatorProviderBuilder().setProvider(providerName).build();
-        }
-    }
-
-    private class ProviderHelper
-        extends Helper
-    {
-        private final Provider provider;
-
-        public ProviderHelper(Provider provider)
-        {
-            this.provider = provider;
-        }
-
-        ContentSigner createContentSigner(String algorithm, PrivateKey privateKey)
-            throws OperatorCreationException
-        {
-            return new JcaContentSignerBuilder(algorithm).setProvider(provider).build(privateKey);
-        }
-
-        DigestCalculatorProvider createDigestCalculatorProvider()
-            throws OperatorCreationException
-        {
-            return new JcaDigestCalculatorProviderBuilder().setProvider(provider).build();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java
deleted file mode 100644
index 33340a493..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java
+++ /dev/null
@@ -1,148 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.SignerInformationVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-
-public class JcaSimpleSignerInfoVerifierBuilder
-{
-    private Helper helper = new Helper();
-
-    public JcaSimpleSignerInfoVerifierBuilder setProvider(Provider provider)
-    {
-        this.helper = new ProviderHelper(provider);
-
-        return this;
-    }
-
-    public JcaSimpleSignerInfoVerifierBuilder setProvider(String providerName)
-    {
-        this.helper = new NamedHelper(providerName);
-
-        return this;
-    }
-
-    public SignerInformationVerifier build(X509CertificateHolder certHolder)
-        throws OperatorCreationException, CertificateException
-    {
-        return new SignerInformationVerifier(helper.createContentVerifierProvider(certHolder), helper.createDigestCalculatorProvider());
-    }
-
-    public SignerInformationVerifier build(X509Certificate certificate)
-        throws OperatorCreationException
-    {
-        return new SignerInformationVerifier(helper.createContentVerifierProvider(certificate), helper.createDigestCalculatorProvider());
-    }
-
-    public SignerInformationVerifier build(PublicKey pubKey)
-        throws OperatorCreationException
-    {
-        return new SignerInformationVerifier(helper.createContentVerifierProvider(pubKey), helper.createDigestCalculatorProvider());
-    }
-
-    private class Helper
-    {
-        ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey)
-            throws OperatorCreationException
-        {
-            return new JcaContentVerifierProviderBuilder().build(publicKey);
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate)
-            throws OperatorCreationException
-        {
-            return new JcaContentVerifierProviderBuilder().build(certificate);
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder)
-            throws OperatorCreationException, CertificateException
-        {
-            return new JcaContentVerifierProviderBuilder().build(certHolder);
-        }
-
-        DigestCalculatorProvider createDigestCalculatorProvider()
-            throws OperatorCreationException
-        {
-            return new JcaDigestCalculatorProviderBuilder().build();
-        }
-    }
-
-    private class NamedHelper
-        extends Helper
-    {
-        private final String providerName;
-
-        public NamedHelper(String providerName)
-        {
-            this.providerName = providerName;
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey)
-            throws OperatorCreationException
-        {
-            return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(publicKey);
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate)
-            throws OperatorCreationException
-        {
-            return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(certificate);
-        }
-
-        DigestCalculatorProvider createDigestCalculatorProvider()
-            throws OperatorCreationException
-        {
-            return new JcaDigestCalculatorProviderBuilder().setProvider(providerName).build();
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder)
-            throws OperatorCreationException, CertificateException
-        {
-            return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(certHolder);
-        }
-    }
-
-    private class ProviderHelper
-        extends Helper
-    {
-        private final Provider provider;
-
-        public ProviderHelper(Provider provider)
-        {
-            this.provider = provider;
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey)
-            throws OperatorCreationException
-        {
-            return new JcaContentVerifierProviderBuilder().setProvider(provider).build(publicKey);
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate)
-            throws OperatorCreationException
-        {
-            return new JcaContentVerifierProviderBuilder().setProvider(provider).build(certificate);
-        }
-
-        DigestCalculatorProvider createDigestCalculatorProvider()
-            throws OperatorCreationException
-        {
-            return new JcaDigestCalculatorProviderBuilder().setProvider(provider).build();
-        }
-
-        ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder)
-            throws OperatorCreationException, CertificateException
-        {
-            return new JcaContentVerifierProviderBuilder().setProvider(provider).build(certHolder);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java
deleted file mode 100644
index 26423ebfd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherOutputStream;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OutputEncryptor;
-
-public class JceCMSContentEncryptorBuilder
-{
-    private final ASN1ObjectIdentifier encryptionOID;
-    private final int                  keySize;
-
-    private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    private SecureRandom random;
-
-    public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID)
-    {
-        this(encryptionOID, -1);
-    }
-
-    public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize)
-    {
-        this.encryptionOID = encryptionOID;
-        this.keySize = keySize;
-    }
-
-    public JceCMSContentEncryptorBuilder setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceCMSContentEncryptorBuilder setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JceCMSContentEncryptorBuilder setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public OutputEncryptor build()
-        throws CMSException
-    {
-        return new CMSOutputEncryptor(encryptionOID, keySize, random);
-    }
-
-    private class CMSOutputEncryptor
-        implements OutputEncryptor
-    {
-        private SecretKey encKey;
-        private AlgorithmIdentifier algorithmIdentifier;
-        private Cipher              cipher;
-
-        CMSOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random)
-            throws CMSException
-        {
-            KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID);
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            if (keySize < 0)
-            {
-                keyGen.init(random);
-            }
-            else
-            {
-                keyGen.init(keySize, random);
-            }
-
-            cipher = helper.createCipher(encryptionOID);
-            encKey = keyGen.generateKey();
-            AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random);
-
-            try
-            {
-                cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CMSException("unable to initialize cipher: " + e.getMessage(), e);
-            }
-
-            //
-            // If params are null we try and second guess on them as some providers don't provide
-            // algorithm parameter generation explicity but instead generate them under the hood.
-            //
-            if (params == null)
-            {
-                params = cipher.getParameters();
-            }
-
-            algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params);
-        }
-
-        public AlgorithmIdentifier getAlgorithmIdentifier()
-        {
-            return algorithmIdentifier;
-        }
-
-        public OutputStream getOutputStream(OutputStream dOut)
-        {
-            return new CipherOutputStream(dOut, cipher);
-        }
-
-        public GenericKey getKey()
-        {
-            return new GenericKey(encKey);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java
deleted file mode 100644
index 7007225cd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java
+++ /dev/null
@@ -1,158 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.jcajce.io.MacOutputStream;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-
-public class JceCMSMacCalculatorBuilder
-{
-    private final ASN1ObjectIdentifier macOID;
-    private final int                  keySize;
-
-    private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    private SecureRandom random;
-    private MacOutputStream macOutputStream;
-
-    public JceCMSMacCalculatorBuilder(ASN1ObjectIdentifier macOID)
-    {
-        this(macOID, -1);
-    }
-
-    public JceCMSMacCalculatorBuilder(ASN1ObjectIdentifier macOID, int keySize)
-    {
-        this.macOID = macOID;
-        this.keySize = keySize;
-    }
-
-    public JceCMSMacCalculatorBuilder setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceCMSMacCalculatorBuilder setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JceCMSMacCalculatorBuilder setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public MacCalculator build()
-        throws CMSException
-    {
-        return new CMSOutputEncryptor(macOID, keySize, random);
-    }
-
-    private class CMSOutputEncryptor
-        implements MacCalculator
-    {
-        private SecretKey encKey;
-        private AlgorithmIdentifier algorithmIdentifier;
-        private Mac mac;
-        private SecureRandom random;
-
-        CMSOutputEncryptor(ASN1ObjectIdentifier macOID, int keySize, SecureRandom random)
-            throws CMSException
-        {
-            KeyGenerator keyGen = helper.createKeyGenerator(macOID);
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            this.random = random;
-
-            if (keySize < 0)
-            {
-                keyGen.init(random);
-            }
-            else
-            {
-                keyGen.init(keySize, random);
-            }
-
-            encKey = keyGen.generateKey();
-
-            AlgorithmParameterSpec paramSpec = generateParameterSpec(macOID, encKey);
-
-            algorithmIdentifier = helper.getAlgorithmIdentifier(macOID, paramSpec);
-            mac = helper.createContentMac(encKey, algorithmIdentifier);
-        }
-
-        public AlgorithmIdentifier getAlgorithmIdentifier()
-        {
-            return algorithmIdentifier;
-        }
-
-        public OutputStream getOutputStream()
-        {
-            return new MacOutputStream(mac);
-        }
-
-        public byte[] getMac()
-        {
-            return mac.doFinal();
-        }
-
-        public GenericKey getKey()
-        {
-            return new GenericKey(encKey);
-        }
-
-        protected AlgorithmParameterSpec generateParameterSpec(ASN1ObjectIdentifier macOID, SecretKey encKey)
-            throws CMSException
-        {
-            try
-            {
-                if (macOID.equals(PKCSObjectIdentifiers.RC2_CBC))
-                {
-                    byte[] iv = new byte[8];
-
-                    random.nextBytes(iv);
-
-                    return new RC2ParameterSpec(encKey.getEncoded().length * 8, iv);
-                }
-
-                AlgorithmParameterGenerator pGen = helper.createAlgorithmParameterGenerator(macOID);
-
-                AlgorithmParameters p = pGen.generateParameters();
-
-                return p.getParameterSpec(IvParameterSpec.class);
-            }
-            catch (GeneralSecurityException e)
-            {
-                return null;
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java
deleted file mode 100644
index b47719f30..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.security.Key;
-
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.jcajce.io.MacOutputStream;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-
-
-/**
- * the KeyTransRecipientInformation class for a recipient who has been sent a secret
- * key encrypted using their public key that needs to be used to
- * extract the message.
- */
-public class JceKEKAuthenticatedRecipient
-    extends JceKEKRecipient
-{
-    public JceKEKAuthenticatedRecipient(SecretKey recipientKey)
-    {
-        super(recipientKey);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, encryptedContentEncryptionKey);
-
-        final Mac dataMac = contentHelper.createContentMac(secretKey, contentMacAlgorithm);
-
-        return new RecipientOperator(new MacCalculator()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentMacAlgorithm;
-            }
-
-            public GenericKey getKey()
-            {
-                return new GenericKey(secretKey);
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return new MacOutputStream(dataMac);
-            }
-
-            public byte[] getMac()
-            {
-                return dataMac.doFinal();
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java
deleted file mode 100644
index a72937942..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.InputStream;
-import java.security.Key;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.operator.InputDecryptor;
-
-public class JceKEKEnvelopedRecipient
-    extends JceKEKRecipient
-{
-    public JceKEKEnvelopedRecipient(SecretKey recipientKey)
-    {
-        super(recipientKey);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey);
-
-        final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm);
-
-        return new RecipientOperator(new InputDecryptor()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentEncryptionAlgorithm;
-            }
-
-            public InputStream getInputStream(InputStream dataOut)
-            {
-                return new CipherInputStream(dataOut, dataCipher);
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java
deleted file mode 100644
index 42191352c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java
+++ /dev/null
@@ -1,98 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.Key;
-import java.security.Provider;
-
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.KEKRecipient;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.OperatorException;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-
-public abstract class JceKEKRecipient
-    implements KEKRecipient
-{
-    private SecretKey recipientKey;
-
-    protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    protected EnvelopedDataHelper contentHelper = helper;
-
-    public JceKEKRecipient(SecretKey recipientKey)
-    {
-        this.recipientKey = recipientKey;
-    }
-
-    /**
-     * Set the provider to use for key recovery and content processing.
-     *
-     * @param provider provider to use.
-     * @return this recipient.
-     */
-    public JceKEKRecipient setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-        this.contentHelper = helper;
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for key recovery and content processing.
-     *
-     * @param providerName the name of the provider to use.
-     * @return this recipient.
-     */
-    public JceKEKRecipient setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-        this.contentHelper = helper;
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for content processing.
-     *
-     * @param provider the provider to use.
-     * @return this recipient.
-     */
-    public JceKEKRecipient setContentProvider(Provider provider)
-    {
-        this.contentHelper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for content processing.
-     *
-     * @param providerName the name of the provider to use.
-     * @return this recipient.
-     */
-    public JceKEKRecipient setContentProvider(String providerName)
-    {
-        this.contentHelper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        SymmetricKeyUnwrapper unwrapper = helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey);
-
-        try
-        {
-            return CMSUtils.getJceKey(unwrapper.generateUnwrappedKey(contentEncryptionAlgorithm, encryptedContentEncryptionKey));
-        }
-        catch (OperatorException e)
-        {
-            throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java
deleted file mode 100644
index 15ec8ffda..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.cms.KEKIdentifier;
-import org.bouncycastle.cms.KEKRecipientInfoGenerator;
-import org.bouncycastle.operator.jcajce.JceSymmetricKeyWrapper;
-
-public class JceKEKRecipientInfoGenerator
-    extends KEKRecipientInfoGenerator
-{
-    public JceKEKRecipientInfoGenerator(KEKIdentifier kekIdentifier, SecretKey keyEncryptionKey)
-    {
-        super(kekIdentifier, new JceSymmetricKeyWrapper(keyEncryptionKey));
-    }
-
-    public JceKEKRecipientInfoGenerator(byte[] keyIdentifier, SecretKey keyEncryptionKey)
-    {
-        this(new KEKIdentifier(keyIdentifier, null, null), keyEncryptionKey);
-    }
-
-    public JceKEKRecipientInfoGenerator setProvider(Provider provider)
-    {
-        ((JceSymmetricKeyWrapper)this.wrapper).setProvider(provider);
-
-        return this;
-    }
-
-    public JceKEKRecipientInfoGenerator setProvider(String providerName)
-    {
-        ((JceSymmetricKeyWrapper)this.wrapper).setProvider(providerName);
-
-        return this;
-    }
-
-    public JceKEKRecipientInfoGenerator setSecureRandom(SecureRandom random)
-    {
-        ((JceSymmetricKeyWrapper)this.wrapper).setSecureRandom(random);
-
-        return this;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java
deleted file mode 100644
index f143b70a2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.security.Key;
-import java.security.PrivateKey;
-
-import javax.crypto.Mac;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.jcajce.io.MacOutputStream;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-
-public class JceKeyAgreeAuthenticatedRecipient
-    extends JceKeyAgreeRecipient
-{
-    public JceKeyAgreeAuthenticatedRecipient(PrivateKey recipientKey)
-    {
-        super(recipientKey);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey)
-        throws CMSException
-    {
-        final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey);
-
-        final Mac dataMac = contentHelper.createContentMac(secretKey, contentMacAlgorithm);
-
-        return new RecipientOperator(new MacCalculator()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentMacAlgorithm;
-            }
-
-            public GenericKey getKey()
-            {
-                return new GenericKey(secretKey);
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return new MacOutputStream(dataMac);
-            }
-
-            public byte[] getMac()
-            {
-                return dataMac.doFinal();
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java
deleted file mode 100644
index fe647d7d8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.InputStream;
-import java.security.Key;
-import java.security.PrivateKey;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.operator.InputDecryptor;
-
-public class JceKeyAgreeEnvelopedRecipient
-    extends JceKeyAgreeRecipient
-{
-    public JceKeyAgreeEnvelopedRecipient(PrivateKey recipientKey)
-    {
-        super(recipientKey);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey)
-        throws CMSException
-    {
-        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey);
-
-        final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm);
-
-        return new RecipientOperator(new InputDecryptor()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentEncryptionAlgorithm;
-            }
-
-            public InputStream getInputStream(InputStream dataOut)
-            {
-                return new CipherInputStream(dataOut, dataCipher);
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java
deleted file mode 100644
index 34669f229..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java
+++ /dev/null
@@ -1,185 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cms.CMSEnvelopedGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.KeyAgreeRecipient;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.jce.spec.MQVPrivateKeySpec;
-import org.bouncycastle.jce.spec.MQVPublicKeySpec;
-
-public abstract class JceKeyAgreeRecipient
-    implements KeyAgreeRecipient
-{
-    private PrivateKey recipientKey;
-    protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    protected EnvelopedDataHelper contentHelper = helper;
-
-    public JceKeyAgreeRecipient(PrivateKey recipientKey)
-    {
-        this.recipientKey = recipientKey;
-    }
-
-    /**
-     * Set the provider to use for key recovery and content processing.
-     *
-     * @param provider provider to use.
-     * @return this recipient.
-     */
-    public JceKeyAgreeRecipient setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-        this.contentHelper = helper;
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for key recovery and content processing.
-     *
-     * @param providerName the name of the provider to use.
-     * @return this recipient.
-     */
-    public JceKeyAgreeRecipient setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-        this.contentHelper = helper;
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for content processing.
-     *
-     * @param provider the provider to use.
-     * @return this recipient.
-     */
-    public JceKeyAgreeRecipient setContentProvider(Provider provider)
-    {
-        this.contentHelper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for content processing.
-     *
-     * @param providerName the name of the provider to use.
-     * @return this recipient.
-     */
-    public JceKeyAgreeRecipient setContentProvider(String providerName)
-    {
-        this.contentHelper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    private SecretKey calculateAgreedWrapKey(AlgorithmIdentifier keyEncAlg, ASN1ObjectIdentifier wrapAlg,
-        PublicKey senderPublicKey, ASN1OctetString userKeyingMaterial, PrivateKey receiverPrivateKey)
-        throws CMSException, GeneralSecurityException, IOException
-    {
-        String agreeAlg = keyEncAlg.getAlgorithm().getId();
-
-        if (agreeAlg.equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF))
-        {
-            byte[] ukmEncoding = userKeyingMaterial.getOctets();
-            MQVuserKeyingMaterial ukm = MQVuserKeyingMaterial.getInstance(
-                ASN1Object.fromByteArray(ukmEncoding));
-
-            SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(
-                                                getPrivateKeyAlgorithmIdentifier(),
-                                                ukm.getEphemeralPublicKey().getPublicKey().getBytes());
-
-            X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
-            KeyFactory fact = helper.createKeyFactory(keyEncAlg.getAlgorithm());
-            PublicKey ephemeralKey = fact.generatePublic(pubSpec);
-
-            senderPublicKey = new MQVPublicKeySpec(senderPublicKey, ephemeralKey);
-            receiverPrivateKey = new MQVPrivateKeySpec(receiverPrivateKey, receiverPrivateKey);
-        }
-
-        KeyAgreement agreement = helper.createKeyAgreement(keyEncAlg.getAlgorithm());
-
-        agreement.init(receiverPrivateKey);
-        agreement.doPhase(senderPublicKey, true);
-
-        return agreement.generateSecret(wrapAlg.getId());
-    }
-
-    private Key unwrapSessionKey(ASN1ObjectIdentifier wrapAlg, SecretKey agreedKey, ASN1ObjectIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CMSException, InvalidKeyException, NoSuchAlgorithmException
-    {
-        Cipher keyCipher = helper.createCipher(wrapAlg);
-        keyCipher.init(Cipher.UNWRAP_MODE, agreedKey);
-        return keyCipher.unwrap(encryptedContentEncryptionKey, helper.getBaseCipherName(contentEncryptionAlgorithm), Cipher.SECRET_KEY);
-    }
-
-    protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        try
-        {
-            ASN1ObjectIdentifier wrapAlg =
-                AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters()).getAlgorithm();
-
-            X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded());
-            KeyFactory fact = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm());
-            PublicKey senderPublicKey = fact.generatePublic(pubSpec);
-
-            SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg,
-                senderPublicKey, userKeyingMaterial, recipientKey);
-
-            return unwrapSessionKey(wrapAlg, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new CMSException("can't find algorithm.", e);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new CMSException("key invalid in message.", e);
-        }
-        catch (InvalidKeySpecException e)
-        {
-            throw new CMSException("originator key spec invalid.", e);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new CMSException("required padding not supported.", e);
-        }
-        catch (Exception e)
-        {
-            throw new CMSException("originator key invalid.", e);
-        }
-    }
-
-    public AlgorithmIdentifier getPrivateKeyAlgorithmIdentifier()
-    {
-        return PrivateKeyInfo.getInstance(recipientKey.getEncoded()).getAlgorithmId();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java
deleted file mode 100644
index 56911bec5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cms.KeyAgreeRecipientId;
-
-public class JceKeyAgreeRecipientId
-    extends KeyAgreeRecipientId
-{
-    public JceKeyAgreeRecipientId(X509Certificate certificate)
-    {
-        this(certificate.getIssuerX500Principal(), certificate.getSerialNumber());
-    }
-
-    public JceKeyAgreeRecipientId(X500Principal issuer, BigInteger serialNumber)
-    {
-        super(X500Name.getInstance(issuer.getEncoded()), serialNumber);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java
deleted file mode 100644
index 60a62d2cf..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java
+++ /dev/null
@@ -1,219 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
-import org.bouncycastle.asn1.cms.RecipientEncryptedKey;
-import org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
-import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.jce.spec.MQVPrivateKeySpec;
-import org.bouncycastle.jce.spec.MQVPublicKeySpec;
-import org.bouncycastle.operator.GenericKey;
-
-public class JceKeyAgreeRecipientInfoGenerator
-    extends KeyAgreeRecipientInfoGenerator
-{
-    private List recipientIDs = new ArrayList();
-    private List recipientKeys = new ArrayList();
-    private PublicKey senderPublicKey;
-    private PrivateKey senderPrivateKey;
-
-    private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    private SecureRandom random;
-    private KeyPair ephemeralKP;
-
-    public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, PrivateKey senderPrivateKey, PublicKey senderPublicKey, ASN1ObjectIdentifier keyEncryptionOID)
-        throws CMSException
-    {
-        super(keyAgreementOID, SubjectPublicKeyInfo.getInstance(senderPublicKey.getEncoded()), keyEncryptionOID);
-
-        this.senderPublicKey = senderPublicKey;
-        this.senderPrivateKey = senderPrivateKey;
-    }
-
-    public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceKeyAgreeRecipientInfoGenerator setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    /**
-     * Add a recipient based on the passed in certificate's public key and its issuer and serial number.
-     * 
-     * @param recipientCert recipient's certificate
-     * @return the current instance.
-     * @throws CertificateEncodingException  if the necessary data cannot be extracted from the certificate.
-     */
-    public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate recipientCert)
-        throws CertificateEncodingException
-    {
-        recipientIDs.add(new KeyAgreeRecipientIdentifier(CMSUtils.getIssuerAndSerialNumber(recipientCert)));
-        recipientKeys.add(recipientCert.getPublicKey());
-
-        return this;
-    }
-
-    /**
-     * Add a recipient identified by the passed in subjectKeyID and the for the passed in public key.
-     *
-     * @param subjectKeyID identifier actual recipient will use to match the private key.
-     * @param publicKey the public key for encrypting the secret key.
-     * @return the current instance.
-     * @throws CertificateEncodingException
-     */
-    public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] subjectKeyID, PublicKey publicKey)
-        throws CertificateEncodingException
-    {
-        recipientIDs.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(subjectKeyID)));
-        recipientKeys.add(publicKey);
-
-        return this;
-    }
-
-    public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey)
-        throws CMSException
-    {
-        init(keyAgreeAlgorithm.getAlgorithm());
-
-        PrivateKey senderPrivateKey = this.senderPrivateKey;
-
-        ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();
-
-        if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF))
-        {           
-            senderPrivateKey = new MQVPrivateKeySpec(
-                senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic());
-        }
-
-        ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
-        for (int i = 0; i != recipientIDs.size(); i++)
-        {
-            PublicKey recipientPublicKey = (PublicKey)recipientKeys.get(i);
-            KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier)recipientIDs.get(i);
-
-            if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF))
-            {
-                recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey);
-            }
-
-            try
-            {
-                // Use key agreement to choose a wrap key for this recipient
-                KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID);
-                keyAgreement.init(senderPrivateKey, random);
-                keyAgreement.doPhase(recipientPublicKey, true);
-                SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId());
-
-                // Wrap the content encryption key with the agreement key
-                Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm());
-
-                keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
-
-                byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(CMSUtils.getJceKey(contentEncryptionKey));
-
-                ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
-
-                recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey));
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new CMSException("cannot perform agreement step: " + e.getMessage(), e);
-            }
-        }
-
-        return new DERSequence(recipientEncryptedKeys);
-    }
-
-    protected ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlg)
-        throws CMSException
-    {
-        init(keyAgreeAlg.getAlgorithm());
-
-        if (ephemeralKP != null)
-        {
-            return new MQVuserKeyingMaterial(
-                        createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(ephemeralKP.getPublic().getEncoded())), null);
-        }
-
-        return null;
-    }
-
-    private void init(ASN1ObjectIdentifier keyAgreementOID)
-        throws CMSException
-    {
-        if (random == null)
-        {
-            random = new SecureRandom();
-        }
-
-        if (keyAgreementOID.equals(CMSAlgorithm.ECMQV_SHA1KDF))
-        {
-            if (ephemeralKP == null)
-            {
-                try
-                {
-                    ECParameterSpec ecParamSpec = ((ECPublicKey)senderPublicKey).getParams();
-
-                    KeyPairGenerator ephemKPG = helper.createKeyPairGenerator(keyAgreementOID);
-
-                    ephemKPG.initialize(ecParamSpec, random);
-
-                    ephemeralKP = ephemKPG.generateKeyPair();
-                }
-                catch (InvalidAlgorithmParameterException e)
-                {
-                    throw new CMSException(
-                        "cannot determine MQV ephemeral key pair parameters from public key: " + e);
-                }
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java
deleted file mode 100644
index f15aadb0a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.security.Key;
-import java.security.PrivateKey;
-
-import javax.crypto.Mac;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.jcajce.io.MacOutputStream;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-
-
-/**
- * the KeyTransRecipientInformation class for a recipient who has been sent a secret
- * key encrypted using their public key that needs to be used to
- * extract the message.
- */
-public class JceKeyTransAuthenticatedRecipient
-    extends JceKeyTransRecipient
-{
-    public JceKeyTransAuthenticatedRecipient(PrivateKey recipientKey)
-    {
-        super(recipientKey);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, encryptedContentEncryptionKey);
-
-        final Mac dataMac = contentHelper.createContentMac(secretKey, contentMacAlgorithm);
-
-        return new RecipientOperator(new MacCalculator()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentMacAlgorithm;
-            }
-
-            public GenericKey getKey()
-            {
-                return new GenericKey(secretKey);
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return new MacOutputStream(dataMac);
-            }
-
-            public byte[] getMac()
-            {
-                return dataMac.doFinal();
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java
deleted file mode 100644
index 1bc0188f5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.InputStream;
-import java.security.Key;
-import java.security.PrivateKey;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.operator.InputDecryptor;
-
-public class JceKeyTransEnvelopedRecipient
-    extends JceKeyTransRecipient
-{
-    public JceKeyTransEnvelopedRecipient(PrivateKey recipientKey)
-    {
-        super(recipientKey);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey);
-
-        final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm);
-
-        return new RecipientOperator(new InputDecryptor()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentEncryptionAlgorithm;
-            }
-
-            public InputStream getInputStream(InputStream dataIn)
-            {
-                return new CipherInputStream(dataIn, dataCipher);
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java
deleted file mode 100644
index 8a0cd4d50..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java
+++ /dev/null
@@ -1,97 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.Key;
-import java.security.PrivateKey;
-import java.security.Provider;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.KeyTransRecipient;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.OperatorException;
-
-public abstract class JceKeyTransRecipient
-    implements KeyTransRecipient
-{
-    private PrivateKey recipientKey;
-
-    protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    protected EnvelopedDataHelper contentHelper = helper;
-
-    public JceKeyTransRecipient(PrivateKey recipientKey)
-    {
-        this.recipientKey = recipientKey;
-    }
-
-    /**
-     * Set the provider to use for key recovery and content processing.
-     *
-     * @param provider provider to use.
-     * @return this recipient.
-     */
-    public JceKeyTransRecipient setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-        this.contentHelper = helper;
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for key recovery and content processing.
-     *
-     * @param providerName the name of the provider to use.
-     * @return this recipient.
-     */
-    public JceKeyTransRecipient setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-        this.contentHelper = helper;
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for content processing.
-     *
-     * @param provider the provider to use.
-     * @return this recipient.
-     */
-    public JceKeyTransRecipient setContentProvider(Provider provider)
-    {
-        this.contentHelper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    /**
-     * Set the provider to use for content processing.
-     *
-     * @param providerName the name of the provider to use.
-     * @return this recipient.
-     */
-    public JceKeyTransRecipient setContentProvider(String providerName)
-    {
-        this.contentHelper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey)
-        throws CMSException
-    {
-        AsymmetricKeyUnwrapper unwrapper = helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey);
-
-        try
-        {
-            return CMSUtils.getJceKey(unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey));
-        }
-        catch (OperatorException e)
-        {
-            throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java
deleted file mode 100644
index cd09d38ed..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cms.KeyTransRecipientId;
-
-public class JceKeyTransRecipientId
-    extends KeyTransRecipientId
-{
-    public JceKeyTransRecipientId(X509Certificate certificate)
-    {
-        this(certificate.getIssuerX500Principal(), certificate.getSerialNumber());
-    }
-
-    public JceKeyTransRecipientId(X500Principal issuer, BigInteger serialNumber)
-    {
-        super(X500Name.getInstance(issuer.getEncoded()), serialNumber);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java
deleted file mode 100644
index 732b59306..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.KeyTransRecipientInfoGenerator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;
-
-public class JceKeyTransRecipientInfoGenerator
-    extends KeyTransRecipientInfoGenerator
-{
-    public JceKeyTransRecipientInfoGenerator(X509Certificate recipientCert)
-        throws CertificateEncodingException
-    {
-        super(new JcaX509CertificateHolder(recipientCert).getIssuerAndSerialNumber(), new JceAsymmetricKeyWrapper(recipientCert.getPublicKey()));
-    }
-
-    public JceKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, PublicKey publicKey)
-    {
-        super(subjectKeyIdentifier, new JceAsymmetricKeyWrapper(publicKey));
-    }
-
-    public JceKeyTransRecipientInfoGenerator setProvider(String providerName)
-        throws OperatorCreationException
-    {
-        ((JceAsymmetricKeyWrapper)this.wrapper).setProvider(providerName);
-
-        return this;
-    }
-
-    public JceKeyTransRecipientInfoGenerator setProvider(Provider provider)
-        throws OperatorCreationException
-    {
-        ((JceAsymmetricKeyWrapper)this.wrapper).setProvider(provider);
-
-        return this;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java
deleted file mode 100644
index f50fe48f8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.security.Key;
-
-import javax.crypto.Mac;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.jcajce.io.MacOutputStream;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.MacCalculator;
-
-public class JcePasswordAuthenticatedRecipient
-    extends JcePasswordRecipient
-{
-    public JcePasswordAuthenticatedRecipient(char[] password)
-    {
-        super(password);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, derivedKey, encryptedContentEncryptionKey);
-
-        final Mac dataMac = helper.createContentMac(secretKey, contentMacAlgorithm);
-
-        return new RecipientOperator(new MacCalculator()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentMacAlgorithm;
-            }
-
-            public GenericKey getKey()
-            {
-                return new GenericKey(secretKey);
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return new MacOutputStream(dataMac);
-            }
-
-            public byte[] getMac()
-            {
-                return dataMac.doFinal();
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java
deleted file mode 100644
index be741db4c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.InputStream;
-import java.security.Key;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.operator.InputDecryptor;
-
-public class JcePasswordEnvelopedRecipient
-    extends JcePasswordRecipient
-{
-    public JcePasswordEnvelopedRecipient(char[] password)
-    {
-        super(password);
-    }
-
-    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, derivedKey, encryptedContentEncryptionKey);
-
-        final Cipher dataCipher = helper.createContentCipher(secretKey, contentEncryptionAlgorithm);
-
-        return new RecipientOperator(new InputDecryptor()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentEncryptionAlgorithm;
-            }
-
-            public InputStream getInputStream(InputStream dataOut)
-            {
-                return new CipherInputStream(dataOut, dataCipher);
-            }
-        });
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java
deleted file mode 100644
index 61742e1ae..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java
+++ /dev/null
@@ -1,85 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.Provider;
-
-import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.PasswordRecipient;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-
-/**
- * the RecipientInfo class for a recipient who has been sent a message
- * encrypted using a password.
- */
-public abstract class JcePasswordRecipient
-    implements PasswordRecipient
-{
-    private int schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8;
-    protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-    private char[] password;
-
-    JcePasswordRecipient(
-        char[] password)
-    {
-        this.password = password;
-    }
-
-    public JcePasswordRecipient setPasswordConversionScheme(int schemeID)
-    {
-        this.schemeID = schemeID;
-
-        return this;
-    }
-
-    public JcePasswordRecipient setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JcePasswordRecipient setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey)
-        throws CMSException
-    {
-        Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm());
-
-        try
-        {
-            IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets());
-
-            keyEncryptionCipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec);
-
-            return keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot process content encryption key: " + e.getMessage(), e);
-        }
-    }
-
-    public int getPasswordConversionScheme()
-    {
-        return schemeID;
-    }
-
-    public char[] getPassword()
-    {
-        return password;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java
deleted file mode 100644
index 526fe0151..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.Provider;
-
-import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.PasswordRecipientInfoGenerator;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.GenericKey;
-
-public class JcePasswordRecipientInfoGenerator
-    extends PasswordRecipientInfoGenerator
-{
-    private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceHelper());
-
-    public JcePasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password)
-    {
-        super(kekAlgorithm, password);
-    }
-
-    public JcePasswordRecipientInfoGenerator setProvider(Provider provider)
-    {
-        this.helper = new EnvelopedDataHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JcePasswordRecipientInfoGenerator setProvider(String providerName)
-    {
-        this.helper = new EnvelopedDataHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey)
-        throws CMSException
-    {
-        Key contentEncryptionKeySpec = CMSUtils.getJceKey(contentEncryptionKey);
-        Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm());
-
-        try
-        {
-            IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets());
-
-            keyEncryptionCipher.init(Cipher.WRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec);
-
-            return keyEncryptionCipher.wrap(contentEncryptionKeySpec);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new CMSException("cannot process content encryption key: " + e.getMessage(), e);
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java
deleted file mode 100644
index 53da722bd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.OutputStream;
-import java.util.zip.DeflaterOutputStream;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.OutputCompressor;
-
-public class ZlibCompressor
-    implements OutputCompressor
-{
-    private static final String  ZLIB    = "1.2.840.113549.1.9.16.3.8";
-
-    public AlgorithmIdentifier getAlgorithmIdentifier()
-    {
-        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(ZLIB));
-    }
-
-    public OutputStream getOutputStream(OutputStream comOut)
-    {
-        return new DeflaterOutputStream(comOut);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java
deleted file mode 100644
index 107a0ef66..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java
+++ /dev/null
@@ -1,113 +0,0 @@
-package org.bouncycastle.cms.jcajce;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.zip.InflaterInputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.InputExpander;
-import org.bouncycastle.operator.InputExpanderProvider;
-import org.bouncycastle.util.io.StreamOverflowException;
-
-public class ZlibExpanderProvider
-    implements InputExpanderProvider
-{
-    private final long limit;
-
-    public ZlibExpanderProvider()
-    {
-        this.limit = -1;
-    }
-
-    /**
-     * Create a provider which caps the number of expanded bytes that can be produced when the
-     * compressed stream is parsed.
-     *
-     * @param limit max number of bytes allowed in an expanded stream.
-     */
-    public ZlibExpanderProvider(long limit)
-    {
-        this.limit = limit;
-    }
-
-    public InputExpander get(final AlgorithmIdentifier algorithm)
-    {
-        return new InputExpander()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return algorithm;
-            }
-
-            public InputStream getInputStream(InputStream comIn)
-            {
-                InputStream s = new InflaterInputStream(comIn);                
-                if (limit >= 0)
-                {
-                    s = new LimitedInputStream(s, limit);
-                }
-                return s;
-            }
-        };
-    }
-
-    private static class LimitedInputStream
-        extends FilterInputStream
-    {
-        private long remaining;
-
-        public LimitedInputStream(InputStream input, long limit)
-        {
-            super(input);
-
-            this.remaining = limit;
-        }
-
-        public int read()
-            throws IOException
-        {
-            // Only a single 'extra' byte will ever be read
-            if (remaining >= 0)
-            {
-                int b = super.in.read();
-                if (b < 0 || --remaining >= 0)
-                {
-                    return b;
-                }
-            }
-
-            throw new StreamOverflowException("expanded byte limit exceeded");
-        }
-
-        public int read(byte[] buf, int off, int len)
-            throws IOException
-        {
-            if (len < 1)
-            {
-                // This will give correct exceptions/returns for strange lengths
-                return super.read(buf, off, len);
-            }
-
-            if (remaining < 1)
-            {
-                // Will either return EOF or throw exception
-                read();
-                return -1;
-            }
-
-            /*
-             * Limit the underlying request to 'remaining' bytes. This ensures the
-             * caller will see the full 'limit' bytes before getting an exception.
-             * Also, only one extra byte will ever be read.
-             */
-            int actualLen = (remaining > len ? len : (int)remaining);
-            int numRead = super.in.read(buf, off, actualLen);
-            if (numRead > 0)
-            {
-                remaining -= numRead;
-            }
-            return numRead;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/cms/package.html
deleted file mode 100644
index 644e8620a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/cms/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-A package for processing RFC 3852 Cryptographic Message Syntax (CMS) objects - also referred to as PKCS#7 (formerly RFC 2630, 3369). 
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java
deleted file mode 100644
index 565effcc1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.crypto;
-
-
-/**
- * base interface that a public/private key block cipher needs
- * to conform to.
- */
-public interface AsymmetricBlockCipher
-{
-    /**
-     * initialise the cipher.
-     *
-     * @param forEncryption if true the cipher is initialised for 
-     *  encryption, if false for decryption.
-     * @param param the key and other data required by the cipher.
-     */
-    public void init(boolean forEncryption, CipherParameters param);
-
-    /**
-     * returns the largest size an input block can be.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize();
-
-    /**
-     * returns the maximum size of the block produced by this cipher.
-     *
-     * @return maximum size of the output block produced by the cipher.
-     */
-    public int getOutputBlockSize();
-
-    /**
-     * process the block of len bytes stored in in from offset inOff.
-     *
-     * @param in the input data
-     * @param inOff offset into the in array where the data starts
-     * @param len the length of the block to be processed.
-     * @return the resulting byte array of the encryption/decryption process.
-     * @exception InvalidCipherTextException data decrypts improperly.
-     * @exception DataLengthException the input data is too large for the cipher.
-     */
-    public byte[] processBlock(byte[] in, int inOff, int len)
-        throws InvalidCipherTextException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java
deleted file mode 100644
index 85bec735b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * a holding class for public/private parameter pairs.
- */
-public class AsymmetricCipherKeyPair
-{
-    private CipherParameters    publicParam;
-    private CipherParameters    privateParam;
-
-    /**
-     * basic constructor.
-     *
-     * @param publicParam a public key parameters object.
-     * @param privateParam the corresponding private key parameters.
-     */
-    public AsymmetricCipherKeyPair(
-        CipherParameters    publicParam,
-        CipherParameters    privateParam)
-    {
-        this.publicParam = publicParam;
-        this.privateParam = privateParam;
-    }
-
-    /**
-     * return the public key parameters.
-     *
-     * @return the public key parameters.
-     */
-    public CipherParameters getPublic()
-    {
-        return publicParam;
-    }
-
-    /**
-     * return the private key parameters.
-     *
-     * @return the private key parameters.
-     */
-    public CipherParameters getPrivate()
-    {
-        return privateParam;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java
deleted file mode 100644
index 919db199d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * interface that a public/private key pair generator should conform to.
- */
-public interface AsymmetricCipherKeyPairGenerator
-{
-    /**
-     * intialise the key pair generator.
-     *
-     * @param param the parameters the key pair is to be initialised with.
-     */
-    public void init(KeyGenerationParameters param);
-
-    /**
-     * return an AsymmetricCipherKeyPair containing the generated keys.
-     *
-     * @return an AsymmetricCipherKeyPair containing the generated keys.
-     */
-    public AsymmetricCipherKeyPair generateKeyPair();
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BasicAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BasicAgreement.java
deleted file mode 100644
index 49074272c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BasicAgreement.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.crypto;
-
-import java.math.BigInteger;
-
-/**
- * The basic interface that basic Diffie-Hellman implementations
- * conforms to.
- */
-public interface BasicAgreement
-{
-    /**
-     * initialise the agreement engine.
-     */
-    public void init(CipherParameters param);
-
-    /**
-     * given a public key from a given party calculate the next
-     * message in the agreement sequence. 
-     */
-    public BigInteger calculateAgreement(CipherParameters pubKey);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BlockCipher.java
deleted file mode 100644
index 3cfa25a09..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BlockCipher.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.bouncycastle.crypto;
-
-
-/**
- * Block cipher engines are expected to conform to this interface.
- */
-public interface BlockCipher
-{
-    /**
-     * Initialise the cipher.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException;
-
-    /**
-     * Return the name of the algorithm the cipher implements.
-     *
-     * @return the name of the algorithm the cipher implements.
-     */
-    public String getAlgorithmName();
-
-    /**
-     * Return the block size for this cipher (in bytes).
-     *
-     * @return the block size for this cipher in bytes.
-     */
-    public int getBlockSize();
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException;
-
-    /**
-     * Reset the cipher. After resetting the cipher is in the same state
-     * as it was after the last init (if there was one).
-     */
-    public void reset();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java
deleted file mode 100644
index 1bf7ce3e6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java
+++ /dev/null
@@ -1,171 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * a buffer wrapper for an asymmetric block cipher, allowing input
- * to be accumulated in a piecemeal fashion until final processing.
- */
-public class BufferedAsymmetricBlockCipher
-{
-    protected byte[]        buf;
-    protected int           bufOff;
-
-    private final AsymmetricBlockCipher   cipher;
-
-    /**
-     * base constructor.
-     *
-     * @param cipher the cipher this buffering object wraps.
-     */
-    public BufferedAsymmetricBlockCipher(
-        AsymmetricBlockCipher     cipher)
-    {
-        this.cipher = cipher;
-    }
-
-    /**
-     * return the underlying cipher for the buffer.
-     *
-     * @return the underlying cipher for the buffer.
-     */
-    public AsymmetricBlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
-     * return the amount of data sitting in the buffer.
-     *
-     * @return the amount of data sitting in the buffer.
-     */
-    public int getBufferPosition()
-    {
-        return bufOff;
-    }
-
-    /**
-     * initialise the buffer and the underlying cipher.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-    {
-        reset();
-
-        cipher.init(forEncryption, params);
-
-        //
-        // we allow for an extra byte where people are using their own padding
-        // mechanisms on a raw cipher.
-        //
-        buf = new byte[cipher.getInputBlockSize() + (forEncryption ? 1 : 0)];
-        bufOff = 0;
-    }
-
-    /**
-     * returns the largest size an input block can be.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize()
-    {
-        return cipher.getInputBlockSize();
-    }
-
-    /**
-     * returns the maximum size of the block produced by this cipher.
-     *
-     * @return maximum size of the output block produced by the cipher.
-     */
-    public int getOutputBlockSize()
-    {
-        return cipher.getOutputBlockSize();
-    }
-
-    /**
-     * add another byte for processing.
-     * 
-     * @param in the input byte.
-     */
-    public void processByte(
-        byte        in)
-    {
-        if (bufOff >= buf.length)
-        {
-            throw new DataLengthException("attempt to process message too long for cipher");
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    /**
-     * add len bytes to the buffer for processing.
-     *
-     * @param in the input data
-     * @param inOff offset into the in array where the data starts
-     * @param len the length of the block to be processed.
-     */
-    public void processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len)
-    {
-        if (len == 0)
-        {
-            return;
-        }
-
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        if (bufOff + len > buf.length)
-        {
-            throw new DataLengthException("attempt to process message too long for cipher");
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-        bufOff += len;
-    }
-
-    /**
-     * process the contents of the buffer using the underlying
-     * cipher.
-     *
-     * @return the result of the encryption/decryption process on the
-     * buffer.
-     * @exception InvalidCipherTextException if we are given a garbage block.
-     */
-    public byte[] doFinal()
-        throws InvalidCipherTextException
-    {
-        byte[] out = cipher.processBlock(buf, 0, bufOff);
-
-        reset();
-
-        return out;
-    }
-
-    /**
-     * Reset the buffer and the underlying cipher.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        if (buf != null)
-        {
-            for (int i = 0; i < buf.length; i++)
-            {
-                buf[i] = 0;
-            }
-        }
-
-        bufOff = 0;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
deleted file mode 100644
index 4878786c8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
+++ /dev/null
@@ -1,313 +0,0 @@
-package org.bouncycastle.crypto;
-
-
-/**
- * A wrapper class that allows block ciphers to be used to process data in
- * a piecemeal fashion. The BufferedBlockCipher outputs a block only when the
- * buffer is full and more data is being added, or on a doFinal.
- * 

- * Note: in the case where the underlying cipher is either a CFB cipher or an
- * OFB one the last block may not be a multiple of the block size.
- */
-public class BufferedBlockCipher
-{
-    protected byte[]        buf;
-    protected int           bufOff;
-
-    protected boolean       forEncryption;
-    protected BlockCipher   cipher;
-
-    protected boolean       partialBlockOkay;
-    protected boolean       pgpCFB;
-
-    /**
-     * constructor for subclasses
-     */
-    protected BufferedBlockCipher()
-    {
-    }
-
-    /**
-     * Create a buffered block cipher without padding.
-     *
-     * @param cipher the underlying block cipher this buffering object wraps.
-     */
-    public BufferedBlockCipher(
-        BlockCipher     cipher)
-    {
-        this.cipher = cipher;
-
-        buf = new byte[cipher.getBlockSize()];
-        bufOff = 0;
-
-        //
-        // check if we can handle partial blocks on doFinal.
-        //
-        String  name = cipher.getAlgorithmName();
-        int     idx = name.indexOf('/') + 1;
-
-        pgpCFB = (idx > 0 && name.startsWith("PGP", idx));
-
-        if (pgpCFB)
-        {
-            partialBlockOkay = true;
-        }
-        else
-        {
-            partialBlockOkay = (idx > 0 && (name.startsWith("CFB", idx) || name.startsWith("OFB", idx) || name.startsWith("OpenPGP", idx) || name.startsWith("SIC", idx) || name.startsWith("GCTR", idx)));
-        }
-    }
-
-    /**
-     * return the cipher this object wraps.
-     *
-     * @return the cipher this object wraps.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
-     * initialise the cipher.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-
-        reset();
-
-        cipher.init(forEncryption, params);
-    }
-
-    /**
-     * return the blocksize for the underlying cipher.
-     *
-     * @return the blocksize for the underlying cipher.
-     */
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-    /**
-     * return the size of the output buffer required for an update 
-     * an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update
-     * with len bytes of input.
-     */
-    public int getUpdateOutputSize(
-        int len)
-    {
-        int total       = len + bufOff;
-        int leftOver;
-
-        if (pgpCFB)
-        {
-            leftOver    = total % buf.length - (cipher.getBlockSize() + 2);
-        }
-        else
-        {
-            leftOver    = total % buf.length;
-        }
-
-        return total - leftOver;
-    }
-
-    /**
-     * return the size of the output buffer required for an update plus a
-     * doFinal with an input of 'length' bytes.
-     *
-     * @param length the length of the input.
-     * @return the space required to accommodate a call to update and doFinal
-     * with 'length' bytes of input.
-     */
-    public int getOutputSize(
-        int length)
-    {
-        // Note: Can assume partialBlockOkay is true for purposes of this calculation
-        return length + bufOff;
-    }
-
-    /**
-     * process a single byte, producing an output block if neccessary.
-     *
-     * @param in the input byte.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processByte(
-        byte        in,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        int         resultLen = 0;
-
-        buf[bufOff++] = in;
-
-        if (bufOff == buf.length)
-        {
-            resultLen = cipher.processBlock(buf, 0, out, outOff);
-            bufOff = 0;
-        }
-
-        return resultLen;
-    }
-
-    /**
-     * process an array of bytes, producing output if necessary.
-     *
-     * @param in the input byte array.
-     * @param inOff the offset at which the input data starts.
-     * @param len the number of bytes to be copied out of the input array.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize   = getBlockSize();
-        int length      = getUpdateOutputSize(len);
-        
-        if (length > 0)
-        {
-            if ((outOff + length) > out.length)
-            {
-                throw new DataLengthException("output buffer too short");
-            }
-        }
-
-        int resultLen = 0;
-        int gapLen = buf.length - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += cipher.processBlock(buf, 0, out, outOff);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > buf.length)
-            {
-                resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-
-        if (bufOff == buf.length)
-        {
-            resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
-            bufOff = 0;
-        }
-
-        return resultLen;
-    }
-
-    /**
-     * Process the last block in the buffer.
-     *
-     * @param out the array the block currently being held is copied into.
-     * @param outOff the offset at which the copying starts.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there is insufficient space in out for
-     * the output, or the input is not block size aligned and should be.
-     * @exception IllegalStateException if the underlying cipher is not
-     * initialised.
-     * @exception InvalidCipherTextException if padding is expected and not found.
-     * @exception DataLengthException if the input is not block size
-     * aligned.
-     */
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-        throws DataLengthException, IllegalStateException, InvalidCipherTextException
-    {
-        try
-        {
-            int resultLen = 0;
-
-            if (outOff + bufOff > out.length)
-            {
-                throw new DataLengthException("output buffer too short for doFinal()");
-            }
-
-            if (bufOff != 0)
-            {
-                if (!partialBlockOkay)
-                {
-                    throw new DataLengthException("data not block size aligned");
-                }
-
-                cipher.processBlock(buf, 0, buf, 0);
-                resultLen = bufOff;
-                bufOff = 0;
-                System.arraycopy(buf, 0, out, outOff, resultLen);
-            }
-
-            return resultLen;
-        }
-        finally
-        {
-            reset();
-        }
-    }
-
-    /**
-     * Reset the buffer and cipher. After resetting the object is in the same
-     * state as it was after the last init (if there was one).
-     */
-    public void reset()
-    {
-        //
-        // clean the buffer.
-        //
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        //
-        // reset the underlying cipher.
-        //
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java
deleted file mode 100644
index 451f8e8f2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.bouncycastle.crypto;
-
-import java.security.SecureRandom;
-
-/**
- * The base class for symmetric, or secret, cipher key generators.
- */
-public class CipherKeyGenerator
-{
-    protected SecureRandom  random;
-    protected int           strength;
-
-    /**
-     * initialise the key generator.
-     *
-     * @param param the parameters to be used for key generation
-     */
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.random = param.getRandom();
-        this.strength = (param.getStrength() + 7) / 8;
-    }
-
-    /**
-     * generate a secret key.
-     *
-     * @return a byte array containing the key value.
-     */
-    public byte[] generateKey()
-    {
-        byte[]  key = new byte[strength];
-
-        random.nextBytes(key);
-
-        return key;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherParameters.java
deleted file mode 100644
index 5be873047..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CipherParameters.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * all parameter classes implement this.
- */
-public interface CipherParameters
-{
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CryptoException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CryptoException.java
deleted file mode 100644
index dc4a8dff4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/CryptoException.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * the foundation class for the hard exceptions thrown by the crypto packages.
- */
-public class CryptoException 
-    extends Exception
-{
-    /**
-     * base constructor.
-     */
-    public CryptoException()
-    {
-    }
-
-    /**
-     * create a CryptoException with the given message.
-     *
-     * @param message the message to be carried with the exception.
-     */
-    public CryptoException(
-        String  message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DSA.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DSA.java
deleted file mode 100644
index 1f5847626..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DSA.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.crypto;
-
-import java.math.BigInteger;
-
-/**
- * interface for classes implementing algorithms modeled similar to the Digital Signature Alorithm.
- */
-public interface DSA
-{
-    /**
-     * initialise the signer for signature generation or signature
-     * verification.
-     *
-     * @param forSigning true if we are generating a signature, false
-     * otherwise.
-     * @param param key parameters for signature generation.
-     */
-    public void init(boolean forSigning, CipherParameters param);
-
-    /**
-     * sign the passed in message (usually the output of a hash function).
-     *
-     * @param message the message to be signed.
-     * @return two big integers representing the r and s values respectively.
-     */
-    public BigInteger[] generateSignature(byte[] message);
-
-    /**
-     * verify the message message against the signature values r and s.
-     *
-     * @param message the message that was supposed to have been signed.
-     * @param r the r signature value.
-     * @param s the s signature value.
-     */
-    public boolean verifySignature(byte[] message, BigInteger  r, BigInteger s);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DataLengthException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DataLengthException.java
deleted file mode 100644
index fbf047cf5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DataLengthException.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * this exception is thrown if a buffer that is meant to have output
- * copied into it turns out to be too short, or if we've been given 
- * insufficient input. In general this exception will get thrown rather
- * than an ArrayOutOfBounds exception.
- */
-public class DataLengthException 
-    extends RuntimeCryptoException
-{
-    /**
-     * base constructor.
-     */
-    public DataLengthException()
-    {
-    }
-
-    /**
-     * create a DataLengthException with the given message.
-     *
-     * @param message the message to be carried with the exception.
-     */
-    public DataLengthException(
-        String  message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationFunction.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationFunction.java
deleted file mode 100644
index ef6e29eb8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationFunction.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * base interface for general purpose byte derivation functions.
- */
-public interface DerivationFunction
-{
-    public void init(DerivationParameters param);
-
-    /**
-     * return the message digest used as the basis for the function
-     */
-    public Digest getDigest();
-
-    public int generateBytes(byte[] out, int outOff, int len)
-        throws DataLengthException, IllegalArgumentException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationParameters.java
deleted file mode 100644
index e11eb8677..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/DerivationParameters.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * Parameters for key/byte stream derivation classes
- */
-public interface DerivationParameters
-{
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Digest.java
deleted file mode 100644
index f44fad0d2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Digest.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * interface that a message digest conforms to.
- */
-public interface Digest
-{
-    /**
-     * return the algorithm name
-     *
-     * @return the algorithm name
-     */
-    public String getAlgorithmName();
-
-    /**
-     * return the size, in bytes, of the digest produced by this message digest.
-     *
-     * @return the size, in bytes, of the digest produced by this message digest.
-     */
-    public int getDigestSize();
-
-    /**
-     * update the message digest with a single byte.
-     *
-     * @param in the input byte to be entered.
-     */
-    public void update(byte in);
-
-    /**
-     * update the message digest with a block of bytes.
-     *
-     * @param in the byte array containing the data.
-     * @param inOff the offset into the byte array where the data starts.
-     * @param len the length of the data.
-     */
-    public void update(byte[] in, int inOff, int len);
-
-    /**
-     * close the digest, producing the final digest value. The doFinal
-     * call leaves the digest reset.
-     *
-     * @param out the array the digest is to be copied into.
-     * @param outOff the offset into the out array the digest is to start at.
-     */
-    public int doFinal(byte[] out, int outOff);
-
-    /**
-     * reset the digest back to it's initial state.
-     */
-    public void reset();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java
deleted file mode 100644
index c5e9e8b0c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.bouncycastle.crypto;
-
-public interface ExtendedDigest 
-    extends Digest
-{
-    /**
-     * Return the size in bytes of the internal buffer the digest applies it's compression
-     * function to.
-     * 
-     * @return byte length of the digests internal buffer.
-     */
-    public int getByteLength();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java
deleted file mode 100644
index 59e4b26be..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * this exception is thrown whenever we find something we don't expect in a
- * message.
- */
-public class InvalidCipherTextException 
-    extends CryptoException
-{
-    /**
-     * base constructor.
-     */
-    public InvalidCipherTextException()
-    {
-    }
-
-    /**
-     * create a InvalidCipherTextException with the given message.
-     *
-     * @param message the message to be carried with the exception.
-     */
-    public InvalidCipherTextException(
-        String  message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java
deleted file mode 100644
index 9a63522fe..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.crypto;
-
-import java.security.SecureRandom;
-
-/**
- * The base class for parameters to key generators.
- */
-public class KeyGenerationParameters
-{
-    private SecureRandom    random;
-    private int             strength;
-
-    /**
-     * initialise the generator with a source of randomness
-     * and a strength (in bits).
-     *
-     * @param random the random byte source.
-     * @param strength the size, in bits, of the keys we want to produce.
-     */
-    public KeyGenerationParameters(
-        SecureRandom    random,
-        int             strength)
-    {
-        this.random = random;
-        this.strength = strength;
-    }
-
-    /**
-     * return the random source associated with this
-     * generator.
-     *
-     * @return the generators random source.
-     */
-    public SecureRandom getRandom()
-    {
-        return random;
-    }
-
-    /**
-     * return the bit strength for keys produced by this generator,
-     *
-     * @return the strength of the keys this generator produces (in bits).
-     */
-    public int getStrength()
-    {
-        return strength;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Mac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Mac.java
deleted file mode 100644
index c00cd58cc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Mac.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package org.bouncycastle.crypto;
-
-
-/**
- * The base interface for implementations of message authentication codes (MACs).
- */
-public interface Mac
-{
-    /**
-     * Initialise the MAC.
-     *
-     * @param params the key and other data required by the MAC.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(CipherParameters params)
-        throws IllegalArgumentException;
-
-    /**
-     * Return the name of the algorithm the MAC implements.
-     *
-     * @return the name of the algorithm the MAC implements.
-     */
-    public String getAlgorithmName();
-
-    /**
-     * Return the block size for this MAC (in bytes).
-     *
-     * @return the block size for this MAC in bytes.
-     */
-    public int getMacSize();
-
-    /**
-     * add a single byte to the mac for processing.
-     *
-     * @param in the byte to be processed.
-     * @exception IllegalStateException if the MAC is not initialised.
-     */
-    public void update(byte in)
-        throws IllegalStateException;
-
-    /**
-     * @param in the array containing the input.
-     * @param inOff the index in the array the data begins at.
-     * @param len the length of the input starting at inOff.
-     * @exception IllegalStateException if the MAC is not initialised.
-     * @exception DataLengthException if there isn't enough data in in.
-     */
-    public void update(byte[] in, int inOff, int len)
-        throws DataLengthException, IllegalStateException;
-
-    /**
-     * Compute the final stage of the MAC writing the output to the out
-     * parameter.
-     * 

-     * doFinal leaves the MAC in the same state it was after the last init.
-     *
-     * @param out the array the MAC is to be output to.
-     * @param outOff the offset into the out buffer the output is to start at.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the MAC is not initialised.
-     */
-    public int doFinal(byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException;
-
-    /**
-     * Reset the MAC. At the end of resetting the MAC should be in the
-     * in the same state it was after the last init (if there was one).
-     */
-    public void reset();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/MaxBytesExceededException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/MaxBytesExceededException.java
deleted file mode 100644
index bfa154422..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/MaxBytesExceededException.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * this exception is thrown whenever a cipher requires a change of key, iv
- * or similar after x amount of bytes enciphered
- */
-public class MaxBytesExceededException
-    extends RuntimeCryptoException
-{
-    /**
-     * base constructor.
-     */
-    public MaxBytesExceededException()
-    {
-    }
-
-    /**
-     * create an with the given message.
-     *
-     * @param message the message to be carried with the exception.
-     */
-    public MaxBytesExceededException(
-        String  message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java
deleted file mode 100644
index 82eaa5f67..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java
+++ /dev/null
@@ -1,157 +0,0 @@
-package org.bouncycastle.crypto;
-
-import org.bouncycastle.util.Strings;
-
-/**
- * super class for all Password Based Encryption (PBE) parameter generator classes.
- */
-public abstract class PBEParametersGenerator
-{
-    protected byte[]  password;
-    protected byte[]  salt;
-    protected int     iterationCount;
-
-    /**
-     * base constructor.
-     */
-    protected PBEParametersGenerator()
-    {
-    }
-
-    /**
-     * initialise the PBE generator.
-     *
-     * @param password the password converted into bytes (see below).
-     * @param salt the salt to be mixed with the password.
-     * @param iterationCount the number of iterations the "mixing" function
-     * is to be applied for.
-     */
-    public void init(
-        byte[]  password,
-        byte[]  salt,
-        int     iterationCount)
-    {
-        this.password = password;
-        this.salt = salt;
-        this.iterationCount = iterationCount;
-    }
-
-    /**
-     * return the password byte array.
-     *
-     * @return the password byte array.
-     */
-    public byte[] getPassword()
-    {
-        return password;
-    }
-
-    /**
-     * return the salt byte array.
-     *
-     * @return the salt byte array.
-     */
-    public byte[] getSalt()
-    {
-        return salt;
-    }
-
-    /**
-     * return the iteration count.
-     *
-     * @return the iteration count.
-     */
-    public int getIterationCount()
-    {
-        return iterationCount;
-    }
-
-    /**
-     * generate derived parameters for a key of length keySize.
-     *
-     * @param keySize the length, in bits, of the key required.
-     * @return a parameters object representing a key.
-     */
-    public abstract CipherParameters generateDerivedParameters(int keySize);
-
-    /**
-     * generate derived parameters for a key of length keySize, and
-     * an initialisation vector (IV) of length ivSize.
-     *
-     * @param keySize the length, in bits, of the key required.
-     * @param ivSize the length, in bits, of the iv required.
-     * @return a parameters object representing a key and an IV.
-     */
-    public abstract CipherParameters generateDerivedParameters(int keySize, int ivSize);
-
-    /**
-     * generate derived parameters for a key of length keySize, specifically
-     * for use with a MAC.
-     *
-     * @param keySize the length, in bits, of the key required.
-     * @return a parameters object representing a key.
-     */
-    public abstract CipherParameters generateDerivedMacParameters(int keySize);
-
-    /**
-     * converts a password to a byte array according to the scheme in
-     * PKCS5 (ascii, no padding)
-     *
-     * @param password a character array reqpresenting the password.
-     * @return a byte array representing the password.
-     */
-    public static byte[] PKCS5PasswordToBytes(
-        char[]  password)
-    {
-        byte[]  bytes = new byte[password.length];
-
-        for (int i = 0; i != bytes.length; i++)
-        {
-            bytes[i] = (byte)password[i];
-        }
-
-        return bytes;
-    }
-
-    /**
-     * converts a password to a byte array according to the scheme in
-     * PKCS5 (UTF-8, no padding)
-     *
-     * @param password a character array reqpresenting the password.
-     * @return a byte array representing the password.
-     */
-    public static byte[] PKCS5PasswordToUTF8Bytes(
-        char[]  password)
-    {
-        return Strings.toUTF8ByteArray(password);
-    }
-
-    /**
-     * converts a password to a byte array according to the scheme in
-     * PKCS12 (unicode, big endian, 2 zero pad bytes at the end).
-     *
-     * @param password a character array representing the password.
-     * @return a byte array representing the password.
-     */
-    public static byte[] PKCS12PasswordToBytes(
-        char[]  password)
-    {
-        if (password.length > 0)
-        {
-                                       // +1 for extra 2 pad bytes.
-            byte[]  bytes = new byte[(password.length + 1) * 2];
-
-            for (int i = 0; i != password.length; i ++)
-            {
-                bytes[i * 2] = (byte)(password[i] >>> 8);
-                bytes[i * 2 + 1] = (byte)password[i];
-            }
-
-            return bytes;
-        }
-        else
-        {
-            return new byte[0];
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java
deleted file mode 100644
index c1572020b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * the foundation class for the exceptions thrown by the crypto packages.
- */
-public class RuntimeCryptoException 
-    extends RuntimeException
-{
-    /**
-     * base constructor.
-     */
-    public RuntimeCryptoException()
-    {
-    }
-
-    /**
-     * create a RuntimeCryptoException with the given message.
-     *
-     * @param message the message to be carried with the exception.
-     */
-    public RuntimeCryptoException(
-        String  message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Signer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Signer.java
deleted file mode 100644
index 357b0da43..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Signer.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * Generic signer interface for hash based and message recovery signers.
- */
-public interface Signer 
-{
-    /**
-     * Initialise the signer for signing or verification.
-     * 
-     * @param forSigning true if for signing, false otherwise
-     * @param param necessary parameters.
-     */
-    public void init(boolean forSigning, CipherParameters param);
-
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(byte b);
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(byte[] in, int off, int len);
-
-    /**
-     * generate a signature for the message we've been loaded with using
-     * the key we were initialised with.
-     */
-    public byte[] generateSignature()
-        throws CryptoException, DataLengthException;
-
-    /**
-     * return true if the internal state represents the signature described
-     * in the passed in array.
-     */
-    public boolean verifySignature(byte[] signature);
-    
-    /**
-     * reset the internal state
-     */
-    public void reset();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
deleted file mode 100644
index 452b367f1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * Signer with message recovery.
- */
-public interface SignerWithRecovery 
-    extends Signer
-{
-    /**
-     * Returns true if the signer has recovered the full message as
-     * part of signature verification.
-     * 
-     * @return true if full message recovered.
-     */
-    public boolean hasFullMessage();
-    
-    /**
-     * Returns a reference to what message was recovered (if any).
-     * 
-     * @return full/partial message, null if nothing.
-     */
-    public byte[] getRecoveredMessage();
-
-    /**
-     * Perform an update with the recovered message before adding any other data. This must
-     * be the first update method called, and calling it will result in the signer assuming
-     * that further calls to update will include message content past what is recoverable.
-     *
-     * @param signature the signature that we are in the process of verifying.
-     * @throws IllegalStateException
-     */
-    public void updateWithRecoveredMessage(byte[] signature)
-        throws InvalidCipherTextException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java
deleted file mode 100644
index 8fdd23241..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java
+++ /dev/null
@@ -1,108 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * a wrapper for block ciphers with a single byte block size, so that they
- * can be treated like stream ciphers.
- */
-public class StreamBlockCipher
-    implements StreamCipher
-{
-    private BlockCipher  cipher;
-
-    private byte[]  oneByte = new byte[1];
-
-    /**
-     * basic constructor.
-     *
-     * @param cipher the block cipher to be wrapped.
-     * @exception IllegalArgumentException if the cipher has a block size other than
-     * one.
-     */
-    public StreamBlockCipher(
-        BlockCipher cipher)
-    {
-        if (cipher.getBlockSize() != 1)
-        {
-            throw new IllegalArgumentException("block cipher block size != 1.");
-        }
-
-        this.cipher = cipher;
-    }
-
-    /**
-     * initialise the underlying cipher.
-     *
-     * @param forEncryption true if we are setting up for encryption, false otherwise.
-     * @param params the necessary parameters for the underlying cipher to be initialised.
-     */
-    public void init(
-        boolean forEncryption,
-        CipherParameters params)
-    {
-        cipher.init(forEncryption, params);
-    }
-
-    /**
-     * return the name of the algorithm we are wrapping.
-     *
-     * @return the name of the algorithm we are wrapping.
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName();
-    }
-
-    /**
-     * encrypt/decrypt a single byte returning the result.
-     *
-     * @param in the byte to be processed.
-     * @return the result of processing the input byte.
-     */
-    public byte returnByte(
-        byte    in)
-    {
-        oneByte[0] = in;
-
-        cipher.processBlock(oneByte, 0, oneByte, 0);
-
-        return oneByte[0];
-    }
-
-    /**
-     * process a block of bytes from in putting the result into out.
-     * 
-     * @param in the input byte array.
-     * @param inOff the offset into the in array where the data to be processed starts.
-     * @param len the number of bytes to be processed.
-     * @param out the output buffer the processed bytes go into.   
-     * @param outOff the offset into the output byte array the processed data stars at.
-     * @exception DataLengthException if the output buffer is too small.
-     */
-    public void processBytes(
-        byte[]  in,
-        int     inOff,
-        int     len,
-        byte[]  out,
-        int     outOff)
-        throws DataLengthException
-    {
-        if (outOff + len > out.length)
-        {
-            throw new DataLengthException("output buffer too small in processBytes()");
-        }
-
-        for (int i = 0; i != len; i++)
-        {
-                cipher.processBlock(in, inOff + i, out, outOff + i);
-        }
-    }
-
-    /**
-     * reset the underlying cipher. This leaves it in the same state
-     * it was at after the last init (if there was one).
-     */
-    public void reset()
-    {
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamCipher.java
deleted file mode 100644
index 2a55d4f65..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/StreamCipher.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.crypto;
-
-/**
- * the interface stream ciphers conform to.
- */
-public interface StreamCipher
-{
-    /**
-     * Initialise the cipher.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException;
-
-    /**
-     * Return the name of the algorithm the cipher implements.
-     *
-     * @return the name of the algorithm the cipher implements.
-     */
-    public String getAlgorithmName();
-
-    /**
-     * encrypt/decrypt a single byte returning the result.
-     *
-     * @param in the byte to be processed.
-     * @return the result of processing the input byte.
-     */
-    public byte returnByte(byte in);
-
-    /**
-     * process a block of bytes from in putting the result into out.
-     *
-     * @param in the input byte array.
-     * @param inOff the offset into the in array where the data to be processed starts.
-     * @param len the number of bytes to be processed.
-     * @param out the output buffer the processed bytes go into.
-     * @param outOff the offset into the output byte array the processed data starts at.
-     * @exception DataLengthException if the output buffer is too small.
-     */
-    public void processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-        throws DataLengthException;
-
-    /**
-     * reset the cipher. This leaves it in the same state
-     * it was at after the last init (if there was one).
-     */
-    public void reset();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Wrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Wrapper.java
deleted file mode 100644
index 3956a6fc3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/Wrapper.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.crypto;
-
-public interface Wrapper
-{
-    public void init(boolean forWrapping, CipherParameters param);
-
-    /**
-     * Return the name of the algorithm the wrapper implements.
-     *
-     * @return the name of the algorithm the wrapper implements.
-     */
-    public String getAlgorithmName();
-
-    public byte[] wrap(byte[] in, int inOff, int inLen);
-
-    public byte[] unwrap(byte[] in, int inOff, int inLen)
-        throws InvalidCipherTextException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java
deleted file mode 100644
index 021a71535..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java
+++ /dev/null
@@ -1,94 +0,0 @@
-package org.bouncycastle.crypto.agreement;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.generators.DHKeyPairGenerator;
-import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-/**
- * a Diffie-Hellman key exchange engine.
- * 

- * note: This uses MTI/A0 key agreement in order to make the key agreement
- * secure against passive attacks. If you're doing Diffie-Hellman and both
- * parties have long term public keys you should look at using this. For
- * further information have a look at RFC 2631.
- * 

- * It's possible to extend this to more than two parties as well, for the moment
- * that is left as an exercise for the reader.
- */
-public class DHAgreement
-{
-    private DHPrivateKeyParameters  key;
-    private DHParameters            dhParams;
-    private BigInteger              privateValue;
-    private SecureRandom            random;
-
-    public void init(
-        CipherParameters    param)
-    {
-        AsymmetricKeyParameter  kParam;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-            this.random = rParam.getRandom();
-            kParam = (AsymmetricKeyParameter)rParam.getParameters();
-        }
-        else
-        {
-            this.random = new SecureRandom();
-            kParam = (AsymmetricKeyParameter)param;
-        }
-
-        
-        if (!(kParam instanceof DHPrivateKeyParameters))
-        {
-            throw new IllegalArgumentException("DHEngine expects DHPrivateKeyParameters");
-        }
-
-        this.key = (DHPrivateKeyParameters)kParam;
-        this.dhParams = key.getParameters();
-    }
-
-    /**
-     * calculate our initial message.
-     */
-    public BigInteger calculateMessage()
-    {
-        DHKeyPairGenerator dhGen = new DHKeyPairGenerator();
-        dhGen.init(new DHKeyGenerationParameters(random, dhParams));
-        AsymmetricCipherKeyPair dhPair = dhGen.generateKeyPair();
-
-        this.privateValue = ((DHPrivateKeyParameters)dhPair.getPrivate()).getX();
-
-        return ((DHPublicKeyParameters)dhPair.getPublic()).getY();
-    }
-
-    /**
-     * given a message from a given party and the corresponding public key,
-     * calculate the next message in the agreement sequence. In this case
-     * this will represent the shared secret.
-     */
-    public BigInteger calculateAgreement(
-        DHPublicKeyParameters   pub,
-        BigInteger              message)
-    {
-        if (!pub.getParameters().equals(dhParams))
-        {
-            throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters.");
-        }
-
-        BigInteger p = dhParams.getP();
-
-        return message.modPow(key.getX(), p).multiply(pub.getY().modPow(privateValue, p)).mod(p);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java
deleted file mode 100644
index 40893bf3e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.bouncycastle.crypto.agreement;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-/**
- * a Diffie-Hellman key agreement class.
- * 

- * note: This is only the basic algorithm, it doesn't take advantage of
- * long term public keys if they are available. See the DHAgreement class
- * for a "better" implementation.
- */
-public class DHBasicAgreement
-    implements BasicAgreement
-{
-    private DHPrivateKeyParameters  key;
-    private DHParameters            dhParams;
-
-    public void init(
-        CipherParameters    param)
-    {
-        AsymmetricKeyParameter  kParam;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom rParam = (ParametersWithRandom)param;
-            kParam = (AsymmetricKeyParameter)rParam.getParameters();
-        }
-        else
-        {
-            kParam = (AsymmetricKeyParameter)param;
-        }
-
-        if (!(kParam instanceof DHPrivateKeyParameters))
-        {
-            throw new IllegalArgumentException("DHEngine expects DHPrivateKeyParameters");
-        }
-
-        this.key = (DHPrivateKeyParameters)kParam;
-        this.dhParams = key.getParameters();
-    }
-
-    /**
-     * given a short term public key from a given party calculate the next
-     * message in the agreement sequence. 
-     */
-    public BigInteger calculateAgreement(
-        CipherParameters   pubKey)
-    {
-        DHPublicKeyParameters   pub = (DHPublicKeyParameters)pubKey;
-
-        if (!pub.getParameters().equals(dhParams))
-        {
-            throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters.");
-        }
-
-        return pub.getY().modPow(key.getX(), dhParams.getP());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
deleted file mode 100644
index 3ad3e1ca6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.bouncycastle.crypto.agreement;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.math.ec.ECPoint;
-
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-
-/**
- * P1363 7.2.1 ECSVDP-DH
- *
- * ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive,
- * Diffie-Hellman version. It is based on the work of [DH76], [Mil86],
- * and [Kob87]. This primitive derives a shared secret value from one
- * party's private key and another party's public key, where both have
- * the same set of EC domain parameters. If two parties correctly
- * execute this primitive, they will produce the same output. This
- * primitive can be invoked by a scheme to derive a shared secret key;
- * specifically, it may be used with the schemes ECKAS-DH1 and
- * DL/ECKAS-DH2. It assumes that the input keys are valid (see also
- * Section 7.2.2).
- */
-public class ECDHBasicAgreement
-    implements BasicAgreement
-{
-    private ECPrivateKeyParameters key;
-
-    public void init(
-        CipherParameters key)
-    {
-        this.key = (ECPrivateKeyParameters)key;
-    }
-
-    public BigInteger calculateAgreement(
-        CipherParameters pubKey)
-    {
-        ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
-        ECPoint P = pub.getQ().multiply(key.getD());
-
-        // if (p.isInfinity()) throw new RuntimeException("d*Q == infinity");
-
-        return P.getX().toBigInteger();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java
deleted file mode 100644
index 465a0d416..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.crypto.agreement;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.math.ec.ECPoint;
-
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-
-/**
- * P1363 7.2.2 ECSVDP-DHC
- *
- * ECSVDP-DHC is Elliptic Curve Secret Value Derivation Primitive,
- * Diffie-Hellman version with cofactor multiplication. It is based on
- * the work of [DH76], [Mil86], [Kob87], [LMQ98] and [Kal98a]. This
- * primitive derives a shared secret value from one party's private key
- * and another party's public key, where both have the same set of EC
- * domain parameters. If two parties correctly execute this primitive,
- * they will produce the same output. This primitive can be invoked by a
- * scheme to derive a shared secret key; specifically, it may be used
- * with the schemes ECKAS-DH1 and DL/ECKAS-DH2. It does not assume the
- * validity of the input public key (see also Section 7.2.1).
- * 

- * Note: As stated P1363 compatibility mode with ECDH can be preset, and
- * in this case the implementation doesn't have a ECDH compatibility mode
- * (if you want that just use ECDHBasicAgreement and note they both implement
- * BasicAgreement!).
- */
-public class ECDHCBasicAgreement
-    implements BasicAgreement
-{
-    ECPrivateKeyParameters key;
-
-    public void init(
-        CipherParameters key)
-    {
-        this.key = (ECPrivateKeyParameters)key;
-    }
-
-    public BigInteger calculateAgreement(
-        CipherParameters pubKey)
-    {
-        ECPublicKeyParameters   pub = (ECPublicKeyParameters)pubKey;
-        ECDomainParameters      params = pub.getParameters();
-        ECPoint P = pub.getQ().multiply(params.getH().multiply(key.getD()));
-
-        // if (p.isInfinity()) throw new RuntimeException("Invalid public key");
-
-        return P.getX().toBigInteger();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java
deleted file mode 100644
index 543608bc3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package org.bouncycastle.crypto.agreement;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.MQVPrivateParameters;
-import org.bouncycastle.crypto.params.MQVPublicParameters;
-import org.bouncycastle.math.ec.ECAlgorithms;
-import org.bouncycastle.math.ec.ECConstants;
-import org.bouncycastle.math.ec.ECPoint;
-
-public class ECMQVBasicAgreement
-    implements BasicAgreement
-{
-    MQVPrivateParameters privParams;
-
-    public void init(
-        CipherParameters key)
-    {
-        this.privParams = (MQVPrivateParameters)key;
-    }
-
-    public BigInteger calculateAgreement(CipherParameters pubKey)
-    {
-        MQVPublicParameters pubParams = (MQVPublicParameters)pubKey;
-
-        ECPrivateKeyParameters staticPrivateKey = privParams.getStaticPrivateKey();
-
-        ECPoint agreement = calculateMqvAgreement(staticPrivateKey.getParameters(), staticPrivateKey,
-            privParams.getEphemeralPrivateKey(), privParams.getEphemeralPublicKey(),
-            pubParams.getStaticPublicKey(), pubParams.getEphemeralPublicKey());
-
-        return agreement.getX().toBigInteger();
-    }
-
-    // The ECMQV Primitive as described in SEC-1, 3.4
-    private ECPoint calculateMqvAgreement(
-        ECDomainParameters      parameters,
-        ECPrivateKeyParameters  d1U,
-        ECPrivateKeyParameters  d2U,
-        ECPublicKeyParameters   Q2U,
-        ECPublicKeyParameters   Q1V,
-        ECPublicKeyParameters   Q2V)
-    {
-        BigInteger n = parameters.getN();
-        int e = (n.bitLength() + 1) / 2;
-        BigInteger powE = ECConstants.ONE.shiftLeft(e);
-
-        // The Q2U public key is optional
-        ECPoint q;
-        if (Q2U == null)
-        {
-            q = parameters.getG().multiply(d2U.getD());
-        }
-        else
-        {
-            q = Q2U.getQ();
-        }
-
-        BigInteger x = q.getX().toBigInteger();
-        BigInteger xBar = x.mod(powE);
-        BigInteger Q2UBar = xBar.setBit(e);
-        BigInteger s = d1U.getD().multiply(Q2UBar).mod(n).add(d2U.getD()).mod(n);
-
-        BigInteger xPrime = Q2V.getQ().getX().toBigInteger();
-        BigInteger xPrimeBar = xPrime.mod(powE);
-        BigInteger Q2VBar = xPrimeBar.setBit(e);
-
-        BigInteger hs = parameters.getH().multiply(s).mod(n);
-
-//        ECPoint p = Q1V.getQ().multiply(Q2VBar).add(Q2V.getQ()).multiply(hs);
-        ECPoint p = ECAlgorithms.sumOfTwoMultiplies(
-            Q1V.getQ(), Q2VBar.multiply(hs).mod(n), Q2V.getQ(), hs);
-
-        if (p.isInfinity())
-        {
-            throw new IllegalStateException("Infinity is not a valid agreement value for MQV");
-        }
-
-        return p;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java
deleted file mode 100644
index e82c77536..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.bouncycastle.crypto.agreement.kdf;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.crypto.DerivationParameters;
-
-public class DHKDFParameters
-    implements DerivationParameters
-{
-    private final DERObjectIdentifier algorithm;
-    private final int keySize;
-    private final byte[] z;
-    private final byte[] extraInfo;
-
-    public DHKDFParameters(
-        DERObjectIdentifier algorithm,
-        int keySize,
-        byte[] z)
-    {
-        this.algorithm = algorithm;
-        this.keySize = keySize;
-        this.z = z;
-        this.extraInfo = null;
-    }
-
-    public DHKDFParameters(
-        DERObjectIdentifier algorithm,
-        int keySize,
-        byte[] z,
-        byte[] extraInfo)
-    {
-        this.algorithm = algorithm;
-        this.keySize = keySize;
-        this.z = z;
-        this.extraInfo = extraInfo;
-    }
-
-    public DERObjectIdentifier getAlgorithm()
-    {
-        return algorithm;
-    }
-
-    public int getKeySize()
-    {
-        return keySize;
-    }
-
-    public byte[] getZ()
-    {
-        return z;
-    }
-
-    public byte[] getExtraInfo()
-    {
-        return extraInfo;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
deleted file mode 100644
index 23988b9f0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.bouncycastle.crypto.agreement.kdf;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.DerivationParameters;
-import org.bouncycastle.crypto.Digest;
-
-/**
- * RFC 2631 Diffie-hellman KEK derivation function.
- */
-public class DHKEKGenerator
-    implements DerivationFunction
-{
-    private final Digest digest;
-
-    private DERObjectIdentifier algorithm;
-    private int                 keySize;
-    private byte[]              z;
-    private byte[]              partyAInfo;
-
-    public DHKEKGenerator(
-        Digest digest)
-    {
-        this.digest = digest;
-    }
-
-    public void init(DerivationParameters param)
-    {
-        DHKDFParameters params = (DHKDFParameters)param;
-
-        this.algorithm = params.getAlgorithm();
-        this.keySize = params.getKeySize();
-        this.z = params.getZ();
-        this.partyAInfo = params.getExtraInfo();
-    }
-
-    public Digest getDigest()
-    {
-        return digest;
-    }
-
-    public int generateBytes(byte[] out, int outOff, int len)
-        throws DataLengthException, IllegalArgumentException
-    {
-        if ((out.length - len) < outOff)
-        {
-            throw new DataLengthException("output buffer too small");
-        }
-
-        long    oBytes = len;
-        int     outLen = digest.getDigestSize();
-
-        //
-        // this is at odds with the standard implementation, the
-        // maximum value should be hBits * (2^32 - 1) where hBits
-        // is the digest output size in bits. We can't have an
-        // array with a long index at the moment...
-        //
-        if (oBytes > ((2L << 32) - 1))
-        {
-            throw new IllegalArgumentException("Output length too large");
-        }
-
-        int cThreshold = (int)((oBytes + outLen - 1) / outLen);
-
-        byte[] dig = new byte[digest.getDigestSize()];
-
-        int counter = 1;
-
-        for (int i = 0; i < cThreshold; i++)
-        {
-            digest.update(z, 0, z.length);
-
-            // OtherInfo
-            ASN1EncodableVector v1 = new ASN1EncodableVector();
-            // KeySpecificInfo
-            ASN1EncodableVector v2 = new ASN1EncodableVector();
-
-            v2.add(algorithm);
-            v2.add(new DEROctetString(integerToBytes(counter)));
-
-            v1.add(new DERSequence(v2));
-
-            if (partyAInfo != null)
-            {
-                v1.add(new DERTaggedObject(true, 0, new DEROctetString(partyAInfo)));
-            }
-
-            v1.add(new DERTaggedObject(true, 2, new DEROctetString(integerToBytes(keySize))));
-
-            byte[] other = new DERSequence(v1).getDEREncoded();
-
-            digest.update(other, 0, other.length);
-
-            digest.doFinal(dig, 0);
-
-            if (len > outLen)
-            {
-                System.arraycopy(dig, 0, out, outOff, outLen);
-                outOff += outLen;
-                len -= outLen;
-            }
-            else
-            {
-                System.arraycopy(dig, 0, out, outOff, len);
-            }
-
-            counter++;
-        }
-
-        digest.reset();
-
-        return len;
-    }
-
-    private byte[] integerToBytes(int keySize)
-    {
-        byte[] val = new byte[4];
-
-        val[0] = (byte)(keySize >> 24);
-        val[1] = (byte)(keySize >> 16);
-        val[2] = (byte)(keySize >> 8);
-        val[3] = (byte)keySize;
-
-        return val;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java
deleted file mode 100644
index 560614ee3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.bouncycastle.crypto.agreement.kdf;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.DerivationParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
-import org.bouncycastle.crypto.params.KDFParameters;
-
-/**
- * X9.63 based key derivation function for ECDH CMS.
- */
-public class ECDHKEKGenerator
-    implements DerivationFunction
-{
-    private DerivationFunction kdf;
-
-    private DERObjectIdentifier algorithm;
-    private int                 keySize;
-    private byte[]              z;
-
-    public ECDHKEKGenerator(
-        Digest digest)
-    {
-        this.kdf = new KDF2BytesGenerator(digest);
-    }
-
-    public void init(DerivationParameters param)
-    {
-        DHKDFParameters params = (DHKDFParameters)param;
-
-        this.algorithm = params.getAlgorithm();
-        this.keySize = params.getKeySize();
-        this.z = params.getZ();
-    }
-
-    public Digest getDigest()
-    {
-        return kdf.getDigest();
-    }
-
-    public int generateBytes(byte[] out, int outOff, int len)
-        throws DataLengthException, IllegalArgumentException
-    {
-        // TODO Create an ASN.1 class for this (RFC3278)
-        // ECC-CMS-SharedInfo
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(new AlgorithmIdentifier(algorithm, new DERNull()));
-        v.add(new DERTaggedObject(true, 2, new DEROctetString(integerToBytes(keySize))));
-
-        kdf.init(new KDFParameters(z, new DERSequence(v).getDEREncoded()));
-
-        return kdf.generateBytes(out, outOff, len);
-    }
-
-    private byte[] integerToBytes(int keySize)
-    {
-        byte[] val = new byte[4];
-
-        val[0] = (byte)(keySize >> 24);
-        val[1] = (byte)(keySize >> 16);
-        val[2] = (byte)(keySize >> 8);
-        val[3] = (byte)keySize;
-
-        return val;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/package.html
deleted file mode 100644
index 4b49331c7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Basic key agreement classes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java
deleted file mode 100644
index 4df902369..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package org.bouncycastle.crypto.agreement.srp;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Digest;
-
-/**
- * Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
- * This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper
- * "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"
- */
-public class SRP6Client
-{
-    protected BigInteger N;
-    protected BigInteger g;
-
-    protected BigInteger a;
-    protected BigInteger A;
-
-    protected BigInteger B;
-
-    protected BigInteger x;
-    protected BigInteger u;
-    protected BigInteger S;
-
-    protected Digest digest;
-    protected SecureRandom random;
-
-    public SRP6Client()
-    {
-    }
-
-    /**
-     * Initialises the client to begin new authentication attempt
-     * @param N The safe prime associated with the client's verifier
-     * @param g The group parameter associated with the client's verifier
-     * @param digest The digest algorithm associated with the client's verifier
-     * @param random For key generation
-     */
-    public void init(BigInteger N, BigInteger g, Digest digest, SecureRandom random)
-    {
-        this.N = N;
-        this.g = g;
-        this.digest = digest;
-        this.random = random;
-    }
-
-    /**
-     * Generates client's credentials given the client's salt, identity and password
-     * @param salt The salt used in the client's verifier.
-     * @param identity The user's identity (eg. username)
-     * @param password The user's password
-     * @return Client's public value to send to server
-     */
-    public BigInteger generateClientCredentials(byte[] salt, byte[] identity, byte[] password)
-    {
-        this.x = SRP6Util.calculateX(digest, N, salt, identity, password);
-        this.a = selectPrivateValue();
-        this.A = g.modPow(a, N);
-
-        return A;
-    }
-
-    /**
-     * Generates client's verification message given the server's credentials
-     * @param serverB The server's credentials
-     * @return Client's verification message for the server
-     * @throws CryptoException If server's credentials are invalid
-     */
-    public BigInteger calculateSecret(BigInteger serverB) throws CryptoException
-    {
-        this.B = SRP6Util.validatePublicValue(N, serverB);
-        this.u = SRP6Util.calculateU(digest, N, A, B);
-        this.S = calculateS();
-
-        return S;
-    }
-
-    protected BigInteger selectPrivateValue()
-    {
-        return SRP6Util.generatePrivateValue(digest, N, g, random);        
-    }
-
-    private BigInteger calculateS()
-    {
-        BigInteger k = SRP6Util.calculateK(digest, N, g);
-        BigInteger exp = u.multiply(x).add(a);
-        BigInteger tmp = g.modPow(x, N).multiply(k).mod(N);
-        return B.subtract(tmp).mod(N).modPow(exp, N);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java
deleted file mode 100644
index fb208388c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java
+++ /dev/null
@@ -1,90 +0,0 @@
-package org.bouncycastle.crypto.agreement.srp;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Digest;
-
-/**
- * Implements the server side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
- * This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper
- * "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"
- */
-public class SRP6Server
-{
-    protected BigInteger N;
-    protected BigInteger g;
-    protected BigInteger v;
-
-    protected SecureRandom random;
-    protected Digest digest;
-
-    protected BigInteger A;
-
-    protected BigInteger b;
-    protected BigInteger B;
-
-    protected BigInteger u;
-    protected BigInteger S;
-
-    public SRP6Server()
-    {
-    }
-
-    /**
-     * Initialises the server to accept a new client authentication attempt
-     * @param N The safe prime associated with the client's verifier
-     * @param g The group parameter associated with the client's verifier
-     * @param v The client's verifier
-     * @param digest The digest algorithm associated with the client's verifier
-     * @param random For key generation
-     */
-    public void init(BigInteger N, BigInteger g, BigInteger v, Digest digest, SecureRandom random)
-    {
-        this.N = N;
-        this.g = g;
-        this.v = v;
-
-        this.random = random;
-        this.digest = digest;
-    }
-
-    /**
-     * Generates the server's credentials that are to be sent to the client.
-     * @return The server's public value to the client
-     */
-    public BigInteger generateServerCredentials()
-    {
-        BigInteger k = SRP6Util.calculateK(digest, N, g);
-        this.b = selectPrivateValue();
-        this.B = k.multiply(v).mod(N).add(g.modPow(b, N)).mod(N);
-
-        return B;
-    }
-
-    /**
-     * Processes the client's credentials. If valid the shared secret is generated and returned.
-     * @param clientA The client's credentials
-     * @return A shared secret BigInteger
-     * @throws CryptoException If client's credentials are invalid
-     */
-    public BigInteger calculateSecret(BigInteger clientA) throws CryptoException
-    {
-        this.A = SRP6Util.validatePublicValue(N, clientA);
-        this.u = SRP6Util.calculateU(digest, N, A, B);
-        this.S = calculateS();
-
-        return S;
-    }
-
-    protected BigInteger selectPrivateValue()
-    {
-        return SRP6Util.generatePrivateValue(digest, N, g, random);        
-    }
-
-    private BigInteger calculateS()
-    {
-        return v.modPow(u, N).multiply(A).mod(N).modPow(b, N);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
deleted file mode 100644
index 28c383f7d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package org.bouncycastle.crypto.agreement.srp;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.util.BigIntegers;
-
-public class SRP6Util
-{
-    private static BigInteger ZERO = BigInteger.valueOf(0);
-    private static BigInteger ONE = BigInteger.valueOf(1);
-
-    public static BigInteger calculateK(Digest digest, BigInteger N, BigInteger g)
-    {
-        return hashPaddedPair(digest, N, N, g);
-    }
-
-    public static BigInteger calculateU(Digest digest, BigInteger N, BigInteger A, BigInteger B)
-    {
-        return hashPaddedPair(digest, N, A, B);
-    }
-
-    public static BigInteger calculateX(Digest digest, BigInteger N, byte[] salt, byte[] identity, byte[] password)
-    {
-        byte[] output = new byte[digest.getDigestSize()];
-
-        digest.update(identity, 0, identity.length);
-        digest.update((byte)':');
-        digest.update(password, 0, password.length);
-        digest.doFinal(output, 0);
-
-        digest.update(salt, 0, salt.length);
-        digest.update(output, 0, output.length);
-        digest.doFinal(output, 0);
-
-        return new BigInteger(1, output).mod(N);
-    }
-
-    public static BigInteger generatePrivateValue(Digest digest, BigInteger N, BigInteger g, SecureRandom random)
-    {
-        int minBits = Math.min(256, N.bitLength() / 2);
-        BigInteger min = ONE.shiftLeft(minBits - 1);
-        BigInteger max = N.subtract(ONE);
-
-        return BigIntegers.createRandomInRange(min, max, random);
-    }
-
-    public static BigInteger validatePublicValue(BigInteger N, BigInteger val)
-        throws CryptoException
-    {
-        val = val.mod(N);
-
-        // Check that val % N != 0
-        if (val.equals(ZERO))
-        {
-            throw new CryptoException("Invalid public value: 0");
-        }
-
-        return val;
-    }
-
-    private static BigInteger hashPaddedPair(Digest digest, BigInteger N, BigInteger n1, BigInteger n2)
-    {
-        int padLength = (N.bitLength() + 7) / 8;
-
-        byte[] n1_bytes = getPadded(n1, padLength);
-        byte[] n2_bytes = getPadded(n2, padLength);
-
-        digest.update(n1_bytes, 0, n1_bytes.length);
-        digest.update(n2_bytes, 0, n2_bytes.length);
-
-        byte[] output = new byte[digest.getDigestSize()];
-        digest.doFinal(output, 0);
-
-        return new BigInteger(1, output).mod(N);
-    }
-
-    private static byte[] getPadded(BigInteger n, int length)
-    {
-        byte[] bs = BigIntegers.asUnsignedByteArray(n);
-        if (bs.length < length)
-        {
-            byte[] tmp = new byte[length];
-            System.arraycopy(bs, 0, tmp, length - bs.length, bs.length);
-            bs = tmp;
-        }
-        return bs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java
deleted file mode 100644
index 631ecc6e4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.bouncycastle.crypto.agreement.srp;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.Digest;
-
-/**
- * Generates new SRP verifier for user
- */
-public class SRP6VerifierGenerator
-{
-    protected BigInteger N;
-    protected BigInteger g;
-    protected Digest digest;
-
-    public SRP6VerifierGenerator()
-    {
-    }
-
-    /**
-     * Initialises generator to create new verifiers
-     * @param N The safe prime to use (see DHParametersGenerator)
-     * @param g The group parameter to use (see DHParametersGenerator)
-     * @param digest The digest to use. The same digest type will need to be used later for the actual authentication
-     * attempt. Also note that the final session key size is dependent on the chosen digest.
-     */
-    public void init(BigInteger N, BigInteger g, Digest digest)
-    {
-        this.N = N;
-        this.g = g;
-        this.digest = digest;
-    }
-
-    /**
-     * Creates a new SRP verifier
-     * @param salt The salt to use, generally should be large and random
-     * @param identity The user's identifying information (eg. username)
-     * @param password The user's password
-     * @return A new verifier for use in future SRP authentication
-     */
-    public BigInteger generateVerifier(byte[] salt, byte[] identity, byte[] password)
-    {
-        BigInteger x = SRP6Util.calculateX(digest, N, salt, identity, password);
-
-        return g.modPow(x, N);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java
deleted file mode 100644
index 956fada0d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java
+++ /dev/null
@@ -1,349 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.ExtendedDigest;
-import org.bouncycastle.crypto.engines.GOST28147Engine;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
-import org.bouncycastle.crypto.util.Pack;
-import org.bouncycastle.util.Arrays;
-
-/**
- * implementation of GOST R 34.11-94
- */
-public class GOST3411Digest
-    implements ExtendedDigest
-{
-    private static final int    DIGEST_LENGTH = 32;
-
-    private byte[]   H = new byte[32], L = new byte[32],
-                     M = new byte[32], Sum = new byte[32];
-    private byte[][] C = new byte[4][32];
-
-    private byte[]  xBuf = new byte[32];
-    private int  xBufOff;
-    private long byteCount;
-    
-    private BlockCipher cipher = new GOST28147Engine();
-    private byte[] sBox;
-
-    /**
-     * Standard constructor
-     */
-    public GOST3411Digest()
-    {
-        sBox = GOST28147Engine.getSBox("D-A");
-        cipher.init(true, new ParametersWithSBox(null, sBox));
-
-        reset();
-    }
-
-    /**
-     * Constructor to allow use of a particular sbox with GOST28147
-     * @see GOST28147Engine#getSBox(String)
-     */
-    public GOST3411Digest(byte[] sBoxParam)
-    {
-        sBox = Arrays.clone(sBoxParam);
-        cipher.init(true, new ParametersWithSBox(null, sBox));
-
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public GOST3411Digest(GOST3411Digest t)
-    {
-        this.sBox = t.sBox;
-        cipher.init(true, new ParametersWithSBox(null, sBox));
-
-        reset();
-
-        System.arraycopy(t.H, 0, this.H, 0, t.H.length);
-        System.arraycopy(t.L, 0, this.L, 0, t.L.length);
-        System.arraycopy(t.M, 0, this.M, 0, t.M.length);
-        System.arraycopy(t.Sum, 0, this.Sum, 0, t.Sum.length);
-        System.arraycopy(t.C[1], 0, this.C[1], 0, t.C[1].length);
-        System.arraycopy(t.C[2], 0, this.C[2], 0, t.C[2].length);
-        System.arraycopy(t.C[3], 0, this.C[3], 0, t.C[3].length);
-        System.arraycopy(t.xBuf, 0, this.xBuf, 0, t.xBuf.length);
-        
-        this.xBufOff = t.xBufOff;
-        this.byteCount = t.byteCount;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "GOST3411";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    public void update(byte in)
-    {
-        xBuf[xBufOff++] = in;
-        if (xBufOff == xBuf.length)
-        {
-            sumByteArray(xBuf); // calc sum M
-            processBlock(xBuf, 0);
-            xBufOff = 0;
-        }
-        byteCount++;
-    }
-
-    public void update(byte[] in, int inOff, int len)
-    {
-        while ((xBufOff != 0) && (len > 0))
-        {
-            update(in[inOff]);
-            inOff++;
-            len--;
-        }
-
-        while (len > xBuf.length)
-        {
-            System.arraycopy(in, inOff, xBuf, 0, xBuf.length);
-
-            sumByteArray(xBuf); // calc sum M
-            processBlock(xBuf, 0);
-            inOff += xBuf.length;
-            len -= xBuf.length;
-            byteCount += xBuf.length;
-        }
-
-        // load in the remainder.
-        while (len > 0)
-        {
-            update(in[inOff]);
-            inOff++;
-            len--;
-        }
-    }
-
-    // (i + 1 + 4(k - 1)) = 8i + k      i = 0-3, k = 1-8
-    private byte[] K = new byte[32];
-
-    private byte[] P(byte[] in)
-    {
-        for(int k = 0; k < 8; k++)
-        {
-            K[4*k] = in[k];
-            K[1 + 4*k] = in[ 8 + k];
-            K[2 + 4*k] = in[16 + k];
-            K[3 + 4*k] = in[24 + k];
-        }
-
-        return K;
-    }
-
-    //A (x) = (x0 ^ x1) || x3 || x2 || x1
-    byte[] a = new byte[8];
-    private byte[] A(byte[] in)
-    {
-        for(int j=0; j<8; j++)
-        {
-            a[j]=(byte)(in[j] ^ in[j+8]);
-        }
-
-        System.arraycopy(in, 8, in, 0, 24);
-        System.arraycopy(a, 0, in, 24, 8);
-
-        return in;
-    }
-
-    //Encrypt function, ECB mode
-    private void E(byte[] key, byte[] s, int sOff, byte[] in, int inOff)
-    {
-        cipher.init(true, new KeyParameter(key));
-        
-        cipher.processBlock(in, inOff, s, sOff);
-    }
-
-    // (in:) n16||..||n1 ==> (out:) n1^n2^n3^n4^n13^n16||n16||..||n2
-    short[] wS = new short[16], w_S = new short[16];
-
-    private void fw(byte[] in)
-    {
-        cpyBytesToShort(in, wS);
-        w_S[15] = (short)(wS[0] ^ wS[1] ^ wS[2] ^ wS[3] ^ wS[12] ^ wS[15]);
-        System.arraycopy(wS, 1, w_S, 0, 15);
-        cpyShortToBytes(w_S, in);
-    }
-
-    // block processing
-    byte[] S = new byte[32];
-    byte[] U = new byte[32], V = new byte[32], W = new byte[32];
-
-    protected void processBlock(byte[] in, int inOff)
-    {
-        System.arraycopy(in, inOff, M, 0, 32);
-
-        //key step 1
- 
-        // H = h3 || h2 || h1 || h0
-        // S = s3 || s2 || s1 || s0
-        System.arraycopy(H, 0, U, 0, 32);
-        System.arraycopy(M, 0, V, 0, 32);
-        for (int j=0; j<32; j++)
-        {
-            W[j] = (byte)(U[j]^V[j]);
-        }
-        // Encrypt gost28147-ECB
-        E(P(W), S, 0, H, 0); // s0 = EK0 [h0]
-
-        //keys step 2,3,4
-        for (int i=1; i<4; i++)
-        {
-            byte[] tmpA = A(U);
-            for (int j=0; j<32; j++)
-            {
-                U[j] = (byte)(tmpA[j] ^ C[i][j]);
-            }
-            V = A(A(V));
-            for (int j=0; j<32; j++)
-            {
-                W[j] = (byte)(U[j]^V[j]);
-            }
-            // Encrypt gost28147-ECB
-            E(P(W), S, i * 8, H, i * 8); // si = EKi [hi]
-        }
-
-        // x(M, H) = y61(H^y(M^y12(S)))
-        for(int n = 0; n < 12; n++)
-        {
-            fw(S);
-        }
-        for(int n = 0; n < 32; n++)
-        {
-            S[n] = (byte)(S[n] ^ M[n]);
-        }
-
-        fw(S);
-
-        for(int n = 0; n < 32; n++)
-        {
-            S[n] = (byte)(H[n] ^ S[n]);
-        }
-        for(int n = 0; n < 61; n++)
-        {
-            fw(S);
-        }
-        System.arraycopy(S, 0, H, 0, H.length);
-    }
-
-    private void finish()
-    {
-        Pack.longToLittleEndian(byteCount * 8, L, 0); // get length into L (byteCount * 8 = bitCount)
-
-        while (xBufOff != 0)
-        {
-            update((byte)0);
-        }
-
-        processBlock(L, 0);
-        processBlock(Sum, 0);
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        System.arraycopy(H, 0, out, outOff, H.length);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables to the IV values.
-     */
-    private static final byte[]  C2 = {
-       0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,
-       (byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,(byte)0xFF,0x00,
-       0x00,(byte)0xFF,(byte)0xFF,0x00,(byte)0xFF,0x00,0x00,(byte)0xFF,
-       (byte)0xFF,0x00,0x00,0x00,(byte)0xFF,(byte)0xFF,0x00,(byte)0xFF};
-
-    public void reset()
-    {
-        byteCount = 0;
-        xBufOff = 0;
-
-        for(int i=0; i (Sum + a mod (2^256))
-    private void sumByteArray(byte[] in)
-    {
-        int carry = 0;
-
-        for (int i = 0; i != Sum.length; i++)
-        {
-            int sum = (Sum[i] & 0xff) + (in[i] & 0xff) + carry;
-
-            Sum[i] = (byte)sum;
-
-            carry = sum >>> 8;
-        }
-    }
-
-    private void cpyBytesToShort(byte[] S, short[] wS)
-    {
-        for(int i=0; i> 8);
-            S[i*2] = (byte)wS[i];
-        }
-    }
-
-   public int getByteLength() 
-   {
-      return 32;
-   }
-}
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java
deleted file mode 100644
index f2c996744..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.ExtendedDigest;
-
-/**
- * base implementation of MD4 family style digest as outlined in
- * "Handbook of Applied Cryptography", pages 344 - 347.
- */
-public abstract class GeneralDigest
-    implements ExtendedDigest
-{
-    private static final int BYTE_LENGTH = 64;
-    private byte[]  xBuf;
-    private int     xBufOff;
-
-    private long    byteCount;
-
-    /**
-     * Standard constructor
-     */
-    protected GeneralDigest()
-    {
-        xBuf = new byte[4];
-        xBufOff = 0;
-    }
-
-    /**
-     * Copy constructor.  We are using copy constructors in place
-     * of the Object.clone() interface as this interface is not
-     * supported by J2ME.
-     */
-    protected GeneralDigest(GeneralDigest t)
-    {
-        xBuf = new byte[t.xBuf.length];
-        System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length);
-
-        xBufOff = t.xBufOff;
-        byteCount = t.byteCount;
-    }
-
-    public void update(
-        byte in)
-    {
-        xBuf[xBufOff++] = in;
-
-        if (xBufOff == xBuf.length)
-        {
-            processWord(xBuf, 0);
-            xBufOff = 0;
-        }
-
-        byteCount++;
-    }
-
-    public void update(
-        byte[]  in,
-        int     inOff,
-        int     len)
-    {
-        //
-        // fill the current word
-        //
-        while ((xBufOff != 0) && (len > 0))
-        {
-            update(in[inOff]);
-
-            inOff++;
-            len--;
-        }
-
-        //
-        // process whole words.
-        //
-        while (len > xBuf.length)
-        {
-            processWord(in, inOff);
-
-            inOff += xBuf.length;
-            len -= xBuf.length;
-            byteCount += xBuf.length;
-        }
-
-        //
-        // load in the remainder.
-        //
-        while (len > 0)
-        {
-            update(in[inOff]);
-
-            inOff++;
-            len--;
-        }
-    }
-
-    public void finish()
-    {
-        long    bitLength = (byteCount << 3);
-
-        //
-        // add the pad bytes.
-        //
-        update((byte)128);
-
-        while (xBufOff != 0)
-        {
-            update((byte)0);
-        }
-
-        processLength(bitLength);
-
-        processBlock();
-    }
-
-    public void reset()
-    {
-        byteCount = 0;
-
-        xBufOff = 0;
-        for (int i = 0; i < xBuf.length; i++)
-        {
-            xBuf[i] = 0;
-        }
-    }
-
-    public int getByteLength()
-    {
-        return BYTE_LENGTH;
-    }
-    
-    protected abstract void processWord(byte[] in, int inOff);
-
-    protected abstract void processLength(long bitLength);
-
-    protected abstract void processBlock();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java
deleted file mode 100644
index 22d457bfd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java
+++ /dev/null
@@ -1,354 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.ExtendedDigest;
-import org.bouncycastle.crypto.util.Pack;
-
-/**
- * Base class for SHA-384 and SHA-512.
- */
-public abstract class LongDigest
-    implements ExtendedDigest
-{
-    private static final int BYTE_LENGTH = 128;
-    
-    private byte[]  xBuf;
-    private int     xBufOff;
-
-    private long    byteCount1;
-    private long    byteCount2;
-
-    protected long    H1, H2, H3, H4, H5, H6, H7, H8;
-
-    private long[]  W = new long[80];
-    private int     wOff;
-
-    /**
-     * Constructor for variable length word
-     */
-    protected LongDigest()
-    {
-        xBuf = new byte[8];
-        xBufOff = 0;
-
-        reset();
-    }
-
-    /**
-     * Copy constructor.  We are using copy constructors in place
-     * of the Object.clone() interface as this interface is not
-     * supported by J2ME.
-     */
-    protected LongDigest(LongDigest t)
-    {
-        xBuf = new byte[t.xBuf.length];
-        System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length);
-
-        xBufOff = t.xBufOff;
-        byteCount1 = t.byteCount1;
-        byteCount2 = t.byteCount2;
-
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-        H5 = t.H5;
-        H6 = t.H6;
-        H7 = t.H7;
-        H8 = t.H8;
-
-        System.arraycopy(t.W, 0, W, 0, t.W.length);
-        wOff = t.wOff;
-    }
-
-    public void update(
-        byte in)
-    {
-        xBuf[xBufOff++] = in;
-
-        if (xBufOff == xBuf.length)
-        {
-            processWord(xBuf, 0);
-            xBufOff = 0;
-        }
-
-        byteCount1++;
-    }
-
-    public void update(
-        byte[]  in,
-        int     inOff,
-        int     len)
-    {
-        //
-        // fill the current word
-        //
-        while ((xBufOff != 0) && (len > 0))
-        {
-            update(in[inOff]);
-
-            inOff++;
-            len--;
-        }
-
-        //
-        // process whole words.
-        //
-        while (len > xBuf.length)
-        {
-            processWord(in, inOff);
-
-            inOff += xBuf.length;
-            len -= xBuf.length;
-            byteCount1 += xBuf.length;
-        }
-
-        //
-        // load in the remainder.
-        //
-        while (len > 0)
-        {
-            update(in[inOff]);
-
-            inOff++;
-            len--;
-        }
-    }
-
-    public void finish()
-    {
-        adjustByteCounts();
-
-        long    lowBitLength = byteCount1 << 3;
-        long    hiBitLength = byteCount2;
-
-        //
-        // add the pad bytes.
-        //
-        update((byte)128);
-
-        while (xBufOff != 0)
-        {
-            update((byte)0);
-        }
-
-        processLength(lowBitLength, hiBitLength);
-
-        processBlock();
-    }
-
-    public void reset()
-    {
-        byteCount1 = 0;
-        byteCount2 = 0;
-
-        xBufOff = 0;
-        for (int i = 0; i < xBuf.length; i++)
-        {
-            xBuf[i] = 0;
-        }
-
-        wOff = 0;
-        for (int i = 0; i != W.length; i++)
-        {
-            W[i] = 0;
-        }
-    }
-
-    public int getByteLength()
-    {
-        return BYTE_LENGTH;
-    }
-    
-    protected void processWord(
-        byte[]  in,
-        int     inOff)
-    {
-        W[wOff] = Pack.bigEndianToLong(in, inOff);
-
-        if (++wOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    /**
-     * adjust the byte counts so that byteCount2 represents the
-     * upper long (less 3 bits) word of the byte count.
-     */
-    private void adjustByteCounts()
-    {
-        if (byteCount1 > 0x1fffffffffffffffL)
-        {
-            byteCount2 += (byteCount1 >>> 61);
-            byteCount1 &= 0x1fffffffffffffffL;
-        }
-    }
-
-    protected void processLength(
-        long    lowW,
-        long    hiW)
-    {
-        if (wOff > 14)
-        {
-            processBlock();
-        }
-
-        W[14] = hiW;
-        W[15] = lowW;
-    }
-
-    protected void processBlock()
-    {
-        adjustByteCounts();
-
-        //
-        // expand 16 word block into 80 word blocks.
-        //
-        for (int t = 16; t <= 79; t++)
-        {
-            W[t] = Sigma1(W[t - 2]) + W[t - 7] + Sigma0(W[t - 15]) + W[t - 16];
-        }
-
-        //
-        // set up working variables.
-        //
-        long     a = H1;
-        long     b = H2;
-        long     c = H3;
-        long     d = H4;
-        long     e = H5;
-        long     f = H6;
-        long     g = H7;
-        long     h = H8;
-
-        int t = 0;     
-        for(int i = 0; i < 10; i ++)
-        {
-          // t = 8 * i
-          h += Sum1(e) + Ch(e, f, g) + K[t] + W[t++];
-          d += h;
-          h += Sum0(a) + Maj(a, b, c);
-
-          // t = 8 * i + 1
-          g += Sum1(d) + Ch(d, e, f) + K[t] + W[t++];
-          c += g;
-          g += Sum0(h) + Maj(h, a, b);
-
-          // t = 8 * i + 2
-          f += Sum1(c) + Ch(c, d, e) + K[t] + W[t++];
-          b += f;
-          f += Sum0(g) + Maj(g, h, a);
-
-          // t = 8 * i + 3
-          e += Sum1(b) + Ch(b, c, d) + K[t] + W[t++];
-          a += e;
-          e += Sum0(f) + Maj(f, g, h);
-
-          // t = 8 * i + 4
-          d += Sum1(a) + Ch(a, b, c) + K[t] + W[t++];
-          h += d;
-          d += Sum0(e) + Maj(e, f, g);
-
-          // t = 8 * i + 5
-          c += Sum1(h) + Ch(h, a, b) + K[t] + W[t++];
-          g += c;
-          c += Sum0(d) + Maj(d, e, f);
-
-          // t = 8 * i + 6
-          b += Sum1(g) + Ch(g, h, a) + K[t] + W[t++];
-          f += b;
-          b += Sum0(c) + Maj(c, d, e);
-
-          // t = 8 * i + 7
-          a += Sum1(f) + Ch(f, g, h) + K[t] + W[t++];
-          e += a;
-          a += Sum0(b) + Maj(b, c, d);
-        }
- 
-        H1 += a;
-        H2 += b;
-        H3 += c;
-        H4 += d;
-        H5 += e;
-        H6 += f;
-        H7 += g;
-        H8 += h;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        wOff = 0;
-        for (int i = 0; i < 16; i++)
-        {
-            W[i] = 0;
-        }
-    }
-
-    /* SHA-384 and SHA-512 functions (as for SHA-256 but for longs) */
-    private long Ch(
-        long    x,
-        long    y,
-        long    z)
-    {
-        return ((x & y) ^ ((~x) & z));
-    }
-
-    private long Maj(
-        long    x,
-        long    y,
-        long    z)
-    {
-        return ((x & y) ^ (x & z) ^ (y & z));
-    }
-
-    private long Sum0(
-        long    x)
-    {
-        return ((x << 36)|(x >>> 28)) ^ ((x << 30)|(x >>> 34)) ^ ((x << 25)|(x >>> 39));
-    }
-
-    private long Sum1(
-        long    x)
-    {
-        return ((x << 50)|(x >>> 14)) ^ ((x << 46)|(x >>> 18)) ^ ((x << 23)|(x >>> 41));
-    }
-
-    private long Sigma0(
-        long    x)
-    {
-        return ((x << 63)|(x >>> 1)) ^ ((x << 56)|(x >>> 8)) ^ (x >>> 7);
-    }
-
-    private long Sigma1(
-        long    x)
-    {
-        return ((x << 45)|(x >>> 19)) ^ ((x << 3)|(x >>> 61)) ^ (x >>> 6);
-    }
-
-    /* SHA-384 and SHA-512 Constants
-     * (represent the first 64 bits of the fractional parts of the
-     * cube roots of the first sixty-four prime numbers)
-     */
-    static final long K[] = {
-0x428a2f98d728ae22L, 0x7137449123ef65cdL, 0xb5c0fbcfec4d3b2fL, 0xe9b5dba58189dbbcL,
-0x3956c25bf348b538L, 0x59f111f1b605d019L, 0x923f82a4af194f9bL, 0xab1c5ed5da6d8118L,
-0xd807aa98a3030242L, 0x12835b0145706fbeL, 0x243185be4ee4b28cL, 0x550c7dc3d5ffb4e2L,
-0x72be5d74f27b896fL, 0x80deb1fe3b1696b1L, 0x9bdc06a725c71235L, 0xc19bf174cf692694L,
-0xe49b69c19ef14ad2L, 0xefbe4786384f25e3L, 0x0fc19dc68b8cd5b5L, 0x240ca1cc77ac9c65L,
-0x2de92c6f592b0275L, 0x4a7484aa6ea6e483L, 0x5cb0a9dcbd41fbd4L, 0x76f988da831153b5L,
-0x983e5152ee66dfabL, 0xa831c66d2db43210L, 0xb00327c898fb213fL, 0xbf597fc7beef0ee4L,
-0xc6e00bf33da88fc2L, 0xd5a79147930aa725L, 0x06ca6351e003826fL, 0x142929670a0e6e70L,
-0x27b70a8546d22ffcL, 0x2e1b21385c26c926L, 0x4d2c6dfc5ac42aedL, 0x53380d139d95b3dfL,
-0x650a73548baf63deL, 0x766a0abb3c77b2a8L, 0x81c2c92e47edaee6L, 0x92722c851482353bL,
-0xa2bfe8a14cf10364L, 0xa81a664bbc423001L, 0xc24b8b70d0f89791L, 0xc76c51a30654be30L,
-0xd192e819d6ef5218L, 0xd69906245565a910L, 0xf40e35855771202aL, 0x106aa07032bbd1b8L,
-0x19a4c116b8d2d0c8L, 0x1e376c085141ab53L, 0x2748774cdf8eeb99L, 0x34b0bcb5e19b48a8L,
-0x391c0cb3c5c95a63L, 0x4ed8aa4ae3418acbL, 0x5b9cca4f7763e373L, 0x682e6ff3d6b2b8a3L,
-0x748f82ee5defb2fcL, 0x78a5636f43172f60L, 0x84c87814a1f0ab72L, 0x8cc702081a6439ecL,
-0x90befffa23631e28L, 0xa4506cebde82bde9L, 0xbef9a3f7b2c67915L, 0xc67178f2e372532bL,
-0xca273eceea26619cL, 0xd186b8c721c0c207L, 0xeada7dd6cde0eb1eL, 0xf57d4f7fee6ed178L,
-0x06f067aa72176fbaL, 0x0a637dc5a2c898a6L, 0x113f9804bef90daeL, 0x1b710b35131c471bL,
-0x28db77f523047d84L, 0x32caab7b40c72493L, 0x3c9ebe0a15c9bebcL, 0x431d67c49c100d4cL,
-0x4cc5d4becb3e42b6L, 0x597f299cfc657e2aL, 0x5fcb6fab3ad6faecL, 0x6c44198c4a475817L
-    };
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java
deleted file mode 100644
index 0edafbc15..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD2Digest.java
+++ /dev/null
@@ -1,237 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.*;
-/**
- * implementation of MD2
- * as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992
- */
-public class MD2Digest
-    implements ExtendedDigest
-{
-    private static final int DIGEST_LENGTH = 16;
-
-    /* X buffer */
-    private byte[]   X = new byte[48];
-    private int     xOff;
-    /* M buffer */
-    private byte[]   M = new byte[16];
-    private int     mOff;
-    /* check sum */
-    private byte[]   C = new byte[16];
-    private int COff;
-
-    public MD2Digest()
-    {
-        reset();
-    }
-    public MD2Digest(MD2Digest t)
-    {
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-        System.arraycopy(t.M, 0, M, 0, t.M.length);
-        mOff = t.mOff;
-        System.arraycopy(t.C, 0, C, 0, t.C.length);
-        COff = t.COff;
-    }
-    /**
-     * return the algorithm name
-     *
-     * @return the algorithm name
-     */
-    public String getAlgorithmName()
-    {
-        return "MD2";
-    }
-    /**
-     * return the size, in bytes, of the digest produced by this message digest.
-     *
-     * @return the size, in bytes, of the digest produced by this message digest.
-     */
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-    /**
-     * close the digest, producing the final digest value. The doFinal
-     * call leaves the digest reset.
-     *
-     * @param out the array the digest is to be copied into.
-     * @param outOff the offset into the out array the digest is to start at.
-     */
-    public int doFinal(byte[] out, int outOff)
-    {
-        // add padding
-        byte paddingByte = (byte)(M.length-mOff);
-        for (int i=mOff;i 0))
-        {
-            update(in[inOff]);
-            inOff++;
-            len--;
-        }
-
-        //
-        // process whole words.
-        //
-        while (len > 16)
-        {
-            System.arraycopy(in,inOff,M,0,16);
-            processCheckSum(M);
-            processBlock(M);
-            len -= 16;
-            inOff += 16;
-        }
-
-        //
-        // load in the remainder.
-        //
-        while (len > 0)
-        {
-            update(in[inOff]);
-            inOff++;
-            len--;
-        }
-    }
-    protected void processCheckSum(byte[] m)
-    {
-        int L = C[15];
-        for (int i=0;i<16;i++)
-        {
-            C[i] ^= S[(m[i] ^ L) & 0xff];
-            L = C[i];
-        }
-    }
-    protected void processBlock(byte[] m)
-    {
-        for (int i=0;i<16;i++)
-        {
-            X[i+16] = m[i];
-            X[i+32] = (byte)(m[i] ^ X[i]);
-        }
-        // encrypt block
-        int t = 0;
-
-        for (int j=0;j<18;j++)
-        {
-            for (int k=0;k<48;k++)
-            {
-                t = X[k] ^= S[t];
-                t = t & 0xff;
-            }
-            t = (t + j)%256;
-        }
-     }
-     // 256-byte random permutation constructed from the digits of PI
-    private static final byte[] S = {
-      (byte)41,(byte)46,(byte)67,(byte)201,(byte)162,(byte)216,(byte)124,
-      (byte)1,(byte)61,(byte)54,(byte)84,(byte)161,(byte)236,(byte)240,
-      (byte)6,(byte)19,(byte)98,(byte)167,(byte)5,(byte)243,(byte)192,
-      (byte)199,(byte)115,(byte)140,(byte)152,(byte)147,(byte)43,(byte)217,
-      (byte)188,(byte)76,(byte)130,(byte)202,(byte)30,(byte)155,(byte)87,
-      (byte)60,(byte)253,(byte)212,(byte)224,(byte)22,(byte)103,(byte)66,
-      (byte)111,(byte)24,(byte)138,(byte)23,(byte)229,(byte)18,(byte)190,
-      (byte)78,(byte)196,(byte)214,(byte)218,(byte)158,(byte)222,(byte)73,
-      (byte)160,(byte)251,(byte)245,(byte)142,(byte)187,(byte)47,(byte)238,
-      (byte)122,(byte)169,(byte)104,(byte)121,(byte)145,(byte)21,(byte)178,
-      (byte)7,(byte)63,(byte)148,(byte)194,(byte)16,(byte)137,(byte)11,
-      (byte)34,(byte)95,(byte)33,(byte)128,(byte)127,(byte)93,(byte)154,
-      (byte)90,(byte)144,(byte)50,(byte)39,(byte)53,(byte)62,(byte)204,
-      (byte)231,(byte)191,(byte)247,(byte)151,(byte)3,(byte)255,(byte)25,
-      (byte)48,(byte)179,(byte)72,(byte)165,(byte)181,(byte)209,(byte)215,
-      (byte)94,(byte)146,(byte)42,(byte)172,(byte)86,(byte)170,(byte)198,
-      (byte)79,(byte)184,(byte)56,(byte)210,(byte)150,(byte)164,(byte)125,
-      (byte)182,(byte)118,(byte)252,(byte)107,(byte)226,(byte)156,(byte)116,
-      (byte)4,(byte)241,(byte)69,(byte)157,(byte)112,(byte)89,(byte)100,
-      (byte)113,(byte)135,(byte)32,(byte)134,(byte)91,(byte)207,(byte)101,
-      (byte)230,(byte)45,(byte)168,(byte)2,(byte)27,(byte)96,(byte)37,
-      (byte)173,(byte)174,(byte)176,(byte)185,(byte)246,(byte)28,(byte)70,
-      (byte)97,(byte)105,(byte)52,(byte)64,(byte)126,(byte)15,(byte)85,
-      (byte)71,(byte)163,(byte)35,(byte)221,(byte)81,(byte)175,(byte)58,
-      (byte)195,(byte)92,(byte)249,(byte)206,(byte)186,(byte)197,(byte)234,
-      (byte)38,(byte)44,(byte)83,(byte)13,(byte)110,(byte)133,(byte)40,
-      (byte)132, 9,(byte)211,(byte)223,(byte)205,(byte)244,(byte)65,
-      (byte)129,(byte)77,(byte)82,(byte)106,(byte)220,(byte)55,(byte)200,
-      (byte)108,(byte)193,(byte)171,(byte)250,(byte)36,(byte)225,(byte)123,
-      (byte)8,(byte)12,(byte)189,(byte)177,(byte)74,(byte)120,(byte)136,
-      (byte)149,(byte)139,(byte)227,(byte)99,(byte)232,(byte)109,(byte)233,
-      (byte)203,(byte)213,(byte)254,(byte)59,(byte)0,(byte)29,(byte)57,
-      (byte)242,(byte)239,(byte)183,(byte)14,(byte)102,(byte)88,(byte)208,
-      (byte)228,(byte)166,(byte)119,(byte)114,(byte)248,(byte)235,(byte)117,
-      (byte)75,(byte)10,(byte)49,(byte)68,(byte)80,(byte)180,(byte)143,
-      (byte)237,(byte)31,(byte)26,(byte)219,(byte)153,(byte)141,(byte)51,
-      (byte)159,(byte)17,(byte)131,(byte)20
-    };
-
-   public int getByteLength() 
-   {
-      return 16;
-   }
-}
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java
deleted file mode 100644
index 2a8084f91..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java
+++ /dev/null
@@ -1,270 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-/**
- * implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for
- * Computer Science and RSA Data Security, Inc.
- * 

- * NOTE: This algorithm is only included for backwards compatability
- * with legacy applications, it's not secure, don't use it for anything new!
- */
-public class MD4Digest
-    extends GeneralDigest
-{
-    private static final int    DIGEST_LENGTH = 16;
-
-    private int     H1, H2, H3, H4;         // IV's
-
-    private int[]   X = new int[16];
-    private int     xOff;
-
-    /**
-     * Standard constructor
-     */
-    public MD4Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public MD4Digest(MD4Digest t)
-    {
-        super(t);
-
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "MD4";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[]  in,
-        int     inOff)
-    {
-        X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8)
-            | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); 
-
-        if (xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long    bitLength)
-    {
-        if (xOff > 14)
-        {
-            processBlock();
-        }
-
-        X[14] = (int)(bitLength & 0xffffffff);
-        X[15] = (int)(bitLength >>> 32);
-    }
-
-    private void unpackWord(
-        int     word,
-        byte[]  out,
-        int     outOff)
-    {
-        out[outOff]     = (byte)word;
-        out[outOff + 1] = (byte)(word >>> 8);
-        out[outOff + 2] = (byte)(word >>> 16);
-        out[outOff + 3] = (byte)(word >>> 24);
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        unpackWord(H1, out, outOff);
-        unpackWord(H2, out, outOff + 4);
-        unpackWord(H3, out, outOff + 8);
-        unpackWord(H4, out, outOff + 12);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables to the IV values.
-     */
-    public void reset()
-    {
-        super.reset();
-
-        H1 = 0x67452301;
-        H2 = 0xefcdab89;
-        H3 = 0x98badcfe;
-        H4 = 0x10325476;
-
-        xOff = 0;
-
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    //
-    // round 1 left rotates
-    //
-    private static final int S11 = 3;
-    private static final int S12 = 7;
-    private static final int S13 = 11;
-    private static final int S14 = 19;
-
-    //
-    // round 2 left rotates
-    //
-    private static final int S21 = 3;
-    private static final int S22 = 5;
-    private static final int S23 = 9;
-    private static final int S24 = 13;
-
-    //
-    // round 3 left rotates
-    //
-    private static final int S31 = 3;
-    private static final int S32 = 9;
-    private static final int S33 = 11;
-    private static final int S34 = 15;
-
-    /*
-     * rotate int x left n bits.
-     */
-    private int rotateLeft(
-        int x,
-        int n)
-    {
-        return (x << n) | (x >>> (32 - n));
-    }
-
-    /*
-     * F, G, H and I are the basic MD4 functions.
-     */
-    private int F(
-        int u,
-        int v,
-        int w)
-    {
-        return (u & v) | (~u & w);
-    }
-
-    private int G(
-        int u,
-        int v,
-        int w)
-    {
-        return (u & v) | (u & w) | (v & w);
-    }
-
-    private int H(
-        int u,
-        int v,
-        int w)
-    {
-        return u ^ v ^ w;
-    }
-
-    protected void processBlock()
-    {
-        int a = H1;
-        int b = H2;
-        int c = H3;
-        int d = H4;
-
-        //
-        // Round 1 - F cycle, 16 times.
-        //
-        a = rotateLeft(a + F(b, c, d) + X[ 0], S11);
-        d = rotateLeft(d + F(a, b, c) + X[ 1], S12);
-        c = rotateLeft(c + F(d, a, b) + X[ 2], S13);
-        b = rotateLeft(b + F(c, d, a) + X[ 3], S14);
-        a = rotateLeft(a + F(b, c, d) + X[ 4], S11);
-        d = rotateLeft(d + F(a, b, c) + X[ 5], S12);
-        c = rotateLeft(c + F(d, a, b) + X[ 6], S13);
-        b = rotateLeft(b + F(c, d, a) + X[ 7], S14);
-        a = rotateLeft(a + F(b, c, d) + X[ 8], S11);
-        d = rotateLeft(d + F(a, b, c) + X[ 9], S12);
-        c = rotateLeft(c + F(d, a, b) + X[10], S13);
-        b = rotateLeft(b + F(c, d, a) + X[11], S14);
-        a = rotateLeft(a + F(b, c, d) + X[12], S11);
-        d = rotateLeft(d + F(a, b, c) + X[13], S12);
-        c = rotateLeft(c + F(d, a, b) + X[14], S13);
-        b = rotateLeft(b + F(c, d, a) + X[15], S14);
-
-        //
-        // Round 2 - G cycle, 16 times.
-        //
-        a = rotateLeft(a + G(b, c, d) + X[ 0] + 0x5a827999, S21);
-        d = rotateLeft(d + G(a, b, c) + X[ 4] + 0x5a827999, S22);
-        c = rotateLeft(c + G(d, a, b) + X[ 8] + 0x5a827999, S23);
-        b = rotateLeft(b + G(c, d, a) + X[12] + 0x5a827999, S24);
-        a = rotateLeft(a + G(b, c, d) + X[ 1] + 0x5a827999, S21);
-        d = rotateLeft(d + G(a, b, c) + X[ 5] + 0x5a827999, S22);
-        c = rotateLeft(c + G(d, a, b) + X[ 9] + 0x5a827999, S23);
-        b = rotateLeft(b + G(c, d, a) + X[13] + 0x5a827999, S24);
-        a = rotateLeft(a + G(b, c, d) + X[ 2] + 0x5a827999, S21);
-        d = rotateLeft(d + G(a, b, c) + X[ 6] + 0x5a827999, S22);
-        c = rotateLeft(c + G(d, a, b) + X[10] + 0x5a827999, S23);
-        b = rotateLeft(b + G(c, d, a) + X[14] + 0x5a827999, S24);
-        a = rotateLeft(a + G(b, c, d) + X[ 3] + 0x5a827999, S21);
-        d = rotateLeft(d + G(a, b, c) + X[ 7] + 0x5a827999, S22);
-        c = rotateLeft(c + G(d, a, b) + X[11] + 0x5a827999, S23);
-        b = rotateLeft(b + G(c, d, a) + X[15] + 0x5a827999, S24);
-
-        //
-        // Round 3 - H cycle, 16 times.
-        //
-        a = rotateLeft(a + H(b, c, d) + X[ 0] + 0x6ed9eba1, S31);
-        d = rotateLeft(d + H(a, b, c) + X[ 8] + 0x6ed9eba1, S32);
-        c = rotateLeft(c + H(d, a, b) + X[ 4] + 0x6ed9eba1, S33);
-        b = rotateLeft(b + H(c, d, a) + X[12] + 0x6ed9eba1, S34);
-        a = rotateLeft(a + H(b, c, d) + X[ 2] + 0x6ed9eba1, S31);
-        d = rotateLeft(d + H(a, b, c) + X[10] + 0x6ed9eba1, S32);
-        c = rotateLeft(c + H(d, a, b) + X[ 6] + 0x6ed9eba1, S33);
-        b = rotateLeft(b + H(c, d, a) + X[14] + 0x6ed9eba1, S34);
-        a = rotateLeft(a + H(b, c, d) + X[ 1] + 0x6ed9eba1, S31);
-        d = rotateLeft(d + H(a, b, c) + X[ 9] + 0x6ed9eba1, S32);
-        c = rotateLeft(c + H(d, a, b) + X[ 5] + 0x6ed9eba1, S33);
-        b = rotateLeft(b + H(c, d, a) + X[13] + 0x6ed9eba1, S34);
-        a = rotateLeft(a + H(b, c, d) + X[ 3] + 0x6ed9eba1, S31);
-        d = rotateLeft(d + H(a, b, c) + X[11] + 0x6ed9eba1, S32);
-        c = rotateLeft(c + H(d, a, b) + X[ 7] + 0x6ed9eba1, S33);
-        b = rotateLeft(b + H(c, d, a) + X[15] + 0x6ed9eba1, S34);
-
-        H1 += a;
-        H2 += b;
-        H3 += c;
-        H4 += d;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java
deleted file mode 100644
index 05ed27a62..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java
+++ /dev/null
@@ -1,302 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-/**
- * implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347.
- */
-public class MD5Digest
-    extends GeneralDigest
-{
-    private static final int    DIGEST_LENGTH = 16;
-
-    private int     H1, H2, H3, H4;         // IV's
-
-    private int[]   X = new int[16];
-    private int     xOff;
-
-    /**
-     * Standard constructor
-     */
-    public MD5Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public MD5Digest(MD5Digest t)
-    {
-        super(t);
-
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "MD5";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[]  in,
-        int     inOff)
-    {
-        X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8)
-            | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); 
-
-        if (xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long    bitLength)
-    {
-        if (xOff > 14)
-        {
-            processBlock();
-        }
-
-        X[14] = (int)(bitLength & 0xffffffff);
-        X[15] = (int)(bitLength >>> 32);
-    }
-
-    private void unpackWord(
-        int     word,
-        byte[]  out,
-        int     outOff)
-    {
-        out[outOff]     = (byte)word;
-        out[outOff + 1] = (byte)(word >>> 8);
-        out[outOff + 2] = (byte)(word >>> 16);
-        out[outOff + 3] = (byte)(word >>> 24);
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        unpackWord(H1, out, outOff);
-        unpackWord(H2, out, outOff + 4);
-        unpackWord(H3, out, outOff + 8);
-        unpackWord(H4, out, outOff + 12);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables to the IV values.
-     */
-    public void reset()
-    {
-        super.reset();
-
-        H1 = 0x67452301;
-        H2 = 0xefcdab89;
-        H3 = 0x98badcfe;
-        H4 = 0x10325476;
-
-        xOff = 0;
-
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    //
-    // round 1 left rotates
-    //
-    private static final int S11 = 7;
-    private static final int S12 = 12;
-    private static final int S13 = 17;
-    private static final int S14 = 22;
-
-    //
-    // round 2 left rotates
-    //
-    private static final int S21 = 5;
-    private static final int S22 = 9;
-    private static final int S23 = 14;
-    private static final int S24 = 20;
-
-    //
-    // round 3 left rotates
-    //
-    private static final int S31 = 4;
-    private static final int S32 = 11;
-    private static final int S33 = 16;
-    private static final int S34 = 23;
-
-    //
-    // round 4 left rotates
-    //
-    private static final int S41 = 6;
-    private static final int S42 = 10;
-    private static final int S43 = 15;
-    private static final int S44 = 21;
-
-    /*
-     * rotate int x left n bits.
-     */
-    private int rotateLeft(
-        int x,
-        int n)
-    {
-        return (x << n) | (x >>> (32 - n));
-    }
-
-    /*
-     * F, G, H and I are the basic MD5 functions.
-     */
-    private int F(
-        int u,
-        int v,
-        int w)
-    {
-        return (u & v) | (~u & w);
-    }
-
-    private int G(
-        int u,
-        int v,
-        int w)
-    {
-        return (u & w) | (v & ~w);
-    }
-
-    private int H(
-        int u,
-        int v,
-        int w)
-    {
-        return u ^ v ^ w;
-    }
-
-    private int K(
-        int u,
-        int v,
-        int w)
-    {
-        return v ^ (u | ~w);
-    }
-
-    protected void processBlock()
-    {
-        int a = H1;
-        int b = H2;
-        int c = H3;
-        int d = H4;
-
-        //
-        // Round 1 - F cycle, 16 times.
-        //
-        a = rotateLeft(a + F(b, c, d) + X[ 0] + 0xd76aa478, S11) + b;
-        d = rotateLeft(d + F(a, b, c) + X[ 1] + 0xe8c7b756, S12) + a;
-        c = rotateLeft(c + F(d, a, b) + X[ 2] + 0x242070db, S13) + d;
-        b = rotateLeft(b + F(c, d, a) + X[ 3] + 0xc1bdceee, S14) + c;
-        a = rotateLeft(a + F(b, c, d) + X[ 4] + 0xf57c0faf, S11) + b;
-        d = rotateLeft(d + F(a, b, c) + X[ 5] + 0x4787c62a, S12) + a;
-        c = rotateLeft(c + F(d, a, b) + X[ 6] + 0xa8304613, S13) + d;
-        b = rotateLeft(b + F(c, d, a) + X[ 7] + 0xfd469501, S14) + c;
-        a = rotateLeft(a + F(b, c, d) + X[ 8] + 0x698098d8, S11) + b;
-        d = rotateLeft(d + F(a, b, c) + X[ 9] + 0x8b44f7af, S12) + a;
-        c = rotateLeft(c + F(d, a, b) + X[10] + 0xffff5bb1, S13) + d;
-        b = rotateLeft(b + F(c, d, a) + X[11] + 0x895cd7be, S14) + c;
-        a = rotateLeft(a + F(b, c, d) + X[12] + 0x6b901122, S11) + b;
-        d = rotateLeft(d + F(a, b, c) + X[13] + 0xfd987193, S12) + a;
-        c = rotateLeft(c + F(d, a, b) + X[14] + 0xa679438e, S13) + d;
-        b = rotateLeft(b + F(c, d, a) + X[15] + 0x49b40821, S14) + c;
-
-        //
-        // Round 2 - G cycle, 16 times.
-        //
-        a = rotateLeft(a + G(b, c, d) + X[ 1] + 0xf61e2562, S21) + b;
-        d = rotateLeft(d + G(a, b, c) + X[ 6] + 0xc040b340, S22) + a;
-        c = rotateLeft(c + G(d, a, b) + X[11] + 0x265e5a51, S23) + d;
-        b = rotateLeft(b + G(c, d, a) + X[ 0] + 0xe9b6c7aa, S24) + c;
-        a = rotateLeft(a + G(b, c, d) + X[ 5] + 0xd62f105d, S21) + b;
-        d = rotateLeft(d + G(a, b, c) + X[10] + 0x02441453, S22) + a;
-        c = rotateLeft(c + G(d, a, b) + X[15] + 0xd8a1e681, S23) + d;
-        b = rotateLeft(b + G(c, d, a) + X[ 4] + 0xe7d3fbc8, S24) + c;
-        a = rotateLeft(a + G(b, c, d) + X[ 9] + 0x21e1cde6, S21) + b;
-        d = rotateLeft(d + G(a, b, c) + X[14] + 0xc33707d6, S22) + a;
-        c = rotateLeft(c + G(d, a, b) + X[ 3] + 0xf4d50d87, S23) + d;
-        b = rotateLeft(b + G(c, d, a) + X[ 8] + 0x455a14ed, S24) + c;
-        a = rotateLeft(a + G(b, c, d) + X[13] + 0xa9e3e905, S21) + b;
-        d = rotateLeft(d + G(a, b, c) + X[ 2] + 0xfcefa3f8, S22) + a;
-        c = rotateLeft(c + G(d, a, b) + X[ 7] + 0x676f02d9, S23) + d;
-        b = rotateLeft(b + G(c, d, a) + X[12] + 0x8d2a4c8a, S24) + c;
-
-        //
-        // Round 3 - H cycle, 16 times.
-        //
-        a = rotateLeft(a + H(b, c, d) + X[ 5] + 0xfffa3942, S31) + b;
-        d = rotateLeft(d + H(a, b, c) + X[ 8] + 0x8771f681, S32) + a;
-        c = rotateLeft(c + H(d, a, b) + X[11] + 0x6d9d6122, S33) + d;
-        b = rotateLeft(b + H(c, d, a) + X[14] + 0xfde5380c, S34) + c;
-        a = rotateLeft(a + H(b, c, d) + X[ 1] + 0xa4beea44, S31) + b;
-        d = rotateLeft(d + H(a, b, c) + X[ 4] + 0x4bdecfa9, S32) + a;
-        c = rotateLeft(c + H(d, a, b) + X[ 7] + 0xf6bb4b60, S33) + d;
-        b = rotateLeft(b + H(c, d, a) + X[10] + 0xbebfbc70, S34) + c;
-        a = rotateLeft(a + H(b, c, d) + X[13] + 0x289b7ec6, S31) + b;
-        d = rotateLeft(d + H(a, b, c) + X[ 0] + 0xeaa127fa, S32) + a;
-        c = rotateLeft(c + H(d, a, b) + X[ 3] + 0xd4ef3085, S33) + d;
-        b = rotateLeft(b + H(c, d, a) + X[ 6] + 0x04881d05, S34) + c;
-        a = rotateLeft(a + H(b, c, d) + X[ 9] + 0xd9d4d039, S31) + b;
-        d = rotateLeft(d + H(a, b, c) + X[12] + 0xe6db99e5, S32) + a;
-        c = rotateLeft(c + H(d, a, b) + X[15] + 0x1fa27cf8, S33) + d;
-        b = rotateLeft(b + H(c, d, a) + X[ 2] + 0xc4ac5665, S34) + c;
-
-        //
-        // Round 4 - K cycle, 16 times.
-        //
-        a = rotateLeft(a + K(b, c, d) + X[ 0] + 0xf4292244, S41) + b;
-        d = rotateLeft(d + K(a, b, c) + X[ 7] + 0x432aff97, S42) + a;
-        c = rotateLeft(c + K(d, a, b) + X[14] + 0xab9423a7, S43) + d;
-        b = rotateLeft(b + K(c, d, a) + X[ 5] + 0xfc93a039, S44) + c;
-        a = rotateLeft(a + K(b, c, d) + X[12] + 0x655b59c3, S41) + b;
-        d = rotateLeft(d + K(a, b, c) + X[ 3] + 0x8f0ccc92, S42) + a;
-        c = rotateLeft(c + K(d, a, b) + X[10] + 0xffeff47d, S43) + d;
-        b = rotateLeft(b + K(c, d, a) + X[ 1] + 0x85845dd1, S44) + c;
-        a = rotateLeft(a + K(b, c, d) + X[ 8] + 0x6fa87e4f, S41) + b;
-        d = rotateLeft(d + K(a, b, c) + X[15] + 0xfe2ce6e0, S42) + a;
-        c = rotateLeft(c + K(d, a, b) + X[ 6] + 0xa3014314, S43) + d;
-        b = rotateLeft(b + K(c, d, a) + X[13] + 0x4e0811a1, S44) + c;
-        a = rotateLeft(a + K(b, c, d) + X[ 4] + 0xf7537e82, S41) + b;
-        d = rotateLeft(d + K(a, b, c) + X[11] + 0xbd3af235, S42) + a;
-        c = rotateLeft(c + K(d, a, b) + X[ 2] + 0x2ad7d2bb, S43) + d;
-        b = rotateLeft(b + K(c, d, a) + X[ 9] + 0xeb86d391, S44) + c;
-
-        H1 += a;
-        H2 += b;
-        H3 += c;
-        H4 += d;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
deleted file mode 100644
index 6cb0d4ac1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import java.io.ByteArrayOutputStream;
-
-import org.bouncycastle.crypto.Digest;
-
-
-public class NullDigest
-    implements Digest
-{
-    private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-    public String getAlgorithmName()
-    {
-        return "NULL";
-    }
-
-    public int getDigestSize()
-    {
-        return bOut.size();
-    }
-
-    public void update(byte in)
-    {
-        bOut.write(in);
-    }
-
-    public void update(byte[] in, int inOff, int len)
-    {
-        bOut.write(in, inOff, len);
-    }
-
-    public int doFinal(byte[] out, int outOff)
-    {
-        byte[] res = bOut.toByteArray();
-
-        System.arraycopy(res, 0, out, outOff, res.length);
-
-        reset();
-        
-        return res.length;
-    }
-
-    public void reset()
-    {
-        bOut.reset();
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java
deleted file mode 100644
index 46fd8b39c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD128Digest.java
+++ /dev/null
@@ -1,461 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-/**
- * implementation of RIPEMD128
- */
-public class RIPEMD128Digest
-    extends GeneralDigest
-{
-    private static final int DIGEST_LENGTH = 16;
-
-    private int H0, H1, H2, H3; // IV's
-
-    private int[] X = new int[16];
-    private int xOff;
-
-    /**
-     * Standard constructor
-     */
-    public RIPEMD128Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public RIPEMD128Digest(RIPEMD128Digest t)
-    {
-        super(t);
-
-        H0 = t.H0;
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RIPEMD128";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[] in,
-        int inOff)
-    {
-        X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8)
-            | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); 
-
-        if (xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long bitLength)
-    {
-        if (xOff > 14)
-        {
-        processBlock();
-        }
-
-        X[14] = (int)(bitLength & 0xffffffff);
-        X[15] = (int)(bitLength >>> 32);
-    }
-
-    private void unpackWord(
-        int word,
-        byte[] out,
-        int outOff)
-    {
-        out[outOff]     = (byte)word;
-        out[outOff + 1] = (byte)(word >>> 8);
-        out[outOff + 2] = (byte)(word >>> 16);
-        out[outOff + 3] = (byte)(word >>> 24);
-    }
-
-    public int doFinal(
-        byte[] out,
-        int outOff)
-    {
-        finish();
-
-        unpackWord(H0, out, outOff);
-        unpackWord(H1, out, outOff + 4);
-        unpackWord(H2, out, outOff + 8);
-        unpackWord(H3, out, outOff + 12);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-    * reset the chaining variables to the IV values.
-    */
-    public void reset()
-    {
-        super.reset();
-
-        H0 = 0x67452301;
-        H1 = 0xefcdab89;
-        H2 = 0x98badcfe;
-        H3 = 0x10325476;
-
-        xOff = 0;
-
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    /*
-     * rotate int x left n bits.
-     */
-    private int RL(
-        int x,
-        int n)
-    {
-        return (x << n) | (x >>> (32 - n));
-    }
-
-    /*
-     * f1,f2,f3,f4 are the basic RIPEMD128 functions.
-     */
-
-    /*
-     * F
-     */
-    private int f1(
-        int x,
-        int y,
-        int z)
-    {
-        return x ^ y ^ z;
-    }
-
-    /*
-     * G
-     */
-    private int f2(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & y) | (~x & z);
-    }
-
-    /*
-     * H
-     */
-    private int f3(
-        int x,
-        int y,
-        int z)
-    {
-        return (x | ~y) ^ z;
-    }
-
-    /*
-     * I
-     */
-    private int f4(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & z) | (y & ~z);
-    }
-
-    private int F1(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f1(b, c, d) + x, s);
-    }
-
-    private int F2(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f2(b, c, d) + x + 0x5a827999, s);
-    }
-
-    private int F3(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f3(b, c, d) + x + 0x6ed9eba1, s);
-    }
-
-    private int F4(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f4(b, c, d) + x + 0x8f1bbcdc, s);
-    }
-
-    private int FF1(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f1(b, c, d) + x, s);
-    }
-
-    private int FF2(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-      return RL(a + f2(b, c, d) + x + 0x6d703ef3, s);
-    }
-
-    private int FF3(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-      return RL(a + f3(b, c, d) + x + 0x5c4dd124, s);
-    }
-
-    private int FF4(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-      return RL(a + f4(b, c, d) + x + 0x50a28be6, s);
-    }
-
-    protected void processBlock()
-    {
-        int a, aa;
-        int b, bb;
-        int c, cc;
-        int d, dd;
-
-        a = aa = H0;
-        b = bb = H1;
-        c = cc = H2;
-        d = dd = H3;
-
-        //
-        // Round 1
-        //
-        a = F1(a, b, c, d, X[ 0], 11);
-        d = F1(d, a, b, c, X[ 1], 14);
-        c = F1(c, d, a, b, X[ 2], 15);
-        b = F1(b, c, d, a, X[ 3], 12);
-        a = F1(a, b, c, d, X[ 4],  5);
-        d = F1(d, a, b, c, X[ 5],  8);
-        c = F1(c, d, a, b, X[ 6],  7);
-        b = F1(b, c, d, a, X[ 7],  9);
-        a = F1(a, b, c, d, X[ 8], 11);
-        d = F1(d, a, b, c, X[ 9], 13);
-        c = F1(c, d, a, b, X[10], 14);
-        b = F1(b, c, d, a, X[11], 15);
-        a = F1(a, b, c, d, X[12],  6);
-        d = F1(d, a, b, c, X[13],  7);
-        c = F1(c, d, a, b, X[14],  9);
-        b = F1(b, c, d, a, X[15],  8);
-
-        //
-        // Round 2
-        //
-        a = F2(a, b, c, d, X[ 7],  7);
-        d = F2(d, a, b, c, X[ 4],  6);
-        c = F2(c, d, a, b, X[13],  8);
-        b = F2(b, c, d, a, X[ 1], 13);
-        a = F2(a, b, c, d, X[10], 11);
-        d = F2(d, a, b, c, X[ 6],  9);
-        c = F2(c, d, a, b, X[15],  7);
-        b = F2(b, c, d, a, X[ 3], 15);
-        a = F2(a, b, c, d, X[12],  7);
-        d = F2(d, a, b, c, X[ 0], 12);
-        c = F2(c, d, a, b, X[ 9], 15);
-        b = F2(b, c, d, a, X[ 5],  9);
-        a = F2(a, b, c, d, X[ 2], 11);
-        d = F2(d, a, b, c, X[14],  7);
-        c = F2(c, d, a, b, X[11], 13);
-        b = F2(b, c, d, a, X[ 8], 12);
-
-        //
-        // Round 3
-        //
-        a = F3(a, b, c, d, X[ 3], 11);
-        d = F3(d, a, b, c, X[10], 13);
-        c = F3(c, d, a, b, X[14],  6);
-        b = F3(b, c, d, a, X[ 4],  7);
-        a = F3(a, b, c, d, X[ 9], 14);
-        d = F3(d, a, b, c, X[15],  9);
-        c = F3(c, d, a, b, X[ 8], 13);
-        b = F3(b, c, d, a, X[ 1], 15);
-        a = F3(a, b, c, d, X[ 2], 14);
-        d = F3(d, a, b, c, X[ 7],  8);
-        c = F3(c, d, a, b, X[ 0], 13);
-        b = F3(b, c, d, a, X[ 6],  6);
-        a = F3(a, b, c, d, X[13],  5);
-        d = F3(d, a, b, c, X[11], 12);
-        c = F3(c, d, a, b, X[ 5],  7);
-        b = F3(b, c, d, a, X[12],  5);
-
-        //
-        // Round 4
-        //
-        a = F4(a, b, c, d, X[ 1], 11);
-        d = F4(d, a, b, c, X[ 9], 12);
-        c = F4(c, d, a, b, X[11], 14);
-        b = F4(b, c, d, a, X[10], 15);
-        a = F4(a, b, c, d, X[ 0], 14);
-        d = F4(d, a, b, c, X[ 8], 15);
-        c = F4(c, d, a, b, X[12],  9);
-        b = F4(b, c, d, a, X[ 4],  8);
-        a = F4(a, b, c, d, X[13],  9);
-        d = F4(d, a, b, c, X[ 3], 14);
-        c = F4(c, d, a, b, X[ 7],  5);
-        b = F4(b, c, d, a, X[15],  6);
-        a = F4(a, b, c, d, X[14],  8);
-        d = F4(d, a, b, c, X[ 5],  6);
-        c = F4(c, d, a, b, X[ 6],  5);
-        b = F4(b, c, d, a, X[ 2], 12);
-
-        //
-        // Parallel round 1
-        //
-        aa = FF4(aa, bb, cc, dd, X[ 5],  8);
-        dd = FF4(dd, aa, bb, cc, X[14],  9);
-        cc = FF4(cc, dd, aa, bb, X[ 7],  9);
-        bb = FF4(bb, cc, dd, aa, X[ 0], 11);
-        aa = FF4(aa, bb, cc, dd, X[ 9], 13);
-        dd = FF4(dd, aa, bb, cc, X[ 2], 15);
-        cc = FF4(cc, dd, aa, bb, X[11], 15);
-        bb = FF4(bb, cc, dd, aa, X[ 4],  5);
-        aa = FF4(aa, bb, cc, dd, X[13],  7);
-        dd = FF4(dd, aa, bb, cc, X[ 6],  7);
-        cc = FF4(cc, dd, aa, bb, X[15],  8);
-        bb = FF4(bb, cc, dd, aa, X[ 8], 11);
-        aa = FF4(aa, bb, cc, dd, X[ 1], 14);
-        dd = FF4(dd, aa, bb, cc, X[10], 14);
-        cc = FF4(cc, dd, aa, bb, X[ 3], 12);
-        bb = FF4(bb, cc, dd, aa, X[12],  6);
-
-        //
-        // Parallel round 2
-        //
-        aa = FF3(aa, bb, cc, dd, X[ 6],  9);
-        dd = FF3(dd, aa, bb, cc, X[11], 13);
-        cc = FF3(cc, dd, aa, bb, X[ 3], 15);
-        bb = FF3(bb, cc, dd, aa, X[ 7],  7);
-        aa = FF3(aa, bb, cc, dd, X[ 0], 12);
-        dd = FF3(dd, aa, bb, cc, X[13],  8);
-        cc = FF3(cc, dd, aa, bb, X[ 5],  9);
-        bb = FF3(bb, cc, dd, aa, X[10], 11);
-        aa = FF3(aa, bb, cc, dd, X[14],  7);
-        dd = FF3(dd, aa, bb, cc, X[15],  7);
-        cc = FF3(cc, dd, aa, bb, X[ 8], 12);
-        bb = FF3(bb, cc, dd, aa, X[12],  7);
-        aa = FF3(aa, bb, cc, dd, X[ 4],  6);
-        dd = FF3(dd, aa, bb, cc, X[ 9], 15);
-        cc = FF3(cc, dd, aa, bb, X[ 1], 13);
-        bb = FF3(bb, cc, dd, aa, X[ 2], 11);
-
-        //
-        // Parallel round 3
-        //
-        aa = FF2(aa, bb, cc, dd, X[15],  9);
-        dd = FF2(dd, aa, bb, cc, X[ 5],  7);
-        cc = FF2(cc, dd, aa, bb, X[ 1], 15);
-        bb = FF2(bb, cc, dd, aa, X[ 3], 11);
-        aa = FF2(aa, bb, cc, dd, X[ 7],  8);
-        dd = FF2(dd, aa, bb, cc, X[14],  6);
-        cc = FF2(cc, dd, aa, bb, X[ 6],  6);
-        bb = FF2(bb, cc, dd, aa, X[ 9], 14);
-        aa = FF2(aa, bb, cc, dd, X[11], 12);
-        dd = FF2(dd, aa, bb, cc, X[ 8], 13);
-        cc = FF2(cc, dd, aa, bb, X[12],  5);
-        bb = FF2(bb, cc, dd, aa, X[ 2], 14);
-        aa = FF2(aa, bb, cc, dd, X[10], 13);
-        dd = FF2(dd, aa, bb, cc, X[ 0], 13);
-        cc = FF2(cc, dd, aa, bb, X[ 4],  7);
-        bb = FF2(bb, cc, dd, aa, X[13],  5);
-
-        //
-        // Parallel round 4
-        //
-        aa = FF1(aa, bb, cc, dd, X[ 8], 15);
-        dd = FF1(dd, aa, bb, cc, X[ 6],  5);
-        cc = FF1(cc, dd, aa, bb, X[ 4],  8);
-        bb = FF1(bb, cc, dd, aa, X[ 1], 11);
-        aa = FF1(aa, bb, cc, dd, X[ 3], 14);
-        dd = FF1(dd, aa, bb, cc, X[11], 14);
-        cc = FF1(cc, dd, aa, bb, X[15],  6);
-        bb = FF1(bb, cc, dd, aa, X[ 0], 14);
-        aa = FF1(aa, bb, cc, dd, X[ 5],  6);
-        dd = FF1(dd, aa, bb, cc, X[12],  9);
-        cc = FF1(cc, dd, aa, bb, X[ 2], 12);
-        bb = FF1(bb, cc, dd, aa, X[13],  9);
-        aa = FF1(aa, bb, cc, dd, X[ 9], 12);
-        dd = FF1(dd, aa, bb, cc, X[ 7],  5);
-        cc = FF1(cc, dd, aa, bb, X[10], 15);
-        bb = FF1(bb, cc, dd, aa, X[14],  8);
-
-        dd += c + H1;               // final result for H0
-
-        //
-        // combine the results
-        //
-        H1 = H2 + d + aa;
-        H2 = H3 + a + bb;
-        H3 = H0 + b + cc;
-        H0 = dd;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java
deleted file mode 100644
index 2351357c0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java
+++ /dev/null
@@ -1,422 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-/**
- * implementation of RIPEMD see,
- * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
- */
-public class RIPEMD160Digest
-    extends GeneralDigest
-{
-    private static final int DIGEST_LENGTH = 20;
-
-    private int H0, H1, H2, H3, H4; // IV's
-
-    private int[] X = new int[16];
-    private int xOff;
-
-    /**
-     * Standard constructor
-     */
-    public RIPEMD160Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public RIPEMD160Digest(RIPEMD160Digest t)
-    {
-        super(t);
-
-        H0 = t.H0;
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RIPEMD160";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[] in,
-        int inOff)
-    {
-        X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8)
-            | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); 
-
-        if (xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long bitLength)
-    {
-        if (xOff > 14)
-        {
-        processBlock();
-        }
-
-        X[14] = (int)(bitLength & 0xffffffff);
-        X[15] = (int)(bitLength >>> 32);
-    }
-
-    private void unpackWord(
-        int word,
-        byte[] out,
-        int outOff)
-    {
-        out[outOff]     = (byte)word;
-        out[outOff + 1] = (byte)(word >>> 8);
-        out[outOff + 2] = (byte)(word >>> 16);
-        out[outOff + 3] = (byte)(word >>> 24);
-    }
-
-    public int doFinal(
-        byte[] out,
-        int outOff)
-    {
-        finish();
-
-        unpackWord(H0, out, outOff);
-        unpackWord(H1, out, outOff + 4);
-        unpackWord(H2, out, outOff + 8);
-        unpackWord(H3, out, outOff + 12);
-        unpackWord(H4, out, outOff + 16);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-    * reset the chaining variables to the IV values.
-    */
-    public void reset()
-    {
-        super.reset();
-
-        H0 = 0x67452301;
-        H1 = 0xefcdab89;
-        H2 = 0x98badcfe;
-        H3 = 0x10325476;
-        H4 = 0xc3d2e1f0;
-
-        xOff = 0;
-
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    /*
-     * rotate int x left n bits.
-     */
-    private int RL(
-        int x,
-        int n)
-    {
-        return (x << n) | (x >>> (32 - n));
-    }
-
-    /*
-     * f1,f2,f3,f4,f5 are the basic RIPEMD160 functions.
-     */
-
-    /*
-     * rounds 0-15
-     */
-    private int f1(
-        int x,
-        int y,
-        int z)
-    {
-        return x ^ y ^ z;
-    }
-
-    /*
-     * rounds 16-31
-     */
-    private int f2(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & y) | (~x & z);
-    }
-
-    /*
-     * rounds 32-47
-     */
-    private int f3(
-        int x,
-        int y,
-        int z)
-    {
-        return (x | ~y) ^ z;
-    }
-
-    /*
-     * rounds 48-63
-     */
-    private int f4(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & z) | (y & ~z);
-    }
-
-    /*
-     * rounds 64-79
-     */
-    private int f5(
-        int x,
-        int y,
-        int z)
-    {
-        return x ^ (y | ~z);
-    }
-
-    protected void processBlock()
-    {
-        int a, aa;
-        int b, bb;
-        int c, cc;
-        int d, dd;
-        int e, ee;
-
-        a = aa = H0;
-        b = bb = H1;
-        c = cc = H2;
-        d = dd = H3;
-        e = ee = H4;
-
-        //
-        // Rounds 1 - 16
-        //
-        // left
-        a = RL(a + f1(b,c,d) + X[ 0], 11) + e; c = RL(c, 10);
-        e = RL(e + f1(a,b,c) + X[ 1], 14) + d; b = RL(b, 10);
-        d = RL(d + f1(e,a,b) + X[ 2], 15) + c; a = RL(a, 10);
-        c = RL(c + f1(d,e,a) + X[ 3], 12) + b; e = RL(e, 10);
-        b = RL(b + f1(c,d,e) + X[ 4],  5) + a; d = RL(d, 10);
-        a = RL(a + f1(b,c,d) + X[ 5],  8) + e; c = RL(c, 10);
-        e = RL(e + f1(a,b,c) + X[ 6],  7) + d; b = RL(b, 10);
-        d = RL(d + f1(e,a,b) + X[ 7],  9) + c; a = RL(a, 10);
-        c = RL(c + f1(d,e,a) + X[ 8], 11) + b; e = RL(e, 10);
-        b = RL(b + f1(c,d,e) + X[ 9], 13) + a; d = RL(d, 10);
-        a = RL(a + f1(b,c,d) + X[10], 14) + e; c = RL(c, 10);
-        e = RL(e + f1(a,b,c) + X[11], 15) + d; b = RL(b, 10);
-        d = RL(d + f1(e,a,b) + X[12],  6) + c; a = RL(a, 10);
-        c = RL(c + f1(d,e,a) + X[13],  7) + b; e = RL(e, 10);
-        b = RL(b + f1(c,d,e) + X[14],  9) + a; d = RL(d, 10);
-        a = RL(a + f1(b,c,d) + X[15],  8) + e; c = RL(c, 10);
-
-        // right
-        aa = RL(aa + f5(bb,cc,dd) + X[ 5] + 0x50a28be6,  8) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f5(aa,bb,cc) + X[14] + 0x50a28be6,  9) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f5(ee,aa,bb) + X[ 7] + 0x50a28be6,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f5(dd,ee,aa) + X[ 0] + 0x50a28be6, 11) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f5(cc,dd,ee) + X[ 9] + 0x50a28be6, 13) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f5(bb,cc,dd) + X[ 2] + 0x50a28be6, 15) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f5(aa,bb,cc) + X[11] + 0x50a28be6, 15) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f5(ee,aa,bb) + X[ 4] + 0x50a28be6,  5) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f5(dd,ee,aa) + X[13] + 0x50a28be6,  7) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f5(cc,dd,ee) + X[ 6] + 0x50a28be6,  7) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f5(bb,cc,dd) + X[15] + 0x50a28be6,  8) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f5(aa,bb,cc) + X[ 8] + 0x50a28be6, 11) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f5(ee,aa,bb) + X[ 1] + 0x50a28be6, 14) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f5(dd,ee,aa) + X[10] + 0x50a28be6, 14) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f5(cc,dd,ee) + X[ 3] + 0x50a28be6, 12) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f5(bb,cc,dd) + X[12] + 0x50a28be6,  6) + ee; cc = RL(cc, 10);
-
-        //
-        // Rounds 16-31
-        //
-        // left
-        e = RL(e + f2(a,b,c) + X[ 7] + 0x5a827999,  7) + d; b = RL(b, 10);
-        d = RL(d + f2(e,a,b) + X[ 4] + 0x5a827999,  6) + c; a = RL(a, 10);
-        c = RL(c + f2(d,e,a) + X[13] + 0x5a827999,  8) + b; e = RL(e, 10);
-        b = RL(b + f2(c,d,e) + X[ 1] + 0x5a827999, 13) + a; d = RL(d, 10);
-        a = RL(a + f2(b,c,d) + X[10] + 0x5a827999, 11) + e; c = RL(c, 10);
-        e = RL(e + f2(a,b,c) + X[ 6] + 0x5a827999,  9) + d; b = RL(b, 10);
-        d = RL(d + f2(e,a,b) + X[15] + 0x5a827999,  7) + c; a = RL(a, 10);
-        c = RL(c + f2(d,e,a) + X[ 3] + 0x5a827999, 15) + b; e = RL(e, 10);
-        b = RL(b + f2(c,d,e) + X[12] + 0x5a827999,  7) + a; d = RL(d, 10);
-        a = RL(a + f2(b,c,d) + X[ 0] + 0x5a827999, 12) + e; c = RL(c, 10);
-        e = RL(e + f2(a,b,c) + X[ 9] + 0x5a827999, 15) + d; b = RL(b, 10);
-        d = RL(d + f2(e,a,b) + X[ 5] + 0x5a827999,  9) + c; a = RL(a, 10);
-        c = RL(c + f2(d,e,a) + X[ 2] + 0x5a827999, 11) + b; e = RL(e, 10);
-        b = RL(b + f2(c,d,e) + X[14] + 0x5a827999,  7) + a; d = RL(d, 10);
-        a = RL(a + f2(b,c,d) + X[11] + 0x5a827999, 13) + e; c = RL(c, 10);
-        e = RL(e + f2(a,b,c) + X[ 8] + 0x5a827999, 12) + d; b = RL(b, 10);
-
-        // right
-        ee = RL(ee + f4(aa,bb,cc) + X[ 6] + 0x5c4dd124,  9) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f4(ee,aa,bb) + X[11] + 0x5c4dd124, 13) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f4(dd,ee,aa) + X[ 3] + 0x5c4dd124, 15) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f4(cc,dd,ee) + X[ 7] + 0x5c4dd124,  7) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f4(bb,cc,dd) + X[ 0] + 0x5c4dd124, 12) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f4(aa,bb,cc) + X[13] + 0x5c4dd124,  8) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f4(ee,aa,bb) + X[ 5] + 0x5c4dd124,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f4(dd,ee,aa) + X[10] + 0x5c4dd124, 11) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f4(cc,dd,ee) + X[14] + 0x5c4dd124,  7) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f4(bb,cc,dd) + X[15] + 0x5c4dd124,  7) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f4(aa,bb,cc) + X[ 8] + 0x5c4dd124, 12) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f4(ee,aa,bb) + X[12] + 0x5c4dd124,  7) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f4(dd,ee,aa) + X[ 4] + 0x5c4dd124,  6) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f4(cc,dd,ee) + X[ 9] + 0x5c4dd124, 15) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f4(bb,cc,dd) + X[ 1] + 0x5c4dd124, 13) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f4(aa,bb,cc) + X[ 2] + 0x5c4dd124, 11) + dd; bb = RL(bb, 10);
-
-        //
-        // Rounds 32-47
-        //
-        // left
-        d = RL(d + f3(e,a,b) + X[ 3] + 0x6ed9eba1, 11) + c; a = RL(a, 10);
-        c = RL(c + f3(d,e,a) + X[10] + 0x6ed9eba1, 13) + b; e = RL(e, 10);
-        b = RL(b + f3(c,d,e) + X[14] + 0x6ed9eba1,  6) + a; d = RL(d, 10);
-        a = RL(a + f3(b,c,d) + X[ 4] + 0x6ed9eba1,  7) + e; c = RL(c, 10);
-        e = RL(e + f3(a,b,c) + X[ 9] + 0x6ed9eba1, 14) + d; b = RL(b, 10);
-        d = RL(d + f3(e,a,b) + X[15] + 0x6ed9eba1,  9) + c; a = RL(a, 10);
-        c = RL(c + f3(d,e,a) + X[ 8] + 0x6ed9eba1, 13) + b; e = RL(e, 10);
-        b = RL(b + f3(c,d,e) + X[ 1] + 0x6ed9eba1, 15) + a; d = RL(d, 10);
-        a = RL(a + f3(b,c,d) + X[ 2] + 0x6ed9eba1, 14) + e; c = RL(c, 10);
-        e = RL(e + f3(a,b,c) + X[ 7] + 0x6ed9eba1,  8) + d; b = RL(b, 10);
-        d = RL(d + f3(e,a,b) + X[ 0] + 0x6ed9eba1, 13) + c; a = RL(a, 10);
-        c = RL(c + f3(d,e,a) + X[ 6] + 0x6ed9eba1,  6) + b; e = RL(e, 10);
-        b = RL(b + f3(c,d,e) + X[13] + 0x6ed9eba1,  5) + a; d = RL(d, 10);
-        a = RL(a + f3(b,c,d) + X[11] + 0x6ed9eba1, 12) + e; c = RL(c, 10);
-        e = RL(e + f3(a,b,c) + X[ 5] + 0x6ed9eba1,  7) + d; b = RL(b, 10);
-        d = RL(d + f3(e,a,b) + X[12] + 0x6ed9eba1,  5) + c; a = RL(a, 10);
-
-        // right
-        dd = RL(dd + f3(ee,aa,bb) + X[15] + 0x6d703ef3,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f3(dd,ee,aa) + X[ 5] + 0x6d703ef3,  7) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f3(cc,dd,ee) + X[ 1] + 0x6d703ef3, 15) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f3(bb,cc,dd) + X[ 3] + 0x6d703ef3, 11) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f3(aa,bb,cc) + X[ 7] + 0x6d703ef3,  8) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f3(ee,aa,bb) + X[14] + 0x6d703ef3,  6) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f3(dd,ee,aa) + X[ 6] + 0x6d703ef3,  6) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f3(cc,dd,ee) + X[ 9] + 0x6d703ef3, 14) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f3(bb,cc,dd) + X[11] + 0x6d703ef3, 12) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f3(aa,bb,cc) + X[ 8] + 0x6d703ef3, 13) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f3(ee,aa,bb) + X[12] + 0x6d703ef3,  5) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f3(dd,ee,aa) + X[ 2] + 0x6d703ef3, 14) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f3(cc,dd,ee) + X[10] + 0x6d703ef3, 13) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f3(bb,cc,dd) + X[ 0] + 0x6d703ef3, 13) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f3(aa,bb,cc) + X[ 4] + 0x6d703ef3,  7) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f3(ee,aa,bb) + X[13] + 0x6d703ef3,  5) + cc; aa = RL(aa, 10);
-
-        //
-        // Rounds 48-63
-        //
-        // left
-        c = RL(c + f4(d,e,a) + X[ 1] + 0x8f1bbcdc, 11) + b; e = RL(e, 10);
-        b = RL(b + f4(c,d,e) + X[ 9] + 0x8f1bbcdc, 12) + a; d = RL(d, 10);
-        a = RL(a + f4(b,c,d) + X[11] + 0x8f1bbcdc, 14) + e; c = RL(c, 10);
-        e = RL(e + f4(a,b,c) + X[10] + 0x8f1bbcdc, 15) + d; b = RL(b, 10);
-        d = RL(d + f4(e,a,b) + X[ 0] + 0x8f1bbcdc, 14) + c; a = RL(a, 10);
-        c = RL(c + f4(d,e,a) + X[ 8] + 0x8f1bbcdc, 15) + b; e = RL(e, 10);
-        b = RL(b + f4(c,d,e) + X[12] + 0x8f1bbcdc,  9) + a; d = RL(d, 10);
-        a = RL(a + f4(b,c,d) + X[ 4] + 0x8f1bbcdc,  8) + e; c = RL(c, 10);
-        e = RL(e + f4(a,b,c) + X[13] + 0x8f1bbcdc,  9) + d; b = RL(b, 10);
-        d = RL(d + f4(e,a,b) + X[ 3] + 0x8f1bbcdc, 14) + c; a = RL(a, 10);
-        c = RL(c + f4(d,e,a) + X[ 7] + 0x8f1bbcdc,  5) + b; e = RL(e, 10);
-        b = RL(b + f4(c,d,e) + X[15] + 0x8f1bbcdc,  6) + a; d = RL(d, 10);
-        a = RL(a + f4(b,c,d) + X[14] + 0x8f1bbcdc,  8) + e; c = RL(c, 10);
-        e = RL(e + f4(a,b,c) + X[ 5] + 0x8f1bbcdc,  6) + d; b = RL(b, 10);
-        d = RL(d + f4(e,a,b) + X[ 6] + 0x8f1bbcdc,  5) + c; a = RL(a, 10);
-        c = RL(c + f4(d,e,a) + X[ 2] + 0x8f1bbcdc, 12) + b; e = RL(e, 10);
-
-        // right
-        cc = RL(cc + f2(dd,ee,aa) + X[ 8] + 0x7a6d76e9, 15) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f2(cc,dd,ee) + X[ 6] + 0x7a6d76e9,  5) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f2(bb,cc,dd) + X[ 4] + 0x7a6d76e9,  8) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f2(aa,bb,cc) + X[ 1] + 0x7a6d76e9, 11) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f2(ee,aa,bb) + X[ 3] + 0x7a6d76e9, 14) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f2(dd,ee,aa) + X[11] + 0x7a6d76e9, 14) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f2(cc,dd,ee) + X[15] + 0x7a6d76e9,  6) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f2(bb,cc,dd) + X[ 0] + 0x7a6d76e9, 14) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f2(aa,bb,cc) + X[ 5] + 0x7a6d76e9,  6) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f2(ee,aa,bb) + X[12] + 0x7a6d76e9,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f2(dd,ee,aa) + X[ 2] + 0x7a6d76e9, 12) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f2(cc,dd,ee) + X[13] + 0x7a6d76e9,  9) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f2(bb,cc,dd) + X[ 9] + 0x7a6d76e9, 12) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f2(aa,bb,cc) + X[ 7] + 0x7a6d76e9,  5) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f2(ee,aa,bb) + X[10] + 0x7a6d76e9, 15) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f2(dd,ee,aa) + X[14] + 0x7a6d76e9,  8) + bb; ee = RL(ee, 10);
-
-        //
-        // Rounds 64-79
-        //
-        // left
-        b = RL(b + f5(c,d,e) + X[ 4] + 0xa953fd4e,  9) + a; d = RL(d, 10);
-        a = RL(a + f5(b,c,d) + X[ 0] + 0xa953fd4e, 15) + e; c = RL(c, 10);
-        e = RL(e + f5(a,b,c) + X[ 5] + 0xa953fd4e,  5) + d; b = RL(b, 10);
-        d = RL(d + f5(e,a,b) + X[ 9] + 0xa953fd4e, 11) + c; a = RL(a, 10);
-        c = RL(c + f5(d,e,a) + X[ 7] + 0xa953fd4e,  6) + b; e = RL(e, 10);
-        b = RL(b + f5(c,d,e) + X[12] + 0xa953fd4e,  8) + a; d = RL(d, 10);
-        a = RL(a + f5(b,c,d) + X[ 2] + 0xa953fd4e, 13) + e; c = RL(c, 10);
-        e = RL(e + f5(a,b,c) + X[10] + 0xa953fd4e, 12) + d; b = RL(b, 10);
-        d = RL(d + f5(e,a,b) + X[14] + 0xa953fd4e,  5) + c; a = RL(a, 10);
-        c = RL(c + f5(d,e,a) + X[ 1] + 0xa953fd4e, 12) + b; e = RL(e, 10);
-        b = RL(b + f5(c,d,e) + X[ 3] + 0xa953fd4e, 13) + a; d = RL(d, 10);
-        a = RL(a + f5(b,c,d) + X[ 8] + 0xa953fd4e, 14) + e; c = RL(c, 10);
-        e = RL(e + f5(a,b,c) + X[11] + 0xa953fd4e, 11) + d; b = RL(b, 10);
-        d = RL(d + f5(e,a,b) + X[ 6] + 0xa953fd4e,  8) + c; a = RL(a, 10);
-        c = RL(c + f5(d,e,a) + X[15] + 0xa953fd4e,  5) + b; e = RL(e, 10);
-        b = RL(b + f5(c,d,e) + X[13] + 0xa953fd4e,  6) + a; d = RL(d, 10);
-
-        // right
-        bb = RL(bb + f1(cc,dd,ee) + X[12],  8) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f1(bb,cc,dd) + X[15],  5) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f1(aa,bb,cc) + X[10], 12) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f1(ee,aa,bb) + X[ 4],  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f1(dd,ee,aa) + X[ 1], 12) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f1(cc,dd,ee) + X[ 5],  5) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f1(bb,cc,dd) + X[ 8], 14) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f1(aa,bb,cc) + X[ 7],  6) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f1(ee,aa,bb) + X[ 6],  8) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f1(dd,ee,aa) + X[ 2], 13) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f1(cc,dd,ee) + X[13],  6) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f1(bb,cc,dd) + X[14],  5) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f1(aa,bb,cc) + X[ 0], 15) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f1(ee,aa,bb) + X[ 3], 13) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f1(dd,ee,aa) + X[ 9], 11) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f1(cc,dd,ee) + X[11], 11) + aa; dd = RL(dd, 10);
-
-        dd += c + H1;
-        H1 = H2 + d + ee;
-        H2 = H3 + e + aa;
-        H3 = H4 + a + bb;
-        H4 = H0 + b + cc;
-        H0 = dd;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java
deleted file mode 100644
index 3d92e4a38..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD256Digest.java
+++ /dev/null
@@ -1,476 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-/**
- * implementation of RIPEMD256.
- * 

- * note: this algorithm offers the same level of security as RIPEMD128.
- */
-public class RIPEMD256Digest
-    extends GeneralDigest
-{
-    private static final int DIGEST_LENGTH = 32;
-
-    private int H0, H1, H2, H3, H4, H5, H6, H7; // IV's
-
-    private int[] X = new int[16];
-    private int xOff;
-
-    /**
-     * Standard constructor
-     */
-    public RIPEMD256Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public RIPEMD256Digest(RIPEMD256Digest t)
-    {
-        super(t);
-
-        H0 = t.H0;
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-        H5 = t.H5;
-        H6 = t.H6;
-        H7 = t.H7;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RIPEMD256";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[] in,
-        int inOff)
-    {
-        X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8)
-            | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); 
-
-        if (xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long bitLength)
-    {
-        if (xOff > 14)
-        {
-            processBlock();
-        }
-
-        X[14] = (int)(bitLength & 0xffffffff);
-        X[15] = (int)(bitLength >>> 32);
-    }
-
-    private void unpackWord(
-        int word,
-        byte[] out,
-        int outOff)
-    {
-        out[outOff]     = (byte)word;
-        out[outOff + 1] = (byte)(word >>> 8);
-        out[outOff + 2] = (byte)(word >>> 16);
-        out[outOff + 3] = (byte)(word >>> 24);
-    }
-
-    public int doFinal(
-        byte[] out,
-        int outOff)
-    {
-        finish();
-
-        unpackWord(H0, out, outOff);
-        unpackWord(H1, out, outOff + 4);
-        unpackWord(H2, out, outOff + 8);
-        unpackWord(H3, out, outOff + 12);
-        unpackWord(H4, out, outOff + 16);
-        unpackWord(H5, out, outOff + 20);
-        unpackWord(H6, out, outOff + 24);
-        unpackWord(H7, out, outOff + 28);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-    * reset the chaining variables to the IV values.
-    */
-    public void reset()
-    {
-        super.reset();
-
-        H0 = 0x67452301;
-        H1 = 0xefcdab89;
-        H2 = 0x98badcfe;
-        H3 = 0x10325476; 
-        H4 = 0x76543210; 
-        H5 = 0xFEDCBA98; 
-        H6 = 0x89ABCDEF; 
-        H7 = 0x01234567;
-        
-        xOff = 0;
-
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    /*
-     * rotate int x left n bits.
-     */
-    private int RL(
-        int x,
-        int n)
-    {
-        return (x << n) | (x >>> (32 - n));
-    }
-
-    /*
-     * f1,f2,f3,f4 are the basic RIPEMD128 functions.
-     */
-
-    /*
-     * F
-     */
-    private int f1(
-        int x,
-        int y,
-        int z)
-    {
-        return x ^ y ^ z;
-    }
-
-    /*
-     * G
-     */
-    private int f2(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & y) | (~x & z);
-    }
-
-    /*
-     * H
-     */
-    private int f3(
-        int x,
-        int y,
-        int z)
-    {
-        return (x | ~y) ^ z;
-    }
-
-    /*
-     * I
-     */
-    private int f4(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & z) | (y & ~z);
-    }
-
-    private int F1(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f1(b, c, d) + x, s);
-    }
-
-    private int F2(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f2(b, c, d) + x + 0x5a827999, s);
-    }
-
-    private int F3(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f3(b, c, d) + x + 0x6ed9eba1, s);
-    }
-
-    private int F4(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f4(b, c, d) + x + 0x8f1bbcdc, s);
-    }
-
-    private int FF1(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-        return RL(a + f1(b, c, d) + x, s);
-    }
-
-    private int FF2(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-      return RL(a + f2(b, c, d) + x + 0x6d703ef3, s);
-    }
-
-    private int FF3(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-      return RL(a + f3(b, c, d) + x + 0x5c4dd124, s);
-    }
-
-    private int FF4(
-        int a,
-        int b,
-        int c,
-        int d,
-        int x,
-        int s)
-    {
-      return RL(a + f4(b, c, d) + x + 0x50a28be6, s);
-    }
-
-    protected void processBlock()
-    {
-        int a, aa;
-        int b, bb;
-        int c, cc;
-        int d, dd;
-        int t;
-        
-        a = H0;
-        b = H1;
-        c = H2;
-        d = H3;
-        aa = H4;
-        bb = H5;
-        cc = H6;
-        dd = H7;
-
-        //
-        // Round 1
-        //
-        
-        a = F1(a, b, c, d, X[ 0], 11);
-        d = F1(d, a, b, c, X[ 1], 14);
-        c = F1(c, d, a, b, X[ 2], 15);
-        b = F1(b, c, d, a, X[ 3], 12);
-        a = F1(a, b, c, d, X[ 4],  5);
-        d = F1(d, a, b, c, X[ 5],  8);
-        c = F1(c, d, a, b, X[ 6],  7);
-        b = F1(b, c, d, a, X[ 7],  9);
-        a = F1(a, b, c, d, X[ 8], 11);
-        d = F1(d, a, b, c, X[ 9], 13);
-        c = F1(c, d, a, b, X[10], 14);
-        b = F1(b, c, d, a, X[11], 15);
-        a = F1(a, b, c, d, X[12],  6);
-        d = F1(d, a, b, c, X[13],  7);
-        c = F1(c, d, a, b, X[14],  9);
-        b = F1(b, c, d, a, X[15],  8);
-
-        aa = FF4(aa, bb, cc, dd, X[ 5],  8);
-        dd = FF4(dd, aa, bb, cc, X[14],  9);
-        cc = FF4(cc, dd, aa, bb, X[ 7],  9);
-        bb = FF4(bb, cc, dd, aa, X[ 0], 11);
-        aa = FF4(aa, bb, cc, dd, X[ 9], 13);
-        dd = FF4(dd, aa, bb, cc, X[ 2], 15);
-        cc = FF4(cc, dd, aa, bb, X[11], 15);
-        bb = FF4(bb, cc, dd, aa, X[ 4],  5);
-        aa = FF4(aa, bb, cc, dd, X[13],  7);
-        dd = FF4(dd, aa, bb, cc, X[ 6],  7);
-        cc = FF4(cc, dd, aa, bb, X[15],  8);
-        bb = FF4(bb, cc, dd, aa, X[ 8], 11);
-        aa = FF4(aa, bb, cc, dd, X[ 1], 14);
-        dd = FF4(dd, aa, bb, cc, X[10], 14);
-        cc = FF4(cc, dd, aa, bb, X[ 3], 12);
-        bb = FF4(bb, cc, dd, aa, X[12],  6);
-
-        t = a; a = aa; aa = t;
-        
-        //
-        // Round 2
-        //
-        a = F2(a, b, c, d, X[ 7],  7);
-        d = F2(d, a, b, c, X[ 4],  6);
-        c = F2(c, d, a, b, X[13],  8);
-        b = F2(b, c, d, a, X[ 1], 13);
-        a = F2(a, b, c, d, X[10], 11);
-        d = F2(d, a, b, c, X[ 6],  9);
-        c = F2(c, d, a, b, X[15],  7);
-        b = F2(b, c, d, a, X[ 3], 15);
-        a = F2(a, b, c, d, X[12],  7);
-        d = F2(d, a, b, c, X[ 0], 12);
-        c = F2(c, d, a, b, X[ 9], 15);
-        b = F2(b, c, d, a, X[ 5],  9);
-        a = F2(a, b, c, d, X[ 2], 11);
-        d = F2(d, a, b, c, X[14],  7);
-        c = F2(c, d, a, b, X[11], 13);
-        b = F2(b, c, d, a, X[ 8], 12);
-
-        aa = FF3(aa, bb, cc, dd, X[ 6],  9);
-        dd = FF3(dd, aa, bb, cc, X[ 11], 13);
-        cc = FF3(cc, dd, aa, bb, X[3], 15);
-        bb = FF3(bb, cc, dd, aa, X[ 7],  7);
-        aa = FF3(aa, bb, cc, dd, X[0], 12);
-        dd = FF3(dd, aa, bb, cc, X[13],  8);
-        cc = FF3(cc, dd, aa, bb, X[5],  9);
-        bb = FF3(bb, cc, dd, aa, X[10], 11);
-        aa = FF3(aa, bb, cc, dd, X[14],  7);
-        dd = FF3(dd, aa, bb, cc, X[15],  7);
-        cc = FF3(cc, dd, aa, bb, X[ 8], 12);
-        bb = FF3(bb, cc, dd, aa, X[12],  7);
-        aa = FF3(aa, bb, cc, dd, X[ 4],  6);
-        dd = FF3(dd, aa, bb, cc, X[ 9], 15);
-        cc = FF3(cc, dd, aa, bb, X[ 1], 13);
-        bb = FF3(bb, cc, dd, aa, X[ 2], 11);
-
-        t = b; b = bb; bb = t;
-        
-        //
-        // Round 3
-        //
-        a = F3(a, b, c, d, X[ 3], 11);
-        d = F3(d, a, b, c, X[10], 13);
-        c = F3(c, d, a, b, X[14],  6);
-        b = F3(b, c, d, a, X[ 4],  7);
-        a = F3(a, b, c, d, X[ 9], 14);
-        d = F3(d, a, b, c, X[15],  9);
-        c = F3(c, d, a, b, X[ 8], 13);
-        b = F3(b, c, d, a, X[ 1], 15);
-        a = F3(a, b, c, d, X[ 2], 14);
-        d = F3(d, a, b, c, X[ 7],  8);
-        c = F3(c, d, a, b, X[ 0], 13);
-        b = F3(b, c, d, a, X[ 6],  6);
-        a = F3(a, b, c, d, X[13],  5);
-        d = F3(d, a, b, c, X[11], 12);
-        c = F3(c, d, a, b, X[ 5],  7);
-        b = F3(b, c, d, a, X[12],  5);
-
-        aa = FF2(aa, bb, cc, dd, X[ 15], 9);
-        dd = FF2(dd, aa, bb, cc, X[5], 7);
-        cc = FF2(cc, dd, aa, bb, X[1], 15);
-        bb = FF2(bb, cc, dd, aa, X[ 3],  11);
-        aa = FF2(aa, bb, cc, dd, X[ 7], 8);
-        dd = FF2(dd, aa, bb, cc, X[14],  6);
-        cc = FF2(cc, dd, aa, bb, X[ 6], 6);
-        bb = FF2(bb, cc, dd, aa, X[ 9], 14);
-        aa = FF2(aa, bb, cc, dd, X[11], 12);
-        dd = FF2(dd, aa, bb, cc, X[ 8], 13);
-        cc = FF2(cc, dd, aa, bb, X[12],  5);
-        bb = FF2(bb, cc, dd, aa, X[ 2], 14);
-        aa = FF2(aa, bb, cc, dd, X[10], 13);
-        dd = FF2(dd, aa, bb, cc, X[ 0], 13);
-        cc = FF2(cc, dd, aa, bb, X[ 4],  7);
-        bb = FF2(bb, cc, dd, aa, X[13],  5);
-
-        t = c; c = cc; cc = t;
-
-        //
-        // Round 4
-        //
-        a = F4(a, b, c, d, X[ 1], 11);
-        d = F4(d, a, b, c, X[ 9], 12);
-        c = F4(c, d, a, b, X[11], 14);
-        b = F4(b, c, d, a, X[10], 15);
-        a = F4(a, b, c, d, X[ 0], 14);
-        d = F4(d, a, b, c, X[ 8], 15);
-        c = F4(c, d, a, b, X[12],  9);
-        b = F4(b, c, d, a, X[ 4],  8);
-        a = F4(a, b, c, d, X[13],  9);
-        d = F4(d, a, b, c, X[ 3], 14);
-        c = F4(c, d, a, b, X[ 7],  5);
-        b = F4(b, c, d, a, X[15],  6);
-        a = F4(a, b, c, d, X[14],  8);
-        d = F4(d, a, b, c, X[ 5],  6);
-        c = F4(c, d, a, b, X[ 6],  5);
-        b = F4(b, c, d, a, X[ 2], 12);
-
-        aa = FF1(aa, bb, cc, dd, X[ 8], 15);
-        dd = FF1(dd, aa, bb, cc, X[ 6],  5);
-        cc = FF1(cc, dd, aa, bb, X[ 4],  8);
-        bb = FF1(bb, cc, dd, aa, X[ 1], 11);
-        aa = FF1(aa, bb, cc, dd, X[ 3], 14);
-        dd = FF1(dd, aa, bb, cc, X[11], 14);
-        cc = FF1(cc, dd, aa, bb, X[15],  6);
-        bb = FF1(bb, cc, dd, aa, X[ 0], 14);
-        aa = FF1(aa, bb, cc, dd, X[ 5],  6);
-        dd = FF1(dd, aa, bb, cc, X[12],  9);
-        cc = FF1(cc, dd, aa, bb, X[ 2],  12);
-        bb = FF1(bb, cc, dd, aa, X[13],  9);
-        aa = FF1(aa, bb, cc, dd, X[ 9],  12);
-        dd = FF1(dd, aa, bb, cc, X[ 7],  5);
-        cc = FF1(cc, dd, aa, bb, X[10],  15);
-        bb = FF1(bb, cc, dd, aa, X[14], 8);
-
-        t = d; d = dd; dd = t;
-
-        H0 += a; 
-        H1 += b; 
-        H2 += c; 
-        H3 += d;
-        H4 += aa; 
-        H5 += bb; 
-        H6 += cc; 
-        H7 += dd;
-        
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java
deleted file mode 100644
index e2cda588e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/RIPEMD320Digest.java
+++ /dev/null
@@ -1,461 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-/**
- * implementation of RIPEMD 320.
- * 

- * Note: this implementation offers the same level of security
- * as RIPEMD 160.
- */
-public class RIPEMD320Digest
-    extends GeneralDigest
-{
-    private static final int DIGEST_LENGTH = 40;
-
-    private int H0, H1, H2, H3, H4, H5, H6, H7, H8, H9; // IV's
-
-    private int[] X = new int[16];
-    private int xOff;
-
-    /**
-     * Standard constructor
-     */
-    public RIPEMD320Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public RIPEMD320Digest(RIPEMD320Digest t)
-    {
-        super(t);
-
-        H0 = t.H0;
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-        H5 = t.H5;
-        H6 = t.H6;
-        H7 = t.H7;
-        H8 = t.H8;
-        H9 = t.H9;
-        
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RIPEMD320";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[] in,
-        int inOff)
-    {
-        X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8)
-            | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); 
-
-        if (xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long bitLength)
-    {
-        if (xOff > 14)
-        {
-        processBlock();
-        }
-
-        X[14] = (int)(bitLength & 0xffffffff);
-        X[15] = (int)(bitLength >>> 32);
-    }
-
-    private void unpackWord(
-        int word,
-        byte[] out,
-        int outOff)
-    {
-        out[outOff]     = (byte)word;
-        out[outOff + 1] = (byte)(word >>> 8);
-        out[outOff + 2] = (byte)(word >>> 16);
-        out[outOff + 3] = (byte)(word >>> 24);
-    }
-
-    public int doFinal(
-        byte[] out,
-        int outOff)
-    {
-        finish();
-
-        unpackWord(H0, out, outOff);
-        unpackWord(H1, out, outOff + 4);
-        unpackWord(H2, out, outOff + 8);
-        unpackWord(H3, out, outOff + 12);
-        unpackWord(H4, out, outOff + 16);
-        unpackWord(H5, out, outOff + 20);
-        unpackWord(H6, out, outOff + 24);
-        unpackWord(H7, out, outOff + 28);
-        unpackWord(H8, out, outOff + 32);
-        unpackWord(H9, out, outOff + 36);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-    * reset the chaining variables to the IV values.
-    */
-    public void reset()
-    {
-        super.reset();
-
-        H0 = 0x67452301;
-        H1 = 0xefcdab89;
-        H2 = 0x98badcfe;
-        H3 = 0x10325476;
-        H4 = 0xc3d2e1f0;
-        H5 = 0x76543210; 
-        H6 = 0xFEDCBA98;
-        H7 = 0x89ABCDEF; 
-        H8 = 0x01234567; 
-        H9 = 0x3C2D1E0F;
-
-        xOff = 0;
-
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    /*
-     * rotate int x left n bits.
-     */
-    private int RL(
-        int x,
-        int n)
-    {
-        return (x << n) | (x >>> (32 - n));
-    }
-
-    /*
-     * f1,f2,f3,f4,f5 are the basic RIPEMD160 functions.
-     */
-
-    /*
-     * rounds 0-15
-     */
-    private int f1(
-        int x,
-        int y,
-        int z)
-    {
-        return x ^ y ^ z;
-    }
-
-    /*
-     * rounds 16-31
-     */
-    private int f2(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & y) | (~x & z);
-    }
-
-    /*
-     * rounds 32-47
-     */
-    private int f3(
-        int x,
-        int y,
-        int z)
-    {
-        return (x | ~y) ^ z;
-    }
-
-    /*
-     * rounds 48-63
-     */
-    private int f4(
-        int x,
-        int y,
-        int z)
-    {
-        return (x & z) | (y & ~z);
-    }
-
-    /*
-     * rounds 64-79
-     */
-    private int f5(
-        int x,
-        int y,
-        int z)
-    {
-        return x ^ (y | ~z);
-    }
-
-    protected void processBlock()
-    {
-        int a, aa;
-        int b, bb;
-        int c, cc;
-        int d, dd;
-        int e, ee;
-        int t;
-
-        a = H0;
-        b = H1;
-        c = H2;
-        d = H3;
-        e = H4;
-        aa = H5;
-        bb = H6;
-        cc = H7;
-        dd = H8;
-        ee = H9;
-        
-        //
-        // Rounds 1 - 16
-        //
-        // left
-        a = RL(a + f1(b,c,d) + X[ 0], 11) + e; c = RL(c, 10);
-        e = RL(e + f1(a,b,c) + X[ 1], 14) + d; b = RL(b, 10);
-        d = RL(d + f1(e,a,b) + X[ 2], 15) + c; a = RL(a, 10);
-        c = RL(c + f1(d,e,a) + X[ 3], 12) + b; e = RL(e, 10);
-        b = RL(b + f1(c,d,e) + X[ 4],  5) + a; d = RL(d, 10);
-        a = RL(a + f1(b,c,d) + X[ 5],  8) + e; c = RL(c, 10);
-        e = RL(e + f1(a,b,c) + X[ 6],  7) + d; b = RL(b, 10);
-        d = RL(d + f1(e,a,b) + X[ 7],  9) + c; a = RL(a, 10);
-        c = RL(c + f1(d,e,a) + X[ 8], 11) + b; e = RL(e, 10);
-        b = RL(b + f1(c,d,e) + X[ 9], 13) + a; d = RL(d, 10);
-        a = RL(a + f1(b,c,d) + X[10], 14) + e; c = RL(c, 10);
-        e = RL(e + f1(a,b,c) + X[11], 15) + d; b = RL(b, 10);
-        d = RL(d + f1(e,a,b) + X[12],  6) + c; a = RL(a, 10);
-        c = RL(c + f1(d,e,a) + X[13],  7) + b; e = RL(e, 10);
-        b = RL(b + f1(c,d,e) + X[14],  9) + a; d = RL(d, 10);
-        a = RL(a + f1(b,c,d) + X[15],  8) + e; c = RL(c, 10);
-
-        // right
-        aa = RL(aa + f5(bb,cc,dd) + X[ 5] + 0x50a28be6,  8) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f5(aa,bb,cc) + X[14] + 0x50a28be6,  9) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f5(ee,aa,bb) + X[ 7] + 0x50a28be6,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f5(dd,ee,aa) + X[ 0] + 0x50a28be6, 11) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f5(cc,dd,ee) + X[ 9] + 0x50a28be6, 13) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f5(bb,cc,dd) + X[ 2] + 0x50a28be6, 15) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f5(aa,bb,cc) + X[11] + 0x50a28be6, 15) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f5(ee,aa,bb) + X[ 4] + 0x50a28be6,  5) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f5(dd,ee,aa) + X[13] + 0x50a28be6,  7) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f5(cc,dd,ee) + X[ 6] + 0x50a28be6,  7) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f5(bb,cc,dd) + X[15] + 0x50a28be6,  8) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f5(aa,bb,cc) + X[ 8] + 0x50a28be6, 11) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f5(ee,aa,bb) + X[ 1] + 0x50a28be6, 14) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f5(dd,ee,aa) + X[10] + 0x50a28be6, 14) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f5(cc,dd,ee) + X[ 3] + 0x50a28be6, 12) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f5(bb,cc,dd) + X[12] + 0x50a28be6,  6) + ee; cc = RL(cc, 10);
-
-        t = a; a = aa; aa = t;
-
-        //
-        // Rounds 16-31
-        //
-        // left
-        e = RL(e + f2(a,b,c) + X[ 7] + 0x5a827999,  7) + d; b = RL(b, 10);
-        d = RL(d + f2(e,a,b) + X[ 4] + 0x5a827999,  6) + c; a = RL(a, 10);
-        c = RL(c + f2(d,e,a) + X[13] + 0x5a827999,  8) + b; e = RL(e, 10);
-        b = RL(b + f2(c,d,e) + X[ 1] + 0x5a827999, 13) + a; d = RL(d, 10);
-        a = RL(a + f2(b,c,d) + X[10] + 0x5a827999, 11) + e; c = RL(c, 10);
-        e = RL(e + f2(a,b,c) + X[ 6] + 0x5a827999,  9) + d; b = RL(b, 10);
-        d = RL(d + f2(e,a,b) + X[15] + 0x5a827999,  7) + c; a = RL(a, 10);
-        c = RL(c + f2(d,e,a) + X[ 3] + 0x5a827999, 15) + b; e = RL(e, 10);
-        b = RL(b + f2(c,d,e) + X[12] + 0x5a827999,  7) + a; d = RL(d, 10);
-        a = RL(a + f2(b,c,d) + X[ 0] + 0x5a827999, 12) + e; c = RL(c, 10);
-        e = RL(e + f2(a,b,c) + X[ 9] + 0x5a827999, 15) + d; b = RL(b, 10);
-        d = RL(d + f2(e,a,b) + X[ 5] + 0x5a827999,  9) + c; a = RL(a, 10);
-        c = RL(c + f2(d,e,a) + X[ 2] + 0x5a827999, 11) + b; e = RL(e, 10);
-        b = RL(b + f2(c,d,e) + X[14] + 0x5a827999,  7) + a; d = RL(d, 10);
-        a = RL(a + f2(b,c,d) + X[11] + 0x5a827999, 13) + e; c = RL(c, 10);
-        e = RL(e + f2(a,b,c) + X[ 8] + 0x5a827999, 12) + d; b = RL(b, 10);
-
-        // right
-        ee = RL(ee + f4(aa,bb,cc) + X[ 6] + 0x5c4dd124,  9) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f4(ee,aa,bb) + X[11] + 0x5c4dd124, 13) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f4(dd,ee,aa) + X[ 3] + 0x5c4dd124, 15) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f4(cc,dd,ee) + X[ 7] + 0x5c4dd124,  7) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f4(bb,cc,dd) + X[ 0] + 0x5c4dd124, 12) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f4(aa,bb,cc) + X[13] + 0x5c4dd124,  8) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f4(ee,aa,bb) + X[ 5] + 0x5c4dd124,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f4(dd,ee,aa) + X[10] + 0x5c4dd124, 11) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f4(cc,dd,ee) + X[14] + 0x5c4dd124,  7) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f4(bb,cc,dd) + X[15] + 0x5c4dd124,  7) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f4(aa,bb,cc) + X[ 8] + 0x5c4dd124, 12) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f4(ee,aa,bb) + X[12] + 0x5c4dd124,  7) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f4(dd,ee,aa) + X[ 4] + 0x5c4dd124,  6) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f4(cc,dd,ee) + X[ 9] + 0x5c4dd124, 15) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f4(bb,cc,dd) + X[ 1] + 0x5c4dd124, 13) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f4(aa,bb,cc) + X[ 2] + 0x5c4dd124, 11) + dd; bb = RL(bb, 10);
-
-        t = b; b = bb; bb = t;
-
-        //
-        // Rounds 32-47
-        //
-        // left
-        d = RL(d + f3(e,a,b) + X[ 3] + 0x6ed9eba1, 11) + c; a = RL(a, 10);
-        c = RL(c + f3(d,e,a) + X[10] + 0x6ed9eba1, 13) + b; e = RL(e, 10);
-        b = RL(b + f3(c,d,e) + X[14] + 0x6ed9eba1,  6) + a; d = RL(d, 10);
-        a = RL(a + f3(b,c,d) + X[ 4] + 0x6ed9eba1,  7) + e; c = RL(c, 10);
-        e = RL(e + f3(a,b,c) + X[ 9] + 0x6ed9eba1, 14) + d; b = RL(b, 10);
-        d = RL(d + f3(e,a,b) + X[15] + 0x6ed9eba1,  9) + c; a = RL(a, 10);
-        c = RL(c + f3(d,e,a) + X[ 8] + 0x6ed9eba1, 13) + b; e = RL(e, 10);
-        b = RL(b + f3(c,d,e) + X[ 1] + 0x6ed9eba1, 15) + a; d = RL(d, 10);
-        a = RL(a + f3(b,c,d) + X[ 2] + 0x6ed9eba1, 14) + e; c = RL(c, 10);
-        e = RL(e + f3(a,b,c) + X[ 7] + 0x6ed9eba1,  8) + d; b = RL(b, 10);
-        d = RL(d + f3(e,a,b) + X[ 0] + 0x6ed9eba1, 13) + c; a = RL(a, 10);
-        c = RL(c + f3(d,e,a) + X[ 6] + 0x6ed9eba1,  6) + b; e = RL(e, 10);
-        b = RL(b + f3(c,d,e) + X[13] + 0x6ed9eba1,  5) + a; d = RL(d, 10);
-        a = RL(a + f3(b,c,d) + X[11] + 0x6ed9eba1, 12) + e; c = RL(c, 10);
-        e = RL(e + f3(a,b,c) + X[ 5] + 0x6ed9eba1,  7) + d; b = RL(b, 10);
-        d = RL(d + f3(e,a,b) + X[12] + 0x6ed9eba1,  5) + c; a = RL(a, 10);
-
-        // right
-        dd = RL(dd + f3(ee,aa,bb) + X[15] + 0x6d703ef3,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f3(dd,ee,aa) + X[ 5] + 0x6d703ef3,  7) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f3(cc,dd,ee) + X[ 1] + 0x6d703ef3, 15) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f3(bb,cc,dd) + X[ 3] + 0x6d703ef3, 11) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f3(aa,bb,cc) + X[ 7] + 0x6d703ef3,  8) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f3(ee,aa,bb) + X[14] + 0x6d703ef3,  6) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f3(dd,ee,aa) + X[ 6] + 0x6d703ef3,  6) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f3(cc,dd,ee) + X[ 9] + 0x6d703ef3, 14) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f3(bb,cc,dd) + X[11] + 0x6d703ef3, 12) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f3(aa,bb,cc) + X[ 8] + 0x6d703ef3, 13) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f3(ee,aa,bb) + X[12] + 0x6d703ef3,  5) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f3(dd,ee,aa) + X[ 2] + 0x6d703ef3, 14) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f3(cc,dd,ee) + X[10] + 0x6d703ef3, 13) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f3(bb,cc,dd) + X[ 0] + 0x6d703ef3, 13) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f3(aa,bb,cc) + X[ 4] + 0x6d703ef3,  7) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f3(ee,aa,bb) + X[13] + 0x6d703ef3,  5) + cc; aa = RL(aa, 10);
-
-        t = c; c = cc; cc = t;
-
-        //
-        // Rounds 48-63
-        //
-        // left
-        c = RL(c + f4(d,e,a) + X[ 1] + 0x8f1bbcdc, 11) + b; e = RL(e, 10);
-        b = RL(b + f4(c,d,e) + X[ 9] + 0x8f1bbcdc, 12) + a; d = RL(d, 10);
-        a = RL(a + f4(b,c,d) + X[11] + 0x8f1bbcdc, 14) + e; c = RL(c, 10);
-        e = RL(e + f4(a,b,c) + X[10] + 0x8f1bbcdc, 15) + d; b = RL(b, 10);
-        d = RL(d + f4(e,a,b) + X[ 0] + 0x8f1bbcdc, 14) + c; a = RL(a, 10);
-        c = RL(c + f4(d,e,a) + X[ 8] + 0x8f1bbcdc, 15) + b; e = RL(e, 10);
-        b = RL(b + f4(c,d,e) + X[12] + 0x8f1bbcdc,  9) + a; d = RL(d, 10);
-        a = RL(a + f4(b,c,d) + X[ 4] + 0x8f1bbcdc,  8) + e; c = RL(c, 10);
-        e = RL(e + f4(a,b,c) + X[13] + 0x8f1bbcdc,  9) + d; b = RL(b, 10);
-        d = RL(d + f4(e,a,b) + X[ 3] + 0x8f1bbcdc, 14) + c; a = RL(a, 10);
-        c = RL(c + f4(d,e,a) + X[ 7] + 0x8f1bbcdc,  5) + b; e = RL(e, 10);
-        b = RL(b + f4(c,d,e) + X[15] + 0x8f1bbcdc,  6) + a; d = RL(d, 10);
-        a = RL(a + f4(b,c,d) + X[14] + 0x8f1bbcdc,  8) + e; c = RL(c, 10);
-        e = RL(e + f4(a,b,c) + X[ 5] + 0x8f1bbcdc,  6) + d; b = RL(b, 10);
-        d = RL(d + f4(e,a,b) + X[ 6] + 0x8f1bbcdc,  5) + c; a = RL(a, 10);
-        c = RL(c + f4(d,e,a) + X[ 2] + 0x8f1bbcdc, 12) + b; e = RL(e, 10);
-
-        // right
-        cc = RL(cc + f2(dd,ee,aa) + X[ 8] + 0x7a6d76e9, 15) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f2(cc,dd,ee) + X[ 6] + 0x7a6d76e9,  5) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f2(bb,cc,dd) + X[ 4] + 0x7a6d76e9,  8) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f2(aa,bb,cc) + X[ 1] + 0x7a6d76e9, 11) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f2(ee,aa,bb) + X[ 3] + 0x7a6d76e9, 14) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f2(dd,ee,aa) + X[11] + 0x7a6d76e9, 14) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f2(cc,dd,ee) + X[15] + 0x7a6d76e9,  6) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f2(bb,cc,dd) + X[ 0] + 0x7a6d76e9, 14) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f2(aa,bb,cc) + X[ 5] + 0x7a6d76e9,  6) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f2(ee,aa,bb) + X[12] + 0x7a6d76e9,  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f2(dd,ee,aa) + X[ 2] + 0x7a6d76e9, 12) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f2(cc,dd,ee) + X[13] + 0x7a6d76e9,  9) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f2(bb,cc,dd) + X[ 9] + 0x7a6d76e9, 12) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f2(aa,bb,cc) + X[ 7] + 0x7a6d76e9,  5) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f2(ee,aa,bb) + X[10] + 0x7a6d76e9, 15) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f2(dd,ee,aa) + X[14] + 0x7a6d76e9,  8) + bb; ee = RL(ee, 10);
-
-       t = d; d = dd; dd = t;
-
-        //
-        // Rounds 64-79
-        //
-        // left
-        b = RL(b + f5(c,d,e) + X[ 4] + 0xa953fd4e,  9) + a; d = RL(d, 10);
-        a = RL(a + f5(b,c,d) + X[ 0] + 0xa953fd4e, 15) + e; c = RL(c, 10);
-        e = RL(e + f5(a,b,c) + X[ 5] + 0xa953fd4e,  5) + d; b = RL(b, 10);
-        d = RL(d + f5(e,a,b) + X[ 9] + 0xa953fd4e, 11) + c; a = RL(a, 10);
-        c = RL(c + f5(d,e,a) + X[ 7] + 0xa953fd4e,  6) + b; e = RL(e, 10);
-        b = RL(b + f5(c,d,e) + X[12] + 0xa953fd4e,  8) + a; d = RL(d, 10);
-        a = RL(a + f5(b,c,d) + X[ 2] + 0xa953fd4e, 13) + e; c = RL(c, 10);
-        e = RL(e + f5(a,b,c) + X[10] + 0xa953fd4e, 12) + d; b = RL(b, 10);
-        d = RL(d + f5(e,a,b) + X[14] + 0xa953fd4e,  5) + c; a = RL(a, 10);
-        c = RL(c + f5(d,e,a) + X[ 1] + 0xa953fd4e, 12) + b; e = RL(e, 10);
-        b = RL(b + f5(c,d,e) + X[ 3] + 0xa953fd4e, 13) + a; d = RL(d, 10);
-        a = RL(a + f5(b,c,d) + X[ 8] + 0xa953fd4e, 14) + e; c = RL(c, 10);
-        e = RL(e + f5(a,b,c) + X[11] + 0xa953fd4e, 11) + d; b = RL(b, 10);
-        d = RL(d + f5(e,a,b) + X[ 6] + 0xa953fd4e,  8) + c; a = RL(a, 10);
-        c = RL(c + f5(d,e,a) + X[15] + 0xa953fd4e,  5) + b; e = RL(e, 10);
-        b = RL(b + f5(c,d,e) + X[13] + 0xa953fd4e,  6) + a; d = RL(d, 10);
-
-        // right
-        bb = RL(bb + f1(cc,dd,ee) + X[12],  8) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f1(bb,cc,dd) + X[15],  5) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f1(aa,bb,cc) + X[10], 12) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f1(ee,aa,bb) + X[ 4],  9) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f1(dd,ee,aa) + X[ 1], 12) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f1(cc,dd,ee) + X[ 5],  5) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f1(bb,cc,dd) + X[ 8], 14) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f1(aa,bb,cc) + X[ 7],  6) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f1(ee,aa,bb) + X[ 6],  8) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f1(dd,ee,aa) + X[ 2], 13) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f1(cc,dd,ee) + X[13],  6) + aa; dd = RL(dd, 10);
-        aa = RL(aa + f1(bb,cc,dd) + X[14],  5) + ee; cc = RL(cc, 10);
-        ee = RL(ee + f1(aa,bb,cc) + X[ 0], 15) + dd; bb = RL(bb, 10);
-        dd = RL(dd + f1(ee,aa,bb) + X[ 3], 13) + cc; aa = RL(aa, 10);
-        cc = RL(cc + f1(dd,ee,aa) + X[ 9], 11) + bb; ee = RL(ee, 10);
-        bb = RL(bb + f1(cc,dd,ee) + X[11], 11) + aa; dd = RL(dd, 10);
-
-        //
-        // do (e, ee) swap as part of assignment.
-        //
-
-        H0 += a;
-        H1 += b;
-        H2 += c;
-        H3 += d;
-        H4 += ee;
-        H5 += aa;
-        H6 += bb;
-        H7 += cc;
-        H8 += dd;
-        H9 += e;
-        
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java
deleted file mode 100644
index 7f8d30a05..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java
+++ /dev/null
@@ -1,290 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.util.Pack;
-
-/**
- * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349.
- *
- * It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5
- * is the "endienness" of the word processing!
- */
-public class SHA1Digest
-    extends GeneralDigest
-{
-    private static final int    DIGEST_LENGTH = 20;
-
-    private int     H1, H2, H3, H4, H5;
-
-    private int[]   X = new int[80];
-    private int     xOff;
-
-    /**
-     * Standard constructor
-     */
-    public SHA1Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public SHA1Digest(SHA1Digest t)
-    {
-        super(t);
-
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-        H5 = t.H5;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SHA-1";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[]  in,
-        int     inOff)
-    {
-        // Note: Inlined for performance
-//        X[xOff] = Pack.bigEndianToInt(in, inOff);
-        int n = in[  inOff] << 24;
-        n |= (in[++inOff] & 0xff) << 16;
-        n |= (in[++inOff] & 0xff) << 8;
-        n |= (in[++inOff] & 0xff);
-        X[xOff] = n;
-
-        if (++xOff == 16)
-        {
-            processBlock();
-        }        
-    }
-
-    protected void processLength(
-        long    bitLength)
-    {
-        if (xOff > 14)
-        {
-            processBlock();
-        }
-
-        X[14] = (int)(bitLength >>> 32);
-        X[15] = (int)(bitLength & 0xffffffff);
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        Pack.intToBigEndian(H1, out, outOff);
-        Pack.intToBigEndian(H2, out, outOff + 4);
-        Pack.intToBigEndian(H3, out, outOff + 8);
-        Pack.intToBigEndian(H4, out, outOff + 12);
-        Pack.intToBigEndian(H5, out, outOff + 16);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        super.reset();
-
-        H1 = 0x67452301;
-        H2 = 0xefcdab89;
-        H3 = 0x98badcfe;
-        H4 = 0x10325476;
-        H5 = 0xc3d2e1f0;
-
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    //
-    // Additive constants
-    //
-    private static final int    Y1 = 0x5a827999;
-    private static final int    Y2 = 0x6ed9eba1;
-    private static final int    Y3 = 0x8f1bbcdc;
-    private static final int    Y4 = 0xca62c1d6;
-   
-    private int f(
-        int    u,
-        int    v,
-        int    w)
-    {
-        return ((u & v) | ((~u) & w));
-    }
-
-    private int h(
-        int    u,
-        int    v,
-        int    w)
-    {
-        return (u ^ v ^ w);
-    }
-
-    private int g(
-        int    u,
-        int    v,
-        int    w)
-    {
-        return ((u & v) | (u & w) | (v & w));
-    }
-
-    protected void processBlock()
-    {
-        //
-        // expand 16 word block into 80 word block.
-        //
-        for (int i = 16; i < 80; i++)
-        {
-            int t = X[i - 3] ^ X[i - 8] ^ X[i - 14] ^ X[i - 16];
-            X[i] = t << 1 | t >>> 31;
-        }
-
-        //
-        // set up working variables.
-        //
-        int     A = H1;
-        int     B = H2;
-        int     C = H3;
-        int     D = H4;
-        int     E = H5;
-
-        //
-        // round 1
-        //
-        int idx = 0;
-        
-        for (int j = 0; j < 4; j++)
-        {
-            // E = rotateLeft(A, 5) + f(B, C, D) + E + X[idx++] + Y1
-            // B = rotateLeft(B, 30)
-            E += (A << 5 | A >>> 27) + f(B, C, D) + X[idx++] + Y1;
-            B = B << 30 | B >>> 2;
-        
-            D += (E << 5 | E >>> 27) + f(A, B, C) + X[idx++] + Y1;
-            A = A << 30 | A >>> 2;
-       
-            C += (D << 5 | D >>> 27) + f(E, A, B) + X[idx++] + Y1;
-            E = E << 30 | E >>> 2;
-       
-            B += (C << 5 | C >>> 27) + f(D, E, A) + X[idx++] + Y1;
-            D = D << 30 | D >>> 2;
-
-            A += (B << 5 | B >>> 27) + f(C, D, E) + X[idx++] + Y1;
-            C = C << 30 | C >>> 2;
-        }
-        
-        //
-        // round 2
-        //
-        for (int j = 0; j < 4; j++)
-        {
-            // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y2
-            // B = rotateLeft(B, 30)
-            E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y2;
-            B = B << 30 | B >>> 2;   
-            
-            D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y2;
-            A = A << 30 | A >>> 2;
-            
-            C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y2;
-            E = E << 30 | E >>> 2;
-            
-            B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y2;
-            D = D << 30 | D >>> 2;
-
-            A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y2;
-            C = C << 30 | C >>> 2;
-        }
-        
-        //
-        // round 3
-        //
-        for (int j = 0; j < 4; j++)
-        {
-            // E = rotateLeft(A, 5) + g(B, C, D) + E + X[idx++] + Y3
-            // B = rotateLeft(B, 30)
-            E += (A << 5 | A >>> 27) + g(B, C, D) + X[idx++] + Y3;
-            B = B << 30 | B >>> 2;
-            
-            D += (E << 5 | E >>> 27) + g(A, B, C) + X[idx++] + Y3;
-            A = A << 30 | A >>> 2;
-            
-            C += (D << 5 | D >>> 27) + g(E, A, B) + X[idx++] + Y3;
-            E = E << 30 | E >>> 2;
-            
-            B += (C << 5 | C >>> 27) + g(D, E, A) + X[idx++] + Y3;
-            D = D << 30 | D >>> 2;
-
-            A += (B << 5 | B >>> 27) + g(C, D, E) + X[idx++] + Y3;
-            C = C << 30 | C >>> 2;
-        }
-
-        //
-        // round 4
-        //
-        for (int j = 0; j <= 3; j++)
-        {
-            // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y4
-            // B = rotateLeft(B, 30)
-            E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y4;
-            B = B << 30 | B >>> 2;
-            
-            D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y4;
-            A = A << 30 | A >>> 2;
-            
-            C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y4;
-            E = E << 30 | E >>> 2;
-            
-            B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y4;
-            D = D << 30 | D >>> 2;
-
-            A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y4;
-            C = C << 30 | C >>> 2;
-        }
-
-
-        H1 += A;
-        H2 += B;
-        H3 += C;
-        H4 += D;
-        H5 += E;
-
-        //
-        // reset start of the buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i < 16; i++)
-        {
-            X[i] = 0;
-        }
-    }
-}
-
-
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java
deleted file mode 100644
index d144c54b4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java
+++ /dev/null
@@ -1,292 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-import org.bouncycastle.crypto.digests.GeneralDigest;
-import org.bouncycastle.crypto.util.Pack;
-
-
-/**
- * SHA-224 as described in RFC 3874
- * 
- *         block  word  digest
- * SHA-1   512    32    160
- * SHA-224 512    32    224
- * SHA-256 512    32    256
- * SHA-384 1024   64    384
- * SHA-512 1024   64    512
- * 

- */
-public class SHA224Digest
-    extends GeneralDigest
-{
-    private static final int    DIGEST_LENGTH = 28;
-
-    private int     H1, H2, H3, H4, H5, H6, H7, H8;
-
-    private int[]   X = new int[64];
-    private int     xOff;
-
-    /**
-     * Standard constructor
-     */
-    public SHA224Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public SHA224Digest(SHA224Digest t)
-    {
-        super(t);
-
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-        H5 = t.H5;
-        H6 = t.H6;
-        H7 = t.H7;
-        H8 = t.H8;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SHA-224";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[]  in,
-        int     inOff)
-    {
-        // Note: Inlined for performance
-//        X[xOff] = Pack.bigEndianToInt(in, inOff);
-        int n = in[  inOff] << 24;
-        n |= (in[++inOff] & 0xff) << 16;
-        n |= (in[++inOff] & 0xff) << 8;
-        n |= (in[++inOff] & 0xff);
-        X[xOff] = n;
-
-        if (++xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long    bitLength)
-    {
-        if (xOff > 14)
-        {
-            processBlock();
-        }
-
-        X[14] = (int)(bitLength >>> 32);
-        X[15] = (int)(bitLength & 0xffffffff);
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        Pack.intToBigEndian(H1, out, outOff);
-        Pack.intToBigEndian(H2, out, outOff + 4);
-        Pack.intToBigEndian(H3, out, outOff + 8);
-        Pack.intToBigEndian(H4, out, outOff + 12);
-        Pack.intToBigEndian(H5, out, outOff + 16);
-        Pack.intToBigEndian(H6, out, outOff + 20);
-        Pack.intToBigEndian(H7, out, outOff + 24);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        super.reset();
-
-        /* SHA-224 initial hash value
-         */
-
-        H1 = 0xc1059ed8;
-        H2 = 0x367cd507;
-        H3 = 0x3070dd17;
-        H4 = 0xf70e5939;
-        H5 = 0xffc00b31;
-        H6 = 0x68581511;
-        H7 = 0x64f98fa7;
-        H8 = 0xbefa4fa4;
-
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    protected void processBlock()
-    {
-        //
-        // expand 16 word block into 64 word blocks.
-        //
-        for (int t = 16; t <= 63; t++)
-        {
-            X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16];
-        }
-
-        //
-        // set up working variables.
-        //
-        int     a = H1;
-        int     b = H2;
-        int     c = H3;
-        int     d = H4;
-        int     e = H5;
-        int     f = H6;
-        int     g = H7;
-        int     h = H8;
-
-
-        int t = 0;     
-        for(int i = 0; i < 8; i ++)
-        {
-            // t = 8 * i
-            h += Sum1(e) + Ch(e, f, g) + K[t] + X[t];
-            d += h;
-            h += Sum0(a) + Maj(a, b, c);
-            ++t;
-
-            // t = 8 * i + 1
-            g += Sum1(d) + Ch(d, e, f) + K[t] + X[t];
-            c += g;
-            g += Sum0(h) + Maj(h, a, b);
-            ++t;
-
-            // t = 8 * i + 2
-            f += Sum1(c) + Ch(c, d, e) + K[t] + X[t];
-            b += f;
-            f += Sum0(g) + Maj(g, h, a);
-            ++t;
-
-            // t = 8 * i + 3
-            e += Sum1(b) + Ch(b, c, d) + K[t] + X[t];
-            a += e;
-            e += Sum0(f) + Maj(f, g, h);
-            ++t;
-
-            // t = 8 * i + 4
-            d += Sum1(a) + Ch(a, b, c) + K[t] + X[t];
-            h += d;
-            d += Sum0(e) + Maj(e, f, g);
-            ++t;
-
-            // t = 8 * i + 5
-            c += Sum1(h) + Ch(h, a, b) + K[t] + X[t];
-            g += c;
-            c += Sum0(d) + Maj(d, e, f);
-            ++t;
-
-            // t = 8 * i + 6
-            b += Sum1(g) + Ch(g, h, a) + K[t] + X[t];
-            f += b;
-            b += Sum0(c) + Maj(c, d, e);
-            ++t;
-
-            // t = 8 * i + 7
-            a += Sum1(f) + Ch(f, g, h) + K[t] + X[t];
-            e += a;
-            a += Sum0(b) + Maj(b, c, d);
-            ++t;
-        }
-
-        H1 += a;
-        H2 += b;
-        H3 += c;
-        H4 += d;
-        H5 += e;
-        H6 += f;
-        H7 += g;
-        H8 += h;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i < 16; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    /* SHA-224 functions */
-    private int Ch(
-        int    x,
-        int    y,
-        int    z)
-    {
-        return ((x & y) ^ ((~x) & z));
-    }
-
-    private int Maj(
-        int    x,
-        int    y,
-        int    z)
-    {
-        return ((x & y) ^ (x & z) ^ (y & z));
-    }
-
-    private int Sum0(
-        int    x)
-    {
-        return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10));
-    }
-
-    private int Sum1(
-        int    x)
-    {
-        return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7));
-    }
-
-    private int Theta0(
-        int    x)
-    {
-        return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3);
-    }
-
-    private int Theta1(
-        int    x)
-    {
-        return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10);
-    }
-
-    /* SHA-224 Constants
-     * (represent the first 32 bits of the fractional parts of the
-     * cube roots of the first sixty-four prime numbers)
-     */
-    static final int K[] = {
-        0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
-        0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
-        0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
-        0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
-        0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
-        0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
-        0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-    };
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java
deleted file mode 100644
index abd9c1bbc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java
+++ /dev/null
@@ -1,295 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-
-import org.bouncycastle.crypto.digests.GeneralDigest;
-import org.bouncycastle.crypto.util.Pack;
-
-
-/**
- * FIPS 180-2 implementation of SHA-256.
- *
- * 
- *         block  word  digest
- * SHA-1   512    32    160
- * SHA-256 512    32    256
- * SHA-384 1024   64    384
- * SHA-512 1024   64    512
- * 

- */
-public class SHA256Digest
-    extends GeneralDigest
-{
-    private static final int    DIGEST_LENGTH = 32;
-
-    private int     H1, H2, H3, H4, H5, H6, H7, H8;
-
-    private int[]   X = new int[64];
-    private int     xOff;
-
-    /**
-     * Standard constructor
-     */
-    public SHA256Digest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public SHA256Digest(SHA256Digest t)
-    {
-        super(t);
-
-        H1 = t.H1;
-        H2 = t.H2;
-        H3 = t.H3;
-        H4 = t.H4;
-        H5 = t.H5;
-        H6 = t.H6;
-        H7 = t.H7;
-        H8 = t.H8;
-
-        System.arraycopy(t.X, 0, X, 0, t.X.length);
-        xOff = t.xOff;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SHA-256";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    protected void processWord(
-        byte[]  in,
-        int     inOff)
-    {
-        // Note: Inlined for performance
-//        X[xOff] = Pack.bigEndianToInt(in, inOff);
-        int n = in[inOff] << 24;
-        n |= (in[++inOff] & 0xff) << 16;
-        n |= (in[++inOff] & 0xff) << 8;
-        n |= (in[++inOff] & 0xff);
-        X[xOff] = n;
-
-        if (++xOff == 16)
-        {
-            processBlock();
-        }
-    }
-
-    protected void processLength(
-        long    bitLength)
-    {
-        if (xOff > 14)
-        {
-            processBlock();
-        }
-
-        X[14] = (int)(bitLength >>> 32);
-        X[15] = (int)(bitLength & 0xffffffff);
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        Pack.intToBigEndian(H1, out, outOff);
-        Pack.intToBigEndian(H2, out, outOff + 4);
-        Pack.intToBigEndian(H3, out, outOff + 8);
-        Pack.intToBigEndian(H4, out, outOff + 12);
-        Pack.intToBigEndian(H5, out, outOff + 16);
-        Pack.intToBigEndian(H6, out, outOff + 20);
-        Pack.intToBigEndian(H7, out, outOff + 24);
-        Pack.intToBigEndian(H8, out, outOff + 28);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        super.reset();
-
-        /* SHA-256 initial hash value
-         * The first 32 bits of the fractional parts of the square roots
-         * of the first eight prime numbers
-         */
-
-        H1 = 0x6a09e667;
-        H2 = 0xbb67ae85;
-        H3 = 0x3c6ef372;
-        H4 = 0xa54ff53a;
-        H5 = 0x510e527f;
-        H6 = 0x9b05688c;
-        H7 = 0x1f83d9ab;
-        H8 = 0x5be0cd19;
-
-        xOff = 0;
-        for (int i = 0; i != X.length; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    protected void processBlock()
-    {
-        //
-        // expand 16 word block into 64 word blocks.
-        //
-        for (int t = 16; t <= 63; t++)
-        {
-            X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16];
-        }
-
-        //
-        // set up working variables.
-        //
-        int     a = H1;
-        int     b = H2;
-        int     c = H3;
-        int     d = H4;
-        int     e = H5;
-        int     f = H6;
-        int     g = H7;
-        int     h = H8;
-
-        int t = 0;     
-        for(int i = 0; i < 8; i ++)
-        {
-            // t = 8 * i
-            h += Sum1(e) + Ch(e, f, g) + K[t] + X[t];
-            d += h;
-            h += Sum0(a) + Maj(a, b, c);
-            ++t;
-
-            // t = 8 * i + 1
-            g += Sum1(d) + Ch(d, e, f) + K[t] + X[t];
-            c += g;
-            g += Sum0(h) + Maj(h, a, b);
-            ++t;
-
-            // t = 8 * i + 2
-            f += Sum1(c) + Ch(c, d, e) + K[t] + X[t];
-            b += f;
-            f += Sum0(g) + Maj(g, h, a);
-            ++t;
-
-            // t = 8 * i + 3
-            e += Sum1(b) + Ch(b, c, d) + K[t] + X[t];
-            a += e;
-            e += Sum0(f) + Maj(f, g, h);
-            ++t;
-
-            // t = 8 * i + 4
-            d += Sum1(a) + Ch(a, b, c) + K[t] + X[t];
-            h += d;
-            d += Sum0(e) + Maj(e, f, g);
-            ++t;
-
-            // t = 8 * i + 5
-            c += Sum1(h) + Ch(h, a, b) + K[t] + X[t];
-            g += c;
-            c += Sum0(d) + Maj(d, e, f);
-            ++t;
-
-            // t = 8 * i + 6
-            b += Sum1(g) + Ch(g, h, a) + K[t] + X[t];
-            f += b;
-            b += Sum0(c) + Maj(c, d, e);
-            ++t;
-
-            // t = 8 * i + 7
-            a += Sum1(f) + Ch(f, g, h) + K[t] + X[t];
-            e += a;
-            a += Sum0(b) + Maj(b, c, d);
-            ++t;
-        }
-
-        H1 += a;
-        H2 += b;
-        H3 += c;
-        H4 += d;
-        H5 += e;
-        H6 += f;
-        H7 += g;
-        H8 += h;
-
-        //
-        // reset the offset and clean out the word buffer.
-        //
-        xOff = 0;
-        for (int i = 0; i < 16; i++)
-        {
-            X[i] = 0;
-        }
-    }
-
-    /* SHA-256 functions */
-    private int Ch(
-        int    x,
-        int    y,
-        int    z)
-    {
-        return (x & y) ^ ((~x) & z);
-    }
-
-    private int Maj(
-        int    x,
-        int    y,
-        int    z)
-    {
-        return (x & y) ^ (x & z) ^ (y & z);
-    }
-
-    private int Sum0(
-        int    x)
-    {
-        return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10));
-    }
-
-    private int Sum1(
-        int    x)
-    {
-        return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7));
-    }
-
-    private int Theta0(
-        int    x)
-    {
-        return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3);
-    }
-
-    private int Theta1(
-        int    x)
-    {
-        return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10);
-    }
-
-    /* SHA-256 Constants
-     * (represent the first 32 bits of the fractional parts of the
-     * cube roots of the first sixty-four prime numbers)
-     */
-    static final int K[] = {
-        0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
-        0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
-        0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
-        0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
-        0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
-        0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
-        0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
-        0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-    };
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java
deleted file mode 100644
index cdd979a9d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.util.Pack;
-
-
-/**
- * FIPS 180-2 implementation of SHA-384.
- *
- * 
- *         block  word  digest
- * SHA-1   512    32    160
- * SHA-256 512    32    256
- * SHA-384 1024   64    384
- * SHA-512 1024   64    512
- * 

- */
-public class SHA384Digest
-    extends LongDigest
-{
-
-    private static final int    DIGEST_LENGTH = 48;
-
-    /**
-     * Standard constructor
-     */
-    public SHA384Digest()
-    {
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public SHA384Digest(SHA384Digest t)
-    {
-        super(t);
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SHA-384";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        Pack.longToBigEndian(H1, out, outOff);
-        Pack.longToBigEndian(H2, out, outOff + 8);
-        Pack.longToBigEndian(H3, out, outOff + 16);
-        Pack.longToBigEndian(H4, out, outOff + 24);
-        Pack.longToBigEndian(H5, out, outOff + 32);
-        Pack.longToBigEndian(H6, out, outOff + 40);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        super.reset();
-
-        /* SHA-384 initial hash value
-         * The first 64 bits of the fractional parts of the square roots
-         * of the 9th through 16th prime numbers
-         */
-        H1 = 0xcbbb9d5dc1059ed8l;
-        H2 = 0x629a292a367cd507l;
-        H3 = 0x9159015a3070dd17l;
-        H4 = 0x152fecd8f70e5939l;
-        H5 = 0x67332667ffc00b31l;
-        H6 = 0x8eb44a8768581511l;
-        H7 = 0xdb0c2e0d64f98fa7l;
-        H8 = 0x47b5481dbefa4fa4l;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java
deleted file mode 100644
index 34a8e4e45..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.util.Pack;
-
-
-/**
- * FIPS 180-2 implementation of SHA-512.
- *
- * 
- *         block  word  digest
- * SHA-1   512    32    160
- * SHA-256 512    32    256
- * SHA-384 1024   64    384
- * SHA-512 1024   64    512
- * 

- */
-public class SHA512Digest
-    extends LongDigest
-{
-    private static final int    DIGEST_LENGTH = 64;
-
-    /**
-     * Standard constructor
-     */
-    public SHA512Digest()
-    {
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public SHA512Digest(SHA512Digest t)
-    {
-        super(t);
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SHA-512";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        Pack.longToBigEndian(H1, out, outOff);
-        Pack.longToBigEndian(H2, out, outOff + 8);
-        Pack.longToBigEndian(H3, out, outOff + 16);
-        Pack.longToBigEndian(H4, out, outOff + 24);
-        Pack.longToBigEndian(H5, out, outOff + 32);
-        Pack.longToBigEndian(H6, out, outOff + 40);
-        Pack.longToBigEndian(H7, out, outOff + 48);
-        Pack.longToBigEndian(H8, out, outOff + 56);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        super.reset();
-
-        /* SHA-512 initial hash value
-         * The first 64 bits of the fractional parts of the square roots
-         * of the first eight prime numbers
-         */
-        H1 = 0x6a09e667f3bcc908L;
-        H2 = 0xbb67ae8584caa73bL;
-        H3 = 0x3c6ef372fe94f82bL;
-        H4 = 0xa54ff53a5f1d36f1L;
-        H5 = 0x510e527fade682d1L;
-        H6 = 0x9b05688c2b3e6c1fL;
-        H7 = 0x1f83d9abfb41bd6bL;
-        H8 = 0x5be0cd19137e2179L;
-    }
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java
deleted file mode 100644
index 89033e806..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.ExtendedDigest;
-
-/**
- * Wrapper class that reduces the output length of a particular digest to
- * only the first n bytes of the digest function.
- */
-public class ShortenedDigest 
-    implements ExtendedDigest
-{
-    private ExtendedDigest baseDigest;
-    private int            length;
-    
-    /**
-     * Base constructor.
-     * 
-     * @param baseDigest underlying digest to use.
-     * @param length length in bytes of the output of doFinal.
-     * @exception IllegalArgumentException if baseDigest is null, or length is greater than baseDigest.getDigestSize().
-     */
-    public ShortenedDigest(
-        ExtendedDigest baseDigest,
-        int            length)
-    {
-        if (baseDigest == null)
-        {
-            throw new IllegalArgumentException("baseDigest must not be null");
-        }
-        
-        if (length > baseDigest.getDigestSize())
-        {
-            throw new IllegalArgumentException("baseDigest output not large enough to support length");
-        }
-        
-        this.baseDigest = baseDigest;
-        this.length = length;
-    }
-    
-    public String getAlgorithmName()
-    {
-        return baseDigest.getAlgorithmName() + "(" + length * 8 + ")";
-    }
-
-    public int getDigestSize()
-    {
-        return length;
-    }
-
-    public void update(byte in)
-    {
-        baseDigest.update(in);
-    }
-
-    public void update(byte[] in, int inOff, int len)
-    {
-        baseDigest.update(in, inOff, len);
-    }
-
-    public int doFinal(byte[] out, int outOff)
-    {
-        byte[] tmp = new byte[baseDigest.getDigestSize()];
-        
-        baseDigest.doFinal(tmp, 0);
-        
-        System.arraycopy(tmp, 0, out, outOff, length);
-        
-        return length;
-    }
-
-    public void reset()
-    {
-        baseDigest.reset();
-    }
-
-    public int getByteLength()
-    {
-        return baseDigest.getByteLength();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java
deleted file mode 100644
index 0062ea920..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java
+++ /dev/null
@@ -1,866 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.ExtendedDigest;
-
-/**
- * implementation of Tiger based on:
- * 
- *  http://www.cs.technion.ac.il/~biham/Reports/Tiger
- */
-public class TigerDigest
-    implements ExtendedDigest
-{
-    private static final int BYTE_LENGTH = 64;
-    
-    /*
-     * S-Boxes.
-     */
-    private static final long[] t1 = {
-        0x02AAB17CF7E90C5EL   /*    0 */,    0xAC424B03E243A8ECL   /*    1 */,
-        0x72CD5BE30DD5FCD3L   /*    2 */,    0x6D019B93F6F97F3AL   /*    3 */,
-        0xCD9978FFD21F9193L   /*    4 */,    0x7573A1C9708029E2L   /*    5 */,
-        0xB164326B922A83C3L   /*    6 */,    0x46883EEE04915870L   /*    7 */,
-        0xEAACE3057103ECE6L   /*    8 */,    0xC54169B808A3535CL   /*    9 */,
-        0x4CE754918DDEC47CL   /*   10 */,    0x0AA2F4DFDC0DF40CL   /*   11 */,
-        0x10B76F18A74DBEFAL   /*   12 */,    0xC6CCB6235AD1AB6AL   /*   13 */,
-        0x13726121572FE2FFL   /*   14 */,    0x1A488C6F199D921EL   /*   15 */,
-        0x4BC9F9F4DA0007CAL   /*   16 */,    0x26F5E6F6E85241C7L   /*   17 */,
-        0x859079DBEA5947B6L   /*   18 */,    0x4F1885C5C99E8C92L   /*   19 */,
-        0xD78E761EA96F864BL   /*   20 */,    0x8E36428C52B5C17DL   /*   21 */,
-        0x69CF6827373063C1L   /*   22 */,    0xB607C93D9BB4C56EL   /*   23 */,
-        0x7D820E760E76B5EAL   /*   24 */,    0x645C9CC6F07FDC42L   /*   25 */,
-        0xBF38A078243342E0L   /*   26 */,    0x5F6B343C9D2E7D04L   /*   27 */,
-        0xF2C28AEB600B0EC6L   /*   28 */,    0x6C0ED85F7254BCACL   /*   29 */,
-        0x71592281A4DB4FE5L   /*   30 */,    0x1967FA69CE0FED9FL   /*   31 */,
-        0xFD5293F8B96545DBL   /*   32 */,    0xC879E9D7F2A7600BL   /*   33 */,
-        0x860248920193194EL   /*   34 */,    0xA4F9533B2D9CC0B3L   /*   35 */,
-        0x9053836C15957613L   /*   36 */,    0xDB6DCF8AFC357BF1L   /*   37 */,
-        0x18BEEA7A7A370F57L   /*   38 */,    0x037117CA50B99066L   /*   39 */,
-        0x6AB30A9774424A35L   /*   40 */,    0xF4E92F02E325249BL   /*   41 */,
-        0x7739DB07061CCAE1L   /*   42 */,    0xD8F3B49CECA42A05L   /*   43 */,
-        0xBD56BE3F51382F73L   /*   44 */,    0x45FAED5843B0BB28L   /*   45 */,
-        0x1C813D5C11BF1F83L   /*   46 */,    0x8AF0E4B6D75FA169L   /*   47 */,
-        0x33EE18A487AD9999L   /*   48 */,    0x3C26E8EAB1C94410L   /*   49 */,
-        0xB510102BC0A822F9L   /*   50 */,    0x141EEF310CE6123BL   /*   51 */,
-        0xFC65B90059DDB154L   /*   52 */,    0xE0158640C5E0E607L   /*   53 */,
-        0x884E079826C3A3CFL   /*   54 */,    0x930D0D9523C535FDL   /*   55 */,
-        0x35638D754E9A2B00L   /*   56 */,    0x4085FCCF40469DD5L   /*   57 */,
-        0xC4B17AD28BE23A4CL   /*   58 */,    0xCAB2F0FC6A3E6A2EL   /*   59 */,
-        0x2860971A6B943FCDL   /*   60 */,    0x3DDE6EE212E30446L   /*   61 */,
-        0x6222F32AE01765AEL   /*   62 */,    0x5D550BB5478308FEL   /*   63 */,
-        0xA9EFA98DA0EDA22AL   /*   64 */,    0xC351A71686C40DA7L   /*   65 */,
-        0x1105586D9C867C84L   /*   66 */,    0xDCFFEE85FDA22853L   /*   67 */,
-        0xCCFBD0262C5EEF76L   /*   68 */,    0xBAF294CB8990D201L   /*   69 */,
-        0xE69464F52AFAD975L   /*   70 */,    0x94B013AFDF133E14L   /*   71 */,
-        0x06A7D1A32823C958L   /*   72 */,    0x6F95FE5130F61119L   /*   73 */,
-        0xD92AB34E462C06C0L   /*   74 */,    0xED7BDE33887C71D2L   /*   75 */,
-        0x79746D6E6518393EL   /*   76 */,    0x5BA419385D713329L   /*   77 */,
-        0x7C1BA6B948A97564L   /*   78 */,    0x31987C197BFDAC67L   /*   79 */,
-        0xDE6C23C44B053D02L   /*   80 */,    0x581C49FED002D64DL   /*   81 */,
-        0xDD474D6338261571L   /*   82 */,    0xAA4546C3E473D062L   /*   83 */,
-        0x928FCE349455F860L   /*   84 */,    0x48161BBACAAB94D9L   /*   85 */,
-        0x63912430770E6F68L   /*   86 */,    0x6EC8A5E602C6641CL   /*   87 */,
-        0x87282515337DDD2BL   /*   88 */,    0x2CDA6B42034B701BL   /*   89 */,
-        0xB03D37C181CB096DL   /*   90 */,    0xE108438266C71C6FL   /*   91 */,
-        0x2B3180C7EB51B255L   /*   92 */,    0xDF92B82F96C08BBCL   /*   93 */,
-        0x5C68C8C0A632F3BAL   /*   94 */,    0x5504CC861C3D0556L   /*   95 */,
-        0xABBFA4E55FB26B8FL   /*   96 */,    0x41848B0AB3BACEB4L   /*   97 */,
-        0xB334A273AA445D32L   /*   98 */,    0xBCA696F0A85AD881L   /*   99 */,
-        0x24F6EC65B528D56CL   /*  100 */,    0x0CE1512E90F4524AL   /*  101 */,
-        0x4E9DD79D5506D35AL   /*  102 */,    0x258905FAC6CE9779L   /*  103 */,
-        0x2019295B3E109B33L   /*  104 */,    0xF8A9478B73A054CCL   /*  105 */,
-        0x2924F2F934417EB0L   /*  106 */,    0x3993357D536D1BC4L   /*  107 */,
-        0x38A81AC21DB6FF8BL   /*  108 */,    0x47C4FBF17D6016BFL   /*  109 */,
-        0x1E0FAADD7667E3F5L   /*  110 */,    0x7ABCFF62938BEB96L   /*  111 */,
-        0xA78DAD948FC179C9L   /*  112 */,    0x8F1F98B72911E50DL   /*  113 */,
-        0x61E48EAE27121A91L   /*  114 */,    0x4D62F7AD31859808L   /*  115 */,
-        0xECEBA345EF5CEAEBL   /*  116 */,    0xF5CEB25EBC9684CEL   /*  117 */,
-        0xF633E20CB7F76221L   /*  118 */,    0xA32CDF06AB8293E4L   /*  119 */,
-        0x985A202CA5EE2CA4L   /*  120 */,    0xCF0B8447CC8A8FB1L   /*  121 */,
-        0x9F765244979859A3L   /*  122 */,    0xA8D516B1A1240017L   /*  123 */,
-        0x0BD7BA3EBB5DC726L   /*  124 */,    0xE54BCA55B86ADB39L   /*  125 */,
-        0x1D7A3AFD6C478063L   /*  126 */,    0x519EC608E7669EDDL   /*  127 */,
-        0x0E5715A2D149AA23L   /*  128 */,    0x177D4571848FF194L   /*  129 */,
-        0xEEB55F3241014C22L   /*  130 */,    0x0F5E5CA13A6E2EC2L   /*  131 */,
-        0x8029927B75F5C361L   /*  132 */,    0xAD139FABC3D6E436L   /*  133 */,
-        0x0D5DF1A94CCF402FL   /*  134 */,    0x3E8BD948BEA5DFC8L   /*  135 */,
-        0xA5A0D357BD3FF77EL   /*  136 */,    0xA2D12E251F74F645L   /*  137 */,
-        0x66FD9E525E81A082L   /*  138 */,    0x2E0C90CE7F687A49L   /*  139 */,
-        0xC2E8BCBEBA973BC5L   /*  140 */,    0x000001BCE509745FL   /*  141 */,
-        0x423777BBE6DAB3D6L   /*  142 */,    0xD1661C7EAEF06EB5L   /*  143 */,
-        0xA1781F354DAACFD8L   /*  144 */,    0x2D11284A2B16AFFCL   /*  145 */,
-        0xF1FC4F67FA891D1FL   /*  146 */,    0x73ECC25DCB920ADAL   /*  147 */,
-        0xAE610C22C2A12651L   /*  148 */,    0x96E0A810D356B78AL   /*  149 */,
-        0x5A9A381F2FE7870FL   /*  150 */,    0xD5AD62EDE94E5530L   /*  151 */,
-        0xD225E5E8368D1427L   /*  152 */,    0x65977B70C7AF4631L   /*  153 */,
-        0x99F889B2DE39D74FL   /*  154 */,    0x233F30BF54E1D143L   /*  155 */,
-        0x9A9675D3D9A63C97L   /*  156 */,    0x5470554FF334F9A8L   /*  157 */,
-        0x166ACB744A4F5688L   /*  158 */,    0x70C74CAAB2E4AEADL   /*  159 */,
-        0xF0D091646F294D12L   /*  160 */,    0x57B82A89684031D1L   /*  161 */,
-        0xEFD95A5A61BE0B6BL   /*  162 */,    0x2FBD12E969F2F29AL   /*  163 */,
-        0x9BD37013FEFF9FE8L   /*  164 */,    0x3F9B0404D6085A06L   /*  165 */,
-        0x4940C1F3166CFE15L   /*  166 */,    0x09542C4DCDF3DEFBL   /*  167 */,
-        0xB4C5218385CD5CE3L   /*  168 */,    0xC935B7DC4462A641L   /*  169 */,
-        0x3417F8A68ED3B63FL   /*  170 */,    0xB80959295B215B40L   /*  171 */,
-        0xF99CDAEF3B8C8572L   /*  172 */,    0x018C0614F8FCB95DL   /*  173 */,
-        0x1B14ACCD1A3ACDF3L   /*  174 */,    0x84D471F200BB732DL   /*  175 */,
-        0xC1A3110E95E8DA16L   /*  176 */,    0x430A7220BF1A82B8L   /*  177 */,
-        0xB77E090D39DF210EL   /*  178 */,    0x5EF4BD9F3CD05E9DL   /*  179 */,
-        0x9D4FF6DA7E57A444L   /*  180 */,    0xDA1D60E183D4A5F8L   /*  181 */,
-        0xB287C38417998E47L   /*  182 */,    0xFE3EDC121BB31886L   /*  183 */,
-        0xC7FE3CCC980CCBEFL   /*  184 */,    0xE46FB590189BFD03L   /*  185 */,
-        0x3732FD469A4C57DCL   /*  186 */,    0x7EF700A07CF1AD65L   /*  187 */,
-        0x59C64468A31D8859L   /*  188 */,    0x762FB0B4D45B61F6L   /*  189 */,
-        0x155BAED099047718L   /*  190 */,    0x68755E4C3D50BAA6L   /*  191 */,
-        0xE9214E7F22D8B4DFL   /*  192 */,    0x2ADDBF532EAC95F4L   /*  193 */,
-        0x32AE3909B4BD0109L   /*  194 */,    0x834DF537B08E3450L   /*  195 */,
-        0xFA209DA84220728DL   /*  196 */,    0x9E691D9B9EFE23F7L   /*  197 */,
-        0x0446D288C4AE8D7FL   /*  198 */,    0x7B4CC524E169785BL   /*  199 */,
-        0x21D87F0135CA1385L   /*  200 */,    0xCEBB400F137B8AA5L   /*  201 */,
-        0x272E2B66580796BEL   /*  202 */,    0x3612264125C2B0DEL   /*  203 */,
-        0x057702BDAD1EFBB2L   /*  204 */,    0xD4BABB8EACF84BE9L   /*  205 */,
-        0x91583139641BC67BL   /*  206 */,    0x8BDC2DE08036E024L   /*  207 */,
-        0x603C8156F49F68EDL   /*  208 */,    0xF7D236F7DBEF5111L   /*  209 */,
-        0x9727C4598AD21E80L   /*  210 */,    0xA08A0896670A5FD7L   /*  211 */,
-        0xCB4A8F4309EBA9CBL   /*  212 */,    0x81AF564B0F7036A1L   /*  213 */,
-        0xC0B99AA778199ABDL   /*  214 */,    0x959F1EC83FC8E952L   /*  215 */,
-        0x8C505077794A81B9L   /*  216 */,    0x3ACAAF8F056338F0L   /*  217 */,
-        0x07B43F50627A6778L   /*  218 */,    0x4A44AB49F5ECCC77L   /*  219 */,
-        0x3BC3D6E4B679EE98L   /*  220 */,    0x9CC0D4D1CF14108CL   /*  221 */,
-        0x4406C00B206BC8A0L   /*  222 */,    0x82A18854C8D72D89L   /*  223 */,
-        0x67E366B35C3C432CL   /*  224 */,    0xB923DD61102B37F2L   /*  225 */,
-        0x56AB2779D884271DL   /*  226 */,    0xBE83E1B0FF1525AFL   /*  227 */,
-        0xFB7C65D4217E49A9L   /*  228 */,    0x6BDBE0E76D48E7D4L   /*  229 */,
-        0x08DF828745D9179EL   /*  230 */,    0x22EA6A9ADD53BD34L   /*  231 */,
-        0xE36E141C5622200AL   /*  232 */,    0x7F805D1B8CB750EEL   /*  233 */,
-        0xAFE5C7A59F58E837L   /*  234 */,    0xE27F996A4FB1C23CL   /*  235 */,
-        0xD3867DFB0775F0D0L   /*  236 */,    0xD0E673DE6E88891AL   /*  237 */,
-        0x123AEB9EAFB86C25L   /*  238 */,    0x30F1D5D5C145B895L   /*  239 */,
-        0xBB434A2DEE7269E7L   /*  240 */,    0x78CB67ECF931FA38L   /*  241 */,
-        0xF33B0372323BBF9CL   /*  242 */,    0x52D66336FB279C74L   /*  243 */,
-        0x505F33AC0AFB4EAAL   /*  244 */,    0xE8A5CD99A2CCE187L   /*  245 */,
-        0x534974801E2D30BBL   /*  246 */,    0x8D2D5711D5876D90L   /*  247 */,
-        0x1F1A412891BC038EL   /*  248 */,    0xD6E2E71D82E56648L   /*  249 */,
-        0x74036C3A497732B7L   /*  250 */,    0x89B67ED96361F5ABL   /*  251 */,
-        0xFFED95D8F1EA02A2L   /*  252 */,    0xE72B3BD61464D43DL   /*  253 */,
-        0xA6300F170BDC4820L   /*  254 */,    0xEBC18760ED78A77AL   /*  255 */,
-    };
-
-    private static final long[] t2 = {
-        0xE6A6BE5A05A12138L   /*  256 */,    0xB5A122A5B4F87C98L   /*  257 */,
-        0x563C6089140B6990L   /*  258 */,    0x4C46CB2E391F5DD5L   /*  259 */,
-        0xD932ADDBC9B79434L   /*  260 */,    0x08EA70E42015AFF5L   /*  261 */,
-        0xD765A6673E478CF1L   /*  262 */,    0xC4FB757EAB278D99L   /*  263 */,
-        0xDF11C6862D6E0692L   /*  264 */,    0xDDEB84F10D7F3B16L   /*  265 */,
-        0x6F2EF604A665EA04L   /*  266 */,    0x4A8E0F0FF0E0DFB3L   /*  267 */,
-        0xA5EDEEF83DBCBA51L   /*  268 */,    0xFC4F0A2A0EA4371EL   /*  269 */,
-        0xE83E1DA85CB38429L   /*  270 */,    0xDC8FF882BA1B1CE2L   /*  271 */,
-        0xCD45505E8353E80DL   /*  272 */,    0x18D19A00D4DB0717L   /*  273 */,
-        0x34A0CFEDA5F38101L   /*  274 */,    0x0BE77E518887CAF2L   /*  275 */,
-        0x1E341438B3C45136L   /*  276 */,    0xE05797F49089CCF9L   /*  277 */,
-        0xFFD23F9DF2591D14L   /*  278 */,    0x543DDA228595C5CDL   /*  279 */,
-        0x661F81FD99052A33L   /*  280 */,    0x8736E641DB0F7B76L   /*  281 */,
-        0x15227725418E5307L   /*  282 */,    0xE25F7F46162EB2FAL   /*  283 */,
-        0x48A8B2126C13D9FEL   /*  284 */,    0xAFDC541792E76EEAL   /*  285 */,
-        0x03D912BFC6D1898FL   /*  286 */,    0x31B1AAFA1B83F51BL   /*  287 */,
-        0xF1AC2796E42AB7D9L   /*  288 */,    0x40A3A7D7FCD2EBACL   /*  289 */,
-        0x1056136D0AFBBCC5L   /*  290 */,    0x7889E1DD9A6D0C85L   /*  291 */,
-        0xD33525782A7974AAL   /*  292 */,    0xA7E25D09078AC09BL   /*  293 */,
-        0xBD4138B3EAC6EDD0L   /*  294 */,    0x920ABFBE71EB9E70L   /*  295 */,
-        0xA2A5D0F54FC2625CL   /*  296 */,    0xC054E36B0B1290A3L   /*  297 */,
-        0xF6DD59FF62FE932BL   /*  298 */,    0x3537354511A8AC7DL   /*  299 */,
-        0xCA845E9172FADCD4L   /*  300 */,    0x84F82B60329D20DCL   /*  301 */,
-        0x79C62CE1CD672F18L   /*  302 */,    0x8B09A2ADD124642CL   /*  303 */,
-        0xD0C1E96A19D9E726L   /*  304 */,    0x5A786A9B4BA9500CL   /*  305 */,
-        0x0E020336634C43F3L   /*  306 */,    0xC17B474AEB66D822L   /*  307 */,
-        0x6A731AE3EC9BAAC2L   /*  308 */,    0x8226667AE0840258L   /*  309 */,
-        0x67D4567691CAECA5L   /*  310 */,    0x1D94155C4875ADB5L   /*  311 */,
-        0x6D00FD985B813FDFL   /*  312 */,    0x51286EFCB774CD06L   /*  313 */,
-        0x5E8834471FA744AFL   /*  314 */,    0xF72CA0AEE761AE2EL   /*  315 */,
-        0xBE40E4CDAEE8E09AL   /*  316 */,    0xE9970BBB5118F665L   /*  317 */,
-        0x726E4BEB33DF1964L   /*  318 */,    0x703B000729199762L   /*  319 */,
-        0x4631D816F5EF30A7L   /*  320 */,    0xB880B5B51504A6BEL   /*  321 */,
-        0x641793C37ED84B6CL   /*  322 */,    0x7B21ED77F6E97D96L   /*  323 */,
-        0x776306312EF96B73L   /*  324 */,    0xAE528948E86FF3F4L   /*  325 */,
-        0x53DBD7F286A3F8F8L   /*  326 */,    0x16CADCE74CFC1063L   /*  327 */,
-        0x005C19BDFA52C6DDL   /*  328 */,    0x68868F5D64D46AD3L   /*  329 */,
-        0x3A9D512CCF1E186AL   /*  330 */,    0x367E62C2385660AEL   /*  331 */,
-        0xE359E7EA77DCB1D7L   /*  332 */,    0x526C0773749ABE6EL   /*  333 */,
-        0x735AE5F9D09F734BL   /*  334 */,    0x493FC7CC8A558BA8L   /*  335 */,
-        0xB0B9C1533041AB45L   /*  336 */,    0x321958BA470A59BDL   /*  337 */,
-        0x852DB00B5F46C393L   /*  338 */,    0x91209B2BD336B0E5L   /*  339 */,
-        0x6E604F7D659EF19FL   /*  340 */,    0xB99A8AE2782CCB24L   /*  341 */,
-        0xCCF52AB6C814C4C7L   /*  342 */,    0x4727D9AFBE11727BL   /*  343 */,
-        0x7E950D0C0121B34DL   /*  344 */,    0x756F435670AD471FL   /*  345 */,
-        0xF5ADD442615A6849L   /*  346 */,    0x4E87E09980B9957AL   /*  347 */,
-        0x2ACFA1DF50AEE355L   /*  348 */,    0xD898263AFD2FD556L   /*  349 */,
-        0xC8F4924DD80C8FD6L   /*  350 */,    0xCF99CA3D754A173AL   /*  351 */,
-        0xFE477BACAF91BF3CL   /*  352 */,    0xED5371F6D690C12DL   /*  353 */,
-        0x831A5C285E687094L   /*  354 */,    0xC5D3C90A3708A0A4L   /*  355 */,
-        0x0F7F903717D06580L   /*  356 */,    0x19F9BB13B8FDF27FL   /*  357 */,
-        0xB1BD6F1B4D502843L   /*  358 */,    0x1C761BA38FFF4012L   /*  359 */,
-        0x0D1530C4E2E21F3BL   /*  360 */,    0x8943CE69A7372C8AL   /*  361 */,
-        0xE5184E11FEB5CE66L   /*  362 */,    0x618BDB80BD736621L   /*  363 */,
-        0x7D29BAD68B574D0BL   /*  364 */,    0x81BB613E25E6FE5BL   /*  365 */,
-        0x071C9C10BC07913FL   /*  366 */,    0xC7BEEB7909AC2D97L   /*  367 */,
-        0xC3E58D353BC5D757L   /*  368 */,    0xEB017892F38F61E8L   /*  369 */,
-        0xD4EFFB9C9B1CC21AL   /*  370 */,    0x99727D26F494F7ABL   /*  371 */,
-        0xA3E063A2956B3E03L   /*  372 */,    0x9D4A8B9A4AA09C30L   /*  373 */,
-        0x3F6AB7D500090FB4L   /*  374 */,    0x9CC0F2A057268AC0L   /*  375 */,
-        0x3DEE9D2DEDBF42D1L   /*  376 */,    0x330F49C87960A972L   /*  377 */,
-        0xC6B2720287421B41L   /*  378 */,    0x0AC59EC07C00369CL   /*  379 */,
-        0xEF4EAC49CB353425L   /*  380 */,    0xF450244EEF0129D8L   /*  381 */,
-        0x8ACC46E5CAF4DEB6L   /*  382 */,    0x2FFEAB63989263F7L   /*  383 */,
-        0x8F7CB9FE5D7A4578L   /*  384 */,    0x5BD8F7644E634635L   /*  385 */,
-        0x427A7315BF2DC900L   /*  386 */,    0x17D0C4AA2125261CL   /*  387 */,
-        0x3992486C93518E50L   /*  388 */,    0xB4CBFEE0A2D7D4C3L   /*  389 */,
-        0x7C75D6202C5DDD8DL   /*  390 */,    0xDBC295D8E35B6C61L   /*  391 */,
-        0x60B369D302032B19L   /*  392 */,    0xCE42685FDCE44132L   /*  393 */,
-        0x06F3DDB9DDF65610L   /*  394 */,    0x8EA4D21DB5E148F0L   /*  395 */,
-        0x20B0FCE62FCD496FL   /*  396 */,    0x2C1B912358B0EE31L   /*  397 */,
-        0xB28317B818F5A308L   /*  398 */,    0xA89C1E189CA6D2CFL   /*  399 */,
-        0x0C6B18576AAADBC8L   /*  400 */,    0xB65DEAA91299FAE3L   /*  401 */,
-        0xFB2B794B7F1027E7L   /*  402 */,    0x04E4317F443B5BEBL   /*  403 */,
-        0x4B852D325939D0A6L   /*  404 */,    0xD5AE6BEEFB207FFCL   /*  405 */,
-        0x309682B281C7D374L   /*  406 */,    0xBAE309A194C3B475L   /*  407 */,
-        0x8CC3F97B13B49F05L   /*  408 */,    0x98A9422FF8293967L   /*  409 */,
-        0x244B16B01076FF7CL   /*  410 */,    0xF8BF571C663D67EEL   /*  411 */,
-        0x1F0D6758EEE30DA1L   /*  412 */,    0xC9B611D97ADEB9B7L   /*  413 */,
-        0xB7AFD5887B6C57A2L   /*  414 */,    0x6290AE846B984FE1L   /*  415 */,
-        0x94DF4CDEACC1A5FDL   /*  416 */,    0x058A5BD1C5483AFFL   /*  417 */,
-        0x63166CC142BA3C37L   /*  418 */,    0x8DB8526EB2F76F40L   /*  419 */,
-        0xE10880036F0D6D4EL   /*  420 */,    0x9E0523C9971D311DL   /*  421 */,
-        0x45EC2824CC7CD691L   /*  422 */,    0x575B8359E62382C9L   /*  423 */,
-        0xFA9E400DC4889995L   /*  424 */,    0xD1823ECB45721568L   /*  425 */,
-        0xDAFD983B8206082FL   /*  426 */,    0xAA7D29082386A8CBL   /*  427 */,
-        0x269FCD4403B87588L   /*  428 */,    0x1B91F5F728BDD1E0L   /*  429 */,
-        0xE4669F39040201F6L   /*  430 */,    0x7A1D7C218CF04ADEL   /*  431 */,
-        0x65623C29D79CE5CEL   /*  432 */,    0x2368449096C00BB1L   /*  433 */,
-        0xAB9BF1879DA503BAL   /*  434 */,    0xBC23ECB1A458058EL   /*  435 */,
-        0x9A58DF01BB401ECCL   /*  436 */,    0xA070E868A85F143DL   /*  437 */,
-        0x4FF188307DF2239EL   /*  438 */,    0x14D565B41A641183L   /*  439 */,
-        0xEE13337452701602L   /*  440 */,    0x950E3DCF3F285E09L   /*  441 */,
-        0x59930254B9C80953L   /*  442 */,    0x3BF299408930DA6DL   /*  443 */,
-        0xA955943F53691387L   /*  444 */,    0xA15EDECAA9CB8784L   /*  445 */,
-        0x29142127352BE9A0L   /*  446 */,    0x76F0371FFF4E7AFBL   /*  447 */,
-        0x0239F450274F2228L   /*  448 */,    0xBB073AF01D5E868BL   /*  449 */,
-        0xBFC80571C10E96C1L   /*  450 */,    0xD267088568222E23L   /*  451 */,
-        0x9671A3D48E80B5B0L   /*  452 */,    0x55B5D38AE193BB81L   /*  453 */,
-        0x693AE2D0A18B04B8L   /*  454 */,    0x5C48B4ECADD5335FL   /*  455 */,
-        0xFD743B194916A1CAL   /*  456 */,    0x2577018134BE98C4L   /*  457 */,
-        0xE77987E83C54A4ADL   /*  458 */,    0x28E11014DA33E1B9L   /*  459 */,
-        0x270CC59E226AA213L   /*  460 */,    0x71495F756D1A5F60L   /*  461 */,
-        0x9BE853FB60AFEF77L   /*  462 */,    0xADC786A7F7443DBFL   /*  463 */,
-        0x0904456173B29A82L   /*  464 */,    0x58BC7A66C232BD5EL   /*  465 */,
-        0xF306558C673AC8B2L   /*  466 */,    0x41F639C6B6C9772AL   /*  467 */,
-        0x216DEFE99FDA35DAL   /*  468 */,    0x11640CC71C7BE615L   /*  469 */,
-        0x93C43694565C5527L   /*  470 */,    0xEA038E6246777839L   /*  471 */,
-        0xF9ABF3CE5A3E2469L   /*  472 */,    0x741E768D0FD312D2L   /*  473 */,
-        0x0144B883CED652C6L   /*  474 */,    0xC20B5A5BA33F8552L   /*  475 */,
-        0x1AE69633C3435A9DL   /*  476 */,    0x97A28CA4088CFDECL   /*  477 */,
-        0x8824A43C1E96F420L   /*  478 */,    0x37612FA66EEEA746L   /*  479 */,
-        0x6B4CB165F9CF0E5AL   /*  480 */,    0x43AA1C06A0ABFB4AL   /*  481 */,
-        0x7F4DC26FF162796BL   /*  482 */,    0x6CBACC8E54ED9B0FL   /*  483 */,
-        0xA6B7FFEFD2BB253EL   /*  484 */,    0x2E25BC95B0A29D4FL   /*  485 */,
-        0x86D6A58BDEF1388CL   /*  486 */,    0xDED74AC576B6F054L   /*  487 */,
-        0x8030BDBC2B45805DL   /*  488 */,    0x3C81AF70E94D9289L   /*  489 */,
-        0x3EFF6DDA9E3100DBL   /*  490 */,    0xB38DC39FDFCC8847L   /*  491 */,
-        0x123885528D17B87EL   /*  492 */,    0xF2DA0ED240B1B642L   /*  493 */,
-        0x44CEFADCD54BF9A9L   /*  494 */,    0x1312200E433C7EE6L   /*  495 */,
-        0x9FFCC84F3A78C748L   /*  496 */,    0xF0CD1F72248576BBL   /*  497 */,
-        0xEC6974053638CFE4L   /*  498 */,    0x2BA7B67C0CEC4E4CL   /*  499 */,
-        0xAC2F4DF3E5CE32EDL   /*  500 */,    0xCB33D14326EA4C11L   /*  501 */,
-        0xA4E9044CC77E58BCL   /*  502 */,    0x5F513293D934FCEFL   /*  503 */,
-        0x5DC9645506E55444L   /*  504 */,    0x50DE418F317DE40AL   /*  505 */,
-        0x388CB31A69DDE259L   /*  506 */,    0x2DB4A83455820A86L   /*  507 */,
-        0x9010A91E84711AE9L   /*  508 */,    0x4DF7F0B7B1498371L   /*  509 */,
-        0xD62A2EABC0977179L   /*  510 */,    0x22FAC097AA8D5C0EL   /*  511 */,
-    };
-
-    private static final long[] t3 = {
-        0xF49FCC2FF1DAF39BL   /*  512 */,    0x487FD5C66FF29281L   /*  513 */,
-        0xE8A30667FCDCA83FL   /*  514 */,    0x2C9B4BE3D2FCCE63L   /*  515 */,
-        0xDA3FF74B93FBBBC2L   /*  516 */,    0x2FA165D2FE70BA66L   /*  517 */,
-        0xA103E279970E93D4L   /*  518 */,    0xBECDEC77B0E45E71L   /*  519 */,
-        0xCFB41E723985E497L   /*  520 */,    0xB70AAA025EF75017L   /*  521 */,
-        0xD42309F03840B8E0L   /*  522 */,    0x8EFC1AD035898579L   /*  523 */,
-        0x96C6920BE2B2ABC5L   /*  524 */,    0x66AF4163375A9172L   /*  525 */,
-        0x2174ABDCCA7127FBL   /*  526 */,    0xB33CCEA64A72FF41L   /*  527 */,
-        0xF04A4933083066A5L   /*  528 */,    0x8D970ACDD7289AF5L   /*  529 */,
-        0x8F96E8E031C8C25EL   /*  530 */,    0xF3FEC02276875D47L   /*  531 */,
-        0xEC7BF310056190DDL   /*  532 */,    0xF5ADB0AEBB0F1491L   /*  533 */,
-        0x9B50F8850FD58892L   /*  534 */,    0x4975488358B74DE8L   /*  535 */,
-        0xA3354FF691531C61L   /*  536 */,    0x0702BBE481D2C6EEL   /*  537 */,
-        0x89FB24057DEDED98L   /*  538 */,    0xAC3075138596E902L   /*  539 */,
-        0x1D2D3580172772EDL   /*  540 */,    0xEB738FC28E6BC30DL   /*  541 */,
-        0x5854EF8F63044326L   /*  542 */,    0x9E5C52325ADD3BBEL   /*  543 */,
-        0x90AA53CF325C4623L   /*  544 */,    0xC1D24D51349DD067L   /*  545 */,
-        0x2051CFEEA69EA624L   /*  546 */,    0x13220F0A862E7E4FL   /*  547 */,
-        0xCE39399404E04864L   /*  548 */,    0xD9C42CA47086FCB7L   /*  549 */,
-        0x685AD2238A03E7CCL   /*  550 */,    0x066484B2AB2FF1DBL   /*  551 */,
-        0xFE9D5D70EFBF79ECL   /*  552 */,    0x5B13B9DD9C481854L   /*  553 */,
-        0x15F0D475ED1509ADL   /*  554 */,    0x0BEBCD060EC79851L   /*  555 */,
-        0xD58C6791183AB7F8L   /*  556 */,    0xD1187C5052F3EEE4L   /*  557 */,
-        0xC95D1192E54E82FFL   /*  558 */,    0x86EEA14CB9AC6CA2L   /*  559 */,
-        0x3485BEB153677D5DL   /*  560 */,    0xDD191D781F8C492AL   /*  561 */,
-        0xF60866BAA784EBF9L   /*  562 */,    0x518F643BA2D08C74L   /*  563 */,
-        0x8852E956E1087C22L   /*  564 */,    0xA768CB8DC410AE8DL   /*  565 */,
-        0x38047726BFEC8E1AL   /*  566 */,    0xA67738B4CD3B45AAL   /*  567 */,
-        0xAD16691CEC0DDE19L   /*  568 */,    0xC6D4319380462E07L   /*  569 */,
-        0xC5A5876D0BA61938L   /*  570 */,    0x16B9FA1FA58FD840L   /*  571 */,
-        0x188AB1173CA74F18L   /*  572 */,    0xABDA2F98C99C021FL   /*  573 */,
-        0x3E0580AB134AE816L   /*  574 */,    0x5F3B05B773645ABBL   /*  575 */,
-        0x2501A2BE5575F2F6L   /*  576 */,    0x1B2F74004E7E8BA9L   /*  577 */,
-        0x1CD7580371E8D953L   /*  578 */,    0x7F6ED89562764E30L   /*  579 */,
-        0xB15926FF596F003DL   /*  580 */,    0x9F65293DA8C5D6B9L   /*  581 */,
-        0x6ECEF04DD690F84CL   /*  582 */,    0x4782275FFF33AF88L   /*  583 */,
-        0xE41433083F820801L   /*  584 */,    0xFD0DFE409A1AF9B5L   /*  585 */,
-        0x4325A3342CDB396BL   /*  586 */,    0x8AE77E62B301B252L   /*  587 */,
-        0xC36F9E9F6655615AL   /*  588 */,    0x85455A2D92D32C09L   /*  589 */,
-        0xF2C7DEA949477485L   /*  590 */,    0x63CFB4C133A39EBAL   /*  591 */,
-        0x83B040CC6EBC5462L   /*  592 */,    0x3B9454C8FDB326B0L   /*  593 */,
-        0x56F56A9E87FFD78CL   /*  594 */,    0x2DC2940D99F42BC6L   /*  595 */,
-        0x98F7DF096B096E2DL   /*  596 */,    0x19A6E01E3AD852BFL   /*  597 */,
-        0x42A99CCBDBD4B40BL   /*  598 */,    0xA59998AF45E9C559L   /*  599 */,
-        0x366295E807D93186L   /*  600 */,    0x6B48181BFAA1F773L   /*  601 */,
-        0x1FEC57E2157A0A1DL   /*  602 */,    0x4667446AF6201AD5L   /*  603 */,
-        0xE615EBCACFB0F075L   /*  604 */,    0xB8F31F4F68290778L   /*  605 */,
-        0x22713ED6CE22D11EL   /*  606 */,    0x3057C1A72EC3C93BL   /*  607 */,
-        0xCB46ACC37C3F1F2FL   /*  608 */,    0xDBB893FD02AAF50EL   /*  609 */,
-        0x331FD92E600B9FCFL   /*  610 */,    0xA498F96148EA3AD6L   /*  611 */,
-        0xA8D8426E8B6A83EAL   /*  612 */,    0xA089B274B7735CDCL   /*  613 */,
-        0x87F6B3731E524A11L   /*  614 */,    0x118808E5CBC96749L   /*  615 */,
-        0x9906E4C7B19BD394L   /*  616 */,    0xAFED7F7E9B24A20CL   /*  617 */,
-        0x6509EADEEB3644A7L   /*  618 */,    0x6C1EF1D3E8EF0EDEL   /*  619 */,
-        0xB9C97D43E9798FB4L   /*  620 */,    0xA2F2D784740C28A3L   /*  621 */,
-        0x7B8496476197566FL   /*  622 */,    0x7A5BE3E6B65F069DL   /*  623 */,
-        0xF96330ED78BE6F10L   /*  624 */,    0xEEE60DE77A076A15L   /*  625 */,
-        0x2B4BEE4AA08B9BD0L   /*  626 */,    0x6A56A63EC7B8894EL   /*  627 */,
-        0x02121359BA34FEF4L   /*  628 */,    0x4CBF99F8283703FCL   /*  629 */,
-        0x398071350CAF30C8L   /*  630 */,    0xD0A77A89F017687AL   /*  631 */,
-        0xF1C1A9EB9E423569L   /*  632 */,    0x8C7976282DEE8199L   /*  633 */,
-        0x5D1737A5DD1F7ABDL   /*  634 */,    0x4F53433C09A9FA80L   /*  635 */,
-        0xFA8B0C53DF7CA1D9L   /*  636 */,    0x3FD9DCBC886CCB77L   /*  637 */,
-        0xC040917CA91B4720L   /*  638 */,    0x7DD00142F9D1DCDFL   /*  639 */,
-        0x8476FC1D4F387B58L   /*  640 */,    0x23F8E7C5F3316503L   /*  641 */,
-        0x032A2244E7E37339L   /*  642 */,    0x5C87A5D750F5A74BL   /*  643 */,
-        0x082B4CC43698992EL   /*  644 */,    0xDF917BECB858F63CL   /*  645 */,
-        0x3270B8FC5BF86DDAL   /*  646 */,    0x10AE72BB29B5DD76L   /*  647 */,
-        0x576AC94E7700362BL   /*  648 */,    0x1AD112DAC61EFB8FL   /*  649 */,
-        0x691BC30EC5FAA427L   /*  650 */,    0xFF246311CC327143L   /*  651 */,
-        0x3142368E30E53206L   /*  652 */,    0x71380E31E02CA396L   /*  653 */,
-        0x958D5C960AAD76F1L   /*  654 */,    0xF8D6F430C16DA536L   /*  655 */,
-        0xC8FFD13F1BE7E1D2L   /*  656 */,    0x7578AE66004DDBE1L   /*  657 */,
-        0x05833F01067BE646L   /*  658 */,    0xBB34B5AD3BFE586DL   /*  659 */,
-        0x095F34C9A12B97F0L   /*  660 */,    0x247AB64525D60CA8L   /*  661 */,
-        0xDCDBC6F3017477D1L   /*  662 */,    0x4A2E14D4DECAD24DL   /*  663 */,
-        0xBDB5E6D9BE0A1EEBL   /*  664 */,    0x2A7E70F7794301ABL   /*  665 */,
-        0xDEF42D8A270540FDL   /*  666 */,    0x01078EC0A34C22C1L   /*  667 */,
-        0xE5DE511AF4C16387L   /*  668 */,    0x7EBB3A52BD9A330AL   /*  669 */,
-        0x77697857AA7D6435L   /*  670 */,    0x004E831603AE4C32L   /*  671 */,
-        0xE7A21020AD78E312L   /*  672 */,    0x9D41A70C6AB420F2L   /*  673 */,
-        0x28E06C18EA1141E6L   /*  674 */,    0xD2B28CBD984F6B28L   /*  675 */,
-        0x26B75F6C446E9D83L   /*  676 */,    0xBA47568C4D418D7FL   /*  677 */,
-        0xD80BADBFE6183D8EL   /*  678 */,    0x0E206D7F5F166044L   /*  679 */,
-        0xE258A43911CBCA3EL   /*  680 */,    0x723A1746B21DC0BCL   /*  681 */,
-        0xC7CAA854F5D7CDD3L   /*  682 */,    0x7CAC32883D261D9CL   /*  683 */,
-        0x7690C26423BA942CL   /*  684 */,    0x17E55524478042B8L   /*  685 */,
-        0xE0BE477656A2389FL   /*  686 */,    0x4D289B5E67AB2DA0L   /*  687 */,
-        0x44862B9C8FBBFD31L   /*  688 */,    0xB47CC8049D141365L   /*  689 */,
-        0x822C1B362B91C793L   /*  690 */,    0x4EB14655FB13DFD8L   /*  691 */,
-        0x1ECBBA0714E2A97BL   /*  692 */,    0x6143459D5CDE5F14L   /*  693 */,
-        0x53A8FBF1D5F0AC89L   /*  694 */,    0x97EA04D81C5E5B00L   /*  695 */,
-        0x622181A8D4FDB3F3L   /*  696 */,    0xE9BCD341572A1208L   /*  697 */,
-        0x1411258643CCE58AL   /*  698 */,    0x9144C5FEA4C6E0A4L   /*  699 */,
-        0x0D33D06565CF620FL   /*  700 */,    0x54A48D489F219CA1L   /*  701 */,
-        0xC43E5EAC6D63C821L   /*  702 */,    0xA9728B3A72770DAFL   /*  703 */,
-        0xD7934E7B20DF87EFL   /*  704 */,    0xE35503B61A3E86E5L   /*  705 */,
-        0xCAE321FBC819D504L   /*  706 */,    0x129A50B3AC60BFA6L   /*  707 */,
-        0xCD5E68EA7E9FB6C3L   /*  708 */,    0xB01C90199483B1C7L   /*  709 */,
-        0x3DE93CD5C295376CL   /*  710 */,    0xAED52EDF2AB9AD13L   /*  711 */,
-        0x2E60F512C0A07884L   /*  712 */,    0xBC3D86A3E36210C9L   /*  713 */,
-        0x35269D9B163951CEL   /*  714 */,    0x0C7D6E2AD0CDB5FAL   /*  715 */,
-        0x59E86297D87F5733L   /*  716 */,    0x298EF221898DB0E7L   /*  717 */,
-        0x55000029D1A5AA7EL   /*  718 */,    0x8BC08AE1B5061B45L   /*  719 */,
-        0xC2C31C2B6C92703AL   /*  720 */,    0x94CC596BAF25EF42L   /*  721 */,
-        0x0A1D73DB22540456L   /*  722 */,    0x04B6A0F9D9C4179AL   /*  723 */,
-        0xEFFDAFA2AE3D3C60L   /*  724 */,    0xF7C8075BB49496C4L   /*  725 */,
-        0x9CC5C7141D1CD4E3L   /*  726 */,    0x78BD1638218E5534L   /*  727 */,
-        0xB2F11568F850246AL   /*  728 */,    0xEDFABCFA9502BC29L   /*  729 */,
-        0x796CE5F2DA23051BL   /*  730 */,    0xAAE128B0DC93537CL   /*  731 */,
-        0x3A493DA0EE4B29AEL   /*  732 */,    0xB5DF6B2C416895D7L   /*  733 */,
-        0xFCABBD25122D7F37L   /*  734 */,    0x70810B58105DC4B1L   /*  735 */,
-        0xE10FDD37F7882A90L   /*  736 */,    0x524DCAB5518A3F5CL   /*  737 */,
-        0x3C9E85878451255BL   /*  738 */,    0x4029828119BD34E2L   /*  739 */,
-        0x74A05B6F5D3CECCBL   /*  740 */,    0xB610021542E13ECAL   /*  741 */,
-        0x0FF979D12F59E2ACL   /*  742 */,    0x6037DA27E4F9CC50L   /*  743 */,
-        0x5E92975A0DF1847DL   /*  744 */,    0xD66DE190D3E623FEL   /*  745 */,
-        0x5032D6B87B568048L   /*  746 */,    0x9A36B7CE8235216EL   /*  747 */,
-        0x80272A7A24F64B4AL   /*  748 */,    0x93EFED8B8C6916F7L   /*  749 */,
-        0x37DDBFF44CCE1555L   /*  750 */,    0x4B95DB5D4B99BD25L   /*  751 */,
-        0x92D3FDA169812FC0L   /*  752 */,    0xFB1A4A9A90660BB6L   /*  753 */,
-        0x730C196946A4B9B2L   /*  754 */,    0x81E289AA7F49DA68L   /*  755 */,
-        0x64669A0F83B1A05FL   /*  756 */,    0x27B3FF7D9644F48BL   /*  757 */,
-        0xCC6B615C8DB675B3L   /*  758 */,    0x674F20B9BCEBBE95L   /*  759 */,
-        0x6F31238275655982L   /*  760 */,    0x5AE488713E45CF05L   /*  761 */,
-        0xBF619F9954C21157L   /*  762 */,    0xEABAC46040A8EAE9L   /*  763 */,
-        0x454C6FE9F2C0C1CDL   /*  764 */,    0x419CF6496412691CL   /*  765 */,
-        0xD3DC3BEF265B0F70L   /*  766 */,    0x6D0E60F5C3578A9EL   /*  767 */,
-    };
-
-    private static final long[] t4 = {
-        0x5B0E608526323C55L   /*  768 */,    0x1A46C1A9FA1B59F5L   /*  769 */,
-        0xA9E245A17C4C8FFAL   /*  770 */,    0x65CA5159DB2955D7L   /*  771 */,
-        0x05DB0A76CE35AFC2L   /*  772 */,    0x81EAC77EA9113D45L   /*  773 */,
-        0x528EF88AB6AC0A0DL   /*  774 */,    0xA09EA253597BE3FFL   /*  775 */,
-        0x430DDFB3AC48CD56L   /*  776 */,    0xC4B3A67AF45CE46FL   /*  777 */,
-        0x4ECECFD8FBE2D05EL   /*  778 */,    0x3EF56F10B39935F0L   /*  779 */,
-        0x0B22D6829CD619C6L   /*  780 */,    0x17FD460A74DF2069L   /*  781 */,
-        0x6CF8CC8E8510ED40L   /*  782 */,    0xD6C824BF3A6ECAA7L   /*  783 */,
-        0x61243D581A817049L   /*  784 */,    0x048BACB6BBC163A2L   /*  785 */,
-        0xD9A38AC27D44CC32L   /*  786 */,    0x7FDDFF5BAAF410ABL   /*  787 */,
-        0xAD6D495AA804824BL   /*  788 */,    0xE1A6A74F2D8C9F94L   /*  789 */,
-        0xD4F7851235DEE8E3L   /*  790 */,    0xFD4B7F886540D893L   /*  791 */,
-        0x247C20042AA4BFDAL   /*  792 */,    0x096EA1C517D1327CL   /*  793 */,
-        0xD56966B4361A6685L   /*  794 */,    0x277DA5C31221057DL   /*  795 */,
-        0x94D59893A43ACFF7L   /*  796 */,    0x64F0C51CCDC02281L   /*  797 */,
-        0x3D33BCC4FF6189DBL   /*  798 */,    0xE005CB184CE66AF1L   /*  799 */,
-        0xFF5CCD1D1DB99BEAL   /*  800 */,    0xB0B854A7FE42980FL   /*  801 */,
-        0x7BD46A6A718D4B9FL   /*  802 */,    0xD10FA8CC22A5FD8CL   /*  803 */,
-        0xD31484952BE4BD31L   /*  804 */,    0xC7FA975FCB243847L   /*  805 */,
-        0x4886ED1E5846C407L   /*  806 */,    0x28CDDB791EB70B04L   /*  807 */,
-        0xC2B00BE2F573417FL   /*  808 */,    0x5C9590452180F877L   /*  809 */,
-        0x7A6BDDFFF370EB00L   /*  810 */,    0xCE509E38D6D9D6A4L   /*  811 */,
-        0xEBEB0F00647FA702L   /*  812 */,    0x1DCC06CF76606F06L   /*  813 */,
-        0xE4D9F28BA286FF0AL   /*  814 */,    0xD85A305DC918C262L   /*  815 */,
-        0x475B1D8732225F54L   /*  816 */,    0x2D4FB51668CCB5FEL   /*  817 */,
-        0xA679B9D9D72BBA20L   /*  818 */,    0x53841C0D912D43A5L   /*  819 */,
-        0x3B7EAA48BF12A4E8L   /*  820 */,    0x781E0E47F22F1DDFL   /*  821 */,
-        0xEFF20CE60AB50973L   /*  822 */,    0x20D261D19DFFB742L   /*  823 */,
-        0x16A12B03062A2E39L   /*  824 */,    0x1960EB2239650495L   /*  825 */,
-        0x251C16FED50EB8B8L   /*  826 */,    0x9AC0C330F826016EL   /*  827 */,
-        0xED152665953E7671L   /*  828 */,    0x02D63194A6369570L   /*  829 */,
-        0x5074F08394B1C987L   /*  830 */,    0x70BA598C90B25CE1L   /*  831 */,
-        0x794A15810B9742F6L   /*  832 */,    0x0D5925E9FCAF8C6CL   /*  833 */,
-        0x3067716CD868744EL   /*  834 */,    0x910AB077E8D7731BL   /*  835 */,
-        0x6A61BBDB5AC42F61L   /*  836 */,    0x93513EFBF0851567L   /*  837 */,
-        0xF494724B9E83E9D5L   /*  838 */,    0xE887E1985C09648DL   /*  839 */,
-        0x34B1D3C675370CFDL   /*  840 */,    0xDC35E433BC0D255DL   /*  841 */,
-        0xD0AAB84234131BE0L   /*  842 */,    0x08042A50B48B7EAFL   /*  843 */,
-        0x9997C4EE44A3AB35L   /*  844 */,    0x829A7B49201799D0L   /*  845 */,
-        0x263B8307B7C54441L   /*  846 */,    0x752F95F4FD6A6CA6L   /*  847 */,
-        0x927217402C08C6E5L   /*  848 */,    0x2A8AB754A795D9EEL   /*  849 */,
-        0xA442F7552F72943DL   /*  850 */,    0x2C31334E19781208L   /*  851 */,
-        0x4FA98D7CEAEE6291L   /*  852 */,    0x55C3862F665DB309L   /*  853 */,
-        0xBD0610175D53B1F3L   /*  854 */,    0x46FE6CB840413F27L   /*  855 */,
-        0x3FE03792DF0CFA59L   /*  856 */,    0xCFE700372EB85E8FL   /*  857 */,
-        0xA7BE29E7ADBCE118L   /*  858 */,    0xE544EE5CDE8431DDL   /*  859 */,
-        0x8A781B1B41F1873EL   /*  860 */,    0xA5C94C78A0D2F0E7L   /*  861 */,
-        0x39412E2877B60728L   /*  862 */,    0xA1265EF3AFC9A62CL   /*  863 */,
-        0xBCC2770C6A2506C5L   /*  864 */,    0x3AB66DD5DCE1CE12L   /*  865 */,
-        0xE65499D04A675B37L   /*  866 */,    0x7D8F523481BFD216L   /*  867 */,
-        0x0F6F64FCEC15F389L   /*  868 */,    0x74EFBE618B5B13C8L   /*  869 */,
-        0xACDC82B714273E1DL   /*  870 */,    0xDD40BFE003199D17L   /*  871 */,
-        0x37E99257E7E061F8L   /*  872 */,    0xFA52626904775AAAL   /*  873 */,
-        0x8BBBF63A463D56F9L   /*  874 */,    0xF0013F1543A26E64L   /*  875 */,
-        0xA8307E9F879EC898L   /*  876 */,    0xCC4C27A4150177CCL   /*  877 */,
-        0x1B432F2CCA1D3348L   /*  878 */,    0xDE1D1F8F9F6FA013L   /*  879 */,
-        0x606602A047A7DDD6L   /*  880 */,    0xD237AB64CC1CB2C7L   /*  881 */,
-        0x9B938E7225FCD1D3L   /*  882 */,    0xEC4E03708E0FF476L   /*  883 */,
-        0xFEB2FBDA3D03C12DL   /*  884 */,    0xAE0BCED2EE43889AL   /*  885 */,
-        0x22CB8923EBFB4F43L   /*  886 */,    0x69360D013CF7396DL   /*  887 */,
-        0x855E3602D2D4E022L   /*  888 */,    0x073805BAD01F784CL   /*  889 */,
-        0x33E17A133852F546L   /*  890 */,    0xDF4874058AC7B638L   /*  891 */,
-        0xBA92B29C678AA14AL   /*  892 */,    0x0CE89FC76CFAADCDL   /*  893 */,
-        0x5F9D4E0908339E34L   /*  894 */,    0xF1AFE9291F5923B9L   /*  895 */,
-        0x6E3480F60F4A265FL   /*  896 */,    0xEEBF3A2AB29B841CL   /*  897 */,
-        0xE21938A88F91B4ADL   /*  898 */,    0x57DFEFF845C6D3C3L   /*  899 */,
-        0x2F006B0BF62CAAF2L   /*  900 */,    0x62F479EF6F75EE78L   /*  901 */,
-        0x11A55AD41C8916A9L   /*  902 */,    0xF229D29084FED453L   /*  903 */,
-        0x42F1C27B16B000E6L   /*  904 */,    0x2B1F76749823C074L   /*  905 */,
-        0x4B76ECA3C2745360L   /*  906 */,    0x8C98F463B91691BDL   /*  907 */,
-        0x14BCC93CF1ADE66AL   /*  908 */,    0x8885213E6D458397L   /*  909 */,
-        0x8E177DF0274D4711L   /*  910 */,    0xB49B73B5503F2951L   /*  911 */,
-        0x10168168C3F96B6BL   /*  912 */,    0x0E3D963B63CAB0AEL   /*  913 */,
-        0x8DFC4B5655A1DB14L   /*  914 */,    0xF789F1356E14DE5CL   /*  915 */,
-        0x683E68AF4E51DAC1L   /*  916 */,    0xC9A84F9D8D4B0FD9L   /*  917 */,
-        0x3691E03F52A0F9D1L   /*  918 */,    0x5ED86E46E1878E80L   /*  919 */,
-        0x3C711A0E99D07150L   /*  920 */,    0x5A0865B20C4E9310L   /*  921 */,
-        0x56FBFC1FE4F0682EL   /*  922 */,    0xEA8D5DE3105EDF9BL   /*  923 */,
-        0x71ABFDB12379187AL   /*  924 */,    0x2EB99DE1BEE77B9CL   /*  925 */,
-        0x21ECC0EA33CF4523L   /*  926 */,    0x59A4D7521805C7A1L   /*  927 */,
-        0x3896F5EB56AE7C72L   /*  928 */,    0xAA638F3DB18F75DCL   /*  929 */,
-        0x9F39358DABE9808EL   /*  930 */,    0xB7DEFA91C00B72ACL   /*  931 */,
-        0x6B5541FD62492D92L   /*  932 */,    0x6DC6DEE8F92E4D5BL   /*  933 */,
-        0x353F57ABC4BEEA7EL   /*  934 */,    0x735769D6DA5690CEL   /*  935 */,
-        0x0A234AA642391484L   /*  936 */,    0xF6F9508028F80D9DL   /*  937 */,
-        0xB8E319A27AB3F215L   /*  938 */,    0x31AD9C1151341A4DL   /*  939 */,
-        0x773C22A57BEF5805L   /*  940 */,    0x45C7561A07968633L   /*  941 */,
-        0xF913DA9E249DBE36L   /*  942 */,    0xDA652D9B78A64C68L   /*  943 */,
-        0x4C27A97F3BC334EFL   /*  944 */,    0x76621220E66B17F4L   /*  945 */,
-        0x967743899ACD7D0BL   /*  946 */,    0xF3EE5BCAE0ED6782L   /*  947 */,
-        0x409F753600C879FCL   /*  948 */,    0x06D09A39B5926DB6L   /*  949 */,
-        0x6F83AEB0317AC588L   /*  950 */,    0x01E6CA4A86381F21L   /*  951 */,
-        0x66FF3462D19F3025L   /*  952 */,    0x72207C24DDFD3BFBL   /*  953 */,
-        0x4AF6B6D3E2ECE2EBL   /*  954 */,    0x9C994DBEC7EA08DEL   /*  955 */,
-        0x49ACE597B09A8BC4L   /*  956 */,    0xB38C4766CF0797BAL   /*  957 */,
-        0x131B9373C57C2A75L   /*  958 */,    0xB1822CCE61931E58L   /*  959 */,
-        0x9D7555B909BA1C0CL   /*  960 */,    0x127FAFDD937D11D2L   /*  961 */,
-        0x29DA3BADC66D92E4L   /*  962 */,    0xA2C1D57154C2ECBCL   /*  963 */,
-        0x58C5134D82F6FE24L   /*  964 */,    0x1C3AE3515B62274FL   /*  965 */,
-        0xE907C82E01CB8126L   /*  966 */,    0xF8ED091913E37FCBL   /*  967 */,
-        0x3249D8F9C80046C9L   /*  968 */,    0x80CF9BEDE388FB63L   /*  969 */,
-        0x1881539A116CF19EL   /*  970 */,    0x5103F3F76BD52457L   /*  971 */,
-        0x15B7E6F5AE47F7A8L   /*  972 */,    0xDBD7C6DED47E9CCFL   /*  973 */,
-        0x44E55C410228BB1AL   /*  974 */,    0xB647D4255EDB4E99L   /*  975 */,
-        0x5D11882BB8AAFC30L   /*  976 */,    0xF5098BBB29D3212AL   /*  977 */,
-        0x8FB5EA14E90296B3L   /*  978 */,    0x677B942157DD025AL   /*  979 */,
-        0xFB58E7C0A390ACB5L   /*  980 */,    0x89D3674C83BD4A01L   /*  981 */,
-        0x9E2DA4DF4BF3B93BL   /*  982 */,    0xFCC41E328CAB4829L   /*  983 */,
-        0x03F38C96BA582C52L   /*  984 */,    0xCAD1BDBD7FD85DB2L   /*  985 */,
-        0xBBB442C16082AE83L   /*  986 */,    0xB95FE86BA5DA9AB0L   /*  987 */,
-        0xB22E04673771A93FL   /*  988 */,    0x845358C9493152D8L   /*  989 */,
-        0xBE2A488697B4541EL   /*  990 */,    0x95A2DC2DD38E6966L   /*  991 */,
-        0xC02C11AC923C852BL   /*  992 */,    0x2388B1990DF2A87BL   /*  993 */,
-        0x7C8008FA1B4F37BEL   /*  994 */,    0x1F70D0C84D54E503L   /*  995 */,
-        0x5490ADEC7ECE57D4L   /*  996 */,    0x002B3C27D9063A3AL   /*  997 */,
-        0x7EAEA3848030A2BFL   /*  998 */,    0xC602326DED2003C0L   /*  999 */,
-        0x83A7287D69A94086L   /* 1000 */,    0xC57A5FCB30F57A8AL   /* 1001 */,
-        0xB56844E479EBE779L   /* 1002 */,    0xA373B40F05DCBCE9L   /* 1003 */,
-        0xD71A786E88570EE2L   /* 1004 */,    0x879CBACDBDE8F6A0L   /* 1005 */,
-        0x976AD1BCC164A32FL   /* 1006 */,    0xAB21E25E9666D78BL   /* 1007 */,
-        0x901063AAE5E5C33CL   /* 1008 */,    0x9818B34448698D90L   /* 1009 */,
-        0xE36487AE3E1E8ABBL   /* 1010 */,    0xAFBDF931893BDCB4L   /* 1011 */,
-        0x6345A0DC5FBBD519L   /* 1012 */,    0x8628FE269B9465CAL   /* 1013 */,
-        0x1E5D01603F9C51ECL   /* 1014 */,    0x4DE44006A15049B7L   /* 1015 */,
-        0xBF6C70E5F776CBB1L   /* 1016 */,    0x411218F2EF552BEDL   /* 1017 */,
-        0xCB0C0708705A36A3L   /* 1018 */,    0xE74D14754F986044L   /* 1019 */,
-        0xCD56D9430EA8280EL   /* 1020 */,    0xC12591D7535F5065L   /* 1021 */,
-        0xC83223F1720AEF96L   /* 1022 */,    0xC3A0396F7363A51FL   /* 1023 */
-    };
-
-    private static final int    DIGEST_LENGTH = 24;
-
-    //
-    // registers
-    //
-    private long    a, b, c;
-    private long    byteCount;
-
-    //
-    // buffers
-    //
-    private byte[]  buf = new byte[8];
-    private int     bOff = 0;
-
-    private long[]  x = new long[8];
-    private int     xOff = 0;
-
-    /**
-     * Standard constructor
-     */
-    public TigerDigest()
-    {
-        reset();
-    }
-
-    /**
-     * Copy constructor.  This will copy the state of the provided
-     * message digest.
-     */
-    public TigerDigest(TigerDigest t)
-    {
-        a = t.a;
-        b = t.b;
-        c = t.c;
-
-        System.arraycopy(t.x, 0, x, 0, t.x.length);
-        xOff = t.xOff;
-
-        System.arraycopy(t.buf, 0, buf, 0, t.buf.length);
-        bOff = t.bOff;
-
-        byteCount = t.byteCount;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Tiger";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH;
-    }
-
-    private void processWord(
-        byte[]  b,
-        int     off)
-    {
-        x[xOff++] = ((long)(b[off + 7] & 0xff) << 56)
-             | ((long)(b[off + 6] & 0xff) << 48)
-             | ((long)(b[off + 5] & 0xff) << 40)
-             | ((long)(b[off + 4] & 0xff) << 32)
-             | ((long)(b[off + 3] & 0xff) << 24)
-             | ((long)(b[off + 2] & 0xff) << 16)
-             | ((long)(b[off + 1] & 0xff) << 8)
-             | ((b[off + 0] & 0xff));
-
-        if (xOff == x.length)
-        {
-            processBlock();
-        }
-
-        bOff = 0;
-    }
-
-    public void update(
-        byte in)
-    {
-        buf[bOff++] = in;
-
-        if (bOff == buf.length)
-        {
-            processWord(buf, 0);
-        }
-
-        byteCount++;
-    }
-
-    public void update(
-        byte[]  in,
-        int     inOff,
-        int     len)
-    {
-        //
-        // fill the current word
-        //
-        while ((bOff != 0) && (len > 0))
-        {
-            update(in[inOff]);
-
-            inOff++;
-            len--;
-        }
-
-        //
-        // process whole words.
-        //
-        while (len > 8)
-        {
-            processWord(in, inOff);
-
-            inOff += 8;
-            len -= 8;
-            byteCount += 8;
-        }
-
-        //
-        // load in the remainder.
-        //
-        while (len > 0)
-        {
-            update(in[inOff]);
-
-            inOff++;
-            len--;
-        }
-    }
-
-    private void roundABC(
-        long    x,
-        long    mul)
-    {
-         c ^= x ;
-         a -= t1[(int)c & 0xff] ^ t2[(int)(c >> 16) & 0xff]
-                ^ t3[(int)(c >> 32) & 0xff] ^ t4[(int)(c >> 48) & 0xff];
-         b += t4[(int)(c >> 8) & 0xff] ^ t3[(int)(c >> 24) & 0xff]
-                ^ t2[(int)(c >> 40) & 0xff] ^ t1[(int)(c >> 56) & 0xff];
-         b *= mul;
-    }
-
-    private void roundBCA(
-        long    x,
-        long    mul)
-    {
-         a ^= x ;
-         b -= t1[(int)a & 0xff] ^ t2[(int)(a >> 16) & 0xff]
-                ^ t3[(int)(a >> 32) & 0xff] ^ t4[(int)(a >> 48) & 0xff];
-         c += t4[(int)(a >> 8) & 0xff] ^ t3[(int)(a >> 24) & 0xff]
-                ^ t2[(int)(a >> 40) & 0xff] ^ t1[(int)(a >> 56) & 0xff];
-         c *= mul;
-    }
-
-    private void roundCAB(
-        long    x,
-        long    mul)
-    {
-         b ^= x ;
-         c -= t1[(int)b & 0xff] ^ t2[(int)(b >> 16) & 0xff]
-                ^ t3[(int)(b >> 32) & 0xff] ^ t4[(int)(b >> 48) & 0xff];
-         a += t4[(int)(b >> 8) & 0xff] ^ t3[(int)(b >> 24) & 0xff]
-                ^ t2[(int)(b >> 40) & 0xff] ^ t1[(int)(b >> 56) & 0xff];
-         a *= mul;
-    }
-
-    private void keySchedule()
-    {
-        x[0] -= x[7] ^ 0xA5A5A5A5A5A5A5A5L; 
-        x[1] ^= x[0]; 
-        x[2] += x[1]; 
-        x[3] -= x[2] ^ ((~x[1]) << 19); 
-        x[4] ^= x[3]; 
-        x[5] += x[4]; 
-        x[6] -= x[5] ^ ((~x[4]) >>> 23); 
-        x[7] ^= x[6]; 
-        x[0] += x[7]; 
-        x[1] -= x[0] ^ ((~x[7]) << 19); 
-        x[2] ^= x[1]; 
-        x[3] += x[2]; 
-        x[4] -= x[3] ^ ((~x[2]) >>> 23); 
-        x[5] ^= x[4]; 
-        x[6] += x[5]; 
-        x[7] -= x[6] ^ 0x0123456789ABCDEFL;
-    }
-
-    private void processBlock()
-    {
-        //
-        // save abc
-        //
-        long aa = a;
-        long bb = b;
-        long cc = c;
-
-        //
-        // rounds and schedule
-        //
-        roundABC(x[0], 5);
-        roundBCA(x[1], 5);
-        roundCAB(x[2], 5);
-        roundABC(x[3], 5);
-        roundBCA(x[4], 5);
-        roundCAB(x[5], 5);
-        roundABC(x[6], 5);
-        roundBCA(x[7], 5);
-
-        keySchedule();
-
-        roundCAB(x[0], 7);
-        roundABC(x[1], 7);
-        roundBCA(x[2], 7);
-        roundCAB(x[3], 7);
-        roundABC(x[4], 7);
-        roundBCA(x[5], 7);
-        roundCAB(x[6], 7);
-        roundABC(x[7], 7);
-
-        keySchedule();
-
-        roundBCA(x[0], 9);
-        roundCAB(x[1], 9);
-        roundABC(x[2], 9);
-        roundBCA(x[3], 9);
-        roundCAB(x[4], 9);
-        roundABC(x[5], 9);
-        roundBCA(x[6], 9);
-        roundCAB(x[7], 9);
-
-        //
-        // feed forward
-        //
-        a ^= aa;
-        b -= bb;
-        c += cc;
-
-        //
-        // clear the x buffer
-        //
-        xOff = 0;
-        for (int i = 0; i != x.length; i++)
-        {
-            x[i] = 0;
-        }
-    }
-
-    public void unpackWord(
-        long    r,
-        byte[]  out,
-        int     outOff)
-    {
-        out[outOff + 7]     = (byte)(r >> 56);
-        out[outOff + 6] = (byte)(r >> 48);
-        out[outOff + 5] = (byte)(r >> 40);
-        out[outOff + 4] = (byte)(r >> 32);
-        out[outOff + 3] = (byte)(r >> 24);
-        out[outOff + 2] = (byte)(r >> 16);
-        out[outOff + 1] = (byte)(r >> 8);
-        out[outOff] = (byte)r;
-    }
-        
-    private void processLength(
-        long    bitLength)
-    {
-        x[7] = bitLength;
-    }
-
-    private void finish()
-    {
-        long    bitLength = (byteCount << 3);
-
-        update((byte)0x01);
-
-        while (bOff != 0)
-        {
-            update((byte)0);
-        }
-
-        processLength(bitLength);
-
-        processBlock();
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        finish();
-
-        unpackWord(a, out, outOff);
-        unpackWord(b, out, outOff + 8);
-        unpackWord(c, out, outOff + 16);
-
-        reset();
-
-        return DIGEST_LENGTH;
-    }
-
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        a = 0x0123456789ABCDEFL;
-        b = 0xFEDCBA9876543210L;
-        c = 0xF096A5B4C3B2E187L;
-
-        xOff = 0;
-        for (int i = 0; i != x.length; i++)
-        {
-            x[i] = 0;
-        }
-
-        bOff = 0;
-        for (int i = 0; i != buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        byteCount = 0;
-    }
-
-    public int getByteLength()
-    {
-        return BYTE_LENGTH;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java
deleted file mode 100644
index 6d350470c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/WhirlpoolDigest.java
+++ /dev/null
@@ -1,396 +0,0 @@
-package org.bouncycastle.crypto.digests;
-
-import org.bouncycastle.crypto.ExtendedDigest;
-import org.bouncycastle.util.Arrays;
-
-
-/**
- * Implementation of WhirlpoolDigest, based on Java source published by Barreto
- * and Rijmen.
- *  
- */
-public final class WhirlpoolDigest 
-    implements ExtendedDigest
-{
-    private static final int BYTE_LENGTH = 64;
-    
-    private static final int DIGEST_LENGTH_BYTES = 512 / 8;
-    private static final int ROUNDS = 10;
-    private static final int REDUCTION_POLYNOMIAL = 0x011d; // 2^8 + 2^4 + 2^3 + 2 + 1;
-
-    private static final int[] SBOX = {
-        0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f, 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52,
-        0x60, 0xbc, 0x9b, 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b, 0xfe, 0x57,
-        0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58, 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85,
-        0xbd, 0x5d, 0x10, 0xf4, 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95, 0xd8,
-        0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d, 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33,
-        0x63, 0x02, 0xaa, 0x71, 0xc8, 0x19, 0x49, 0xd9, 0xf2, 0xe3, 0x5b, 0x88, 0x9a, 0x26, 0x32, 0xb0,
-        0xe9, 0x0f, 0xd5, 0x80, 0xbe, 0xcd, 0x34, 0x48, 0xff, 0x7a, 0x90, 0x5f, 0x20, 0x68, 0x1a, 0xae,
-        0xb4, 0x54, 0x93, 0x22, 0x64, 0xf1, 0x73, 0x12, 0x40, 0x08, 0xc3, 0xec, 0xdb, 0xa1, 0x8d, 0x3d,
-        0x97, 0x00, 0xcf, 0x2b, 0x76, 0x82, 0xd6, 0x1b, 0xb5, 0xaf, 0x6a, 0x50, 0x45, 0xf3, 0x30, 0xef,
-        0x3f, 0x55, 0xa2, 0xea, 0x65, 0xba, 0x2f, 0xc0, 0xde, 0x1c, 0xfd, 0x4d, 0x92, 0x75, 0x06, 0x8a,
-        0xb2, 0xe6, 0x0e, 0x1f, 0x62, 0xd4, 0xa8, 0x96, 0xf9, 0xc5, 0x25, 0x59, 0x84, 0x72, 0x39, 0x4c,
-        0x5e, 0x78, 0x38, 0x8c, 0xd1, 0xa5, 0xe2, 0x61, 0xb3, 0x21, 0x9c, 0x1e, 0x43, 0xc7, 0xfc, 0x04,
-        0x51, 0x99, 0x6d, 0x0d, 0xfa, 0xdf, 0x7e, 0x24, 0x3b, 0xab, 0xce, 0x11, 0x8f, 0x4e, 0xb7, 0xeb,
-        0x3c, 0x81, 0x94, 0xf7, 0xb9, 0x13, 0x2c, 0xd3, 0xe7, 0x6e, 0xc4, 0x03, 0x56, 0x44, 0x7f, 0xa9,
-        0x2a, 0xbb, 0xc1, 0x53, 0xdc, 0x0b, 0x9d, 0x6c, 0x31, 0x74, 0xf6, 0x46, 0xac, 0x89, 0x14, 0xe1,
-        0x16, 0x3a, 0x69, 0x09, 0x70, 0xb6, 0xd0, 0xed, 0xcc, 0x42, 0x98, 0xa4, 0x28, 0x5c, 0xf8, 0x86
-    };
-    
-    private static final long[] C0 = new long[256];
-    private static final long[] C1 = new long[256];
-    private static final long[] C2 = new long[256];
-    private static final long[] C3 = new long[256];
-    private static final long[] C4 = new long[256];
-    private static final long[] C5 = new long[256];
-    private static final long[] C6 = new long[256];
-    private static final long[] C7 = new long[256];
-
-    private final long[] _rc = new long[ROUNDS + 1];
-        
-    public WhirlpoolDigest()
-    {
-        for (int i = 0; i < 256; i++)
-        {
-            int v1 = SBOX[i];
-            int v2 = maskWithReductionPolynomial(v1 << 1);
-            int v4 = maskWithReductionPolynomial(v2 << 1);
-            int v5 = v4 ^ v1;
-            int v8 = maskWithReductionPolynomial(v4 << 1);
-            int v9 = v8 ^ v1;
-            
-            C0[i] = packIntoLong(v1, v1, v4, v1, v8, v5, v2, v9);
-            C1[i] = packIntoLong(v9, v1, v1, v4, v1, v8, v5, v2);
-            C2[i] = packIntoLong(v2, v9, v1, v1, v4, v1, v8, v5);
-            C3[i] = packIntoLong(v5, v2, v9, v1, v1, v4, v1, v8);
-            C4[i] = packIntoLong(v8, v5, v2, v9, v1, v1, v4, v1);
-            C5[i] = packIntoLong(v1, v8, v5, v2, v9, v1, v1, v4);
-            C6[i] = packIntoLong(v4, v1, v8, v5, v2, v9, v1, v1);
-            C7[i] = packIntoLong(v1, v4, v1, v8, v5, v2, v9, v1);
-            
-        }
-        
-        _rc[0] = 0L;
-        for (int r = 1; r <= ROUNDS; r++)
-        {
-            int i = 8 * (r - 1);
-            _rc[r] =    (C0[i    ] & 0xff00000000000000L) ^ 
-                        (C1[i + 1] & 0x00ff000000000000L) ^ 
-                        (C2[i + 2] & 0x0000ff0000000000L) ^
-                        (C3[i + 3] & 0x000000ff00000000L) ^ 
-                        (C4[i + 4] & 0x00000000ff000000L) ^
-                        (C5[i + 5] & 0x0000000000ff0000L) ^
-                        (C6[i + 6] & 0x000000000000ff00L) ^ 
-                        (C7[i + 7] & 0x00000000000000ffL);
-        }
-        
-    }
-
-    private long packIntoLong(int b7, int b6, int b5, int b4, int b3, int b2, int b1, int b0)
-    {
-        return 
-                    ((long)b7 << 56) ^
-                    ((long)b6 << 48) ^
-                    ((long)b5 << 40) ^
-                    ((long)b4 << 32) ^
-                    ((long)b3 << 24) ^
-                    ((long)b2 << 16) ^
-                    ((long)b1 <<  8) ^
-                    b0;
-    }
-
-    /*
-     * int's are used to prevent sign extension.  The values that are really being used are
-     * actually just 0..255
-     */
-    private int maskWithReductionPolynomial(int input)
-    {
-        int rv = input;
-        if (rv >= 0x100L) // high bit set
-        {
-            rv ^= REDUCTION_POLYNOMIAL; // reduced by the polynomial
-        }
-        return rv;
-    }
-        
-    // --------------------------------------------------------------------------------------//
-    
-    // -- buffer information --
-    private static final int BITCOUNT_ARRAY_SIZE = 32;
-    private byte[]  _buffer    = new byte[64];
-    private int     _bufferPos = 0;
-    private short[] _bitCount  = new short[BITCOUNT_ARRAY_SIZE];
-    
-    // -- internal hash state --
-    private long[] _hash  = new long[8];
-    private long[] _K = new long[8]; // the round key
-    private long[] _L = new long[8];
-    private long[] _block = new long[8]; // mu (buffer)
-    private long[] _state = new long[8]; // the current "cipher" state
-    
-
-
-    /**
-     * Copy constructor. This will copy the state of the provided message
-     * digest.
-     */
-    public WhirlpoolDigest(WhirlpoolDigest originalDigest)
-    {
-        System.arraycopy(originalDigest._rc, 0, _rc, 0, _rc.length);
-        
-        System.arraycopy(originalDigest._buffer, 0, _buffer, 0, _buffer.length);
-        
-        this._bufferPos = originalDigest._bufferPos;
-        System.arraycopy(originalDigest._bitCount, 0, _bitCount, 0, _bitCount.length);
-        
-        // -- internal hash state --
-        System.arraycopy(originalDigest._hash, 0, _hash, 0, _hash.length);
-        System.arraycopy(originalDigest._K, 0, _K, 0, _K.length);
-        System.arraycopy(originalDigest._L, 0, _L, 0, _L.length);
-        System.arraycopy(originalDigest._block, 0, _block, 0, _block.length);
-        System.arraycopy(originalDigest._state, 0, _state, 0, _state.length); 
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Whirlpool";
-    }
-
-    public int getDigestSize()
-    {
-        return DIGEST_LENGTH_BYTES;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-    {
-        // sets out[outOff] .. out[outOff+DIGEST_LENGTH_BYTES]
-        finish();
-
-        for (int i = 0; i < 8; i++)
-        {
-            convertLongToByteArray(_hash[i], out, outOff + (i * 8));
-        }
-
-        reset();        
-        return getDigestSize();
-    }
-    
-    /**
-     * reset the chaining variables
-     */
-    public void reset()
-    {
-        // set variables to null, blank, whatever
-        _bufferPos = 0;
-        Arrays.fill(_bitCount, (short)0);
-        Arrays.fill(_buffer, (byte)0);
-        Arrays.fill(_hash, 0);
-        Arrays.fill(_K, 0);
-        Arrays.fill(_L, 0);
-        Arrays.fill(_block, 0);
-        Arrays.fill(_state, 0);
-    }
-
-    // this takes a buffer of information and fills the block
-    private void processFilledBuffer(byte[] in, int inOff)
-    {
-        // copies into the block...
-        for (int i = 0; i < _state.length; i++)
-        {
-            _block[i] = bytesToLongFromBuffer(_buffer, i * 8);
-        }
-        processBlock();
-        _bufferPos = 0;
-        Arrays.fill(_buffer, (byte)0);
-    }
-
-    private long bytesToLongFromBuffer(byte[] buffer, int startPos)
-    {
-        long rv = (((buffer[startPos + 0] & 0xffL) << 56) |
-                   ((buffer[startPos + 1] & 0xffL) << 48) |
-                   ((buffer[startPos + 2] & 0xffL) << 40) |
-                   ((buffer[startPos + 3] & 0xffL) << 32) |
-                   ((buffer[startPos + 4] & 0xffL) << 24) |
-                   ((buffer[startPos + 5] & 0xffL) << 16) |
-                   ((buffer[startPos + 6] & 0xffL) <<  8) |
-                   ((buffer[startPos + 7]) & 0xffL));
-        
-        return rv;
-    }
-
-    private void convertLongToByteArray(long inputLong, byte[] outputArray, int offSet)
-    {
-        for (int i = 0; i < 8; i++)
-        {
-            outputArray[offSet + i] = (byte)((inputLong >> (56 - (i * 8))) & 0xff);
-        }
-    }
-
-    protected void processBlock()
-    {
-        // buffer contents have been transferred to the _block[] array via
-        // processFilledBuffer
-        
-        // compute and apply K^0
-        for (int i = 0; i < 8; i++)
-        {
-            _state[i] = _block[i] ^ (_K[i] = _hash[i]);
-        }
-
-        // iterate over the rounds
-        for (int round = 1; round <= ROUNDS; round++)
-        {
-            for (int i = 0; i < 8; i++)
-            {
-                _L[i] = 0;
-                _L[i] ^= C0[(int)(_K[(i - 0) & 7] >>> 56) & 0xff];
-                _L[i] ^= C1[(int)(_K[(i - 1) & 7] >>> 48) & 0xff];
-                _L[i] ^= C2[(int)(_K[(i - 2) & 7] >>> 40) & 0xff];
-                _L[i] ^= C3[(int)(_K[(i - 3) & 7] >>> 32) & 0xff];
-                _L[i] ^= C4[(int)(_K[(i - 4) & 7] >>> 24) & 0xff];
-                _L[i] ^= C5[(int)(_K[(i - 5) & 7] >>> 16) & 0xff];
-                _L[i] ^= C6[(int)(_K[(i - 6) & 7] >>>  8) & 0xff];
-                _L[i] ^= C7[(int)(_K[(i - 7) & 7]) & 0xff];
-            }
-
-            System.arraycopy(_L, 0, _K, 0, _K.length);
-            
-            _K[0] ^= _rc[round];
-            
-            // apply the round transformation
-            for (int i = 0; i < 8; i++)
-            {
-                _L[i] = _K[i];
-                
-                _L[i] ^= C0[(int)(_state[(i - 0) & 7] >>> 56) & 0xff];
-                _L[i] ^= C1[(int)(_state[(i - 1) & 7] >>> 48) & 0xff];
-                _L[i] ^= C2[(int)(_state[(i - 2) & 7] >>> 40) & 0xff];
-                _L[i] ^= C3[(int)(_state[(i - 3) & 7] >>> 32) & 0xff];
-                _L[i] ^= C4[(int)(_state[(i - 4) & 7] >>> 24) & 0xff];
-                _L[i] ^= C5[(int)(_state[(i - 5) & 7] >>> 16) & 0xff];
-                _L[i] ^= C6[(int)(_state[(i - 6) & 7] >>> 8) & 0xff];
-                _L[i] ^= C7[(int)(_state[(i - 7) & 7]) & 0xff];
-            }
-            
-            // save the current state
-            System.arraycopy(_L, 0, _state, 0, _state.length);
-        }
-        
-        // apply Miuaguchi-Preneel compression
-        for (int i = 0; i < 8; i++)
-        {
-            _hash[i] ^= _state[i] ^ _block[i];
-        }
-        
-    }
-
-    public void update(byte in)
-    {
-        _buffer[_bufferPos] = in;
-
-        //System.out.println("adding to buffer = "+_buffer[_bufferPos]);
-        
-        ++_bufferPos;
-        
-        if (_bufferPos == _buffer.length)
-        {
-            processFilledBuffer(_buffer, 0);
-        }
-
-        increment();
-    }
-
-    /*
-     * increment() can be implemented in this way using 2 arrays or
-     * by having some temporary variables that are used to set the
-     * value provided by EIGHT[i] and carry within the loop.
-     * 
-     * not having done any timing, this seems likely to be faster
-     * at the slight expense of 32*(sizeof short) bytes
-     */
-    private static final short[] EIGHT = new short[BITCOUNT_ARRAY_SIZE];
-    static 
-    {
-        EIGHT[BITCOUNT_ARRAY_SIZE - 1] = 8;
-    }
-    
-    private void increment()
-    {
-        int carry = 0;
-        for (int i = _bitCount.length - 1; i >= 0; i--)
-        {
-            int sum = (_bitCount[i] & 0xff) + EIGHT[i] + carry;
-
-            carry = sum >>> 8;
-            _bitCount[i] = (short)(sum & 0xff);
-        }
-    }    
-    
-    public void update(byte[] in, int inOff, int len)
-    {
-        while (len > 0)
-        {
-            update(in[inOff]);
-            ++inOff;
-            --len;
-        }
-        
-    }
-    
-    private void finish()
-    {
-        /*
-         * this makes a copy of the current bit length. at the expense of an
-         * object creation of 32 bytes rather than providing a _stopCounting
-         * boolean which was the alternative I could think of.
-         */
-        byte[] bitLength = copyBitLength(); 
-        
-        _buffer[_bufferPos++] |= 0x80;
-
-        if (_bufferPos == _buffer.length)
-        {
-            processFilledBuffer(_buffer, 0);
-        }
-
-        /*
-         * Final block contains 
-         * [ ... data .... ][0][0][0][ length ]
-         * 
-         * if [ length ] cannot fit.  Need to create a new block.
-         */
-        if (_bufferPos > 32)
-        {
-            while (_bufferPos != 0)
-            {
-                update((byte)0);
-            }
-        }
-        
-        while (_bufferPos <= 32)
-        {
-            update((byte)0);
-        }
-        
-        // copy the length information to the final 32 bytes of the
-        // 64 byte block....
-        System.arraycopy(bitLength, 0, _buffer, 32, bitLength.length);
-        
-        processFilledBuffer(_buffer, 0);
-    }
-
-    private byte[] copyBitLength()
-    {
-        byte[] rv = new byte[BITCOUNT_ARRAY_SIZE];
-        for (int i = 0; i < rv.length; i++)
-        {
-            rv[i] = (byte)(_bitCount[i] & 0xff);
-        }
-        return rv;
-    }    
-    
-    public int getByteLength()
-    {
-        return BYTE_LENGTH;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/package.html
deleted file mode 100644
index 0a0d95cea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/digests/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Message digest classes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
deleted file mode 100644
index ec91e1ac7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
+++ /dev/null
@@ -1,287 +0,0 @@
-package org.bouncycastle.crypto.encodings;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-/**
- * ISO 9796-1 padding. Note in the light of recent results you should
- * only use this with RSA (rather than the "simpler" Rabin keys) and you
- * should never use it with anything other than a hash (ie. even if the
- * message is small don't sign the message, sign it's hash) or some "random"
- * value. See your favorite search engine for details.
- */
-public class ISO9796d1Encoding
-    implements AsymmetricBlockCipher
-{
-    private static final BigInteger SIXTEEN = BigInteger.valueOf(16L);
-    private static final BigInteger SIX     = BigInteger.valueOf(6L);
-
-    private static byte[]    shadows = { 0xe, 0x3, 0x5, 0x8, 0x9, 0x4, 0x2, 0xf,
-                                    0x0, 0xd, 0xb, 0x6, 0x7, 0xa, 0xc, 0x1 };
-    private static byte[]    inverse = { 0x8, 0xf, 0x6, 0x1, 0x5, 0x2, 0xb, 0xc,
-                                    0x3, 0x4, 0xd, 0xa, 0xe, 0x9, 0x0, 0x7 };
-
-    private AsymmetricBlockCipher   engine;
-    private boolean                 forEncryption;
-    private int                     bitSize;
-    private int                     padBits = 0;
-    private BigInteger              modulus;
-
-    public ISO9796d1Encoding(
-        AsymmetricBlockCipher   cipher)
-    {
-        this.engine = cipher;
-    }
-
-    public AsymmetricBlockCipher getUnderlyingCipher()
-    {
-        return engine;
-    }
-
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    param)
-    {
-        RSAKeyParameters  kParam = null;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-            kParam = (RSAKeyParameters)rParam.getParameters();
-        }
-        else
-        {
-            kParam = (RSAKeyParameters)param;
-        }
-
-        engine.init(forEncryption, param);
-
-        modulus = kParam.getModulus();
-        bitSize = modulus.bitLength();
-
-        this.forEncryption = forEncryption;
-    }
-
-    /**
-     * return the input block size. The largest message we can process
-     * is (key_size_in_bits + 3)/16, which in our world comes to
-     * key_size_in_bytes / 2.
-     */
-    public int getInputBlockSize()
-    {
-        int     baseBlockSize = engine.getInputBlockSize();
-
-        if (forEncryption)
-        {
-            return (baseBlockSize + 1) / 2;
-        }
-        else
-        {
-            return baseBlockSize;
-        }
-    }
-
-    /**
-     * return the maximum possible size for the output.
-     */
-    public int getOutputBlockSize()
-    {
-        int     baseBlockSize = engine.getOutputBlockSize();
-
-        if (forEncryption)
-        {
-            return baseBlockSize;
-        }
-        else
-        {
-            return (baseBlockSize + 1) / 2;
-        }
-    }
-
-    /**
-     * set the number of bits in the next message to be treated as
-     * pad bits.
-     */
-    public void setPadBits(
-        int     padBits)
-    {
-        if (padBits > 7)
-        {
-            throw new IllegalArgumentException("padBits > 7");
-        }
-
-        this.padBits = padBits;
-    }
-
-    /**
-     * retrieve the number of pad bits in the last decoded message.
-     */
-    public int getPadBits()
-    {
-        return padBits;
-    }
-
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        if (forEncryption)
-        {
-            return encodeBlock(in, inOff, inLen);
-        }
-        else
-        {
-            return decodeBlock(in, inOff, inLen);
-        }
-    }
-
-    private byte[] encodeBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        byte[]  block = new byte[(bitSize + 7) / 8];
-        int     r = padBits + 1;
-        int     z = inLen;
-        int     t = (bitSize + 13) / 16;
-
-        for (int i = 0; i < t; i += z)
-        {
-            if (i > t - z)
-            {
-                System.arraycopy(in, inOff + inLen - (t - i),
-                                    block, block.length - t, t - i);
-            }
-            else
-            {
-                System.arraycopy(in, inOff, block, block.length - (i + z), z);
-            }
-        }
-
-        for (int i = block.length - 2 * t; i != block.length; i += 2)
-        {
-            byte    val = block[block.length - t + i / 2];
-
-            block[i] = (byte)((shadows[(val & 0xff) >>> 4] << 4)
-                                                | shadows[val & 0x0f]);
-            block[i + 1] = val;
-        }
-
-        block[block.length - 2 * z] ^= r;
-        block[block.length - 1] = (byte)((block[block.length - 1] << 4) | 0x06);
-
-        int maxBit = (8 - (bitSize - 1) % 8);
-        int offSet = 0;
-
-        if (maxBit != 8)
-        {
-            block[0] &= 0xff >>> maxBit;
-            block[0] |= 0x80 >>> maxBit;
-        }
-        else
-        {
-            block[0] = 0x00;
-            block[1] |= 0x80;
-            offSet = 1;
-        }
-
-        return engine.processBlock(block, offSet, block.length - offSet);
-    }
-
-    /**
-     * @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string
-     */
-    private byte[] decodeBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        byte[]  block = engine.processBlock(in, inOff, inLen);
-        int     r = 1;
-        int     t = (bitSize + 13) / 16;
-
-        BigInteger iS = new BigInteger(1, block);
-        BigInteger iR;
-        if (iS.mod(SIXTEEN).equals(SIX))
-        {
-            iR = iS;
-        }
-        else if ((modulus.subtract(iS)).mod(SIXTEEN).equals(SIX))
-        {
-            iR = modulus.subtract(iS);
-        }
-        else
-        {
-            throw new InvalidCipherTextException("resulting integer iS or (modulus - iS) is not congruent to 6 mod 16");
-        }
-
-        block = convertOutputDecryptOnly(iR);
-
-        if ((block[block.length - 1] & 0x0f) != 0x6 )
-        {
-            throw new InvalidCipherTextException("invalid forcing byte in block");
-        }
-
-        block[block.length - 1] = (byte)(((block[block.length - 1] & 0xff) >>> 4) | ((inverse[(block[block.length - 2] & 0xff) >> 4]) << 4));
-        block[0] = (byte)((shadows[(block[1] & 0xff) >>> 4] << 4)
-                                                | shadows[block[1] & 0x0f]);
-
-        boolean boundaryFound = false;
-        int     boundary = 0;
-
-        for (int i = block.length - 1; i >= block.length - 2 * t; i -= 2)
-        {
-            int val = ((shadows[(block[i] & 0xff) >>> 4] << 4)
-                                        | shadows[block[i] & 0x0f]);
-
-            if (((block[i - 1] ^ val) & 0xff) != 0)
-            {
-                if (!boundaryFound)
-                {
-                    boundaryFound = true;
-                    r = (block[i - 1] ^ val) & 0xff;
-                    boundary = i - 1;
-                }
-                else
-                {
-                    throw new InvalidCipherTextException("invalid tsums in block");
-                }
-            }
-        }
-
-        block[boundary] = 0;
-
-        byte[]  nblock = new byte[(block.length - boundary) / 2];
-
-        for (int i = 0; i < nblock.length; i++)
-        {
-            nblock[i] = block[2 * i + boundary + 1];
-        }
-
-        padBits = r - 1;
-
-        return nblock;
-    }
-
-    private static byte[] convertOutputDecryptOnly(BigInteger result)
-    {
-        byte[] output = result.toByteArray();
-        if (output[0] == 0) // have ended up with an extra zero byte, copy down.
-        {
-            byte[] tmp = new byte[output.length - 1];
-            System.arraycopy(output, 1, tmp, 0, tmp.length);
-            return tmp;
-        }
-        return output;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
deleted file mode 100644
index 9e94d7700..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
+++ /dev/null
@@ -1,348 +0,0 @@
-package org.bouncycastle.crypto.encodings;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-import java.security.SecureRandom;
-
-/**
- * Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2.
- */
-public class OAEPEncoding
-    implements AsymmetricBlockCipher
-{
-    private byte[]                  defHash;
-    private Digest                  hash;
-    private Digest                  mgf1Hash;
-
-    private AsymmetricBlockCipher   engine;
-    private SecureRandom            random;
-    private boolean                 forEncryption;
-
-    public OAEPEncoding(
-        AsymmetricBlockCipher   cipher)
-    {
-        this(cipher, new SHA1Digest(), null);
-    }
-    
-    public OAEPEncoding(
-        AsymmetricBlockCipher       cipher,
-        Digest                      hash)
-    {
-        this(cipher, hash, null);
-    }
-    
-    public OAEPEncoding(
-        AsymmetricBlockCipher       cipher,
-        Digest                      hash,
-        byte[]                      encodingParams)
-    {
-        this(cipher, hash, hash, encodingParams);
-    }
-
-    public OAEPEncoding(
-        AsymmetricBlockCipher       cipher,
-        Digest                      hash,
-        Digest                      mgf1Hash,
-        byte[]                      encodingParams)
-    {
-        this.engine = cipher;
-        this.hash = hash;
-        this.mgf1Hash = mgf1Hash;
-        this.defHash = new byte[hash.getDigestSize()];
-
-        if (encodingParams != null)
-        {
-            hash.update(encodingParams, 0, encodingParams.length);
-        }
-
-        hash.doFinal(defHash, 0);
-    }
-
-    public AsymmetricBlockCipher getUnderlyingCipher()
-    {
-        return engine;
-    }
-
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    param)
-    {
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom  rParam = (ParametersWithRandom)param;
-
-            this.random = rParam.getRandom();
-        }
-        else
-        {   
-            this.random = new SecureRandom();
-        }
-
-        engine.init(forEncryption, param);
-
-        this.forEncryption = forEncryption;
-    }
-
-    public int getInputBlockSize()
-    {
-        int     baseBlockSize = engine.getInputBlockSize();
-
-        if (forEncryption)
-        {
-            return baseBlockSize - 1 - 2 * defHash.length;
-        }
-        else
-        {
-            return baseBlockSize;
-        }
-    }
-
-    public int getOutputBlockSize()
-    {
-        int     baseBlockSize = engine.getOutputBlockSize();
-
-        if (forEncryption)
-        {
-            return baseBlockSize;
-        }
-        else
-        {
-            return baseBlockSize - 1 - 2 * defHash.length;
-        }
-    }
-
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        if (forEncryption)
-        {
-            return encodeBlock(in, inOff, inLen);
-        }
-        else
-        {
-            return decodeBlock(in, inOff, inLen);
-        }
-    }
-
-    public byte[] encodeBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        byte[]  block = new byte[getInputBlockSize() + 1 + 2 * defHash.length];
-
-        //
-        // copy in the message
-        //
-        System.arraycopy(in, inOff, block, block.length - inLen, inLen);
-
-        //
-        // add sentinel
-        //
-        block[block.length - inLen - 1] = 0x01;
-
-        //
-        // as the block is already zeroed - there's no need to add PS (the >= 0 pad of 0)
-        //
-
-        //
-        // add the hash of the encoding params.
-        //
-        System.arraycopy(defHash, 0, block, defHash.length, defHash.length);
-
-        //
-        // generate the seed.
-        //
-        byte[]  seed = new byte[defHash.length];
-
-        random.nextBytes(seed);
-
-        //
-        // mask the message block.
-        //
-        byte[]  mask = maskGeneratorFunction1(seed, 0, seed.length, block.length - defHash.length);
-
-        for (int i = defHash.length; i != block.length; i++)
-        {
-            block[i] ^= mask[i - defHash.length];
-        }
-
-        //
-        // add in the seed
-        //
-        System.arraycopy(seed, 0, block, 0, defHash.length);
-
-        //
-        // mask the seed.
-        //
-        mask = maskGeneratorFunction1(
-                        block, defHash.length, block.length - defHash.length, defHash.length);
-
-        for (int i = 0; i != defHash.length; i++)
-        {
-            block[i] ^= mask[i];
-        }
-
-        return engine.processBlock(block, 0, block.length);
-    }
-
-    /**
-     * @exception InvalidCipherTextException if the decrypted block turns out to
-     * be badly formatted.
-     */
-    public byte[] decodeBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        byte[]  data = engine.processBlock(in, inOff, inLen);
-        byte[]  block;
-
-        //
-        // as we may have zeros in our leading bytes for the block we produced
-        // on encryption, we need to make sure our decrypted block comes back
-        // the same size.
-        //
-        if (data.length < engine.getOutputBlockSize())
-        {
-            block = new byte[engine.getOutputBlockSize()];
-
-            System.arraycopy(data, 0, block, block.length - data.length, data.length);
-        }
-        else
-        {
-            block = data;
-        }
-
-        if (block.length < (2 * defHash.length) + 1)
-        {
-            throw new InvalidCipherTextException("data too short");
-        }
-
-        //
-        // unmask the seed.
-        //
-        byte[] mask = maskGeneratorFunction1(
-                    block, defHash.length, block.length - defHash.length, defHash.length);
-
-        for (int i = 0; i != defHash.length; i++)
-        {
-            block[i] ^= mask[i];
-        }
-
-        //
-        // unmask the message block.
-        //
-        mask = maskGeneratorFunction1(block, 0, defHash.length, block.length - defHash.length);
-
-        for (int i = defHash.length; i != block.length; i++)
-        {
-            block[i] ^= mask[i - defHash.length];
-        }
-
-        //
-        // check the hash of the encoding params.
-        //
-        for (int i = 0; i != defHash.length; i++)
-        {
-            if (defHash[i] != block[defHash.length + i])
-            {
-                throw new InvalidCipherTextException("data hash wrong");
-            }
-        }
-
-        //
-        // find the data block
-        //
-        int start;
-
-        for (start = 2 * defHash.length; start != block.length; start++)
-        {
-            if (block[start] != 0)
-            {
-                break;
-            }
-        }
-
-        if (start >= (block.length - 1) || block[start] != 1)
-        {
-            throw new InvalidCipherTextException("data start wrong " + start);
-        }
-
-        start++;
-
-        //
-        // extract the data block
-        //
-        byte[]  output = new byte[block.length - start];
-
-        System.arraycopy(block, start, output, 0, output.length);
-
-        return output;
-    }
-
-    /**
-     * int to octet string.
-     */
-    private void ItoOSP(
-        int     i,
-        byte[]  sp)
-    {
-        sp[0] = (byte)(i >>> 24);
-        sp[1] = (byte)(i >>> 16);
-        sp[2] = (byte)(i >>> 8);
-        sp[3] = (byte)(i >>> 0);
-    }
-
-    /**
-     * mask generator function, as described in PKCS1v2.
-     */
-    private byte[] maskGeneratorFunction1(
-        byte[]  Z,
-        int     zOff,
-        int     zLen,
-        int     length)
-    {
-        byte[]  mask = new byte[length];
-        byte[]  hashBuf = new byte[mgf1Hash.getDigestSize()];
-        byte[]  C = new byte[4];
-        int     counter = 0;
-
-        hash.reset();
-
-        do
-        {
-            ItoOSP(counter, C);
-
-            mgf1Hash.update(Z, zOff, zLen);
-            mgf1Hash.update(C, 0, C.length);
-            mgf1Hash.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, mask, counter * hashBuf.length, hashBuf.length);
-        }
-        while (++counter < (length / hashBuf.length));
-
-        if ((counter * hashBuf.length) < length)
-        {
-            ItoOSP(counter, C);
-
-            mgf1Hash.update(Z, zOff, zLen);
-            mgf1Hash.update(C, 0, C.length);
-            mgf1Hash.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, mask, counter * hashBuf.length, mask.length - (counter * hashBuf.length));
-        }
-
-        return mask;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
deleted file mode 100644
index a6a598662..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
+++ /dev/null
@@ -1,247 +0,0 @@
-package org.bouncycastle.crypto.encodings;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-/**
- * this does your basic PKCS 1 v1.5 padding - whether or not you should be using this
- * depends on your application - see PKCS1 Version 2 for details.
- */
-public class PKCS1Encoding
-    implements AsymmetricBlockCipher
-{
-    /**
-     * some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to
-     * work with one of these set the system property org.bouncycastle.pkcs1.strict to false.
-     * 

-     * The system property is checked during construction of the encoding object, it is set to 
-     * true by default.
-     * 

-     */
-    public static final String STRICT_LENGTH_ENABLED_PROPERTY = "org.bouncycastle.pkcs1.strict";
-    
-    private static final int HEADER_LENGTH = 10;
-
-    private SecureRandom            random;
-    private AsymmetricBlockCipher   engine;
-    private boolean                 forEncryption;
-    private boolean                 forPrivateKey;
-    private boolean                 useStrictLength;
-
-    /**
-     * Basic constructor.
-     * @param cipher
-     */
-    public PKCS1Encoding(
-        AsymmetricBlockCipher   cipher)
-    {
-        this.engine = cipher;
-        this.useStrictLength = useStrict();
-    }   
-
-    //
-    // for J2ME compatibility
-    //
-    private boolean useStrict()
-    {
-        // required if security manager has been installed.
-        String strict = (String)AccessController.doPrivileged(new PrivilegedAction()
-        {
-            public Object run()
-            {
-                return System.getProperty(STRICT_LENGTH_ENABLED_PROPERTY);
-            }
-        });
-
-        return strict == null || strict.equals("true");
-    }
-
-    public AsymmetricBlockCipher getUnderlyingCipher()
-    {
-        return engine;
-    }
-
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    param)
-    {
-        AsymmetricKeyParameter  kParam;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-            this.random = rParam.getRandom();
-            kParam = (AsymmetricKeyParameter)rParam.getParameters();
-        }
-        else
-        {
-            this.random = new SecureRandom();
-            kParam = (AsymmetricKeyParameter)param;
-        }
-
-        engine.init(forEncryption, param);
-
-        this.forPrivateKey = kParam.isPrivate();
-        this.forEncryption = forEncryption;
-    }
-
-    public int getInputBlockSize()
-    {
-        int     baseBlockSize = engine.getInputBlockSize();
-
-        if (forEncryption)
-        {
-            return baseBlockSize - HEADER_LENGTH;
-        }
-        else
-        {
-            return baseBlockSize;
-        }
-    }
-
-    public int getOutputBlockSize()
-    {
-        int     baseBlockSize = engine.getOutputBlockSize();
-
-        if (forEncryption)
-        {
-            return baseBlockSize;
-        }
-        else
-        {
-            return baseBlockSize - HEADER_LENGTH;
-        }
-    }
-
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        if (forEncryption)
-        {
-            return encodeBlock(in, inOff, inLen);
-        }
-        else
-        {
-            return decodeBlock(in, inOff, inLen);
-        }
-    }
-
-    private byte[] encodeBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        if (inLen > getInputBlockSize())
-        {
-            throw new IllegalArgumentException("input data too large");
-        }
-        
-        byte[]  block = new byte[engine.getInputBlockSize()];
-
-        if (forPrivateKey)
-        {
-            block[0] = 0x01;                        // type code 1
-
-            for (int i = 1; i != block.length - inLen - 1; i++)
-            {
-                block[i] = (byte)0xFF;
-            }
-        }
-        else
-        {
-            random.nextBytes(block);                // random fill
-
-            block[0] = 0x02;                        // type code 2
-
-            //
-            // a zero byte marks the end of the padding, so all
-            // the pad bytes must be non-zero.
-            //
-            for (int i = 1; i != block.length - inLen - 1; i++)
-            {
-                while (block[i] == 0)
-                {
-                    block[i] = (byte)random.nextInt();
-                }
-            }
-        }
-
-        block[block.length - inLen - 1] = 0x00;       // mark the end of the padding
-        System.arraycopy(in, inOff, block, block.length - inLen, inLen);
-
-        return engine.processBlock(block, 0, block.length);
-    }
-
-    /**
-     * @exception InvalidCipherTextException if the decrypted block is not in PKCS1 format.
-     */
-    private byte[] decodeBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        byte[]  block = engine.processBlock(in, inOff, inLen);
-
-        if (block.length < getOutputBlockSize())
-        {
-            throw new InvalidCipherTextException("block truncated");
-        }
-
-        byte type = block[0];
-        
-        if (type != 1 && type != 2)
-        {
-            throw new InvalidCipherTextException("unknown block type");
-        }
-
-        if (useStrictLength && block.length != engine.getOutputBlockSize())
-        {
-            throw new InvalidCipherTextException("block incorrect size");
-        }
-        
-        //
-        // find and extract the message block.
-        //
-        int start;
-        
-        for (start = 1; start != block.length; start++)
-        {
-            byte pad = block[start];
-            
-            if (pad == 0)
-            {
-                break;
-            }
-            if (type == 1 && pad != (byte)0xff)
-            {
-                throw new InvalidCipherTextException("block padding incorrect");
-            }
-        }
-
-        start++;           // data should start at the next byte
-
-        if (start > block.length || start < HEADER_LENGTH)
-        {
-            throw new InvalidCipherTextException("no data in block");
-        }
-
-        byte[]  result = new byte[block.length - start];
-
-        System.arraycopy(block, start, result, 0, result.length);
-
-        return result;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/package.html
deleted file mode 100644
index fc56f634c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/encodings/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Block encodings for asymmetric ciphers.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java
deleted file mode 100644
index d9bb482e7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java
+++ /dev/null
@@ -1,547 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * an implementation of the AES (Rijndael), from FIPS-197.
- * 

- * For further details see: http://csrc.nist.gov/encryption/aes/.
- *
- * This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
- * http://fp.gladman.plus.com/cryptography_technology/rijndael/
- *
- * There are three levels of tradeoff of speed vs memory
- * Because java has no preprocessor, they are written as three separate classes from which to choose
- *
- * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
- * and 4 for decryption.
- *
- * The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
- * adding 12 rotate operations per round to compute the values contained in the other tables from
- * the contents of the first.
- *
- * The slowest version uses no static tables at all and computes the values in each round.
- * 

- * This file contains the middle performance version with 2Kbytes of static tables for round precomputation.
- *
- */
-public class AESEngine
-    implements BlockCipher
-{
-    // The S box
-    private static final byte[] S = {
-        (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197,
-        (byte)48,   (byte)1, (byte)103,  (byte)43, (byte)254, (byte)215, (byte)171, (byte)118,
-        (byte)202, (byte)130, (byte)201, (byte)125, (byte)250,  (byte)89,  (byte)71, (byte)240,
-        (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192,
-        (byte)183, (byte)253, (byte)147,  (byte)38,  (byte)54,  (byte)63, (byte)247, (byte)204,
-        (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216,  (byte)49,  (byte)21,
-        (byte)4, (byte)199,  (byte)35, (byte)195,  (byte)24, (byte)150,   (byte)5, (byte)154,
-        (byte)7,  (byte)18, (byte)128, (byte)226, (byte)235,  (byte)39, (byte)178, (byte)117,
-        (byte)9, (byte)131,  (byte)44,  (byte)26,  (byte)27, (byte)110,  (byte)90, (byte)160,
-        (byte)82,  (byte)59, (byte)214, (byte)179,  (byte)41, (byte)227,  (byte)47, (byte)132,
-        (byte)83, (byte)209,   (byte)0, (byte)237,  (byte)32, (byte)252, (byte)177,  (byte)91,
-        (byte)106, (byte)203, (byte)190,  (byte)57,  (byte)74,  (byte)76,  (byte)88, (byte)207,
-        (byte)208, (byte)239, (byte)170, (byte)251,  (byte)67,  (byte)77,  (byte)51, (byte)133,
-        (byte)69, (byte)249,   (byte)2, (byte)127,  (byte)80,  (byte)60, (byte)159, (byte)168,
-        (byte)81, (byte)163,  (byte)64, (byte)143, (byte)146, (byte)157,  (byte)56, (byte)245,
-        (byte)188, (byte)182, (byte)218,  (byte)33,  (byte)16, (byte)255, (byte)243, (byte)210,
-        (byte)205,  (byte)12,  (byte)19, (byte)236,  (byte)95, (byte)151,  (byte)68,  (byte)23,
-        (byte)196, (byte)167, (byte)126,  (byte)61, (byte)100,  (byte)93,  (byte)25, (byte)115,
-        (byte)96, (byte)129,  (byte)79, (byte)220,  (byte)34,  (byte)42, (byte)144, (byte)136,
-        (byte)70, (byte)238, (byte)184,  (byte)20, (byte)222,  (byte)94,  (byte)11, (byte)219,
-        (byte)224,  (byte)50,  (byte)58,  (byte)10,  (byte)73,   (byte)6,  (byte)36,  (byte)92,
-        (byte)194, (byte)211, (byte)172,  (byte)98, (byte)145, (byte)149, (byte)228, (byte)121,
-        (byte)231, (byte)200,  (byte)55, (byte)109, (byte)141, (byte)213,  (byte)78, (byte)169,
-        (byte)108,  (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174,   (byte)8,
-        (byte)186, (byte)120,  (byte)37,  (byte)46,  (byte)28, (byte)166, (byte)180, (byte)198,
-        (byte)232, (byte)221, (byte)116,  (byte)31,  (byte)75, (byte)189, (byte)139, (byte)138,
-        (byte)112,  (byte)62, (byte)181, (byte)102,  (byte)72,   (byte)3, (byte)246,  (byte)14,
-        (byte)97,  (byte)53,  (byte)87, (byte)185, (byte)134, (byte)193,  (byte)29, (byte)158,
-        (byte)225, (byte)248, (byte)152,  (byte)17, (byte)105, (byte)217, (byte)142, (byte)148,
-        (byte)155,  (byte)30, (byte)135, (byte)233, (byte)206,  (byte)85,  (byte)40, (byte)223,
-        (byte)140, (byte)161, (byte)137,  (byte)13, (byte)191, (byte)230,  (byte)66, (byte)104,
-        (byte)65, (byte)153,  (byte)45,  (byte)15, (byte)176,  (byte)84, (byte)187,  (byte)22,
-    };
-
-    // The inverse S-box
-    private static final byte[] Si = {
-        (byte)82,   (byte)9, (byte)106, (byte)213,  (byte)48,  (byte)54, (byte)165,  (byte)56,
-        (byte)191,  (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251,
-        (byte)124, (byte)227,  (byte)57, (byte)130, (byte)155,  (byte)47, (byte)255, (byte)135,
-        (byte)52, (byte)142,  (byte)67,  (byte)68, (byte)196, (byte)222, (byte)233, (byte)203,
-        (byte)84, (byte)123, (byte)148,  (byte)50, (byte)166, (byte)194,  (byte)35,  (byte)61,
-        (byte)238,  (byte)76, (byte)149,  (byte)11,  (byte)66, (byte)250, (byte)195,  (byte)78,
-        (byte)8,  (byte)46, (byte)161, (byte)102,  (byte)40, (byte)217,  (byte)36, (byte)178,
-        (byte)118,  (byte)91, (byte)162,  (byte)73, (byte)109, (byte)139, (byte)209,  (byte)37,
-        (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152,  (byte)22,
-        (byte)212, (byte)164,  (byte)92, (byte)204,  (byte)93, (byte)101, (byte)182, (byte)146,
-        (byte)108, (byte)112,  (byte)72,  (byte)80, (byte)253, (byte)237, (byte)185, (byte)218,
-        (byte)94,  (byte)21,  (byte)70,  (byte)87, (byte)167, (byte)141, (byte)157, (byte)132,
-        (byte)144, (byte)216, (byte)171,   (byte)0, (byte)140, (byte)188, (byte)211,  (byte)10,
-        (byte)247, (byte)228,  (byte)88,   (byte)5, (byte)184, (byte)179,  (byte)69,   (byte)6,
-        (byte)208,  (byte)44,  (byte)30, (byte)143, (byte)202,  (byte)63,  (byte)15,   (byte)2,
-        (byte)193, (byte)175, (byte)189,   (byte)3,   (byte)1,  (byte)19, (byte)138, (byte)107,
-        (byte)58, (byte)145,  (byte)17,  (byte)65,  (byte)79, (byte)103, (byte)220, (byte)234,
-        (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115,
-        (byte)150, (byte)172, (byte)116,  (byte)34, (byte)231, (byte)173,  (byte)53, (byte)133,
-        (byte)226, (byte)249,  (byte)55, (byte)232,  (byte)28, (byte)117, (byte)223, (byte)110,
-        (byte)71, (byte)241,  (byte)26, (byte)113,  (byte)29,  (byte)41, (byte)197, (byte)137,
-        (byte)111, (byte)183,  (byte)98,  (byte)14, (byte)170,  (byte)24, (byte)190,  (byte)27,
-        (byte)252,  (byte)86,  (byte)62,  (byte)75, (byte)198, (byte)210, (byte)121,  (byte)32,
-        (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205,  (byte)90, (byte)244,
-        (byte)31, (byte)221, (byte)168,  (byte)51, (byte)136,   (byte)7, (byte)199,  (byte)49,
-        (byte)177,  (byte)18,  (byte)16,  (byte)89,  (byte)39, (byte)128, (byte)236,  (byte)95,
-        (byte)96,  (byte)81, (byte)127, (byte)169,  (byte)25, (byte)181,  (byte)74,  (byte)13,
-        (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239,
-        (byte)160, (byte)224,  (byte)59,  (byte)77, (byte)174,  (byte)42, (byte)245, (byte)176,
-        (byte)200, (byte)235, (byte)187,  (byte)60, (byte)131,  (byte)83, (byte)153,  (byte)97,
-        (byte)23,  (byte)43,   (byte)4, (byte)126, (byte)186, (byte)119, (byte)214,  (byte)38,
-        (byte)225, (byte)105,  (byte)20,  (byte)99,  (byte)85,  (byte)33,  (byte)12, (byte)125,
-        };
-
-    // vector used in calculating key schedule (powers of x in GF(256))
-    private static final int[] rcon = {
-         0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
-         0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 };
-
-    // precomputation tables of calculations for rounds
-    private static final int[] T0 =
-    {
-     0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 
-     0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 
-     0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 
-     0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 
-     0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0xecadad41, 
-     0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 
-     0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 
-     0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 
-     0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 
-     0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, 
-     0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, 
-     0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 
-     0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 
-     0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 
-     0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 
-     0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 
-     0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, 
-     0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, 
-     0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 
-     0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 
-     0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, 
-     0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 
-     0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, 
-     0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, 
-     0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 
-     0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 
-     0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, 
-     0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 
-     0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, 
-     0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, 
-     0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 
-     0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 
-     0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 
-     0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, 
-     0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 
-     0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 
-     0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 
-     0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 
-     0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, 
-     0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 
-     0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, 
-     0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, 
-     0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 
-     0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 
-     0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 
-     0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 
-     0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, 
-     0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 
-     0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 
-     0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 
-     0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 
-     0x3a16162c};
-
-private static final int[] Tinv0 =
-    {
-     0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 
-     0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 
-     0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 
-     0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 
-     0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 0xe75f8f03, 
-     0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, 
-     0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 
-     0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 
-     0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, 
-     0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, 
-     0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, 
-     0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, 
-     0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 
-     0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 
-     0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, 
-     0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, 
-     0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, 
-     0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, 
-     0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 
-     0xdbeec879, 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 
-     0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd, 
-     0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, 
-     0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793, 0xd296eeb4, 
-     0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 
-     0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 
-     0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 
-     0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 
-     0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 
-     0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, 
-     0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, 
-     0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 
-     0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 
-     0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 
-     0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 0xe49d3a2c, 0x0d927850, 
-     0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 
-     0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 
-     0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 
-     0xf418596e, 0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 
-     0x08cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea, 
-     0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 
-     0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, 
-     0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, 
-     0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 
-     0x7f516546, 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 
-     0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 0x8c61d79a, 
-     0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, 
-     0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, 
-     0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, 
-     0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 
-     0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 
-     0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 
-     0x4257b8d0};
-
-    private int shift(
-        int     r,
-        int     shift)
-    {
-        return (r >>> shift) | (r << -shift);
-    }
-
-    /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
-
-    private static final int m1 = 0x80808080;
-    private static final int m2 = 0x7f7f7f7f;
-    private static final int m3 = 0x0000001b;
-
-    private int FFmulX(int x)
-    {
-        return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3));
-    }
-
-    /* 
-       The following defines provide alternative definitions of FFmulX that might
-       give improved performance if a fast 32-bit multiply is not available.
-       
-       private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & m2) << 1) ^ ((u >>> 3) | (u >>> 6)); } 
-       private static final int  m4 = 0x1b1b1b1b;
-       private int FFmulX(int x) { int u = x & m1; return ((x & m2) << 1) ^ ((u - (u >>> 7)) & m4); } 
-
-    */
-
-    private int inv_mcol(int x)
-    {
-        int f2 = FFmulX(x);
-        int f4 = FFmulX(f2);
-        int f8 = FFmulX(f4);
-        int f9 = x ^ f8;
-        
-        return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24);
-    }
-
-    private int subWord(int x)
-    {
-        return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24);
-    }
-
-    /**
-     * Calculate the necessary round keys
-     * The number of calculations depends on key size and block size
-     * AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
-     * This code is written assuming those are the only possible values
-     */
-    private int[][] generateWorkingKey(
-                                    byte[] key,
-                                    boolean forEncryption)
-    {
-        int         KC = key.length / 4;  // key length in words
-        int         t;
-        
-        if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length))
-        {
-            throw new IllegalArgumentException("Key length not 128/192/256 bits.");
-        }
-
-        ROUNDS = KC + 6;  // This is not always true for the generalized Rijndael that allows larger block sizes
-        int[][] W = new int[ROUNDS+1][4];   // 4 words in a block
-        
-        //
-        // copy the key into the round key array
-        //
-        
-        t = 0;
-        int i = 0;
-        while (i < key.length)
-            {
-                W[t >> 2][t & 3] = (key[i]&0xff) | ((key[i+1]&0xff) << 8) | ((key[i+2]&0xff) << 16) | (key[i+3] << 24);
-                i+=4;
-                t++;
-            }
-        
-        //
-        // while not enough round key material calculated
-        // calculate new values
-        //
-        int k = (ROUNDS + 1) << 2;
-        for (i = KC; (i < k); i++)
-            {
-                int temp = W[(i-1)>>2][(i-1)&3];
-                if ((i % KC) == 0)
-                {
-                    temp = subWord(shift(temp, 8)) ^ rcon[(i / KC)-1];
-                }
-                else if ((KC > 6) && ((i % KC) == 4))
-                {
-                    temp = subWord(temp);
-                }
-                
-                W[i>>2][i&3] = W[(i - KC)>>2][(i-KC)&3] ^ temp;
-            }
-
-        if (!forEncryption)
-        {
-            for (int j = 1; j < ROUNDS; j++)
-            {
-                for (i = 0; i < 4; i++)
-                {
-                    W[j][i] = inv_mcol(W[j][i]);
-                }
-            }
-        }
-
-        return W;
-    }
-
-    private int         ROUNDS;
-    private int[][]     WorkingKey = null;
-    private int         C0, C1, C2, C3;
-    private boolean     forEncryption;
-
-    private static final int BLOCK_SIZE = 16;
-
-    /**
-     * default constructor - 128 bit block size.
-     */
-    public AESEngine()
-    {
-    }
-
-    /**
-     * initialise an AES cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           forEncryption,
-        CipherParameters  params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption);
-            this.forEncryption = forEncryption;
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to AES init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "AES";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (WorkingKey == null)
-        {
-            throw new IllegalStateException("AES engine not initialised");
-        }
-
-        if ((inOff + (32 / 2)) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + (32 / 2)) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (forEncryption)
-        {
-            unpackBlock(in, inOff);
-            encryptBlock(WorkingKey);
-            packBlock(out, outOff);
-        }
-        else
-        {
-            unpackBlock(in, inOff);
-            decryptBlock(WorkingKey);
-            packBlock(out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    private void unpackBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        C0 = (bytes[index++] & 0xff);
-        C0 |= (bytes[index++] & 0xff) << 8;
-        C0 |= (bytes[index++] & 0xff) << 16;
-        C0 |= bytes[index++] << 24;
-
-        C1 = (bytes[index++] & 0xff);
-        C1 |= (bytes[index++] & 0xff) << 8;
-        C1 |= (bytes[index++] & 0xff) << 16;
-        C1 |= bytes[index++] << 24;
-
-        C2 = (bytes[index++] & 0xff);
-        C2 |= (bytes[index++] & 0xff) << 8;
-        C2 |= (bytes[index++] & 0xff) << 16;
-        C2 |= bytes[index++] << 24;
-
-        C3 = (bytes[index++] & 0xff);
-        C3 |= (bytes[index++] & 0xff) << 8;
-        C3 |= (bytes[index++] & 0xff) << 16;
-        C3 |= bytes[index++] << 24;
-    }
-
-    private void packBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        bytes[index++] = (byte)C0;
-        bytes[index++] = (byte)(C0 >> 8);
-        bytes[index++] = (byte)(C0 >> 16);
-        bytes[index++] = (byte)(C0 >> 24);
-
-        bytes[index++] = (byte)C1;
-        bytes[index++] = (byte)(C1 >> 8);
-        bytes[index++] = (byte)(C1 >> 16);
-        bytes[index++] = (byte)(C1 >> 24);
-
-        bytes[index++] = (byte)C2;
-        bytes[index++] = (byte)(C2 >> 8);
-        bytes[index++] = (byte)(C2 >> 16);
-        bytes[index++] = (byte)(C2 >> 24);
-
-        bytes[index++] = (byte)C3;
-        bytes[index++] = (byte)(C3 >> 8);
-        bytes[index++] = (byte)(C3 >> 16);
-        bytes[index++] = (byte)(C3 >> 24);
-    }
-
-
-    private void encryptBlock(int[][] KW)
-    {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[0][0];
-        C1 ^= KW[0][1];
-        C2 ^= KW[0][2];
-        C3 ^= KW[0][3];
-
-        r = 1;
-
-        while (r < ROUNDS - 1)
-        {
-            r0 = T0[C0&255] ^ shift(T0[(C1>>8)&255], 24) ^ shift(T0[(C2>>16)&255],16) ^ shift(T0[(C3>>24)&255],8) ^ KW[r][0];
-            r1 = T0[C1&255] ^ shift(T0[(C2>>8)&255], 24) ^ shift(T0[(C3>>16)&255], 16) ^ shift(T0[(C0>>24)&255], 8) ^ KW[r][1];
-            r2 = T0[C2&255] ^ shift(T0[(C3>>8)&255], 24) ^ shift(T0[(C0>>16)&255], 16) ^ shift(T0[(C1>>24)&255], 8) ^ KW[r][2];
-            r3 = T0[C3&255] ^ shift(T0[(C0>>8)&255], 24) ^ shift(T0[(C1>>16)&255], 16) ^ shift(T0[(C2>>24)&255], 8) ^ KW[r++][3];
-            C0 = T0[r0&255] ^ shift(T0[(r1>>8)&255], 24) ^ shift(T0[(r2>>16)&255], 16) ^ shift(T0[(r3>>24)&255], 8) ^ KW[r][0];
-            C1 = T0[r1&255] ^ shift(T0[(r2>>8)&255], 24) ^ shift(T0[(r3>>16)&255], 16) ^ shift(T0[(r0>>24)&255], 8) ^ KW[r][1];
-            C2 = T0[r2&255] ^ shift(T0[(r3>>8)&255], 24) ^ shift(T0[(r0>>16)&255], 16) ^ shift(T0[(r1>>24)&255], 8) ^ KW[r][2];
-            C3 = T0[r3&255] ^ shift(T0[(r0>>8)&255], 24) ^ shift(T0[(r1>>16)&255], 16) ^ shift(T0[(r2>>24)&255], 8) ^ KW[r++][3];
-        }
-
-        r0 = T0[C0&255] ^ shift(T0[(C1>>8)&255], 24) ^ shift(T0[(C2>>16)&255], 16) ^ shift(T0[(C3>>24)&255], 8) ^ KW[r][0];
-        r1 = T0[C1&255] ^ shift(T0[(C2>>8)&255], 24) ^ shift(T0[(C3>>16)&255], 16) ^ shift(T0[(C0>>24)&255], 8) ^ KW[r][1];
-        r2 = T0[C2&255] ^ shift(T0[(C3>>8)&255], 24) ^ shift(T0[(C0>>16)&255], 16) ^ shift(T0[(C1>>24)&255], 8) ^ KW[r][2];
-        r3 = T0[C3&255] ^ shift(T0[(C0>>8)&255], 24) ^ shift(T0[(C1>>16)&255], 16) ^ shift(T0[(C2>>24)&255], 8) ^ KW[r++][3];
-
-        // the final round's table is a simple function of S so we don't use a whole other four tables for it
-
-        C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
-        C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
-        C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
-        C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
-
-    }
-
-    private void decryptBlock(int[][] KW)
-    {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[ROUNDS][0];
-        C1 ^= KW[ROUNDS][1];
-        C2 ^= KW[ROUNDS][2];
-        C3 ^= KW[ROUNDS][3];
-
-        r = ROUNDS-1;
-
-        while (r>1)
-        {
-            r0 = Tinv0[C0&255] ^ shift(Tinv0[(C3>>8)&255], 24) ^ shift(Tinv0[(C2>>16)&255], 16) ^ shift(Tinv0[(C1>>24)&255], 8) ^ KW[r][0];
-            r1 = Tinv0[C1&255] ^ shift(Tinv0[(C0>>8)&255], 24) ^ shift(Tinv0[(C3>>16)&255], 16) ^ shift(Tinv0[(C2>>24)&255], 8) ^ KW[r][1];
-            r2 = Tinv0[C2&255] ^ shift(Tinv0[(C1>>8)&255], 24) ^ shift(Tinv0[(C0>>16)&255], 16) ^ shift(Tinv0[(C3>>24)&255], 8) ^ KW[r][2];
-            r3 = Tinv0[C3&255] ^ shift(Tinv0[(C2>>8)&255], 24) ^ shift(Tinv0[(C1>>16)&255], 16) ^ shift(Tinv0[(C0>>24)&255], 8) ^ KW[r--][3];
-            C0 = Tinv0[r0&255] ^ shift(Tinv0[(r3>>8)&255], 24) ^ shift(Tinv0[(r2>>16)&255], 16) ^ shift(Tinv0[(r1>>24)&255], 8) ^ KW[r][0];
-            C1 = Tinv0[r1&255] ^ shift(Tinv0[(r0>>8)&255], 24) ^ shift(Tinv0[(r3>>16)&255], 16) ^ shift(Tinv0[(r2>>24)&255], 8) ^ KW[r][1];
-            C2 = Tinv0[r2&255] ^ shift(Tinv0[(r1>>8)&255], 24) ^ shift(Tinv0[(r0>>16)&255], 16) ^ shift(Tinv0[(r3>>24)&255], 8) ^ KW[r][2];
-            C3 = Tinv0[r3&255] ^ shift(Tinv0[(r2>>8)&255], 24) ^ shift(Tinv0[(r1>>16)&255], 16) ^ shift(Tinv0[(r0>>24)&255], 8) ^ KW[r--][3];
-        }
-
-        r0 = Tinv0[C0&255] ^ shift(Tinv0[(C3>>8)&255], 24) ^ shift(Tinv0[(C2>>16)&255], 16) ^ shift(Tinv0[(C1>>24)&255], 8) ^ KW[r][0];
-        r1 = Tinv0[C1&255] ^ shift(Tinv0[(C0>>8)&255], 24) ^ shift(Tinv0[(C3>>16)&255], 16) ^ shift(Tinv0[(C2>>24)&255], 8) ^ KW[r][1];
-        r2 = Tinv0[C2&255] ^ shift(Tinv0[(C1>>8)&255], 24) ^ shift(Tinv0[(C0>>16)&255], 16) ^ shift(Tinv0[(C3>>24)&255], 8) ^ KW[r][2];
-        r3 = Tinv0[C3&255] ^ shift(Tinv0[(C2>>8)&255], 24) ^ shift(Tinv0[(C1>>16)&255], 16) ^ shift(Tinv0[(C0>>24)&255], 8) ^ KW[r][3];
-        
-        // the final round's table is a simple function of Si so we don't use a whole other four tables for it
-
-        C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
-        C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
-        C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
-        C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java
deleted file mode 100644
index 2374be1fd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java
+++ /dev/null
@@ -1,876 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * an implementation of the AES (Rijndael), from FIPS-197.
- * 

- * For further details see: http://csrc.nist.gov/encryption/aes/.
- *
- * This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
- * http://fp.gladman.plus.com/cryptography_technology/rijndael/
- *
- * There are three levels of tradeoff of speed vs memory
- * Because java has no preprocessor, they are written as three separate classes from which to choose
- *
- * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
- * and 4 for decryption.
- *
- * The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
- * adding 12 rotate operations per round to compute the values contained in the other tables from
- * the contents of the first
- *
- * The slowest version uses no static tables at all and computes the values in each round
- * 

- * This file contains the fast version with 8Kbytes of static tables for round precomputation
- *
- */
-public class AESFastEngine
-    implements BlockCipher
-{
-    // The S box
-    private static final byte[] S = {
-        (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197,
-        (byte)48,   (byte)1, (byte)103,  (byte)43, (byte)254, (byte)215, (byte)171, (byte)118,
-        (byte)202, (byte)130, (byte)201, (byte)125, (byte)250,  (byte)89,  (byte)71, (byte)240,
-        (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192,
-        (byte)183, (byte)253, (byte)147,  (byte)38,  (byte)54,  (byte)63, (byte)247, (byte)204,
-        (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216,  (byte)49,  (byte)21,
-        (byte)4, (byte)199,  (byte)35, (byte)195,  (byte)24, (byte)150,   (byte)5, (byte)154,
-        (byte)7,  (byte)18, (byte)128, (byte)226, (byte)235,  (byte)39, (byte)178, (byte)117,
-        (byte)9, (byte)131,  (byte)44,  (byte)26,  (byte)27, (byte)110,  (byte)90, (byte)160,
-        (byte)82,  (byte)59, (byte)214, (byte)179,  (byte)41, (byte)227,  (byte)47, (byte)132,
-        (byte)83, (byte)209,   (byte)0, (byte)237,  (byte)32, (byte)252, (byte)177,  (byte)91,
-        (byte)106, (byte)203, (byte)190,  (byte)57,  (byte)74,  (byte)76,  (byte)88, (byte)207,
-        (byte)208, (byte)239, (byte)170, (byte)251,  (byte)67,  (byte)77,  (byte)51, (byte)133,
-        (byte)69, (byte)249,   (byte)2, (byte)127,  (byte)80,  (byte)60, (byte)159, (byte)168,
-        (byte)81, (byte)163,  (byte)64, (byte)143, (byte)146, (byte)157,  (byte)56, (byte)245,
-        (byte)188, (byte)182, (byte)218,  (byte)33,  (byte)16, (byte)255, (byte)243, (byte)210,
-        (byte)205,  (byte)12,  (byte)19, (byte)236,  (byte)95, (byte)151,  (byte)68,  (byte)23,
-        (byte)196, (byte)167, (byte)126,  (byte)61, (byte)100,  (byte)93,  (byte)25, (byte)115,
-        (byte)96, (byte)129,  (byte)79, (byte)220,  (byte)34,  (byte)42, (byte)144, (byte)136,
-        (byte)70, (byte)238, (byte)184,  (byte)20, (byte)222,  (byte)94,  (byte)11, (byte)219,
-        (byte)224,  (byte)50,  (byte)58,  (byte)10,  (byte)73,   (byte)6,  (byte)36,  (byte)92,
-        (byte)194, (byte)211, (byte)172,  (byte)98, (byte)145, (byte)149, (byte)228, (byte)121,
-        (byte)231, (byte)200,  (byte)55, (byte)109, (byte)141, (byte)213,  (byte)78, (byte)169,
-        (byte)108,  (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174,   (byte)8,
-        (byte)186, (byte)120,  (byte)37,  (byte)46,  (byte)28, (byte)166, (byte)180, (byte)198,
-        (byte)232, (byte)221, (byte)116,  (byte)31,  (byte)75, (byte)189, (byte)139, (byte)138,
-        (byte)112,  (byte)62, (byte)181, (byte)102,  (byte)72,   (byte)3, (byte)246,  (byte)14,
-        (byte)97,  (byte)53,  (byte)87, (byte)185, (byte)134, (byte)193,  (byte)29, (byte)158,
-        (byte)225, (byte)248, (byte)152,  (byte)17, (byte)105, (byte)217, (byte)142, (byte)148,
-        (byte)155,  (byte)30, (byte)135, (byte)233, (byte)206,  (byte)85,  (byte)40, (byte)223,
-        (byte)140, (byte)161, (byte)137,  (byte)13, (byte)191, (byte)230,  (byte)66, (byte)104,
-        (byte)65, (byte)153,  (byte)45,  (byte)15, (byte)176,  (byte)84, (byte)187,  (byte)22,
-    };
-
-    // The inverse S-box
-    private static final byte[] Si = {
-        (byte)82,   (byte)9, (byte)106, (byte)213,  (byte)48,  (byte)54, (byte)165,  (byte)56,
-        (byte)191,  (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251,
-        (byte)124, (byte)227,  (byte)57, (byte)130, (byte)155,  (byte)47, (byte)255, (byte)135,
-        (byte)52, (byte)142,  (byte)67,  (byte)68, (byte)196, (byte)222, (byte)233, (byte)203,
-        (byte)84, (byte)123, (byte)148,  (byte)50, (byte)166, (byte)194,  (byte)35,  (byte)61,
-        (byte)238,  (byte)76, (byte)149,  (byte)11,  (byte)66, (byte)250, (byte)195,  (byte)78,
-        (byte)8,  (byte)46, (byte)161, (byte)102,  (byte)40, (byte)217,  (byte)36, (byte)178,
-        (byte)118,  (byte)91, (byte)162,  (byte)73, (byte)109, (byte)139, (byte)209,  (byte)37,
-        (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152,  (byte)22,
-        (byte)212, (byte)164,  (byte)92, (byte)204,  (byte)93, (byte)101, (byte)182, (byte)146,
-        (byte)108, (byte)112,  (byte)72,  (byte)80, (byte)253, (byte)237, (byte)185, (byte)218,
-        (byte)94,  (byte)21,  (byte)70,  (byte)87, (byte)167, (byte)141, (byte)157, (byte)132,
-        (byte)144, (byte)216, (byte)171,   (byte)0, (byte)140, (byte)188, (byte)211,  (byte)10,
-        (byte)247, (byte)228,  (byte)88,   (byte)5, (byte)184, (byte)179,  (byte)69,   (byte)6,
-        (byte)208,  (byte)44,  (byte)30, (byte)143, (byte)202,  (byte)63,  (byte)15,   (byte)2,
-        (byte)193, (byte)175, (byte)189,   (byte)3,   (byte)1,  (byte)19, (byte)138, (byte)107,
-        (byte)58, (byte)145,  (byte)17,  (byte)65,  (byte)79, (byte)103, (byte)220, (byte)234,
-        (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115,
-        (byte)150, (byte)172, (byte)116,  (byte)34, (byte)231, (byte)173,  (byte)53, (byte)133,
-        (byte)226, (byte)249,  (byte)55, (byte)232,  (byte)28, (byte)117, (byte)223, (byte)110,
-        (byte)71, (byte)241,  (byte)26, (byte)113,  (byte)29,  (byte)41, (byte)197, (byte)137,
-        (byte)111, (byte)183,  (byte)98,  (byte)14, (byte)170,  (byte)24, (byte)190,  (byte)27,
-        (byte)252,  (byte)86,  (byte)62,  (byte)75, (byte)198, (byte)210, (byte)121,  (byte)32,
-        (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205,  (byte)90, (byte)244,
-        (byte)31, (byte)221, (byte)168,  (byte)51, (byte)136,   (byte)7, (byte)199,  (byte)49,
-        (byte)177,  (byte)18,  (byte)16,  (byte)89,  (byte)39, (byte)128, (byte)236,  (byte)95,
-        (byte)96,  (byte)81, (byte)127, (byte)169,  (byte)25, (byte)181,  (byte)74,  (byte)13,
-        (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239,
-        (byte)160, (byte)224,  (byte)59,  (byte)77, (byte)174,  (byte)42, (byte)245, (byte)176,
-        (byte)200, (byte)235, (byte)187,  (byte)60, (byte)131,  (byte)83, (byte)153,  (byte)97,
-        (byte)23,  (byte)43,   (byte)4, (byte)126, (byte)186, (byte)119, (byte)214,  (byte)38,
-        (byte)225, (byte)105,  (byte)20,  (byte)99,  (byte)85,  (byte)33,  (byte)12, (byte)125,
-        };
-
-    // vector used in calculating key schedule (powers of x in GF(256))
-    private static final int[] rcon = {
-         0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
-         0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 };
-
-    // precomputation tables of calculations for rounds
-    private static final int[] T0 =
-    {
-     0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 
-     0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 
-     0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 
-     0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 
-     0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0xecadad41, 
-     0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 
-     0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 
-     0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 
-     0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 
-     0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, 
-     0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, 
-     0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 
-     0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 
-     0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 
-     0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 
-     0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 
-     0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, 
-     0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, 
-     0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 
-     0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 
-     0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, 
-     0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 
-     0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, 
-     0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, 
-     0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 
-     0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 
-     0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, 
-     0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 
-     0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, 
-     0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, 
-     0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 
-     0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 
-     0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 
-     0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, 
-     0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 
-     0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 
-     0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 
-     0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 
-     0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, 
-     0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 
-     0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, 
-     0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, 
-     0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 
-     0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 
-     0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 
-     0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 
-     0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, 
-     0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 
-     0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 
-     0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 
-     0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 
-     0x3a16162c};
-
-    private static final int[] T1 =
-    {
-     0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 
-     0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 
-     0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, 
-     0x7676ec9a, 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 
-     0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, 0xadad41ec, 
-     0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, 
-     0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 
-     0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 
-     0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 0x7171e293, 
-     0xd8d8ab73, 0x31316253, 0x15152a3f, 0x0404080c, 0xc7c79552, 
-     0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, 0x05050a0f, 
-     0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, 
-     0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 
-     0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 
-     0x5a5ab4ee, 0xa0a05bfb, 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 
-     0xb3b37dce, 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, 
-     0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, 
-     0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, 
-     0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 
-     0xcfcf854a, 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 
-     0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 0x45458acf, 
-     0xf9f9e910, 0x02020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, 
-     0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 
-     0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, 
-     0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 
-     0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 
-     0x13132635, 0xececc32f, 0x5f5fbee1, 0x979735a2, 0x444488cc, 
-     0x17172e39, 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 
-     0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, 0x6060c0a0, 
-     0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, 
-     0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 
-     0x1414283c, 0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, 
-     0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, 0x494992db, 
-     0x06060c0a, 0x2424486c, 0x5c5cb8e4, 0xc2c29f5d, 0xd3d3bd6e, 
-     0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, 
-     0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, 
-     0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 
-     0x5656acfa, 0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 
-     0xaeae47e9, 0x08081018, 0xbaba6fd5, 0x7878f088, 0x25254a6f, 
-     0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, 
-     0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 0x4b4b96dd, 
-     0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, 
-     0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 
-     0x0e0e1c12, 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 
-     0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 
-     0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, 
-     0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 
-     0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, 
-     0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 
-     0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 
-     0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 
-     0x16162c3a};
-
-    private static final int[] T2 =
-    {
-     0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 
-     0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 
-     0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 
-     0x76ec9a76, 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 
-     0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, 0xad41ecad, 
-     0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, 
-     0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 
-     0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 
-     0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 0x71e29371, 
-     0xd8ab73d8, 0x31625331, 0x152a3f15, 0x04080c04, 0xc79552c7, 
-     0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, 0x050a0f05, 
-     0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, 
-     0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 
-     0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 
-     0x5ab4ee5a, 0xa05bfba0, 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 
-     0xb37dceb3, 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, 
-     0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, 0x20406020, 
-     0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, 
-     0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 
-     0xcf854acf, 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 
-     0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 0x458acf45, 
-     0xf9e910f9, 0x02040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, 
-     0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3, 0x4080c040, 
-     0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, 
-     0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 
-     0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 
-     0x13263513, 0xecc32fec, 0x5fbee15f, 0x9735a297, 0x4488cc44, 
-     0x172e3917, 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 
-     0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, 0x60c0a060, 
-     0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, 
-     0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 
-     0x14283c14, 0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, 
-     0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, 0x4992db49, 
-     0x060c0a06, 0x24486c24, 0x5cb8e45c, 0xc29f5dc2, 0xd3bd6ed3, 
-     0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, 
-     0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, 
-     0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 
-     0x56acfa56, 0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 
-     0xae47e9ae, 0x08101808, 0xba6fd5ba, 0x78f08878, 0x254a6f25, 
-     0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, 
-     0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 0x4b96dd4b, 
-     0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, 
-     0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 
-     0x0e1c120e, 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 
-     0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 
-     0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, 
-     0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e, 0x87159287, 
-     0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, 
-     0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 
-     0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 
-     0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 
-     0x162c3a16};
-
-    private static final int[] T3 =
-    {
-     0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 
-     0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 
-     0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, 
-     0xec9a7676, 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 
-     0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, 0x41ecadad, 
-     0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, 
-     0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 
-     0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 
-     0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 0xe2937171, 
-     0xab73d8d8, 0x62533131, 0x2a3f1515, 0x080c0404, 0x9552c7c7, 
-     0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, 0x0a0f0505, 
-     0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, 
-     0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 
-     0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 
-     0xb4ee5a5a, 0x5bfba0a0, 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 
-     0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, 
-     0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, 0x40602020, 
-     0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, 
-     0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 
-     0x854acfcf, 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 
-     0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 0x8acf4545, 
-     0xe910f9f9, 0x04060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, 
-     0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3, 0x80c04040, 
-     0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, 
-     0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 
-     0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 
-     0x26351313, 0xc32fecec, 0xbee15f5f, 0x35a29797, 0x88cc4444, 
-     0x2e391717, 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 
-     0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, 0xc0a06060, 
-     0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, 
-     0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 
-     0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 
-     0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, 
-     0x0c0a0606, 0x486c2424, 0xb8e45c5c, 0x9f5dc2c2, 0xbd6ed3d3, 
-     0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, 
-     0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, 
-     0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 
-     0xacfa5656, 0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 
-     0x47e9aeae, 0x10180808, 0x6fd5baba, 0xf0887878, 0x4a6f2525, 
-     0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, 
-     0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 0x96dd4b4b, 
-     0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e, 
-     0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 
-     0x1c120e0e, 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 
-     0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 
-     0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, 
-     0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e, 0x15928787, 
-     0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, 
-     0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 
-     0xd731e6e6, 0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 
-     0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 
-     0x2c3a1616};
-
-    private static final int[] Tinv0 =
-    {
-     0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 
-     0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 
-     0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 
-     0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 
-     0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 0xe75f8f03, 
-     0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, 
-     0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 
-     0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 
-     0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, 
-     0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, 
-     0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, 
-     0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, 
-     0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 
-     0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 
-     0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, 
-     0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, 
-     0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, 
-     0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, 
-     0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 
-     0xdbeec879, 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 
-     0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd, 
-     0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, 
-     0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793, 0xd296eeb4, 
-     0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 
-     0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 
-     0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 
-     0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 
-     0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 
-     0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, 
-     0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, 
-     0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 
-     0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 
-     0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 
-     0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 0xe49d3a2c, 0x0d927850, 
-     0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 
-     0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 
-     0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 
-     0xf418596e, 0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 
-     0x08cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea, 
-     0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 
-     0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, 
-     0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, 
-     0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 
-     0x7f516546, 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 
-     0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 0x8c61d79a, 
-     0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, 
-     0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, 
-     0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, 
-     0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 
-     0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 
-     0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 
-     0x4257b8d0};
-
-    private static final int[] Tinv1 =
-    {
-     0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 
-     0x459d1ff1, 0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 
-     0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 
-     0xa362b58f, 0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1, 
-     0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, 0x5f8f03e7, 
-     0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, 
-     0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, 
-     0x71b927dd, 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 
-     0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, 0x7764b1e0, 
-     0xae6bbb84, 0xa081fe1c, 0x2b08f994, 0x68487058, 0xfd458f19, 
-     0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2, 0x8f1fe357, 
-     0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5, 
-     0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 
-     0xb479a792, 0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 
-     0x6234d11f, 0xfea6c48a, 0x532e349d, 0x55f3a2a0, 0xe18a0532, 
-     0xebf6a475, 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, 
-     0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, 0x8d5491b5, 
-     0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697, 
-     0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 
-     0xeec879db, 0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 
-     0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, 0xff0efdfb, 
-     0x38850f56, 0xd5ae3d1e, 0x392d3627, 0xd90f0a64, 0xa65c6821, 
-     0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 
-     0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, 
-     0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, 
-     0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, 
-     0xdd99eebb, 0x607fa3fd, 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 
-     0x7efb5b34, 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, 
-     0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, 0x244a857d, 
-     0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3, 
-     0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 
-     0x64e94722, 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 
-     0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 
-     0xde7aa528, 0x8eb7da26, 0xbfad3fa4, 0x9d3a2ce4, 0x9278500d, 
-     0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 
-     0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, 
-     0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 
-     0x18596ef4, 0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 
-     0xcfbc2108, 0xe815efe6, 0x9be7bad9, 0x366f4ace, 0x099fead4, 
-     0x7cb029d6, 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, 
-     0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, 0x9804f14a, 
-     0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d, 
-     0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 
-     0x5165467f, 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 
-     0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, 0x61d79a8c, 
-     0x0ca1377a, 0x14f8598e, 0x3c13eb89, 0x27a9ceee, 0xc961b735, 
-     0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f, 0xce141879, 
-     0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, 
-     0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 
-     0x25e2bc0c, 0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, 
-     0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, 
-     0x57b8d042};
-
-    private static final int[] Tinv2 =
-    {
-     0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 
-     0x9d1ff145, 0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 
-     0xcc889176, 0x02f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 
-     0x62b58fa3, 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, 
-     0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, 0x8f03e75f, 
-     0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, 
-     0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, 
-     0xb927dd71, 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 
-     0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, 0x64b1e077, 
-     0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, 0x48705868, 0x458f19fd, 
-     0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 
-     0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, 
-     0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, 
-     0x79a792b4, 0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, 
-     0x34d11f62, 0xa6c48afe, 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 
-     0xf6a475eb, 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, 
-     0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 0x5491b58d, 
-     0xc471055d, 0x06046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9, 
-     0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 
-     0xc879dbee, 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 
-     0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, 0x0efdfbff, 
-     0x850f5638, 0xae3d1ed5, 0x2d362739, 0x0f0a64d9, 0x5c6821a6, 
-     0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7, 0xeeb4d296, 
-     0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, 
-     0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, 
-     0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 
-     0x99eebbdd, 0x7fa3fd60, 0x01f79f26, 0x725cbcf5, 0x6644c53b, 
-     0xfb5b347e, 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, 
-     0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, 0x4a857d24, 
-     0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330, 
-     0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 
-     0xe9472264, 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 
-     0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 0xf5a6cf81, 
-     0x7aa528de, 0xb7da268e, 0xad3fa4bf, 0x3a2ce49d, 0x78500d92, 
-     0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 
-     0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, 
-     0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 
-     0x596ef418, 0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 
-     0xbc2108cf, 0x15efe6e8, 0xe7bad99b, 0x6f4ace36, 0x9fead409, 
-     0xb029d67c, 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, 
-     0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, 0x04f14a98, 
-     0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0, 
-     0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 
-     0x65467f51, 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 
-     0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, 0xd79a8c61, 
-     0xa1377a0c, 0xf8598e14, 0x13eb893c, 0xa9ceee27, 0x61b735c9, 
-     0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73, 0x141879ce, 
-     0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, 
-     0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 
-     0xe2bc0c25, 0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, 
-     0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, 
-     0xb8d04257};
-
-    private static final int[] Tinv3 =
-    {
-     0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 
-     0x1ff1459d, 0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 
-     0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 
-     0xb58fa362, 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, 
-     0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, 0x03e75f8f, 
-     0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, 
-     0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, 
-     0x27dd71b9, 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 
-     0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, 0xb1e07764, 
-     0xbb84ae6b, 0xfe1ca081, 0xf9942b08, 0x70586848, 0x8f19fd45, 
-     0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b, 0xe3578f1f, 
-     0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, 
-     0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, 
-     0xa792b479, 0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, 
-     0xd11f6234, 0xc48afea6, 0x349d532e, 0xa2a055f3, 0x0532e18a, 
-     0xa475ebf6, 0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, 
-     0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 0x91b58d54, 
-     0x71055dc4, 0x046fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd, 
-     0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 
-     0x79dbeec8, 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 
-     0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, 0xfdfbff0e, 
-     0x0f563885, 0x3d1ed5ae, 0x3627392d, 0x0a64d90f, 0x6821a65c, 
-     0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757, 0xb4d296ee, 
-     0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, 
-     0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, 
-     0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 
-     0xeebbdd99, 0xa3fd607f, 0xf79f2601, 0x5cbcf572, 0x44c53b66, 
-     0x5b347efb, 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, 
-     0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, 0x857d244a, 
-     0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2, 
-     0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 
-     0x472264e9, 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 
-     0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 
-     0xa528de7a, 0xda268eb7, 0x3fa4bfad, 0x2ce49d3a, 0x500d9278, 
-     0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 
-     0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, 
-     0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 
-     0x6ef41859, 0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 
-     0x2108cfbc, 0xefe6e815, 0xbad99be7, 0x4ace366f, 0xead4099f, 
-     0x29d67cb0, 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, 
-     0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, 0xf14a9804, 
-     0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef, 
-     0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 
-     0x467f5165, 0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 
-     0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, 0x9a8c61d7, 
-     0x377a0ca1, 0x598e14f8, 0xeb893c13, 0xceee27a9, 0xb735c961, 
-     0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 
-     0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, 
-     0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 
-     0xbc0c25e2, 0x288b493c, 0xff41950d, 0x397101a8, 0x08deb30c, 
-     0xd89ce4b4, 0x6490c156, 0x7b6184cb, 0xd570b632, 0x48745c6c, 
-     0xd04257b8};
-
-    private int shift(
-        int     r,
-        int     shift)
-    {
-        return (r >>> shift) | (r << -shift);
-    }
-
-    /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
-
-    private static final int m1 = 0x80808080;
-    private static final int m2 = 0x7f7f7f7f;
-    private static final int m3 = 0x0000001b;
-
-    private int FFmulX(int x)
-    {
-        return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3));
-    }
-
-    /* 
-       The following defines provide alternative definitions of FFmulX that might
-       give improved performance if a fast 32-bit multiply is not available.
-       
-       private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & m2) << 1) ^ ((u >>> 3) | (u >>> 6)); } 
-       private static final int  m4 = 0x1b1b1b1b;
-       private int FFmulX(int x) { int u = x & m1; return ((x & m2) << 1) ^ ((u - (u >>> 7)) & m4); } 
-
-    */
-
-    private int inv_mcol(int x)
-    {
-        int f2 = FFmulX(x);
-        int f4 = FFmulX(f2);
-        int f8 = FFmulX(f4);
-        int f9 = x ^ f8;
-        
-        return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24);
-    }
-
-
-    private int subWord(int x)
-    {
-        return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24);
-    }
-
-    /**
-     * Calculate the necessary round keys
-     * The number of calculations depends on key size and block size
-     * AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
-     * This code is written assuming those are the only possible values
-     */
-    private int[][] generateWorkingKey(
-                                    byte[] key,
-                                    boolean forEncryption)
-    {
-        int         KC = key.length / 4;  // key length in words
-        int         t;
-        
-        if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length))
-        {
-            throw new IllegalArgumentException("Key length not 128/192/256 bits.");
-        }
-
-        ROUNDS = KC + 6;  // This is not always true for the generalized Rijndael that allows larger block sizes
-        int[][] W = new int[ROUNDS+1][4];   // 4 words in a block
-        
-        //
-        // copy the key into the round key array
-        //
-        
-        t = 0;
-        int i = 0;
-        while (i < key.length)
-        {
-            W[t >> 2][t & 3] = (key[i]&0xff) | ((key[i+1]&0xff) << 8) | ((key[i+2]&0xff) << 16) | (key[i+3] << 24);
-            i+=4;
-            t++;
-        }
-        
-        //
-        // while not enough round key material calculated
-        // calculate new values
-        //
-        int k = (ROUNDS + 1) << 2;
-        for (i = KC; (i < k); i++)
-        {
-            int temp = W[(i - 1) >> 2][(i - 1) & 3];
-            if ((i % KC) == 0)
-            {
-                temp = subWord(shift(temp, 8)) ^ rcon[(i / KC) - 1];
-            }
-            else if ((KC > 6) && ((i % KC) == 4))
-            {
-                temp = subWord(temp);
-            }
-
-            W[i >> 2][i & 3] = W[(i - KC) >> 2][(i - KC) & 3] ^ temp;
-        }
-
-        if (!forEncryption)
-        {
-            for (int j = 1; j < ROUNDS; j++)
-            {
-                for (i = 0; i < 4; i++)
-                {
-                    W[j][i] = inv_mcol(W[j][i]);
-                }
-            }
-        }
-
-        return W;
-    }
-
-    private int         ROUNDS;
-    private int[][]     WorkingKey = null;
-    private int         C0, C1, C2, C3;
-    private boolean     forEncryption;
-
-    private static final int BLOCK_SIZE = 16;
-
-    /**
-     * default constructor - 128 bit block size.
-     */
-    public AESFastEngine()
-    {
-    }
-
-    /**
-     * initialise an AES cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           forEncryption,
-        CipherParameters  params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption);
-            this.forEncryption = forEncryption;
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to AES init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "AES";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (WorkingKey == null)
-        {
-            throw new IllegalStateException("AES engine not initialised");
-        }
-
-        if ((inOff + (32 / 2)) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + (32 / 2)) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (forEncryption)
-        {
-            unpackBlock(in, inOff);
-            encryptBlock(WorkingKey);
-            packBlock(out, outOff);
-        }
-        else
-        {
-            unpackBlock(in, inOff);
-            decryptBlock(WorkingKey);
-            packBlock(out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    private void unpackBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        C0 = (bytes[index++] & 0xff);
-        C0 |= (bytes[index++] & 0xff) << 8;
-        C0 |= (bytes[index++] & 0xff) << 16;
-        C0 |= bytes[index++] << 24;
-
-        C1 = (bytes[index++] & 0xff);
-        C1 |= (bytes[index++] & 0xff) << 8;
-        C1 |= (bytes[index++] & 0xff) << 16;
-        C1 |= bytes[index++] << 24;
-
-        C2 = (bytes[index++] & 0xff);
-        C2 |= (bytes[index++] & 0xff) << 8;
-        C2 |= (bytes[index++] & 0xff) << 16;
-        C2 |= bytes[index++] << 24;
-
-        C3 = (bytes[index++] & 0xff);
-        C3 |= (bytes[index++] & 0xff) << 8;
-        C3 |= (bytes[index++] & 0xff) << 16;
-        C3 |= bytes[index++] << 24;
-    }
-
-    private void packBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        bytes[index++] = (byte)C0;
-        bytes[index++] = (byte)(C0 >> 8);
-        bytes[index++] = (byte)(C0 >> 16);
-        bytes[index++] = (byte)(C0 >> 24);
-
-        bytes[index++] = (byte)C1;
-        bytes[index++] = (byte)(C1 >> 8);
-        bytes[index++] = (byte)(C1 >> 16);
-        bytes[index++] = (byte)(C1 >> 24);
-
-        bytes[index++] = (byte)C2;
-        bytes[index++] = (byte)(C2 >> 8);
-        bytes[index++] = (byte)(C2 >> 16);
-        bytes[index++] = (byte)(C2 >> 24);
-
-        bytes[index++] = (byte)C3;
-        bytes[index++] = (byte)(C3 >> 8);
-        bytes[index++] = (byte)(C3 >> 16);
-        bytes[index++] = (byte)(C3 >> 24);
-    }
-
-    private void encryptBlock(int[][] KW)
-    {
-        int r, r0, r1, r2, r3;
-        
-        C0 ^= KW[0][0];
-        C1 ^= KW[0][1];
-        C2 ^= KW[0][2];
-        C3 ^= KW[0][3];
-
-        r = 1;
-        while (r < ROUNDS - 1)
-        {
-            r0 = T0[C0&255] ^ T1[(C1>>8)&255] ^ T2[(C2>>16)&255] ^ T3[(C3>>24)&255] ^ KW[r][0];
-            r1 = T0[C1&255] ^ T1[(C2>>8)&255] ^ T2[(C3>>16)&255] ^ T3[(C0>>24)&255] ^ KW[r][1];
-            r2 = T0[C2&255] ^ T1[(C3>>8)&255] ^ T2[(C0>>16)&255] ^ T3[(C1>>24)&255] ^ KW[r][2];
-            r3 = T0[C3&255] ^ T1[(C0>>8)&255] ^ T2[(C1>>16)&255] ^ T3[(C2>>24)&255] ^ KW[r++][3];
-            C0 = T0[r0&255] ^ T1[(r1>>8)&255] ^ T2[(r2>>16)&255] ^ T3[(r3>>24)&255] ^ KW[r][0];
-            C1 = T0[r1&255] ^ T1[(r2>>8)&255] ^ T2[(r3>>16)&255] ^ T3[(r0>>24)&255] ^ KW[r][1];
-            C2 = T0[r2&255] ^ T1[(r3>>8)&255] ^ T2[(r0>>16)&255] ^ T3[(r1>>24)&255] ^ KW[r][2];
-            C3 = T0[r3&255] ^ T1[(r0>>8)&255] ^ T2[(r1>>16)&255] ^ T3[(r2>>24)&255] ^ KW[r++][3];
-        }
-
-        r0 = T0[C0&255] ^ T1[(C1>>8)&255] ^ T2[(C2>>16)&255] ^ T3[(C3>>24)&255] ^ KW[r][0];
-        r1 = T0[C1&255] ^ T1[(C2>>8)&255] ^ T2[(C3>>16)&255] ^ T3[(C0>>24)&255] ^ KW[r][1];
-        r2 = T0[C2&255] ^ T1[(C3>>8)&255] ^ T2[(C0>>16)&255] ^ T3[(C1>>24)&255] ^ KW[r][2];
-        r3 = T0[C3&255] ^ T1[(C0>>8)&255] ^ T2[(C1>>16)&255] ^ T3[(C2>>24)&255] ^ KW[r++][3];
-        
-        // the final round's table is a simple function of S so we don't use a whole other four tables for it
-
-        C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
-        C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
-        C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
-        C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
-
-    }
-
-    private void decryptBlock(int[][] KW)
-    {
-        int r0, r1, r2, r3;
-
-        C0 ^= KW[ROUNDS][0];
-        C1 ^= KW[ROUNDS][1];
-        C2 ^= KW[ROUNDS][2];
-        C3 ^= KW[ROUNDS][3];
-
-        int r = ROUNDS-1; 
-        
-        while (r>1) 
-        {
-            r0 = Tinv0[C0&255] ^ Tinv1[(C3>>8)&255] ^ Tinv2[(C2>>16)&255] ^ Tinv3[(C1>>24)&255] ^ KW[r][0];
-            r1 = Tinv0[C1&255] ^ Tinv1[(C0>>8)&255] ^ Tinv2[(C3>>16)&255] ^ Tinv3[(C2>>24)&255] ^ KW[r][1];
-            r2 = Tinv0[C2&255] ^ Tinv1[(C1>>8)&255] ^ Tinv2[(C0>>16)&255] ^ Tinv3[(C3>>24)&255] ^ KW[r][2];
-            r3 = Tinv0[C3&255] ^ Tinv1[(C2>>8)&255] ^ Tinv2[(C1>>16)&255] ^ Tinv3[(C0>>24)&255] ^ KW[r--][3];
-            C0 = Tinv0[r0&255] ^ Tinv1[(r3>>8)&255] ^ Tinv2[(r2>>16)&255] ^ Tinv3[(r1>>24)&255] ^ KW[r][0];
-            C1 = Tinv0[r1&255] ^ Tinv1[(r0>>8)&255] ^ Tinv2[(r3>>16)&255] ^ Tinv3[(r2>>24)&255] ^ KW[r][1];
-            C2 = Tinv0[r2&255] ^ Tinv1[(r1>>8)&255] ^ Tinv2[(r0>>16)&255] ^ Tinv3[(r3>>24)&255] ^ KW[r][2];
-            C3 = Tinv0[r3&255] ^ Tinv1[(r2>>8)&255] ^ Tinv2[(r1>>16)&255] ^ Tinv3[(r0>>24)&255] ^ KW[r--][3];
-        }
-
-        r0 = Tinv0[C0&255] ^ Tinv1[(C3>>8)&255] ^ Tinv2[(C2>>16)&255] ^ Tinv3[(C1>>24)&255] ^ KW[r][0];
-        r1 = Tinv0[C1&255] ^ Tinv1[(C0>>8)&255] ^ Tinv2[(C3>>16)&255] ^ Tinv3[(C2>>24)&255] ^ KW[r][1];
-        r2 = Tinv0[C2&255] ^ Tinv1[(C1>>8)&255] ^ Tinv2[(C0>>16)&255] ^ Tinv3[(C3>>24)&255] ^ KW[r][2];
-        r3 = Tinv0[C3&255] ^ Tinv1[(C2>>8)&255] ^ Tinv2[(C1>>16)&255] ^ Tinv3[(C0>>24)&255] ^ KW[r][3];
-        
-        // the final round's table is a simple function of Si so we don't use a whole other four tables for it
-
-        C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
-        C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
-        C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
-        C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java
deleted file mode 100644
index afd37baf8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java
+++ /dev/null
@@ -1,440 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * an implementation of the AES (Rijndael), from FIPS-197.
- * 

- * For further details see: http://csrc.nist.gov/encryption/aes/.
- *
- * This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
- * http://fp.gladman.plus.com/cryptography_technology/rijndael/
- *
- * There are three levels of tradeoff of speed vs memory
- * Because java has no preprocessor, they are written as three separate classes from which to choose
- *
- * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
- * and 4 for decryption.
- *
- * The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
- * adding 12 rotate operations per round to compute the values contained in the other tables from
- * the contents of the first
- *
- * The slowest version uses no static tables at all and computes the values
- * in each round.
- * 

- * This file contains the slowest performance version with no static tables
- * for round precomputation, but it has the smallest foot print.
- *
- */
-public class AESLightEngine
-    implements BlockCipher
-{
-    // The S box
-    private static final byte[] S = {
-        (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197,
-        (byte)48,   (byte)1, (byte)103,  (byte)43, (byte)254, (byte)215, (byte)171, (byte)118,
-        (byte)202, (byte)130, (byte)201, (byte)125, (byte)250,  (byte)89,  (byte)71, (byte)240,
-        (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192,
-        (byte)183, (byte)253, (byte)147,  (byte)38,  (byte)54,  (byte)63, (byte)247, (byte)204,
-        (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216,  (byte)49,  (byte)21,
-        (byte)4, (byte)199,  (byte)35, (byte)195,  (byte)24, (byte)150,   (byte)5, (byte)154,
-        (byte)7,  (byte)18, (byte)128, (byte)226, (byte)235,  (byte)39, (byte)178, (byte)117,
-        (byte)9, (byte)131,  (byte)44,  (byte)26,  (byte)27, (byte)110,  (byte)90, (byte)160,
-        (byte)82,  (byte)59, (byte)214, (byte)179,  (byte)41, (byte)227,  (byte)47, (byte)132,
-        (byte)83, (byte)209,   (byte)0, (byte)237,  (byte)32, (byte)252, (byte)177,  (byte)91,
-        (byte)106, (byte)203, (byte)190,  (byte)57,  (byte)74,  (byte)76,  (byte)88, (byte)207,
-        (byte)208, (byte)239, (byte)170, (byte)251,  (byte)67,  (byte)77,  (byte)51, (byte)133,
-        (byte)69, (byte)249,   (byte)2, (byte)127,  (byte)80,  (byte)60, (byte)159, (byte)168,
-        (byte)81, (byte)163,  (byte)64, (byte)143, (byte)146, (byte)157,  (byte)56, (byte)245,
-        (byte)188, (byte)182, (byte)218,  (byte)33,  (byte)16, (byte)255, (byte)243, (byte)210,
-        (byte)205,  (byte)12,  (byte)19, (byte)236,  (byte)95, (byte)151,  (byte)68,  (byte)23,
-        (byte)196, (byte)167, (byte)126,  (byte)61, (byte)100,  (byte)93,  (byte)25, (byte)115,
-        (byte)96, (byte)129,  (byte)79, (byte)220,  (byte)34,  (byte)42, (byte)144, (byte)136,
-        (byte)70, (byte)238, (byte)184,  (byte)20, (byte)222,  (byte)94,  (byte)11, (byte)219,
-        (byte)224,  (byte)50,  (byte)58,  (byte)10,  (byte)73,   (byte)6,  (byte)36,  (byte)92,
-        (byte)194, (byte)211, (byte)172,  (byte)98, (byte)145, (byte)149, (byte)228, (byte)121,
-        (byte)231, (byte)200,  (byte)55, (byte)109, (byte)141, (byte)213,  (byte)78, (byte)169,
-        (byte)108,  (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174,   (byte)8,
-        (byte)186, (byte)120,  (byte)37,  (byte)46,  (byte)28, (byte)166, (byte)180, (byte)198,
-        (byte)232, (byte)221, (byte)116,  (byte)31,  (byte)75, (byte)189, (byte)139, (byte)138,
-        (byte)112,  (byte)62, (byte)181, (byte)102,  (byte)72,   (byte)3, (byte)246,  (byte)14,
-        (byte)97,  (byte)53,  (byte)87, (byte)185, (byte)134, (byte)193,  (byte)29, (byte)158,
-        (byte)225, (byte)248, (byte)152,  (byte)17, (byte)105, (byte)217, (byte)142, (byte)148,
-        (byte)155,  (byte)30, (byte)135, (byte)233, (byte)206,  (byte)85,  (byte)40, (byte)223,
-        (byte)140, (byte)161, (byte)137,  (byte)13, (byte)191, (byte)230,  (byte)66, (byte)104,
-        (byte)65, (byte)153,  (byte)45,  (byte)15, (byte)176,  (byte)84, (byte)187,  (byte)22,
-    };
-
-    // The inverse S-box
-    private static final byte[] Si = {
-        (byte)82,   (byte)9, (byte)106, (byte)213,  (byte)48,  (byte)54, (byte)165,  (byte)56,
-        (byte)191,  (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251,
-        (byte)124, (byte)227,  (byte)57, (byte)130, (byte)155,  (byte)47, (byte)255, (byte)135,
-        (byte)52, (byte)142,  (byte)67,  (byte)68, (byte)196, (byte)222, (byte)233, (byte)203,
-        (byte)84, (byte)123, (byte)148,  (byte)50, (byte)166, (byte)194,  (byte)35,  (byte)61,
-        (byte)238,  (byte)76, (byte)149,  (byte)11,  (byte)66, (byte)250, (byte)195,  (byte)78,
-        (byte)8,  (byte)46, (byte)161, (byte)102,  (byte)40, (byte)217,  (byte)36, (byte)178,
-        (byte)118,  (byte)91, (byte)162,  (byte)73, (byte)109, (byte)139, (byte)209,  (byte)37,
-        (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152,  (byte)22,
-        (byte)212, (byte)164,  (byte)92, (byte)204,  (byte)93, (byte)101, (byte)182, (byte)146,
-        (byte)108, (byte)112,  (byte)72,  (byte)80, (byte)253, (byte)237, (byte)185, (byte)218,
-        (byte)94,  (byte)21,  (byte)70,  (byte)87, (byte)167, (byte)141, (byte)157, (byte)132,
-        (byte)144, (byte)216, (byte)171,   (byte)0, (byte)140, (byte)188, (byte)211,  (byte)10,
-        (byte)247, (byte)228,  (byte)88,   (byte)5, (byte)184, (byte)179,  (byte)69,   (byte)6,
-        (byte)208,  (byte)44,  (byte)30, (byte)143, (byte)202,  (byte)63,  (byte)15,   (byte)2,
-        (byte)193, (byte)175, (byte)189,   (byte)3,   (byte)1,  (byte)19, (byte)138, (byte)107,
-        (byte)58, (byte)145,  (byte)17,  (byte)65,  (byte)79, (byte)103, (byte)220, (byte)234,
-        (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115,
-        (byte)150, (byte)172, (byte)116,  (byte)34, (byte)231, (byte)173,  (byte)53, (byte)133,
-        (byte)226, (byte)249,  (byte)55, (byte)232,  (byte)28, (byte)117, (byte)223, (byte)110,
-        (byte)71, (byte)241,  (byte)26, (byte)113,  (byte)29,  (byte)41, (byte)197, (byte)137,
-        (byte)111, (byte)183,  (byte)98,  (byte)14, (byte)170,  (byte)24, (byte)190,  (byte)27,
-        (byte)252,  (byte)86,  (byte)62,  (byte)75, (byte)198, (byte)210, (byte)121,  (byte)32,
-        (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205,  (byte)90, (byte)244,
-        (byte)31, (byte)221, (byte)168,  (byte)51, (byte)136,   (byte)7, (byte)199,  (byte)49,
-        (byte)177,  (byte)18,  (byte)16,  (byte)89,  (byte)39, (byte)128, (byte)236,  (byte)95,
-        (byte)96,  (byte)81, (byte)127, (byte)169,  (byte)25, (byte)181,  (byte)74,  (byte)13,
-        (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239,
-        (byte)160, (byte)224,  (byte)59,  (byte)77, (byte)174,  (byte)42, (byte)245, (byte)176,
-        (byte)200, (byte)235, (byte)187,  (byte)60, (byte)131,  (byte)83, (byte)153,  (byte)97,
-        (byte)23,  (byte)43,   (byte)4, (byte)126, (byte)186, (byte)119, (byte)214,  (byte)38,
-        (byte)225, (byte)105,  (byte)20,  (byte)99,  (byte)85,  (byte)33,  (byte)12, (byte)125,
-        };
-
-    // vector used in calculating key schedule (powers of x in GF(256))
-    private static final int[] rcon = {
-         0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
-         0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 };
-
-    private int shift(
-        int     r,
-        int     shift)
-    {
-        return (r >>> shift) | (r << -shift);
-    }
-
-    /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
-
-    private static final int m1 = 0x80808080;
-    private static final int m2 = 0x7f7f7f7f;
-    private static final int m3 = 0x0000001b;
-
-    private int FFmulX(int x)
-    {
-        return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3));
-    }
-
-    /* 
-       The following defines provide alternative definitions of FFmulX that might
-       give improved performance if a fast 32-bit multiply is not available.
-       
-       private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & m2) << 1) ^ ((u >>> 3) | (u >>> 6)); } 
-       private static final int  m4 = 0x1b1b1b1b;
-       private int FFmulX(int x) { int u = x & m1; return ((x & m2) << 1) ^ ((u - (u >>> 7)) & m4); } 
-
-    */
-
-    private int mcol(int x)
-    {
-        int f2 = FFmulX(x);
-        return f2 ^ shift(x ^ f2, 8) ^ shift(x, 16) ^ shift(x, 24);
-    }
-
-    private int inv_mcol(int x)
-    {
-        int f2 = FFmulX(x);
-        int f4 = FFmulX(f2);
-        int f8 = FFmulX(f4);
-        int f9 = x ^ f8;
-        
-        return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24);
-    }
-
-
-    private int subWord(int x)
-    {
-        return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24);
-    }
-
-    /**
-     * Calculate the necessary round keys
-     * The number of calculations depends on key size and block size
-     * AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
-     * This code is written assuming those are the only possible values
-     */
-    private int[][] generateWorkingKey(
-                                    byte[] key,
-                                    boolean forEncryption)
-    {
-        int         KC = key.length / 4;  // key length in words
-        int         t;
-        
-        if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length))
-        {
-            throw new IllegalArgumentException("Key length not 128/192/256 bits.");
-        }
-
-        ROUNDS = KC + 6;  // This is not always true for the generalized Rijndael that allows larger block sizes
-        int[][] W = new int[ROUNDS+1][4];   // 4 words in a block
-        
-        //
-        // copy the key into the round key array
-        //
-        
-        t = 0;
-        int i = 0;
-        while (i < key.length)
-            {
-                W[t >> 2][t & 3] = (key[i]&0xff) | ((key[i+1]&0xff) << 8) | ((key[i+2]&0xff) << 16) | (key[i+3] << 24);
-                i+=4;
-                t++;
-            }
-        
-        //
-        // while not enough round key material calculated
-        // calculate new values
-        //
-        int k = (ROUNDS + 1) << 2;
-        for (i = KC; (i < k); i++)
-            {
-                int temp = W[(i-1)>>2][(i-1)&3];
-                if ((i % KC) == 0)
-                {
-                    temp = subWord(shift(temp, 8)) ^ rcon[(i / KC)-1];
-                }
-                else if ((KC > 6) && ((i % KC) == 4))
-                {
-                    temp = subWord(temp);
-                }
-                
-                W[i>>2][i&3] = W[(i - KC)>>2][(i-KC)&3] ^ temp;
-            }
-
-        if (!forEncryption)
-        {
-            for (int j = 1; j < ROUNDS; j++)
-            {
-                for (i = 0; i < 4; i++) 
-                {
-                    W[j][i] = inv_mcol(W[j][i]);
-                }
-            }
-        }
-
-        return W;
-    }
-
-    private int         ROUNDS;
-    private int[][]     WorkingKey = null;
-    private int         C0, C1, C2, C3;
-    private boolean     forEncryption;
-
-    private static final int BLOCK_SIZE = 16;
-
-    /**
-     * default constructor - 128 bit block size.
-     */
-    public AESLightEngine()
-    {
-    }
-
-    /**
-     * initialise an AES cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           forEncryption,
-        CipherParameters  params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption);
-            this.forEncryption = forEncryption;
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to AES init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "AES";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (WorkingKey == null)
-        {
-            throw new IllegalStateException("AES engine not initialised");
-        }
-
-        if ((inOff + (32 / 2)) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + (32 / 2)) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (forEncryption)
-        {
-            unpackBlock(in, inOff);
-            encryptBlock(WorkingKey);
-            packBlock(out, outOff);
-        }
-        else
-        {
-            unpackBlock(in, inOff);
-            decryptBlock(WorkingKey);
-            packBlock(out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    private void unpackBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        C0 = (bytes[index++] & 0xff);
-        C0 |= (bytes[index++] & 0xff) << 8;
-        C0 |= (bytes[index++] & 0xff) << 16;
-        C0 |= bytes[index++] << 24;
-
-        C1 = (bytes[index++] & 0xff);
-        C1 |= (bytes[index++] & 0xff) << 8;
-        C1 |= (bytes[index++] & 0xff) << 16;
-        C1 |= bytes[index++] << 24;
-
-        C2 = (bytes[index++] & 0xff);
-        C2 |= (bytes[index++] & 0xff) << 8;
-        C2 |= (bytes[index++] & 0xff) << 16;
-        C2 |= bytes[index++] << 24;
-
-        C3 = (bytes[index++] & 0xff);
-        C3 |= (bytes[index++] & 0xff) << 8;
-        C3 |= (bytes[index++] & 0xff) << 16;
-        C3 |= bytes[index++] << 24;
-    }
-
-    private void packBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        bytes[index++] = (byte)C0;
-        bytes[index++] = (byte)(C0 >> 8);
-        bytes[index++] = (byte)(C0 >> 16);
-        bytes[index++] = (byte)(C0 >> 24);
-
-        bytes[index++] = (byte)C1;
-        bytes[index++] = (byte)(C1 >> 8);
-        bytes[index++] = (byte)(C1 >> 16);
-        bytes[index++] = (byte)(C1 >> 24);
-
-        bytes[index++] = (byte)C2;
-        bytes[index++] = (byte)(C2 >> 8);
-        bytes[index++] = (byte)(C2 >> 16);
-        bytes[index++] = (byte)(C2 >> 24);
-
-        bytes[index++] = (byte)C3;
-        bytes[index++] = (byte)(C3 >> 8);
-        bytes[index++] = (byte)(C3 >> 16);
-        bytes[index++] = (byte)(C3 >> 24);
-    }
-
-    private void encryptBlock(int[][] KW)
-    {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[0][0];
-        C1 ^= KW[0][1];
-        C2 ^= KW[0][2];
-        C3 ^= KW[0][3];
-
-        for (r = 1; r < ROUNDS - 1;)
-        {
-            r0 = mcol((S[C0&255]&255) ^ ((S[(C1>>8)&255]&255)<<8) ^ ((S[(C2>>16)&255]&255)<<16) ^ (S[(C3>>24)&255]<<24)) ^ KW[r][0];
-            r1 = mcol((S[C1&255]&255) ^ ((S[(C2>>8)&255]&255)<<8) ^ ((S[(C3>>16)&255]&255)<<16) ^ (S[(C0>>24)&255]<<24)) ^ KW[r][1];
-            r2 = mcol((S[C2&255]&255) ^ ((S[(C3>>8)&255]&255)<<8) ^ ((S[(C0>>16)&255]&255)<<16) ^ (S[(C1>>24)&255]<<24)) ^ KW[r][2];
-            r3 = mcol((S[C3&255]&255) ^ ((S[(C0>>8)&255]&255)<<8) ^ ((S[(C1>>16)&255]&255)<<16) ^ (S[(C2>>24)&255]<<24)) ^ KW[r++][3];
-            C0 = mcol((S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24)) ^ KW[r][0];
-            C1 = mcol((S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24)) ^ KW[r][1];
-            C2 = mcol((S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24)) ^ KW[r][2];
-            C3 = mcol((S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24)) ^ KW[r++][3];
-        }
-
-        r0 = mcol((S[C0&255]&255) ^ ((S[(C1>>8)&255]&255)<<8) ^ ((S[(C2>>16)&255]&255)<<16) ^ (S[(C3>>24)&255]<<24)) ^ KW[r][0];
-        r1 = mcol((S[C1&255]&255) ^ ((S[(C2>>8)&255]&255)<<8) ^ ((S[(C3>>16)&255]&255)<<16) ^ (S[(C0>>24)&255]<<24)) ^ KW[r][1];
-        r2 = mcol((S[C2&255]&255) ^ ((S[(C3>>8)&255]&255)<<8) ^ ((S[(C0>>16)&255]&255)<<16) ^ (S[(C1>>24)&255]<<24)) ^ KW[r][2];
-        r3 = mcol((S[C3&255]&255) ^ ((S[(C0>>8)&255]&255)<<8) ^ ((S[(C1>>16)&255]&255)<<16) ^ (S[(C2>>24)&255]<<24)) ^ KW[r++][3];
-
-        // the final round is a simple function of S
-
-        C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
-        C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
-        C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
-        C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
-
-    }
-
-    private void decryptBlock(int[][] KW)
-    {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[ROUNDS][0];
-        C1 ^= KW[ROUNDS][1];
-        C2 ^= KW[ROUNDS][2];
-        C3 ^= KW[ROUNDS][3];
-
-        for (r = ROUNDS-1; r>1;)
-        {
-            r0 = inv_mcol((Si[C0&255]&255) ^ ((Si[(C3>>8)&255]&255)<<8) ^ ((Si[(C2>>16)&255]&255)<<16) ^ (Si[(C1>>24)&255]<<24)) ^ KW[r][0];
-            r1 = inv_mcol((Si[C1&255]&255) ^ ((Si[(C0>>8)&255]&255)<<8) ^ ((Si[(C3>>16)&255]&255)<<16) ^ (Si[(C2>>24)&255]<<24)) ^ KW[r][1];
-            r2 = inv_mcol((Si[C2&255]&255) ^ ((Si[(C1>>8)&255]&255)<<8) ^ ((Si[(C0>>16)&255]&255)<<16) ^ (Si[(C3>>24)&255]<<24)) ^ KW[r][2];
-            r3 = inv_mcol((Si[C3&255]&255) ^ ((Si[(C2>>8)&255]&255)<<8) ^ ((Si[(C1>>16)&255]&255)<<16) ^ (Si[(C0>>24)&255]<<24)) ^ KW[r--][3];
-            C0 = inv_mcol((Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24)) ^ KW[r][0];
-            C1 = inv_mcol((Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24)) ^ KW[r][1];
-            C2 = inv_mcol((Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24)) ^ KW[r][2];
-            C3 = inv_mcol((Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24)) ^ KW[r--][3];
-        }
-
-        r0 = inv_mcol((Si[C0&255]&255) ^ ((Si[(C3>>8)&255]&255)<<8) ^ ((Si[(C2>>16)&255]&255)<<16) ^ (Si[(C1>>24)&255]<<24)) ^ KW[r][0];
-        r1 = inv_mcol((Si[C1&255]&255) ^ ((Si[(C0>>8)&255]&255)<<8) ^ ((Si[(C3>>16)&255]&255)<<16) ^ (Si[(C2>>24)&255]<<24)) ^ KW[r][1];
-        r2 = inv_mcol((Si[C2&255]&255) ^ ((Si[(C1>>8)&255]&255)<<8) ^ ((Si[(C0>>16)&255]&255)<<16) ^ (Si[(C3>>24)&255]<<24)) ^ KW[r][2];
-        r3 = inv_mcol((Si[C3&255]&255) ^ ((Si[(C2>>8)&255]&255)<<8) ^ ((Si[(C1>>16)&255]&255)<<16) ^ (Si[(C0>>24)&255]<<24)) ^ KW[r][3];
-
-        // the final round's table is a simple function of Si
-
-        C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
-        C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
-        C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
-        C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java
deleted file mode 100644
index 5d316ac4d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-/**
- * an implementation of the AES Key Wrapper from the NIST Key Wrap
- * Specification.
- * 

- * For further details see: http://csrc.nist.gov/encryption/kms/key-wrap.pdf.
- */
-public class AESWrapEngine
-    extends RFC3394WrapEngine
-{
-    public AESWrapEngine()
-    {
-        super(new AESEngine());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java
deleted file mode 100644
index 6ee1c4905..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java
+++ /dev/null
@@ -1,576 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * A class that provides Blowfish key encryption operations,
- * such as encoding data and generating keys.
- * All the algorithms herein are from Applied Cryptography
- * and implement a simplified cryptography interface.
- */
-public final class BlowfishEngine
-implements BlockCipher
-{
-    private final static int[] 
-        KP = {
-                0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344,
-                0xA4093822, 0x299F31D0, 0x082EFA98, 0xEC4E6C89,
-                0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
-                0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917,
-                0x9216D5D9, 0x8979FB1B
-             },
-
-        KS0 = {
-                0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7,
-                0xB8E1AFED, 0x6A267E96, 0xBA7C9045, 0xF12C7F99,
-                0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
-                0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E,
-                0x0D95748F, 0x728EB658, 0x718BCD58, 0x82154AEE,
-                0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
-                0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF,
-                0x8E79DCB0, 0x603A180E, 0x6C9E0E8B, 0xB01E8A3E,
-                0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
-                0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440,
-                0x55CA396A, 0x2AAB10B6, 0xB4CC5C34, 0x1141E8CE,
-                0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
-                0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E,
-                0xAFD6BA33, 0x6C24CF5C, 0x7A325381, 0x28958677,
-                0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
-                0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032,
-                0xEF845D5D, 0xE98575B1, 0xDC262302, 0xEB651B88,
-                0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
-                0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E,
-                0x21C66842, 0xF6E96C9A, 0x670C9C61, 0xABD388F0,
-                0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
-                0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98,
-                0xA1F1651D, 0x39AF0176, 0x66CA593E, 0x82430E88,
-                0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
-                0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6,
-                0x4ED3AA62, 0x363F7706, 0x1BFEDF72, 0x429B023D,
-                0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
-                0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7,
-                0xE3FE501A, 0xB6794C3B, 0x976CE0BD, 0x04C006BA,
-                0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
-                0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F,
-                0x6DFC511F, 0x9B30952C, 0xCC814544, 0xAF5EBD09,
-                0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
-                0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB,
-                0x5579C0BD, 0x1A60320A, 0xD6A100C6, 0x402C7279,
-                0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
-                0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB,
-                0x323DB5FA, 0xFD238760, 0x53317B48, 0x3E00DF82,
-                0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
-                0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573,
-                0x695B27B0, 0xBBCA58C8, 0xE1FFA35D, 0xB8F011A0,
-                0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
-                0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790,
-                0xE1DDF2DA, 0xA4CB7E33, 0x62FB1341, 0xCEE4C6E8,
-                0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
-                0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0,
-                0xD08ED1D0, 0xAFC725E0, 0x8E3C5B2F, 0x8E7594B7,
-                0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
-                0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD,
-                0x2F2F2218, 0xBE0E1777, 0xEA752DFE, 0x8B021FA1,
-                0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
-                0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9,
-                0x165FA266, 0x80957705, 0x93CC7314, 0x211A1477,
-                0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
-                0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49,
-                0x00250E2D, 0x2071B35E, 0x226800BB, 0x57B8E0AF,
-                0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
-                0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5,
-                0x83260376, 0x6295CFA9, 0x11C81968, 0x4E734A41,
-                0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
-                0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400,
-                0x08BA6FB5, 0x571BE91F, 0xF296EC6B, 0x2A0DD915,
-                0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
-                0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A
-            },
-
-        KS1 = {
-                0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623,
-                0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266,
-                0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
-                0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E,
-                0x3F54989A, 0x5B429D65, 0x6B8FE4D6, 0x99F73FD6,
-                0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
-                0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E,
-                0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1,
-                0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
-                0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8,
-                0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF,
-                0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
-                0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701,
-                0x3AE5E581, 0x37C2DADC, 0xC8B57634, 0x9AF3DDA7,
-                0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
-                0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331,
-                0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF,
-                0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
-                0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E,
-                0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87,
-                0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
-                0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2,
-                0xEF1C1847, 0x3215D908, 0xDD433B37, 0x24C2BA16,
-                0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
-                0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B,
-                0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509,
-                0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
-                0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3,
-                0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F,
-                0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
-                0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4,
-                0xF2F74EA7, 0x361D2B3D, 0x1939260F, 0x19C27960,
-                0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
-                0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28,
-                0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802,
-                0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
-                0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510,
-                0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF,
-                0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
-                0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E,
-                0x648B1EAF, 0x19BDF0CA, 0xA02369B9, 0x655ABB50,
-                0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
-                0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8,
-                0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281,
-                0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
-                0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696,
-                0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128,
-                0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
-                0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0,
-                0x45EEE2B6, 0xA3AAABEA, 0xDB6C4F15, 0xFACB4FD0,
-                0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
-                0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250,
-                0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3,
-                0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
-                0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00,
-                0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061,
-                0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
-                0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E,
-                0xA6078084, 0x19F8509E, 0xE8EFD855, 0x61D99735,
-                0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
-                0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9,
-                0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340,
-                0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
-                0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7
-            },
-
-        KS2 = {
-                0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934,
-                0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068,
-                0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
-                0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840,
-                0x4D95FC1D, 0x96B591AF, 0x70F4DDD3, 0x66A02F45,
-                0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
-                0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A,
-                0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB,
-                0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
-                0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6,
-                0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42,
-                0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
-                0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2,
-                0x3A6EFA74, 0xDD5B4332, 0x6841E7F7, 0xCA7820FB,
-                0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
-                0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B,
-                0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33,
-                0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
-                0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3,
-                0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC,
-                0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
-                0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564,
-                0x257B7834, 0x602A9C60, 0xDFF8E8A3, 0x1F636C1B,
-                0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
-                0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922,
-                0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728,
-                0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
-                0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E,
-                0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37,
-                0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
-                0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804,
-                0xF1290DC7, 0xCC00FFA3, 0xB5390F92, 0x690FED0B,
-                0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
-                0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB,
-                0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D,
-                0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
-                0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350,
-                0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9,
-                0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
-                0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE,
-                0x9DBC8057, 0xF0F7C086, 0x60787BF8, 0x6003604D,
-                0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
-                0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F,
-                0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61,
-                0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
-                0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9,
-                0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2,
-                0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
-                0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E,
-                0xB77F19B6, 0xE0A9DC09, 0x662D09A1, 0xC4324633,
-                0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
-                0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169,
-                0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52,
-                0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
-                0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5,
-                0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62,
-                0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
-                0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76,
-                0x6F05E409, 0x4B7C0188, 0x39720A3D, 0x7C927C24,
-                0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
-                0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4,
-                0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C,
-                0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
-                0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0
-            },
-
-        KS3 = {
-                0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B,
-                0x5CB0679E, 0x4FA33742, 0xD3822740, 0x99BC9BBE,
-                0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
-                0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4,
-                0x5748AB2F, 0xBC946E79, 0xC6A376D2, 0x6549C2C8,
-                0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
-                0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304,
-                0xA1FAD5F0, 0x6A2D519A, 0x63EF8CE2, 0x9A86EE22,
-                0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
-                0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6,
-                0x2826A2F9, 0xA73A3AE1, 0x4BA99586, 0xEF5562E9,
-                0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
-                0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593,
-                0xE990FD5A, 0x9E34D797, 0x2CF0B7D9, 0x022B8B51,
-                0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
-                0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C,
-                0xE029AC71, 0xE019A5E6, 0x47B0ACFD, 0xED93FA9B,
-                0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
-                0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C,
-                0x15056DD4, 0x88F46DBA, 0x03A16125, 0x0564F0BD,
-                0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
-                0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319,
-                0x7533D928, 0xB155FDF5, 0x03563482, 0x8ABA3CBB,
-                0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
-                0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991,
-                0xEA7A90C2, 0xFB3E7BCE, 0x5121CE64, 0x774FBE32,
-                0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
-                0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166,
-                0xB39A460A, 0x6445C0DD, 0x586CDECF, 0x1C20C8AE,
-                0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
-                0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5,
-                0x72EACEA8, 0xFA6484BB, 0x8D6612AE, 0xBF3C6F47,
-                0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
-                0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D,
-                0x4040CB08, 0x4EB4E2CC, 0x34D2466A, 0x0115AF84,
-                0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
-                0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8,
-                0x611560B1, 0xE7933FDC, 0xBB3A792B, 0x344525BD,
-                0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
-                0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7,
-                0x1A908749, 0xD44FBD9A, 0xD0DADECB, 0xD50ADA38,
-                0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
-                0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C,
-                0xBF97222C, 0x15E6FC2A, 0x0F91FC71, 0x9B941525,
-                0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
-                0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442,
-                0xE0EC6E0E, 0x1698DB3B, 0x4C98A0BE, 0x3278E964,
-                0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
-                0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8,
-                0xDF359F8D, 0x9B992F2E, 0xE60B6F47, 0x0FE3F11D,
-                0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
-                0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299,
-                0xF523F357, 0xA6327623, 0x93A83531, 0x56CCCD02,
-                0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
-                0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614,
-                0xE6C6C7BD, 0x327A140A, 0x45E1D006, 0xC3F27B9A,
-                0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
-                0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B,
-                0x53113EC0, 0x1640E3D3, 0x38ABBD60, 0x2547ADF0,
-                0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
-                0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E,
-                0x1948C25C, 0x02FB8A8C, 0x01C36AE4, 0xD6EBE1F9,
-                0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
-                0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6
-            };
-
-    //====================================
-    // Useful constants
-    //====================================
-
-    private static final int    ROUNDS = 16;
-    private static final int    BLOCK_SIZE = 8;  // bytes = 64 bits
-    private static final int    SBOX_SK = 256;
-    private static final int    P_SZ = ROUNDS+2;
-
-    private final int[] S0, S1, S2, S3;     // the s-boxes
-    private final int[] P;                  // the p-array
-
-    private boolean encrypting = false;
-
-    private byte[] workingKey = null;
-
-    public BlowfishEngine()
-    {
-        S0 = new int[SBOX_SK];
-        S1 = new int[SBOX_SK];
-        S2 = new int[SBOX_SK];
-        S3 = new int[SBOX_SK];
-        P = new int[P_SZ];
-    }
-
-    /**
-     * initialise a Blowfish cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting,
-        CipherParameters    params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            this.encrypting = encrypting;
-            this.workingKey = ((KeyParameter)params).getKey();
-            setKey(this.workingKey);
-
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to Blowfish init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Blowfish";
-    }
-
-    public final int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("Blowfish not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (encrypting)
-        {
-            encryptBlock(in, inOff, out, outOff);
-        }
-        else
-        {    
-            decryptBlock(in, inOff, out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    //==================================
-    // Private Implementation
-    //==================================
-
-    private int F(int x)
-    {
-        return (((S0[(x >>> 24)] + S1[(x >>> 16) & 0xff])
-                            ^ S2[(x >>> 8) & 0xff]) + S3[x & 0xff]);
-    }
-
-    /**
-     * apply the encryption cycle to each value pair in the table.
-     */
-    private void processTable(
-        int     xl,
-        int     xr,
-        int[]   table)
-    {
-        int size = table.length;
-
-        for (int s = 0; s < size; s += 2)
-        {
-            xl ^= P[0];
-
-            for (int i = 1; i < ROUNDS; i += 2)
-            {
-                xr ^= F(xl) ^ P[i];
-                xl ^= F(xr) ^ P[i + 1];
-            }
-
-            xr ^= P[ROUNDS + 1];
-
-            table[s] = xr;
-            table[s + 1] = xl;
-
-            xr = xl;            // end of cycle swap
-            xl = table[s];
-        }
-    }
-
-    private void setKey(byte[] key)
-    {
-        /*
-         * - comments are from _Applied Crypto_, Schneier, p338
-         * please be careful comparing the two, AC numbers the
-         * arrays from 1, the enclosed code from 0.
-         *
-         * (1)
-         * Initialise the S-boxes and the P-array, with a fixed string
-         * This string contains the hexadecimal digits of pi (3.141...)
-         */
-        System.arraycopy(KS0, 0, S0, 0, SBOX_SK);
-        System.arraycopy(KS1, 0, S1, 0, SBOX_SK);
-        System.arraycopy(KS2, 0, S2, 0, SBOX_SK);
-        System.arraycopy(KS3, 0, S3, 0, SBOX_SK);
-
-        System.arraycopy(KP, 0, P, 0, P_SZ);
-
-        /*
-         * (2)
-         * Now, XOR P[0] with the first 32 bits of the key, XOR P[1] with the
-         * second 32-bits of the key, and so on for all bits of the key
-         * (up to P[17]).  Repeatedly cycle through the key bits until the
-         * entire P-array has been XOR-ed with the key bits
-         */
-        int keyLength = key.length;
-        int keyIndex = 0;
-
-        for (int i=0; i < P_SZ; i++)
-        {
-            // get the 32 bits of the key, in 4 * 8 bit chunks
-            int data = 0x0000000;
-            for (int j=0; j < 4; j++)
-            {
-                // create a 32 bit block
-                data = (data << 8) | (key[keyIndex++] & 0xff);
-
-                // wrap when we get to the end of the key
-                if (keyIndex >= keyLength)
-                {
-                    keyIndex = 0;
-                }
-            }
-            // XOR the newly created 32 bit chunk onto the P-array
-            P[i] ^= data;
-        }
-
-        /*
-         * (3)
-         * Encrypt the all-zero string with the Blowfish algorithm, using
-         * the subkeys described in (1) and (2)
-         *
-         * (4)
-         * Replace P1 and P2 with the output of step (3)
-         *
-         * (5)
-         * Encrypt the output of step(3) using the Blowfish algorithm,
-         * with the modified subkeys.
-         *
-         * (6)
-         * Replace P3 and P4 with the output of step (5)
-         *
-         * (7)
-         * Continue the process, replacing all elements of the P-array
-         * and then all four S-boxes in order, with the output of the
-         * continuously changing Blowfish algorithm
-         */
-
-        processTable(0, 0, P);
-        processTable(P[P_SZ - 2], P[P_SZ - 1], S0);
-        processTable(S0[SBOX_SK - 2], S0[SBOX_SK - 1], S1);
-        processTable(S1[SBOX_SK - 2], S1[SBOX_SK - 1], S2);
-        processTable(S2[SBOX_SK - 2], S2[SBOX_SK - 1], S3);
-    }
-
-    /**
-     * Encrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     * The input will be an exact multiple of our blocksize.
-     */
-    private void encryptBlock(
-        byte[]  src,
-        int     srcIndex,
-        byte[]  dst,
-        int     dstIndex)
-    {
-        int xl = BytesTo32bits(src, srcIndex);
-        int xr = BytesTo32bits(src, srcIndex+4);
-
-        xl ^= P[0];
-
-        for (int i = 1; i < ROUNDS; i += 2)
-        {
-            xr ^= F(xl) ^ P[i];
-            xl ^= F(xr) ^ P[i + 1];
-        }
-
-        xr ^= P[ROUNDS + 1];
-
-        Bits32ToBytes(xr, dst, dstIndex);
-        Bits32ToBytes(xl, dst, dstIndex + 4);
-    }
-
-    /**
-     * Decrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     * The input will be an exact multiple of our blocksize.
-     */
-    private void decryptBlock(
-        byte[] src, 
-        int srcIndex,
-        byte[] dst,
-        int dstIndex)
-    {
-        int xl = BytesTo32bits(src, srcIndex);
-        int xr = BytesTo32bits(src, srcIndex + 4);
-
-        xl ^= P[ROUNDS + 1];
-
-        for (int i = ROUNDS; i > 0 ; i -= 2)
-        {
-            xr ^= F(xl) ^ P[i];
-            xl ^= F(xr) ^ P[i - 1];
-        }
-
-        xr ^= P[0];
-
-        Bits32ToBytes(xr, dst, dstIndex);
-        Bits32ToBytes(xl, dst, dstIndex+4);
-    }
-
-    private int BytesTo32bits(byte[] b, int i)
-    {
-        return ((b[i]   & 0xff) << 24) | 
-             ((b[i+1] & 0xff) << 16) |
-             ((b[i+2] & 0xff) << 8) |
-             ((b[i+3] & 0xff));
-    }
-
-    private void Bits32ToBytes(int in,  byte[] b, int offset)
-    {
-        b[offset + 3] = (byte)in;
-        b[offset + 2] = (byte)(in >> 8);
-        b[offset + 1] = (byte)(in >> 16);
-        b[offset]     = (byte)(in >> 24);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST5Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST5Engine.java
deleted file mode 100644
index 2e0ec33c9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST5Engine.java
+++ /dev/null
@@ -1,830 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * A class that provides CAST key encryption operations,
- * such as encoding data and generating keys.
- *
- * All the algorithms herein are from the Internet RFC's
- *
- * RFC2144 - CAST5 (64bit block, 40-128bit key)
- * RFC2612 - CAST6 (128bit block, 128-256bit key)
- *
- * and implement a simplified cryptography interface.
- */
-public class CAST5Engine
-    implements BlockCipher
-{
-    protected final static int M32 = 0xffffffff;
-
-    protected final static int[] 
-        S1 = {
-0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
-0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
-0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
-0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
-0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
-0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
-0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
-0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
-0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
-0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
-0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
-0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
-0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
-0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
-0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
-0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
-0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
-0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
-0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
-0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
-0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
-0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
-0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
-0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
-0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
-0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
-0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
-0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
-0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
-0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
-0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
-0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
-             },
-        S2 = {
-0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
-0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
-0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
-0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
-0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
-0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
-0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
-0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
-0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
-0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
-0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
-0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
-0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
-0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
-0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
-0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
-0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
-0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
-0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
-0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
-0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
-0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
-0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
-0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
-0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
-0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
-0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
-0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
-0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
-0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
-0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
-0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1
-            },
-        S3 = {
-0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
-0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
-0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
-0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
-0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
-0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
-0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
-0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
-0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
-0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
-0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
-0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
-0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
-0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
-0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
-0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
-0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
-0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
-0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
-0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
-0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
-0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
-0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
-0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
-0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
-0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
-0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
-0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
-0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
-0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
-0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
-0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783
-            },
-        S4 = {
-0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
-0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
-0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
-0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
-0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
-0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
-0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
-0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
-0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
-0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
-0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
-0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
-0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
-0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
-0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
-0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
-0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
-0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
-0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
-0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
-0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
-0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
-0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
-0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
-0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
-0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
-0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
-0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
-0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
-0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
-0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
-0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
-            },
-        S5 = {
-0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
-0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
-0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
-0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
-0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
-0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
-0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
-0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
-0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
-0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
-0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
-0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
-0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
-0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
-0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
-0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
-0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
-0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
-0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
-0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
-0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
-0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
-0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
-0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
-0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
-0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
-0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
-0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
-0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
-0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
-0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
-0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4
-            },
-        S6 = {
-0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
-0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
-0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
-0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
-0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
-0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
-0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
-0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
-0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
-0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
-0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
-0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
-0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
-0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
-0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
-0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
-0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
-0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
-0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
-0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
-0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
-0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
-0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
-0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
-0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
-0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
-0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
-0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
-0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
-0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
-0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
-0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f 
-            },
-        S7 = {
-0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
-0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
-0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
-0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
-0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
-0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
-0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
-0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
-0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
-0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
-0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
-0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
-0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
-0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
-0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
-0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
-0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
-0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
-0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
-0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
-0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
-0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
-0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
-0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
-0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
-0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
-0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
-0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
-0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
-0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
-0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
-0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 
-            },
-        S8 = {
-0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
-0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
-0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
-0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
-0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
-0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
-0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
-0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
-0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
-0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
-0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
-0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
-0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
-0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
-0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
-0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
-0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
-0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
-0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
-0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
-0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
-0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
-0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
-0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
-0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
-0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
-0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
-0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
-0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
-0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
-0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
-0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e 
-            };
-
-    //====================================
-    // Useful constants
-    //====================================
-
-    protected static final int    MAX_ROUNDS = 16;
-    protected static final int    RED_ROUNDS = 12;
-
-    protected static final int    BLOCK_SIZE = 8;  // bytes = 64 bits
-
-    protected int _Kr[] = new int[17];        // the rotating round key
-    protected int _Km[] = new int[17];        // the masking round key
-
-    private boolean _encrypting = false;
-
-    private byte[]  _workingKey = null;
-    private int     _rounds = MAX_ROUNDS;
-
-    public CAST5Engine()
-    {
-    }
-
-    /**
-     * initialise a CAST cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting,
-        CipherParameters    params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            _encrypting = encrypting;
-            _workingKey = ((KeyParameter)params).getKey();
-
-            setKey(_workingKey);
-
-            return;
-        }
-
-        throw new IllegalArgumentException("Invalid parameter passed to "+getAlgorithmName()+" init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "CAST5";
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (_workingKey == null)
-        {
-            throw new IllegalStateException(getAlgorithmName()+" not initialised");
-        }
-
-        int blockSize = getBlockSize();
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("Input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("Output buffer too short");
-        }
-
-        if (_encrypting)
-        {
-            return encryptBlock(in, inOff, out, outOff);
-        }
-        else
-        {    
-            return decryptBlock(in, inOff, out, outOff);
-        }
-    }
-
-    public void reset()
-    {
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    //==================================
-    // Private Implementation
-    //==================================
-
-    /*
-     * Creates the subkeys using the same nomenclature
-     * as described in RFC2144.
-     *
-     * See section 2.4
-     */
-    protected void setKey(byte[] key)
-    {
-        /* 
-         * Determine the key size here, if required
-         *
-         * if keysize <= 80bits, use 12 rounds instead of 16
-         * if keysize < 128bits, pad with 0
-         *
-         * Typical key sizes => 40, 64, 80, 128
-         */
-
-        if (key.length < 11)
-        {
-            _rounds = RED_ROUNDS;
-        }
-
-        int z[] = new int[16];
-        int x[] = new int[16];
-
-        int z03, z47, z8B, zCF;
-        int x03, x47, x8B, xCF;
-
-        /* copy the key into x */
-        for (int i=0; i< key.length; i++) 
-        { 
-            x[i] = key[i] & 0xff; 
-        }
-
-        /*
-         * This will look different because the selection of
-         * bytes from the input key I've already chosen the
-         * correct int.
-         */
-        x03 = IntsTo32bits(x, 0x0);
-        x47 = IntsTo32bits(x, 0x4);
-        x8B = IntsTo32bits(x, 0x8);
-        xCF = IntsTo32bits(x, 0xC);
-
-        z03 = x03 ^S5[x[0xD]] ^S6[x[0xF]] ^S7[x[0xC]] ^S8[x[0xE]] ^S7[x[0x8]];
-
-        Bits32ToInts(z03, z, 0x0);
-        z47 = x8B ^S5[z[0x0]] ^S6[z[0x2]] ^S7[z[0x1]] ^S8[z[0x3]] ^S8[x[0xA]];
-        Bits32ToInts(z47, z, 0x4);
-        z8B = xCF ^S5[z[0x7]] ^S6[z[0x6]] ^S7[z[0x5]] ^S8[z[0x4]] ^S5[x[0x9]];
-        Bits32ToInts(z8B, z, 0x8);
-        zCF = x47 ^S5[z[0xA]] ^S6[z[0x9]] ^S7[z[0xB]] ^S8[z[0x8]] ^S6[x[0xB]];
-        Bits32ToInts(zCF, z, 0xC);
-        _Km[ 1]= S5[z[0x8]] ^ S6[z[0x9]] ^ S7[z[0x7]] ^ S8[z[0x6]] ^ S5[z[0x2]];
-        _Km[ 2]= S5[z[0xA]] ^ S6[z[0xB]] ^ S7[z[0x5]] ^ S8[z[0x4]] ^ S6[z[0x6]];
-        _Km[ 3]= S5[z[0xC]] ^ S6[z[0xD]] ^ S7[z[0x3]] ^ S8[z[0x2]] ^ S7[z[0x9]];
-        _Km[ 4]= S5[z[0xE]] ^ S6[z[0xF]] ^ S7[z[0x1]] ^ S8[z[0x0]] ^ S8[z[0xC]];
-
-        z03 = IntsTo32bits(z, 0x0);
-        z47 = IntsTo32bits(z, 0x4);
-        z8B = IntsTo32bits(z, 0x8);
-        zCF = IntsTo32bits(z, 0xC);
-        x03 = z8B ^S5[z[0x5]] ^S6[z[0x7]] ^S7[z[0x4]] ^S8[z[0x6]] ^S7[z[0x0]];
-        Bits32ToInts(x03, x, 0x0);
-        x47 = z03 ^S5[x[0x0]] ^S6[x[0x2]] ^S7[x[0x1]] ^S8[x[0x3]] ^S8[z[0x2]];
-        Bits32ToInts(x47, x, 0x4);
-        x8B = z47 ^S5[x[0x7]] ^S6[x[0x6]] ^S7[x[0x5]] ^S8[x[0x4]] ^S5[z[0x1]];
-        Bits32ToInts(x8B, x, 0x8);
-        xCF = zCF ^S5[x[0xA]] ^S6[x[0x9]] ^S7[x[0xB]] ^S8[x[0x8]] ^S6[z[0x3]];
-        Bits32ToInts(xCF, x, 0xC);
-        _Km[ 5]= S5[x[0x3]] ^ S6[x[0x2]] ^ S7[x[0xC]] ^ S8[x[0xD]] ^ S5[x[0x8]];
-        _Km[ 6]= S5[x[0x1]] ^ S6[x[0x0]] ^ S7[x[0xE]] ^ S8[x[0xF]] ^ S6[x[0xD]];
-        _Km[ 7]= S5[x[0x7]] ^ S6[x[0x6]] ^ S7[x[0x8]] ^ S8[x[0x9]] ^ S7[x[0x3]];
-        _Km[ 8]= S5[x[0x5]] ^ S6[x[0x4]] ^ S7[x[0xA]] ^ S8[x[0xB]] ^ S8[x[0x7]];
-
-        x03 = IntsTo32bits(x, 0x0);
-        x47 = IntsTo32bits(x, 0x4);
-        x8B = IntsTo32bits(x, 0x8);
-        xCF = IntsTo32bits(x, 0xC);
-        z03 = x03 ^S5[x[0xD]] ^S6[x[0xF]] ^S7[x[0xC]] ^S8[x[0xE]] ^S7[x[0x8]];
-        Bits32ToInts(z03, z, 0x0);
-        z47 = x8B ^S5[z[0x0]] ^S6[z[0x2]] ^S7[z[0x1]] ^S8[z[0x3]] ^S8[x[0xA]];
-        Bits32ToInts(z47, z, 0x4);
-        z8B = xCF ^S5[z[0x7]] ^S6[z[0x6]] ^S7[z[0x5]] ^S8[z[0x4]] ^S5[x[0x9]];
-        Bits32ToInts(z8B, z, 0x8);
-        zCF = x47 ^S5[z[0xA]] ^S6[z[0x9]] ^S7[z[0xB]] ^S8[z[0x8]] ^S6[x[0xB]];
-        Bits32ToInts(zCF, z, 0xC);
-        _Km[ 9]= S5[z[0x3]] ^ S6[z[0x2]] ^ S7[z[0xC]] ^ S8[z[0xD]] ^ S5[z[0x9]];
-        _Km[10]= S5[z[0x1]] ^ S6[z[0x0]] ^ S7[z[0xE]] ^ S8[z[0xF]] ^ S6[z[0xc]];
-        _Km[11]= S5[z[0x7]] ^ S6[z[0x6]] ^ S7[z[0x8]] ^ S8[z[0x9]] ^ S7[z[0x2]];
-        _Km[12]= S5[z[0x5]] ^ S6[z[0x4]] ^ S7[z[0xA]] ^ S8[z[0xB]] ^ S8[z[0x6]];
-
-        z03 = IntsTo32bits(z, 0x0);
-        z47 = IntsTo32bits(z, 0x4);
-        z8B = IntsTo32bits(z, 0x8);
-        zCF = IntsTo32bits(z, 0xC);
-        x03 = z8B ^S5[z[0x5]] ^S6[z[0x7]] ^S7[z[0x4]] ^S8[z[0x6]] ^S7[z[0x0]];
-        Bits32ToInts(x03, x, 0x0);
-        x47 = z03 ^S5[x[0x0]] ^S6[x[0x2]] ^S7[x[0x1]] ^S8[x[0x3]] ^S8[z[0x2]];
-        Bits32ToInts(x47, x, 0x4);
-        x8B = z47 ^S5[x[0x7]] ^S6[x[0x6]] ^S7[x[0x5]] ^S8[x[0x4]] ^S5[z[0x1]];
-        Bits32ToInts(x8B, x, 0x8);
-        xCF = zCF ^S5[x[0xA]] ^S6[x[0x9]] ^S7[x[0xB]] ^S8[x[0x8]] ^S6[z[0x3]];
-        Bits32ToInts(xCF, x, 0xC);
-        _Km[13]= S5[x[0x8]] ^ S6[x[0x9]] ^ S7[x[0x7]] ^ S8[x[0x6]] ^ S5[x[0x3]];
-        _Km[14]= S5[x[0xA]] ^ S6[x[0xB]] ^ S7[x[0x5]] ^ S8[x[0x4]] ^ S6[x[0x7]];
-        _Km[15]= S5[x[0xC]] ^ S6[x[0xD]] ^ S7[x[0x3]] ^ S8[x[0x2]] ^ S7[x[0x8]];
-        _Km[16]= S5[x[0xE]] ^ S6[x[0xF]] ^ S7[x[0x1]] ^ S8[x[0x0]] ^ S8[x[0xD]];
-
-        x03 = IntsTo32bits(x, 0x0);
-        x47 = IntsTo32bits(x, 0x4);
-        x8B = IntsTo32bits(x, 0x8);
-        xCF = IntsTo32bits(x, 0xC);
-        z03 = x03 ^S5[x[0xD]] ^S6[x[0xF]] ^S7[x[0xC]] ^S8[x[0xE]] ^S7[x[0x8]];
-        Bits32ToInts(z03, z, 0x0);
-        z47 = x8B ^S5[z[0x0]] ^S6[z[0x2]] ^S7[z[0x1]] ^S8[z[0x3]] ^S8[x[0xA]];
-        Bits32ToInts(z47, z, 0x4);
-        z8B = xCF ^S5[z[0x7]] ^S6[z[0x6]] ^S7[z[0x5]] ^S8[z[0x4]] ^S5[x[0x9]];
-        Bits32ToInts(z8B, z, 0x8);
-        zCF = x47 ^S5[z[0xA]] ^S6[z[0x9]] ^S7[z[0xB]] ^S8[z[0x8]] ^S6[x[0xB]];
-        Bits32ToInts(zCF, z, 0xC);
-        _Kr[ 1]=(S5[z[0x8]]^S6[z[0x9]]^S7[z[0x7]]^S8[z[0x6]] ^ S5[z[0x2]])&0x1f;
-        _Kr[ 2]=(S5[z[0xA]]^S6[z[0xB]]^S7[z[0x5]]^S8[z[0x4]] ^ S6[z[0x6]])&0x1f;
-        _Kr[ 3]=(S5[z[0xC]]^S6[z[0xD]]^S7[z[0x3]]^S8[z[0x2]] ^ S7[z[0x9]])&0x1f;
-        _Kr[ 4]=(S5[z[0xE]]^S6[z[0xF]]^S7[z[0x1]]^S8[z[0x0]] ^ S8[z[0xC]])&0x1f;
-
-        z03 = IntsTo32bits(z, 0x0);
-        z47 = IntsTo32bits(z, 0x4);
-        z8B = IntsTo32bits(z, 0x8);
-        zCF = IntsTo32bits(z, 0xC);
-        x03 = z8B ^S5[z[0x5]] ^S6[z[0x7]] ^S7[z[0x4]] ^S8[z[0x6]] ^S7[z[0x0]];
-        Bits32ToInts(x03, x, 0x0);
-        x47 = z03 ^S5[x[0x0]] ^S6[x[0x2]] ^S7[x[0x1]] ^S8[x[0x3]] ^S8[z[0x2]];
-        Bits32ToInts(x47, x, 0x4);
-        x8B = z47 ^S5[x[0x7]] ^S6[x[0x6]] ^S7[x[0x5]] ^S8[x[0x4]] ^S5[z[0x1]];
-        Bits32ToInts(x8B, x, 0x8);
-        xCF = zCF ^S5[x[0xA]] ^S6[x[0x9]] ^S7[x[0xB]] ^S8[x[0x8]] ^S6[z[0x3]];
-        Bits32ToInts(xCF, x, 0xC);
-        _Kr[ 5]=(S5[x[0x3]]^S6[x[0x2]]^S7[x[0xC]]^S8[x[0xD]]^S5[x[0x8]])&0x1f;
-        _Kr[ 6]=(S5[x[0x1]]^S6[x[0x0]]^S7[x[0xE]]^S8[x[0xF]]^S6[x[0xD]])&0x1f;
-        _Kr[ 7]=(S5[x[0x7]]^S6[x[0x6]]^S7[x[0x8]]^S8[x[0x9]]^S7[x[0x3]])&0x1f;
-        _Kr[ 8]=(S5[x[0x5]]^S6[x[0x4]]^S7[x[0xA]]^S8[x[0xB]]^S8[x[0x7]])&0x1f;
-
-        x03 = IntsTo32bits(x, 0x0);
-        x47 = IntsTo32bits(x, 0x4);
-        x8B = IntsTo32bits(x, 0x8);
-        xCF = IntsTo32bits(x, 0xC);
-        z03 = x03 ^S5[x[0xD]] ^S6[x[0xF]] ^S7[x[0xC]] ^S8[x[0xE]] ^S7[x[0x8]];
-        Bits32ToInts(z03, z, 0x0);
-        z47 = x8B ^S5[z[0x0]] ^S6[z[0x2]] ^S7[z[0x1]] ^S8[z[0x3]] ^S8[x[0xA]];
-        Bits32ToInts(z47, z, 0x4);
-        z8B = xCF ^S5[z[0x7]] ^S6[z[0x6]] ^S7[z[0x5]] ^S8[z[0x4]] ^S5[x[0x9]];
-        Bits32ToInts(z8B, z, 0x8);
-        zCF = x47 ^S5[z[0xA]] ^S6[z[0x9]] ^S7[z[0xB]] ^S8[z[0x8]] ^S6[x[0xB]];
-        Bits32ToInts(zCF, z, 0xC);
-        _Kr[ 9]=(S5[z[0x3]]^S6[z[0x2]]^S7[z[0xC]]^S8[z[0xD]]^S5[z[0x9]])&0x1f;
-        _Kr[10]=(S5[z[0x1]]^S6[z[0x0]]^S7[z[0xE]]^S8[z[0xF]]^S6[z[0xc]])&0x1f;
-        _Kr[11]=(S5[z[0x7]]^S6[z[0x6]]^S7[z[0x8]]^S8[z[0x9]]^S7[z[0x2]])&0x1f;
-        _Kr[12]=(S5[z[0x5]]^S6[z[0x4]]^S7[z[0xA]]^S8[z[0xB]]^S8[z[0x6]])&0x1f;
-
-        z03 = IntsTo32bits(z, 0x0);
-        z47 = IntsTo32bits(z, 0x4);
-        z8B = IntsTo32bits(z, 0x8);
-        zCF = IntsTo32bits(z, 0xC);
-        x03 = z8B ^S5[z[0x5]] ^S6[z[0x7]] ^S7[z[0x4]] ^S8[z[0x6]] ^S7[z[0x0]];
-        Bits32ToInts(x03, x, 0x0);
-        x47 = z03 ^S5[x[0x0]] ^S6[x[0x2]] ^S7[x[0x1]] ^S8[x[0x3]] ^S8[z[0x2]];
-        Bits32ToInts(x47, x, 0x4);
-        x8B = z47 ^S5[x[0x7]] ^S6[x[0x6]] ^S7[x[0x5]] ^S8[x[0x4]] ^S5[z[0x1]];
-        Bits32ToInts(x8B, x, 0x8);
-        xCF = zCF ^S5[x[0xA]] ^S6[x[0x9]] ^S7[x[0xB]] ^S8[x[0x8]] ^S6[z[0x3]];
-        Bits32ToInts(xCF, x, 0xC);
-        _Kr[13]=(S5[x[0x8]]^S6[x[0x9]]^S7[x[0x7]]^S8[x[0x6]]^S5[x[0x3]])&0x1f;
-        _Kr[14]=(S5[x[0xA]]^S6[x[0xB]]^S7[x[0x5]]^S8[x[0x4]]^S6[x[0x7]])&0x1f;
-        _Kr[15]=(S5[x[0xC]]^S6[x[0xD]]^S7[x[0x3]]^S8[x[0x2]]^S7[x[0x8]])&0x1f;
-        _Kr[16]=(S5[x[0xE]]^S6[x[0xF]]^S7[x[0x1]]^S8[x[0x0]]^S8[x[0xD]])&0x1f;
-    }
-
-    /**
-     * Encrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     *
-     * @param src        The plaintext buffer
-     * @param srcIndex    An offset into src
-     * @param dst        The ciphertext buffer
-     * @param dstIndex    An offset into dst
-     */
-    protected int encryptBlock(
-        byte[] src, 
-        int srcIndex,
-        byte[] dst,
-        int dstIndex)
-    {
-
-        int  result[] = new int[2];
-
-        // process the input block 
-        // batch the units up into a 32 bit chunk and go for it
-        // the array is in bytes, the increment is 8x8 bits = 64
-
-        int L0 = BytesTo32bits(src, srcIndex);
-        int R0 = BytesTo32bits(src, srcIndex + 4);
-
-        CAST_Encipher(L0, R0, result);
-
-        // now stuff them into the destination block
-        Bits32ToBytes(result[0], dst, dstIndex);
-        Bits32ToBytes(result[1], dst, dstIndex + 4);
-
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * Decrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     *
-     * @param src        The plaintext buffer
-     * @param srcIndex    An offset into src
-     * @param dst        The ciphertext buffer
-     * @param dstIndex    An offset into dst
-     */
-    protected int decryptBlock(
-        byte[] src, 
-        int srcIndex,
-        byte[] dst,
-        int dstIndex)
-    {
-        int  result[] = new int[2];
-
-        // process the input block
-        // batch the units up into a 32 bit chunk and go for it
-        // the array is in bytes, the increment is 8x8 bits = 64
-        int L16 = BytesTo32bits(src, srcIndex);
-        int R16 = BytesTo32bits(src, srcIndex+4);
-
-        CAST_Decipher(L16, R16, result);
-
-        // now stuff them into the destination block
-        Bits32ToBytes(result[0], dst, dstIndex);
-        Bits32ToBytes(result[1], dst, dstIndex+4);
-
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * The first of the three processing functions for the
-     * encryption and decryption.
-     *
-     * @param D            the input to be processed
-     * @param Kmi        the mask to be used from Km[n]
-     * @param Kri        the rotation value to be used
-     *
-     */
-    protected final int F1(int D, int Kmi, int Kri)
-    {
-        int I = Kmi + D;
-        I = I << Kri | I >>> (32-Kri);
-        return ((S1[(I>>>24)&0xff]^S2[(I>>>16)&0xff])-S3[(I>>> 8)&0xff])+
-                 S4[I & 0xff];
-    }
-
-    /**
-     * The second of the three processing functions for the
-     * encryption and decryption.
-     *
-     * @param D            the input to be processed
-     * @param Kmi        the mask to be used from Km[n]
-     * @param Kri        the rotation value to be used
-     *
-     */
-    protected final int F2(int D, int Kmi, int Kri)
-    {
-        int I = Kmi ^ D;
-        I = I << Kri | I >>> (32-Kri);
-        return ((S1[(I>>>24)&0xff]-S2[(I>>>16)&0xff])+S3[(I>>> 8)&0xff])^
-                 S4[I & 0xff];
-    }
-
-    /**
-     * The third of the three processing functions for the
-     * encryption and decryption.
-     *
-     * @param D            the input to be processed
-     * @param Kmi        the mask to be used from Km[n]
-     * @param Kri        the rotation value to be used
-     *
-     */
-    protected final int F3(int D, int Kmi, int Kri)
-    {
-        int I = Kmi - D;
-        I = I << Kri | I >>> (32-Kri);
-        return ((S1[(I>>>24)&0xff]+S2[(I>>>16)&0xff])^S3[(I>>> 8)&0xff])-
-                 S4[I & 0xff];
-    }
-
-    /**
-     * Does the 16 rounds to encrypt the block.
-     * 
-     * @param L0    the LH-32bits of the plaintext block
-     * @param R0    the RH-32bits of the plaintext block
-     */
-    protected final void CAST_Encipher(int L0, int R0, int result[])
-    {
-        int Lp = L0;        // the previous value, equiv to L[i-1]
-        int Rp = R0;        // equivalent to R[i-1]
-
-        /* 
-         * numbering consistent with paper to make
-         * checking and validating easier
-         */
-        int Li = L0, Ri = R0;
-
-        for (int i = 1; i<=_rounds ; i++)
-        {
-            Lp = Li;
-            Rp = Ri;
-
-            Li = Rp;
-            switch (i)
-            {
-                case  1:
-                case  4:
-                case  7:
-                case 10:
-                case 13:
-                case 16:
-                    Ri = Lp ^ F1(Rp, _Km[i], _Kr[i]);
-                    break;
-                case  2:
-                case  5:
-                case  8:
-                case 11:
-                case 14:
-                    Ri = Lp ^ F2(Rp, _Km[i], _Kr[i]);
-                    break;
-                case  3:
-                case  6:
-                case  9:
-                case 12:
-                case 15:
-                    Ri = Lp ^ F3(Rp, _Km[i], _Kr[i]);
-                    break;
-            }
-        }
-
-        result[0] = Ri;
-        result[1] = Li;
-
-        return;
-    }
-
-    protected final void CAST_Decipher(int L16, int R16, int result[])
-    {
-        int Lp = L16;        // the previous value, equiv to L[i-1]
-        int Rp = R16;        // equivalent to R[i-1]
-
-        /* 
-         * numbering consistent with paper to make
-         * checking and validating easier
-         */
-        int Li = L16, Ri = R16;
-
-        for (int i = _rounds; i > 0; i--)
-        {
-            Lp = Li;
-            Rp = Ri;
-
-            Li = Rp;
-            switch (i)
-            {
-                case  1:
-                case  4:
-                case  7:
-                case 10:
-                case 13:
-                case 16:
-                    Ri = Lp ^ F1(Rp, _Km[i], _Kr[i]);
-                    break;
-                case  2:
-                case  5:
-                case  8:
-                case 11:
-                case 14:
-                    Ri = Lp ^ F2(Rp, _Km[i], _Kr[i]);
-                    break;
-                case  3:
-                case  6:
-                case  9:
-                case 12:
-                case 15:
-                    Ri = Lp ^ F3(Rp, _Km[i], _Kr[i]);
-                    break;
-            }
-        }
-
-        result[0] = Ri;
-        result[1] = Li;
-
-        return;
-    }
-
-    protected final void Bits32ToInts(int in,  int[] b, int offset)
-    {
-        b[offset + 3] = (in & 0xff);
-        b[offset + 2] = ((in >>> 8) & 0xff);
-        b[offset + 1] = ((in >>> 16) & 0xff);
-        b[offset]     = ((in >>> 24) & 0xff);
-    }
-
-    protected final int IntsTo32bits(int[] b, int i)
-    {
-        int rv = 0;
-
-        rv = ((b[i]   & 0xff) << 24) | 
-             ((b[i+1] & 0xff) << 16) |
-             ((b[i+2] & 0xff) << 8) |
-             ((b[i+3] & 0xff));
-
-        return rv;
-    }
-
-    protected final void Bits32ToBytes(int in,  byte[] b, int offset)
-    {
-        b[offset + 3] = (byte)in;
-        b[offset + 2] = (byte)(in >>> 8);
-        b[offset + 1] = (byte)(in >>> 16);
-        b[offset]     = (byte)(in >>> 24);
-    }
-
-    protected final int BytesTo32bits(byte[] b, int i)
-    {
-        return ((b[i]   & 0xff) << 24) | 
-            ((b[i+1] & 0xff) << 16) |
-            ((b[i+2] & 0xff) << 8) |
-            ((b[i+3] & 0xff));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST6Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST6Engine.java
deleted file mode 100644
index db57b5035..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CAST6Engine.java
+++ /dev/null
@@ -1,296 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-
-/**
- * A class that provides CAST6 key encryption operations,
- * such as encoding data and generating keys.
- *
- * All the algorithms herein are from the Internet RFC
- *
- * RFC2612 - CAST6 (128bit block, 128-256bit key)
- *
- * and implement a simplified cryptography interface.
- */
-public final class CAST6Engine extends CAST5Engine
-{
-    //====================================
-    // Useful constants
-    //====================================
-
-    protected static final int    ROUNDS = 12;
-
-    protected static final int    BLOCK_SIZE = 16;  // bytes = 128 bits
-
-    /*
-     * Put the round and mask keys into an array.
-     * Kr0[i] => _Kr[i*4 + 0]
-     */
-    protected int _Kr[] = new int[ROUNDS*4]; // the rotating round key(s)
-    protected int _Km[] = new int[ROUNDS*4]; // the masking round key(s)
-
-    /*
-     * Key setup
-     */
-    protected int _Tr[] = new int[24 * 8];
-    protected int _Tm[] = new int[24 * 8];
-
-    private int[] _workingKey = new int[8];
-
-    public CAST6Engine()
-    {
-    }
-
-    public String getAlgorithmName()
-    {
-        return "CAST6";
-    }
-
-    public void reset()
-    {
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    //==================================
-    // Private Implementation
-    //==================================
-
-    /*
-     * Creates the subkeys using the same nomenclature
-     * as described in RFC2612.
-     *
-     * See section 2.4
-     */
-    protected void setKey(byte[] key)
-    {
-        int Cm = 0x5a827999;
-        int Mm = 0x6ed9eba1;
-        int Cr = 19;
-        int Mr = 17;
-
-        /* 
-         * Determine the key size here, if required
-         *
-         * if keysize < 256 bytes, pad with 0
-         *
-         * Typical key sizes => 128, 160, 192, 224, 256
-         */
-        for (int i=0; i< 24; i++)
-        {
-            for (int j=0; j< 8; j++)
-            {
-                _Tm[i*8 + j] = Cm;
-                Cm = (Cm + Mm);    // mod 2^32;
-
-                _Tr[i*8 + j] = Cr;
-                Cr = (Cr + Mr) & 0x1f;            // mod 32
-            }
-        }
-
-        byte[] tmpKey = new byte[64];
-        int length = key.length;
-        System.arraycopy(key, 0, tmpKey, 0, length);
-
-        // now create ABCDEFGH
-        for (int i=0; i< 8; i++)
-        {
-            _workingKey[i] = BytesTo32bits(tmpKey, i*4);
-        }
-
-        // Generate the key schedule
-        for (int i=0; i< 12; i++)
-        {
-            // KAPPA <- W2i(KAPPA)
-            int i2 = i*2 *8;
-            _workingKey[6] ^= F1(_workingKey[7], _Tm[i2  ], _Tr[i2  ]);
-            _workingKey[5] ^= F2(_workingKey[6], _Tm[i2+1], _Tr[i2+1]);
-            _workingKey[4] ^= F3(_workingKey[5], _Tm[i2+2], _Tr[i2+2]);
-            _workingKey[3] ^= F1(_workingKey[4], _Tm[i2+3], _Tr[i2+3]);
-            _workingKey[2] ^= F2(_workingKey[3], _Tm[i2+4], _Tr[i2+4]);
-            _workingKey[1] ^= F3(_workingKey[2], _Tm[i2+5], _Tr[i2+5]);
-            _workingKey[0] ^= F1(_workingKey[1], _Tm[i2+6], _Tr[i2+6]);
-            _workingKey[7] ^= F2(_workingKey[0], _Tm[i2+7], _Tr[i2+7]);
-
-            // KAPPA <- W2i+1(KAPPA)
-            i2 = (i*2 + 1)*8;
-            _workingKey[6] ^= F1(_workingKey[7], _Tm[i2  ], _Tr[i2  ]);
-            _workingKey[5] ^= F2(_workingKey[6], _Tm[i2+1], _Tr[i2+1]);
-            _workingKey[4] ^= F3(_workingKey[5], _Tm[i2+2], _Tr[i2+2]);
-            _workingKey[3] ^= F1(_workingKey[4], _Tm[i2+3], _Tr[i2+3]);
-            _workingKey[2] ^= F2(_workingKey[3], _Tm[i2+4], _Tr[i2+4]);
-            _workingKey[1] ^= F3(_workingKey[2], _Tm[i2+5], _Tr[i2+5]);
-            _workingKey[0] ^= F1(_workingKey[1], _Tm[i2+6], _Tr[i2+6]);
-            _workingKey[7] ^= F2(_workingKey[0], _Tm[i2+7], _Tr[i2+7]);
-
-            // Kr_(i) <- KAPPA
-            _Kr[i*4    ] = _workingKey[0] & 0x1f;
-            _Kr[i*4 + 1] = _workingKey[2] & 0x1f;
-            _Kr[i*4 + 2] = _workingKey[4] & 0x1f;
-            _Kr[i*4 + 3] = _workingKey[6] & 0x1f;
-
-
-            // Km_(i) <- KAPPA
-            _Km[i*4    ] = _workingKey[7];
-            _Km[i*4 + 1] = _workingKey[5];
-            _Km[i*4 + 2] = _workingKey[3];
-            _Km[i*4 + 3] = _workingKey[1];
-        }
-        
-    }
-
-    /**
-     * Encrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     *
-     * @param src        The plaintext buffer
-     * @param srcIndex    An offset into src
-     * @param dst        The ciphertext buffer
-     * @param dstIndex    An offset into dst
-     */
-    protected int encryptBlock(
-        byte[] src, 
-        int srcIndex,
-        byte[] dst,
-        int dstIndex)
-    {
-
-        int  result[] = new int[4];
-
-        // process the input block 
-        // batch the units up into 4x32 bit chunks and go for it
-
-        int A = BytesTo32bits(src, srcIndex);
-        int B = BytesTo32bits(src, srcIndex + 4);
-        int C = BytesTo32bits(src, srcIndex + 8);
-        int D = BytesTo32bits(src, srcIndex + 12);
-
-        CAST_Encipher(A, B, C, D, result);
-
-        // now stuff them into the destination block
-        Bits32ToBytes(result[0], dst, dstIndex);
-        Bits32ToBytes(result[1], dst, dstIndex + 4);
-        Bits32ToBytes(result[2], dst, dstIndex + 8);
-        Bits32ToBytes(result[3], dst, dstIndex + 12);
-
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * Decrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     *
-     * @param src        The plaintext buffer
-     * @param srcIndex    An offset into src
-     * @param dst        The ciphertext buffer
-     * @param dstIndex    An offset into dst
-     */
-    protected int decryptBlock(
-        byte[] src, 
-        int srcIndex,
-        byte[] dst,
-        int dstIndex)
-    {
-        int  result[] = new int[4];
-
-        // process the input block
-        // batch the units up into 4x32 bit chunks and go for it
-        int A = BytesTo32bits(src, srcIndex);
-        int B = BytesTo32bits(src, srcIndex + 4);
-        int C = BytesTo32bits(src, srcIndex + 8);
-        int D = BytesTo32bits(src, srcIndex + 12);
-
-        CAST_Decipher(A, B, C, D, result);
-
-        // now stuff them into the destination block
-        Bits32ToBytes(result[0], dst, dstIndex);
-        Bits32ToBytes(result[1], dst, dstIndex + 4);
-        Bits32ToBytes(result[2], dst, dstIndex + 8);
-        Bits32ToBytes(result[3], dst, dstIndex + 12);
-
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * Does the 12 quad rounds rounds to encrypt the block.
-     * 
-     * @param A    the 00-31  bits of the plaintext block
-     * @param B    the 32-63  bits of the plaintext block
-     * @param C    the 64-95  bits of the plaintext block
-     * @param D    the 96-127 bits of the plaintext block
-     * @param result the resulting ciphertext
-     */
-    protected final void CAST_Encipher(int A, int B, int C, int D,int result[])
-    {
-        int x;
-        for (int i=0; i< 6; i++)
-        {
-            x = i*4;
-            // BETA <- Qi(BETA)
-            C ^= F1(D, _Km[x], _Kr[x]);
-            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
-            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
-            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);
-
-        }
-
-        for (int i=6; i<12; i++)
-        {
-            x = i*4;
-            // BETA <- QBARi(BETA)
-            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);
-            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
-            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
-            C ^= F1(D, _Km[x], _Kr[x]);
-
-        }
-
-        result[0] = A;
-        result[1] = B;
-        result[2] = C;
-        result[3] = D;
-    }
-
-    /**
-     * Does the 12 quad rounds rounds to decrypt the block.
-     * 
-     * @param A    the 00-31  bits of the ciphertext block
-     * @param B    the 32-63  bits of the ciphertext block
-     * @param C    the 64-95  bits of the ciphertext block
-     * @param D    the 96-127 bits of the ciphertext block
-     * @param result the resulting plaintext
-     */
-    protected final void CAST_Decipher(int A, int B, int C, int D,int result[])
-    {
-        int x;
-        for (int i=0; i< 6; i++)
-        {
-            x = (11-i)*4;
-            // BETA <- Qi(BETA)
-            C ^= F1(D, _Km[x], _Kr[x]);
-            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
-            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
-            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);
-
-        }
-
-        for (int i=6; i<12; i++)
-        {
-            x = (11-i)*4;
-            // BETA <- QBARi(BETA)
-            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);
-            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
-            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
-            C ^= F1(D, _Km[x], _Kr[x]);
-
-        }
-
-        result[0] = A;
-        result[1] = B;
-        result[2] = C;
-        result[3] = D;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaEngine.java
deleted file mode 100644
index 2f008a934..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaEngine.java
+++ /dev/null
@@ -1,683 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * Camellia - based on RFC 3713.
- */
-public class CamelliaEngine
-    implements BlockCipher
-{
-    private boolean initialised = false;
-    private boolean _keyIs128;
-
-    private static final int BLOCK_SIZE = 16;
-    private static final int MASK8 = 0xff;
-
-    private int[] subkey = new int[24 * 4];
-    private int[] kw = new int[4 * 2]; // for whitening
-    private int[] ke = new int[6 * 2]; // for FL and FL^(-1)
-    private int[] state = new int[4]; // for encryption and decryption
-
-    private static final int SIGMA[] = {
-        0xa09e667f, 0x3bcc908b,
-        0xb67ae858, 0x4caa73b2,
-        0xc6ef372f, 0xe94f82be,
-        0x54ff53a5, 0xf1d36f1c,
-        0x10e527fa, 0xde682d1d,
-        0xb05688c2, 0xb3e6c1fd
-    };
-
-    /*
-    *
-    * S-box data
-    *
-    */
-    private static final int SBOX1_1110[] = {
-        0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
-        0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
-        0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
-        0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
-        0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
-        0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
-        0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
-        0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
-        0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
-        0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
-        0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
-        0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
-        0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
-        0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
-        0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
-        0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
-        0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
-        0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
-        0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
-        0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
-        0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
-        0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
-        0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
-        0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
-        0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
-        0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
-        0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
-        0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
-        0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
-        0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
-        0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
-        0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
-        0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
-        0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
-        0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
-        0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
-        0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
-        0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
-        0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
-        0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
-        0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
-        0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
-        0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00
-    };
-
-    private static final int SBOX4_4404[] = {
-        0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
-        0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
-        0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
-        0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
-        0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
-        0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
-        0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
-        0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
-        0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
-        0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
-        0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
-        0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
-        0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
-        0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
-        0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
-        0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
-        0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
-        0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
-        0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
-        0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
-        0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
-        0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
-        0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
-        0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
-        0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
-        0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
-        0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
-        0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
-        0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
-        0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
-        0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
-        0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
-        0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
-        0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
-        0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
-        0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
-        0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
-        0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
-        0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
-        0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
-        0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
-        0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
-        0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e
-    };
-
-    private static final int SBOX2_0222[] = {
-        0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
-        0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
-        0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
-        0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
-        0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
-        0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
-        0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
-        0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
-        0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
-        0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
-        0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
-        0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
-        0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
-        0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
-        0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
-        0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
-        0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
-        0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
-        0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
-        0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
-        0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
-        0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
-        0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
-        0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
-        0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
-        0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
-        0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
-        0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
-        0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
-        0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
-        0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
-        0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
-        0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
-        0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
-        0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
-        0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
-        0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
-        0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
-        0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
-        0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
-        0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
-        0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
-        0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d
-    };
-
-    private static final int SBOX3_3033[] = {
-        0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
-        0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
-        0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
-        0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
-        0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
-        0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
-        0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
-        0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
-        0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
-        0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
-        0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
-        0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
-        0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
-        0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
-        0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
-        0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
-        0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
-        0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
-        0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
-        0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
-        0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
-        0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
-        0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
-        0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
-        0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
-        0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
-        0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
-        0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
-        0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
-        0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
-        0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
-        0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
-        0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
-        0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
-        0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
-        0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
-        0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
-        0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
-        0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
-        0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
-        0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
-        0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
-        0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f
-    };
-
-    private static int rightRotate(int x, int s)
-    {
-        return (((x) >>> (s)) + ((x) << (32 - s)));
-    }
-
-    private static int leftRotate(int x, int s)
-    {
-        return ((x) << (s)) + ((x) >>> (32 - s));
-    }
-
-    private static void roldq(int rot, int[] ki, int ioff,
-                                    int[] ko, int ooff)
-    {
-        ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
-        ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
-        ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
-        ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
-        ki[0 + ioff] = ko[0 + ooff];
-        ki[1 + ioff] = ko[1 + ooff];
-        ki[2 + ioff] = ko[2 + ooff];
-        ki[3 + ioff] = ko[3 + ooff];
-    }
-
-    private static void decroldq(int rot, int[] ki, int ioff,
-                                       int[] ko, int ooff)
-    {
-        ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
-        ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
-        ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
-        ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
-        ki[0 + ioff] = ko[2 + ooff];
-        ki[1 + ioff] = ko[3 + ooff];
-        ki[2 + ioff] = ko[0 + ooff];
-        ki[3 + ioff] = ko[1 + ooff];
-    }
-
-    private static void roldqo32(int rot, int[] ki, int ioff,
-                                       int[] ko, int ooff)
-    {
-        ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
-        ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
-        ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
-        ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
-        ki[0 + ioff] = ko[0 + ooff];
-        ki[1 + ioff] = ko[1 + ooff];
-        ki[2 + ioff] = ko[2 + ooff];
-        ki[3 + ioff] = ko[3 + ooff];
-    }
-
-    private static void decroldqo32(int rot, int[] ki, int ioff,
-                                          int[] ko, int ooff)
-    {
-        ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
-        ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
-        ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
-        ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
-        ki[0 + ioff] = ko[2 + ooff];
-        ki[1 + ioff] = ko[3 + ooff];
-        ki[2 + ioff] = ko[0 + ooff];
-        ki[3 + ioff] = ko[1 + ooff];
-    }
-
-    private int bytes2int(byte[] src, int offset)
-    {
-        int word = 0;
-
-        for (int i = 0; i < 4; i++)
-        {
-            word = (word << 8) + (src[i + offset] & MASK8);
-        }
-        return word;
-    }
-
-    private void int2bytes(int word, byte[] dst, int offset)
-    {
-        for (int i = 0; i < 4; i++)
-        {
-            dst[(3 - i) + offset] = (byte)word;
-            word >>>= 8;
-        }
-    }
-
-    private void camelliaF2(int[] s, int[] skey, int keyoff)
-    {
-        int t1, t2, u, v;
-
-        t1 = s[0] ^ skey[0 + keyoff];
-        u = SBOX4_4404[t1 & MASK8];
-        u ^= SBOX3_3033[(t1 >>> 8) & MASK8];
-        u ^= SBOX2_0222[(t1 >>> 16) & MASK8];
-        u ^= SBOX1_1110[(t1 >>> 24) & MASK8];
-        t2 = s[1] ^ skey[1 + keyoff];
-        v = SBOX1_1110[t2 & MASK8];
-        v ^= SBOX4_4404[(t2 >>> 8) & MASK8];
-        v ^= SBOX3_3033[(t2 >>> 16) & MASK8];
-        v ^= SBOX2_0222[(t2 >>> 24) & MASK8];
-
-        s[2] ^= u ^ v;
-        s[3] ^= u ^ v ^ rightRotate(u, 8);
-
-        t1 = s[2] ^ skey[2 + keyoff];
-        u = SBOX4_4404[t1 & MASK8];
-        u ^= SBOX3_3033[(t1 >>> 8) & MASK8];
-        u ^= SBOX2_0222[(t1 >>> 16) & MASK8];
-        u ^= SBOX1_1110[(t1 >>> 24) & MASK8];
-        t2 = s[3] ^ skey[3 + keyoff];
-        v = SBOX1_1110[t2 & MASK8];
-        v ^= SBOX4_4404[(t2 >>> 8) & MASK8];
-        v ^= SBOX3_3033[(t2 >>> 16) & MASK8];
-        v ^= SBOX2_0222[(t2 >>> 24) & MASK8];
-
-        s[0] ^= u ^ v;
-        s[1] ^= u ^ v ^ rightRotate(u, 8);
-    }
-
-    private void camelliaFLs(int[] s, int[] fkey, int keyoff)
-    {
-
-        s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1);
-        s[0] ^= fkey[1 + keyoff] | s[1];
-
-        s[2] ^= fkey[3 + keyoff] | s[3];
-        s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1);
-    }
-
-    private void setKey(boolean forEncryption, byte[] key)
-    {
-        int[] k = new int[8];
-        int[] ka = new int[4];
-        int[] kb = new int[4];
-        int[] t = new int[4];
-
-        switch (key.length)
-        {
-            case 16:
-                _keyIs128 = true;
-                k[0] = bytes2int(key, 0);
-                k[1] = bytes2int(key, 4);
-                k[2] = bytes2int(key, 8);
-                k[3] = bytes2int(key, 12);
-                k[4] = k[5] = k[6] = k[7] = 0;
-                break;
-            case 24:
-                k[0] = bytes2int(key, 0);
-                k[1] = bytes2int(key, 4);
-                k[2] = bytes2int(key, 8);
-                k[3] = bytes2int(key, 12);
-                k[4] = bytes2int(key, 16);
-                k[5] = bytes2int(key, 20);
-                k[6] = ~k[4];
-                k[7] = ~k[5];
-                _keyIs128 = false;
-                break;
-            case 32:
-                k[0] = bytes2int(key, 0);
-                k[1] = bytes2int(key, 4);
-                k[2] = bytes2int(key, 8);
-                k[3] = bytes2int(key, 12);
-                k[4] = bytes2int(key, 16);
-                k[5] = bytes2int(key, 20);
-                k[6] = bytes2int(key, 24);
-                k[7] = bytes2int(key, 28);
-                _keyIs128 = false;
-                break;
-            default:
-                throw new
-                    IllegalArgumentException("key sizes are only 16/24/32 bytes.");
-        }
-
-        for (int i = 0; i < 4; i++)
-        {
-            ka[i] = k[i] ^ k[i + 4];
-        }
-        /* compute KA */
-        camelliaF2(ka, SIGMA, 0);
-        for (int i = 0; i < 4; i++)
-        {
-            ka[i] ^= k[i];
-        }
-        camelliaF2(ka, SIGMA, 4);
-
-        if (_keyIs128)
-        {
-            if (forEncryption)
-            {
-                /* KL dependant keys */
-                kw[0] = k[0];
-                kw[1] = k[1];
-                kw[2] = k[2];
-                kw[3] = k[3];
-                roldq(15, k, 0, subkey, 4);
-                roldq(30, k, 0, subkey, 12);
-                roldq(15, k, 0, t, 0);
-                subkey[18] = t[2];
-                subkey[19] = t[3];
-                roldq(17, k, 0, ke, 4);
-                roldq(17, k, 0, subkey, 24);
-                roldq(17, k, 0, subkey, 32);
-                /* KA dependant keys */
-                subkey[0] = ka[0];
-                subkey[1] = ka[1];
-                subkey[2] = ka[2];
-                subkey[3] = ka[3];
-                roldq(15, ka, 0, subkey, 8);
-                roldq(15, ka, 0, ke, 0);
-                roldq(15, ka, 0, t, 0);
-                subkey[16] = t[0];
-                subkey[17] = t[1];
-                roldq(15, ka, 0, subkey, 20);
-                roldqo32(34, ka, 0, subkey, 28);
-                roldq(17, ka, 0, kw, 4);
-
-            }
-            else
-            { // decryption
-                /* KL dependant keys */
-                kw[4] = k[0];
-                kw[5] = k[1];
-                kw[6] = k[2];
-                kw[7] = k[3];
-                decroldq(15, k, 0, subkey, 28);
-                decroldq(30, k, 0, subkey, 20);
-                decroldq(15, k, 0, t, 0);
-                subkey[16] = t[0];
-                subkey[17] = t[1];
-                decroldq(17, k, 0, ke, 0);
-                decroldq(17, k, 0, subkey, 8);
-                decroldq(17, k, 0, subkey, 0);
-                /* KA dependant keys */
-                subkey[34] = ka[0];
-                subkey[35] = ka[1];
-                subkey[32] = ka[2];
-                subkey[33] = ka[3];
-                decroldq(15, ka, 0, subkey, 24);
-                decroldq(15, ka, 0, ke, 4);
-                decroldq(15, ka, 0, t, 0);
-                subkey[18] = t[2];
-                subkey[19] = t[3];
-                decroldq(15, ka, 0, subkey, 12);
-                decroldqo32(34, ka, 0, subkey, 4);
-                roldq(17, ka, 0, kw, 0);
-            }
-        }
-        else
-        { // 192bit or 256bit
-            /* compute KB */
-            for (int i = 0; i < 4; i++)
-            {
-                kb[i] = ka[i] ^ k[i + 4];
-            }
-            camelliaF2(kb, SIGMA, 8);
-
-            if (forEncryption)
-            {
-                /* KL dependant keys */
-                kw[0] = k[0];
-                kw[1] = k[1];
-                kw[2] = k[2];
-                kw[3] = k[3];
-                roldqo32(45, k, 0, subkey, 16);
-                roldq(15, k, 0, ke, 4);
-                roldq(17, k, 0, subkey, 32);
-                roldqo32(34, k, 0, subkey, 44);
-                /* KR dependant keys */
-                roldq(15, k, 4, subkey, 4);
-                roldq(15, k, 4, ke, 0);
-                roldq(30, k, 4, subkey, 24);
-                roldqo32(34, k, 4, subkey, 36);
-                /* KA dependant keys */
-                roldq(15, ka, 0, subkey, 8);
-                roldq(30, ka, 0, subkey, 20);
-                /* 32bit rotation */
-                ke[8] = ka[1];
-                ke[9] = ka[2];
-                ke[10] = ka[3];
-                ke[11] = ka[0];
-                roldqo32(49, ka, 0, subkey, 40);
-
-                /* KB dependant keys */
-                subkey[0] = kb[0];
-                subkey[1] = kb[1];
-                subkey[2] = kb[2];
-                subkey[3] = kb[3];
-                roldq(30, kb, 0, subkey, 12);
-                roldq(30, kb, 0, subkey, 28);
-                roldqo32(51, kb, 0, kw, 4);
-
-            }
-            else
-            { // decryption
-                /* KL dependant keys */
-                kw[4] = k[0];
-                kw[5] = k[1];
-                kw[6] = k[2];
-                kw[7] = k[3];
-                decroldqo32(45, k, 0, subkey, 28);
-                decroldq(15, k, 0, ke, 4);
-                decroldq(17, k, 0, subkey, 12);
-                decroldqo32(34, k, 0, subkey, 0);
-                /* KR dependant keys */
-                decroldq(15, k, 4, subkey, 40);
-                decroldq(15, k, 4, ke, 8);
-                decroldq(30, k, 4, subkey, 20);
-                decroldqo32(34, k, 4, subkey, 8);
-                /* KA dependant keys */
-                decroldq(15, ka, 0, subkey, 36);
-                decroldq(30, ka, 0, subkey, 24);
-                /* 32bit rotation */
-                ke[2] = ka[1];
-                ke[3] = ka[2];
-                ke[0] = ka[3];
-                ke[1] = ka[0];
-                decroldqo32(49, ka, 0, subkey, 4);
-
-                /* KB dependant keys */
-                subkey[46] = kb[0];
-                subkey[47] = kb[1];
-                subkey[44] = kb[2];
-                subkey[45] = kb[3];
-                decroldq(30, kb, 0, subkey, 32);
-                decroldq(30, kb, 0, subkey, 16);
-                roldqo32(51, kb, 0, kw, 0);
-            }
-        }
-    }
-
-    private int processBlock128(byte[] in, int inOff,
-                                      byte[] out, int outOff)
-    {
-        for (int i = 0; i < 4; i++)
-        {
-            state[i] = bytes2int(in, inOff + (i * 4));
-            state[i] ^= kw[i];
-        }
-
-        camelliaF2(state, subkey, 0);
-        camelliaF2(state, subkey, 4);
-        camelliaF2(state, subkey, 8);
-        camelliaFLs(state, ke, 0);
-        camelliaF2(state, subkey, 12);
-        camelliaF2(state, subkey, 16);
-        camelliaF2(state, subkey, 20);
-        camelliaFLs(state, ke, 4);
-        camelliaF2(state, subkey, 24);
-        camelliaF2(state, subkey, 28);
-        camelliaF2(state, subkey, 32);
-
-        state[2] ^= kw[4];
-        state[3] ^= kw[5];
-        state[0] ^= kw[6];
-        state[1] ^= kw[7];
-
-        int2bytes(state[2], out, outOff);
-        int2bytes(state[3], out, outOff + 4);
-        int2bytes(state[0], out, outOff + 8);
-        int2bytes(state[1], out, outOff + 12);
-
-        return BLOCK_SIZE;
-    }
-
-    private int processBlock192or256(byte[] in, int inOff,
-                                           byte[] out, int outOff)
-    {
-        for (int i = 0; i < 4; i++)
-        {
-            state[i] = bytes2int(in, inOff + (i * 4));
-            state[i] ^= kw[i];
-        }
-
-        camelliaF2(state, subkey, 0);
-        camelliaF2(state, subkey, 4);
-        camelliaF2(state, subkey, 8);
-        camelliaFLs(state, ke, 0);
-        camelliaF2(state, subkey, 12);
-        camelliaF2(state, subkey, 16);
-        camelliaF2(state, subkey, 20);
-        camelliaFLs(state, ke, 4);
-        camelliaF2(state, subkey, 24);
-        camelliaF2(state, subkey, 28);
-        camelliaF2(state, subkey, 32);
-        camelliaFLs(state, ke, 8);
-        camelliaF2(state, subkey, 36);
-        camelliaF2(state, subkey, 40);
-        camelliaF2(state, subkey, 44);
-
-        state[2] ^= kw[4];
-        state[3] ^= kw[5];
-        state[0] ^= kw[6];
-        state[1] ^= kw[7];
-
-        int2bytes(state[2], out, outOff);
-        int2bytes(state[3], out, outOff + 4);
-        int2bytes(state[0], out, outOff + 8);
-        int2bytes(state[1], out, outOff + 12);
-        return BLOCK_SIZE;
-    }
-
-    public CamelliaEngine()
-    {
-    }
-
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("only simple KeyParameter expected.");
-        }
-
-        setKey(forEncryption, ((KeyParameter)params).getKey());
-        initialised = true;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Camellia";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException("Camellia engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (_keyIs128)
-        {
-            return processBlock128(in, inOff, out, outOff);
-        }
-        else
-        {
-            return processBlock192or256(in, inOff, out, outOff);
-        }
-    }
-
-    public void reset()
-    {
-        // nothing
-
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaLightEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaLightEngine.java
deleted file mode 100644
index d45e53d45..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaLightEngine.java
+++ /dev/null
@@ -1,591 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * Camellia - based on RFC 3713, smaller implementation, about half the size of CamelliaEngine.
- */
-
-public class CamelliaLightEngine
-    implements BlockCipher
-{
-    private static final int BLOCK_SIZE = 16;
-    private static final int MASK8 = 0xff;
-    private boolean initialized;
-    private boolean _keyis128;
-
-    private int[] subkey = new int[24 * 4];
-    private int[] kw = new int[4 * 2]; // for whitening
-    private int[] ke = new int[6 * 2]; // for FL and FL^(-1)
-    private int[] state = new int[4]; // for encryption and decryption
-
-    private static final int SIGMA[] = {
-        0xa09e667f, 0x3bcc908b,
-        0xb67ae858, 0x4caa73b2,
-        0xc6ef372f, 0xe94f82be,
-        0x54ff53a5, 0xf1d36f1c,
-        0x10e527fa, 0xde682d1d,
-        0xb05688c2, 0xb3e6c1fd
-    };
-
-    /*
-    *
-    * S-box data
-    *
-    */
-    private static final byte SBOX1[] = {
-        (byte)112, (byte)130, (byte)44, (byte)236,
-        (byte)179, (byte)39, (byte)192, (byte)229,
-        (byte)228, (byte)133, (byte)87, (byte)53,
-        (byte)234, (byte)12, (byte)174, (byte)65,
-        (byte)35, (byte)239, (byte)107, (byte)147,
-        (byte)69, (byte)25, (byte)165, (byte)33,
-        (byte)237, (byte)14, (byte)79, (byte)78,
-        (byte)29, (byte)101, (byte)146, (byte)189,
-        (byte)134, (byte)184, (byte)175, (byte)143,
-        (byte)124, (byte)235, (byte)31, (byte)206,
-        (byte)62, (byte)48, (byte)220, (byte)95,
-        (byte)94, (byte)197, (byte)11, (byte)26,
-        (byte)166, (byte)225, (byte)57, (byte)202,
-        (byte)213, (byte)71, (byte)93, (byte)61,
-        (byte)217, (byte)1, (byte)90, (byte)214,
-        (byte)81, (byte)86, (byte)108, (byte)77,
-        (byte)139, (byte)13, (byte)154, (byte)102,
-        (byte)251, (byte)204, (byte)176, (byte)45,
-        (byte)116, (byte)18, (byte)43, (byte)32,
-        (byte)240, (byte)177, (byte)132, (byte)153,
-        (byte)223, (byte)76, (byte)203, (byte)194,
-        (byte)52, (byte)126, (byte)118, (byte)5,
-        (byte)109, (byte)183, (byte)169, (byte)49,
-        (byte)209, (byte)23, (byte)4, (byte)215,
-        (byte)20, (byte)88, (byte)58, (byte)97,
-        (byte)222, (byte)27, (byte)17, (byte)28,
-        (byte)50, (byte)15, (byte)156, (byte)22,
-        (byte)83, (byte)24, (byte)242, (byte)34,
-        (byte)254, (byte)68, (byte)207, (byte)178,
-        (byte)195, (byte)181, (byte)122, (byte)145,
-        (byte)36, (byte)8, (byte)232, (byte)168,
-        (byte)96, (byte)252, (byte)105, (byte)80,
-        (byte)170, (byte)208, (byte)160, (byte)125,
-        (byte)161, (byte)137, (byte)98, (byte)151,
-        (byte)84, (byte)91, (byte)30, (byte)149,
-        (byte)224, (byte)255, (byte)100, (byte)210,
-        (byte)16, (byte)196, (byte)0, (byte)72,
-        (byte)163, (byte)247, (byte)117, (byte)219,
-        (byte)138, (byte)3, (byte)230, (byte)218,
-        (byte)9, (byte)63, (byte)221, (byte)148,
-        (byte)135, (byte)92, (byte)131, (byte)2,
-        (byte)205, (byte)74, (byte)144, (byte)51,
-        (byte)115, (byte)103, (byte)246, (byte)243,
-        (byte)157, (byte)127, (byte)191, (byte)226,
-        (byte)82, (byte)155, (byte)216, (byte)38,
-        (byte)200, (byte)55, (byte)198, (byte)59,
-        (byte)129, (byte)150, (byte)111, (byte)75,
-        (byte)19, (byte)190, (byte)99, (byte)46,
-        (byte)233, (byte)121, (byte)167, (byte)140,
-        (byte)159, (byte)110, (byte)188, (byte)142,
-        (byte)41, (byte)245, (byte)249, (byte)182,
-        (byte)47, (byte)253, (byte)180, (byte)89,
-        (byte)120, (byte)152, (byte)6, (byte)106,
-        (byte)231, (byte)70, (byte)113, (byte)186,
-        (byte)212, (byte)37, (byte)171, (byte)66,
-        (byte)136, (byte)162, (byte)141, (byte)250,
-        (byte)114, (byte)7, (byte)185, (byte)85,
-        (byte)248, (byte)238, (byte)172, (byte)10,
-        (byte)54, (byte)73, (byte)42, (byte)104,
-        (byte)60, (byte)56, (byte)241, (byte)164,
-        (byte)64, (byte)40, (byte)211, (byte)123,
-        (byte)187, (byte)201, (byte)67, (byte)193,
-        (byte)21, (byte)227, (byte)173, (byte)244,
-        (byte)119, (byte)199, (byte)128, (byte)158
-    };
-
-    private static int rightRotate(int x, int s)
-    {
-        return (((x) >>> (s)) + ((x) << (32 - s)));
-    }
-
-    private static int leftRotate(int x, int s)
-    {
-        return ((x) << (s)) + ((x) >>> (32 - s));
-    }
-
-    private static void roldq(int rot, int[] ki, int ioff,
-                                    int[] ko, int ooff)
-    {
-        ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
-        ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
-        ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
-        ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
-        ki[0 + ioff] = ko[0 + ooff];
-        ki[1 + ioff] = ko[1 + ooff];
-        ki[2 + ioff] = ko[2 + ooff];
-        ki[3 + ioff] = ko[3 + ooff];
-    }
-
-    private static void decroldq(int rot, int[] ki, int ioff,
-                                       int[] ko, int ooff)
-    {
-        ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
-        ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
-        ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
-        ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
-        ki[0 + ioff] = ko[2 + ooff];
-        ki[1 + ioff] = ko[3 + ooff];
-        ki[2 + ioff] = ko[0 + ooff];
-        ki[3 + ioff] = ko[1 + ooff];
-    }
-
-    private static void roldqo32(int rot, int[] ki, int ioff,
-                                       int[] ko, int ooff)
-    {
-        ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
-        ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
-        ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
-        ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
-        ki[0 + ioff] = ko[0 + ooff];
-        ki[1 + ioff] = ko[1 + ooff];
-        ki[2 + ioff] = ko[2 + ooff];
-        ki[3 + ioff] = ko[3 + ooff];
-    }
-
-    private static void decroldqo32(int rot, int[] ki, int ioff,
-                                          int[] ko, int ooff)
-    {
-        ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
-        ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
-        ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
-        ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
-        ki[0 + ioff] = ko[2 + ooff];
-        ki[1 + ioff] = ko[3 + ooff];
-        ki[2 + ioff] = ko[0 + ooff];
-        ki[3 + ioff] = ko[1 + ooff];
-    }
-
-    private int bytes2int(byte[] src, int offset)
-    {
-        int word = 0;
-
-        for (int i = 0; i < 4; i++)
-        {
-            word = (word << 8) + (src[i + offset] & MASK8);
-        }
-        return word;
-    }
-
-    private void int2bytes(int word, byte[] dst, int offset)
-    {
-        for (int i = 0; i < 4; i++)
-        {
-            dst[(3 - i) + offset] = (byte)word;
-            word >>>= 8;
-        }
-    }
-
-    private byte lRot8(byte v, int rot)
-    {
-        return (byte)((v << rot) | ((v & 0xff) >>> (8 - rot)));
-    }
-
-    private int sbox2(int x)
-    {
-        return (lRot8(SBOX1[x], 1) & MASK8);
-    }
-
-    private int sbox3(int x)
-    {
-        return (lRot8(SBOX1[x], 7) & MASK8);
-    }
-
-    private int sbox4(int x)
-    {
-        return (SBOX1[((int)lRot8((byte)x, 1) & MASK8)] & MASK8);
-    }
-
-    private void camelliaF2(int[] s, int[] skey, int keyoff)
-    {
-        int t1, t2, u, v;
-
-        t1 = s[0] ^ skey[0 + keyoff];
-        u = sbox4((t1 & MASK8));
-        u |= (sbox3(((t1 >>> 8) & MASK8)) << 8);
-        u |= (sbox2(((t1 >>> 16) & MASK8)) << 16);
-        u |= ((int)(SBOX1[((t1 >>> 24) & MASK8)] & MASK8) << 24);
-
-        t2 = s[1] ^ skey[1 + keyoff];
-        v = (int)SBOX1[(t2 & MASK8)] & MASK8;
-        v |= (sbox4(((t2 >>> 8) & MASK8)) << 8);
-        v |= (sbox3(((t2 >>> 16) & MASK8)) << 16);
-        v |= (sbox2(((t2 >>> 24) & MASK8)) << 24);
-
-        v = leftRotate(v, 8);
-        u ^= v;
-        v = leftRotate(v, 8) ^ u;
-        u = rightRotate(u, 8) ^ v;
-        s[2] ^= leftRotate(v, 16) ^ u;
-        s[3] ^= leftRotate(u, 8);
-
-        t1 = s[2] ^ skey[2 + keyoff];
-        u = sbox4((t1 & MASK8));
-        u |= sbox3(((t1 >>> 8) & MASK8)) << 8;
-        u |= sbox2(((t1 >>> 16) & MASK8)) << 16;
-        u |= ((int)SBOX1[((t1 >>> 24) & MASK8)] & MASK8) << 24;
-
-        t2 = s[3] ^ skey[3 + keyoff];
-        v = ((int)SBOX1[(t2 & MASK8)] & MASK8);
-        v |= sbox4(((t2 >>> 8) & MASK8)) << 8;
-        v |= sbox3(((t2 >>> 16) & MASK8)) << 16;
-        v |= sbox2(((t2 >>> 24) & MASK8)) << 24;
-
-        v = leftRotate(v, 8);
-        u ^= v;
-        v = leftRotate(v, 8) ^ u;
-        u = rightRotate(u, 8) ^ v;
-        s[0] ^= leftRotate(v, 16) ^ u;
-        s[1] ^= leftRotate(u, 8);
-    }
-
-    private void camelliaFLs(int[] s, int[] fkey, int keyoff)
-    {
-
-        s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1);
-        s[0] ^= fkey[1 + keyoff] | s[1];
-
-        s[2] ^= fkey[3 + keyoff] | s[3];
-        s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1);
-    }
-
-    private void setKey(boolean forEncryption, byte[] key)
-    {
-        int[] k = new int[8];
-        int[] ka = new int[4];
-        int[] kb = new int[4];
-        int[] t = new int[4];
-
-        switch (key.length)
-        {
-            case 16:
-                _keyis128 = true;
-                k[0] = bytes2int(key, 0);
-                k[1] = bytes2int(key, 4);
-                k[2] = bytes2int(key, 8);
-                k[3] = bytes2int(key, 12);
-                k[4] = k[5] = k[6] = k[7] = 0;
-                break;
-            case 24:
-                k[0] = bytes2int(key, 0);
-                k[1] = bytes2int(key, 4);
-                k[2] = bytes2int(key, 8);
-                k[3] = bytes2int(key, 12);
-                k[4] = bytes2int(key, 16);
-                k[5] = bytes2int(key, 20);
-                k[6] = ~k[4];
-                k[7] = ~k[5];
-                _keyis128 = false;
-                break;
-            case 32:
-                k[0] = bytes2int(key, 0);
-                k[1] = bytes2int(key, 4);
-                k[2] = bytes2int(key, 8);
-                k[3] = bytes2int(key, 12);
-                k[4] = bytes2int(key, 16);
-                k[5] = bytes2int(key, 20);
-                k[6] = bytes2int(key, 24);
-                k[7] = bytes2int(key, 28);
-                _keyis128 = false;
-                break;
-            default:
-                throw new
-                    IllegalArgumentException("key sizes are only 16/24/32 bytes.");
-        }
-
-        for (int i = 0; i < 4; i++)
-        {
-            ka[i] = k[i] ^ k[i + 4];
-        }
-        /* compute KA */
-        camelliaF2(ka, SIGMA, 0);
-        for (int i = 0; i < 4; i++)
-        {
-            ka[i] ^= k[i];
-        }
-        camelliaF2(ka, SIGMA, 4);
-
-        if (_keyis128)
-        {
-            if (forEncryption)
-            {
-                /* KL dependant keys */
-                kw[0] = k[0];
-                kw[1] = k[1];
-                kw[2] = k[2];
-                kw[3] = k[3];
-                roldq(15, k, 0, subkey, 4);
-                roldq(30, k, 0, subkey, 12);
-                roldq(15, k, 0, t, 0);
-                subkey[18] = t[2];
-                subkey[19] = t[3];
-                roldq(17, k, 0, ke, 4);
-                roldq(17, k, 0, subkey, 24);
-                roldq(17, k, 0, subkey, 32);
-                /* KA dependant keys */
-                subkey[0] = ka[0];
-                subkey[1] = ka[1];
-                subkey[2] = ka[2];
-                subkey[3] = ka[3];
-                roldq(15, ka, 0, subkey, 8);
-                roldq(15, ka, 0, ke, 0);
-                roldq(15, ka, 0, t, 0);
-                subkey[16] = t[0];
-                subkey[17] = t[1];
-                roldq(15, ka, 0, subkey, 20);
-                roldqo32(34, ka, 0, subkey, 28);
-                roldq(17, ka, 0, kw, 4);
-
-            }
-            else
-            { // decryption
-                /* KL dependant keys */
-                kw[4] = k[0];
-                kw[5] = k[1];
-                kw[6] = k[2];
-                kw[7] = k[3];
-                decroldq(15, k, 0, subkey, 28);
-                decroldq(30, k, 0, subkey, 20);
-                decroldq(15, k, 0, t, 0);
-                subkey[16] = t[0];
-                subkey[17] = t[1];
-                decroldq(17, k, 0, ke, 0);
-                decroldq(17, k, 0, subkey, 8);
-                decroldq(17, k, 0, subkey, 0);
-                /* KA dependant keys */
-                subkey[34] = ka[0];
-                subkey[35] = ka[1];
-                subkey[32] = ka[2];
-                subkey[33] = ka[3];
-                decroldq(15, ka, 0, subkey, 24);
-                decroldq(15, ka, 0, ke, 4);
-                decroldq(15, ka, 0, t, 0);
-                subkey[18] = t[2];
-                subkey[19] = t[3];
-                decroldq(15, ka, 0, subkey, 12);
-                decroldqo32(34, ka, 0, subkey, 4);
-                roldq(17, ka, 0, kw, 0);
-            }
-        }
-        else
-        { // 192bit or 256bit
-            /* compute KB */
-            for (int i = 0; i < 4; i++)
-            {
-                kb[i] = ka[i] ^ k[i + 4];
-            }
-            camelliaF2(kb, SIGMA, 8);
-
-            if (forEncryption)
-            {
-                /* KL dependant keys */
-                kw[0] = k[0];
-                kw[1] = k[1];
-                kw[2] = k[2];
-                kw[3] = k[3];
-                roldqo32(45, k, 0, subkey, 16);
-                roldq(15, k, 0, ke, 4);
-                roldq(17, k, 0, subkey, 32);
-                roldqo32(34, k, 0, subkey, 44);
-                /* KR dependant keys */
-                roldq(15, k, 4, subkey, 4);
-                roldq(15, k, 4, ke, 0);
-                roldq(30, k, 4, subkey, 24);
-                roldqo32(34, k, 4, subkey, 36);
-                /* KA dependant keys */
-                roldq(15, ka, 0, subkey, 8);
-                roldq(30, ka, 0, subkey, 20);
-                /* 32bit rotation */
-                ke[8] = ka[1];
-                ke[9] = ka[2];
-                ke[10] = ka[3];
-                ke[11] = ka[0];
-                roldqo32(49, ka, 0, subkey, 40);
-
-                /* KB dependant keys */
-                subkey[0] = kb[0];
-                subkey[1] = kb[1];
-                subkey[2] = kb[2];
-                subkey[3] = kb[3];
-                roldq(30, kb, 0, subkey, 12);
-                roldq(30, kb, 0, subkey, 28);
-                roldqo32(51, kb, 0, kw, 4);
-
-            }
-            else
-            { // decryption
-                /* KL dependant keys */
-                kw[4] = k[0];
-                kw[5] = k[1];
-                kw[6] = k[2];
-                kw[7] = k[3];
-                decroldqo32(45, k, 0, subkey, 28);
-                decroldq(15, k, 0, ke, 4);
-                decroldq(17, k, 0, subkey, 12);
-                decroldqo32(34, k, 0, subkey, 0);
-                /* KR dependant keys */
-                decroldq(15, k, 4, subkey, 40);
-                decroldq(15, k, 4, ke, 8);
-                decroldq(30, k, 4, subkey, 20);
-                decroldqo32(34, k, 4, subkey, 8);
-                /* KA dependant keys */
-                decroldq(15, ka, 0, subkey, 36);
-                decroldq(30, ka, 0, subkey, 24);
-                /* 32bit rotation */
-                ke[2] = ka[1];
-                ke[3] = ka[2];
-                ke[0] = ka[3];
-                ke[1] = ka[0];
-                decroldqo32(49, ka, 0, subkey, 4);
-
-                /* KB dependant keys */
-                subkey[46] = kb[0];
-                subkey[47] = kb[1];
-                subkey[44] = kb[2];
-                subkey[45] = kb[3];
-                decroldq(30, kb, 0, subkey, 32);
-                decroldq(30, kb, 0, subkey, 16);
-                roldqo32(51, kb, 0, kw, 0);
-            }
-        }
-    }
-
-    private int processBlock128(byte[] in, int inOff,
-                                      byte[] out, int outOff)
-    {
-        for (int i = 0; i < 4; i++)
-        {
-            state[i] = bytes2int(in, inOff + (i * 4));
-            state[i] ^= kw[i];
-        }
-
-        camelliaF2(state, subkey, 0);
-        camelliaF2(state, subkey, 4);
-        camelliaF2(state, subkey, 8);
-        camelliaFLs(state, ke, 0);
-        camelliaF2(state, subkey, 12);
-        camelliaF2(state, subkey, 16);
-        camelliaF2(state, subkey, 20);
-        camelliaFLs(state, ke, 4);
-        camelliaF2(state, subkey, 24);
-        camelliaF2(state, subkey, 28);
-        camelliaF2(state, subkey, 32);
-
-        state[2] ^= kw[4];
-        state[3] ^= kw[5];
-        state[0] ^= kw[6];
-        state[1] ^= kw[7];
-
-        int2bytes(state[2], out, outOff);
-        int2bytes(state[3], out, outOff + 4);
-        int2bytes(state[0], out, outOff + 8);
-        int2bytes(state[1], out, outOff + 12);
-
-        return BLOCK_SIZE;
-    }
-
-    private int processBlock192or256(byte[] in, int inOff,
-                                           byte[] out, int outOff)
-    {
-        for (int i = 0; i < 4; i++)
-        {
-            state[i] = bytes2int(in, inOff + (i * 4));
-            state[i] ^= kw[i];
-        }
-
-        camelliaF2(state, subkey, 0);
-        camelliaF2(state, subkey, 4);
-        camelliaF2(state, subkey, 8);
-        camelliaFLs(state, ke, 0);
-        camelliaF2(state, subkey, 12);
-        camelliaF2(state, subkey, 16);
-        camelliaF2(state, subkey, 20);
-        camelliaFLs(state, ke, 4);
-        camelliaF2(state, subkey, 24);
-        camelliaF2(state, subkey, 28);
-        camelliaF2(state, subkey, 32);
-        camelliaFLs(state, ke, 8);
-        camelliaF2(state, subkey, 36);
-        camelliaF2(state, subkey, 40);
-        camelliaF2(state, subkey, 44);
-
-        state[2] ^= kw[4];
-        state[3] ^= kw[5];
-        state[0] ^= kw[6];
-        state[1] ^= kw[7];
-
-        int2bytes(state[2], out, outOff);
-        int2bytes(state[3], out, outOff + 4);
-        int2bytes(state[0], out, outOff + 8);
-        int2bytes(state[1], out, outOff + 12);
-        return BLOCK_SIZE;
-    }
-
-    public CamelliaLightEngine()
-    {
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Camellia";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public void init(boolean forEncryption, CipherParameters params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("only simple KeyParameter expected.");
-        }
-
-        setKey(forEncryption, ((KeyParameter)params).getKey());
-        initialized = true;
-    }
-
-    public int processBlock(byte[] in, int inOff,
-                            byte[] out, int outOff)
-        throws IllegalStateException
-    {
-
-        if (!initialized)
-        {
-            throw new IllegalStateException("Camellia is not initialized");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        if (_keyis128)
-        {
-            return processBlock128(in, inOff, out, outOff);
-        }
-        else
-        {
-            return processBlock192or256(in, inOff, out, outOff);
-        }
-    }
-
-    public void reset()
-    {
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java
deleted file mode 100644
index 5ca239a6a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-/**
- * An implementation of the Camellia key wrapper based on RFC 3657/RFC 3394.
- * 

- * For further details see: http://www.ietf.org/rfc/rfc3657.txt.
- */
-public class CamelliaWrapEngine
-    extends RFC3394WrapEngine
-{
-    public CamelliaWrapEngine()
-    {
-        super(new CamelliaEngine());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java
deleted file mode 100644
index b04911c5d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java
+++ /dev/null
@@ -1,494 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * a class that provides a basic DES engine.
- */
-public class DESEngine
-    implements BlockCipher
-{
-    protected static final int  BLOCK_SIZE = 8;
-
-    private int[]               workingKey = null;
-
-    /**
-     * standard constructor.
-     */
-    public DESEngine()
-    {
-    }
-
-    /**
-     * initialise a DES cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           encrypting,
-        CipherParameters  params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            if (((KeyParameter)params).getKey().length > 8)
-            {
-                throw new IllegalArgumentException("DES key too long - should be 8 bytes");
-            }
-            
-            workingKey = generateWorkingKey(encrypting,
-                                  ((KeyParameter)params).getKey());
-
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to DES init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "DES";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("DES engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        desFunc(workingKey, in, inOff, out, outOff);
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * what follows is mainly taken from "Applied Cryptography", by
-     * Bruce Schneier, however it also bears great resemblance to Richard
-     * Outerbridge's D3DES...
-     */
-
-//    private static final short[]    Df_Key =
-//        {
-//            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-//            0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
-//            0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-//        };
-
-    private static final short[]    bytebit =
-        {
-            0200, 0100, 040, 020, 010, 04, 02, 01
-        };
-
-    private static final int[]    bigbyte =
-        {
-            0x800000, 0x400000, 0x200000, 0x100000,
-            0x80000,  0x40000,  0x20000,  0x10000,
-            0x8000,      0x4000,   0x2000,   0x1000,
-            0x800,    0x400,    0x200,    0x100,
-            0x80,      0x40,        0x20,     0x10,
-            0x8,      0x4,      0x2,      0x1
-        };
-
-    /*
-     * Use the key schedule specified in the Standard (ANSI X3.92-1981).
-     */
-
-    private static final byte[]    pc1 =
-        {
-            56, 48, 40, 32, 24, 16,  8,   0, 57, 49, 41, 33, 25, 17,
-             9,  1, 58, 50, 42, 34, 26,  18, 10,  2, 59, 51, 43, 35,
-            62, 54, 46, 38, 30, 22, 14,   6, 61, 53, 45, 37, 29, 21,
-            13,  5, 60, 52, 44, 36, 28,  20, 12,  4, 27, 19, 11,  3
-        };
-
-    private static final byte[] totrot =
-        {
-            1, 2, 4, 6, 8, 10, 12, 14,
-            15, 17, 19, 21, 23, 25, 27, 28
-        };
-
-    private static final byte[] pc2 =
-        {
-            13, 16, 10, 23,  0,  4,  2, 27, 14,  5, 20,  9,
-            22, 18, 11,  3, 25,  7, 15,  6, 26, 19, 12,  1,
-            40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
-            43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
-        };
-
-    private static final int[] SP1 = {
-        0x01010400, 0x00000000, 0x00010000, 0x01010404,
-        0x01010004, 0x00010404, 0x00000004, 0x00010000,
-        0x00000400, 0x01010400, 0x01010404, 0x00000400,
-        0x01000404, 0x01010004, 0x01000000, 0x00000004,
-        0x00000404, 0x01000400, 0x01000400, 0x00010400,
-        0x00010400, 0x01010000, 0x01010000, 0x01000404,
-        0x00010004, 0x01000004, 0x01000004, 0x00010004,
-        0x00000000, 0x00000404, 0x00010404, 0x01000000,
-        0x00010000, 0x01010404, 0x00000004, 0x01010000,
-        0x01010400, 0x01000000, 0x01000000, 0x00000400,
-        0x01010004, 0x00010000, 0x00010400, 0x01000004,
-        0x00000400, 0x00000004, 0x01000404, 0x00010404,
-        0x01010404, 0x00010004, 0x01010000, 0x01000404,
-        0x01000004, 0x00000404, 0x00010404, 0x01010400,
-        0x00000404, 0x01000400, 0x01000400, 0x00000000,
-        0x00010004, 0x00010400, 0x00000000, 0x01010004
-    };
-
-    private static final int[] SP2 = {
-        0x80108020, 0x80008000, 0x00008000, 0x00108020,
-        0x00100000, 0x00000020, 0x80100020, 0x80008020,
-        0x80000020, 0x80108020, 0x80108000, 0x80000000,
-        0x80008000, 0x00100000, 0x00000020, 0x80100020,
-        0x00108000, 0x00100020, 0x80008020, 0x00000000,
-        0x80000000, 0x00008000, 0x00108020, 0x80100000,
-        0x00100020, 0x80000020, 0x00000000, 0x00108000,
-        0x00008020, 0x80108000, 0x80100000, 0x00008020,
-        0x00000000, 0x00108020, 0x80100020, 0x00100000,
-        0x80008020, 0x80100000, 0x80108000, 0x00008000,
-        0x80100000, 0x80008000, 0x00000020, 0x80108020,
-        0x00108020, 0x00000020, 0x00008000, 0x80000000,
-        0x00008020, 0x80108000, 0x00100000, 0x80000020,
-        0x00100020, 0x80008020, 0x80000020, 0x00100020,
-        0x00108000, 0x00000000, 0x80008000, 0x00008020,
-        0x80000000, 0x80100020, 0x80108020, 0x00108000
-    };
-
-    private static final int[] SP3 = {
-        0x00000208, 0x08020200, 0x00000000, 0x08020008,
-        0x08000200, 0x00000000, 0x00020208, 0x08000200,
-        0x00020008, 0x08000008, 0x08000008, 0x00020000,
-        0x08020208, 0x00020008, 0x08020000, 0x00000208,
-        0x08000000, 0x00000008, 0x08020200, 0x00000200,
-        0x00020200, 0x08020000, 0x08020008, 0x00020208,
-        0x08000208, 0x00020200, 0x00020000, 0x08000208,
-        0x00000008, 0x08020208, 0x00000200, 0x08000000,
-        0x08020200, 0x08000000, 0x00020008, 0x00000208,
-        0x00020000, 0x08020200, 0x08000200, 0x00000000,
-        0x00000200, 0x00020008, 0x08020208, 0x08000200,
-        0x08000008, 0x00000200, 0x00000000, 0x08020008,
-        0x08000208, 0x00020000, 0x08000000, 0x08020208,
-        0x00000008, 0x00020208, 0x00020200, 0x08000008,
-        0x08020000, 0x08000208, 0x00000208, 0x08020000,
-        0x00020208, 0x00000008, 0x08020008, 0x00020200
-    };
-
-    private static final int[] SP4 = {
-        0x00802001, 0x00002081, 0x00002081, 0x00000080,
-        0x00802080, 0x00800081, 0x00800001, 0x00002001,
-        0x00000000, 0x00802000, 0x00802000, 0x00802081,
-        0x00000081, 0x00000000, 0x00800080, 0x00800001,
-        0x00000001, 0x00002000, 0x00800000, 0x00802001,
-        0x00000080, 0x00800000, 0x00002001, 0x00002080,
-        0x00800081, 0x00000001, 0x00002080, 0x00800080,
-        0x00002000, 0x00802080, 0x00802081, 0x00000081,
-        0x00800080, 0x00800001, 0x00802000, 0x00802081,
-        0x00000081, 0x00000000, 0x00000000, 0x00802000,
-        0x00002080, 0x00800080, 0x00800081, 0x00000001,
-        0x00802001, 0x00002081, 0x00002081, 0x00000080,
-        0x00802081, 0x00000081, 0x00000001, 0x00002000,
-        0x00800001, 0x00002001, 0x00802080, 0x00800081,
-        0x00002001, 0x00002080, 0x00800000, 0x00802001,
-        0x00000080, 0x00800000, 0x00002000, 0x00802080
-    };
-
-    private static final int[] SP5 = {
-        0x00000100, 0x02080100, 0x02080000, 0x42000100,
-        0x00080000, 0x00000100, 0x40000000, 0x02080000,
-        0x40080100, 0x00080000, 0x02000100, 0x40080100,
-        0x42000100, 0x42080000, 0x00080100, 0x40000000,
-        0x02000000, 0x40080000, 0x40080000, 0x00000000,
-        0x40000100, 0x42080100, 0x42080100, 0x02000100,
-        0x42080000, 0x40000100, 0x00000000, 0x42000000,
-        0x02080100, 0x02000000, 0x42000000, 0x00080100,
-        0x00080000, 0x42000100, 0x00000100, 0x02000000,
-        0x40000000, 0x02080000, 0x42000100, 0x40080100,
-        0x02000100, 0x40000000, 0x42080000, 0x02080100,
-        0x40080100, 0x00000100, 0x02000000, 0x42080000,
-        0x42080100, 0x00080100, 0x42000000, 0x42080100,
-        0x02080000, 0x00000000, 0x40080000, 0x42000000,
-        0x00080100, 0x02000100, 0x40000100, 0x00080000,
-        0x00000000, 0x40080000, 0x02080100, 0x40000100
-    };
-
-    private static final int[] SP6 = {
-        0x20000010, 0x20400000, 0x00004000, 0x20404010,
-        0x20400000, 0x00000010, 0x20404010, 0x00400000,
-        0x20004000, 0x00404010, 0x00400000, 0x20000010,
-        0x00400010, 0x20004000, 0x20000000, 0x00004010,
-        0x00000000, 0x00400010, 0x20004010, 0x00004000,
-        0x00404000, 0x20004010, 0x00000010, 0x20400010,
-        0x20400010, 0x00000000, 0x00404010, 0x20404000,
-        0x00004010, 0x00404000, 0x20404000, 0x20000000,
-        0x20004000, 0x00000010, 0x20400010, 0x00404000,
-        0x20404010, 0x00400000, 0x00004010, 0x20000010,
-        0x00400000, 0x20004000, 0x20000000, 0x00004010,
-        0x20000010, 0x20404010, 0x00404000, 0x20400000,
-        0x00404010, 0x20404000, 0x00000000, 0x20400010,
-        0x00000010, 0x00004000, 0x20400000, 0x00404010,
-        0x00004000, 0x00400010, 0x20004010, 0x00000000,
-        0x20404000, 0x20000000, 0x00400010, 0x20004010
-    };
-
-    private static final int[] SP7 = {
-        0x00200000, 0x04200002, 0x04000802, 0x00000000,
-        0x00000800, 0x04000802, 0x00200802, 0x04200800,
-        0x04200802, 0x00200000, 0x00000000, 0x04000002,
-        0x00000002, 0x04000000, 0x04200002, 0x00000802,
-        0x04000800, 0x00200802, 0x00200002, 0x04000800,
-        0x04000002, 0x04200000, 0x04200800, 0x00200002,
-        0x04200000, 0x00000800, 0x00000802, 0x04200802,
-        0x00200800, 0x00000002, 0x04000000, 0x00200800,
-        0x04000000, 0x00200800, 0x00200000, 0x04000802,
-        0x04000802, 0x04200002, 0x04200002, 0x00000002,
-        0x00200002, 0x04000000, 0x04000800, 0x00200000,
-        0x04200800, 0x00000802, 0x00200802, 0x04200800,
-        0x00000802, 0x04000002, 0x04200802, 0x04200000,
-        0x00200800, 0x00000000, 0x00000002, 0x04200802,
-        0x00000000, 0x00200802, 0x04200000, 0x00000800,
-        0x04000002, 0x04000800, 0x00000800, 0x00200002
-    };
-
-    private static final int[] SP8 = {
-        0x10001040, 0x00001000, 0x00040000, 0x10041040,
-        0x10000000, 0x10001040, 0x00000040, 0x10000000,
-        0x00040040, 0x10040000, 0x10041040, 0x00041000,
-        0x10041000, 0x00041040, 0x00001000, 0x00000040,
-        0x10040000, 0x10000040, 0x10001000, 0x00001040,
-        0x00041000, 0x00040040, 0x10040040, 0x10041000,
-        0x00001040, 0x00000000, 0x00000000, 0x10040040,
-        0x10000040, 0x10001000, 0x00041040, 0x00040000,
-        0x00041040, 0x00040000, 0x10041000, 0x00001000,
-        0x00000040, 0x10040040, 0x00001000, 0x00041040,
-        0x10001000, 0x00000040, 0x10000040, 0x10040000,
-        0x10040040, 0x10000000, 0x00040000, 0x10001040,
-        0x00000000, 0x10041040, 0x00040040, 0x10000040,
-        0x10040000, 0x10001000, 0x10001040, 0x00000000,
-        0x10041040, 0x00041000, 0x00041000, 0x00001040,
-        0x00001040, 0x00040040, 0x10000000, 0x10041000
-    };
-
-    /**
-     * generate an integer based working key based on our secret key
-     * and what we processing we are planning to do.
-     *
-     * Acknowledgements for this routine go to James Gillogly & Phil Karn.
-     *         (whoever, and wherever they are!).
-     */
-    protected int[] generateWorkingKey(
-        boolean encrypting,
-        byte[]  key)
-    {
-        int[]       newKey = new int[32];
-        boolean[]   pc1m = new boolean[56],
-                    pcr = new boolean[56];
-
-        for (int j = 0; j < 56; j++)
-        {
-            int    l = pc1[j];
-
-            pc1m[j] = ((key[l >>> 3] & bytebit[l & 07]) != 0);
-        }
-
-        for (int i = 0; i < 16; i++)
-        {
-            int    l, m, n;
-
-            if (encrypting)
-            {
-                m = i << 1;
-            }
-            else
-            {
-                m = (15 - i) << 1;
-            }
-
-            n = m + 1;
-            newKey[m] = newKey[n] = 0;
-
-            for (int j = 0; j < 28; j++)
-            {
-                l = j + totrot[i];
-                if (l < 28)
-                {
-                    pcr[j] = pc1m[l];
-                }
-                else
-                {
-                    pcr[j] = pc1m[l - 28];
-                }
-            }
-
-            for (int j = 28; j < 56; j++)
-            {
-                l = j + totrot[i];
-                if (l < 56)
-                {
-                    pcr[j] = pc1m[l];
-                }
-                else
-                {
-                    pcr[j] = pc1m[l - 28];
-                }
-            }
-
-            for (int j = 0; j < 24; j++)
-            {
-                if (pcr[pc2[j]])
-                {
-                    newKey[m] |= bigbyte[j];
-                }
-
-                if (pcr[pc2[j + 24]])
-                {
-                    newKey[n] |= bigbyte[j];
-                }
-            }
-        }
-
-        //
-        // store the processed key
-        //
-        for (int i = 0; i != 32; i += 2)
-        {
-            int    i1, i2;
-
-            i1 = newKey[i];
-            i2 = newKey[i + 1];
-
-            newKey[i] = ((i1 & 0x00fc0000) << 6) | ((i1 & 0x00000fc0) << 10)
-                                   | ((i2 & 0x00fc0000) >>> 10) | ((i2 & 0x00000fc0) >>> 6);
-
-            newKey[i + 1] = ((i1 & 0x0003f000) << 12) | ((i1 & 0x0000003f) << 16)
-                                   | ((i2 & 0x0003f000) >>> 4) | (i2 & 0x0000003f);
-        }
-
-        return newKey;
-    }
-
-    /**
-     * the DES engine.
-     */
-    protected void desFunc(
-        int[]   wKey,
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int     work, right, left;
-
-        left     = (in[inOff + 0] & 0xff) << 24;
-        left    |= (in[inOff + 1] & 0xff) << 16;
-        left    |= (in[inOff + 2] & 0xff) << 8;
-        left    |= (in[inOff + 3] & 0xff);
-
-        right     = (in[inOff + 4] & 0xff) << 24;
-        right    |= (in[inOff + 5] & 0xff) << 16;
-        right    |= (in[inOff + 6] & 0xff) << 8;
-        right    |= (in[inOff + 7] & 0xff);
-
-        work = ((left >>> 4) ^ right) & 0x0f0f0f0f;
-        right ^= work;
-        left ^= (work << 4);
-        work = ((left >>> 16) ^ right) & 0x0000ffff;
-        right ^= work;
-        left ^= (work << 16);
-        work = ((right >>> 2) ^ left) & 0x33333333;
-        left ^= work;
-        right ^= (work << 2);
-        work = ((right >>> 8) ^ left) & 0x00ff00ff;
-        left ^= work;
-        right ^= (work << 8);
-        right = ((right << 1) | ((right >>> 31) & 1)) & 0xffffffff;
-        work = (left ^ right) & 0xaaaaaaaa;
-        left ^= work;
-        right ^= work;
-        left = ((left << 1) | ((left >>> 31) & 1)) & 0xffffffff;
-
-        for (int round = 0; round < 8; round++)
-        {
-            int     fval;
-
-            work  = (right << 28) | (right >>> 4);
-            work ^= wKey[round * 4 + 0];
-            fval  = SP7[ work      & 0x3f];
-            fval |= SP5[(work >>>  8) & 0x3f];
-            fval |= SP3[(work >>> 16) & 0x3f];
-            fval |= SP1[(work >>> 24) & 0x3f];
-            work  = right ^ wKey[round * 4 + 1];
-            fval |= SP8[ work      & 0x3f];
-            fval |= SP6[(work >>>  8) & 0x3f];
-            fval |= SP4[(work >>> 16) & 0x3f];
-            fval |= SP2[(work >>> 24) & 0x3f];
-            left ^= fval;
-            work  = (left << 28) | (left >>> 4);
-            work ^= wKey[round * 4 + 2];
-            fval  = SP7[ work      & 0x3f];
-            fval |= SP5[(work >>>  8) & 0x3f];
-            fval |= SP3[(work >>> 16) & 0x3f];
-            fval |= SP1[(work >>> 24) & 0x3f];
-            work  = left ^ wKey[round * 4 + 3];
-            fval |= SP8[ work      & 0x3f];
-            fval |= SP6[(work >>>  8) & 0x3f];
-            fval |= SP4[(work >>> 16) & 0x3f];
-            fval |= SP2[(work >>> 24) & 0x3f];
-            right ^= fval;
-        }
-
-        right = (right << 31) | (right >>> 1);
-        work = (left ^ right) & 0xaaaaaaaa;
-        left ^= work;
-        right ^= work;
-        left = (left << 31) | (left >>> 1);
-        work = ((left >>> 8) ^ right) & 0x00ff00ff;
-        right ^= work;
-        left ^= (work << 8);
-        work = ((left >>> 2) ^ right) & 0x33333333;
-        right ^= work;
-        left ^= (work << 2);
-        work = ((right >>> 16) ^ left) & 0x0000ffff;
-        left ^= work;
-        right ^= (work << 16);
-        work = ((right >>> 4) ^ left) & 0x0f0f0f0f;
-        left ^= work;
-        right ^= (work << 4);
-
-        out[outOff + 0] = (byte)((right >>> 24) & 0xff);
-        out[outOff + 1] = (byte)((right >>> 16) & 0xff);
-        out[outOff + 2] = (byte)((right >>>  8) & 0xff);
-        out[outOff + 3] = (byte)(right         & 0xff);
-        out[outOff + 4] = (byte)((left >>> 24) & 0xff);
-        out[outOff + 5] = (byte)((left >>> 16) & 0xff);
-        out[outOff + 6] = (byte)((left >>>  8) & 0xff);
-        out[outOff + 7] = (byte)(left         & 0xff);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java
deleted file mode 100644
index f915434bc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java
+++ /dev/null
@@ -1,126 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * a class that provides a basic DESede (or Triple DES) engine.
- */
-public class DESedeEngine
-    extends DESEngine
-{
-    protected static final int  BLOCK_SIZE = 8;
-
-    private int[]               workingKey1 = null;
-    private int[]               workingKey2 = null;
-    private int[]               workingKey3 = null;
-
-    private boolean             forEncryption;
-
-    /**
-     * standard constructor.
-     */
-    public DESedeEngine()
-    {
-    }
-
-    /**
-     * initialise a DESede cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           encrypting,
-        CipherParameters  params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to DESede init - " + params.getClass().getName());
-        }
-
-        byte[] keyMaster = ((KeyParameter)params).getKey();
-
-        if (keyMaster.length > 24)
-        {
-            throw new IllegalArgumentException("key size greater than 24 bytes");
-        }
-
-        this.forEncryption = encrypting;
-
-        byte[] key1 = new byte[8];
-        System.arraycopy(keyMaster, 0, key1, 0, key1.length);
-        workingKey1 = generateWorkingKey(encrypting, key1);
-
-        byte[] key2 = new byte[8];
-        System.arraycopy(keyMaster, 8, key2, 0, key2.length);
-        workingKey2 = generateWorkingKey(!encrypting, key2);
-
-        if (keyMaster.length == 24)
-        {
-            byte[] key3 = new byte[8];
-            System.arraycopy(keyMaster, 16, key3, 0, key3.length);
-            workingKey3 = generateWorkingKey(encrypting, key3);
-        }
-        else    // 16 byte key
-        {
-            workingKey3 = workingKey1;
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return "DESede";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey1 == null)
-        {
-            throw new IllegalStateException("DESede engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        byte[] temp = new byte[BLOCK_SIZE];
-
-        if (forEncryption)
-        {
-            desFunc(workingKey1, in, inOff, temp, 0);
-            desFunc(workingKey2, temp, 0, temp, 0);
-            desFunc(workingKey3, temp, 0, out, outOff);
-        }
-        else
-        {
-            desFunc(workingKey3, in, inOff, temp, 0);
-            desFunc(workingKey2, temp, 0, temp, 0);
-            desFunc(workingKey1, temp, 0, out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
deleted file mode 100644
index a3c72ccb2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
+++ /dev/null
@@ -1,348 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Wrap keys according to
- * 
- * draft-ietf-smime-key-wrap-01.txt.
- * 

- * Note: 
- * 
    
- * 
  • this is based on a draft, and as such is subject to change - don't use this class for anything requiring long term storage.
- * 
  • if you are using this to wrap triple-des keys you need to set the
- * parity bits on the key and, if it's a two-key triple-des key, pad it
- * yourself.
- * 

- */
-public class DESedeWrapEngine
-    implements Wrapper
-{
-   /** Field engine */
-   private CBCBlockCipher engine;
-
-   /** Field param */
-   private KeyParameter param;
-
-   /** Field paramPlusIV */
-   private ParametersWithIV paramPlusIV;
-
-   /** Field iv */
-   private byte[] iv;
-
-   /** Field forWrapping */
-   private boolean forWrapping;
-
-   /** Field IV2           */
-   private static final byte[] IV2 = { (byte) 0x4a, (byte) 0xdd, (byte) 0xa2,
-                                       (byte) 0x2c, (byte) 0x79, (byte) 0xe8,
-                                       (byte) 0x21, (byte) 0x05 };
-
-    //
-    // checksum digest
-    //
-    Digest  sha1 = new SHA1Digest();
-    byte[]  digest = new byte[20];
-
-   /**
-    * Method init
-    *
-    * @param forWrapping
-    * @param param
-    */
-    public void init(boolean forWrapping, CipherParameters param)
-    {
-
-        this.forWrapping = forWrapping;
-        this.engine = new CBCBlockCipher(new DESedeEngine());
-
-        SecureRandom sr;
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom pr = (ParametersWithRandom) param;
-            param = pr.getParameters();
-            sr = pr.getRandom();
-        }
-        else
-        {
-            sr = new SecureRandom();
-        }
-
-        if (param instanceof KeyParameter)
-        {
-            this.param = (KeyParameter)param;
-
-            if (this.forWrapping)
-            {
-
-                // Hm, we have no IV but we want to wrap ?!?
-                // well, then we have to create our own IV.
-                this.iv = new byte[8];
-                sr.nextBytes(iv);
-
-                this.paramPlusIV = new ParametersWithIV(this.param, this.iv);
-            }
-        }
-        else if (param instanceof ParametersWithIV)
-        {
-            this.paramPlusIV = (ParametersWithIV)param;
-            this.iv = this.paramPlusIV.getIV();
-            this.param = (KeyParameter)this.paramPlusIV.getParameters();
-
-            if (this.forWrapping)
-            {
-                if ((this.iv == null) || (this.iv.length != 8))
-                {
-                    throw new IllegalArgumentException("IV is not 8 octets");
-                }
-            }
-            else
-            {
-                throw new IllegalArgumentException(
-                        "You should not supply an IV for unwrapping");
-            }
-        }
-    }
-
-   /**
-    * Method getAlgorithmName
-    *
-    * @return the algorithm name "DESede".
-    */
-   public String getAlgorithmName() 
-   {
-      return "DESede";
-   }
-
-   /**
-    * Method wrap
-    *
-    * @param in
-    * @param inOff
-    * @param inLen
-    * @return the wrapped bytes.
-    */
-   public byte[] wrap(byte[] in, int inOff, int inLen) 
-   {
-      if (!forWrapping) 
-      {
-         throw new IllegalStateException("Not initialized for wrapping");
-      }
-
-      byte keyToBeWrapped[] = new byte[inLen];
-
-      System.arraycopy(in, inOff, keyToBeWrapped, 0, inLen);
-
-      // Compute the CMS Key Checksum, (section 5.6.1), call this CKS.
-      byte[] CKS = calculateCMSKeyChecksum(keyToBeWrapped);
-
-      // Let WKCKS = WK || CKS where || is concatenation.
-      byte[] WKCKS = new byte[keyToBeWrapped.length + CKS.length];
-
-      System.arraycopy(keyToBeWrapped, 0, WKCKS, 0, keyToBeWrapped.length);
-      System.arraycopy(CKS, 0, WKCKS, keyToBeWrapped.length, CKS.length);
-
-      // Encrypt WKCKS in CBC mode using KEK as the key and IV as the
-      // initialization vector. Call the results TEMP1.
-
-      int blockSize = engine.getBlockSize();
-
-      if (WKCKS.length % blockSize != 0) 
-      {
-         throw new IllegalStateException("Not multiple of block length");
-      }
-
-      engine.init(true, paramPlusIV);
-
-      byte TEMP1[] = new byte[WKCKS.length];
-
-      for (int currentBytePos = 0; currentBytePos != WKCKS.length; currentBytePos += blockSize) 
-      {
-         engine.processBlock(WKCKS, currentBytePos, TEMP1, currentBytePos);
-      }
-
-      // Let TEMP2 = IV || TEMP1.
-      byte[] TEMP2 = new byte[this.iv.length + TEMP1.length];
-
-      System.arraycopy(this.iv, 0, TEMP2, 0, this.iv.length);
-      System.arraycopy(TEMP1, 0, TEMP2, this.iv.length, TEMP1.length);
-
-      // Reverse the order of the octets in TEMP2 and call the result TEMP3.
-      byte[] TEMP3 = reverse(TEMP2);
-
-      // Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
-      // of 0x 4a dd a2 2c 79 e8 21 05. The resulting cipher text is the desired
-      // result. It is 40 octets long if a 168 bit key is being wrapped.
-      ParametersWithIV param2 = new ParametersWithIV(this.param, IV2);
-
-      this.engine.init(true, param2);
-
-      for (int currentBytePos = 0; currentBytePos != TEMP3.length; currentBytePos += blockSize) 
-      {
-         engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos);
-      }
-
-      return TEMP3;
-   }
-
-   /**
-    * Method unwrap
-    *
-    * @param in
-    * @param inOff
-    * @param inLen
-    * @return the unwrapped bytes.
-    * @throws InvalidCipherTextException
-    */
-    public byte[] unwrap(byte[] in, int inOff, int inLen)
-           throws InvalidCipherTextException 
-    {
-        if (forWrapping)
-        {
-            throw new IllegalStateException("Not set for unwrapping");
-        }
-        
-        if (in == null)
-        {
-            throw new InvalidCipherTextException("Null pointer as ciphertext");
-        }
-
-        final int blockSize = engine.getBlockSize();
-        if (inLen % blockSize != 0)
-        {
-            throw new InvalidCipherTextException("Ciphertext not multiple of " + blockSize);
-        }
-
-      /*
-      // Check if the length of the cipher text is reasonable given the key
-      // type. It must be 40 bytes for a 168 bit key and either 32, 40, or
-      // 48 bytes for a 128, 192, or 256 bit key. If the length is not supported
-      // or inconsistent with the algorithm for which the key is intended,
-      // return error.
-      //
-      // we do not accept 168 bit keys. it has to be 192 bit.
-      int lengthA = (estimatedKeyLengthInBit / 8) + 16;
-      int lengthB = estimatedKeyLengthInBit % 8;
-
-      if ((lengthA != keyToBeUnwrapped.length) || (lengthB != 0)) {
-         throw new XMLSecurityException("empty");
-      }
-      */
-
-      // Decrypt the cipher text with TRIPLedeS in CBC mode using the KEK
-      // and an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3.
-      ParametersWithIV param2 = new ParametersWithIV(this.param, IV2);
-
-      this.engine.init(false, param2);
-
-      byte TEMP3[] = new byte[inLen];
-
-      for (int currentBytePos = 0; currentBytePos != inLen; currentBytePos += blockSize) 
-      {
-         engine.processBlock(in, inOff + currentBytePos, TEMP3, currentBytePos);
-      }
-
-      // Reverse the order of the octets in TEMP3 and call the result TEMP2.
-      byte[] TEMP2 = reverse(TEMP3);
-
-      // Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining octets.
-      this.iv = new byte[8];
-
-      byte[] TEMP1 = new byte[TEMP2.length - 8];
-
-      System.arraycopy(TEMP2, 0, this.iv, 0, 8);
-      System.arraycopy(TEMP2, 8, TEMP1, 0, TEMP2.length - 8);
-
-      // Decrypt TEMP1 using TRIPLedeS in CBC mode using the KEK and the IV
-      // found in the previous step. Call the result WKCKS.
-      this.paramPlusIV = new ParametersWithIV(this.param, this.iv);
-
-      this.engine.init(false, this.paramPlusIV);
-
-      byte[] WKCKS = new byte[TEMP1.length];
-
-      for (int currentBytePos = 0; currentBytePos != WKCKS.length; currentBytePos += blockSize) 
-      {
-         engine.processBlock(TEMP1, currentBytePos, WKCKS, currentBytePos);
-      }
-
-      // Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are
-      // those octets before the CKS.
-      byte[] result = new byte[WKCKS.length - 8];
-      byte[] CKStoBeVerified = new byte[8];
-
-      System.arraycopy(WKCKS, 0, result, 0, WKCKS.length - 8);
-      System.arraycopy(WKCKS, WKCKS.length - 8, CKStoBeVerified, 0, 8);
-
-      // Calculate a CMS Key Checksum, (section 5.6.1), over the WK and compare
-      // with the CKS extracted in the above step. If they are not equal, return error.
-      if (!checkCMSKeyChecksum(result, CKStoBeVerified)) 
-      {
-         throw new InvalidCipherTextException(
-            "Checksum inside ciphertext is corrupted");
-      }
-
-      // WK is the wrapped key, now extracted for use in data decryption.
-      return result;
-   }
-
-    /**
-     * Some key wrap algorithms make use of the Key Checksum defined
-     * in CMS [CMS-Algorithms]. This is used to provide an integrity
-     * check value for the key being wrapped. The algorithm is
-     *
-     * - Compute the 20 octet SHA-1 hash on the key being wrapped.
-     * - Use the first 8 octets of this hash as the checksum value.
-     *
-     * @param key
-     * @return the CMS checksum.
-     * @throws RuntimeException
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-     */
-    private byte[] calculateCMSKeyChecksum(
-        byte[] key)
-    {
-        byte[]  result = new byte[8];
-
-        sha1.update(key, 0, key.length);
-        sha1.doFinal(digest, 0);
-
-        System.arraycopy(digest, 0, result, 0, 8);
-
-        return result;
-    }
-
-    /**
-     * @param key
-     * @param checksum
-     * @return true if okay, false otherwise.
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-     */
-    private boolean checkCMSKeyChecksum(
-        byte[] key,
-        byte[] checksum)
-    {
-        return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum);
-    }
-
-    private static byte[] reverse(byte[] bs)
-    {
-        byte[] result = new byte[bs.length];
-        for (int i = 0; i < bs.length; i++) 
-        {
-           result[i] = bs[bs.length - (i + 1)];
-        }
-        return result;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java
deleted file mode 100644
index 4bf8e75d1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java
+++ /dev/null
@@ -1,217 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ElGamalKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.BigIntegers;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * this does your basic ElGamal algorithm.
- */
-public class ElGamalEngine
-    implements AsymmetricBlockCipher
-{
-    private ElGamalKeyParameters    key;
-    private SecureRandom            random;
-    private boolean                 forEncryption;
-    private int                     bitSize;
-
-    private static final BigInteger ZERO = BigInteger.valueOf(0);
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
-    /**
-     * initialise the ElGamal engine.
-     *
-     * @param forEncryption true if we are encrypting, false otherwise.
-     * @param param the necessary ElGamal key parameters.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    param)
-    {
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    p = (ParametersWithRandom)param;
-
-            this.key = (ElGamalKeyParameters)p.getParameters();
-            this.random = p.getRandom();
-        }
-        else
-        {
-            this.key = (ElGamalKeyParameters)param;
-            this.random = new SecureRandom();
-        }
-
-        this.forEncryption = forEncryption;
-
-        BigInteger p = key.getParameters().getP();
-
-        bitSize = p.bitLength();
-
-        if (forEncryption)
-        {
-            if (!(key instanceof ElGamalPublicKeyParameters))
-            {
-                throw new IllegalArgumentException("ElGamalPublicKeyParameters are required for encryption.");
-            }
-        }
-        else
-        {
-            if (!(key instanceof ElGamalPrivateKeyParameters))
-            {
-                throw new IllegalArgumentException("ElGamalPrivateKeyParameters are required for decryption.");
-            }
-        }
-    }
-
-    /**
-     * Return the maximum size for an input block to this engine.
-     * For ElGamal this is always one byte less than the size of P on
-     * encryption, and twice the length as the size of P on decryption.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize()
-    {
-        if (forEncryption)
-        {
-            return (bitSize - 1) / 8;
-        }
-
-        return 2 * ((bitSize + 7) / 8);
-    }
-
-    /**
-     * Return the maximum size for an output block to this engine.
-     * For ElGamal this is always one byte less than the size of P on
-     * decryption, and twice the length as the size of P on encryption.
-     *
-     * @return maximum size for an output block.
-     */
-    public int getOutputBlockSize()
-    {
-        if (forEncryption)
-        {
-            return 2 * ((bitSize + 7) / 8);
-        }
-
-        return (bitSize - 1) / 8;
-    }
-
-    /**
-     * Process a single block using the basic ElGamal algorithm.
-     *
-     * @param in the input array.
-     * @param inOff the offset into the input buffer where the data starts.
-     * @param inLen the length of the data to be processed.
-     * @return the result of the ElGamal process.
-     * @exception DataLengthException the input block is too large.
-     */
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-    {
-        if (key == null)
-        {
-            throw new IllegalStateException("ElGamal engine not initialised");
-        }
-
-        int maxLength = forEncryption
-            ?   (bitSize - 1 + 7) / 8
-            :   getInputBlockSize();
-
-        if (inLen > maxLength)
-        {
-            throw new DataLengthException("input too large for ElGamal cipher.\n");
-        }
-
-        BigInteger  p = key.getParameters().getP();
-
-        if (key instanceof ElGamalPrivateKeyParameters) // decryption
-        {
-            byte[]  in1 = new byte[inLen / 2];
-            byte[]  in2 = new byte[inLen / 2];
-
-            System.arraycopy(in, inOff, in1, 0, in1.length);
-            System.arraycopy(in, inOff + in1.length, in2, 0, in2.length);
-
-            BigInteger  gamma = new BigInteger(1, in1);
-            BigInteger  phi = new BigInteger(1, in2);
-
-            ElGamalPrivateKeyParameters  priv = (ElGamalPrivateKeyParameters)key;
-            // a shortcut, which generally relies on p being prime amongst other things.
-            // if a problem with this shows up, check the p and g values!
-            BigInteger  m = gamma.modPow(p.subtract(ONE).subtract(priv.getX()), p).multiply(phi).mod(p);
-
-            return BigIntegers.asUnsignedByteArray(m);
-        }
-        else // encryption
-        {
-            byte[] block;
-            if (inOff != 0 || inLen != in.length)
-            {
-                block = new byte[inLen];
-
-                System.arraycopy(in, inOff, block, 0, inLen);
-            }
-            else
-            {
-                block = in;
-            }
-
-            BigInteger input = new BigInteger(1, block);
-
-            if (input.bitLength() >= p.bitLength())
-            {
-                throw new DataLengthException("input too large for ElGamal cipher.\n");
-            }
-
-            ElGamalPublicKeyParameters  pub = (ElGamalPublicKeyParameters)key;
-
-            int                         pBitLength = p.bitLength();
-            BigInteger                  k = new BigInteger(pBitLength, random);
-
-            while (k.equals(ZERO) || (k.compareTo(p.subtract(TWO)) > 0))
-            {
-                k = new BigInteger(pBitLength, random);
-            }
-
-            BigInteger  g = key.getParameters().getG();
-            BigInteger  gamma = g.modPow(k, p);
-            BigInteger  phi = input.multiply(pub.getY().modPow(k, p)).mod(p);
-
-            byte[]  out1 = gamma.toByteArray();
-            byte[]  out2 = phi.toByteArray();
-            byte[]  output = new byte[this.getOutputBlockSize()];
-
-            if (out1.length > output.length / 2)
-            {
-                System.arraycopy(out1, 1, output, output.length / 2 - (out1.length - 1), out1.length - 1);
-            }
-            else
-            {
-                System.arraycopy(out1, 0, output, output.length / 2 - out1.length, out1.length);
-            }
-
-            if (out2.length > output.length / 2)
-            {
-                System.arraycopy(out2, 1, output, output.length - (out2.length - 1), out2.length - 1);
-            }
-            else
-            {
-                System.arraycopy(out2, 0, output, output.length - out2.length, out2.length);
-            }
-
-            return output;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/GOST28147Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/GOST28147Engine.java
deleted file mode 100644
index ab94c7090..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/GOST28147Engine.java
+++ /dev/null
@@ -1,371 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import java.util.Hashtable;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Strings;
-
-/**
- * implementation of GOST 28147-89
- */
-public class GOST28147Engine
-    implements BlockCipher
-{
-    protected static final int  BLOCK_SIZE = 8;
-    private int[]               workingKey = null;
-    private boolean forEncryption;
-
-    private byte[] S = Sbox_Default;
-
-    // these are the S-boxes given in Applied Cryptography 2nd Ed., p. 333
-    // This is default S-box!
-    private static byte Sbox_Default[] = {
-        0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3,
-        0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9,
-        0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB,
-        0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3,
-        0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2,
-        0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE,
-        0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC,
-        0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC
-    };
-    
-    /*
-     * class content S-box parameters for encrypting
-     * getting from, see: http://tools.ietf.org/id/draft-popov-cryptopro-cpalgs-01.txt
-     *                    http://tools.ietf.org/id/draft-popov-cryptopro-cpalgs-02.txt
-     */
-    private static byte[] ESbox_Test = {
-         0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6,
-         0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5,
-         0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB,
-         0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8,
-         0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4,
-         0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4,
-         0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD,
-         0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8
-    };
-    
-    private static byte[] ESbox_A = {
-         0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5,
-         0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1,
-         0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9,
-         0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6,
-         0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6,
-         0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6,
-         0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE,
-         0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4
-    };
-    
-    private static byte[] ESbox_B = {
-         0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF,
-         0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE,
-         0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4,
-         0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8,
-         0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3,
-         0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5,
-         0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE,
-         0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC
-    };
-    
-    private static byte[] ESbox_C = {
-         0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3,
-         0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3,
-         0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB,
-         0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4,
-         0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7,
-         0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD,
-         0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7,
-         0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8
-    };
-    
-    private static byte[] ESbox_D = {
-         0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3,
-         0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1,
-         0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2,
-         0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8,
-         0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1,
-         0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6,
-         0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7,
-         0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE
-    };
-    
-    //S-box for digest
-    private static byte DSbox_Test[] = {
-         0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3,
-         0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9,
-         0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB,
-         0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3,
-         0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2,
-         0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE,
-         0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC,
-         0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC
-    };
-    
-    private static byte DSbox_A[] = {
-         0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF,
-         0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8,
-         0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD,
-         0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3,
-         0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5,
-         0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3,
-         0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB,
-         0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC
-    };
-    
-    //
-    // pre-defined sbox table
-    //
-    private static Hashtable sBoxes = new Hashtable();
-    
-    static
-    {
-        addSBox("Default", Sbox_Default);
-        addSBox("E-TEST", ESbox_Test);
-        addSBox("E-A", ESbox_A);
-        addSBox("E-B", ESbox_B);
-        addSBox("E-C", ESbox_C);
-        addSBox("E-D", ESbox_D);
-        addSBox("D-TEST", DSbox_Test);
-        addSBox("D-A", DSbox_A);
-    }
-
-    private static void addSBox(String sBoxName, byte[] sBox)
-    {
-        sBoxes.put(Strings.toUpperCase(sBoxName), sBox);        
-    }
-    
-    /**
-     * standard constructor.
-     */
-    public GOST28147Engine()
-    {
-    }
-
-    /**
-     * initialise an GOST28147 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           forEncryption,
-        CipherParameters  params)
-    {
-        if (params instanceof ParametersWithSBox)
-        {
-            ParametersWithSBox   param = (ParametersWithSBox)params;
-
-            //
-            // Set the S-Box
-            //
-            byte[] sBox = param.getSBox();
-            if (sBox.length != Sbox_Default.length)
-            {
-                throw new IllegalArgumentException("invalid S-box passed to GOST28147 init");
-            }
-            this.S = Arrays.clone(sBox);
-
-            //
-            // set key if there is one
-            //
-            if (param.getParameters() != null)
-            {
-                workingKey = generateWorkingKey(forEncryption,
-                        ((KeyParameter)param.getParameters()).getKey());
-            }
-        }
-        else if (params instanceof KeyParameter)
-        {
-            workingKey = generateWorkingKey(forEncryption,
-                                  ((KeyParameter)params).getKey());
-        }
-        else if (params != null)
-        {
-           throw new IllegalArgumentException("invalid parameter passed to GOST28147 init - " + params.getClass().getName());
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return "GOST28147";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("GOST28147 engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        GOST28147Func(workingKey, in, inOff, out, outOff);
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    private int[] generateWorkingKey(
-        boolean forEncryption,
-        byte[]  userKey)
-    {
-         this.forEncryption = forEncryption;
-
-        if (userKey.length != 32)
-        {
-            throw new IllegalArgumentException("Key length invalid. Key needs to be 32 byte - 256 bit!!!");
-        }
-
-        int key[] = new int[8];
-        for(int i=0; i!=8; i++)
-        {
-            key[i] = bytesToint(userKey,i*4);
-        }
-
-        return key;
-    }
-
-    private int GOST28147_mainStep(int n1, int key)
-    {
-        int cm = (key + n1); // CM1
-
-        // S-box replacing
-
-        int om = S[  0 + ((cm >> (0 * 4)) & 0xF)] << (0 * 4);
-           om += S[ 16 + ((cm >> (1 * 4)) & 0xF)] << (1 * 4);
-           om += S[ 32 + ((cm >> (2 * 4)) & 0xF)] << (2 * 4);
-           om += S[ 48 + ((cm >> (3 * 4)) & 0xF)] << (3 * 4);
-           om += S[ 64 + ((cm >> (4 * 4)) & 0xF)] << (4 * 4);
-           om += S[ 80 + ((cm >> (5 * 4)) & 0xF)] << (5 * 4);
-           om += S[ 96 + ((cm >> (6 * 4)) & 0xF)] << (6 * 4);
-           om += S[112 + ((cm >> (7 * 4)) & 0xF)] << (7 * 4);
-
-        return om << 11 | om >>> (32-11); // 11-leftshift
-    }
-
-    private void GOST28147Func(
-        int[]   workingKey,
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int N1, N2, tmp;  //tmp -> for saving N1
-        N1 = bytesToint(in, inOff);
-        N2 = bytesToint(in, inOff + 4);
-
-        if (this.forEncryption)
-        {
-          for(int k = 0; k < 3; k++)  // 1-24 steps
-          {
-            for(int j = 0; j < 8; j++)
-            {
-                tmp = N1;
-                N1 = N2 ^ GOST28147_mainStep(N1, workingKey[j]); // CM2
-                N2 = tmp;
-            }
-          }
-          for(int j = 7; j > 0; j--)  // 25-31 steps
-          {
-              tmp = N1;
-              N1 = N2 ^ GOST28147_mainStep(N1, workingKey[j]); // CM2
-              N2 = tmp;
-          }
-        }
-        else //decrypt
-        {
-          for(int j = 0; j < 8; j++)  // 1-8 steps
-          {
-             tmp = N1;
-             N1 = N2 ^ GOST28147_mainStep(N1, workingKey[j]); // CM2
-             N2 = tmp;
-          }
-          for(int k = 0; k < 3; k++)  //9-31 steps
-          {
-            for(int j = 7; j >= 0; j--)
-            {
-                if ((k == 2) && (j==0))
-                {
-                    break; // break 32 step
-                }
-                tmp = N1;
-                N1 = N2 ^ GOST28147_mainStep(N1, workingKey[j]); // CM2
-                N2 = tmp;
-            }
-          }
-        }
-
-        N2 = N2 ^ GOST28147_mainStep(N1, workingKey[0]);  // 32 step (N1=N1)
-
-        intTobytes(N1, out, outOff);
-        intTobytes(N2, out, outOff + 4);
-    }
-
-    //array of bytes to type int
-    private int bytesToint(
-        byte[]  in,
-        int     inOff)
-    {
-        return  ((in[inOff + 3] << 24) & 0xff000000) + ((in[inOff + 2] << 16) & 0xff0000) +
-                ((in[inOff + 1] << 8) & 0xff00) + (in[inOff] & 0xff);
-    }
-
-    //int to array of bytes
-    private void intTobytes(
-            int     num,
-            byte[]  out,
-            int     outOff)
-    {
-            out[outOff + 3] = (byte)(num >>> 24);
-            out[outOff + 2] = (byte)(num >>> 16);
-            out[outOff + 1] = (byte)(num >>> 8);
-            out[outOff] =     (byte)num;
-    }
-    
-    /**
-     * Return the S-Box associated with SBoxName
-     * @param sBoxName name of the S-Box
-     * @return byte array representing the S-Box
-     */
-    public static byte[] getSBox(
-        String sBoxName)
-    {
-        byte[] sBox = (byte[])sBoxes.get(Strings.toUpperCase(sBoxName));
-
-        if (sBox == null)
-        {
-            throw new IllegalArgumentException("Unknown S-Box - possible types: "
-                + "\"Default\", \"E-Test\", \"E-A\", \"E-B\", \"E-C\", \"E-D\", \"D-Test\", \"D-A\".");
-        }
-
-        return Arrays.clone(sBox);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java
deleted file mode 100644
index 5638f2b47..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java
+++ /dev/null
@@ -1,302 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Implementation of Martin Hell's, Thomas Johansson's and Willi Meier's stream
- * cipher, Grain-128.
- */
-public class Grain128Engine
-    implements StreamCipher
-{
-
-    /**
-     * Constants
-     */
-    private static final int STATE_SIZE = 4;
-
-    /**
-     * Variables to hold the state of the engine during encryption and
-     * decryption
-     */
-    private byte[] workingKey;
-    private byte[] workingIV;
-    private byte[] out;
-    private int[] lfsr;
-    private int[] nfsr;
-    private int output;
-    private int index = 4;
-
-    private boolean initialised = false;
-
-    public String getAlgorithmName()
-    {
-        return "Grain-128";
-    }
-
-    /**
-     * Initialize a Grain-128 cipher.
-     *
-     * @param forEncryption Whether or not we are for encryption.
-     * @param params        The parameters required to set up the cipher.
-     * @throws IllegalArgumentException If the params argument is inappropriate.
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        /**
-         * Grain encryption and decryption is completely symmetrical, so the
-         * 'forEncryption' is irrelevant.
-         */
-        if (!(params instanceof ParametersWithIV))
-        {
-            throw new IllegalArgumentException(
-                "Grain-128 Init parameters must include an IV");
-        }
-
-        ParametersWithIV ivParams = (ParametersWithIV)params;
-
-        byte[] iv = ivParams.getIV();
-
-        if (iv == null || iv.length != 12)
-        {
-            throw new IllegalArgumentException(
-                "Grain-128  requires exactly 12 bytes of IV");
-        }
-
-        if (!(ivParams.getParameters() instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException(
-                "Grain-128 Init parameters must include a key");
-        }
-
-        KeyParameter key = (KeyParameter)ivParams.getParameters();
-
-        /**
-         * Initialize variables.
-         */
-        workingIV = new byte[key.getKey().length];
-        workingKey = new byte[key.getKey().length];
-        lfsr = new int[STATE_SIZE];
-        nfsr = new int[STATE_SIZE];
-        out = new byte[4];
-
-        System.arraycopy(iv, 0, workingIV, 0, iv.length);
-        System.arraycopy(key.getKey(), 0, workingKey, 0, key.getKey().length);
-
-        setKey(workingKey, workingIV);
-        initGrain();
-    }
-
-    /**
-     * 256 clocks initialization phase.
-     */
-    private void initGrain()
-    {
-        for (int i = 0; i < 8; i++)
-        {
-            output = getOutput();
-            nfsr = shift(nfsr, getOutputNFSR() ^ lfsr[0] ^ output);
-            lfsr = shift(lfsr, getOutputLFSR() ^ output);
-        }
-        initialised = true;
-    }
-
-    /**
-     * Get output from non-linear function g(x).
-     *
-     * @return Output from NFSR.
-     */
-    private int getOutputNFSR()
-    {
-        int b0 = nfsr[0];
-        int b3 = nfsr[0] >>> 3 | nfsr[1] << 29;
-        int b11 = nfsr[0] >>> 11 | nfsr[1] << 21;
-        int b13 = nfsr[0] >>> 13 | nfsr[1] << 19;
-        int b17 = nfsr[0] >>> 17 | nfsr[1] << 15;
-        int b18 = nfsr[0] >>> 18 | nfsr[1] << 14;
-        int b26 = nfsr[0] >>> 26 | nfsr[1] << 6;
-        int b27 = nfsr[0] >>> 27 | nfsr[1] << 5;
-        int b40 = nfsr[1] >>> 8 | nfsr[2] << 24;
-        int b48 = nfsr[1] >>> 16 | nfsr[2] << 16;
-        int b56 = nfsr[1] >>> 24 | nfsr[2] << 8;
-        int b59 = nfsr[1] >>> 27 | nfsr[2] << 5;
-        int b61 = nfsr[1] >>> 29 | nfsr[2] << 3;
-        int b65 = nfsr[2] >>> 1 | nfsr[3] << 31;
-        int b67 = nfsr[2] >>> 3 | nfsr[3] << 29;
-        int b68 = nfsr[2] >>> 4 | nfsr[3] << 28;
-        int b84 = nfsr[2] >>> 20 | nfsr[3] << 12;
-        int b91 = nfsr[2] >>> 27 | nfsr[3] << 5;
-        int b96 = nfsr[3];
-
-        return b0 ^ b26 ^ b56 ^ b91 ^ b96 ^ b3 & b67 ^ b11 & b13 ^ b17 & b18
-            ^ b27 & b59 ^ b40 & b48 ^ b61 & b65 ^ b68 & b84;
-    }
-
-    /**
-     * Get output from linear function f(x).
-     *
-     * @return Output from LFSR.
-     */
-    private int getOutputLFSR()
-    {
-        int s0 = lfsr[0];
-        int s7 = lfsr[0] >>> 7 | lfsr[1] << 25;
-        int s38 = lfsr[1] >>> 6 | lfsr[2] << 26;
-        int s70 = lfsr[2] >>> 6 | lfsr[3] << 26;
-        int s81 = lfsr[2] >>> 17 | lfsr[3] << 15;
-        int s96 = lfsr[3];
-
-        return s0 ^ s7 ^ s38 ^ s70 ^ s81 ^ s96;
-    }
-
-    /**
-     * Get output from output function h(x).
-     *
-     * @return Output from h(x).
-     */
-    private int getOutput()
-    {
-        int b2 = nfsr[0] >>> 2 | nfsr[1] << 30;
-        int b12 = nfsr[0] >>> 12 | nfsr[1] << 20;
-        int b15 = nfsr[0] >>> 15 | nfsr[1] << 17;
-        int b36 = nfsr[1] >>> 4 | nfsr[2] << 28;
-        int b45 = nfsr[1] >>> 13 | nfsr[2] << 19;
-        int b64 = nfsr[2];
-        int b73 = nfsr[2] >>> 9 | nfsr[3] << 23;
-        int b89 = nfsr[2] >>> 25 | nfsr[3] << 7;
-        int b95 = nfsr[2] >>> 31 | nfsr[3] << 1;
-        int s8 = lfsr[0] >>> 8 | lfsr[1] << 24;
-        int s13 = lfsr[0] >>> 13 | lfsr[1] << 19;
-        int s20 = lfsr[0] >>> 20 | lfsr[1] << 12;
-        int s42 = lfsr[1] >>> 10 | lfsr[2] << 22;
-        int s60 = lfsr[1] >>> 28 | lfsr[2] << 4;
-        int s79 = lfsr[2] >>> 15 | lfsr[3] << 17;
-        int s93 = lfsr[2] >>> 29 | lfsr[3] << 3;
-        int s95 = lfsr[2] >>> 31 | lfsr[3] << 1;
-
-        return b12 & s8 ^ s13 & s20 ^ b95 & s42 ^ s60 & s79 ^ b12 & b95 & s95 ^ s93
-            ^ b2 ^ b15 ^ b36 ^ b45 ^ b64 ^ b73 ^ b89;
-    }
-
-    /**
-     * Shift array 32 bits and add val to index.length - 1.
-     *
-     * @param array The array to shift.
-     * @param val   The value to shift in.
-     * @return The shifted array with val added to index.length - 1.
-     */
-    private int[] shift(int[] array, int val)
-    {
-        array[0] = array[1];
-        array[1] = array[2];
-        array[2] = array[3];
-        array[3] = val;
-
-        return array;
-    }
-
-    /**
-     * Set keys, reset cipher.
-     *
-     * @param keyBytes The key.
-     * @param ivBytes  The IV.
-     */
-    private void setKey(byte[] keyBytes, byte[] ivBytes)
-    {
-        ivBytes[12] = (byte)0xFF;
-        ivBytes[13] = (byte)0xFF;
-        ivBytes[14] = (byte)0xFF;
-        ivBytes[15] = (byte)0xFF;
-        workingKey = keyBytes;
-        workingIV = ivBytes;
-
-        /**
-         * Load NFSR and LFSR
-         */
-        int j = 0;
-        for (int i = 0; i < nfsr.length; i++)
-        {
-            nfsr[i] = ((workingKey[j + 3]) << 24) | ((workingKey[j + 2]) << 16)
-                & 0x00FF0000 | ((workingKey[j + 1]) << 8) & 0x0000FF00
-                | ((workingKey[j]) & 0x000000FF);
-
-            lfsr[i] = ((workingIV[j + 3]) << 24) | ((workingIV[j + 2]) << 16)
-                & 0x00FF0000 | ((workingIV[j + 1]) << 8) & 0x0000FF00
-                | ((workingIV[j]) & 0x000000FF);
-            j += 4;
-        }
-    }
-
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
-                             int outOff)
-        throws DataLengthException
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()
-                + " not initialised");
-        }
-
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            out[outOff + i] = (byte)(in[inOff + i] ^ getKeyStream());
-        }
-    }
-
-    public void reset()
-    {
-        index = 4;
-        setKey(workingKey, workingIV);
-        initGrain();
-    }
-
-    /**
-     * Run Grain one round(i.e. 32 bits).
-     */
-    private void oneRound()
-    {
-        output = getOutput();
-        out[0] = (byte)output;
-        out[1] = (byte)(output >> 8);
-        out[2] = (byte)(output >> 16);
-        out[3] = (byte)(output >> 24);
-
-        nfsr = shift(nfsr, getOutputNFSR() ^ lfsr[0]);
-        lfsr = shift(lfsr, getOutputLFSR());
-    }
-
-    public byte returnByte(byte in)
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()
-                + " not initialised");
-        }
-        return (byte)(in ^ getKeyStream());
-    }
-
-    private byte getKeyStream()
-    {
-        if (index > 3)
-        {
-            oneRound();
-            index = 0;
-        }
-        return out[index++];
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java
deleted file mode 100644
index 3b168325f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java
+++ /dev/null
@@ -1,288 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Implementation of Martin Hell's, Thomas Johansson's and Willi Meier's stream
- * cipher, Grain v1.
- */
-public class Grainv1Engine
-    implements StreamCipher
-{
-
-    /**
-     * Constants
-     */
-    private static final int STATE_SIZE = 5;
-
-    /**
-     * Variables to hold the state of the engine during encryption and
-     * decryption
-     */
-    private byte[] workingKey;
-    private byte[] workingIV;
-    private byte[] out;
-    private int[] lfsr;
-    private int[] nfsr;
-    private int output;
-    private int index = 2;
-
-    private boolean initialised = false;
-
-    public String getAlgorithmName()
-    {
-        return "Grain v1";
-    }
-
-    /**
-     * Initialize a Grain v1 cipher.
-     *
-     * @param forEncryption Whether or not we are for encryption.
-     * @param params        The parameters required to set up the cipher.
-     * @throws IllegalArgumentException If the params argument is inappropriate.
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        /**
-         * Grain encryption and decryption is completely symmetrical, so the
-         * 'forEncryption' is irrelevant.
-         */
-        if (!(params instanceof ParametersWithIV))
-        {
-            throw new IllegalArgumentException(
-                "Grain v1 Init parameters must include an IV");
-        }
-
-        ParametersWithIV ivParams = (ParametersWithIV)params;
-
-        byte[] iv = ivParams.getIV();
-
-        if (iv == null || iv.length != 8)
-        {
-            throw new IllegalArgumentException(
-                "Grain v1 requires exactly 8 bytes of IV");
-        }
-
-        if (!(ivParams.getParameters() instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException(
-                "Grain v1 Init parameters must include a key");
-        }
-
-        KeyParameter key = (KeyParameter)ivParams.getParameters();
-
-        /**
-         * Initialize variables.
-         */
-        workingIV = new byte[key.getKey().length];
-        workingKey = new byte[key.getKey().length];
-        lfsr = new int[STATE_SIZE];
-        nfsr = new int[STATE_SIZE];
-        out = new byte[2];
-
-        System.arraycopy(iv, 0, workingIV, 0, iv.length);
-        System.arraycopy(key.getKey(), 0, workingKey, 0, key.getKey().length);
-
-        setKey(workingKey, workingIV);
-        initGrain();
-    }
-
-    /**
-     * 160 clocks initialization phase.
-     */
-    private void initGrain()
-    {
-        for (int i = 0; i < 10; i++)
-        {
-            output = getOutput();
-            nfsr = shift(nfsr, getOutputNFSR() ^ lfsr[0] ^ output);
-            lfsr = shift(lfsr, getOutputLFSR() ^ output);
-        }
-        initialised = true;
-    }
-
-    /**
-     * Get output from non-linear function g(x).
-     *
-     * @return Output from NFSR.
-     */
-    private int getOutputNFSR()
-    {
-        int b0 = nfsr[0];
-        int b9 = nfsr[0] >>> 9 | nfsr[1] << 7;
-        int b14 = nfsr[0] >>> 14 | nfsr[1] << 2;
-        int b15 = nfsr[0] >>> 15 | nfsr[1] << 1;
-        int b21 = nfsr[1] >>> 5 | nfsr[2] << 11;
-        int b28 = nfsr[1] >>> 12 | nfsr[2] << 4;
-        int b33 = nfsr[2] >>> 1 | nfsr[3] << 15;
-        int b37 = nfsr[2] >>> 5 | nfsr[3] << 11;
-        int b45 = nfsr[2] >>> 13 | nfsr[3] << 3;
-        int b52 = nfsr[3] >>> 4 | nfsr[4] << 12;
-        int b60 = nfsr[3] >>> 12 | nfsr[4] << 4;
-        int b62 = nfsr[3] >>> 14 | nfsr[4] << 2;
-        int b63 = nfsr[3] >>> 15 | nfsr[4] << 1;
-
-        return (b62 ^ b60 ^ b52 ^ b45 ^ b37 ^ b33 ^ b28 ^ b21 ^ b14
-            ^ b9 ^ b0 ^ b63 & b60 ^ b37 & b33 ^ b15 & b9 ^ b60 & b52 & b45
-            ^ b33 & b28 & b21 ^ b63 & b45 & b28 & b9 ^ b60 & b52 & b37
-            & b33 ^ b63 & b60 & b21 & b15 ^ b63 & b60 & b52 & b45 & b37
-            ^ b33 & b28 & b21 & b15 & b9 ^ b52 & b45 & b37 & b33 & b28
-            & b21) & 0x0000FFFF;
-    }
-
-    /**
-     * Get output from linear function f(x).
-     *
-     * @return Output from LFSR.
-     */
-    private int getOutputLFSR()
-    {
-        int s0 = lfsr[0];
-        int s13 = lfsr[0] >>> 13 | lfsr[1] << 3;
-        int s23 = lfsr[1] >>> 7 | lfsr[2] << 9;
-        int s38 = lfsr[2] >>> 6 | lfsr[3] << 10;
-        int s51 = lfsr[3] >>> 3 | lfsr[4] << 13;
-        int s62 = lfsr[3] >>> 14 | lfsr[4] << 2;
-
-        return (s0 ^ s13 ^ s23 ^ s38 ^ s51 ^ s62) & 0x0000FFFF;
-    }
-
-    /**
-     * Get output from output function h(x).
-     *
-     * @return Output from h(x).
-     */
-    private int getOutput()
-    {
-        int b1 = nfsr[0] >>> 1 | nfsr[1] << 15;
-        int b2 = nfsr[0] >>> 2 | nfsr[1] << 14;
-        int b4 = nfsr[0] >>> 4 | nfsr[1] << 12;
-        int b10 = nfsr[0] >>> 10 | nfsr[1] << 6;
-        int b31 = nfsr[1] >>> 15 | nfsr[2] << 1;
-        int b43 = nfsr[2] >>> 11 | nfsr[3] << 5;
-        int b56 = nfsr[3] >>> 8 | nfsr[4] << 8;
-        int b63 = nfsr[3] >>> 15 | nfsr[4] << 1;
-        int s3 = lfsr[0] >>> 3 | lfsr[1] << 13;
-        int s25 = lfsr[1] >>> 9 | lfsr[2] << 7;
-        int s46 = lfsr[2] >>> 14 | lfsr[3] << 2;
-        int s64 = lfsr[4];
-
-        return (s25 ^ b63 ^ s3 & s64 ^ s46 & s64 ^ s64 & b63 ^ s3
-            & s25 & s46 ^ s3 & s46 & s64 ^ s3 & s46 & b63 ^ s25 & s46 & b63 ^ s46
-            & s64 & b63 ^ b1 ^ b2 ^ b4 ^ b10 ^ b31 ^ b43 ^ b56) & 0x0000FFFF;
-    }
-
-    /**
-     * Shift array 16 bits and add val to index.length - 1.
-     *
-     * @param array The array to shift.
-     * @param val   The value to shift in.
-     * @return The shifted array with val added to index.length - 1.
-     */
-    private int[] shift(int[] array, int val)
-    {
-        array[0] = array[1];
-        array[1] = array[2];
-        array[2] = array[3];
-        array[3] = array[4];
-        array[4] = val;
-
-        return array;
-    }
-
-    /**
-     * Set keys, reset cipher.
-     *
-     * @param keyBytes The key.
-     * @param ivBytes  The IV.
-     */
-    private void setKey(byte[] keyBytes, byte[] ivBytes)
-    {
-        ivBytes[8] = (byte)0xFF;
-        ivBytes[9] = (byte)0xFF;
-        workingKey = keyBytes;
-        workingIV = ivBytes;
-
-        /**
-         * Load NFSR and LFSR
-         */
-        int j = 0;
-        for (int i = 0; i < nfsr.length; i++)
-        {
-            nfsr[i] = (workingKey[j + 1] << 8 | workingKey[j] & 0xFF) & 0x0000FFFF;
-            lfsr[i] = (workingIV[j + 1] << 8 | workingIV[j] & 0xFF) & 0x0000FFFF;
-            j += 2;
-        }
-    }
-
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
-                             int outOff)
-        throws DataLengthException
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()
-                + " not initialised");
-        }
-
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            out[outOff + i] = (byte)(in[inOff + i] ^ getKeyStream());
-        }
-    }
-
-    public void reset()
-    {
-        index = 2;
-        setKey(workingKey, workingIV);
-        initGrain();
-    }
-
-    /**
-     * Run Grain one round(i.e. 16 bits).
-     */
-    private void oneRound()
-    {
-        output = getOutput();
-        out[0] = (byte)output;
-        out[1] = (byte)(output >> 8);
-
-        nfsr = shift(nfsr, getOutputNFSR() ^ lfsr[0]);
-        lfsr = shift(lfsr, getOutputLFSR());
-    }
-
-    public byte returnByte(byte in)
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()
-                + " not initialised");
-        }
-        return (byte)(in ^ getKeyStream());
-    }
-
-    private byte getKeyStream()
-    {
-        if (index > 1)
-        {
-            oneRound();
-            index = 0;
-        }
-        return out[index++];
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
deleted file mode 100644
index bf9a1b0ef..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
+++ /dev/null
@@ -1,256 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * HC-128 is a software-efficient stream cipher created by Hongjun Wu. It
- * generates keystream from a 128-bit secret key and a 128-bit initialization
- * vector.
- * 

- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
- * 

- * It is a third phase candidate in the eStream contest, and is patent-free.
- * No attacks are known as of today (April 2007). See
- *
- * http://www.ecrypt.eu.org/stream/hcp3.html
- * 

- */
-public class HC128Engine
-    implements StreamCipher
-{
-    private int[] p = new int[512];
-    private int[] q = new int[512];
-    private int cnt = 0;
-
-    private static int f1(int x)
-    {
-        return rotateRight(x, 7) ^ rotateRight(x, 18)
-            ^ (x >>> 3);
-    }
-
-    private static int f2(int x)
-    {
-        return rotateRight(x, 17) ^ rotateRight(x, 19)
-            ^ (x >>> 10);
-    }
-
-    private int g1(int x, int y, int z)
-    {
-        return (rotateRight(x, 10) ^ rotateRight(z, 23))
-            + rotateRight(y, 8);
-    }
-
-    private int g2(int x, int y, int z)
-    {
-        return (rotateLeft(x, 10) ^ rotateLeft(z, 23)) + rotateLeft(y, 8);
-    }
-
-    private static int rotateLeft(
-        int     x,
-        int     bits)
-    {
-        return (x << bits) | (x >>> -bits);
-    }
-
-    private static int rotateRight(
-        int     x,
-        int     bits)
-    {
-        return (x >>> bits) | (x << -bits);
-    }
-
-    private int h1(int x)
-    {
-        return q[x & 0xFF] + q[((x >> 16) & 0xFF) + 256];
-    }
-
-    private int h2(int x)
-    {
-        return p[x & 0xFF] + p[((x >> 16) & 0xFF) + 256];
-    }
-
-    private static int mod1024(int x)
-    {
-        return x & 0x3FF;
-    }
-
-    private static int mod512(int x)
-    {
-        return x & 0x1FF;
-    }
-
-    private static int dim(int x, int y)
-    {
-        return mod512(x - y);
-    }
-
-    private int step()
-    {
-        int j = mod512(cnt);
-        int ret;
-        if (cnt < 512)
-        {
-            p[j] += g1(p[dim(j, 3)], p[dim(j, 10)], p[dim(j, 511)]);
-            ret = h1(p[dim(j, 12)]) ^ p[j];
-        }
-        else
-        {
-            q[j] += g2(q[dim(j, 3)], q[dim(j, 10)], q[dim(j, 511)]);
-            ret = h2(q[dim(j, 12)]) ^ q[j];
-        }
-        cnt = mod1024(cnt + 1);
-        return ret;
-    }
-
-    private byte[] key, iv;
-    private boolean initialised;
-
-    private void init()
-    {
-        if (key.length != 16)
-        {
-            throw new java.lang.IllegalArgumentException(
-                "The key must be 128 bits long");
-        }
-
-        cnt = 0;
-
-        int[] w = new int[1280];
-
-        for (int i = 0; i < 16; i++)
-        {
-            w[i >> 2] |= (key[i] & 0xff) << (8 * (i & 0x3));
-        }
-        System.arraycopy(w, 0, w, 4, 4);
-
-        for (int i = 0; i < iv.length && i < 16; i++)
-        {
-            w[(i >> 2) + 8] |= (iv[i] & 0xff) << (8 * (i & 0x3));
-        }
-        System.arraycopy(w, 8, w, 12, 4);
-
-        for (int i = 16; i < 1280; i++)
-        {
-            w[i] = f2(w[i - 2]) + w[i - 7] + f1(w[i - 15]) + w[i - 16] + i;
-        }
-
-        System.arraycopy(w, 256, p, 0, 512);
-        System.arraycopy(w, 768, q, 0, 512);
-
-        for (int i = 0; i < 512; i++)
-        {
-            p[i] = step();
-        }
-        for (int i = 0; i < 512; i++)
-        {
-            q[i] = step();
-        }
-
-        cnt = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "HC-128";
-    }
-
-    /**
-     * Initialise a HC-128 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption. Irrelevant, as
-     *                      encryption and decryption are the same.
-     * @param params        the parameters required to set up the cipher.
-     * @throws IllegalArgumentException if the params argument is
-     *                                  inappropriate (ie. the key is not 128 bit long).
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        CipherParameters keyParam = params;
-
-        if (params instanceof ParametersWithIV)
-        {
-            iv = ((ParametersWithIV)params).getIV();
-            keyParam = ((ParametersWithIV)params).getParameters();
-        }
-        else
-        {
-            iv = new byte[0];
-        }
-
-        if (keyParam instanceof KeyParameter)
-        {
-            key = ((KeyParameter)keyParam).getKey();
-            init();
-        }
-        else
-        {
-            throw new IllegalArgumentException(
-                "Invalid parameter passed to HC128 init - "
-                    + params.getClass().getName());
-        }
-
-        initialised = true;
-    }
-
-    private byte[] buf = new byte[4];
-    private int idx = 0;
-
-    private byte getByte()
-    {
-        if (idx == 0)
-        {
-            int step = step();
-            buf[0] = (byte)(step & 0xFF);
-            step >>= 8;
-            buf[1] = (byte)(step & 0xFF);
-            step >>= 8;
-            buf[2] = (byte)(step & 0xFF);
-            step >>= 8;
-            buf[3] = (byte)(step & 0xFF);
-        }
-        byte ret = buf[idx];
-        idx = idx + 1 & 0x3;
-        return ret;
-    }
-
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
-                             int outOff) throws DataLengthException
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()
-                + " not initialised");
-        }
-
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            out[outOff + i] = (byte)(in[inOff + i] ^ getByte());
-        }
-    }
-
-    public void reset()
-    {
-        idx = 0;
-        init();
-    }
-
-    public byte returnByte(byte in)
-    {
-        return (byte)(in ^ getByte());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
deleted file mode 100644
index 5b78687a4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
+++ /dev/null
@@ -1,243 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * HC-256 is a software-efficient stream cipher created by Hongjun Wu. It 
- * generates keystream from a 256-bit secret key and a 256-bit initialization 
- * vector.
- * 

- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
- * 

- * Its brother, HC-128, is a third phase candidate in the eStream contest.
- * The algorithm is patent-free. No attacks are known as of today (April 2007). 
- * See
- * 
- * http://www.ecrypt.eu.org/stream/hcp3.html
- * 

- */
-public class HC256Engine
-    implements StreamCipher
-{
-    private int[] p = new int[1024];
-    private int[] q = new int[1024];
-    private int cnt = 0;
-
-    private int step()
-    {
-        int j = cnt & 0x3FF;
-        int ret;
-        if (cnt < 1024)
-        {
-            int x = p[(j - 3 & 0x3FF)];
-            int y = p[(j - 1023 & 0x3FF)];
-            p[j] += p[(j - 10 & 0x3FF)]
-                + (rotateRight(x, 10) ^ rotateRight(y, 23))
-                + q[((x ^ y) & 0x3FF)];
-
-            x = p[(j - 12 & 0x3FF)];
-            ret = (q[x & 0xFF] + q[((x >> 8) & 0xFF) + 256]
-                + q[((x >> 16) & 0xFF) + 512] + q[((x >> 24) & 0xFF) + 768])
-                ^ p[j];
-        }
-        else
-        {
-            int x = q[(j - 3 & 0x3FF)];
-            int y = q[(j - 1023 & 0x3FF)];
-            q[j] += q[(j - 10 & 0x3FF)]
-                + (rotateRight(x, 10) ^ rotateRight(y, 23))
-                + p[((x ^ y) & 0x3FF)];
-
-            x = q[(j - 12 & 0x3FF)];
-            ret = (p[x & 0xFF] + p[((x >> 8) & 0xFF) + 256]
-                + p[((x >> 16) & 0xFF) + 512] + p[((x >> 24) & 0xFF) + 768])
-                ^ q[j];
-        }
-        cnt = cnt + 1 & 0x7FF;
-        return ret;
-    }
-
-    private byte[] key, iv;
-    private boolean initialised;
-
-    private void init()
-    {
-        if (key.length != 32 && key.length != 16)
-        {
-            throw new IllegalArgumentException(
-                "The key must be 128/256 bits long");
-        }
-
-        if (iv.length < 16)
-        {
-            throw new IllegalArgumentException(
-                "The IV must be at least 128 bits long");
-        }
-
-        if (key.length != 32)
-        {
-            byte[] k = new byte[32];
-
-            System.arraycopy(key, 0, k, 0, key.length);
-            System.arraycopy(key, 0, k, 16, key.length);
-
-            key = k;
-        }
-
-        if (iv.length < 32)
-        {
-            byte[] newIV = new byte[32];
-
-            System.arraycopy(iv, 0, newIV, 0, iv.length);
-            System.arraycopy(iv, 0, newIV, iv.length, newIV.length - iv.length);
-
-            iv = newIV;
-        }
-
-        cnt = 0;
-
-        int[] w = new int[2560];
-
-        for (int i = 0; i < 32; i++)
-        {
-            w[i >> 2] |= (key[i] & 0xff) << (8 * (i & 0x3));
-        }
-
-        for (int i = 0; i < 32; i++)
-        {
-            w[(i >> 2) + 8] |= (iv[i] & 0xff) << (8 * (i & 0x3));
-        }
-
-        for (int i = 16; i < 2560; i++)
-        {
-            int x = w[i - 2];
-            int y = w[i - 15];
-            w[i] = (rotateRight(x, 17) ^ rotateRight(x, 19) ^ (x >>> 10))
-                + w[i - 7]
-                + (rotateRight(y, 7) ^ rotateRight(y, 18) ^ (y >>> 3))
-                + w[i - 16] + i;
-        }
-
-        System.arraycopy(w, 512, p, 0, 1024);
-        System.arraycopy(w, 1536, q, 0, 1024);
-
-        for (int i = 0; i < 4096; i++)
-        {
-            step();
-        }
-
-        cnt = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "HC-256";
-    }
-
-    /**
-     * Initialise a HC-256 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption. Irrelevant, as
-     *                      encryption and decryption are the same.
-     * @param params        the parameters required to set up the cipher.
-     * @throws IllegalArgumentException if the params argument is
-     *                                  inappropriate (ie. the key is not 256 bit long).
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        CipherParameters keyParam = params;
-
-        if (params instanceof ParametersWithIV)
-        {
-            iv = ((ParametersWithIV)params).getIV();
-            keyParam = ((ParametersWithIV)params).getParameters();
-        }
-        else
-        {
-            iv = new byte[0];
-        }
-
-        if (keyParam instanceof KeyParameter)
-        {
-            key = ((KeyParameter)keyParam).getKey();
-            init();
-        }
-        else
-        {
-            throw new IllegalArgumentException(
-                "Invalid parameter passed to HC256 init - "
-                    + params.getClass().getName());
-        }
-
-        initialised = true;
-    }
-
-    private byte[] buf = new byte[4];
-    private int idx = 0;
-
-    private byte getByte()
-    {
-        if (idx == 0)
-        {
-            int step = step();
-            buf[0] = (byte)(step & 0xFF);
-            step >>= 8;
-            buf[1] = (byte)(step & 0xFF);
-            step >>= 8;
-            buf[2] = (byte)(step & 0xFF);
-            step >>= 8;
-            buf[3] = (byte)(step & 0xFF);
-        }
-        byte ret = buf[idx];
-        idx = idx + 1 & 0x3;
-        return ret;
-    }
-
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
-                             int outOff) throws DataLengthException
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()
-                + " not initialised");
-        }
-
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            out[outOff + i] = (byte)(in[inOff + i] ^ getByte());
-        }
-    }
-
-    public void reset()
-    {
-        idx = 0;
-        init();
-    }
-
-    public byte returnByte(byte in)
-    {
-        return (byte)(in ^ getByte());
-    }
-
-    private static int rotateRight(
-        int     x,
-        int     bits)
-    {
-        return (x >>> bits) | (x << -bits);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java
deleted file mode 100644
index 34e28173c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java
+++ /dev/null
@@ -1,366 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * A class that provides a basic International Data Encryption Algorithm (IDEA) engine.
- * 

- * This implementation is based on the "HOWTO: INTERNATIONAL DATA ENCRYPTION ALGORITHM"
- * implementation summary by Fauzan Mirza (F.U.Mirza@sheffield.ac.uk). (baring 1 typo at the
- * end of the mulinv function!).
- * 

- * It can be found at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/idea/
- * 

- * Note 1: This algorithm is patented in the USA, Japan, and Europe including
- * at least Austria, France, Germany, Italy, Netherlands, Spain, Sweden, Switzerland
- * and the United Kingdom. Non-commercial use is free, however any commercial
- * products are liable for royalties. Please see
- * www.mediacrypt.com for
- * further details. This announcement has been included at the request of
- * the patent holders.
- * 

- * Note 2: Due to the requests concerning the above, this algorithm is now only
- * included in the extended Bouncy Castle provider and JCE signed jars. It is
- * not included in the default distributions.
- */
-public class IDEAEngine
-    implements BlockCipher
-{
-    protected static final int  BLOCK_SIZE = 8;
-
-    private int[]               workingKey = null;
-
-    /**
-     * standard constructor.
-     */
-    public IDEAEngine()
-    {
-    }
-
-    /**
-     * initialise an IDEA cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           forEncryption,
-        CipherParameters  params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            workingKey = generateWorkingKey(forEncryption,
-                                  ((KeyParameter)params).getKey());
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to IDEA init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "IDEA";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("IDEA engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        ideaFunc(workingKey, in, inOff, out, outOff);
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    private static final int    MASK = 0xffff;
-    private static final int    BASE = 0x10001;
-
-    private int bytesToWord(
-        byte[]  in,
-        int     inOff)
-    {
-        return ((in[inOff] << 8) & 0xff00) + (in[inOff + 1] & 0xff);
-    }
-
-    private void wordToBytes(
-        int     word,
-        byte[]  out,
-        int     outOff)
-    {
-        out[outOff] = (byte)(word >>> 8);
-        out[outOff + 1] = (byte)word;
-    }
-
-    /**
-     * return x = x * y where the multiplication is done modulo
-     * 65537 (0x10001) (as defined in the IDEA specification) and
-     * a zero input is taken to be 65536 (0x10000).
-     *
-     * @param x the x value
-     * @param y the y value
-     * @return x = x * y
-     */
-    private int mul(
-        int x,
-        int y)
-    {
-        if (x == 0)
-        {
-            x = (BASE - y);
-        }
-        else if (y == 0)
-        {
-            x = (BASE - x);
-        }
-        else
-        {
-            int     p = x * y;
-
-            y = p & MASK;
-            x = p >>> 16;
-            x = y - x + ((y < x) ? 1 : 0);
-        }
-
-        return x & MASK;
-    }
-
-    private void ideaFunc(
-        int[]   workingKey,
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int     x0, x1, x2, x3, t0, t1;
-        int     keyOff = 0;
-
-        x0 = bytesToWord(in, inOff);
-        x1 = bytesToWord(in, inOff + 2);
-        x2 = bytesToWord(in, inOff + 4);
-        x3 = bytesToWord(in, inOff + 6);
-
-        for (int round = 0; round < 8; round++)
-        {
-            x0 = mul(x0, workingKey[keyOff++]);
-            x1 += workingKey[keyOff++];
-            x1 &= MASK;
-            x2 += workingKey[keyOff++];
-            x2 &= MASK;
-            x3 = mul(x3, workingKey[keyOff++]);
-
-            t0 = x1;
-            t1 = x2;
-            x2 ^= x0;
-            x1 ^= x3;
-
-            x2 = mul(x2, workingKey[keyOff++]);
-            x1 += x2;
-            x1 &= MASK;
-
-            x1 = mul(x1, workingKey[keyOff++]);
-            x2 += x1;
-            x2 &= MASK;
-
-            x0 ^= x1;
-            x3 ^= x2;
-            x1 ^= t1;
-            x2 ^= t0;
-        }
-
-        wordToBytes(mul(x0, workingKey[keyOff++]), out, outOff);
-        wordToBytes(x2 + workingKey[keyOff++], out, outOff + 2);  /* NB: Order */
-        wordToBytes(x1 + workingKey[keyOff++], out, outOff + 4);
-        wordToBytes(mul(x3, workingKey[keyOff]), out, outOff + 6);
-    }
-
-    /**
-     * The following function is used to expand the user key to the encryption
-     * subkey. The first 16 bytes are the user key, and the rest of the subkey
-     * is calculated by rotating the previous 16 bytes by 25 bits to the left,
-     * and so on until the subkey is completed.
-     */
-    private int[] expandKey(
-        byte[]  uKey)
-    {
-        int[]   key = new int[52];
-
-        if (uKey.length < 16)
-        {
-            byte[]  tmp = new byte[16];
-
-            System.arraycopy(uKey, 0, tmp, tmp.length - uKey.length, uKey.length);
-
-            uKey = tmp;
-        }
-
-        for (int i = 0; i < 8; i++)
-        {
-            key[i] = bytesToWord(uKey, i * 2);
-        }
-
-        for (int i = 8; i < 52; i++)
-        {
-            if ((i & 7) < 6)
-            {
-                key[i] = ((key[i - 7] & 127) << 9 | key[i - 6] >> 7) & MASK;
-            }
-            else if ((i & 7) == 6)
-            {
-                key[i] = ((key[i - 7] & 127) << 9 | key[i - 14] >> 7) & MASK;
-            }
-            else
-            {
-                key[i] = ((key[i - 15] & 127) << 9 | key[i - 14] >> 7) & MASK;
-            }
-        }
-
-        return key;
-    }
-
-    /**
-     * This function computes multiplicative inverse using Euclid's Greatest
-     * Common Divisor algorithm. Zero and one are self inverse.
-     * 

-     * i.e. x * mulInv(x) == 1 (modulo BASE)
-     */
-    private int mulInv(
-        int x)
-    {
-        int t0, t1, q, y;
-        
-        if (x < 2)
-        {
-            return x;
-        }
-
-        t0 = 1;
-        t1 = BASE / x;
-        y  = BASE % x;
-
-        while (y != 1)
-        {
-            q = x / y;
-            x = x % y;
-            t0 = (t0 + (t1 * q)) & MASK;
-            if (x == 1)
-            {
-                return t0;
-            }
-            q = y / x;
-            y = y % x;
-            t1 = (t1 + (t0 * q)) & MASK;
-        }
-
-        return (1 - t1) & MASK;
-    }
-
-    /**
-     * Return the additive inverse of x.
-     * 

-     * i.e. x + addInv(x) == 0
-     */
-    int addInv(
-        int x)
-    {
-        return (0 - x) & MASK;
-    }
-    
-    /**
-     * The function to invert the encryption subkey to the decryption subkey.
-     * It also involves the multiplicative inverse and the additive inverse functions.
-     */
-    private int[] invertKey(
-        int[] inKey)
-    {
-        int     t1, t2, t3, t4;
-        int     p = 52;                 /* We work backwards */
-        int[]   key = new int[52];
-        int     inOff = 0;
-    
-        t1 = mulInv(inKey[inOff++]);
-        t2 = addInv(inKey[inOff++]);
-        t3 = addInv(inKey[inOff++]);
-        t4 = mulInv(inKey[inOff++]);
-        key[--p] = t4;
-        key[--p] = t3;
-        key[--p] = t2;
-        key[--p] = t1;
-    
-        for (int round = 1; round < 8; round++)
-        {
-            t1 = inKey[inOff++];
-            t2 = inKey[inOff++];
-            key[--p] = t2;
-            key[--p] = t1;
-    
-            t1 = mulInv(inKey[inOff++]);
-            t2 = addInv(inKey[inOff++]);
-            t3 = addInv(inKey[inOff++]);
-            t4 = mulInv(inKey[inOff++]);
-            key[--p] = t4;
-            key[--p] = t2; /* NB: Order */
-            key[--p] = t3;
-            key[--p] = t1;
-        }
-
-        t1 = inKey[inOff++];
-        t2 = inKey[inOff++];
-        key[--p] = t2;
-        key[--p] = t1;
-    
-        t1 = mulInv(inKey[inOff++]);
-        t2 = addInv(inKey[inOff++]);
-        t3 = addInv(inKey[inOff++]);
-        t4 = mulInv(inKey[inOff]);
-        key[--p] = t4;
-        key[--p] = t3;
-        key[--p] = t2;
-        key[--p] = t1;
-
-        return key;
-    }
-    
-    private int[] generateWorkingKey(
-        boolean forEncryption,
-        byte[]  userKey)
-    {
-        if (forEncryption)
-        {
-            return expandKey(userKey);
-        }
-        else
-        {
-            return invertKey(expandKey(userKey));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java
deleted file mode 100644
index d45cff72a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java
+++ /dev/null
@@ -1,257 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.params.IESParameters;
-import org.bouncycastle.crypto.params.IESWithCipherParameters;
-import org.bouncycastle.crypto.params.KDFParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-import java.math.BigInteger;
-
-/**
- * support class for constructing intergrated encryption ciphers
- * for doing basic message exchanges on top of key agreement ciphers
- */
-public class IESEngine
-{
-    BasicAgreement      agree;
-    DerivationFunction  kdf;
-    Mac                 mac;
-    BufferedBlockCipher cipher;
-    byte[]              macBuf;
-
-    boolean             forEncryption;
-    CipherParameters    privParam, pubParam;
-    IESParameters       param;
-
-    /**
-     * set up for use with stream mode, where the key derivation function
-     * is used to provide a stream of bytes to xor with the message.
-     *
-     * @param agree the key agreement used as the basis for the encryption
-     * @param kdf the key derivation function used for byte generation
-     * @param mac the message authentication code generator for the message
-     */
-    public IESEngine(
-        BasicAgreement      agree,
-        DerivationFunction  kdf,
-        Mac                 mac)
-    {
-        this.agree = agree;
-        this.kdf = kdf;
-        this.mac = mac;
-        this.macBuf = new byte[mac.getMacSize()];
-        this.cipher = null;
-    }
-
-    /**
-     * set up for use in conjunction with a block cipher to handle the
-     * message.
-     *
-     * @param agree the key agreement used as the basis for the encryption
-     * @param kdf the key derivation function used for byte generation
-     * @param mac the message authentication code generator for the message
-     * @param cipher the cipher to used for encrypting the message
-     */
-    public IESEngine(
-        BasicAgreement      agree,
-        DerivationFunction  kdf,
-        Mac                 mac,
-        BufferedBlockCipher cipher)
-    {
-        this.agree = agree;
-        this.kdf = kdf;
-        this.mac = mac;
-        this.macBuf = new byte[mac.getMacSize()];
-        this.cipher = cipher;
-    }
-
-    /**
-     * Initialise the encryptor.
-     *
-     * @param forEncryption whether or not this is encryption/decryption.
-     * @param privParam our private key parameters
-     * @param pubParam the recipient's/sender's public key parameters
-     * @param param encoding and derivation parameters.
-     */
-    public void init(
-        boolean                     forEncryption,
-        CipherParameters            privParam,
-        CipherParameters            pubParam,
-        CipherParameters            param)
-    {
-        this.forEncryption = forEncryption;
-        this.privParam = privParam;
-        this.pubParam = pubParam;
-        this.param = (IESParameters)param;
-    }
-
-    private byte[] decryptBlock(
-        byte[]  in_enc,
-        int     inOff,
-        int     inLen,
-        byte[]  z)
-        throws InvalidCipherTextException
-    {
-        byte[]          M = null;
-        KeyParameter    macKey = null;
-        KDFParameters   kParam = new KDFParameters(z, param.getDerivationV());
-        int             macKeySize = param.getMacKeySize();
-
-        kdf.init(kParam);
-
-        inLen -= mac.getMacSize();
-    
-        if (cipher == null)     // stream mode
-        {
-            byte[] buf = generateKdfBytes(kParam, inLen + (macKeySize / 8));
-
-            M = new byte[inLen];
-
-            for (int i = 0; i != inLen; i++)
-            {
-                M[i] = (byte)(in_enc[inOff + i] ^ buf[i]);
-            }
-
-            macKey = new KeyParameter(buf, inLen, (macKeySize / 8));
-        }
-        else
-        {
-            int    cipherKeySize = ((IESWithCipherParameters)param).getCipherKeySize();
-            byte[] buf = generateKdfBytes(kParam, (cipherKeySize / 8) + (macKeySize / 8));
-
-            cipher.init(false, new KeyParameter(buf, 0, (cipherKeySize / 8)));
-
-            byte[] tmp = new byte[cipher.getOutputSize(inLen)];
-
-            int len = cipher.processBytes(in_enc, inOff, inLen, tmp, 0);
-
-            len += cipher.doFinal(tmp, len);
-
-            M = new byte[len];
-
-            System.arraycopy(tmp, 0, M, 0, len);
-
-            macKey = new KeyParameter(buf, (cipherKeySize / 8), (macKeySize / 8));
-        }
-
-        byte[]  macIV = param.getEncodingV();
-
-        mac.init(macKey);
-        mac.update(in_enc, inOff, inLen);
-        mac.update(macIV, 0, macIV.length);
-        mac.doFinal(macBuf, 0);
-    
-        inOff += inLen;
-
-        for (int t = 0; t < macBuf.length; t++)
-        {           
-            if (macBuf[t] != in_enc[inOff + t])
-            {
-                throw (new InvalidCipherTextException("Mac codes failed to equal."));
-            }
-        }
-       
-        return M;
-    }
-
-    private byte[] encryptBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen,
-        byte[]  z)
-        throws InvalidCipherTextException
-    {
-        byte[]          C = null;
-        KeyParameter    macKey = null;
-        KDFParameters   kParam = new KDFParameters(z, param.getDerivationV());
-        int             c_text_length = 0;
-        int             macKeySize = param.getMacKeySize();
-
-        if (cipher == null)     // stream mode
-        {
-            byte[] buf = generateKdfBytes(kParam, inLen + (macKeySize / 8));
-
-            C = new byte[inLen + mac.getMacSize()];
-            c_text_length = inLen;
-
-            for (int i = 0; i != inLen; i++)
-            {
-                C[i] = (byte)(in[inOff + i] ^ buf[i]);
-            }
-
-            macKey = new KeyParameter(buf, inLen, (macKeySize / 8));
-        }
-        else
-        {
-            int    cipherKeySize = ((IESWithCipherParameters)param).getCipherKeySize();
-            byte[] buf = generateKdfBytes(kParam, (cipherKeySize / 8) + (macKeySize / 8));
-
-            cipher.init(true, new KeyParameter(buf, 0, (cipherKeySize / 8)));
-
-            c_text_length = cipher.getOutputSize(inLen);
-
-            byte[] tmp = new byte[c_text_length];
-
-            int len = cipher.processBytes(in, inOff, inLen, tmp, 0);
-
-            len += cipher.doFinal(tmp, len);
-
-            C = new byte[len + mac.getMacSize()];
-            c_text_length = len;
-
-            System.arraycopy(tmp, 0, C, 0, len);
-
-            macKey = new KeyParameter(buf, (cipherKeySize / 8), (macKeySize / 8));
-        }
-
-        byte[]  macIV = param.getEncodingV();
-
-        mac.init(macKey);
-        mac.update(C, 0, c_text_length);
-        mac.update(macIV, 0, macIV.length);
-        //
-        // return the message and it's MAC
-        //
-        mac.doFinal(C, c_text_length);
-        return C;
-    }
-
-    private byte[] generateKdfBytes(
-        KDFParameters kParam,
-        int length)
-    {
-        byte[]  buf = new byte[length];
-
-        kdf.init(kParam);
-
-        kdf.generateBytes(buf, 0, buf.length);
-
-        return buf;
-    }
-
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        agree.init(privParam);
-
-        BigInteger  z = agree.calculateAgreement(pubParam);
-
-        if (forEncryption)
-        {
-            return encryptBlock(in, inOff, inLen, z.toByteArray());
-        }
-        else
-        {
-            return decryptBlock(in, inOff, inLen, z.toByteArray());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
deleted file mode 100644
index 37969cba0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
+++ /dev/null
@@ -1,245 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count).
- * see: http://www.burtleburtle.net/bob/rand/isaacafa.html
-*/
-public class ISAACEngine
-    implements StreamCipher
-{
-    // Constants
-    private final int sizeL          = 8,
-                      stateArraySize = sizeL<<5; // 256
-    
-    // Cipher's internal state
-    private int[]   engineState   = null, // mm                
-                    results       = null; // randrsl
-    private int     a = 0, b = 0, c = 0;
-    
-    // Engine state
-    private int     index         = 0;
-    private byte[]  keyStream     = new byte[stateArraySize<<2], // results expanded into bytes
-                    workingKey    = null;
-    private boolean initialised   = false;
-    
-    /**
-     * initialise an ISAAC cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-                     boolean             forEncryption, 
-                     CipherParameters     params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to ISAAC init - " + params.getClass().getName());
-        }
-        /* 
-         * ISAAC encryption and decryption is completely
-         * symmetrical, so the 'forEncryption' is 
-         * irrelevant.
-         */
-        KeyParameter p = (KeyParameter)params;
-        setKey(p.getKey());
-        
-        return;
-    }
-                    
-    public byte returnByte(byte in)
-    {
-        if (index == 0) 
-        {
-            isaac();
-            keyStream = intToByteLittle(results);
-        }
-        byte out = (byte)(keyStream[index]^in);
-        index = (index + 1) & 1023;
-        
-        return out;
-    }
-    
-    public void processBytes(
-                             byte[]     in, 
-                             int     inOff, 
-                             int     len, 
-                             byte[]     out, 
-                             int     outOff)
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()+" not initialised");
-        }
-        
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-        
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        for (int i = 0; i < len; i++)
-        {
-            if (index == 0) 
-            {
-                isaac();
-                keyStream = intToByteLittle(results);
-            }
-            out[i+outOff] = (byte)(keyStream[index]^in[i+inOff]);
-            index = (index + 1) & 1023;
-        }
-    }
-    
-    public String getAlgorithmName()
-    {
-        return "ISAAC";
-    }
-    
-    public void reset()
-    {
-        setKey(workingKey);
-    }
-    
-    // Private implementation
-    private void setKey(byte[] keyBytes)
-    {
-        workingKey = keyBytes;
-        
-        if (engineState == null)
-        {
-            engineState = new int[stateArraySize];
-        }
-        
-        if (results == null)
-        {
-            results = new int[stateArraySize];
-        }
-        
-        int i, j, k;
-        
-        // Reset state
-        for (i = 0; i < stateArraySize; i++)
-        {
-            engineState[i] = results[i] = 0;
-        }
-        a = b = c = 0;
-        
-        // Reset index counter for output
-        index = 0;
-        
-        // Convert the key bytes to ints and put them into results[] for initialization
-        byte[] t = new byte[keyBytes.length + (keyBytes.length & 3)];
-        System.arraycopy(keyBytes, 0, t, 0, keyBytes.length);
-        for (i = 0; i < t.length; i+=4)
-        {
-            results[i>>2] = byteToIntLittle(t, i);
-        }
-        
-        // It has begun?
-        int[] abcdefgh = new int[sizeL];
-        
-        for (i = 0; i < sizeL; i++)
-        {
-            abcdefgh[i] = 0x9e3779b9; // Phi (golden ratio)
-        }
-        
-        for (i = 0; i < 4; i++)
-        {
-            mix(abcdefgh);
-        }
-        
-        for (i = 0; i < 2; i++)
-        {
-            for (j = 0; j < stateArraySize; j+=sizeL)
-            {
-                for (k = 0; k < sizeL; k++)
-                {
-                    abcdefgh[k] += (i<1) ? results[j+k] : engineState[j+k];
-                }
-                
-                mix(abcdefgh);
-                
-                for (k = 0; k < sizeL; k++)
-                {
-                    engineState[j+k] = abcdefgh[k];
-                }
-            }
-        }
-        
-        isaac();
-        
-        initialised = true;
-    }    
-    
-    private void isaac()
-    {
-        int i, x, y;
-        
-        b += ++c;
-        for (i = 0; i < stateArraySize; i++)
-        {
-            x = engineState[i];
-            switch (i & 3)
-            {
-                case 0: a ^= (a <<  13); break;
-                case 1: a ^= (a >>>  6); break;
-                case 2: a ^= (a <<   2); break;
-                case 3: a ^= (a >>> 16); break;
-            }
-            a += engineState[(i+128) & 0xFF];
-            engineState[i] = y = engineState[(x >>> 2) & 0xFF] + a + b;
-            results[i] = b = engineState[(y >>> 10) & 0xFF] + x;
-        }
-    }
-    
-    private void mix(int[] x)
-    {
-        x[0]^=x[1]<< 11; x[3]+=x[0]; x[1]+=x[2];
-        x[1]^=x[2]>>> 2; x[4]+=x[1]; x[2]+=x[3];
-        x[2]^=x[3]<<  8; x[5]+=x[2]; x[3]+=x[4];
-        x[3]^=x[4]>>>16; x[6]+=x[3]; x[4]+=x[5];
-        x[4]^=x[5]<< 10; x[7]+=x[4]; x[5]+=x[6];
-        x[5]^=x[6]>>> 4; x[0]+=x[5]; x[6]+=x[7];
-        x[6]^=x[7]<<  8; x[1]+=x[6]; x[7]+=x[0];
-        x[7]^=x[0]>>> 9; x[2]+=x[7]; x[0]+=x[1];
-    }
-    
-    private int byteToIntLittle(byte[] x, int offset)
-    {
-        return (int)(x[offset++] & 0xFF)        |
-                   ((x[offset++] & 0xFF) <<  8) |
-                   ((x[offset++] & 0xFF) << 16) |
-                    (x[offset++] << 24);
-    }
-    
-    private byte[] intToByteLittle(int x)
-    {
-        byte[] out = new byte[4];
-        out[3] = (byte)x;
-        out[2] = (byte)(x >>> 8);
-        out[1] = (byte)(x >>> 16);
-        out[0] = (byte)(x >>> 24);
-        return out;
-    } 
-    
-    private byte[] intToByteLittle(int[] x)
-    {
-        byte[] out = new byte[4*x.length];
-        for (int i = 0, j = 0; i < x.length; i++,j+=4)
-        {
-            System.arraycopy(intToByteLittle(x[i]), 0, out, j, 4);
-        }
-        return out;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java
deleted file mode 100644
index a5403fac2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java
+++ /dev/null
@@ -1,437 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import java.math.BigInteger;
-import java.util.Vector;
-import org.bouncycastle.util.Arrays;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.params.NaccacheSternKeyParameters;
-import org.bouncycastle.crypto.params.NaccacheSternPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-/**
- * NaccacheStern Engine. For details on this cipher, please see
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
- */
-public class NaccacheSternEngine
-    implements AsymmetricBlockCipher
-{
-    private boolean forEncryption;
-
-    private NaccacheSternKeyParameters key;
-
-    private Vector[] lookup = null;
-
-    private boolean debug = false;
-
-    private static BigInteger ZERO = BigInteger.valueOf(0);
-    private static BigInteger ONE = BigInteger.valueOf(1);
-
-    /**
-     * Initializes this algorithm. Must be called before all other Functions.
-     * 
-     * @see org.bouncycastle.crypto.AsymmetricBlockCipher#init(boolean,
-     *      org.bouncycastle.crypto.CipherParameters)
-     */
-    public void init(boolean forEncryption, CipherParameters param)
-    {
-        this.forEncryption = forEncryption;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            param = ((ParametersWithRandom) param).getParameters();
-        }
-
-        key = (NaccacheSternKeyParameters)param;
-
-        // construct lookup table for faster decryption if necessary
-        if (!this.forEncryption)
-        {
-            if (debug)
-            {
-                System.out.println("Constructing lookup Array");
-            }
-            NaccacheSternPrivateKeyParameters priv = (NaccacheSternPrivateKeyParameters)key;
-            Vector primes = priv.getSmallPrimes();
-            lookup = new Vector[primes.size()];
-            for (int i = 0; i < primes.size(); i++)
-            {
-                BigInteger actualPrime = (BigInteger)primes.elementAt(i);
-                int actualPrimeValue = actualPrime.intValue();
-
-                lookup[i] = new Vector();
-                lookup[i].addElement(ONE);
-
-                if (debug)
-                {
-                    System.out.println("Constructing lookup ArrayList for " + actualPrimeValue);
-                }
-
-                BigInteger accJ = ZERO;
-
-                for (int j = 1; j < actualPrimeValue; j++)
-                {
-                    accJ = accJ.add(priv.getPhi_n());
-                    BigInteger comp = accJ.divide(actualPrime);
-                    lookup[i].addElement(priv.getG().modPow(comp, priv.getModulus()));
-                }
-            }
-        }
-    }
-
-    public void setDebug(boolean debug)
-    {
-        this.debug = debug;
-    }
-
-    /**
-     * Returns the input block size of this algorithm.
-     * 
-     * @see org.bouncycastle.crypto.AsymmetricBlockCipher#getInputBlockSize()
-     */
-    public int getInputBlockSize()
-    {
-        if (forEncryption)
-        {
-            // We can only encrypt values up to lowerSigmaBound
-            return (key.getLowerSigmaBound() + 7) / 8 - 1;
-        }
-        else
-        {
-            // We pad to modulus-size bytes for easier decryption.
-            return key.getModulus().toByteArray().length;
-        }
-    }
-
-    /**
-     * Returns the output block size of this algorithm.
-     * 
-     * @see org.bouncycastle.crypto.AsymmetricBlockCipher#getOutputBlockSize()
-     */
-    public int getOutputBlockSize()
-    {
-        if (forEncryption)
-        {
-            // encrypted Data is always padded up to modulus size
-            return key.getModulus().toByteArray().length;
-        }
-        else
-        {
-            // decrypted Data has upper limit lowerSigmaBound
-            return (key.getLowerSigmaBound() + 7) / 8 - 1;
-        }
-    }
-
-    /**
-     * Process a single Block using the Naccache-Stern algorithm.
-     * 
-     * @see org.bouncycastle.crypto.AsymmetricBlockCipher#processBlock(byte[],
-     *      int, int)
-     */
-    public byte[] processBlock(byte[] in, int inOff, int len) throws InvalidCipherTextException
-    {
-        if (key == null)
-        {
-            throw new IllegalStateException("NaccacheStern engine not initialised");
-        }
-        if (len > (getInputBlockSize() + 1))
-        {
-            throw new DataLengthException("input too large for Naccache-Stern cipher.\n");
-        }
-
-        if (!forEncryption)
-        {
-            // At decryption make sure that we receive padded data blocks
-            if (len < getInputBlockSize())
-            {
-                throw new InvalidCipherTextException("BlockLength does not match modulus for Naccache-Stern cipher.\n");
-            }
-        }
-
-        byte[] block;
-
-        if (inOff != 0 || len != in.length)
-        {
-            block = new byte[len];
-            System.arraycopy(in, inOff, block, 0, len);
-        }
-        else
-        {
-            block = in;
-        }
-
-        // transform input into BigInteger
-        BigInteger input = new BigInteger(1, block);
-        if (debug)
-        {
-            System.out.println("input as BigInteger: " + input);
-        }
-        byte[] output;
-        if (forEncryption)
-        {
-            output = encrypt(input);
-        }
-        else
-        {
-            Vector plain = new Vector();
-            NaccacheSternPrivateKeyParameters priv = (NaccacheSternPrivateKeyParameters)key;
-            Vector primes = priv.getSmallPrimes();
-            // Get Chinese Remainders of CipherText
-            for (int i = 0; i < primes.size(); i++)
-            {
-                BigInteger exp = input.modPow(priv.getPhi_n().divide((BigInteger)primes.elementAt(i)), priv.getModulus());
-                Vector al = lookup[i];
-                if (lookup[i].size() != ((BigInteger)primes.elementAt(i)).intValue())
-                {
-                    if (debug)
-                    {
-                        System.out.println("Prime is " + primes.elementAt(i) + ", lookup table has size " + al.size());
-                    }
-                    throw new InvalidCipherTextException("Error in lookup Array for "
-                                    + ((BigInteger)primes.elementAt(i)).intValue()
-                                    + ": Size mismatch. Expected ArrayList with length "
-                                    + ((BigInteger)primes.elementAt(i)).intValue() + " but found ArrayList of length "
-                                    + lookup[i].size());
-                }
-                int lookedup = al.indexOf(exp);
-
-                if (lookedup == -1)
-                {
-                    if (debug)
-                    {
-                        System.out.println("Actual prime is " + primes.elementAt(i));
-                        System.out.println("Decrypted value is " + exp);
-
-                        System.out.println("LookupList for " + primes.elementAt(i) + " with size " + lookup[i].size()
-                                        + " is: ");
-                        for (int j = 0; j < lookup[i].size(); j++)
-                        {
-                            System.out.println(lookup[i].elementAt(j));
-                        }
-                    }
-                    throw new InvalidCipherTextException("Lookup failed");
-                }
-                plain.addElement(BigInteger.valueOf(lookedup));
-            }
-            BigInteger test = chineseRemainder(plain, primes);
-
-            // Should not be used as an oracle, so reencrypt output to see
-            // if it corresponds to input
-
-            // this breaks probabilisic encryption, so disable it. Anyway, we do
-            // use the first n primes for key generation, so it is pretty easy
-            // to guess them. But as stated in the paper, this is not a security
-            // breach. So we can just work with the correct sigma.
-
-            // if (debug) {
-            //      System.out.println("Decryption is " + test);
-            // }
-            // if ((key.getG().modPow(test, key.getModulus())).equals(input)) {
-            //      output = test.toByteArray();
-            // } else {
-            //      if(debug){
-            //          System.out.println("Engine seems to be used as an oracle,
-            //          returning null");
-            //      }
-            //      output = null;
-            // }
-
-            output = test.toByteArray();
-
-        }
-
-        return output;
-    }
-
-    /**
-     * Encrypts a BigInteger aka Plaintext with the public key.
-     * 
-     * @param plain
-     *            The BigInteger to encrypt
-     * @return The byte[] representation of the encrypted BigInteger (i.e.
-     *         crypted.toByteArray())
-     */
-    public byte[] encrypt(BigInteger plain)
-    {
-        // Always return modulus size values 0-padded at the beginning
-        // 0-padding at the beginning is correctly parsed by BigInteger :)
-        byte[] output = key.getModulus().toByteArray();
-        Arrays.fill(output, (byte)0);
-        byte[] tmp = key.getG().modPow(plain, key.getModulus()).toByteArray();
-        System
-                .arraycopy(tmp, 0, output, output.length - tmp.length,
-                        tmp.length);
-        if (debug)
-        {
-            System.out
-                    .println("Encrypted value is:  " + new BigInteger(output));
-        }
-        return output;
-    }
-
-    /**
-     * Adds the contents of two encrypted blocks mod sigma
-     * 
-     * @param block1
-     *            the first encrypted block
-     * @param block2
-     *            the second encrypted block
-     * @return encrypt((block1 + block2) mod sigma)
-     * @throws InvalidCipherTextException
-     */
-    public byte[] addCryptedBlocks(byte[] block1, byte[] block2)
-            throws InvalidCipherTextException
-    {
-        // check for correct blocksize
-        if (forEncryption)
-        {
-            if ((block1.length > getOutputBlockSize())
-                    || (block2.length > getOutputBlockSize()))
-            {
-                throw new InvalidCipherTextException(
-                        "BlockLength too large for simple addition.\n");
-            }
-        }
-        else
-        {
-            if ((block1.length > getInputBlockSize())
-                    || (block2.length > getInputBlockSize()))
-            {
-                throw new InvalidCipherTextException(
-                        "BlockLength too large for simple addition.\n");
-            }
-        }
-
-        // calculate resulting block
-        BigInteger m1Crypt = new BigInteger(1, block1);
-        BigInteger m2Crypt = new BigInteger(1, block2);
-        BigInteger m1m2Crypt = m1Crypt.multiply(m2Crypt);
-        m1m2Crypt = m1m2Crypt.mod(key.getModulus());
-        if (debug)
-        {
-            System.out.println("c(m1) as BigInteger:....... " + m1Crypt);
-            System.out.println("c(m2) as BigInteger:....... " + m2Crypt);
-            System.out.println("c(m1)*c(m2)%n = c(m1+m2)%n: " + m1m2Crypt);
-        }
-
-        byte[] output = key.getModulus().toByteArray();
-        Arrays.fill(output, (byte)0);
-        System.arraycopy(m1m2Crypt.toByteArray(), 0, output, output.length
-                - m1m2Crypt.toByteArray().length,
-                m1m2Crypt.toByteArray().length);
-
-        return output;
-    }
-
-    /**
-     * Convenience Method for data exchange with the cipher.
-     * 
-     * Determines blocksize and splits data to blocksize.
-     *
-     * @param data the data to be processed
-     * @return the data after it went through the NaccacheSternEngine.
-     * @throws InvalidCipherTextException 
-     */
-    public byte[] processData(byte[] data) throws InvalidCipherTextException
-    {
-        if (debug)
-        {
-            System.out.println();
-        }
-        if (data.length > getInputBlockSize())
-        {
-            int inBlocksize = getInputBlockSize();
-            int outBlocksize = getOutputBlockSize();
-            if (debug)
-            {
-                System.out.println("Input blocksize is:  " + inBlocksize + " bytes");
-                System.out.println("Output blocksize is: " + outBlocksize + " bytes");
-                System.out.println("Data has length:.... " + data.length + " bytes");
-            }
-            int datapos = 0;
-            int retpos = 0;
-            byte[] retval = new byte[(data.length / inBlocksize + 1) * outBlocksize];
-            while (datapos < data.length)
-            {
-                byte[] tmp;
-                if (datapos + inBlocksize < data.length)
-                {
-                    tmp = processBlock(data, datapos, inBlocksize);
-                    datapos += inBlocksize;
-                }
-                else
-                {
-                    tmp = processBlock(data, datapos, data.length - datapos);
-                    datapos += data.length - datapos;
-                }
-                if (debug)
-                {
-                    System.out.println("new datapos is " + datapos);
-                }
-                if (tmp != null)
-                {
-                    System.arraycopy(tmp, 0, retval, retpos, tmp.length);
-                    
-                    retpos += tmp.length;
-                }
-                else
-                {
-                    if (debug)
-                    {
-                        System.out.println("cipher returned null");
-                    }
-                    throw new InvalidCipherTextException("cipher returned null");
-                }
-            }
-            byte[] ret = new byte[retpos];
-            System.arraycopy(retval, 0, ret, 0, retpos);
-            if (debug)
-            {
-                System.out.println("returning " + ret.length + " bytes");
-            }
-            return ret;
-        }
-        else
-        {
-            if (debug)
-            {
-                System.out.println("data size is less then input block size, processing directly");
-            }
-            return processBlock(data, 0, data.length);
-        }
-    }
-
-    /**
-     * Computes the integer x that is expressed through the given primes and the
-     * congruences with the chinese remainder theorem (CRT).
-     * 
-     * @param congruences
-     *            the congruences c_i
-     * @param primes
-     *            the primes p_i
-     * @return an integer x for that x % p_i == c_i
-     */
-    private static BigInteger chineseRemainder(Vector congruences, Vector primes)
-    {
-        BigInteger retval = ZERO;
-        BigInteger all = ONE;
-        for (int i = 0; i < primes.size(); i++)
-        {
-            all = all.multiply((BigInteger)primes.elementAt(i));
-        }
-        for (int i = 0; i < primes.size(); i++)
-        {
-            BigInteger a = (BigInteger)primes.elementAt(i);
-            BigInteger b = all.divide(a);
-            BigInteger b_ = b.modInverse(a);
-            BigInteger tmp = b.multiply(b_);
-            tmp = tmp.multiply((BigInteger)congruences.elementAt(i));
-            retval = retval.add(tmp);
-        }
-
-        return retval.mod(all);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NoekeonEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NoekeonEngine.java
deleted file mode 100644
index 057c1e0cb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NoekeonEngine.java
+++ /dev/null
@@ -1,262 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * A Noekeon engine, using direct-key mode.
- */
-
-public class NoekeonEngine
-    implements BlockCipher
-{
-    private static final int genericSize = 16; // Block and key size, as well as the amount of rounds.
-    
-    private static final int[] nullVector = 
-                               {
-                                    0x00, 0x00, 0x00, 0x00 // Used in decryption
-                               },
-        
-                               roundConstants = 
-                               {
-                                    0x80, 0x1b, 0x36, 0x6c,
-                                    0xd8, 0xab, 0x4d, 0x9a,
-                                    0x2f, 0x5e, 0xbc, 0x63,
-                                    0xc6, 0x97, 0x35, 0x6a,
-                                    0xd4
-                               };
-    
-    private int[] state   = new int[4], // a
-                  subKeys = new int[4], // k
-                  decryptKeys = new int[4];
-    
-    private boolean _initialised,
-                    _forEncryption;
-    
-    /**
-     * Create an instance of the Noekeon encryption algorithm
-     * and set some defaults
-     */
-    public NoekeonEngine()
-    {
-        _initialised = false;
-    }
-    
-    public String getAlgorithmName()
-    {
-        return "Noekeon";
-    }
-    
-    public int getBlockSize()
-    {
-        return genericSize;
-    }
-    
-    /**
-     * initialise
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-                     boolean             forEncryption,
-                     CipherParameters    params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to Noekeon init - " + params.getClass().getName());
-        }
-        
-        _forEncryption = forEncryption;
-        _initialised = true;
-        
-        KeyParameter       p = (KeyParameter)params;
-        
-        setKey(p.getKey());
-    }
-    
-    public int processBlock(
-                            byte[]  in,
-                            int     inOff,
-                            byte[]  out,
-                            int     outOff)
-    {
-        if (!_initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()+" not initialised");
-        }
-        
-        if ((inOff + genericSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-        
-        if ((outOff + genericSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        return (_forEncryption) ? encryptBlock(in, inOff, out, outOff)
-                                : decryptBlock(in, inOff, out, outOff);
-    }
-    
-    public void reset()
-    {
-    }
-    
-    /**
-     * Re-key the cipher.
-     * 

-     * @param  key  the key to be used
-     */
-    private void setKey(
-                        byte[]      key)
-    {
-        subKeys[0] = bytesToIntBig(key, 0);
-        subKeys[1] = bytesToIntBig(key, 4);
-        subKeys[2] = bytesToIntBig(key, 8);
-        subKeys[3] = bytesToIntBig(key, 12);
-    }
-    
-    private int encryptBlock(
-                             byte[]  in,
-                             int     inOff,
-                             byte[]  out,
-                             int     outOff)
-    {
-        state[0] = bytesToIntBig(in, inOff);
-        state[1] = bytesToIntBig(in, inOff+4);
-        state[2] = bytesToIntBig(in, inOff+8);
-        state[3] = bytesToIntBig(in, inOff+12);
-        
-        int i;
-        for (i = 0; i < genericSize; i++)
-        {
-            state[0] ^= roundConstants[i];
-            theta(state, subKeys);
-            pi1(state);
-            gamma(state);
-            pi2(state);            
-        }
-        
-        state[0] ^= roundConstants[i];
-        theta(state, subKeys);
-        
-        intToBytesBig(state[0], out, outOff);
-        intToBytesBig(state[1], out, outOff+4);
-        intToBytesBig(state[2], out, outOff+8);
-        intToBytesBig(state[3], out, outOff+12);
-        
-        return genericSize;
-    }
-    
-    private int decryptBlock(
-                             byte[]  in,
-                             int     inOff,
-                             byte[]  out,
-                             int     outOff)
-    {
-        state[0] = bytesToIntBig(in, inOff);
-        state[1] = bytesToIntBig(in, inOff+4);
-        state[2] = bytesToIntBig(in, inOff+8);
-        state[3] = bytesToIntBig(in, inOff+12);
-        
-        System.arraycopy(subKeys, 0, decryptKeys, 0, subKeys.length);
-        theta(decryptKeys, nullVector);
-        
-        int i;
-        for (i = genericSize; i > 0; i--)
-        {
-            theta(state, decryptKeys);
-            state[0] ^= roundConstants[i];
-            pi1(state);
-            gamma(state);
-            pi2(state);
-        }
-        
-        theta(state, decryptKeys);
-        state[0] ^= roundConstants[i];
-        
-        intToBytesBig(state[0], out, outOff);
-        intToBytesBig(state[1], out, outOff+4);
-        intToBytesBig(state[2], out, outOff+8);
-        intToBytesBig(state[3], out, outOff+12);
-        
-        return genericSize;
-    }
-        
-    private void gamma(int[] a)
-    {
-        a[1] ^= ~a[3] & ~a[2];
-        a[0] ^= a[2] & a[1];
-        
-        int tmp = a[3];
-        a[3]  = a[0];
-        a[0]  = tmp;
-        a[2] ^= a[0]^a[1]^a[3];
-        
-        a[1] ^= ~a[3] & ~a[2];
-        a[0] ^= a[2] & a[1];
-    }
-    
-    private void theta(int[] a, int[] k)
-    {
-        int tmp;
-        
-        tmp   = a[0]^a[2]; 
-        tmp  ^= rotl(tmp,8)^rotl(tmp,24); 
-        a[1] ^= tmp; 
-        a[3] ^= tmp; 
-        
-        for (int i = 0; i < 4; i++)
-        {
-            a[i] ^= k[i];
-        }
-        
-        tmp   = a[1]^a[3]; 
-        tmp  ^= rotl(tmp,8)^rotl(tmp,24); 
-        a[0] ^= tmp; 
-        a[2] ^= tmp;
-    }
-    
-    private void pi1(int[] a)
-    {
-        a[1] = rotl(a[1], 1);
-        a[2] = rotl(a[2], 5);
-        a[3] = rotl(a[3], 2);
-    }
-    
-    private void pi2(int[] a)
-    {
-        a[1] = rotl(a[1], 31);
-        a[2] = rotl(a[2], 27);
-        a[3] = rotl(a[3], 30);
-    }
-    
-    // Helpers
-    
-    private int bytesToIntBig(byte[] in, int off)
-    {
-        return ((in[off++]) << 24) |
-        ((in[off++] & 0xff) << 16) |
-        ((in[off++] & 0xff) <<  8) |
-         (in[off  ] & 0xff);
-    }
-    
-    private void intToBytesBig(int x, byte[] out, int off)
-    {
-        out[off++] = (byte)(x >>> 24);
-        out[off++] = (byte)(x >>> 16);
-        out[off++] = (byte)(x >>>  8);
-        out[off  ] = (byte)x;
-    }
-    
-    private int rotl(int x, int y)
-    {
-        return (x << y) | (x >>> (32-y));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java
deleted file mode 100644
index 4e8f7d08e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-
-/**
- * The no-op engine that just copies bytes through, irrespective of whether encrypting and decrypting.
- * Provided for the sake of completeness.
- */
-public class NullEngine implements BlockCipher
-{
-    private boolean initialised;
-    protected static final int BLOCK_SIZE = 1;
-    
-    /**
-     * Standard constructor.
-     */
-    public NullEngine()
-    {
-        super();
-    }
-
-    /* (non-Javadoc)
-     * @see org.bouncycastle.crypto.BlockCipher#init(boolean, org.bouncycastle.crypto.CipherParameters)
-     */
-    public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException
-    {
-        // we don't mind any parameters that may come in
-        this.initialised = true;
-    }
-
-    /* (non-Javadoc)
-     * @see org.bouncycastle.crypto.BlockCipher#getAlgorithmName()
-     */
-    public String getAlgorithmName()
-    {
-        return "Null";
-    }
-
-    /* (non-Javadoc)
-     * @see org.bouncycastle.crypto.BlockCipher#getBlockSize()
-     */
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    /* (non-Javadoc)
-     * @see org.bouncycastle.crypto.BlockCipher#processBlock(byte[], int, byte[], int)
-     */
-    public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException("Null engine not initialised");
-        }
-            if ((inOff + BLOCK_SIZE) > in.length)
-            {
-                throw new DataLengthException("input buffer too short");
-            }
-
-            if ((outOff + BLOCK_SIZE) > out.length)
-            {
-                throw new DataLengthException("output buffer too short");
-            }
-            
-            for (int i = 0; i < BLOCK_SIZE; ++i)
-            {
-                out[outOff + i] = in[inOff + i];
-            }
-            
-            return BLOCK_SIZE;
-    }
-
-    /* (non-Javadoc)
-     * @see org.bouncycastle.crypto.BlockCipher#reset()
-     */
-    public void reset()
-    {
-        // nothing needs to be done
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java
deleted file mode 100644
index 62240ea62..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java
+++ /dev/null
@@ -1,316 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.RC2Parameters;
-
-/**
- * an implementation of RC2 as described in RFC 2268
- *      "A Description of the RC2(r) Encryption Algorithm" R. Rivest.
- */
-public class RC2Engine
-    implements BlockCipher
-{
-    //
-    // the values we use for key expansion (based on the digits of PI)
-    //
-    private static byte[] piTable =
-    {
-        (byte)0xd9, (byte)0x78, (byte)0xf9, (byte)0xc4, (byte)0x19, (byte)0xdd, (byte)0xb5, (byte)0xed, 
-        (byte)0x28, (byte)0xe9, (byte)0xfd, (byte)0x79, (byte)0x4a, (byte)0xa0, (byte)0xd8, (byte)0x9d, 
-        (byte)0xc6, (byte)0x7e, (byte)0x37, (byte)0x83, (byte)0x2b, (byte)0x76, (byte)0x53, (byte)0x8e, 
-        (byte)0x62, (byte)0x4c, (byte)0x64, (byte)0x88, (byte)0x44, (byte)0x8b, (byte)0xfb, (byte)0xa2, 
-        (byte)0x17, (byte)0x9a, (byte)0x59, (byte)0xf5, (byte)0x87, (byte)0xb3, (byte)0x4f, (byte)0x13, 
-        (byte)0x61, (byte)0x45, (byte)0x6d, (byte)0x8d, (byte)0x9, (byte)0x81, (byte)0x7d, (byte)0x32, 
-        (byte)0xbd, (byte)0x8f, (byte)0x40, (byte)0xeb, (byte)0x86, (byte)0xb7, (byte)0x7b, (byte)0xb, 
-        (byte)0xf0, (byte)0x95, (byte)0x21, (byte)0x22, (byte)0x5c, (byte)0x6b, (byte)0x4e, (byte)0x82, 
-        (byte)0x54, (byte)0xd6, (byte)0x65, (byte)0x93, (byte)0xce, (byte)0x60, (byte)0xb2, (byte)0x1c, 
-        (byte)0x73, (byte)0x56, (byte)0xc0, (byte)0x14, (byte)0xa7, (byte)0x8c, (byte)0xf1, (byte)0xdc, 
-        (byte)0x12, (byte)0x75, (byte)0xca, (byte)0x1f, (byte)0x3b, (byte)0xbe, (byte)0xe4, (byte)0xd1, 
-        (byte)0x42, (byte)0x3d, (byte)0xd4, (byte)0x30, (byte)0xa3, (byte)0x3c, (byte)0xb6, (byte)0x26, 
-        (byte)0x6f, (byte)0xbf, (byte)0xe, (byte)0xda, (byte)0x46, (byte)0x69, (byte)0x7, (byte)0x57, 
-        (byte)0x27, (byte)0xf2, (byte)0x1d, (byte)0x9b, (byte)0xbc, (byte)0x94, (byte)0x43, (byte)0x3, 
-        (byte)0xf8, (byte)0x11, (byte)0xc7, (byte)0xf6, (byte)0x90, (byte)0xef, (byte)0x3e, (byte)0xe7, 
-        (byte)0x6, (byte)0xc3, (byte)0xd5, (byte)0x2f, (byte)0xc8, (byte)0x66, (byte)0x1e, (byte)0xd7, 
-        (byte)0x8, (byte)0xe8, (byte)0xea, (byte)0xde, (byte)0x80, (byte)0x52, (byte)0xee, (byte)0xf7, 
-        (byte)0x84, (byte)0xaa, (byte)0x72, (byte)0xac, (byte)0x35, (byte)0x4d, (byte)0x6a, (byte)0x2a, 
-        (byte)0x96, (byte)0x1a, (byte)0xd2, (byte)0x71, (byte)0x5a, (byte)0x15, (byte)0x49, (byte)0x74, 
-        (byte)0x4b, (byte)0x9f, (byte)0xd0, (byte)0x5e, (byte)0x4, (byte)0x18, (byte)0xa4, (byte)0xec, 
-        (byte)0xc2, (byte)0xe0, (byte)0x41, (byte)0x6e, (byte)0xf, (byte)0x51, (byte)0xcb, (byte)0xcc, 
-        (byte)0x24, (byte)0x91, (byte)0xaf, (byte)0x50, (byte)0xa1, (byte)0xf4, (byte)0x70, (byte)0x39, 
-        (byte)0x99, (byte)0x7c, (byte)0x3a, (byte)0x85, (byte)0x23, (byte)0xb8, (byte)0xb4, (byte)0x7a, 
-        (byte)0xfc, (byte)0x2, (byte)0x36, (byte)0x5b, (byte)0x25, (byte)0x55, (byte)0x97, (byte)0x31, 
-        (byte)0x2d, (byte)0x5d, (byte)0xfa, (byte)0x98, (byte)0xe3, (byte)0x8a, (byte)0x92, (byte)0xae, 
-        (byte)0x5, (byte)0xdf, (byte)0x29, (byte)0x10, (byte)0x67, (byte)0x6c, (byte)0xba, (byte)0xc9, 
-        (byte)0xd3, (byte)0x0, (byte)0xe6, (byte)0xcf, (byte)0xe1, (byte)0x9e, (byte)0xa8, (byte)0x2c, 
-        (byte)0x63, (byte)0x16, (byte)0x1, (byte)0x3f, (byte)0x58, (byte)0xe2, (byte)0x89, (byte)0xa9, 
-        (byte)0xd, (byte)0x38, (byte)0x34, (byte)0x1b, (byte)0xab, (byte)0x33, (byte)0xff, (byte)0xb0, 
-        (byte)0xbb, (byte)0x48, (byte)0xc, (byte)0x5f, (byte)0xb9, (byte)0xb1, (byte)0xcd, (byte)0x2e, 
-        (byte)0xc5, (byte)0xf3, (byte)0xdb, (byte)0x47, (byte)0xe5, (byte)0xa5, (byte)0x9c, (byte)0x77, 
-        (byte)0xa, (byte)0xa6, (byte)0x20, (byte)0x68, (byte)0xfe, (byte)0x7f, (byte)0xc1, (byte)0xad 
-    };
-
-    private static final int BLOCK_SIZE = 8;
-
-    private int[]   workingKey;
-    private boolean encrypting;
-
-    private int[] generateWorkingKey(
-        byte[]      key,
-        int         bits)
-    {
-        int     x;
-        int[]   xKey = new int[128];
-
-        for (int i = 0; i != key.length; i++)
-        {
-            xKey[i] = key[i] & 0xff;
-        }
-
-        // Phase 1: Expand input key to 128 bytes
-        int len = key.length;
-
-        if (len < 128)
-        {
-            int     index = 0;
-
-            x = xKey[len - 1];
-
-            do
-            {
-                x = piTable[(x + xKey[index++]) & 255] & 0xff;
-                xKey[len++] = x;
-            }
-            while (len < 128);
-        }
-
-        // Phase 2 - reduce effective key size to "bits"
-        len = (bits + 7) >> 3;
-        x = piTable[xKey[128 - len] & (255 >> (7 & -bits))] & 0xff;
-        xKey[128 - len] = x;
-
-        for (int i = 128 - len - 1; i >= 0; i--)
-        {
-                x = piTable[x ^ xKey[i + len]] & 0xff;
-                xKey[i] = x;
-        }
-
-        // Phase 3 - copy to newKey in little-endian order 
-        int[] newKey = new int[64];
-
-        for (int i = 0; i != newKey.length; i++)
-        {
-            newKey[i] = (xKey[2 * i] + (xKey[2 * i + 1] << 8));
-        }
-
-        return newKey;
-    }
-
-    /**
-     * initialise a RC2 cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           encrypting,
-        CipherParameters  params)
-    {
-        this.encrypting = encrypting;
-
-        if (params instanceof RC2Parameters)
-        {
-            RC2Parameters   param = (RC2Parameters)params;
-
-            workingKey = generateWorkingKey(param.getKey(),
-                                            param.getEffectiveKeyBits());
-        }
-        else if (params instanceof KeyParameter)
-        {
-            byte[]    key = ((KeyParameter)params).getKey();
-
-            workingKey = generateWorkingKey(key, key.length * 8);
-        }
-        else
-        {
-            throw new IllegalArgumentException("invalid parameter passed to RC2 init - " + params.getClass().getName());
-        }
-
-    }
-
-    public void reset()
-    {
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RC2";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public final int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("RC2 engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (encrypting)
-        {
-            encryptBlock(in, inOff, out, outOff);
-        }
-        else
-        {
-            decryptBlock(in, inOff, out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * return the result rotating the 16 bit number in x left by y
-     */
-    private int rotateWordLeft(
-        int x,
-        int y)
-    {
-        x &= 0xffff;
-        return (x << y) | (x >> (16 - y));
-    }
-
-    private void encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int x76, x54, x32, x10;
-
-        x76 = ((in[inOff + 7] & 0xff) << 8) + (in[inOff + 6] & 0xff);
-        x54 = ((in[inOff + 5] & 0xff) << 8) + (in[inOff + 4] & 0xff);
-        x32 = ((in[inOff + 3] & 0xff) << 8) + (in[inOff + 2] & 0xff);
-        x10 = ((in[inOff + 1] & 0xff) << 8) + (in[inOff + 0] & 0xff);
-
-        for (int i = 0; i <= 16; i += 4)
-        {
-                x10 = rotateWordLeft(x10 + (x32 & ~x76) + (x54 & x76) + workingKey[i  ], 1);
-                x32 = rotateWordLeft(x32 + (x54 & ~x10) + (x76 & x10) + workingKey[i+1], 2);
-                x54 = rotateWordLeft(x54 + (x76 & ~x32) + (x10 & x32) + workingKey[i+2], 3);
-                x76 = rotateWordLeft(x76 + (x10 & ~x54) + (x32 & x54) + workingKey[i+3], 5);
-        }
-
-        x10 += workingKey[x76 & 63];
-        x32 += workingKey[x10 & 63];
-        x54 += workingKey[x32 & 63];
-        x76 += workingKey[x54 & 63];
-
-        for (int i = 20; i <= 40; i += 4)
-        {
-                x10 = rotateWordLeft(x10 + (x32 & ~x76) + (x54 & x76) + workingKey[i  ], 1);
-                x32 = rotateWordLeft(x32 + (x54 & ~x10) + (x76 & x10) + workingKey[i+1], 2);
-                x54 = rotateWordLeft(x54 + (x76 & ~x32) + (x10 & x32) + workingKey[i+2], 3);
-                x76 = rotateWordLeft(x76 + (x10 & ~x54) + (x32 & x54) + workingKey[i+3], 5);
-        }
-
-        x10 += workingKey[x76 & 63];
-        x32 += workingKey[x10 & 63];
-        x54 += workingKey[x32 & 63];
-        x76 += workingKey[x54 & 63];
-
-        for (int i = 44; i < 64; i += 4)
-        {
-                x10 = rotateWordLeft(x10 + (x32 & ~x76) + (x54 & x76) + workingKey[i  ], 1);
-                x32 = rotateWordLeft(x32 + (x54 & ~x10) + (x76 & x10) + workingKey[i+1], 2);
-                x54 = rotateWordLeft(x54 + (x76 & ~x32) + (x10 & x32) + workingKey[i+2], 3);
-                x76 = rotateWordLeft(x76 + (x10 & ~x54) + (x32 & x54) + workingKey[i+3], 5);
-        }
-
-        out[outOff + 0] = (byte)x10;
-        out[outOff + 1] = (byte)(x10 >> 8);
-        out[outOff + 2] = (byte)x32;
-        out[outOff + 3] = (byte)(x32 >> 8);
-        out[outOff + 4] = (byte)x54;
-        out[outOff + 5] = (byte)(x54 >> 8);
-        out[outOff + 6] = (byte)x76;
-        out[outOff + 7] = (byte)(x76 >> 8);
-    }
-
-    private void decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int x76, x54, x32, x10;
-
-        x76 = ((in[inOff + 7] & 0xff) << 8) + (in[inOff + 6] & 0xff);
-        x54 = ((in[inOff + 5] & 0xff) << 8) + (in[inOff + 4] & 0xff);
-        x32 = ((in[inOff + 3] & 0xff) << 8) + (in[inOff + 2] & 0xff);
-        x10 = ((in[inOff + 1] & 0xff) << 8) + (in[inOff + 0] & 0xff);
-
-        for (int i = 60; i >= 44; i -= 4)
-        {
-            x76 = rotateWordLeft(x76, 11) - ((x10 & ~x54) + (x32 & x54) + workingKey[i+3]);
-            x54 = rotateWordLeft(x54, 13) - ((x76 & ~x32) + (x10 & x32) + workingKey[i+2]);
-            x32 = rotateWordLeft(x32, 14) - ((x54 & ~x10) + (x76 & x10) + workingKey[i+1]);
-            x10 = rotateWordLeft(x10, 15) - ((x32 & ~x76) + (x54 & x76) + workingKey[i  ]);
-        }
-
-        x76 -= workingKey[x54 & 63];
-        x54 -= workingKey[x32 & 63];
-        x32 -= workingKey[x10 & 63];
-        x10 -= workingKey[x76 & 63];
-
-        for (int i = 40; i >= 20; i -= 4)
-        {
-            x76 = rotateWordLeft(x76, 11) - ((x10 & ~x54) + (x32 & x54) + workingKey[i+3]);
-            x54 = rotateWordLeft(x54, 13) - ((x76 & ~x32) + (x10 & x32) + workingKey[i+2]);
-            x32 = rotateWordLeft(x32, 14) - ((x54 & ~x10) + (x76 & x10) + workingKey[i+1]);
-            x10 = rotateWordLeft(x10, 15) - ((x32 & ~x76) + (x54 & x76) + workingKey[i  ]);
-        }
-
-        x76 -= workingKey[x54 & 63];
-        x54 -= workingKey[x32 & 63];
-        x32 -= workingKey[x10 & 63];
-        x10 -= workingKey[x76 & 63];
-
-        for (int i = 16; i >= 0; i -= 4)
-        {
-            x76 = rotateWordLeft(x76, 11) - ((x10 & ~x54) + (x32 & x54) + workingKey[i+3]);
-            x54 = rotateWordLeft(x54, 13) - ((x76 & ~x32) + (x10 & x32) + workingKey[i+2]);
-            x32 = rotateWordLeft(x32, 14) - ((x54 & ~x10) + (x76 & x10) + workingKey[i+1]);
-            x10 = rotateWordLeft(x10, 15) - ((x32 & ~x76) + (x54 & x76) + workingKey[i  ]);
-        }
-
-        out[outOff + 0] = (byte)x10;
-        out[outOff + 1] = (byte)(x10 >> 8);
-        out[outOff + 2] = (byte)x32;
-        out[outOff + 3] = (byte)(x32 >> 8);
-        out[outOff + 4] = (byte)x54;
-        out[outOff + 5] = (byte)(x54 >> 8);
-        out[outOff + 6] = (byte)x76;
-        out[outOff + 7] = (byte)(x76 >> 8);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
deleted file mode 100644
index 185387d84..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
+++ /dev/null
@@ -1,383 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Wrap keys according to RFC 3217 - RC2 mechanism
- */
-public class RC2WrapEngine
-    implements Wrapper
-{
-   /** Field engine */
-   private CBCBlockCipher engine;
-
-   /** Field param */
-   private CipherParameters param;
-
-   /** Field paramPlusIV */
-   private ParametersWithIV paramPlusIV;
-
-   /** Field iv */
-   private byte[] iv;
-
-   /** Field forWrapping */
-   private boolean forWrapping;
-   
-   private SecureRandom sr;
-
-   /** Field IV2           */
-   private static final byte[] IV2 = { (byte) 0x4a, (byte) 0xdd, (byte) 0xa2,
-                                       (byte) 0x2c, (byte) 0x79, (byte) 0xe8,
-                                       (byte) 0x21, (byte) 0x05 };
-
-    //
-    // checksum digest
-    //
-    Digest  sha1 = new SHA1Digest();
-    byte[]  digest = new byte[20];
-
-   /**
-    * Method init
-    *
-    * @param forWrapping
-    * @param param
-    */
-   public void init(boolean forWrapping, CipherParameters param)
-   {
-        this.forWrapping = forWrapping;
-        this.engine = new CBCBlockCipher(new RC2Engine());
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom pWithR = (ParametersWithRandom)param;
-            sr = pWithR.getRandom();
-            param = pWithR.getParameters();
-        }
-        else
-        {
-            sr = new SecureRandom();
-        }
-        
-        if (param instanceof ParametersWithIV)
-        {
-            this.paramPlusIV = (ParametersWithIV)param;
-            this.iv = this.paramPlusIV.getIV();
-            this.param = this.paramPlusIV.getParameters();
-
-            if (this.forWrapping)
-            {
-                if ((this.iv == null) || (this.iv.length != 8))
-                {
-                    throw new IllegalArgumentException("IV is not 8 octets");
-                }
-            }
-            else
-            {
-                throw new IllegalArgumentException(
-                        "You should not supply an IV for unwrapping");
-            }
-        }
-        else
-        {
-            this.param = param;
-
-            if (this.forWrapping)
-            {
-
-                // Hm, we have no IV but we want to wrap ?!?
-                // well, then we have to create our own IV.
-                this.iv = new byte[8];
-
-                sr.nextBytes(iv);
-
-                this.paramPlusIV = new ParametersWithIV(this.param, this.iv);
-            }
-        }
-
-   }
-
-   /**
-    * Method getAlgorithmName
-    *
-    * @return the algorithm name "RC2".
-    */
-   public String getAlgorithmName() 
-   {
-      return "RC2";
-   }
-
-   /**
-    * Method wrap
-    *
-    * @param in
-    * @param inOff
-    * @param inLen
-    * @return the wrapped bytes.
-    */
-   public byte[] wrap(byte[] in, int inOff, int inLen)
-    {
-
-        if (!forWrapping)
-        {
-            throw new IllegalStateException("Not initialized for wrapping");
-        }
-
-        int length = inLen + 1;
-        if ((length % 8) != 0)
-        {
-            length += 8 - (length % 8);
-        }
-
-        byte keyToBeWrapped[] = new byte[length];
-
-        keyToBeWrapped[0] = (byte)inLen;
-        System.arraycopy(in, inOff, keyToBeWrapped, 1, inLen);
-        
-        byte[] pad = new byte[keyToBeWrapped.length - inLen - 1];
-
-        if (pad.length > 0)
-        {
-            sr.nextBytes(pad);
-            System.arraycopy(pad, 0, keyToBeWrapped, inLen + 1, pad.length);
-        }
-
-        // Compute the CMS Key Checksum, (section 5.6.1), call this CKS.
-        byte[] CKS = calculateCMSKeyChecksum(keyToBeWrapped);
-
-        // Let WKCKS = WK || CKS where || is concatenation.
-        byte[] WKCKS = new byte[keyToBeWrapped.length + CKS.length];
-
-        System.arraycopy(keyToBeWrapped, 0, WKCKS, 0, keyToBeWrapped.length);
-        System.arraycopy(CKS, 0, WKCKS, keyToBeWrapped.length, CKS.length);
-
-        // Encrypt WKCKS in CBC mode using KEK as the key and IV as the
-        // initialization vector. Call the results TEMP1.
-        byte TEMP1[] = new byte[WKCKS.length];
-
-        System.arraycopy(WKCKS, 0, TEMP1, 0, WKCKS.length);
-
-        int noOfBlocks = WKCKS.length / engine.getBlockSize();
-        int extraBytes = WKCKS.length % engine.getBlockSize();
-
-        if (extraBytes != 0)
-        {
-            throw new IllegalStateException("Not multiple of block length");
-        }
-
-        engine.init(true, paramPlusIV);
-
-        for (int i = 0; i < noOfBlocks; i++)
-        {
-            int currentBytePos = i * engine.getBlockSize();
-
-            engine.processBlock(TEMP1, currentBytePos, TEMP1, currentBytePos);
-        }
-
-        // Left TEMP2 = IV || TEMP1.
-        byte[] TEMP2 = new byte[this.iv.length + TEMP1.length];
-
-        System.arraycopy(this.iv, 0, TEMP2, 0, this.iv.length);
-        System.arraycopy(TEMP1, 0, TEMP2, this.iv.length, TEMP1.length);
-
-        // Reverse the order of the octets in TEMP2 and call the result TEMP3.
-        byte[] TEMP3 = new byte[TEMP2.length];
-
-        for (int i = 0; i < TEMP2.length; i++)
-        {
-            TEMP3[i] = TEMP2[TEMP2.length - (i + 1)];
-        }
-
-        // Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
-        // of 0x 4a dd a2 2c 79 e8 21 05. The resulting cipher text is the
-        // desired
-        // result. It is 40 octets long if a 168 bit key is being wrapped.
-        ParametersWithIV param2 = new ParametersWithIV(this.param, IV2);
-
-        this.engine.init(true, param2);
-
-        for (int i = 0; i < noOfBlocks + 1; i++)
-        {
-            int currentBytePos = i * engine.getBlockSize();
-
-            engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos);
-        }
-
-        return TEMP3;
-   }
-
-   /**
-    * Method unwrap
-    *
-    * @param in
-    * @param inOff
-    * @param inLen
-    * @return the unwrapped bytes.
-    * @throws InvalidCipherTextException
-    */
-   public byte[] unwrap(byte[] in, int inOff, int inLen)
-            throws InvalidCipherTextException
-    {
-
-        if (forWrapping)
-        {
-            throw new IllegalStateException("Not set for unwrapping");
-        }
-
-        if (in == null)
-        {
-            throw new InvalidCipherTextException("Null pointer as ciphertext");
-        }
-
-        if (inLen % engine.getBlockSize() != 0)
-        {
-            throw new InvalidCipherTextException("Ciphertext not multiple of "
-                    + engine.getBlockSize());
-        }
-
-        /*
-         * // Check if the length of the cipher text is reasonable given the key //
-         * type. It must be 40 bytes for a 168 bit key and either 32, 40, or //
-         * 48 bytes for a 128, 192, or 256 bit key. If the length is not
-         * supported // or inconsistent with the algorithm for which the key is
-         * intended, // return error. // // we do not accept 168 bit keys. it
-         * has to be 192 bit. int lengthA = (estimatedKeyLengthInBit / 8) + 16;
-         * int lengthB = estimatedKeyLengthInBit % 8;
-         * 
-         * if ((lengthA != keyToBeUnwrapped.length) || (lengthB != 0)) { throw
-         * new XMLSecurityException("empty"); }
-         */
-
-        // Decrypt the cipher text with TRIPLedeS in CBC mode using the KEK
-        // and an initialization vector (IV) of 0x4adda22c79e82105. Call the
-        // output TEMP3.
-        ParametersWithIV param2 = new ParametersWithIV(this.param, IV2);
-
-        this.engine.init(false, param2);
-
-        byte TEMP3[] = new byte[inLen];
-
-        System.arraycopy(in, inOff, TEMP3, 0, inLen);
-
-        for (int i = 0; i < (TEMP3.length / engine.getBlockSize()); i++)
-        {
-            int currentBytePos = i * engine.getBlockSize();
-
-            engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos);
-        }
-
-        // Reverse the order of the octets in TEMP3 and call the result TEMP2.
-        byte[] TEMP2 = new byte[TEMP3.length];
-
-        for (int i = 0; i < TEMP3.length; i++)
-        {
-            TEMP2[i] = TEMP3[TEMP3.length - (i + 1)];
-        }
-
-        // Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining
-        // octets.
-        this.iv = new byte[8];
-
-        byte[] TEMP1 = new byte[TEMP2.length - 8];
-
-        System.arraycopy(TEMP2, 0, this.iv, 0, 8);
-        System.arraycopy(TEMP2, 8, TEMP1, 0, TEMP2.length - 8);
-
-        // Decrypt TEMP1 using TRIPLedeS in CBC mode using the KEK and the IV
-        // found in the previous step. Call the result WKCKS.
-        this.paramPlusIV = new ParametersWithIV(this.param, this.iv);
-
-        this.engine.init(false, this.paramPlusIV);
-
-        byte[] LCEKPADICV = new byte[TEMP1.length];
-
-        System.arraycopy(TEMP1, 0, LCEKPADICV, 0, TEMP1.length);
-
-        for (int i = 0; i < (LCEKPADICV.length / engine.getBlockSize()); i++)
-        {
-            int currentBytePos = i * engine.getBlockSize();
-
-            engine.processBlock(LCEKPADICV, currentBytePos, LCEKPADICV,
-                    currentBytePos);
-        }
-
-        // Decompose LCEKPADICV. CKS is the last 8 octets and WK, the wrapped
-        // key, are
-        // those octets before the CKS.
-        byte[] result = new byte[LCEKPADICV.length - 8];
-        byte[] CKStoBeVerified = new byte[8];
-
-        System.arraycopy(LCEKPADICV, 0, result, 0, LCEKPADICV.length - 8);
-        System.arraycopy(LCEKPADICV, LCEKPADICV.length - 8, CKStoBeVerified, 0,
-                8);
-
-        // Calculate a CMS Key Checksum, (section 5.6.1), over the WK and
-        // compare
-        // with the CKS extracted in the above step. If they are not equal,
-        // return error.
-        if (!checkCMSKeyChecksum(result, CKStoBeVerified))
-        {
-            throw new InvalidCipherTextException(
-                    "Checksum inside ciphertext is corrupted");
-        }
-
-        if ((result.length - ((result[0] & 0xff) + 1)) > 7)
-        {
-            throw new InvalidCipherTextException("too many pad bytes ("
-                    + (result.length - ((result[0] & 0xff) + 1)) + ")");
-        }
-
-        // CEK is the wrapped key, now extracted for use in data decryption.
-        byte[] CEK = new byte[result[0]];
-        System.arraycopy(result, 1, CEK, 0, CEK.length);
-        return CEK;
-    }
-
-    /**
-     * Some key wrap algorithms make use of the Key Checksum defined
-     * in CMS [CMS-Algorithms]. This is used to provide an integrity
-     * check value for the key being wrapped. The algorithm is
-     *
-     * - Compute the 20 octet SHA-1 hash on the key being wrapped.
-     * - Use the first 8 octets of this hash as the checksum value.
-     *
-     * @param key
-     * @return
-     * @throws RuntimeException
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-     */
-    private byte[] calculateCMSKeyChecksum(
-        byte[] key)
-    {
-        byte[]  result = new byte[8];
-
-        sha1.update(key, 0, key.length);
-        sha1.doFinal(digest, 0);
-
-        System.arraycopy(digest, 0, result, 0, 8);
-
-        return result;
-    }
-
-    /**
-     * @param key
-     * @param checksum
-     * @return
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-     */
-    private boolean checkCMSKeyChecksum(
-        byte[] key,
-        byte[] checksum)
-    {
-        return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java
deleted file mode 100644
index e7a9cdd30..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java
+++ /dev/null
@@ -1,143 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-public class RC4Engine implements StreamCipher
-{
-    private final static int STATE_LENGTH = 256;
-
-    /*
-     * variables to hold the state of the RC4 engine
-     * during encryption and decryption
-     */
-
-    private byte[]      engineState = null;
-    private int         x = 0;
-    private int         y = 0;
-    private byte[]      workingKey = null;
-
-    /**
-     * initialise a RC4 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption, 
-        CipherParameters     params
-   )
-    {
-        if (params instanceof KeyParameter)
-        {
-            /* 
-             * RC4 encryption and decryption is completely
-             * symmetrical, so the 'forEncryption' is 
-             * irrelevant.
-             */
-            workingKey = ((KeyParameter)params).getKey();
-            setKey(workingKey);
-
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to RC4 init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RC4";
-    }
-
-    public byte returnByte(byte in)
-    {
-        x = (x + 1) & 0xff;
-        y = (engineState[x] + y) & 0xff;
-
-        // swap
-        byte tmp = engineState[x];
-        engineState[x] = engineState[y];
-        engineState[y] = tmp;
-
-        // xor
-        return (byte)(in ^ engineState[(engineState[x] + engineState[y]) & 0xff]);
-    }
-
-    public void processBytes(
-        byte[]     in, 
-        int     inOff, 
-        int     len, 
-        byte[]     out, 
-        int     outOff)
-    {
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        for (int i = 0; i < len ; i++)
-        {
-            x = (x + 1) & 0xff;
-            y = (engineState[x] + y) & 0xff;
-
-            // swap
-            byte tmp = engineState[x];
-            engineState[x] = engineState[y];
-            engineState[y] = tmp;
-
-            // xor
-            out[i+outOff] = (byte)(in[i + inOff]
-                    ^ engineState[(engineState[x] + engineState[y]) & 0xff]);
-        }
-    }
-
-    public void reset()
-    {
-        setKey(workingKey);
-    }
-
-    // Private implementation
-
-    private void setKey(byte[] keyBytes)
-    {
-        workingKey = keyBytes;
-
-        // System.out.println("the key length is ; "+ workingKey.length);
-
-        x = 0;
-        y = 0;
-
-        if (engineState == null)
-        {
-            engineState = new byte[STATE_LENGTH];
-        }
-
-        // reset the state of the engine
-        for (int i=0; i < STATE_LENGTH; i++)
-        {
-            engineState[i] = (byte)i;
-        }
-        
-        int i1 = 0;
-        int i2 = 0;
-
-        for (int i=0; i < STATE_LENGTH; i++)
-        {
-            i2 = ((keyBytes[i1] & 0xff) + engineState[i] + i2) & 0xff;
-            // do the byte-swap inline
-            byte tmp = engineState[i];
-            engineState[i] = engineState[i2];
-            engineState[i2] = tmp;
-            i1 = (i1+1) % keyBytes.length; 
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java
deleted file mode 100644
index 9fb6f5501..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java
+++ /dev/null
@@ -1,287 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.RC5Parameters;
-
-/**
- * The specification for RC5 came from the RC5 Encryption Algorithm
- * publication in RSA CryptoBytes, Spring of 1995. 
- * http://www.rsasecurity.com/rsalabs/cryptobytes.
- * 

- * This implementation has a word size of 32 bits.
- * 

- * Implementation courtesy of Tito Pena.
- */
-public class RC532Engine
-    implements BlockCipher
-{
-    /*
-     * the number of rounds to perform
-     */
-    private int _noRounds;
-
-    /*
-     * the expanded key array of size 2*(rounds + 1)
-     */
-    private int _S[];
-
-    /*
-     * our "magic constants" for 32 32
-     *
-     * Pw = Odd((e-2) * 2^wordsize)
-     * Qw = Odd((o-2) * 2^wordsize)
-     *
-     * where e is the base of natural logarithms (2.718281828...)
-     * and o is the golden ratio (1.61803398...)
-     */
-    private static final int P32 = 0xb7e15163;
-    private static final int Q32 = 0x9e3779b9;
-
-    private boolean forEncryption;
-
-    /**
-     * Create an instance of the RC5 encryption algorithm
-     * and set some defaults
-     */
-    public RC532Engine()
-    {
-        _noRounds     = 12;         // the default
-        _S            = null;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RC5-32";
-    }
-
-    public int getBlockSize()
-    {
-        return 2 * 4;
-    }
-
-    /**
-     * initialise a RC5-32 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-    {
-        if (params instanceof RC5Parameters)
-        {
-            RC5Parameters       p = (RC5Parameters)params;
-
-            _noRounds     = p.getRounds();
-
-            setKey(p.getKey());
-        }
-        else if (params instanceof KeyParameter)
-        {
-            KeyParameter       p = (KeyParameter)params;
-
-            setKey(p.getKey());
-        }
-        else
-        {
-            throw new IllegalArgumentException("invalid parameter passed to RC532 init - " + params.getClass().getName());
-        }
-
-        this.forEncryption = forEncryption;
-    }
-
-    public int processBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        return (forEncryption) ? encryptBlock(in, inOff, out, outOff) 
-                                    : decryptBlock(in, inOff, out, outOff);
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * Re-key the cipher.
-     * 

-     * @param  key  the key to be used
-     */
-    private void setKey(
-        byte[]      key)
-    {
-        //
-        // KEY EXPANSION:
-        //
-        // There are 3 phases to the key expansion.
-        //
-        // Phase 1:
-        //   Copy the secret key K[0...b-1] into an array L[0..c-1] of
-        //   c = ceil(b/u), where u = 32/8 in little-endian order.
-        //   In other words, we fill up L using u consecutive key bytes
-        //   of K. Any unfilled byte positions in L are zeroed. In the
-        //   case that b = c = 0, set c = 1 and L[0] = 0.
-        //
-        int[]   L = new int[(key.length + (4 - 1)) / 4];
-
-        for (int i = 0; i != key.length; i++)
-        {
-            L[i / 4] += (key[i] & 0xff) << (8 * (i % 4));
-        }
-
-        //
-        // Phase 2:
-        //   Initialize S to a particular fixed pseudo-random bit pattern
-        //   using an arithmetic progression modulo 2^wordsize determined
-        //   by the magic numbers, Pw & Qw.
-        //
-        _S            = new int[2*(_noRounds + 1)];
-
-        _S[0] = P32;
-        for (int i=1; i < _S.length; i++)
-        {
-            _S[i] = (_S[i-1] + Q32);
-        }
-
-        //
-        // Phase 3:
-        //   Mix in the user's secret key in 3 passes over the arrays S & L.
-        //   The max of the arrays sizes is used as the loop control
-        //
-        int iter;
-
-        if (L.length > _S.length)
-        {
-            iter = 3 * L.length;
-        }
-        else
-        {
-            iter = 3 * _S.length;
-        }
-
-        int A = 0, B = 0;
-        int i = 0, j = 0;
-
-        for (int k = 0; k < iter; k++)
-        {
-            A = _S[i] = rotateLeft(_S[i] + A + B, 3);
-            B =  L[j] = rotateLeft(L[j] + A + B, A+B);
-            i = (i+1) % _S.length;
-            j = (j+1) %  L.length;
-        }
-    }
-
-    /**
-     * Encrypt the given block starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     * 

-     * @param  in     in byte buffer containing data to encrypt
-     * @param  inOff  offset into src buffer
-     * @param  out     out buffer where encrypted data is written
-     * @param  outOff  offset into out buffer
-     */
-    private int encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int A = bytesToWord(in, inOff) + _S[0];
-        int B = bytesToWord(in, inOff + 4) + _S[1];
-
-        for (int i = 1; i <= _noRounds; i++)
-        {
-            A = rotateLeft(A ^ B, B) + _S[2*i];
-            B = rotateLeft(B ^ A, A) + _S[2*i+1];
-        }
-        
-        wordToBytes(A, out, outOff);
-        wordToBytes(B, out, outOff + 4);
-        
-        return 2 * 4;
-    }
-
-    private int decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int A = bytesToWord(in, inOff);
-        int B = bytesToWord(in, inOff + 4);
-
-        for (int i = _noRounds; i >= 1; i--)
-        {
-            B = rotateRight(B - _S[2*i+1], A) ^ A;
-            A = rotateRight(A - _S[2*i],   B) ^ B;
-        }
-        
-        wordToBytes(A - _S[0], out, outOff);
-        wordToBytes(B - _S[1], out, outOff + 4);
-        
-        return 2 * 4;
-    }
-
-    
-    //////////////////////////////////////////////////////////////
-    //
-    // PRIVATE Helper Methods
-    //
-    //////////////////////////////////////////////////////////////
-
-    /**
-     * Perform a left "spin" of the word. The rotation of the given
-     * word x is rotated left by y bits.
-     * Only the lg(32) low-order bits of y
-     * are used to determine the rotation amount. Here it is 
-     * assumed that the wordsize used is a power of 2.
-     * 

-     * @param  x  word to rotate
-     * @param  y    number of bits to rotate % 32
-     */
-    private int rotateLeft(int x, int y)
-    {
-        return ((x << (y & (32-1))) | (x >>> (32 - (y & (32-1)))));
-    }
-
-    /**
-     * Perform a right "spin" of the word. The rotation of the given
-     * word x is rotated left by y bits.
-     * Only the lg(32) low-order bits of y
-     * are used to determine the rotation amount. Here it is 
-     * assumed that the wordsize used is a power of 2.
-     * 

-     * @param  x  word to rotate
-     * @param  y    number of bits to rotate % 32
-     */
-    private int rotateRight(int x, int y)
-    {
-        return ((x >>> (y & (32-1))) | (x << (32 - (y & (32-1)))));
-    }
-
-    private int bytesToWord(
-        byte[]  src,
-        int     srcOff)
-    {
-        return (src[srcOff] & 0xff) | ((src[srcOff + 1] & 0xff) << 8)
-            | ((src[srcOff + 2] & 0xff) << 16) | ((src[srcOff + 3] & 0xff) << 24);
-    }
-
-    private void wordToBytes(
-        int    word,
-        byte[]  dst,
-        int     dstOff)
-    {
-        dst[dstOff] = (byte)word;
-        dst[dstOff + 1] = (byte)(word >> 8);
-        dst[dstOff + 2] = (byte)(word >> 16);
-        dst[dstOff + 3] = (byte)(word >> 24);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java
deleted file mode 100644
index 2121a4bce..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java
+++ /dev/null
@@ -1,288 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.RC5Parameters;
-
-/**
- * The specification for RC5 came from the RC5 Encryption Algorithm
- * publication in RSA CryptoBytes, Spring of 1995. 
- * http://www.rsasecurity.com/rsalabs/cryptobytes.
- * 

- * This implementation is set to work with a 64 bit word size.
- * 

- * Implementation courtesy of Tito Pena.
- */
-public class RC564Engine
-    implements BlockCipher
-{
-    private static final int wordSize = 64;
-    private static final int bytesPerWord = wordSize / 8;
-
-    /*
-     * the number of rounds to perform
-     */
-    private int _noRounds;
-
-    /*
-     * the expanded key array of size 2*(rounds + 1)
-     */
-    private long _S[];
-
-    /*
-     * our "magic constants" for wordSize 62
-     *
-     * Pw = Odd((e-2) * 2^wordsize)
-     * Qw = Odd((o-2) * 2^wordsize)
-     *
-     * where e is the base of natural logarithms (2.718281828...)
-     * and o is the golden ratio (1.61803398...)
-     */
-    private static final long P64 = 0xb7e151628aed2a6bL;
-    private static final long Q64 = 0x9e3779b97f4a7c15L;
-
-    private boolean forEncryption;
-
-    /**
-     * Create an instance of the RC5 encryption algorithm
-     * and set some defaults
-     */
-    public RC564Engine()
-    {
-        _noRounds     = 12;
-        _S            = null;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RC5-64";
-    }
-
-    public int getBlockSize()
-    {
-        return 2 * bytesPerWord;
-    }
-
-    /**
-     * initialise a RC5-64 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-    {
-        if (!(params instanceof RC5Parameters))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to RC564 init - " + params.getClass().getName());
-        }
-
-        RC5Parameters       p = (RC5Parameters)params;
-
-        this.forEncryption = forEncryption;
-
-        _noRounds     = p.getRounds();
-
-        setKey(p.getKey());
-    }
-
-    public int processBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        return (forEncryption) ? encryptBlock(in, inOff, out, outOff) 
-                                    : decryptBlock(in, inOff, out, outOff);
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * Re-key the cipher.
-     * 

-     * @param  key  the key to be used
-     */
-    private void setKey(
-        byte[]      key)
-    {
-        //
-        // KEY EXPANSION:
-        //
-        // There are 3 phases to the key expansion.
-        //
-        // Phase 1:
-        //   Copy the secret key K[0...b-1] into an array L[0..c-1] of
-        //   c = ceil(b/u), where u = wordSize/8 in little-endian order.
-        //   In other words, we fill up L using u consecutive key bytes
-        //   of K. Any unfilled byte positions in L are zeroed. In the
-        //   case that b = c = 0, set c = 1 and L[0] = 0.
-        //
-        long[]   L = new long[(key.length + (bytesPerWord - 1)) / bytesPerWord];
-
-        for (int i = 0; i != key.length; i++)
-        {
-            L[i / bytesPerWord] += (long)(key[i] & 0xff) << (8 * (i % bytesPerWord));
-        }
-
-        //
-        // Phase 2:
-        //   Initialize S to a particular fixed pseudo-random bit pattern
-        //   using an arithmetic progression modulo 2^wordsize determined
-        //   by the magic numbers, Pw & Qw.
-        //
-        _S            = new long[2*(_noRounds + 1)];
-
-        _S[0] = P64;
-        for (int i=1; i < _S.length; i++)
-        {
-            _S[i] = (_S[i-1] + Q64);
-        }
-
-        //
-        // Phase 3:
-        //   Mix in the user's secret key in 3 passes over the arrays S & L.
-        //   The max of the arrays sizes is used as the loop control
-        //
-        int iter;
-
-        if (L.length > _S.length)
-        {
-            iter = 3 * L.length;
-        }
-        else
-        {
-            iter = 3 * _S.length;
-        }
-
-        long A = 0, B = 0;
-        int i = 0, j = 0;
-
-        for (int k = 0; k < iter; k++)
-        {
-            A = _S[i] = rotateLeft(_S[i] + A + B, 3);
-            B =  L[j] = rotateLeft(L[j] + A + B, A+B);
-            i = (i+1) % _S.length;
-            j = (j+1) %  L.length;
-        }
-    }
-
-    /**
-     * Encrypt the given block starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     * 

-     * @param  in      in byte buffer containing data to encrypt
-     * @param  inOff   offset into src buffer
-     * @param  out     out buffer where encrypted data is written
-     * @param  outOff  offset into out buffer
-     */
-    private int encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        long A = bytesToWord(in, inOff) + _S[0];
-        long B = bytesToWord(in, inOff + bytesPerWord) + _S[1];
-
-        for (int i = 1; i <= _noRounds; i++)
-        {
-            A = rotateLeft(A ^ B, B) + _S[2*i];
-            B = rotateLeft(B ^ A, A) + _S[2*i+1];
-        }
-        
-        wordToBytes(A, out, outOff);
-        wordToBytes(B, out, outOff + bytesPerWord);
-        
-        return 2 * bytesPerWord;
-    }
-
-    private int decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        long A = bytesToWord(in, inOff);
-        long B = bytesToWord(in, inOff + bytesPerWord);
-
-        for (int i = _noRounds; i >= 1; i--)
-        {
-            B = rotateRight(B - _S[2*i+1], A) ^ A;
-            A = rotateRight(A - _S[2*i],   B) ^ B;
-        }
-        
-        wordToBytes(A - _S[0], out, outOff);
-        wordToBytes(B - _S[1], out, outOff + bytesPerWord);
-        
-        return 2 * bytesPerWord;
-    }
-
-    
-    //////////////////////////////////////////////////////////////
-    //
-    // PRIVATE Helper Methods
-    //
-    //////////////////////////////////////////////////////////////
-
-    /**
-     * Perform a left "spin" of the word. The rotation of the given
-     * word x is rotated left by y bits.
-     * Only the lg(wordSize) low-order bits of y
-     * are used to determine the rotation amount. Here it is 
-     * assumed that the wordsize used is a power of 2.
-     * 

-     * @param  x  word to rotate
-     * @param  y    number of bits to rotate % wordSize
-     */
-    private long rotateLeft(long x, long y)
-    {
-        return ((x << (y & (wordSize-1))) | (x >>> (wordSize - (y & (wordSize-1)))));
-    }
-
-    /**
-     * Perform a right "spin" of the word. The rotation of the given
-     * word x is rotated left by y bits.
-     * Only the lg(wordSize) low-order bits of y
-     * are used to determine the rotation amount. Here it is 
-     * assumed that the wordsize used is a power of 2.
-     * 

-     * @param  x  word to rotate
-     * @param  y    number of bits to rotate % wordSize
-     */
-    private long rotateRight(long x, long y)
-    {
-        return ((x >>> (y & (wordSize-1))) | (x << (wordSize - (y & (wordSize-1)))));
-    }
-
-    private long bytesToWord(
-        byte[]  src,
-        int     srcOff)
-    {
-        long    word = 0;
-
-        for (int i = bytesPerWord - 1; i >= 0; i--)
-        {
-            word = (word << 8) + (src[i + srcOff] & 0xff);
-        }
-
-        return word;
-    }
-
-    private void wordToBytes(
-        long    word,
-        byte[]  dst,
-        int     dstOff)
-    {
-        for (int i = 0; i < bytesPerWord; i++)
-        {
-            dst[i + dstOff] = (byte)word;
-            word >>>= 8;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC6Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC6Engine.java
deleted file mode 100644
index 07c18ea4c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RC6Engine.java
+++ /dev/null
@@ -1,362 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * An RC6 engine.
- */
-public class RC6Engine
-    implements BlockCipher
-{
-    private static final int wordSize = 32;
-    private static final int bytesPerWord = wordSize / 8;
-
-    /*
-     * the number of rounds to perform
-     */
-    private static final int _noRounds = 20;
-
-    /*
-     * the expanded key array of size 2*(rounds + 1)
-     */
-    private int _S[];
-
-    /*
-     * our "magic constants" for wordSize 32
-     *
-     * Pw = Odd((e-2) * 2^wordsize)
-     * Qw = Odd((o-2) * 2^wordsize)
-     *
-     * where e is the base of natural logarithms (2.718281828...)
-     * and o is the golden ratio (1.61803398...)
-     */
-    private static final int    P32 = 0xb7e15163;
-    private static final int    Q32 = 0x9e3779b9;
-
-    private static final int    LGW = 5;        // log2(32)
-
-    private boolean forEncryption;
-
-    /**
-     * Create an instance of the RC6 encryption algorithm
-     * and set some defaults
-     */
-    public RC6Engine()
-    {
-        _S            = null;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "RC6";
-    }
-
-    public int getBlockSize()
-    {
-        return 4 * bytesPerWord;
-    }
-
-    /**
-     * initialise a RC5-32 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to RC6 init - " + params.getClass().getName());
-        }
-
-        KeyParameter       p = (KeyParameter)params;
-        this.forEncryption = forEncryption;
-        setKey(p.getKey());
-    }
-
-    public int processBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        int blockSize = getBlockSize();
-        if (_S == null)
-        {
-            throw new IllegalStateException("RC6 engine not initialised");
-        }
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        return (forEncryption)
-            ?   encryptBlock(in, inOff, out, outOff) 
-            :   decryptBlock(in, inOff, out, outOff);
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * Re-key the cipher.
-     * 

-     * @param  inKey  the key to be used
-     */
-    private void setKey(
-        byte[]      key)
-    {
-
-        //
-        // KEY EXPANSION:
-        //
-        // There are 3 phases to the key expansion.
-        //
-        // Phase 1:
-        //   Copy the secret key K[0...b-1] into an array L[0..c-1] of
-        //   c = ceil(b/u), where u = wordSize/8 in little-endian order.
-        //   In other words, we fill up L using u consecutive key bytes
-        //   of K. Any unfilled byte positions in L are zeroed. In the
-        //   case that b = c = 0, set c = 1 and L[0] = 0.
-        //
-        // compute number of dwords
-        int c = (key.length + (bytesPerWord - 1)) / bytesPerWord;
-        if (c == 0)
-        {
-            c = 1;
-        }
-        int[]   L = new int[(key.length + bytesPerWord - 1) / bytesPerWord];
-
-        // load all key bytes into array of key dwords
-        for (int i = key.length - 1; i >= 0; i--)
-        {
-            L[i / bytesPerWord] = (L[i / bytesPerWord] << 8) + (key[i] & 0xff);
-        }
-
-        //
-        // Phase 2:
-        //   Key schedule is placed in a array of 2+2*ROUNDS+2 = 44 dwords.
-        //   Initialize S to a particular fixed pseudo-random bit pattern
-        //   using an arithmetic progression modulo 2^wordsize determined
-        //   by the magic numbers, Pw & Qw.
-        //
-        _S            = new int[2+2*_noRounds+2];
-
-        _S[0] = P32;
-        for (int i=1; i < _S.length; i++)
-        {
-            _S[i] = (_S[i-1] + Q32);
-        }
-
-        //
-        // Phase 3:
-        //   Mix in the user's secret key in 3 passes over the arrays S & L.
-        //   The max of the arrays sizes is used as the loop control
-        //
-        int iter;
-
-        if (L.length > _S.length)
-        {
-            iter = 3 * L.length;
-        }
-        else
-        {
-            iter = 3 * _S.length;
-        }
-
-        int A = 0;
-        int B = 0;
-        int i = 0, j = 0;
-
-        for (int k = 0; k < iter; k++)
-        {
-            A = _S[i] = rotateLeft(_S[i] + A + B, 3);
-            B =  L[j] = rotateLeft(L[j] + A + B, A+B);
-            i = (i+1) % _S.length;
-            j = (j+1) %  L.length;
-        }
-    }
-
-    private int encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        // load A,B,C and D registers from in.
-        int A = bytesToWord(in, inOff);
-        int B = bytesToWord(in, inOff + bytesPerWord);
-        int C = bytesToWord(in, inOff + bytesPerWord*2);
-        int D = bytesToWord(in, inOff + bytesPerWord*3);
-        
-        // Do pseudo-round #0: pre-whitening of B and D
-        B += _S[0];
-        D += _S[1];
-
-        // perform round #1,#2 ... #ROUNDS of encryption 
-        for (int i = 1; i <= _noRounds; i++)
-        {
-            int t = 0,u = 0;
-            
-            t = B*(2*B+1);
-            t = rotateLeft(t,5);
-            
-            u = D*(2*D+1);
-            u = rotateLeft(u,5);
-            
-            A ^= t;
-            A = rotateLeft(A,u);
-            A += _S[2*i];
-            
-            C ^= u;
-            C = rotateLeft(C,t);
-            C += _S[2*i+1];
-            
-            int temp = A;
-            A = B;
-            B = C;
-            C = D;
-            D = temp;            
-        }
-        // do pseudo-round #(ROUNDS+1) : post-whitening of A and C
-        A += _S[2*_noRounds+2];
-        C += _S[2*_noRounds+3];
-            
-        // store A, B, C and D registers to out        
-        wordToBytes(A, out, outOff);
-        wordToBytes(B, out, outOff + bytesPerWord);
-        wordToBytes(C, out, outOff + bytesPerWord*2);
-        wordToBytes(D, out, outOff + bytesPerWord*3);
-        
-        return 4 * bytesPerWord;
-    }
-
-    private int decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        // load A,B,C and D registers from out.
-        int A = bytesToWord(in, inOff);
-        int B = bytesToWord(in, inOff + bytesPerWord);
-        int C = bytesToWord(in, inOff + bytesPerWord*2);
-        int D = bytesToWord(in, inOff + bytesPerWord*3);
-
-        // Undo pseudo-round #(ROUNDS+1) : post whitening of A and C 
-        C -= _S[2*_noRounds+3];
-        A -= _S[2*_noRounds+2];
-        
-        // Undo round #ROUNDS, .., #2,#1 of encryption 
-        for (int i = _noRounds; i >= 1; i--)
-        {
-            int t=0,u = 0;
-            
-            int temp = D;
-            D = C;
-            C = B;
-            B = A;
-            A = temp;
-            
-            t = B*(2*B+1);
-            t = rotateLeft(t, LGW);
-            
-            u = D*(2*D+1);
-            u = rotateLeft(u, LGW);
-            
-            C -= _S[2*i+1];
-            C = rotateRight(C,t);
-            C ^= u;
-            
-            A -= _S[2*i];
-            A = rotateRight(A,u);
-            A ^= t;
-            
-        }
-        // Undo pseudo-round #0: pre-whitening of B and D
-        D -= _S[1];
-        B -= _S[0];
-        
-        wordToBytes(A, out, outOff);
-        wordToBytes(B, out, outOff + bytesPerWord);
-        wordToBytes(C, out, outOff + bytesPerWord*2);
-        wordToBytes(D, out, outOff + bytesPerWord*3);
-        
-        return 4 * bytesPerWord;
-    }
-
-    
-    //////////////////////////////////////////////////////////////
-    //
-    // PRIVATE Helper Methods
-    //
-    //////////////////////////////////////////////////////////////
-
-    /**
-     * Perform a left "spin" of the word. The rotation of the given
-     * word x is rotated left by y bits.
-     * Only the lg(wordSize) low-order bits of y
-     * are used to determine the rotation amount. Here it is 
-     * assumed that the wordsize used is 32.
-     * 

-     * @param  x  word to rotate
-     * @param  y    number of bits to rotate % wordSize
-     */
-    private int rotateLeft(int x, int y)
-    {
-        return (x << y) | (x >>> -y);
-    }
-
-    /**
-     * Perform a right "spin" of the word. The rotation of the given
-     * word x is rotated left by y bits.
-     * Only the lg(wordSize) low-order bits of y
-     * are used to determine the rotation amount. Here it is 
-     * assumed that the wordsize used is a power of 2.
-     * 

-     * @param  x  word to rotate
-     * @param  y    number of bits to rotate % wordSize
-     */
-    private int rotateRight(int x, int y)
-    {
-        return (x >>> y) | (x << -y);
-    }
-
-    private int bytesToWord(
-        byte[]  src,
-        int     srcOff)
-    {
-        int    word = 0;
-
-        for (int i = bytesPerWord - 1; i >= 0; i--)
-        {
-            word = (word << 8) + (src[i + srcOff] & 0xff);
-        }
-
-        return word;
-    }
-
-    private void wordToBytes(
-        int    word,
-        byte[]  dst,
-        int     dstOff)
-    {
-        for (int i = 0; i < bytesPerWord; i++)
-        {
-            dst[i + dstOff] = (byte)word;
-            word >>>= 8;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3211WrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3211WrapEngine.java
deleted file mode 100644
index 0d10eeb50..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3211WrapEngine.java
+++ /dev/null
@@ -1,175 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-import java.security.SecureRandom;
-
-/**
- * an implementation of the RFC 3211 Key Wrap
- * Specification.
- */
-public class RFC3211WrapEngine
-    implements Wrapper
-{
-    private CBCBlockCipher   engine;
-    private ParametersWithIV param;
-    private boolean          forWrapping;
-    private SecureRandom     rand;
-
-    public RFC3211WrapEngine(BlockCipher engine)
-    {
-        this.engine = new CBCBlockCipher(engine);
-    }
-
-    public void init(
-        boolean          forWrapping,
-        CipherParameters param)
-    {
-        this.forWrapping = forWrapping;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom p = (ParametersWithRandom)param;
-
-            rand = p.getRandom();
-            this.param = (ParametersWithIV)p.getParameters();
-        }
-        else
-        {
-            if (forWrapping)
-            {
-                rand = new SecureRandom();
-            }
-
-            this.param = (ParametersWithIV)param;
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return engine.getUnderlyingCipher().getAlgorithmName() + "/RFC3211Wrap";
-    }
-
-    public byte[] wrap(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-    {
-        if (!forWrapping)
-        {
-            throw new IllegalStateException("not set for wrapping");
-        }
-
-        engine.init(true, param);
-
-        int blockSize = engine.getBlockSize();
-        byte[] cekBlock;
-
-        if (inLen + 4 < blockSize * 2)
-        {
-            cekBlock = new byte[blockSize * 2];
-        }
-        else
-        {
-            cekBlock = new byte[(inLen + 4) % blockSize == 0 ? inLen + 4 : ((inLen + 4) / blockSize + 1) * blockSize];
-        }
-
-        cekBlock[0] = (byte)inLen;
-        cekBlock[1] = (byte)~in[inOff];
-        cekBlock[2] = (byte)~in[inOff + 1];
-        cekBlock[3] = (byte)~in[inOff + 2];
-
-        System.arraycopy(in, inOff, cekBlock, 4, inLen);
-
-        for (int i = inLen + 4; i < cekBlock.length; i++)
-        {
-            cekBlock[i] = (byte)rand.nextInt();
-        }
-
-        for (int i = 0; i < cekBlock.length; i += blockSize)
-        {
-            engine.processBlock(cekBlock, i, cekBlock, i);
-        }
-
-        for (int i = 0; i < cekBlock.length; i += blockSize)
-        {
-            engine.processBlock(cekBlock, i, cekBlock, i);
-        }
-
-        return cekBlock;
-    }
-
-    public byte[] unwrap(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        if (forWrapping)
-        {
-            throw new IllegalStateException("not set for unwrapping");
-        }
-
-        int blockSize = engine.getBlockSize();
-
-        if (inLen < 2 * blockSize)
-        {
-            throw new InvalidCipherTextException("input too short");
-        }
-        
-        byte[] cekBlock = new byte[inLen];
-        byte[] iv = new byte[blockSize];
-
-        System.arraycopy(in, inOff, cekBlock, 0, inLen);
-        System.arraycopy(in, inOff, iv, 0, iv.length);
-        
-        engine.init(false, new ParametersWithIV(param.getParameters(), iv));
-
-        for (int i = blockSize; i < cekBlock.length; i += blockSize)
-        {
-            engine.processBlock(cekBlock, i, cekBlock, i);    
-        }
-
-        System.arraycopy(cekBlock, cekBlock.length - iv.length, iv, 0, iv.length);
-
-        engine.init(false, new ParametersWithIV(param.getParameters(), iv));
-
-        engine.processBlock(cekBlock, 0, cekBlock, 0);
-
-        engine.init(false, param);
-
-        for (int i = 0; i < cekBlock.length; i += blockSize)
-        {
-            engine.processBlock(cekBlock, i, cekBlock, i);
-        }
-
-        if ((cekBlock[0] & 0xff) > cekBlock.length - 4)
-        {
-            throw new InvalidCipherTextException("wrapped key corrupted");
-        }
-
-        byte[] key = new byte[cekBlock[0] & 0xff];
-
-        System.arraycopy(cekBlock, 4, key, 0, cekBlock[0]);
-
-        // Note: Using constant time comparison
-        int nonEqual = 0;
-        for (int i = 0; i != 3; i++)
-        {
-            byte check = (byte)~cekBlock[1 + i];
-            nonEqual |= (check ^ key[i]);
-        }
-        if (nonEqual != 0)
-        {
-            throw new InvalidCipherTextException("wrapped key fails checksum");
-        }
-
-        return key;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
deleted file mode 100644
index 540bd25de..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
+++ /dev/null
@@ -1,177 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Arrays;
-
-/**
- * an implementation of the AES Key Wrapper from the NIST Key Wrap
- * Specification as described in RFC 3394.
- * 

- * For further details see: http://www.ietf.org/rfc/rfc3394.txt
- * and  http://csrc.nist.gov/encryption/kms/key-wrap.pdf.
- */
-public class RFC3394WrapEngine
-    implements Wrapper
-{
-    private BlockCipher     engine;
-    private KeyParameter    param;
-    private boolean         forWrapping;
-
-    private byte[]          iv = {
-                              (byte)0xa6, (byte)0xa6, (byte)0xa6, (byte)0xa6,
-                              (byte)0xa6, (byte)0xa6, (byte)0xa6, (byte)0xa6 };
-
-    public RFC3394WrapEngine(BlockCipher engine)
-    {
-        this.engine = engine;
-    }
-
-    public void init(
-        boolean             forWrapping,
-        CipherParameters    param)
-    {
-        this.forWrapping = forWrapping;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            param = ((ParametersWithRandom) param).getParameters();
-        }
-
-        if (param instanceof KeyParameter)
-        {
-            this.param = (KeyParameter)param;
-        }
-        else if (param instanceof ParametersWithIV)
-        {
-            this.iv = ((ParametersWithIV)param).getIV();
-            this.param = (KeyParameter)((ParametersWithIV) param).getParameters();
-            if (this.iv.length != 8)
-            {
-               throw new IllegalArgumentException("IV not equal to 8");
-            }
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return engine.getAlgorithmName();
-    }
-
-    public byte[] wrap(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-    {
-        if (!forWrapping)
-        {
-            throw new IllegalStateException("not set for wrapping");
-        }
-
-        int     n = inLen / 8;
-
-        if ((n * 8) != inLen)
-        {
-            throw new DataLengthException("wrap data must be a multiple of 8 bytes");
-        }
-
-        byte[]  block = new byte[inLen + iv.length];
-        byte[]  buf = new byte[8 + iv.length];
-
-        System.arraycopy(iv, 0, block, 0, iv.length);
-        System.arraycopy(in, 0, block, iv.length, inLen);
-
-        engine.init(true, param);
-
-        for (int j = 0; j != 6; j++)
-        {
-            for (int i = 1; i <= n; i++)
-            {
-                System.arraycopy(block, 0, buf, 0, iv.length);
-                System.arraycopy(block, 8 * i, buf, iv.length, 8);
-                engine.processBlock(buf, 0, buf, 0);
-
-                int t = n * j + i;
-                for (int k = 1; t != 0; k++)
-                {
-                    byte    v = (byte)t;
-
-                    buf[iv.length - k] ^= v;
-
-                    t >>>= 8;
-                }
-
-                System.arraycopy(buf, 0, block, 0, 8);
-                System.arraycopy(buf, 8, block, 8 * i, 8);
-            }
-        }
-
-        return block;
-    }
-
-    public byte[] unwrap(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-        throws InvalidCipherTextException
-    {
-        if (forWrapping)
-        {
-            throw new IllegalStateException("not set for unwrapping");
-        }
-
-        int     n = inLen / 8;
-
-        if ((n * 8) != inLen)
-        {
-            throw new InvalidCipherTextException("unwrap data must be a multiple of 8 bytes");
-        }
-
-        byte[]  block = new byte[inLen - iv.length];
-        byte[]  a = new byte[iv.length];
-        byte[]  buf = new byte[8 + iv.length];
-
-        System.arraycopy(in, 0, a, 0, iv.length);
-        System.arraycopy(in, iv.length, block, 0, inLen - iv.length);
-
-        engine.init(false, param);
-
-        n = n - 1;
-
-        for (int j = 5; j >= 0; j--)
-        {
-            for (int i = n; i >= 1; i--)
-            {
-                System.arraycopy(a, 0, buf, 0, iv.length);
-                System.arraycopy(block, 8 * (i - 1), buf, iv.length, 8);
-
-                int t = n * j + i;
-                for (int k = 1; t != 0; k++)
-                {
-                    byte    v = (byte)t;
-
-                    buf[iv.length - k] ^= v;
-
-                    t >>>= 8;
-                }
-
-                engine.processBlock(buf, 0, buf, 0);
-                System.arraycopy(buf, 0, a, 0, 8);
-                System.arraycopy(buf, 8, block, 8 * (i - 1), 8);
-            }
-        }
-
-        if (!Arrays.constantTimeAreEqual(a, iv))
-        {
-            throw new InvalidCipherTextException("checksum failed");
-        }
-
-        return block;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindedEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindedEngine.java
deleted file mode 100644
index e7fb94322..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindedEngine.java
+++ /dev/null
@@ -1,126 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.util.BigIntegers;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * this does your basic RSA algorithm with blinding
- */
-public class RSABlindedEngine
-    implements AsymmetricBlockCipher
-{
-    private static BigInteger ONE = BigInteger.valueOf(1);
-
-    private RSACoreEngine    core = new RSACoreEngine();
-    private RSAKeyParameters key;
-    private SecureRandom     random;
-
-    /**
-     * initialise the RSA engine.
-     *
-     * @param forEncryption true if we are encrypting, false otherwise.
-     * @param param the necessary RSA key parameters.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    param)
-    {
-        core.init(forEncryption, param);
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-            key = (RSAKeyParameters)rParam.getParameters();
-            random = rParam.getRandom();
-        }
-        else
-        {
-            key = (RSAKeyParameters)param;
-            random = new SecureRandom();
-        }
-    }
-
-    /**
-     * Return the maximum size for an input block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * encryption, and the same length as the key size on decryption.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize()
-    {
-        return core.getInputBlockSize();
-    }
-
-    /**
-     * Return the maximum size for an output block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * decryption, and the same length as the key size on encryption.
-     *
-     * @return maximum size for an output block.
-     */
-    public int getOutputBlockSize()
-    {
-        return core.getOutputBlockSize();
-    }
-
-    /**
-     * Process a single block using the basic RSA algorithm.
-     *
-     * @param in the input array.
-     * @param inOff the offset into the input buffer where the data starts.
-     * @param inLen the length of the data to be processed.
-     * @return the result of the RSA process.
-     * @exception DataLengthException the input block is too large.
-     */
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-    {
-        if (key == null)
-        {
-            throw new IllegalStateException("RSA engine not initialised");
-        }
-
-        BigInteger input = core.convertInput(in, inOff, inLen);
-
-        BigInteger result;
-        if (key instanceof RSAPrivateCrtKeyParameters)
-        {
-            RSAPrivateCrtKeyParameters k = (RSAPrivateCrtKeyParameters)key;
-
-            BigInteger e = k.getPublicExponent();
-            if (e != null)   // can't do blinding without a public exponent
-            {
-                BigInteger m = k.getModulus();
-                BigInteger r = BigIntegers.createRandomInRange(ONE, m.subtract(ONE), random);
-
-                BigInteger blindedInput = r.modPow(e, m).multiply(input).mod(m);
-                BigInteger blindedResult = core.processBlock(blindedInput);
-
-                BigInteger rInv = r.modInverse(m);
-                result = blindedResult.multiply(rInv).mod(m);
-            }
-            else
-            {
-                result = core.processBlock(input);
-            }
-        }
-        else
-        {
-            result = core.processBlock(input);
-        }
-
-        return core.convertOutput(result);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindingEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindingEngine.java
deleted file mode 100644
index a8ecb9bf0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSABlindingEngine.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSABlindingParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-import java.math.BigInteger;
-
-/**
- * This does your basic RSA Chaum's blinding and unblinding as outlined in
- * "Handbook of Applied Cryptography", page 475. You need to use this if you are
- * trying to get another party to generate signatures without them being aware
- * of the message they are signing.
- */
-public class RSABlindingEngine
-    implements AsymmetricBlockCipher
-{
-    private RSACoreEngine core = new RSACoreEngine();
-
-    private RSAKeyParameters key;
-    private BigInteger blindingFactor;
-
-    private boolean forEncryption;
-
-    /**
-     * Initialise the blinding engine.
-     *
-     * @param forEncryption true if we are encrypting (blinding), false otherwise.
-     * @param param         the necessary RSA key parameters.
-     */
-    public void init(
-        boolean forEncryption,
-        CipherParameters param)
-    {
-        RSABlindingParameters p;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom rParam = (ParametersWithRandom)param;
-
-            p = (RSABlindingParameters)rParam.getParameters();
-        }
-        else
-        {
-            p = (RSABlindingParameters)param;
-        }
-
-        core.init(forEncryption, p.getPublicKey());
-
-        this.forEncryption = forEncryption;
-        this.key = p.getPublicKey();
-        this.blindingFactor = p.getBlindingFactor();
-    }
-
-    /**
-     * Return the maximum size for an input block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * encryption, and the same length as the key size on decryption.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize()
-    {
-        return core.getInputBlockSize();
-    }
-
-    /**
-     * Return the maximum size for an output block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * decryption, and the same length as the key size on encryption.
-     *
-     * @return maximum size for an output block.
-     */
-    public int getOutputBlockSize()
-    {
-        return core.getOutputBlockSize();
-    }
-
-    /**
-     * Process a single block using the RSA blinding algorithm.
-     *
-     * @param in    the input array.
-     * @param inOff the offset into the input buffer where the data starts.
-     * @param inLen the length of the data to be processed.
-     * @return the result of the RSA process.
-     * @throws DataLengthException the input block is too large.
-     */
-    public byte[] processBlock(
-        byte[] in,
-        int inOff,
-        int inLen)
-    {
-        BigInteger msg = core.convertInput(in, inOff, inLen);
-
-        if (forEncryption)
-        {
-            msg = blindMessage(msg);
-        }
-        else
-        {
-            msg = unblindMessage(msg);
-        }
-
-        return core.convertOutput(msg);
-    }
-
-    /*
-     * Blind message with the blind factor.
-     */
-    private BigInteger blindMessage(
-        BigInteger msg)
-    {
-        BigInteger blindMsg = blindingFactor;
-        blindMsg = msg.multiply(blindMsg.modPow(key.getExponent(), key.getModulus()));
-        blindMsg = blindMsg.mod(key.getModulus());
-
-        return blindMsg;
-    }
-
-    /*
-     * Unblind the message blinded with the blind factor.
-     */
-    private BigInteger unblindMessage(
-        BigInteger blindedMsg)
-    {
-        BigInteger m = key.getModulus();
-        BigInteger msg = blindedMsg;
-        BigInteger blindFactorInverse = blindingFactor.modInverse(m);
-        msg = msg.multiply(blindFactorInverse);
-        msg = msg.mod(m);
-
-        return msg;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSACoreEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSACoreEngine.java
deleted file mode 100644
index 510cd5a57..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSACoreEngine.java
+++ /dev/null
@@ -1,203 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-import java.math.BigInteger;
-
-/**
- * this does your basic RSA algorithm.
- */
-class RSACoreEngine
-{
-    private RSAKeyParameters key;
-    private boolean          forEncryption;
-
-    /**
-     * initialise the RSA engine.
-     *
-     * @param forEncryption true if we are encrypting, false otherwise.
-     * @param param the necessary RSA key parameters.
-     */
-    public void init(
-        boolean          forEncryption,
-        CipherParameters param)
-    {
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-            key = (RSAKeyParameters)rParam.getParameters();
-        }
-        else
-        {
-            key = (RSAKeyParameters)param;
-        }
-
-        this.forEncryption = forEncryption;
-    }
-
-    /**
-     * Return the maximum size for an input block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * encryption, and the same length as the key size on decryption.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize()
-    {
-        int     bitSize = key.getModulus().bitLength();
-
-        if (forEncryption)
-        {
-            return (bitSize + 7) / 8 - 1;
-        }
-        else
-        {
-            return (bitSize + 7) / 8;
-        }
-    }
-
-    /**
-     * Return the maximum size for an output block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * decryption, and the same length as the key size on encryption.
-     *
-     * @return maximum size for an output block.
-     */
-    public int getOutputBlockSize()
-    {
-        int     bitSize = key.getModulus().bitLength();
-
-        if (forEncryption)
-        {
-            return (bitSize + 7) / 8;
-        }
-        else
-        {
-            return (bitSize + 7) / 8 - 1;
-        }
-    }
-
-    public BigInteger convertInput(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-    {
-        if (inLen > (getInputBlockSize() + 1))
-        {
-            throw new DataLengthException("input too large for RSA cipher.");
-        }
-        else if (inLen == (getInputBlockSize() + 1) && !forEncryption)
-        {
-            throw new DataLengthException("input too large for RSA cipher.");
-        }
-
-        byte[]  block;
-
-        if (inOff != 0 || inLen != in.length)
-        {
-            block = new byte[inLen];
-
-            System.arraycopy(in, inOff, block, 0, inLen);
-        }
-        else
-        {
-            block = in;
-        }
-
-        BigInteger res = new BigInteger(1, block);
-        if (res.compareTo(key.getModulus()) >= 0)
-        {
-            throw new DataLengthException("input too large for RSA cipher.");
-        }
-
-        return res;
-    }
-
-    public byte[] convertOutput(
-        BigInteger result)
-    {
-        byte[]      output = result.toByteArray();
-
-        if (forEncryption)
-        {
-            if (output[0] == 0 && output.length > getOutputBlockSize())        // have ended up with an extra zero byte, copy down.
-            {
-                byte[]  tmp = new byte[output.length - 1];
-
-                System.arraycopy(output, 1, tmp, 0, tmp.length);
-
-                return tmp;
-            }
-
-            if (output.length < getOutputBlockSize())     // have ended up with less bytes than normal, lengthen
-            {
-                byte[]  tmp = new byte[getOutputBlockSize()];
-
-                System.arraycopy(output, 0, tmp, tmp.length - output.length, output.length);
-
-                return tmp;
-            }
-        }
-        else
-        {
-            if (output[0] == 0)        // have ended up with an extra zero byte, copy down.
-            {
-                byte[]  tmp = new byte[output.length - 1];
-
-                System.arraycopy(output, 1, tmp, 0, tmp.length);
-
-                return tmp;
-            }
-        }
-
-        return output;
-    }
-
-    public BigInteger processBlock(BigInteger input)
-    {
-        if (key instanceof RSAPrivateCrtKeyParameters)
-        {
-            //
-            // we have the extra factors, use the Chinese Remainder Theorem - the author
-            // wishes to express his thanks to Dirk Bonekaemper at rtsffm.com for
-            // advice regarding the expression of this.
-            //
-            RSAPrivateCrtKeyParameters crtKey = (RSAPrivateCrtKeyParameters)key;
-
-            BigInteger p = crtKey.getP();
-            BigInteger q = crtKey.getQ();
-            BigInteger dP = crtKey.getDP();
-            BigInteger dQ = crtKey.getDQ();
-            BigInteger qInv = crtKey.getQInv();
-
-            BigInteger mP, mQ, h, m;
-
-            // mP = ((input mod p) ^ dP)) mod p
-            mP = (input.remainder(p)).modPow(dP, p);
-
-            // mQ = ((input mod q) ^ dQ)) mod q
-            mQ = (input.remainder(q)).modPow(dQ, q);
-
-            // h = qInv * (mP - mQ) mod p
-            h = mP.subtract(mQ);
-            h = h.multiply(qInv);
-            h = h.mod(p);               // mod (in Java) returns the positive residual
-
-            // m = h * q + mQ
-            m = h.multiply(q);
-            m = m.add(mQ);
-
-            return m;
-        }
-        else
-        {
-            return input.modPow(
-                        key.getExponent(), key.getModulus());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java
deleted file mode 100644
index 009dcd43e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-
-/**
- * this does your basic RSA algorithm.
- */
-public class RSAEngine
-    implements AsymmetricBlockCipher
-{
-    private RSACoreEngine core;
-
-    /**
-     * initialise the RSA engine.
-     *
-     * @param forEncryption true if we are encrypting, false otherwise.
-     * @param param the necessary RSA key parameters.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    param)
-    {
-        if (core == null)
-        {
-            core = new RSACoreEngine();
-        }
-
-        core.init(forEncryption, param);
-    }
-
-    /**
-     * Return the maximum size for an input block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * encryption, and the same length as the key size on decryption.
-     *
-     * @return maximum size for an input block.
-     */
-    public int getInputBlockSize()
-    {
-        return core.getInputBlockSize();
-    }
-
-    /**
-     * Return the maximum size for an output block to this engine.
-     * For RSA this is always one byte less than the key size on
-     * decryption, and the same length as the key size on encryption.
-     *
-     * @return maximum size for an output block.
-     */
-    public int getOutputBlockSize()
-    {
-        return core.getOutputBlockSize();
-    }
-
-    /**
-     * Process a single block using the basic RSA algorithm.
-     *
-     * @param in the input array.
-     * @param inOff the offset into the input buffer where the data starts.
-     * @param inLen the length of the data to be processed.
-     * @return the result of the RSA process.
-     * @exception DataLengthException the input block is too large.
-     */
-    public byte[] processBlock(
-        byte[]  in,
-        int     inOff,
-        int     inLen)
-    {
-        if (core == null)
-        {
-            throw new IllegalStateException("RSA engine not initialised");
-        }
-
-        return core.convertOutput(core.processBlock(core.convertInput(in, inOff, inLen)));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RijndaelEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RijndaelEngine.java
deleted file mode 100644
index e8458ae52..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/RijndaelEngine.java
+++ /dev/null
@@ -1,724 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * an implementation of Rijndael, based on the documentation and reference implementation
- * by Paulo Barreto, Vincent Rijmen, for v2.0 August '99.
- * 

- * Note: this implementation is based on information prior to final NIST publication.
- */
-public class RijndaelEngine
-    implements BlockCipher
-{
-    private static final int MAXROUNDS = 14;
-
-    private static final int MAXKC = (256/4);
-
-    private static final byte[] logtable = {
-        (byte)0,    (byte)0,    (byte)25,   (byte)1,    (byte)50,   (byte)2,    (byte)26,   (byte)198,
-        (byte)75,   (byte)199,  (byte)27,   (byte)104,  (byte)51,   (byte)238,  (byte)223,  (byte)3,
-        (byte)100,  (byte)4,    (byte)224,  (byte)14,   (byte)52,   (byte)141,  (byte)129,  (byte)239,
-        (byte)76,   (byte)113,  (byte)8,    (byte)200,  (byte)248,  (byte)105,  (byte)28,   (byte)193,
-        (byte)125,  (byte)194,  (byte)29,   (byte)181,  (byte)249,  (byte)185,  (byte)39,   (byte)106,
-        (byte)77,   (byte)228,  (byte)166,  (byte)114,  (byte)154,  (byte)201,  (byte)9,    (byte)120,
-        (byte)101,  (byte)47,   (byte)138,  (byte)5,    (byte)33,   (byte)15,   (byte)225,  (byte)36,
-        (byte)18,   (byte)240,  (byte)130,  (byte)69,   (byte)53,   (byte)147,  (byte)218,  (byte)142,
-        (byte)150,  (byte)143,  (byte)219,  (byte)189,  (byte)54,   (byte)208,  (byte)206,  (byte)148,
-        (byte)19,   (byte)92,   (byte)210,  (byte)241,  (byte)64,   (byte)70,   (byte)131,  (byte)56,
-        (byte)102,  (byte)221,  (byte)253,  (byte)48,   (byte)191,  (byte)6,    (byte)139,  (byte)98,
-        (byte)179,  (byte)37,   (byte)226,  (byte)152,  (byte)34,   (byte)136,  (byte)145,  (byte)16,
-        (byte)126,  (byte)110,  (byte)72,   (byte)195,  (byte)163,  (byte)182,  (byte)30,   (byte)66,
-        (byte)58,   (byte)107,  (byte)40,   (byte)84,   (byte)250,  (byte)133,  (byte)61,   (byte)186,
-        (byte)43,   (byte)121,  (byte)10,   (byte)21,   (byte)155,  (byte)159,  (byte)94,   (byte)202,
-        (byte)78,   (byte)212,  (byte)172,  (byte)229,  (byte)243,  (byte)115,  (byte)167,  (byte)87,
-        (byte)175,  (byte)88,   (byte)168,  (byte)80,   (byte)244,  (byte)234,  (byte)214,  (byte)116,
-        (byte)79,   (byte)174,  (byte)233,  (byte)213,  (byte)231,  (byte)230,  (byte)173,  (byte)232,
-        (byte)44,   (byte)215,  (byte)117,  (byte)122,  (byte)235,  (byte)22,   (byte)11,   (byte)245,
-        (byte)89,   (byte)203,  (byte)95,   (byte)176,  (byte)156,  (byte)169,  (byte)81,   (byte)160,
-        (byte)127,  (byte)12,   (byte)246,  (byte)111,  (byte)23,   (byte)196,  (byte)73,   (byte)236,
-        (byte)216,  (byte)67,   (byte)31,   (byte)45,   (byte)164,  (byte)118,  (byte)123,  (byte)183,
-        (byte)204,  (byte)187,  (byte)62,   (byte)90,   (byte)251,  (byte)96,   (byte)177,  (byte)134,
-        (byte)59,   (byte)82,   (byte)161,  (byte)108,  (byte)170,  (byte)85,   (byte)41,   (byte)157,
-        (byte)151,  (byte)178,  (byte)135,  (byte)144,  (byte)97,   (byte)190,  (byte)220,  (byte)252,
-        (byte)188,  (byte)149,  (byte)207,  (byte)205,  (byte)55,   (byte)63,   (byte)91,   (byte)209,
-        (byte)83,   (byte)57,   (byte)132,  (byte)60,   (byte)65,   (byte)162,  (byte)109,  (byte)71,
-        (byte)20,   (byte)42,   (byte)158,  (byte)93,   (byte)86,   (byte)242,  (byte)211,  (byte)171,
-        (byte)68,   (byte)17,   (byte)146,  (byte)217,  (byte)35,   (byte)32,   (byte)46,   (byte)137,
-        (byte)180,  (byte)124,  (byte)184,  (byte)38,   (byte)119,  (byte)153,  (byte)227,  (byte)165,
-        (byte)103,  (byte)74,   (byte)237,  (byte)222,  (byte)197,  (byte)49,   (byte)254,  (byte)24,
-        (byte)13,   (byte)99,   (byte)140,  (byte)128,  (byte)192,  (byte)247,  (byte)112,  (byte)7
-    };
-
-    private static final byte[] aLogtable = {
-          (byte)0,   (byte)3,   (byte)5,  (byte)15,  (byte)17,  (byte)51,  (byte)85, (byte)255,  (byte)26,  (byte)46, (byte)114, (byte)150, (byte)161, (byte)248,  (byte)19,  (byte)53,
-         (byte)95, (byte)225,  (byte)56,  (byte)72, (byte)216, (byte)115, (byte)149, (byte)164, (byte)247,   (byte)2,   (byte)6,  (byte)10,  (byte)30,  (byte)34, (byte)102, (byte)170,
-        (byte)229,  (byte)52,  (byte)92, (byte)228,  (byte)55,  (byte)89, (byte)235,  (byte)38, (byte)106, (byte)190, (byte)217, (byte)112, (byte)144, (byte)171, (byte)230,  (byte)49,
-         (byte)83, (byte)245,   (byte)4,  (byte)12,  (byte)20,  (byte)60,  (byte)68, (byte)204,  (byte)79, (byte)209, (byte)104, (byte)184, (byte)211, (byte)110, (byte)178, (byte)205,
-         (byte)76, (byte)212, (byte)103, (byte)169, (byte)224,  (byte)59,  (byte)77, (byte)215,  (byte)98, (byte)166, (byte)241,   (byte)8,  (byte)24,  (byte)40, (byte)120, (byte)136,
-        (byte)131, (byte)158, (byte)185, (byte)208, (byte)107, (byte)189, (byte)220, (byte)127, (byte)129, (byte)152, (byte)179, (byte)206,  (byte)73, (byte)219, (byte)118, (byte)154,
-        (byte)181, (byte)196,  (byte)87, (byte)249,  (byte)16,  (byte)48,  (byte)80, (byte)240,  (byte)11,  (byte)29,  (byte)39, (byte)105, (byte)187, (byte)214,  (byte)97, (byte)163,
-        (byte)254,  (byte)25,  (byte)43, (byte)125, (byte)135, (byte)146, (byte)173, (byte)236,  (byte)47, (byte)113, (byte)147, (byte)174, (byte)233,  (byte)32,  (byte)96, (byte)160,
-        (byte)251,  (byte)22,  (byte)58,  (byte)78, (byte)210, (byte)109, (byte)183, (byte)194,  (byte)93, (byte)231,  (byte)50,  (byte)86, (byte)250,  (byte)21,  (byte)63,  (byte)65,
-        (byte)195,  (byte)94, (byte)226,  (byte)61,  (byte)71, (byte)201,  (byte)64, (byte)192,  (byte)91, (byte)237,  (byte)44, (byte)116, (byte)156, (byte)191, (byte)218, (byte)117,
-        (byte)159, (byte)186, (byte)213, (byte)100, (byte)172, (byte)239,  (byte)42, (byte)126, (byte)130, (byte)157, (byte)188, (byte)223, (byte)122, (byte)142, (byte)137, (byte)128,
-        (byte)155, (byte)182, (byte)193,  (byte)88, (byte)232,  (byte)35, (byte)101, (byte)175, (byte)234,  (byte)37, (byte)111, (byte)177, (byte)200,  (byte)67, (byte)197,  (byte)84,
-        (byte)252,  (byte)31,  (byte)33,  (byte)99, (byte)165, (byte)244,   (byte)7,   (byte)9,  (byte)27,  (byte)45, (byte)119, (byte)153, (byte)176, (byte)203,  (byte)70, (byte)202,
-         (byte)69, (byte)207,  (byte)74, (byte)222, (byte)121, (byte)139, (byte)134, (byte)145, (byte)168, (byte)227,  (byte)62,  (byte)66, (byte)198,  (byte)81, (byte)243,  (byte)14,
-         (byte)18,  (byte)54,  (byte)90, (byte)238,  (byte)41, (byte)123, (byte)141, (byte)140, (byte)143, (byte)138, (byte)133, (byte)148, (byte)167, (byte)242,  (byte)13,  (byte)23,
-         (byte)57,  (byte)75, (byte)221, (byte)124, (byte)132, (byte)151, (byte)162, (byte)253,  (byte)28,  (byte)36, (byte)108, (byte)180, (byte)199,  (byte)82, (byte)246,   (byte)1,
-          (byte)3,   (byte)5,  (byte)15,  (byte)17,  (byte)51,  (byte)85, (byte)255,  (byte)26,  (byte)46, (byte)114, (byte)150, (byte)161, (byte)248,  (byte)19,  (byte)53,
-         (byte)95, (byte)225,  (byte)56,  (byte)72, (byte)216, (byte)115, (byte)149, (byte)164, (byte)247,   (byte)2,   (byte)6,  (byte)10,  (byte)30,  (byte)34, (byte)102, (byte)170,
-        (byte)229,  (byte)52,  (byte)92, (byte)228,  (byte)55,  (byte)89, (byte)235,  (byte)38, (byte)106, (byte)190, (byte)217, (byte)112, (byte)144, (byte)171, (byte)230,  (byte)49,
-         (byte)83, (byte)245,   (byte)4,  (byte)12,  (byte)20,  (byte)60,  (byte)68, (byte)204,  (byte)79, (byte)209, (byte)104, (byte)184, (byte)211, (byte)110, (byte)178, (byte)205,
-         (byte)76, (byte)212, (byte)103, (byte)169, (byte)224,  (byte)59,  (byte)77, (byte)215,  (byte)98, (byte)166, (byte)241,   (byte)8,  (byte)24,  (byte)40, (byte)120, (byte)136,
-        (byte)131, (byte)158, (byte)185, (byte)208, (byte)107, (byte)189, (byte)220, (byte)127, (byte)129, (byte)152, (byte)179, (byte)206,  (byte)73, (byte)219, (byte)118, (byte)154,
-        (byte)181, (byte)196,  (byte)87, (byte)249,  (byte)16,  (byte)48,  (byte)80, (byte)240,  (byte)11,  (byte)29,  (byte)39, (byte)105, (byte)187, (byte)214,  (byte)97, (byte)163,
-        (byte)254,  (byte)25,  (byte)43, (byte)125, (byte)135, (byte)146, (byte)173, (byte)236,  (byte)47, (byte)113, (byte)147, (byte)174, (byte)233,  (byte)32,  (byte)96, (byte)160,
-        (byte)251,  (byte)22,  (byte)58,  (byte)78, (byte)210, (byte)109, (byte)183, (byte)194,  (byte)93, (byte)231,  (byte)50,  (byte)86, (byte)250,  (byte)21,  (byte)63,  (byte)65,
-        (byte)195,  (byte)94, (byte)226,  (byte)61,  (byte)71, (byte)201,  (byte)64, (byte)192,  (byte)91, (byte)237,  (byte)44, (byte)116, (byte)156, (byte)191, (byte)218, (byte)117,
-        (byte)159, (byte)186, (byte)213, (byte)100, (byte)172, (byte)239,  (byte)42, (byte)126, (byte)130, (byte)157, (byte)188, (byte)223, (byte)122, (byte)142, (byte)137, (byte)128,
-        (byte)155, (byte)182, (byte)193,  (byte)88, (byte)232,  (byte)35, (byte)101, (byte)175, (byte)234,  (byte)37, (byte)111, (byte)177, (byte)200,  (byte)67, (byte)197,  (byte)84,
-        (byte)252,  (byte)31,  (byte)33,  (byte)99, (byte)165, (byte)244,   (byte)7,   (byte)9,  (byte)27,  (byte)45, (byte)119, (byte)153, (byte)176, (byte)203,  (byte)70, (byte)202,
-         (byte)69, (byte)207,  (byte)74, (byte)222, (byte)121, (byte)139, (byte)134, (byte)145, (byte)168, (byte)227,  (byte)62,  (byte)66, (byte)198,  (byte)81, (byte)243,  (byte)14,
-         (byte)18,  (byte)54,  (byte)90, (byte)238,  (byte)41, (byte)123, (byte)141, (byte)140, (byte)143, (byte)138, (byte)133, (byte)148, (byte)167, (byte)242,  (byte)13,  (byte)23,
-         (byte)57,  (byte)75, (byte)221, (byte)124, (byte)132, (byte)151, (byte)162, (byte)253,  (byte)28,  (byte)36, (byte)108, (byte)180, (byte)199,  (byte)82, (byte)246,   (byte)1,
-        };
-
-    private static final byte[] S = {
-         (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197,  (byte)48,   (byte)1, (byte)103,  (byte)43, (byte)254, (byte)215, (byte)171, (byte)118,
-        (byte)202, (byte)130, (byte)201, (byte)125, (byte)250,  (byte)89,  (byte)71, (byte)240, (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192,
-        (byte)183, (byte)253, (byte)147,  (byte)38,  (byte)54,  (byte)63, (byte)247, (byte)204,  (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216,  (byte)49,  (byte)21,
-          (byte)4, (byte)199,  (byte)35, (byte)195,  (byte)24, (byte)150,   (byte)5, (byte)154,   (byte)7,  (byte)18, (byte)128, (byte)226, (byte)235,  (byte)39, (byte)178, (byte)117,
-          (byte)9, (byte)131,  (byte)44,  (byte)26,  (byte)27, (byte)110,  (byte)90, (byte)160,  (byte)82,  (byte)59, (byte)214, (byte)179,  (byte)41, (byte)227,  (byte)47, (byte)132,
-         (byte)83, (byte)209,   (byte)0, (byte)237,  (byte)32, (byte)252, (byte)177,  (byte)91, (byte)106, (byte)203, (byte)190,  (byte)57,  (byte)74,  (byte)76,  (byte)88, (byte)207,
-        (byte)208, (byte)239, (byte)170, (byte)251,  (byte)67,  (byte)77,  (byte)51, (byte)133,  (byte)69, (byte)249,   (byte)2, (byte)127,  (byte)80,  (byte)60, (byte)159, (byte)168,
-         (byte)81, (byte)163,  (byte)64, (byte)143, (byte)146, (byte)157,  (byte)56, (byte)245, (byte)188, (byte)182, (byte)218,  (byte)33,  (byte)16, (byte)255, (byte)243, (byte)210,
-        (byte)205,  (byte)12,  (byte)19, (byte)236,  (byte)95, (byte)151,  (byte)68,  (byte)23, (byte)196, (byte)167, (byte)126,  (byte)61, (byte)100,  (byte)93,  (byte)25, (byte)115,
-         (byte)96, (byte)129,  (byte)79, (byte)220,  (byte)34,  (byte)42, (byte)144, (byte)136,  (byte)70, (byte)238, (byte)184,  (byte)20, (byte)222,  (byte)94,  (byte)11, (byte)219,
-        (byte)224,  (byte)50,  (byte)58,  (byte)10,  (byte)73,   (byte)6,  (byte)36,  (byte)92, (byte)194, (byte)211, (byte)172,  (byte)98, (byte)145, (byte)149, (byte)228, (byte)121,
-        (byte)231, (byte)200,  (byte)55, (byte)109, (byte)141, (byte)213,  (byte)78, (byte)169, (byte)108,  (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174,   (byte)8,
-        (byte)186, (byte)120,  (byte)37,  (byte)46,  (byte)28, (byte)166, (byte)180, (byte)198, (byte)232, (byte)221, (byte)116,  (byte)31,  (byte)75, (byte)189, (byte)139, (byte)138,
-        (byte)112,  (byte)62, (byte)181, (byte)102,  (byte)72,   (byte)3, (byte)246,  (byte)14,  (byte)97,  (byte)53,  (byte)87, (byte)185, (byte)134, (byte)193,  (byte)29, (byte)158,
-        (byte)225, (byte)248, (byte)152,  (byte)17, (byte)105, (byte)217, (byte)142, (byte)148, (byte)155,  (byte)30, (byte)135, (byte)233, (byte)206,  (byte)85,  (byte)40, (byte)223,
-        (byte)140, (byte)161, (byte)137,  (byte)13, (byte)191, (byte)230,  (byte)66, (byte)104,  (byte)65, (byte)153,  (byte)45,  (byte)15, (byte)176,  (byte)84, (byte)187,  (byte)22,
-    };
-
-    private static final byte[] Si = {
-         (byte)82,   (byte)9, (byte)106, (byte)213,  (byte)48,  (byte)54, (byte)165,  (byte)56, (byte)191,  (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251,
-        (byte)124, (byte)227,  (byte)57, (byte)130, (byte)155,  (byte)47, (byte)255, (byte)135,  (byte)52, (byte)142,  (byte)67,  (byte)68, (byte)196, (byte)222, (byte)233, (byte)203,
-         (byte)84, (byte)123, (byte)148,  (byte)50, (byte)166, (byte)194,  (byte)35,  (byte)61, (byte)238,  (byte)76, (byte)149,  (byte)11,  (byte)66, (byte)250, (byte)195,  (byte)78,
-          (byte)8,  (byte)46, (byte)161, (byte)102,  (byte)40, (byte)217,  (byte)36, (byte)178, (byte)118,  (byte)91, (byte)162,  (byte)73, (byte)109, (byte)139, (byte)209,  (byte)37,
-        (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152,  (byte)22, (byte)212, (byte)164,  (byte)92, (byte)204,  (byte)93, (byte)101, (byte)182, (byte)146,
-        (byte)108, (byte)112,  (byte)72,  (byte)80, (byte)253, (byte)237, (byte)185, (byte)218,  (byte)94,  (byte)21,  (byte)70,  (byte)87, (byte)167, (byte)141, (byte)157, (byte)132,
-        (byte)144, (byte)216, (byte)171,   (byte)0, (byte)140, (byte)188, (byte)211,  (byte)10, (byte)247, (byte)228,  (byte)88,   (byte)5, (byte)184, (byte)179,  (byte)69,   (byte)6,
-        (byte)208,  (byte)44,  (byte)30, (byte)143, (byte)202,  (byte)63,  (byte)15,   (byte)2, (byte)193, (byte)175, (byte)189,   (byte)3,   (byte)1,  (byte)19, (byte)138, (byte)107,
-         (byte)58, (byte)145,  (byte)17,  (byte)65,  (byte)79, (byte)103, (byte)220, (byte)234, (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115,
-        (byte)150, (byte)172, (byte)116,  (byte)34, (byte)231, (byte)173,  (byte)53, (byte)133, (byte)226, (byte)249,  (byte)55, (byte)232,  (byte)28, (byte)117, (byte)223, (byte)110,
-         (byte)71, (byte)241,  (byte)26, (byte)113,  (byte)29,  (byte)41, (byte)197, (byte)137, (byte)111, (byte)183,  (byte)98,  (byte)14, (byte)170,  (byte)24, (byte)190,  (byte)27,
-        (byte)252,  (byte)86,  (byte)62,  (byte)75, (byte)198, (byte)210, (byte)121,  (byte)32, (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205,  (byte)90, (byte)244,
-         (byte)31, (byte)221, (byte)168,  (byte)51, (byte)136,   (byte)7, (byte)199,  (byte)49, (byte)177,  (byte)18,  (byte)16,  (byte)89,  (byte)39, (byte)128, (byte)236,  (byte)95,
-         (byte)96,  (byte)81, (byte)127, (byte)169,  (byte)25, (byte)181,  (byte)74,  (byte)13,  (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239,
-        (byte)160, (byte)224,  (byte)59,  (byte)77, (byte)174,  (byte)42, (byte)245, (byte)176, (byte)200, (byte)235, (byte)187,  (byte)60, (byte)131,  (byte)83, (byte)153,  (byte)97,
-         (byte)23,  (byte)43,   (byte)4, (byte)126, (byte)186, (byte)119, (byte)214,  (byte)38, (byte)225, (byte)105,  (byte)20,  (byte)99,  (byte)85,  (byte)33,  (byte)12, (byte)125,
-        };
-
-    private static final int[] rcon = {
-          0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 };
-
-    static byte[][] shifts0 =
-    {
-       { 0, 8, 16, 24 },
-       { 0, 8, 16, 24 },
-       { 0, 8, 16, 24 },
-       { 0, 8, 16, 32 },
-       { 0, 8, 24, 32 }
-    };
-
-    static byte[][] shifts1 =
-    {
-       { 0, 24, 16, 8 },
-       { 0, 32, 24, 16 },
-       { 0, 40, 32, 24 },
-       { 0, 48, 40, 24 },
-       { 0, 56, 40, 32 }
-    };
-
-    /**
-     * multiply two elements of GF(2^m)
-     * needed for MixColumn and InvMixColumn
-     */
-    private byte mul0x2(
-        int b)
-    {
-        if (b != 0)
-        {
-            return aLogtable[25 + (logtable[b] & 0xff)];
-        }
-        else
-        {
-            return 0;
-        }
-    }
-
-    private byte mul0x3(
-        int b)
-    {
-        if (b != 0)
-        {
-            return aLogtable[1 + (logtable[b] & 0xff)];
-        }
-        else
-        {
-            return 0;
-        }
-    }
-
-    private byte mul0x9(
-        int b)
-    {
-        if (b >= 0)
-        {
-            return aLogtable[199 + b];
-        }
-        else
-        {
-            return 0;
-        }
-    }
-
-    private byte mul0xb(
-        int b)
-    {
-        if (b >= 0)
-        {
-            return aLogtable[104 + b];
-        }
-        else
-        {
-            return 0;
-        }
-    }
-
-    private byte mul0xd(
-        int b)
-    {
-        if (b >= 0)
-        {
-            return aLogtable[238 + b];
-        }
-        else
-        {
-            return 0;
-        }
-    }
-
-    private byte mul0xe(
-        int b)
-    {
-        if (b >= 0)
-        {
-            return aLogtable[223 + b];
-        }
-        else
-        {
-            return 0;
-        }
-    }
-
-    /**
-     * xor corresponding text input and round key input bytes
-     */
-    private void KeyAddition(
-        long[] rk)
-    {
-        A0 ^= rk[0];
-        A1 ^= rk[1];
-        A2 ^= rk[2];
-        A3 ^= rk[3];
-    }
-
-    private long shift(
-        long    r,
-        int     shift)
-    {
-        return (((r >>> shift) | (r << (BC - shift)))) & BC_MASK;
-    }
-
-    /**
-     * Row 0 remains unchanged
-     * The other three rows are shifted a variable amount
-     */
-    private void ShiftRow(
-        byte[]      shiftsSC)
-    {
-        A1 = shift(A1, shiftsSC[1]);
-        A2 = shift(A2, shiftsSC[2]);
-        A3 = shift(A3, shiftsSC[3]);
-    }
-
-    private long applyS(
-        long    r,
-        byte[]  box)
-    {
-        long    res = 0;
-
-        for (int j = 0; j < BC; j += 8)
-        {
-            res |= (long)(box[(int)((r >> j) & 0xff)] & 0xff) << j;
-        }
-
-        return res;
-    }
-
-    /**
-     * Replace every byte of the input by the byte at that place
-     * in the nonlinear S-box
-     */
-    private void Substitution(
-        byte[]      box)
-    {
-        A0 = applyS(A0, box);
-        A1 = applyS(A1, box);
-        A2 = applyS(A2, box);
-        A3 = applyS(A3, box);
-    }
-
-    /**
-     * Mix the bytes of every column in a linear way
-     */
-    private void MixColumn()
-    {
-        long r0, r1, r2, r3;
-
-        r0 = r1 = r2 = r3 = 0;
-
-        for (int j = 0; j < BC; j += 8)
-        {
-            int a0 = (int)((A0 >> j) & 0xff);
-            int a1 = (int)((A1 >> j) & 0xff);
-            int a2 = (int)((A2 >> j) & 0xff);
-            int a3 = (int)((A3 >> j) & 0xff);
-
-            r0 |= (long)((mul0x2(a0) ^ mul0x3(a1) ^ a2 ^ a3) & 0xff) << j;
-
-            r1 |= (long)((mul0x2(a1) ^ mul0x3(a2) ^ a3 ^ a0) & 0xff) << j;
-
-            r2 |= (long)((mul0x2(a2) ^ mul0x3(a3) ^ a0 ^ a1) & 0xff) << j;
-
-            r3 |= (long)((mul0x2(a3) ^ mul0x3(a0) ^ a1 ^ a2) & 0xff) << j;
-        }
-
-        A0 = r0;
-        A1 = r1;
-        A2 = r2;
-        A3 = r3;
-    }
-
-    /**
-     * Mix the bytes of every column in a linear way
-     * This is the opposite operation of Mixcolumn
-     */
-    private void InvMixColumn()
-    {
-        long r0, r1, r2, r3;
-
-        r0 = r1 = r2 = r3 = 0;
-        for (int j = 0; j < BC; j += 8)
-        {
-            int a0 = (int)((A0 >> j) & 0xff);
-            int a1 = (int)((A1 >> j) & 0xff);
-            int a2 = (int)((A2 >> j) & 0xff);
-            int a3 = (int)((A3 >> j) & 0xff);
-
-            //
-            // pre-lookup the log table
-            //
-            a0 = (a0 != 0) ? (logtable[a0 & 0xff] & 0xff) : -1;
-            a1 = (a1 != 0) ? (logtable[a1 & 0xff] & 0xff) : -1;
-            a2 = (a2 != 0) ? (logtable[a2 & 0xff] & 0xff) : -1;
-            a3 = (a3 != 0) ? (logtable[a3 & 0xff] & 0xff) : -1;
-
-            r0 |= (long)((mul0xe(a0) ^ mul0xb(a1) ^ mul0xd(a2) ^ mul0x9(a3)) & 0xff) << j;
-
-            r1 |= (long)((mul0xe(a1) ^ mul0xb(a2) ^ mul0xd(a3) ^ mul0x9(a0)) & 0xff) << j;
-
-            r2 |= (long)((mul0xe(a2) ^ mul0xb(a3) ^ mul0xd(a0) ^ mul0x9(a1)) & 0xff) << j;
-
-            r3 |= (long)((mul0xe(a3) ^ mul0xb(a0) ^ mul0xd(a1) ^ mul0x9(a2)) & 0xff) << j;
-        }
-
-        A0 = r0;
-        A1 = r1;
-        A2 = r2;
-        A3 = r3;
-    }
-
-    /**
-     * Calculate the necessary round keys
-     * The number of calculations depends on keyBits and blockBits
-     */
-    private long[][] generateWorkingKey(
-        byte[]      key)
-    {
-        int         KC;
-        int         t, rconpointer = 0;
-        int         keyBits = key.length * 8;
-        byte[][]    tk = new byte[4][MAXKC];
-        long[][]    W = new long[MAXROUNDS+1][4];
-
-        switch (keyBits)
-        {
-        case 128:
-            KC = 4;
-            break;
-        case 160:
-            KC = 5;
-            break;
-        case 192:
-            KC = 6;
-            break;
-        case 224:
-            KC = 7;
-            break;
-        case 256:
-            KC = 8;
-            break;
-        default :
-            throw new IllegalArgumentException("Key length not 128/160/192/224/256 bits.");
-        }
-
-        if (keyBits >= blockBits)
-        {
-            ROUNDS = KC + 6;
-        }
-        else
-        {
-            ROUNDS = (BC / 8) + 6;
-        }
-
-        //
-        // copy the key into the processing area
-        //
-        int index = 0;
-
-        for (int i = 0; i < key.length; i++)
-        {
-            tk[i % 4][i / 4] = key[index++];
-        }
-
-        t = 0;
-
-        //
-        // copy values into round key array
-        //
-        for (int j = 0; (j < KC) && (t < (ROUNDS+1)*(BC / 8)); j++, t++)
-        {
-            for (int i = 0; i < 4; i++)
-            {
-                W[t / (BC / 8)][i] |= (long)(tk[i][j] & 0xff) << ((t * 8) % BC);
-            }
-        }
-
-        //
-        // while not enough round key material calculated
-        // calculate new values
-        //
-        while (t < (ROUNDS+1)*(BC/8))
-        {
-            for (int i = 0; i < 4; i++)
-            {
-                tk[i][0] ^= S[tk[(i+1)%4][KC-1] & 0xff];
-            }
-            tk[0][0] ^= rcon[rconpointer++];
-
-            if (KC <= 6)
-            {
-                for (int j = 1; j < KC; j++)
-                {
-                    for (int i = 0; i < 4; i++)
-                    {
-                        tk[i][j] ^= tk[i][j-1];
-                    }
-                }
-            }
-            else
-            {
-                for (int j = 1; j < 4; j++)
-                {
-                    for (int i = 0; i < 4; i++)
-                    {
-                        tk[i][j] ^= tk[i][j-1];
-                    }
-                }
-                for (int i = 0; i < 4; i++)
-                {
-                    tk[i][4] ^= S[tk[i][3] & 0xff];
-                }
-                for (int j = 5; j < KC; j++)
-                {
-                    for (int i = 0; i < 4; i++)
-                    {
-                        tk[i][j] ^= tk[i][j-1];
-                    }
-                }
-            }
-
-            //
-            // copy values into round key array
-            //
-            for (int j = 0; (j < KC) && (t < (ROUNDS+1)*(BC/8)); j++, t++)
-            {
-                for (int i = 0; i < 4; i++)
-                {
-                    W[t / (BC/8)][i] |= (long)(tk[i][j] & 0xff) << ((t * 8) % (BC));
-                }
-            }
-        }
-
-        return W;
-    }
-
-    private int         BC;
-    private long        BC_MASK;
-    private int         ROUNDS;
-    private int         blockBits;
-    private long[][]    workingKey;
-    private long        A0, A1, A2, A3;
-    private boolean     forEncryption;
-    private byte[]      shifts0SC;
-    private byte[]      shifts1SC;
-
-    /**
-     * default constructor - 128 bit block size.
-     */
-    public RijndaelEngine()
-    {
-        this(128);
-    }
-
-    /**
-     * basic constructor - set the cipher up for a given blocksize
-     *
-     * @param blockBits the blocksize in bits, must be 128, 192, or 256.
-     */
-    public RijndaelEngine(
-        int blockBits)
-    {
-        switch (blockBits)
-        {
-        case 128:
-            BC = 32;
-            BC_MASK = 0xffffffffL;
-            shifts0SC = shifts0[0];
-            shifts1SC = shifts1[0];
-            break;
-        case 160:
-            BC = 40;
-            BC_MASK = 0xffffffffffL;
-            shifts0SC = shifts0[1];
-            shifts1SC = shifts1[1];
-            break;
-        case 192:
-            BC = 48;
-            BC_MASK = 0xffffffffffffL;
-            shifts0SC = shifts0[2];
-            shifts1SC = shifts1[2];
-            break;
-        case 224:
-            BC = 56;
-            BC_MASK = 0xffffffffffffffL;
-            shifts0SC = shifts0[3];
-            shifts1SC = shifts1[3];
-            break;
-        case 256:
-            BC = 64;
-            BC_MASK = 0xffffffffffffffffL;
-            shifts0SC = shifts0[4];
-            shifts1SC = shifts1[4];
-            break;
-        default:
-            throw new IllegalArgumentException("unknown blocksize to Rijndael");
-        }
-
-        this.blockBits = blockBits;
-    }
-
-    /**
-     * initialise a Rijndael cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           forEncryption,
-        CipherParameters  params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            workingKey = generateWorkingKey(((KeyParameter)params).getKey());
-            this.forEncryption = forEncryption;
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to Rijndael init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Rijndael";
-    }
-
-    public int getBlockSize()
-    {
-        return BC / 2;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("Rijndael engine not initialised");
-        }
-
-        if ((inOff + (BC / 2)) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + (BC / 2)) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (forEncryption)
-        {
-            unpackBlock(in, inOff);
-            encryptBlock(workingKey);
-            packBlock(out, outOff);
-        }
-        else
-        {
-            unpackBlock(in, inOff);
-            decryptBlock(workingKey);
-            packBlock(out, outOff);
-        }
-
-        return BC / 2;
-    }
-
-    public void reset()
-    {
-    }
-
-    private void unpackBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        A0 = (bytes[index++] & 0xff);
-        A1 = (bytes[index++] & 0xff);
-        A2 = (bytes[index++] & 0xff);
-        A3 = (bytes[index++] & 0xff);
-
-        for (int j = 8; j != BC; j += 8)
-        {
-            A0 |= (long)(bytes[index++] & 0xff) << j;
-            A1 |= (long)(bytes[index++] & 0xff) << j;
-            A2 |= (long)(bytes[index++] & 0xff) << j;
-            A3 |= (long)(bytes[index++] & 0xff) << j;
-        }
-    }
-
-    private void packBlock(
-        byte[]      bytes,
-        int         off)
-    {
-        int     index = off;
-
-        for (int j = 0; j != BC; j += 8)
-        {
-            bytes[index++] = (byte)(A0 >> j);
-            bytes[index++] = (byte)(A1 >> j);
-            bytes[index++] = (byte)(A2 >> j);
-            bytes[index++] = (byte)(A3 >> j);
-        }
-    }
-
-    private void encryptBlock(
-        long[][] rk)
-    {
-        int r;
-
-        //
-        // begin with a key addition
-        //
-        KeyAddition(rk[0]);
-
-        //
-        // ROUNDS-1 ordinary rounds
-        //
-        for (r = 1; r < ROUNDS; r++)
-        {
-            Substitution(S);
-            ShiftRow(shifts0SC);
-            MixColumn();
-            KeyAddition(rk[r]);
-        }
-
-        //
-        // Last round is special: there is no MixColumn
-        //
-        Substitution(S);
-        ShiftRow(shifts0SC);
-        KeyAddition(rk[ROUNDS]);
-    }
-
-    private void decryptBlock(
-        long[][] rk)
-    {
-        int r;
-
-        // To decrypt: apply the inverse operations of the encrypt routine,
-        //             in opposite order
-        //
-        // (KeyAddition is an involution: it 's equal to its inverse)
-        // (the inverse of Substitution with table S is Substitution with the inverse table of S)
-        // (the inverse of Shiftrow is Shiftrow over a suitable distance)
-        //
-
-        // First the special round:
-        //   without InvMixColumn
-        //   with extra KeyAddition
-        //
-        KeyAddition(rk[ROUNDS]);
-        Substitution(Si);
-        ShiftRow(shifts1SC);
-
-        //
-        // ROUNDS-1 ordinary rounds
-        //
-        for (r = ROUNDS-1; r > 0; r--)
-        {
-            KeyAddition(rk[r]);
-            InvMixColumn();
-            Substitution(Si);
-            ShiftRow(shifts1SC);
-        }
-
-        //
-        // End with the extra key addition
-        //
-        KeyAddition(rk[0]);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDEngine.java
deleted file mode 100644
index 1ba2ca92a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDEngine.java
+++ /dev/null
@@ -1,345 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * Implementation of the SEED algorithm as described in RFC 4009
- */
-public class SEEDEngine
-    implements BlockCipher
-{
-    private final int BLOCK_SIZE = 16;
-
-    private static final int[] SS0 =
-        {
-            0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
-            0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
-            0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
-            0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
-            0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
-            0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
-            0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
-            0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
-            0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
-            0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
-            0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
-            0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
-            0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
-            0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
-            0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
-            0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
-            0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
-            0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
-            0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038,
-            0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
-            0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
-            0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
-            0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
-            0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
-            0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
-            0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
-            0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
-            0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
-            0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
-            0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
-            0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330,
-            0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
-        };
-
-    private static final int[] SS1 =
-        {
-
-            0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
-            0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
-            0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
-            0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
-            0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
-            0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
-            0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
-            0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
-            0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
-            0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
-            0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
-            0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
-            0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
-            0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171,
-            0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
-            0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
-            0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
-            0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
-            0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
-            0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
-            0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
-            0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
-            0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
-            0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
-            0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
-            0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
-            0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
-            0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
-            0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
-            0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
-            0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
-            0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
-        };
-
-    private static final int[] SS2 =
-        {
-
-            0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
-            0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
-            0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
-            0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
-            0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
-            0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
-            0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
-            0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
-            0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
-            0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
-            0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
-            0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
-            0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
-            0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
-            0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
-            0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
-            0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
-            0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
-            0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808,
-            0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
-            0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
-            0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
-            0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
-            0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
-            0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
-            0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
-            0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
-            0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
-            0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
-            0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
-            0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303,
-            0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
-        };
-
-
-    private static final int[] SS3 =
-        {
-
-            0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
-            0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
-            0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
-            0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
-            0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
-            0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
-            0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
-            0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
-            0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
-            0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
-            0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
-            0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
-            0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
-            0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031,
-            0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
-            0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
-            0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
-            0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
-            0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
-            0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
-            0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
-            0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
-            0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
-            0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
-            0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
-            0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
-            0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
-            0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
-            0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
-            0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
-            0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
-            0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
-        };
-
-
-    private static final int[] KC =
-        {
-            0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
-            0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
-            0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
-            0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b
-        };
-
-    private int[] wKey;
-    private boolean forEncryption;
-
-    public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-        wKey = createWorkingKey(((KeyParameter)params).getKey());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SEED";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(byte[] in, int inOff, byte[] out, int outOff) throws DataLengthException, IllegalStateException
-    {
-        if (wKey == null)
-        {
-            throw new IllegalStateException("SEED engine not initialised");
-        }
-
-        if (inOff + BLOCK_SIZE > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if (outOff + BLOCK_SIZE > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        long l = bytesToLong(in, inOff + 0);
-        long r = bytesToLong(in, inOff + 8);
-
-        if (forEncryption)
-        {
-            for (int i = 0; i < 16; i++)
-            {
-               long nl = r;
-
-               r = l ^ F(wKey[2 * i], wKey[(2 * i) + 1], r);
-               l = nl;
-            }
-        }
-        else
-        {
-            for (int i = 15; i >= 0; i--)
-            {
-               long nl = r;
-
-               r = l ^ F(wKey[2 * i], wKey[(2 * i) + 1], r);
-               l = nl;
-            }
-        }
-
-        longToBytes(out, outOff + 0, r);
-        longToBytes(out, outOff + 8, l);
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    private int[] createWorkingKey(byte[] inKey)
-    {
-        int[] key = new int[32];
-        long lower = bytesToLong(inKey, 0);
-        long upper = bytesToLong(inKey, 8);
-
-        int key0 = extractW0(lower);
-        int key1 = extractW1(lower);
-        int key2 = extractW0(upper);
-        int key3 = extractW1(upper);
-
-        for (int i = 0; i < 16; i++)
-        {
-            key[2 * i] = G(key0 + key2 - KC[i]);
-            key[2 * i + 1] = G(key1 - key3 + KC[i]);
-
-            if (i % 2 == 0)
-            {
-                lower = rotateRight8(lower);
-                key0 = extractW0(lower);
-                key1 = extractW1(lower);
-            }
-            else
-            {
-                upper = rotateLeft8(upper);
-                key2 = extractW0(upper);
-                key3 = extractW1(upper);
-            }
-        }
-
-        return key;
-    }
-
-    private int extractW1(long lVal)
-    {
-        return (int)lVal;
-    }
-
-    private int extractW0(long lVal)
-    {
-        return (int)(lVal >> 32);
-    }
-
-    private long rotateLeft8(long x)
-    {
-        return (x << 8) | (x >>> 56);
-    }
-
-    private long rotateRight8(long x)
-    {
-        return (x >>> 8) | (x << 56);
-    }
-
-    private long bytesToLong(
-        byte[]  src,
-        int     srcOff)
-    {
-        long    word = 0;
-
-        for (int i = 0; i <= 7; i++)
-        {
-            word = (word << 8) + (src[i + srcOff] & 0xff);
-        }
-
-        return word;
-    }
-
-    private void longToBytes(
-        byte[]  dest,
-        int     destOff,
-        long    value)
-    {
-        for (int i = 0; i < 8; i++)
-        {
-            dest[i + destOff] = (byte)(value >> ((7 - i) * 8));
-        }
-    }
-
-    private int G(int x)
-    {
-        return SS0[x & 0xff] ^ SS1[(x >> 8) & 0xff] ^ SS2[(x >> 16) & 0xff] ^ SS3[(x >> 24) & 0xff];
-    }
-
-    private long F(int ki0, int ki1, long r)
-    {
-        int r0 = (int)(r >> 32);
-        int r1 = (int)r;
-        int rd1 = phaseCalc2(r0, ki0, r1, ki1);
-        int rd0 = rd1 + phaseCalc1(r0, ki0, r1, ki1);
-
-        return ((long)rd0 << 32) | (rd1 & 0xffffffffL);
-    }
-
-    private int phaseCalc1(int r0, int ki0, int r1, int ki1)
-    {
-        return G(G((r0 ^ ki0) ^ (r1 ^ ki1)) + (r0 ^ ki0));
-    }
-
-    private int phaseCalc2(int r0, int ki0, int r1, int ki1)
-    {
-        return G(phaseCalc1(r0, ki0, r1, ki1) + G((r0 ^ ki0) ^ (r1 ^ ki1)));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java
deleted file mode 100644
index 5b65b00cd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-/**
- * An implementation of the SEED key wrapper based on RFC 4010/RFC 3394.
- * 

- * For further details see: http://www.ietf.org/rfc/rfc4010.txt.
- */
-public class SEEDWrapEngine
-    extends RFC3394WrapEngine
-{
-    public SEEDWrapEngine()
-    {
-        super(new SEEDEngine());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
deleted file mode 100644
index 719d2a605..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
+++ /dev/null
@@ -1,362 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.MaxBytesExceededException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Strings;
-
-/**
- * Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005
- */
-
-public class Salsa20Engine
-    implements StreamCipher
-{
-    /** Constants */
-    private final static int stateSize = 16; // 16, 32 bit ints = 64 bytes
-    
-    private final static byte[]
-        sigma = Strings.toByteArray("expand 32-byte k"),
-        tau   = Strings.toByteArray("expand 16-byte k");
-
-    /*
-     * variables to hold the state of the engine
-     * during encryption and decryption
-     */
-    private int         index = 0;
-    private int[]       engineState = new int[stateSize]; // state
-    private int[]       x = new int[stateSize] ; // internal buffer
-    private byte[]      keyStream   = new byte[stateSize * 4], // expanded state, 64 bytes
-                        workingKey  = null,
-                        workingIV   = null;
-    private boolean     initialised = false;
-    
-    /*
-     * internal counter
-     */
-    private int cW0, cW1, cW2;
-    
-
-    /**
-     * initialise a Salsa20 cipher.
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption, 
-        CipherParameters     params)
-    {
-        /* 
-        * Salsa20 encryption and decryption is completely
-        * symmetrical, so the 'forEncryption' is 
-        * irrelevant. (Like 90% of stream ciphers)
-        */
-
-        if (!(params instanceof ParametersWithIV))
-        {
-            throw new IllegalArgumentException("Salsa20 Init parameters must include an IV");
-        }
-
-        ParametersWithIV ivParams = (ParametersWithIV) params;
-
-        byte[] iv = ivParams.getIV();
-
-        if (iv == null || iv.length != 8)
-        {
-            throw new IllegalArgumentException("Salsa20 requires exactly 8 bytes of IV");
-        }
-
-        if (!(ivParams.getParameters() instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("Salsa20 Init parameters must include a key");
-        }
-
-        KeyParameter key = (KeyParameter) ivParams.getParameters();
-
-        workingKey = key.getKey();
-        workingIV = iv;
-
-        setKey(workingKey, workingIV);
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Salsa20";
-    }
-
-    public byte returnByte(byte in)
-    {
-        if (limitExceeded())
-        {
-            throw new MaxBytesExceededException("2^70 byte limit per IV; Change IV");
-        }
-        
-        if (index == 0)
-        {
-            salsa20WordToByte(engineState, keyStream);
-            engineState[8]++;
-            if (engineState[8] == 0)
-            {
-                engineState[9]++;
-            }
-        }
-        byte out = (byte)(keyStream[index]^in);
-        index = (index + 1) & 63;
-    
-        return out;
-    }
-
-    public void processBytes(
-        byte[]     in, 
-        int     inOff, 
-        int     len, 
-        byte[]     out, 
-        int     outOff)
-    {
-        if (!initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()+" not initialised");
-        }
-        
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (limitExceeded(len))
-        {
-            throw new MaxBytesExceededException("2^70 byte limit per IV would be exceeded; Change IV");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            if (index == 0)
-            {
-                salsa20WordToByte(engineState, keyStream);
-                engineState[8]++;
-                if (engineState[8] == 0)
-                {
-                    engineState[9]++;
-                }
-            }
-            out[i+outOff] = (byte)(keyStream[index]^in[i+inOff]);
-            index = (index + 1) & 63;
-        }
-    }
-
-    public void reset()
-    {
-        setKey(workingKey, workingIV);
-    }
-
-    // Private implementation
-
-    private void setKey(byte[] keyBytes, byte[] ivBytes)
-    {
-        workingKey = keyBytes;
-        workingIV  = ivBytes;
-
-        index = 0;
-        resetCounter();
-        int offset = 0;
-        byte[] constants;
-        
-        // Key
-        engineState[1] = byteToIntLittle(workingKey, 0);
-        engineState[2] = byteToIntLittle(workingKey, 4);
-        engineState[3] = byteToIntLittle(workingKey, 8);
-        engineState[4] = byteToIntLittle(workingKey, 12);
-        
-        if (workingKey.length == 32)
-        {
-            constants = sigma;
-            offset = 16;
-        }
-        else
-        {
-            constants = tau;
-        }
-        
-        engineState[11] = byteToIntLittle(workingKey, offset);
-        engineState[12] = byteToIntLittle(workingKey, offset+4);
-        engineState[13] = byteToIntLittle(workingKey, offset+8);
-        engineState[14] = byteToIntLittle(workingKey, offset+12);
-        engineState[0 ] = byteToIntLittle(constants, 0);
-        engineState[5 ] = byteToIntLittle(constants, 4);
-        engineState[10] = byteToIntLittle(constants, 8);
-        engineState[15] = byteToIntLittle(constants, 12);
-        
-        // IV
-        engineState[6] = byteToIntLittle(workingIV, 0);
-        engineState[7] = byteToIntLittle(workingIV, 4);
-        engineState[8] = engineState[9] = 0;
-        
-        initialised = true;
-    }
-    
-    /**
-     * Salsa20 function
-     *
-     * @param   input   input data
-     *
-     * @return  keystream
-     */    
-    private void salsa20WordToByte(int[] input, byte[] output)
-    {
-        System.arraycopy(input, 0, x, 0, input.length);
-
-        for (int i = 0; i < 10; i++)
-        {
-            x[ 4] ^= rotl((x[ 0]+x[12]), 7);
-            x[ 8] ^= rotl((x[ 4]+x[ 0]), 9);
-            x[12] ^= rotl((x[ 8]+x[ 4]),13);
-            x[ 0] ^= rotl((x[12]+x[ 8]),18);
-            x[ 9] ^= rotl((x[ 5]+x[ 1]), 7);
-            x[13] ^= rotl((x[ 9]+x[ 5]), 9);
-            x[ 1] ^= rotl((x[13]+x[ 9]),13);
-            x[ 5] ^= rotl((x[ 1]+x[13]),18);
-            x[14] ^= rotl((x[10]+x[ 6]), 7);
-            x[ 2] ^= rotl((x[14]+x[10]), 9);
-            x[ 6] ^= rotl((x[ 2]+x[14]),13);
-            x[10] ^= rotl((x[ 6]+x[ 2]),18);
-            x[ 3] ^= rotl((x[15]+x[11]), 7);
-            x[ 7] ^= rotl((x[ 3]+x[15]), 9);
-            x[11] ^= rotl((x[ 7]+x[ 3]),13);
-            x[15] ^= rotl((x[11]+x[ 7]),18);
-            x[ 1] ^= rotl((x[ 0]+x[ 3]), 7);
-            x[ 2] ^= rotl((x[ 1]+x[ 0]), 9);
-            x[ 3] ^= rotl((x[ 2]+x[ 1]),13);
-            x[ 0] ^= rotl((x[ 3]+x[ 2]),18);
-            x[ 6] ^= rotl((x[ 5]+x[ 4]), 7);
-            x[ 7] ^= rotl((x[ 6]+x[ 5]), 9);
-            x[ 4] ^= rotl((x[ 7]+x[ 6]),13);
-            x[ 5] ^= rotl((x[ 4]+x[ 7]),18);
-            x[11] ^= rotl((x[10]+x[ 9]), 7);
-            x[ 8] ^= rotl((x[11]+x[10]), 9);
-            x[ 9] ^= rotl((x[ 8]+x[11]),13);
-            x[10] ^= rotl((x[ 9]+x[ 8]),18);
-            x[12] ^= rotl((x[15]+x[14]), 7);
-            x[13] ^= rotl((x[12]+x[15]), 9);
-            x[14] ^= rotl((x[13]+x[12]),13);
-            x[15] ^= rotl((x[14]+x[13]),18);
-        }
-
-        int offset = 0;
-        for (int i = 0; i < stateSize; i++)
-        {
-            intToByteLittle(x[i] + input[i], output, offset);
-            offset += 4;
-        }
-
-        for (int i = stateSize; i < x.length; i++)
-        {
-            intToByteLittle(x[i], output, offset);
-            offset += 4;
-        }
-    }
-    
-    /**
-     * 32 bit word to 4 byte array in little endian order
-     *
-     * @param   x   value to 'unpack'
-     *
-     * @return  value of x expressed as a byte[] array in little endian order
-     */
-    private byte[] intToByteLittle(int x, byte[] out, int off)
-    {
-        out[off] = (byte)x;
-        out[off + 1] = (byte)(x >>> 8);
-        out[off + 2] = (byte)(x >>> 16);
-        out[off + 3] = (byte)(x >>> 24);
-        return out;
-    }
-    
-    /**
-     * Rotate left
-     *
-     * @param   x   value to rotate
-     * @param   y   amount to rotate x
-     *
-     * @return  rotated x
-     */
-    private int rotl(int x, int y)
-    {
-        return (x << y) | (x >>> -y);
-    }
-    
-    /**
-     * Pack byte[] array into an int in little endian order
-     *
-     * @param   x       byte array to 'pack'
-     * @param   offset  only x[offset]..x[offset+3] will be packed
-     *
-     * @return  x[offset]..x[offset+3] 'packed' into an int in little-endian order
-     */
-    private int byteToIntLittle(byte[] x, int offset)
-    {
-        return ((x[offset] & 255)) |
-               ((x[offset + 1] & 255) <<  8) |
-               ((x[offset + 2] & 255) << 16) |
-                (x[offset + 3] << 24);
-    }
-
-    private void resetCounter()
-    {
-        cW0 = 0;
-        cW1 = 0;
-        cW2 = 0;
-    }
-
-    private boolean limitExceeded()
-    {
-        cW0++;
-        if (cW0 == 0)
-        {
-            cW1++;
-            if (cW1 == 0)
-            {
-                cW2++;
-                return (cW2 & 0x20) != 0;          // 2^(32 + 32 + 6)
-            }
-        }
-
-        return false;
-    }
-
-    /*
-     * this relies on the fact len will always be positive.
-     */
-    private boolean limitExceeded(int len)
-    {
-        if (cW0 >= 0)
-        {
-            cW0 += len;
-        }
-        else
-        {
-            cW0 += len;
-            if (cW0 >= 0)
-            {
-                cW1++;
-                if (cW1 == 0)
-                {
-                    cW2++;
-                    return (cW2 & 0x20) != 0;          // 2^(32 + 32 + 6)
-                }
-            }
-        }
-
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
deleted file mode 100644
index a0a69543e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
+++ /dev/null
@@ -1,782 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * Serpent is a 128-bit 32-round block cipher with variable key lengths,
- * including 128, 192 and 256 bit keys conjectured to be at least as
- * secure as three-key triple-DES.
- * 

- * Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
- * candidate algorithm for the NIST AES Quest.>
- * 

- * For full details see the The Serpent home page
- */
-public class SerpentEngine
-    implements BlockCipher
-{
-    private static final int    BLOCK_SIZE = 16;
-
-    static final int ROUNDS = 32;
-    static final int PHI    = 0x9E3779B9;       // (sqrt(5) - 1) * 2**31
-
-    private boolean        encrypting;
-    private int[]          wKey;
-
-    private int           X0, X1, X2, X3;    // registers
-
-    /**
-     * initialise a Serpent cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting,
-        CipherParameters    params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            this.encrypting = encrypting;
-            this.wKey = makeWorkingKey(((KeyParameter)params).getKey());
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to Serpent init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Serpent";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public final int processBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        if (wKey == null)
-        {
-            throw new IllegalStateException("Serpent not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (encrypting)
-        {
-            encryptBlock(in, inOff, out, outOff);
-        }
-        else
-        {
-            decryptBlock(in, inOff, out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * Expand a user-supplied key material into a session key.
-     *
-     * @param key  The user-key bytes (multiples of 4) to use.
-     * @exception IllegalArgumentException
-     */
-    private int[] makeWorkingKey(
-        byte[] key)
-    throws  IllegalArgumentException
-    {
-        //
-        // pad key to 256 bits
-        //
-        int[]   kPad = new int[16];
-        int     off = 0;
-        int     length = 0;
-
-        for (off = key.length - 4; off > 0; off -= 4)
-        {
-            kPad[length++] = bytesToWord(key, off);
-        }
-
-        if (off == 0)
-        {
-            kPad[length++] = bytesToWord(key, 0);
-            if (length < 8)
-            {
-                kPad[length] = 1;
-            }
-        }
-        else
-        {
-            throw new IllegalArgumentException("key must be a multiple of 4 bytes");
-        }
-
-        //
-        // expand the padded key up to 33 x 128 bits of key material
-        //
-        int     amount = (ROUNDS + 1) * 4;
-        int[]   w = new int[amount];
-
-        //
-        // compute w0 to w7 from w-8 to w-1
-        //
-        for (int i = 8; i < 16; i++)
-        {
-            kPad[i] = rotateLeft(kPad[i - 8] ^ kPad[i - 5] ^ kPad[i - 3] ^ kPad[i - 1] ^ PHI ^ (i - 8), 11);
-        }
-
-        System.arraycopy(kPad, 8, w, 0, 8);
-
-        //
-        // compute w8 to w136
-        //
-        for (int i = 8; i < amount; i++)
-        {
-            w[i] = rotateLeft(w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);
-        }
-
-        //
-        // create the working keys by processing w with the Sbox and IP
-        //
-        sb3(w[0], w[1], w[2], w[3]);
-        w[0] = X0; w[1] = X1; w[2] = X2; w[3] = X3; 
-        sb2(w[4], w[5], w[6], w[7]);
-        w[4] = X0; w[5] = X1; w[6] = X2; w[7] = X3; 
-        sb1(w[8], w[9], w[10], w[11]);
-        w[8] = X0; w[9] = X1; w[10] = X2; w[11] = X3; 
-        sb0(w[12], w[13], w[14], w[15]);
-        w[12] = X0; w[13] = X1; w[14] = X2; w[15] = X3; 
-        sb7(w[16], w[17], w[18], w[19]);
-        w[16] = X0; w[17] = X1; w[18] = X2; w[19] = X3; 
-        sb6(w[20], w[21], w[22], w[23]);
-        w[20] = X0; w[21] = X1; w[22] = X2; w[23] = X3; 
-        sb5(w[24], w[25], w[26], w[27]);
-        w[24] = X0; w[25] = X1; w[26] = X2; w[27] = X3; 
-        sb4(w[28], w[29], w[30], w[31]);
-        w[28] = X0; w[29] = X1; w[30] = X2; w[31] = X3; 
-        sb3(w[32], w[33], w[34], w[35]);
-        w[32] = X0; w[33] = X1; w[34] = X2; w[35] = X3; 
-        sb2(w[36], w[37], w[38], w[39]);
-        w[36] = X0; w[37] = X1; w[38] = X2; w[39] = X3; 
-        sb1(w[40], w[41], w[42], w[43]);
-        w[40] = X0; w[41] = X1; w[42] = X2; w[43] = X3; 
-        sb0(w[44], w[45], w[46], w[47]);
-        w[44] = X0; w[45] = X1; w[46] = X2; w[47] = X3; 
-        sb7(w[48], w[49], w[50], w[51]);
-        w[48] = X0; w[49] = X1; w[50] = X2; w[51] = X3; 
-        sb6(w[52], w[53], w[54], w[55]);
-        w[52] = X0; w[53] = X1; w[54] = X2; w[55] = X3; 
-        sb5(w[56], w[57], w[58], w[59]);
-        w[56] = X0; w[57] = X1; w[58] = X2; w[59] = X3; 
-        sb4(w[60], w[61], w[62], w[63]);
-        w[60] = X0; w[61] = X1; w[62] = X2; w[63] = X3; 
-        sb3(w[64], w[65], w[66], w[67]);
-        w[64] = X0; w[65] = X1; w[66] = X2; w[67] = X3; 
-        sb2(w[68], w[69], w[70], w[71]);
-        w[68] = X0; w[69] = X1; w[70] = X2; w[71] = X3; 
-        sb1(w[72], w[73], w[74], w[75]);
-        w[72] = X0; w[73] = X1; w[74] = X2; w[75] = X3; 
-        sb0(w[76], w[77], w[78], w[79]);
-        w[76] = X0; w[77] = X1; w[78] = X2; w[79] = X3; 
-        sb7(w[80], w[81], w[82], w[83]);
-        w[80] = X0; w[81] = X1; w[82] = X2; w[83] = X3; 
-        sb6(w[84], w[85], w[86], w[87]);
-        w[84] = X0; w[85] = X1; w[86] = X2; w[87] = X3; 
-        sb5(w[88], w[89], w[90], w[91]);
-        w[88] = X0; w[89] = X1; w[90] = X2; w[91] = X3; 
-        sb4(w[92], w[93], w[94], w[95]);
-        w[92] = X0; w[93] = X1; w[94] = X2; w[95] = X3; 
-        sb3(w[96], w[97], w[98], w[99]);
-        w[96] = X0; w[97] = X1; w[98] = X2; w[99] = X3; 
-        sb2(w[100], w[101], w[102], w[103]);
-        w[100] = X0; w[101] = X1; w[102] = X2; w[103] = X3; 
-        sb1(w[104], w[105], w[106], w[107]);
-        w[104] = X0; w[105] = X1; w[106] = X2; w[107] = X3; 
-        sb0(w[108], w[109], w[110], w[111]);
-        w[108] = X0; w[109] = X1; w[110] = X2; w[111] = X3; 
-        sb7(w[112], w[113], w[114], w[115]);
-        w[112] = X0; w[113] = X1; w[114] = X2; w[115] = X3; 
-        sb6(w[116], w[117], w[118], w[119]);
-        w[116] = X0; w[117] = X1; w[118] = X2; w[119] = X3; 
-        sb5(w[120], w[121], w[122], w[123]);
-        w[120] = X0; w[121] = X1; w[122] = X2; w[123] = X3; 
-        sb4(w[124], w[125], w[126], w[127]);
-        w[124] = X0; w[125] = X1; w[126] = X2; w[127] = X3; 
-        sb3(w[128], w[129], w[130], w[131]);
-        w[128] = X0; w[129] = X1; w[130] = X2; w[131] = X3; 
-
-        return w;
-    }
-
-    private int rotateLeft(
-        int     x,
-        int     bits)
-    {
-        return (x << bits) | (x >>> -bits);
-    }
-
-    private int rotateRight(
-        int     x,
-        int     bits)
-    {
-        return (x >>> bits) | (x << -bits);
-    }
-
-    private int bytesToWord(
-        byte[]  src,
-        int     srcOff)
-    {
-        return (((src[srcOff] & 0xff) << 24) | ((src[srcOff + 1] & 0xff) <<  16) |
-          ((src[srcOff + 2] & 0xff) << 8) | ((src[srcOff + 3] & 0xff)));
-    }
-
-    private void wordToBytes(
-        int     word,
-        byte[]  dst,
-        int     dstOff)
-    {
-        dst[dstOff + 3] = (byte)(word);
-        dst[dstOff + 2] = (byte)(word >>> 8);
-        dst[dstOff + 1] = (byte)(word >>> 16);
-        dst[dstOff]     = (byte)(word >>> 24);
-    }
-
-    /**
-     * Encrypt one block of plaintext.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     */
-    private void encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        X3 = bytesToWord(in, inOff);
-        X2 = bytesToWord(in, inOff + 4);
-        X1 = bytesToWord(in, inOff + 8);
-        X0 = bytesToWord(in, inOff + 12);
-
-        sb0(wKey[0] ^ X0, wKey[1] ^ X1, wKey[2] ^ X2, wKey[3] ^ X3); LT();
-        sb1(wKey[4] ^ X0, wKey[5] ^ X1, wKey[6] ^ X2, wKey[7] ^ X3); LT();
-        sb2(wKey[8] ^ X0, wKey[9] ^ X1, wKey[10] ^ X2, wKey[11] ^ X3); LT();
-        sb3(wKey[12] ^ X0, wKey[13] ^ X1, wKey[14] ^ X2, wKey[15] ^ X3); LT();
-        sb4(wKey[16] ^ X0, wKey[17] ^ X1, wKey[18] ^ X2, wKey[19] ^ X3); LT();
-        sb5(wKey[20] ^ X0, wKey[21] ^ X1, wKey[22] ^ X2, wKey[23] ^ X3); LT();
-        sb6(wKey[24] ^ X0, wKey[25] ^ X1, wKey[26] ^ X2, wKey[27] ^ X3); LT();
-        sb7(wKey[28] ^ X0, wKey[29] ^ X1, wKey[30] ^ X2, wKey[31] ^ X3); LT();
-        sb0(wKey[32] ^ X0, wKey[33] ^ X1, wKey[34] ^ X2, wKey[35] ^ X3); LT();
-        sb1(wKey[36] ^ X0, wKey[37] ^ X1, wKey[38] ^ X2, wKey[39] ^ X3); LT();
-        sb2(wKey[40] ^ X0, wKey[41] ^ X1, wKey[42] ^ X2, wKey[43] ^ X3); LT();
-        sb3(wKey[44] ^ X0, wKey[45] ^ X1, wKey[46] ^ X2, wKey[47] ^ X3); LT();
-        sb4(wKey[48] ^ X0, wKey[49] ^ X1, wKey[50] ^ X2, wKey[51] ^ X3); LT();
-        sb5(wKey[52] ^ X0, wKey[53] ^ X1, wKey[54] ^ X2, wKey[55] ^ X3); LT();
-        sb6(wKey[56] ^ X0, wKey[57] ^ X1, wKey[58] ^ X2, wKey[59] ^ X3); LT();
-        sb7(wKey[60] ^ X0, wKey[61] ^ X1, wKey[62] ^ X2, wKey[63] ^ X3); LT();
-        sb0(wKey[64] ^ X0, wKey[65] ^ X1, wKey[66] ^ X2, wKey[67] ^ X3); LT();
-        sb1(wKey[68] ^ X0, wKey[69] ^ X1, wKey[70] ^ X2, wKey[71] ^ X3); LT();
-        sb2(wKey[72] ^ X0, wKey[73] ^ X1, wKey[74] ^ X2, wKey[75] ^ X3); LT();
-        sb3(wKey[76] ^ X0, wKey[77] ^ X1, wKey[78] ^ X2, wKey[79] ^ X3); LT();
-        sb4(wKey[80] ^ X0, wKey[81] ^ X1, wKey[82] ^ X2, wKey[83] ^ X3); LT();
-        sb5(wKey[84] ^ X0, wKey[85] ^ X1, wKey[86] ^ X2, wKey[87] ^ X3); LT();
-        sb6(wKey[88] ^ X0, wKey[89] ^ X1, wKey[90] ^ X2, wKey[91] ^ X3); LT();
-        sb7(wKey[92] ^ X0, wKey[93] ^ X1, wKey[94] ^ X2, wKey[95] ^ X3); LT();
-        sb0(wKey[96] ^ X0, wKey[97] ^ X1, wKey[98] ^ X2, wKey[99] ^ X3); LT();
-        sb1(wKey[100] ^ X0, wKey[101] ^ X1, wKey[102] ^ X2, wKey[103] ^ X3); LT();
-        sb2(wKey[104] ^ X0, wKey[105] ^ X1, wKey[106] ^ X2, wKey[107] ^ X3); LT();
-        sb3(wKey[108] ^ X0, wKey[109] ^ X1, wKey[110] ^ X2, wKey[111] ^ X3); LT();
-        sb4(wKey[112] ^ X0, wKey[113] ^ X1, wKey[114] ^ X2, wKey[115] ^ X3); LT();
-        sb5(wKey[116] ^ X0, wKey[117] ^ X1, wKey[118] ^ X2, wKey[119] ^ X3); LT();
-        sb6(wKey[120] ^ X0, wKey[121] ^ X1, wKey[122] ^ X2, wKey[123] ^ X3); LT();
-        sb7(wKey[124] ^ X0, wKey[125] ^ X1, wKey[126] ^ X2, wKey[127] ^ X3);
-
-        wordToBytes(wKey[131] ^ X3, out, outOff);
-        wordToBytes(wKey[130] ^ X2, out, outOff + 4);
-        wordToBytes(wKey[129] ^ X1, out, outOff + 8);
-        wordToBytes(wKey[128] ^ X0, out, outOff + 12);
-    }
-
-    /**
-     * Decrypt one block of ciphertext.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     */
-    private void decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        X3 = wKey[131] ^ bytesToWord(in, inOff);
-        X2 = wKey[130] ^ bytesToWord(in, inOff + 4);
-        X1 = wKey[129] ^ bytesToWord(in, inOff + 8);
-        X0 = wKey[128] ^ bytesToWord(in, inOff + 12);
-
-        ib7(X0, X1, X2, X3);
-        X0 ^= wKey[124]; X1 ^= wKey[125]; X2 ^= wKey[126]; X3 ^= wKey[127];
-        inverseLT(); ib6(X0, X1, X2, X3);
-        X0 ^= wKey[120]; X1 ^= wKey[121]; X2 ^= wKey[122]; X3 ^= wKey[123];
-        inverseLT(); ib5(X0, X1, X2, X3);
-        X0 ^= wKey[116]; X1 ^= wKey[117]; X2 ^= wKey[118]; X3 ^= wKey[119];
-        inverseLT(); ib4(X0, X1, X2, X3);
-        X0 ^= wKey[112]; X1 ^= wKey[113]; X2 ^= wKey[114]; X3 ^= wKey[115];
-        inverseLT(); ib3(X0, X1, X2, X3);
-        X0 ^= wKey[108]; X1 ^= wKey[109]; X2 ^= wKey[110]; X3 ^= wKey[111];
-        inverseLT(); ib2(X0, X1, X2, X3);
-        X0 ^= wKey[104]; X1 ^= wKey[105]; X2 ^= wKey[106]; X3 ^= wKey[107];
-        inverseLT(); ib1(X0, X1, X2, X3);
-        X0 ^= wKey[100]; X1 ^= wKey[101]; X2 ^= wKey[102]; X3 ^= wKey[103];
-        inverseLT(); ib0(X0, X1, X2, X3);
-        X0 ^= wKey[96]; X1 ^= wKey[97]; X2 ^= wKey[98]; X3 ^= wKey[99];
-        inverseLT(); ib7(X0, X1, X2, X3);
-        X0 ^= wKey[92]; X1 ^= wKey[93]; X2 ^= wKey[94]; X3 ^= wKey[95];
-        inverseLT(); ib6(X0, X1, X2, X3);
-        X0 ^= wKey[88]; X1 ^= wKey[89]; X2 ^= wKey[90]; X3 ^= wKey[91];
-        inverseLT(); ib5(X0, X1, X2, X3);
-        X0 ^= wKey[84]; X1 ^= wKey[85]; X2 ^= wKey[86]; X3 ^= wKey[87];
-        inverseLT(); ib4(X0, X1, X2, X3);
-        X0 ^= wKey[80]; X1 ^= wKey[81]; X2 ^= wKey[82]; X3 ^= wKey[83];
-        inverseLT(); ib3(X0, X1, X2, X3);
-        X0 ^= wKey[76]; X1 ^= wKey[77]; X2 ^= wKey[78]; X3 ^= wKey[79];
-        inverseLT(); ib2(X0, X1, X2, X3);
-        X0 ^= wKey[72]; X1 ^= wKey[73]; X2 ^= wKey[74]; X3 ^= wKey[75];
-        inverseLT(); ib1(X0, X1, X2, X3);
-        X0 ^= wKey[68]; X1 ^= wKey[69]; X2 ^= wKey[70]; X3 ^= wKey[71];
-        inverseLT(); ib0(X0, X1, X2, X3);
-        X0 ^= wKey[64]; X1 ^= wKey[65]; X2 ^= wKey[66]; X3 ^= wKey[67];
-        inverseLT(); ib7(X0, X1, X2, X3);
-        X0 ^= wKey[60]; X1 ^= wKey[61]; X2 ^= wKey[62]; X3 ^= wKey[63];
-        inverseLT(); ib6(X0, X1, X2, X3);
-        X0 ^= wKey[56]; X1 ^= wKey[57]; X2 ^= wKey[58]; X3 ^= wKey[59];
-        inverseLT(); ib5(X0, X1, X2, X3);
-        X0 ^= wKey[52]; X1 ^= wKey[53]; X2 ^= wKey[54]; X3 ^= wKey[55];
-        inverseLT(); ib4(X0, X1, X2, X3);
-        X0 ^= wKey[48]; X1 ^= wKey[49]; X2 ^= wKey[50]; X3 ^= wKey[51];
-        inverseLT(); ib3(X0, X1, X2, X3);
-        X0 ^= wKey[44]; X1 ^= wKey[45]; X2 ^= wKey[46]; X3 ^= wKey[47];
-        inverseLT(); ib2(X0, X1, X2, X3);
-        X0 ^= wKey[40]; X1 ^= wKey[41]; X2 ^= wKey[42]; X3 ^= wKey[43];
-        inverseLT(); ib1(X0, X1, X2, X3);
-        X0 ^= wKey[36]; X1 ^= wKey[37]; X2 ^= wKey[38]; X3 ^= wKey[39];
-        inverseLT(); ib0(X0, X1, X2, X3);
-        X0 ^= wKey[32]; X1 ^= wKey[33]; X2 ^= wKey[34]; X3 ^= wKey[35];
-        inverseLT(); ib7(X0, X1, X2, X3);
-        X0 ^= wKey[28]; X1 ^= wKey[29]; X2 ^= wKey[30]; X3 ^= wKey[31];
-        inverseLT(); ib6(X0, X1, X2, X3);
-        X0 ^= wKey[24]; X1 ^= wKey[25]; X2 ^= wKey[26]; X3 ^= wKey[27];
-        inverseLT(); ib5(X0, X1, X2, X3);
-        X0 ^= wKey[20]; X1 ^= wKey[21]; X2 ^= wKey[22]; X3 ^= wKey[23];
-        inverseLT(); ib4(X0, X1, X2, X3);
-        X0 ^= wKey[16]; X1 ^= wKey[17]; X2 ^= wKey[18]; X3 ^= wKey[19];
-        inverseLT(); ib3(X0, X1, X2, X3);
-        X0 ^= wKey[12]; X1 ^= wKey[13]; X2 ^= wKey[14]; X3 ^= wKey[15];
-        inverseLT(); ib2(X0, X1, X2, X3);
-        X0 ^= wKey[8]; X1 ^= wKey[9]; X2 ^= wKey[10]; X3 ^= wKey[11];
-        inverseLT(); ib1(X0, X1, X2, X3);
-        X0 ^= wKey[4]; X1 ^= wKey[5]; X2 ^= wKey[6]; X3 ^= wKey[7];
-        inverseLT(); ib0(X0, X1, X2, X3);
-
-        wordToBytes(X3 ^ wKey[3], out, outOff);
-        wordToBytes(X2 ^ wKey[2], out, outOff + 4);
-        wordToBytes(X1 ^ wKey[1], out, outOff + 8);
-        wordToBytes(X0 ^ wKey[0], out, outOff + 12);
-    }
-
-    /**
-     * The sboxes below are based on the work of Brian Gladman and
-     * Sam Simpson, whose original notice appears below.
-     * 

-     * For further details see:
-     *      http://fp.gladman.plus.com/cryptography_technology/serpent/
-     */
-
-    /* Partially optimised Serpent S Box boolean functions derived  */
-    /* using a recursive descent analyser but without a full search */
-    /* of all subtrees. This set of S boxes is the result of work    */
-    /* by Sam Simpson and Brian Gladman using the spare time on a    */
-    /* cluster of high capacity servers to search for S boxes with    */
-    /* this customised search engine. There are now an average of    */
-    /* 15.375 terms    per S box.                                        */
-    /*                                                              */
-    /* Copyright:   Dr B. R Gladman (gladman@seven77.demon.co.uk)   */
-    /*                and Sam Simpson (s.simpson@mia.co.uk)            */
-    /*              17th December 1998                                */
-    /*                                                              */
-    /* We hereby give permission for information in this file to be */
-    /* used freely subject only to acknowledgement of its origin.    */
-
-    /**
-     * S0 - { 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 } - 15 terms.
-     */
-    private void sb0(int a, int b, int c, int d)    
-    {
-        int    t1 = a ^ d;        
-        int    t3 = c ^ t1;    
-        int    t4 = b ^ t3;    
-        X3 = (a & d) ^ t4;    
-        int    t7 = a ^ (b & t1);    
-        X2 = t4 ^ (c | t7);    
-        int    t12 = X3 & (t3 ^ t7);    
-        X1 = (~t3) ^ t12;    
-        X0 = t12 ^ (~t7);
-    }
-
-    /**
-     * InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms.
-     */
-    private void ib0(int a, int b, int c, int d)    
-    {
-        int    t1 = ~a;        
-        int    t2 = a ^ b;        
-        int    t4 = d ^ (t1 | t2);    
-        int    t5 = c ^ t4;    
-        X2 = t2 ^ t5;    
-        int    t8 = t1 ^ (d & t2);    
-        X1 = t4 ^ (X2 & t8);    
-        X3 = (a & t4) ^ (t5 | X1);    
-        X0 = X3 ^ (t5 ^ t8);
-    }
-
-    /**
-     * S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms.
-     */
-    private void sb1(int a, int b, int c, int d)    
-    {
-        int    t2 = b ^ (~a);    
-        int    t5 = c ^ (a | t2);    
-        X2 = d ^ t5;        
-        int    t7 = b ^ (d | t2);    
-        int    t8 = t2 ^ X2;    
-        X3 = t8 ^ (t5 & t7);    
-        int    t11 = t5 ^ t7;    
-        X1 = X3 ^ t11;    
-        X0 = t5 ^ (t8 & t11);
-    }
-
-    /**
-     * InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps.
-     */
-    private void ib1(int a, int b, int c, int d)    
-    {
-        int    t1 = b ^ d;        
-        int    t3 = a ^ (b & t1);    
-        int    t4 = t1 ^ t3;    
-        X3 = c ^ t4;        
-        int    t7 = b ^ (t1 & t3);    
-        int    t8 = X3 | t7;    
-        X1 = t3 ^ t8;    
-        int    t10 = ~X1;        
-        int    t11 = X3 ^ t7;    
-        X0 = t10 ^ t11;    
-        X2 = t4 ^ (t10 | t11);
-    }
-
-    /**
-     * S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms.
-     */
-    private void sb2(int a, int b, int c, int d)    
-    {
-        int    t1 = ~a;        
-        int    t2 = b ^ d;
-        int    t3 = c & t1;
-        X0 = t2 ^ t3;
-        int    t5 = c ^ t1;
-        int    t6 = c ^ X0;
-        int    t7 = b & t6;
-        X3 = t5 ^ t7;
-        X2 = a ^ ((d | t7) & (X0 | t5));
-        X1 = (t2 ^ X3) ^ (X2 ^ (d | t1));
-    }
-
-    /**
-     * InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps.
-     */
-    private void ib2(int a, int b, int c, int d)    
-    {
-        int    t1 = b ^ d;        
-        int    t2 = ~t1;        
-        int    t3 = a ^ c;
-        int    t4 = c ^ t1;
-        int    t5 = b & t4;
-        X0 = t3 ^ t5;
-        int    t7 = a | t2;
-        int    t8 = d ^ t7;
-        int    t9 = t3 | t8;
-        X3 = t1 ^ t9;
-        int    t11 = ~t4;        
-        int    t12 = X0 | X3;
-        X1 = t11 ^ t12;
-        X2 = (d & t11) ^ (t3 ^ t12);
-    }
-
-    /**
-     * S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms.
-     */
-    private void sb3(int a, int b, int c, int d)    
-    {
-        int    t1 = a ^ b;        
-        int    t2 = a & c;        
-        int    t3 = a | d;        
-        int    t4 = c ^ d;        
-        int    t5 = t1 & t3;    
-        int    t6 = t2 | t5;    
-        X2 = t4 ^ t6;    
-        int    t8 = b ^ t3;    
-        int    t9 = t6 ^ t8;    
-        int    t10 = t4 & t9;    
-        X0 = t1 ^ t10;    
-        int    t12 = X2 & X0;    
-        X1 = t9 ^ t12;    
-        X3 = (b | d) ^ (t4 ^ t12);
-    }
-
-    /**
-     * InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms
-     */
-    private void ib3(int a, int b, int c, int d)    
-    {
-        int    t1 = a | b;        
-        int    t2 = b ^ c;        
-        int    t3 = b & t2;    
-        int    t4 = a ^ t3;    
-        int    t5 = c ^ t4;    
-        int    t6 = d | t4;    
-        X0 = t2 ^ t6;    
-        int    t8 = t2 | t6;    
-        int    t9 = d ^ t8;    
-        X2 = t5 ^ t9;    
-        int    t11 = t1 ^ t9;    
-        int    t12 = X0 & t11;    
-        X3 = t4 ^ t12;    
-        X1 = X3 ^ (X0 ^ t11);
-    }
-
-    /**
-     * S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms.
-     */
-    private void sb4(int a, int b, int c, int d)    
-    {
-        int    t1 = a ^ d;        
-        int    t2 = d & t1;    
-        int    t3 = c ^ t2;    
-        int    t4 = b | t3;    
-        X3 = t1 ^ t4;    
-        int    t6 = ~b;        
-        int    t7 = t1 | t6;    
-        X0 = t3 ^ t7;    
-        int    t9 = a & X0;        
-        int    t10 = t1 ^ t6;    
-        int    t11 = t4 & t10;    
-        X2 = t9 ^ t11;    
-        X1 = (a ^ t3) ^ (t10 & X2);
-    }
-
-    /**
-     * InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms.
-     */
-    private void ib4(int a, int b, int c, int d)    
-    {
-        int    t1 = c | d;        
-        int    t2 = a & t1;    
-        int    t3 = b ^ t2;    
-        int    t4 = a & t3;    
-        int    t5 = c ^ t4;    
-        X1 = d ^ t5;        
-        int    t7 = ~a;        
-        int    t8 = t5 & X1;    
-        X3 = t3 ^ t8;    
-        int    t10 = X1 | t7;    
-        int    t11 = d ^ t10;    
-        X0 = X3 ^ t11;    
-        X2 = (t3 & t11) ^ (X1 ^ t7);
-    }
-
-    /**
-     * S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms.
-     */
-    private void sb5(int a, int b, int c, int d)    
-    {
-        int    t1 = ~a;        
-        int    t2 = a ^ b;        
-        int    t3 = a ^ d;        
-        int    t4 = c ^ t1;    
-        int    t5 = t2 | t3;    
-        X0 = t4 ^ t5;    
-        int    t7 = d & X0;        
-        int    t8 = t2 ^ X0;    
-        X1 = t7 ^ t8;    
-        int    t10 = t1 | X0;    
-        int    t11 = t2 | t7;    
-        int    t12 = t3 ^ t10;    
-        X2 = t11 ^ t12;    
-        X3 = (b ^ t7) ^ (X1 & t12);
-    }
-
-    /**
-     * InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms.
-     */
-    private void ib5(int a, int b, int c, int d)    
-    {
-        int    t1 = ~c;
-        int    t2 = b & t1;
-        int    t3 = d ^ t2;
-        int    t4 = a & t3;
-        int    t5 = b ^ t1;
-        X3 = t4 ^ t5;
-        int    t7 = b | X3;
-        int    t8 = a & t7;
-        X1 = t3 ^ t8;
-        int    t10 = a | d;
-        int    t11 = t1 ^ t7;
-        X0 = t10 ^ t11;
-        X2 = (b & t10) ^ (t4 | (a ^ c));
-    }
-
-    /**
-     * S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms.
-     */
-    private void sb6(int a, int b, int c, int d)    
-    {
-        int    t1 = ~a;        
-        int    t2 = a ^ d;        
-        int    t3 = b ^ t2;    
-        int    t4 = t1 | t2;    
-        int    t5 = c ^ t4;    
-        X1 = b ^ t5;        
-        int    t7 = t2 | X1;    
-        int    t8 = d ^ t7;    
-        int    t9 = t5 & t8;    
-        X2 = t3 ^ t9;    
-        int    t11 = t5 ^ t8;    
-        X0 = X2 ^ t11;    
-        X3 = (~t5) ^ (t3 & t11);
-    }
-
-    /**
-     * InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms.
-     */
-    private void ib6(int a, int b, int c, int d)    
-    {
-        int    t1 = ~a;        
-        int    t2 = a ^ b;        
-        int    t3 = c ^ t2;    
-        int    t4 = c | t1;    
-        int    t5 = d ^ t4;    
-        X1 = t3 ^ t5;    
-        int    t7 = t3 & t5;    
-        int    t8 = t2 ^ t7;    
-        int    t9 = b | t8;    
-        X3 = t5 ^ t9;    
-        int    t11 = b | X3;    
-        X0 = t8 ^ t11;    
-        X2 = (d & t1) ^ (t3 ^ t11);
-    }
-
-    /**
-     * S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms.
-     */
-    private void sb7(int a, int b, int c, int d)    
-    {
-        int    t1 = b ^ c;        
-        int    t2 = c & t1;    
-        int    t3 = d ^ t2;    
-        int    t4 = a ^ t3;    
-        int    t5 = d | t1;    
-        int    t6 = t4 & t5;    
-        X1 = b ^ t6;        
-        int    t8 = t3 | X1;    
-        int    t9 = a & t4;    
-        X3 = t1 ^ t9;    
-        int    t11 = t4 ^ t8;    
-        int    t12 = X3 & t11;    
-        X2 = t3 ^ t12;    
-        X0 = (~t11) ^ (X3 & X2);
-    }
-
-    /**
-     * InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms.
-     */
-    private void ib7(int a, int b, int c, int d)    
-    {
-        int t3 = c | (a & b);
-        int    t4 = d & (a | b);
-        X3 = t3 ^ t4;
-        int    t6 = ~d;
-        int    t7 = b ^ t4;
-        int    t9 = t7 | (X3 ^ t6);
-        X1 = a ^ t9;
-        X0 = (c ^ t7) ^ (d | X1);
-        X2 = (t3 ^ X1) ^ (X0 ^ (a & X3));
-    }
-
-    /**
-     * Apply the linear transformation to the register set.
-     */
-    private void LT()
-    {
-        int x0  = rotateLeft(X0, 13);
-        int x2  = rotateLeft(X2, 3);
-        int x1  = X1 ^ x0 ^ x2 ;
-        int x3  = X3 ^ x2 ^ x0 << 3;
-
-        X1  = rotateLeft(x1, 1);
-        X3  = rotateLeft(x3, 7);
-        X0  = rotateLeft(x0 ^ X1 ^ X3, 5);
-        X2  = rotateLeft(x2 ^ X3 ^ (X1 << 7), 22);
-    }
-
-    /**
-     * Apply the inverse of the linear transformation to the register set.
-     */
-    private void inverseLT()
-    {
-        int x2 = rotateRight(X2, 22) ^ X3 ^ (X1 << 7);
-        int x0 = rotateRight(X0, 5) ^ X1 ^ X3;
-        int x3 = rotateRight(X3, 7);
-        int x1 = rotateRight(X1, 1);
-        X3 = x3 ^ x2 ^ x0 << 3;
-        X1 = x1 ^ x0 ^ x2;
-        X2 = rotateRight(x2, 3);
-        X0 = rotateRight(x0, 13);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SkipjackEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SkipjackEngine.java
deleted file mode 100644
index 7517b43ad..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/SkipjackEngine.java
+++ /dev/null
@@ -1,259 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * a class that provides a basic SKIPJACK engine.
- */
-public class SkipjackEngine
-    implements BlockCipher
-{
-    static final int BLOCK_SIZE = 8;
-
-    static short ftable[] =
-    { 
-        0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4, 0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9, 
-        0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e, 0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28, 
-        0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68, 0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53, 
-        0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19, 0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2, 
-        0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b, 0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8, 
-        0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0, 0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90, 
-        0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69, 0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76, 
-        0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20, 0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d, 
-        0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43, 0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18, 
-        0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa, 0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4, 
-        0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87, 0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40, 
-        0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b, 0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5, 
-        0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0, 0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2, 
-        0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1, 0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8, 
-        0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5, 0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac, 
-        0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3, 0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
-    };
-
-    private int[]       key0, key1, key2, key3;
-    private boolean     encrypting;
-
-    /**
-     * initialise a SKIPJACK cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean           encrypting,
-        CipherParameters  params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-        throw new IllegalArgumentException("invalid parameter passed to SKIPJACK init - " + params.getClass().getName());
-        }
-
-        byte[] keyBytes = ((KeyParameter)params).getKey();
-
-        this.encrypting = encrypting;
-        this.key0 = new int[32];
-        this.key1 = new int[32];
-        this.key2 = new int[32];
-        this.key3 = new int[32];
-
-        //
-        // expand the key to 128 bytes in 4 parts (saving us a modulo, multiply
-        // and an addition).
-        //
-        for (int i = 0; i < 32; i ++)
-        {
-            key0[i] = keyBytes[(i * 4) % 10] & 0xff;
-            key1[i] = keyBytes[(i * 4 + 1) % 10] & 0xff;
-            key2[i] = keyBytes[(i * 4 + 2) % 10] & 0xff;
-            key3[i] = keyBytes[(i * 4 + 3) % 10] & 0xff;
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return "SKIPJACK";
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (key1 == null)
-        {
-            throw new IllegalStateException("SKIPJACK engine not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (encrypting)
-        {
-            encryptBlock(in, inOff, out, outOff);
-        }
-        else
-        {
-            decryptBlock(in, inOff, out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * The G permutation
-     */
-    private int g(
-        int     k,
-        int     w)
-    {
-        int g1, g2, g3, g4, g5, g6;
-
-        g1 = (w >> 8) & 0xff;
-        g2 = w & 0xff;
-
-        g3 = ftable[g2 ^ key0[k]] ^ g1;
-        g4 = ftable[g3 ^ key1[k]] ^ g2;
-        g5 = ftable[g4 ^ key2[k]] ^ g3;
-        g6 = ftable[g5 ^ key3[k]] ^ g4;
-
-        return ((g5 << 8) + g6);
-    }
-
-    public int encryptBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-    {
-        int w1 = (in[inOff + 0] << 8) + (in[inOff + 1] & 0xff);
-        int w2 = (in[inOff + 2] << 8) + (in[inOff + 3] & 0xff);
-        int w3 = (in[inOff + 4] << 8) + (in[inOff + 5] & 0xff);
-        int w4 = (in[inOff + 6] << 8) + (in[inOff + 7] & 0xff);
-
-        int k = 0;
-
-        for (int t = 0; t < 2; t++)
-        {
-            for(int i = 0; i < 8; i++)
-            {
-                int tmp = w4;
-                w4 = w3;
-                w3 = w2;
-                w2 = g(k, w1);
-                w1 = w2 ^ tmp ^ (k + 1);
-                k++;
-            }
-
-            for(int i = 0; i < 8; i++)
-            {
-                int tmp = w4;
-                w4 = w3;
-                w3 = w1 ^ w2 ^ (k + 1);
-                w2 = g(k, w1);
-                w1 = tmp;
-                k++;
-            }
-        }
-
-        out[outOff + 0] = (byte)((w1 >> 8));
-        out[outOff + 1] = (byte)(w1);
-        out[outOff + 2] = (byte)((w2 >> 8));
-        out[outOff + 3] = (byte)(w2);
-        out[outOff + 4] = (byte)((w3 >> 8));
-        out[outOff + 5] = (byte)(w3);
-        out[outOff + 6] = (byte)((w4 >> 8));
-        out[outOff + 7] = (byte)(w4);
-
-        return BLOCK_SIZE;
-    }
-
-    /**
-     * the inverse of the G permutation.
-     */
-    private int h(
-        int     k,
-        int     w)
-    {
-        int h1, h2, h3, h4, h5, h6;
-
-        h1 = w & 0xff;
-        h2 = (w >> 8) & 0xff;
-
-        h3 = ftable[h2 ^ key3[k]] ^ h1;
-        h4 = ftable[h3 ^ key2[k]] ^ h2;
-        h5 = ftable[h4 ^ key1[k]] ^ h3;
-        h6 = ftable[h5 ^ key0[k]] ^ h4;
-
-        return ((h6 << 8) + h5);
-    }
-
-    public int decryptBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-    {
-        int w2 = (in[inOff + 0] << 8) + (in[inOff + 1] & 0xff);
-        int w1 = (in[inOff + 2] << 8) + (in[inOff + 3] & 0xff);
-        int w4 = (in[inOff + 4] << 8) + (in[inOff + 5] & 0xff);
-        int w3 = (in[inOff + 6] << 8) + (in[inOff + 7] & 0xff);
-
-        int k = 31;
-
-        for (int t = 0; t < 2; t++)
-        {
-            for(int i = 0; i < 8; i++)
-            {
-                int tmp = w4;
-                w4 = w3;
-                w3 = w2;
-                w2 = h(k, w1);
-                w1 = w2 ^ tmp ^ (k + 1);
-                k--;
-            }
-
-            for(int i = 0; i < 8; i++)
-            {
-                int tmp = w4;
-                w4 = w3;
-                w3 = w1 ^ w2 ^ (k + 1);
-                w2 = h(k, w1);
-                w1 = tmp;
-                k--;
-            }
-        }
-
-        out[outOff + 0] = (byte)((w2 >> 8));
-        out[outOff + 1] = (byte)(w2);
-        out[outOff + 2] = (byte)((w1 >> 8));
-        out[outOff + 3] = (byte)(w1);
-        out[outOff + 4] = (byte)((w4 >> 8));
-        out[outOff + 5] = (byte)(w4);
-        out[outOff + 6] = (byte)((w3 >> 8));
-        out[outOff + 7] = (byte)(w3);
-
-        return BLOCK_SIZE;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TEAEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TEAEngine.java
deleted file mode 100644
index c680ed6b8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TEAEngine.java
+++ /dev/null
@@ -1,178 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * An TEA engine.
- */
-public class TEAEngine
-    implements BlockCipher
-{
-    private static final int rounds     = 32,
-                             block_size = 8,
-//                             key_size   = 16,
-                             delta      = 0x9E3779B9,
-                             d_sum      = 0xC6EF3720; // sum on decrypt
-    /*
-     * the expanded key array of 4 subkeys
-     */
-    private int _a, _b, _c, _d;
-    private boolean _initialised;
-    private boolean _forEncryption;
-
-    /**
-     * Create an instance of the TEA encryption algorithm
-     * and set some defaults
-     */
-    public TEAEngine()
-    {
-        _initialised = false;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "TEA";
-    }
-
-    public int getBlockSize()
-    {
-        return block_size;
-    }
-
-    /**
-     * initialise
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to TEA init - " + params.getClass().getName());
-        }
-
-        _forEncryption = forEncryption;
-        _initialised = true;
-
-        KeyParameter       p = (KeyParameter)params;
-
-        setKey(p.getKey());
-    }
-
-    public int processBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        if (!_initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()+" not initialised");
-        }
-        
-        if ((inOff + block_size) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-        
-        if ((outOff + block_size) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        return (_forEncryption) ? encryptBlock(in, inOff, out, outOff)
-                                    : decryptBlock(in, inOff, out, outOff);
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * Re-key the cipher.
-     * 

-     * @param  key  the key to be used
-     */
-    private void setKey(
-        byte[]      key)
-    {
-        _a = bytesToInt(key, 0);
-        _b = bytesToInt(key, 4);
-        _c = bytesToInt(key, 8);
-        _d = bytesToInt(key, 12);
-    }
-
-    private int encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        // Pack bytes into integers
-        int v0 = bytesToInt(in, inOff);
-        int v1 = bytesToInt(in, inOff + 4);
-        
-        int sum = 0;
-        
-        for (int i = 0; i != rounds; i++)
-        {
-            sum += delta;
-            v0  += ((v1 << 4) + _a) ^ (v1 + sum) ^ ((v1 >>> 5) + _b);
-            v1  += ((v0 << 4) + _c) ^ (v0 + sum) ^ ((v0 >>> 5) + _d);
-        }
-
-        unpackInt(v0, out, outOff);
-        unpackInt(v1, out, outOff + 4);
-        
-        return block_size;
-    }
-
-    private int decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        // Pack bytes into integers
-        int v0 = bytesToInt(in, inOff);
-        int v1 = bytesToInt(in, inOff + 4);
-        
-        int sum = d_sum;
-        
-        for (int i = 0; i != rounds; i++)
-        {
-            v1  -= ((v0 << 4) + _c) ^ (v0 + sum) ^ ((v0 >>> 5) + _d);
-            v0  -= ((v1 << 4) + _a) ^ (v1 + sum) ^ ((v1 >>> 5) + _b);
-            sum -= delta;
-        }
-        
-        unpackInt(v0, out, outOff);
-        unpackInt(v1, out, outOff + 4);
-        
-        return block_size;
-    }
-
-    private int bytesToInt(byte[] in, int inOff)
-    {
-        return ((in[inOff++]) << 24) |
-                 ((in[inOff++] & 255) << 16) |
-                 ((in[inOff++] & 255) <<  8) |
-                 ((in[inOff] & 255));
-    }
-
-    private void unpackInt(int v, byte[] out, int outOff)
-    {
-        out[outOff++] = (byte)(v >>> 24);
-        out[outOff++] = (byte)(v >>> 16);
-        out[outOff++] = (byte)(v >>>  8);
-        out[outOff  ] = (byte)v;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java
deleted file mode 100644
index adb908ebc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java
+++ /dev/null
@@ -1,677 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * A class that provides Twofish encryption operations.
- *
- * This Java implementation is based on the Java reference
- * implementation provided by Bruce Schneier and developed
- * by Raif S. Naffah.
- */
-public final class TwofishEngine
-    implements BlockCipher
-{
-    private static final byte[][] P =  {
-    {  // p0
-        (byte) 0xA9, (byte) 0x67, (byte) 0xB3, (byte) 0xE8,
-        (byte) 0x04, (byte) 0xFD, (byte) 0xA3, (byte) 0x76,
-        (byte) 0x9A, (byte) 0x92, (byte) 0x80, (byte) 0x78,
-        (byte) 0xE4, (byte) 0xDD, (byte) 0xD1, (byte) 0x38,
-        (byte) 0x0D, (byte) 0xC6, (byte) 0x35, (byte) 0x98,
-        (byte) 0x18, (byte) 0xF7, (byte) 0xEC, (byte) 0x6C,
-        (byte) 0x43, (byte) 0x75, (byte) 0x37, (byte) 0x26,
-        (byte) 0xFA, (byte) 0x13, (byte) 0x94, (byte) 0x48,
-        (byte) 0xF2, (byte) 0xD0, (byte) 0x8B, (byte) 0x30,
-        (byte) 0x84, (byte) 0x54, (byte) 0xDF, (byte) 0x23,
-        (byte) 0x19, (byte) 0x5B, (byte) 0x3D, (byte) 0x59,
-        (byte) 0xF3, (byte) 0xAE, (byte) 0xA2, (byte) 0x82,
-        (byte) 0x63, (byte) 0x01, (byte) 0x83, (byte) 0x2E,
-        (byte) 0xD9, (byte) 0x51, (byte) 0x9B, (byte) 0x7C,
-        (byte) 0xA6, (byte) 0xEB, (byte) 0xA5, (byte) 0xBE,
-        (byte) 0x16, (byte) 0x0C, (byte) 0xE3, (byte) 0x61,
-        (byte) 0xC0, (byte) 0x8C, (byte) 0x3A, (byte) 0xF5,
-        (byte) 0x73, (byte) 0x2C, (byte) 0x25, (byte) 0x0B,
-        (byte) 0xBB, (byte) 0x4E, (byte) 0x89, (byte) 0x6B,
-        (byte) 0x53, (byte) 0x6A, (byte) 0xB4, (byte) 0xF1,
-        (byte) 0xE1, (byte) 0xE6, (byte) 0xBD, (byte) 0x45,
-        (byte) 0xE2, (byte) 0xF4, (byte) 0xB6, (byte) 0x66,
-        (byte) 0xCC, (byte) 0x95, (byte) 0x03, (byte) 0x56,
-        (byte) 0xD4, (byte) 0x1C, (byte) 0x1E, (byte) 0xD7,
-        (byte) 0xFB, (byte) 0xC3, (byte) 0x8E, (byte) 0xB5,
-        (byte) 0xE9, (byte) 0xCF, (byte) 0xBF, (byte) 0xBA,
-        (byte) 0xEA, (byte) 0x77, (byte) 0x39, (byte) 0xAF,
-        (byte) 0x33, (byte) 0xC9, (byte) 0x62, (byte) 0x71,
-        (byte) 0x81, (byte) 0x79, (byte) 0x09, (byte) 0xAD,
-        (byte) 0x24, (byte) 0xCD, (byte) 0xF9, (byte) 0xD8,
-        (byte) 0xE5, (byte) 0xC5, (byte) 0xB9, (byte) 0x4D,
-        (byte) 0x44, (byte) 0x08, (byte) 0x86, (byte) 0xE7,
-        (byte) 0xA1, (byte) 0x1D, (byte) 0xAA, (byte) 0xED,
-        (byte) 0x06, (byte) 0x70, (byte) 0xB2, (byte) 0xD2,
-        (byte) 0x41, (byte) 0x7B, (byte) 0xA0, (byte) 0x11,
-        (byte) 0x31, (byte) 0xC2, (byte) 0x27, (byte) 0x90,
-        (byte) 0x20, (byte) 0xF6, (byte) 0x60, (byte) 0xFF,
-        (byte) 0x96, (byte) 0x5C, (byte) 0xB1, (byte) 0xAB,
-        (byte) 0x9E, (byte) 0x9C, (byte) 0x52, (byte) 0x1B,
-        (byte) 0x5F, (byte) 0x93, (byte) 0x0A, (byte) 0xEF,
-        (byte) 0x91, (byte) 0x85, (byte) 0x49, (byte) 0xEE,
-        (byte) 0x2D, (byte) 0x4F, (byte) 0x8F, (byte) 0x3B,
-        (byte) 0x47, (byte) 0x87, (byte) 0x6D, (byte) 0x46,
-        (byte) 0xD6, (byte) 0x3E, (byte) 0x69, (byte) 0x64,
-        (byte) 0x2A, (byte) 0xCE, (byte) 0xCB, (byte) 0x2F,
-        (byte) 0xFC, (byte) 0x97, (byte) 0x05, (byte) 0x7A,
-        (byte) 0xAC, (byte) 0x7F, (byte) 0xD5, (byte) 0x1A,
-        (byte) 0x4B, (byte) 0x0E, (byte) 0xA7, (byte) 0x5A,
-        (byte) 0x28, (byte) 0x14, (byte) 0x3F, (byte) 0x29,
-        (byte) 0x88, (byte) 0x3C, (byte) 0x4C, (byte) 0x02,
-        (byte) 0xB8, (byte) 0xDA, (byte) 0xB0, (byte) 0x17,
-        (byte) 0x55, (byte) 0x1F, (byte) 0x8A, (byte) 0x7D,
-        (byte) 0x57, (byte) 0xC7, (byte) 0x8D, (byte) 0x74,
-        (byte) 0xB7, (byte) 0xC4, (byte) 0x9F, (byte) 0x72,
-        (byte) 0x7E, (byte) 0x15, (byte) 0x22, (byte) 0x12,
-        (byte) 0x58, (byte) 0x07, (byte) 0x99, (byte) 0x34,
-        (byte) 0x6E, (byte) 0x50, (byte) 0xDE, (byte) 0x68,
-        (byte) 0x65, (byte) 0xBC, (byte) 0xDB, (byte) 0xF8,
-        (byte) 0xC8, (byte) 0xA8, (byte) 0x2B, (byte) 0x40,
-        (byte) 0xDC, (byte) 0xFE, (byte) 0x32, (byte) 0xA4,
-        (byte) 0xCA, (byte) 0x10, (byte) 0x21, (byte) 0xF0,
-        (byte) 0xD3, (byte) 0x5D, (byte) 0x0F, (byte) 0x00,
-        (byte) 0x6F, (byte) 0x9D, (byte) 0x36, (byte) 0x42,
-        (byte) 0x4A, (byte) 0x5E, (byte) 0xC1, (byte) 0xE0 },
-    {  // p1
-        (byte) 0x75, (byte) 0xF3, (byte) 0xC6, (byte) 0xF4,
-        (byte) 0xDB, (byte) 0x7B, (byte) 0xFB, (byte) 0xC8,
-        (byte) 0x4A, (byte) 0xD3, (byte) 0xE6, (byte) 0x6B,
-        (byte) 0x45, (byte) 0x7D, (byte) 0xE8, (byte) 0x4B,
-        (byte) 0xD6, (byte) 0x32, (byte) 0xD8, (byte) 0xFD,
-        (byte) 0x37, (byte) 0x71, (byte) 0xF1, (byte) 0xE1,
-        (byte) 0x30, (byte) 0x0F, (byte) 0xF8, (byte) 0x1B,
-        (byte) 0x87, (byte) 0xFA, (byte) 0x06, (byte) 0x3F,
-        (byte) 0x5E, (byte) 0xBA, (byte) 0xAE, (byte) 0x5B,
-        (byte) 0x8A, (byte) 0x00, (byte) 0xBC, (byte) 0x9D,
-        (byte) 0x6D, (byte) 0xC1, (byte) 0xB1, (byte) 0x0E,
-        (byte) 0x80, (byte) 0x5D, (byte) 0xD2, (byte) 0xD5,
-        (byte) 0xA0, (byte) 0x84, (byte) 0x07, (byte) 0x14,
-        (byte) 0xB5, (byte) 0x90, (byte) 0x2C, (byte) 0xA3,
-        (byte) 0xB2, (byte) 0x73, (byte) 0x4C, (byte) 0x54,
-        (byte) 0x92, (byte) 0x74, (byte) 0x36, (byte) 0x51,
-        (byte) 0x38, (byte) 0xB0, (byte) 0xBD, (byte) 0x5A,
-        (byte) 0xFC, (byte) 0x60, (byte) 0x62, (byte) 0x96,
-        (byte) 0x6C, (byte) 0x42, (byte) 0xF7, (byte) 0x10,
-        (byte) 0x7C, (byte) 0x28, (byte) 0x27, (byte) 0x8C,
-        (byte) 0x13, (byte) 0x95, (byte) 0x9C, (byte) 0xC7,
-        (byte) 0x24, (byte) 0x46, (byte) 0x3B, (byte) 0x70,
-        (byte) 0xCA, (byte) 0xE3, (byte) 0x85, (byte) 0xCB,
-        (byte) 0x11, (byte) 0xD0, (byte) 0x93, (byte) 0xB8,
-        (byte) 0xA6, (byte) 0x83, (byte) 0x20, (byte) 0xFF,
-        (byte) 0x9F, (byte) 0x77, (byte) 0xC3, (byte) 0xCC,
-        (byte) 0x03, (byte) 0x6F, (byte) 0x08, (byte) 0xBF,
-        (byte) 0x40, (byte) 0xE7, (byte) 0x2B, (byte) 0xE2,
-        (byte) 0x79, (byte) 0x0C, (byte) 0xAA, (byte) 0x82,
-        (byte) 0x41, (byte) 0x3A, (byte) 0xEA, (byte) 0xB9,
-        (byte) 0xE4, (byte) 0x9A, (byte) 0xA4, (byte) 0x97,
-        (byte) 0x7E, (byte) 0xDA, (byte) 0x7A, (byte) 0x17,
-        (byte) 0x66, (byte) 0x94, (byte) 0xA1, (byte) 0x1D,
-        (byte) 0x3D, (byte) 0xF0, (byte) 0xDE, (byte) 0xB3,
-        (byte) 0x0B, (byte) 0x72, (byte) 0xA7, (byte) 0x1C,
-        (byte) 0xEF, (byte) 0xD1, (byte) 0x53, (byte) 0x3E,
-        (byte) 0x8F, (byte) 0x33, (byte) 0x26, (byte) 0x5F,
-        (byte) 0xEC, (byte) 0x76, (byte) 0x2A, (byte) 0x49,
-        (byte) 0x81, (byte) 0x88, (byte) 0xEE, (byte) 0x21,
-        (byte) 0xC4, (byte) 0x1A, (byte) 0xEB, (byte) 0xD9,
-        (byte) 0xC5, (byte) 0x39, (byte) 0x99, (byte) 0xCD,
-        (byte) 0xAD, (byte) 0x31, (byte) 0x8B, (byte) 0x01,
-        (byte) 0x18, (byte) 0x23, (byte) 0xDD, (byte) 0x1F,
-        (byte) 0x4E, (byte) 0x2D, (byte) 0xF9, (byte) 0x48,
-        (byte) 0x4F, (byte) 0xF2, (byte) 0x65, (byte) 0x8E,
-        (byte) 0x78, (byte) 0x5C, (byte) 0x58, (byte) 0x19,
-        (byte) 0x8D, (byte) 0xE5, (byte) 0x98, (byte) 0x57,
-        (byte) 0x67, (byte) 0x7F, (byte) 0x05, (byte) 0x64,
-        (byte) 0xAF, (byte) 0x63, (byte) 0xB6, (byte) 0xFE,
-        (byte) 0xF5, (byte) 0xB7, (byte) 0x3C, (byte) 0xA5,
-        (byte) 0xCE, (byte) 0xE9, (byte) 0x68, (byte) 0x44,
-        (byte) 0xE0, (byte) 0x4D, (byte) 0x43, (byte) 0x69,
-        (byte) 0x29, (byte) 0x2E, (byte) 0xAC, (byte) 0x15,
-        (byte) 0x59, (byte) 0xA8, (byte) 0x0A, (byte) 0x9E,
-        (byte) 0x6E, (byte) 0x47, (byte) 0xDF, (byte) 0x34,
-        (byte) 0x35, (byte) 0x6A, (byte) 0xCF, (byte) 0xDC,
-        (byte) 0x22, (byte) 0xC9, (byte) 0xC0, (byte) 0x9B,
-        (byte) 0x89, (byte) 0xD4, (byte) 0xED, (byte) 0xAB,
-        (byte) 0x12, (byte) 0xA2, (byte) 0x0D, (byte) 0x52,
-        (byte) 0xBB, (byte) 0x02, (byte) 0x2F, (byte) 0xA9,
-        (byte) 0xD7, (byte) 0x61, (byte) 0x1E, (byte) 0xB4,
-        (byte) 0x50, (byte) 0x04, (byte) 0xF6, (byte) 0xC2,
-        (byte) 0x16, (byte) 0x25, (byte) 0x86, (byte) 0x56,
-        (byte) 0x55, (byte) 0x09, (byte) 0xBE, (byte) 0x91  }
-    };
-
-    /**
-    * Define the fixed p0/p1 permutations used in keyed S-box lookup.
-    * By changing the following constant definitions, the S-boxes will
-    * automatically get changed in the Twofish engine.
-    */
-    private static final int P_00 = 1;
-    private static final int P_01 = 0;
-    private static final int P_02 = 0;
-    private static final int P_03 = P_01 ^ 1;
-    private static final int P_04 = 1;
-
-    private static final int P_10 = 0;
-    private static final int P_11 = 0;
-    private static final int P_12 = 1;
-    private static final int P_13 = P_11 ^ 1;
-    private static final int P_14 = 0;
-
-    private static final int P_20 = 1;
-    private static final int P_21 = 1;
-    private static final int P_22 = 0;
-    private static final int P_23 = P_21 ^ 1;
-    private static final int P_24 = 0;
-
-    private static final int P_30 = 0;
-    private static final int P_31 = 1;
-    private static final int P_32 = 1;
-    private static final int P_33 = P_31 ^ 1;
-    private static final int P_34 = 1;
-
-    /* Primitive polynomial for GF(256) */
-    private static final int GF256_FDBK =   0x169;
-    private static final int GF256_FDBK_2 = GF256_FDBK / 2;
-    private static final int GF256_FDBK_4 = GF256_FDBK / 4;
-
-    private static final int RS_GF_FDBK = 0x14D; // field generator
-
-    //====================================
-    // Useful constants
-    //====================================
-
-    private static final int    ROUNDS = 16;
-    private static final int    MAX_ROUNDS = 16;  // bytes = 128 bits
-    private static final int    BLOCK_SIZE = 16;  // bytes = 128 bits
-    private static final int    MAX_KEY_BITS = 256;
-
-    private static final int    INPUT_WHITEN=0;
-    private static final int    OUTPUT_WHITEN=INPUT_WHITEN+BLOCK_SIZE/4; // 4
-    private static final int    ROUND_SUBKEYS=OUTPUT_WHITEN+BLOCK_SIZE/4;// 8
-
-    private static final int    TOTAL_SUBKEYS=ROUND_SUBKEYS+2*MAX_ROUNDS;// 40
-
-    private static final int    SK_STEP = 0x02020202;
-    private static final int    SK_BUMP = 0x01010101;
-    private static final int    SK_ROTL = 9;
-
-    private boolean encrypting = false;
-
-    private int[] gMDS0 = new int[MAX_KEY_BITS];
-    private int[] gMDS1 = new int[MAX_KEY_BITS];
-    private int[] gMDS2 = new int[MAX_KEY_BITS];
-    private int[] gMDS3 = new int[MAX_KEY_BITS];
-
-    /**
-     * gSubKeys[] and gSBox[] are eventually used in the 
-     * encryption and decryption methods.
-     */
-    private int[] gSubKeys;
-    private int[] gSBox;
-
-    private int k64Cnt = 0;
-
-    private byte[] workingKey = null;
-
-    public TwofishEngine()
-    {
-        // calculate the MDS matrix
-        int[] m1 = new int[2];
-        int[] mX = new int[2];
-        int[] mY = new int[2];
-        int j;
-
-        for (int i=0; i< MAX_KEY_BITS ; i++)
-        {
-            j = P[0][i] & 0xff;
-            m1[0] = j;
-            mX[0] = Mx_X(j) & 0xff;
-            mY[0] = Mx_Y(j) & 0xff;
-
-            j = P[1][i] & 0xff;
-            m1[1] = j;
-            mX[1] = Mx_X(j) & 0xff;
-            mY[1] = Mx_Y(j) & 0xff;
-
-            gMDS0[i] = m1[P_00]       | mX[P_00] <<  8 |
-                         mY[P_00] << 16 | mY[P_00] << 24;
-
-            gMDS1[i] = mY[P_10]       | mY[P_10] <<  8 |
-                         mX[P_10] << 16 | m1[P_10] << 24;
-
-            gMDS2[i] = mX[P_20]       | mY[P_20] <<  8 |
-                         m1[P_20] << 16 | mY[P_20] << 24;
-
-            gMDS3[i] = mX[P_30]       | m1[P_30] <<  8 |
-                         mY[P_30] << 16 | mX[P_30] << 24;
-        }
-    }
-
-    /**
-     * initialise a Twofish cipher.
-     *
-     * @param encrypting whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting,
-        CipherParameters    params)
-    {
-        if (params instanceof KeyParameter)
-        {
-            this.encrypting = encrypting;
-            this.workingKey = ((KeyParameter)params).getKey();
-            this.k64Cnt = (this.workingKey.length / 8); // pre-padded ?
-            setKey(this.workingKey);
-
-            return;
-        }
-
-        throw new IllegalArgumentException("invalid parameter passed to Twofish init - " + params.getClass().getName());
-    }
-
-    public String getAlgorithmName()
-    {
-        return "Twofish";
-    }
-
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-    {
-        if (workingKey == null)
-        {
-            throw new IllegalStateException("Twofish not initialised");
-        }
-
-        if ((inOff + BLOCK_SIZE) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + BLOCK_SIZE) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (encrypting)
-        {
-            encryptBlock(in, inOff, out, outOff);
-        }
-        else
-        {    
-            decryptBlock(in, inOff, out, outOff);
-        }
-
-        return BLOCK_SIZE;
-    }
-
-    public void reset()
-    {
-        if (this.workingKey != null)
-        {
-            setKey(this.workingKey);
-        }
-    }
-
-    public int getBlockSize()
-    {
-        return BLOCK_SIZE;
-    }
-
-    //==================================
-    // Private Implementation
-    //==================================
-
-    private void setKey(byte[] key)
-    {
-        int[] k32e = new int[MAX_KEY_BITS/64]; // 4
-        int[] k32o = new int[MAX_KEY_BITS/64]; // 4 
-
-        int[] sBoxKeys = new int[MAX_KEY_BITS/64]; // 4 
-        gSubKeys = new int[TOTAL_SUBKEYS];
-
-        if (k64Cnt < 1) 
-        {
-            throw new IllegalArgumentException("Key size less than 64 bits");
-        }
-        
-        if (k64Cnt > 4)
-        {
-            throw new IllegalArgumentException("Key size larger than 256 bits");
-        }
-
-        /*
-         * k64Cnt is the number of 8 byte blocks (64 chunks)
-         * that are in the input key.  The input key is a
-         * maximum of 32 bytes (256 bits), so the range
-         * for k64Cnt is 1..4
-         */
-        for (int i=0; i>> 24;
-            A += B;
-            gSubKeys[i*2] = A;
-            A += B;
-            gSubKeys[i*2 + 1] = A << SK_ROTL | A >>> (32-SK_ROTL);
-        }
-
-        /*
-         * fully expand the table for speed
-         */
-        int k0 = sBoxKeys[0];
-        int k1 = sBoxKeys[1];
-        int k2 = sBoxKeys[2];
-        int k3 = sBoxKeys[3];
-        int b0, b1, b2, b3;
-        gSBox = new int[4*MAX_KEY_BITS];
-        for (int i=0; i>>1 | x2 << 31;
-            x3 = (x3 << 1 | x3 >>> 31) ^ (t0 + 2*t1 + gSubKeys[k++]);
-
-            t0 = Fe32_0(x2);
-            t1 = Fe32_3(x3);
-            x0 ^= t0 + t1 + gSubKeys[k++];
-            x0 = x0 >>>1 | x0 << 31;
-            x1 = (x1 << 1 | x1 >>> 31) ^ (t0 + 2*t1 + gSubKeys[k++]);
-        }
-
-        Bits32ToBytes(x2 ^ gSubKeys[OUTPUT_WHITEN], dst, dstIndex);
-        Bits32ToBytes(x3 ^ gSubKeys[OUTPUT_WHITEN + 1], dst, dstIndex + 4);
-        Bits32ToBytes(x0 ^ gSubKeys[OUTPUT_WHITEN + 2], dst, dstIndex + 8);
-        Bits32ToBytes(x1 ^ gSubKeys[OUTPUT_WHITEN + 3], dst, dstIndex + 12);
-    }
-
-    /**
-     * Decrypt the given input starting at the given offset and place
-     * the result in the provided buffer starting at the given offset.
-     * The input will be an exact multiple of our blocksize.
-     */
-    private void decryptBlock(
-        byte[] src, 
-        int srcIndex,
-        byte[] dst,
-        int dstIndex)
-    {
-        int x2 = BytesTo32Bits(src, srcIndex) ^ gSubKeys[OUTPUT_WHITEN];
-        int x3 = BytesTo32Bits(src, srcIndex+4) ^ gSubKeys[OUTPUT_WHITEN + 1];
-        int x0 = BytesTo32Bits(src, srcIndex+8) ^ gSubKeys[OUTPUT_WHITEN + 2];
-        int x1 = BytesTo32Bits(src, srcIndex+12) ^ gSubKeys[OUTPUT_WHITEN + 3];
-
-        int k = ROUND_SUBKEYS + 2 * ROUNDS -1 ;
-        int t0, t1;
-        for (int r = 0; r< ROUNDS ; r +=2)
-        {
-            t0 = Fe32_0(x2);
-            t1 = Fe32_3(x3);
-            x1 ^= t0 + 2*t1 + gSubKeys[k--];
-            x0 = (x0 << 1 | x0 >>> 31) ^ (t0 + t1 + gSubKeys[k--]);
-            x1 = x1 >>>1 | x1 << 31;
-
-            t0 = Fe32_0(x0);
-            t1 = Fe32_3(x1);
-            x3 ^= t0 + 2*t1 + gSubKeys[k--];
-            x2 = (x2 << 1 | x2 >>> 31) ^ (t0 + t1 + gSubKeys[k--]);
-            x3 = x3 >>>1 | x3 << 31;
-        }
-
-        Bits32ToBytes(x0 ^ gSubKeys[INPUT_WHITEN], dst, dstIndex);
-        Bits32ToBytes(x1 ^ gSubKeys[INPUT_WHITEN + 1], dst, dstIndex + 4);
-        Bits32ToBytes(x2 ^ gSubKeys[INPUT_WHITEN + 2], dst, dstIndex + 8);
-        Bits32ToBytes(x3 ^ gSubKeys[INPUT_WHITEN + 3], dst, dstIndex + 12);
-    }
-
-    /* 
-     * TODO:  This can be optimised and made cleaner by combining
-     * the functionality in this function and applying it appropriately
-     * to the creation of the subkeys during key setup.
-     */
-    private int F32(int x, int[] k32)
-    {
-        int b0 = b0(x);
-        int b1 = b1(x);
-        int b2 = b2(x);
-        int b3 = b3(x);
-        int k0 = k32[0];
-        int k1 = k32[1];
-        int k2 = k32[2];
-        int k3 = k32[3];
-
-        int result = 0;
-        switch (k64Cnt & 3)
-        {
-            case 1:
-                result = gMDS0[(P[P_01][b0] & 0xff) ^ b0(k0)] ^
-                         gMDS1[(P[P_11][b1] & 0xff) ^ b1(k0)] ^
-                         gMDS2[(P[P_21][b2] & 0xff) ^ b2(k0)] ^
-                         gMDS3[(P[P_31][b3] & 0xff) ^ b3(k0)];
-                break;
-            case 0: /* 256 bits of key */
-                b0 = (P[P_04][b0] & 0xff) ^ b0(k3);
-                b1 = (P[P_14][b1] & 0xff) ^ b1(k3);
-                b2 = (P[P_24][b2] & 0xff) ^ b2(k3);
-                b3 = (P[P_34][b3] & 0xff) ^ b3(k3);
-            case 3: 
-                b0 = (P[P_03][b0] & 0xff) ^ b0(k2);
-                b1 = (P[P_13][b1] & 0xff) ^ b1(k2);
-                b2 = (P[P_23][b2] & 0xff) ^ b2(k2);
-                b3 = (P[P_33][b3] & 0xff) ^ b3(k2);
-            case 2:
-                result = 
-                gMDS0[(P[P_01][(P[P_02][b0]&0xff)^b0(k1)]&0xff)^b0(k0)] ^ 
-                gMDS1[(P[P_11][(P[P_12][b1]&0xff)^b1(k1)]&0xff)^b1(k0)] ^
-                gMDS2[(P[P_21][(P[P_22][b2]&0xff)^b2(k1)]&0xff)^b2(k0)] ^
-                gMDS3[(P[P_31][(P[P_32][b3]&0xff)^b3(k1)]&0xff)^b3(k0)];
-            break;
-        }
-        return result;
-    }
-
-    /**
-     * Use (12, 8) Reed-Solomon code over GF(256) to produce
-     * a key S-box 32-bit entity from 2 key material 32-bit
-     * entities.
-     *
-     * @param    k0 first 32-bit entity
-     * @param    k1 second 32-bit entity
-     * @return     Remainder polynomial generated using RS code
-     */
-    private int RS_MDS_Encode(int k0, int k1)
-    {
-        int r = k1;
-        for (int i = 0 ; i < 4 ; i++) // shift 1 byte at a time
-        {
-            r = RS_rem(r);
-        }
-        r ^= k0;
-        for (int i=0 ; i < 4 ; i++)
-        {
-            r = RS_rem(r);
-        }
-
-        return r;
-    }
-
-    /**
-     * Reed-Solomon code parameters: (12,8) reversible code:

-     * 
-     * g(x) = x^4 + (a+1/a)x^3 + ax^2 + (a+1/a)x + 1
-     * 

-     * where a = primitive root of field generator 0x14D
-     */
-    private int RS_rem(int x)
-    {
-        int b = (x >>> 24) & 0xff;
-        int g2 = ((b << 1) ^ 
-                 ((b & 0x80) != 0 ? RS_GF_FDBK : 0)) & 0xff;
-        int g3 = ((b >>> 1) ^ 
-                 ((b & 0x01) != 0 ? (RS_GF_FDBK >>> 1) : 0)) ^ g2 ;
-        return ((x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b);
-    }
-        
-    private int LFSR1(int x)
-    {
-        return (x >> 1) ^ 
-                (((x & 0x01) != 0) ? GF256_FDBK_2 : 0);
-    }
-
-    private int LFSR2(int x)
-    {
-        return (x >> 2) ^
-                (((x & 0x02) != 0) ? GF256_FDBK_2 : 0) ^
-                (((x & 0x01) != 0) ? GF256_FDBK_4 : 0);
-    }
-
-    private int Mx_X(int x)
-    {
-        return x ^ LFSR2(x);
-    } // 5B
-
-    private int Mx_Y(int x)
-    {
-        return x ^ LFSR1(x) ^ LFSR2(x);
-    } // EF
-
-    private int b0(int x)
-    {
-        return x & 0xff;
-    }
-
-    private int b1(int x)
-    {
-        return (x >>> 8) & 0xff;
-    }
-
-    private int b2(int x)
-    {
-        return (x >>> 16) & 0xff;
-    }
-
-    private int b3(int x)
-    {
-        return (x >>> 24) & 0xff;
-    }
-
-    private int Fe32_0(int x)
-    {
-        return gSBox[ 0x000 + 2*(x & 0xff) ] ^
-               gSBox[ 0x001 + 2*((x >>> 8) & 0xff) ] ^
-               gSBox[ 0x200 + 2*((x >>> 16) & 0xff) ] ^
-               gSBox[ 0x201 + 2*((x >>> 24) & 0xff) ];
-    }
-    
-    private int Fe32_3(int x)
-    {
-        return gSBox[ 0x000 + 2*((x >>> 24) & 0xff) ] ^
-               gSBox[ 0x001 + 2*(x & 0xff) ] ^
-               gSBox[ 0x200 + 2*((x >>> 8) & 0xff) ] ^
-               gSBox[ 0x201 + 2*((x >>> 16) & 0xff) ];
-    }
-    
-    private int BytesTo32Bits(byte[] b, int p)
-    {
-        return ((b[p] & 0xff)) | 
-             ((b[p+1] & 0xff) << 8) |
-             ((b[p+2] & 0xff) << 16) |
-             ((b[p+3] & 0xff) << 24);
-    }
-
-    private void Bits32ToBytes(int in,  byte[] b, int offset)
-    {
-        b[offset] = (byte)in;
-        b[offset + 1] = (byte)(in >> 8);
-        b[offset + 2] = (byte)(in >> 16);
-        b[offset + 3] = (byte)(in >> 24);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java
deleted file mode 100644
index 4ab3186b0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public class VMPCEngine implements StreamCipher
-{
-    /*
-     * variables to hold the state of the VMPC engine during encryption and
-     * decryption
-     */
-    protected byte n = 0;
-    protected byte[] P = null;
-    protected byte s = 0;
-
-    protected byte[] workingIV;
-    protected byte[] workingKey;
-
-    public String getAlgorithmName()
-    {
-        return "VMPC";
-    }
-
-    /**
-     * initialise a VMPC cipher.
-     * 
-     * @param forEncryption
-     *    whether or not we are for encryption.
-     * @param params
-     *    the parameters required to set up the cipher.
-     * @exception IllegalArgumentException
-     *    if the params argument is inappropriate.
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-    {
-        if (!(params instanceof ParametersWithIV))
-        {
-            throw new IllegalArgumentException(
-                "VMPC init parameters must include an IV");
-        }
-
-        ParametersWithIV ivParams = (ParametersWithIV) params;
-        KeyParameter key = (KeyParameter) ivParams.getParameters();
-
-        if (!(ivParams.getParameters() instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException(
-                "VMPC init parameters must include a key");
-        }
-
-        this.workingIV = ivParams.getIV();
-
-        if (workingIV == null || workingIV.length < 1 || workingIV.length > 768)
-        {
-            throw new IllegalArgumentException("VMPC requires 1 to 768 bytes of IV");
-        }
-
-        this.workingKey = key.getKey();
-
-        initKey(this.workingKey, this.workingIV);
-    }
-
-    protected void initKey(byte[] keyBytes, byte[] ivBytes)
-    {
-        s = 0;
-        P = new byte[256];
-        for (int i = 0; i < 256; i++)
-        {
-            P[i] = (byte) i;
-        }
-
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + ivBytes[m % ivBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-        n = 0;
-    }
-
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
-        int outOff)
-    {
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + len) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            s = P[(s + P[n & 0xff]) & 0xff];
-            byte z = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
-            // encryption
-            byte temp = P[n & 0xff];
-            P[n & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-            n = (byte) ((n + 1) & 0xff);
-
-            // xor
-            out[i + outOff] = (byte) (in[i + inOff] ^ z);
-        }
-    }
-
-    public void reset()
-    {
-        initKey(this.workingKey, this.workingIV);
-    }
-
-    public byte returnByte(byte in)
-    {
-        s = P[(s + P[n & 0xff]) & 0xff];
-        byte z = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
-        // encryption
-        byte temp = P[n & 0xff];
-        P[n & 0xff] = P[s & 0xff];
-        P[s & 0xff] = temp;
-        n = (byte) ((n + 1) & 0xff);
-
-        // xor
-        return (byte) (in ^ z);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCKSA3Engine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCKSA3Engine.java
deleted file mode 100644
index 9e40272b9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/VMPCKSA3Engine.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-public class VMPCKSA3Engine extends VMPCEngine
-{
-    public String getAlgorithmName()
-    {
-        return "VMPC-KSA3";
-    }
-
-    protected void initKey(byte[] keyBytes, byte[] ivBytes)
-    {
-        s = 0;
-        P = new byte[256];
-        for (int i = 0; i < 256; i++)
-        {
-            P[i] = (byte) i;
-        }
-
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + ivBytes[m % ivBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-
-        n = 0;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/XTEAEngine.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/XTEAEngine.java
deleted file mode 100644
index 9eaf2855e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/XTEAEngine.java
+++ /dev/null
@@ -1,182 +0,0 @@
-package org.bouncycastle.crypto.engines;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * An XTEA engine.
- */
-public class XTEAEngine
-    implements BlockCipher
-{
-    private static final int rounds     = 32,
-                             block_size = 8,
-//                             key_size   = 16,
-                             delta      = 0x9E3779B9;
-
-    /*
-     * the expanded key array of 4 subkeys
-     */
-    private int[]   _S    = new int[4],
-                    _sum0 = new int[32],
-                    _sum1 = new int[32];
-    private boolean _initialised,
-                    _forEncryption;
-
-    /**
-     * Create an instance of the TEA encryption algorithm
-     * and set some defaults
-     */
-    public XTEAEngine()
-    {
-        _initialised = false;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "XTEA";
-    }
-
-    public int getBlockSize()
-    {
-        return block_size;
-    }
-
-    /**
-     * initialise
-     *
-     * @param forEncryption whether or not we are for encryption.
-     * @param params the parameters required to set up the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-    {
-        if (!(params instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException("invalid parameter passed to TEA init - " + params.getClass().getName());
-        }
-
-        _forEncryption = forEncryption;
-        _initialised = true;
-
-        KeyParameter       p = (KeyParameter)params;
-
-        setKey(p.getKey());
-    }
-
-    public int processBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        if (!_initialised)
-        {
-            throw new IllegalStateException(getAlgorithmName()+" not initialised");
-        }
-
-        if ((inOff + block_size) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + block_size) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        return (_forEncryption) ? encryptBlock(in, inOff, out, outOff)
-                                    : decryptBlock(in, inOff, out, outOff);
-    }
-
-    public void reset()
-    {
-    }
-
-    /**
-     * Re-key the cipher.
-     * 

-     * @param  key  the key to be used
-     */
-    private void setKey(
-        byte[]      key)
-    {
-        int i, j;
-        for (i = j = 0; i < 4; i++,j+=4)
-        {
-            _S[i] = bytesToInt(key, j);
-        }
-            
-        for (i = j = 0; i < rounds; i++)
-        {
-                _sum0[i] = (j + _S[j & 3]);
-                j += delta;
-                _sum1[i] = (j + _S[j >>> 11 & 3]);
-        }
-    }
-
-    private int encryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        // Pack bytes into integers
-        int v0 = bytesToInt(in, inOff);
-        int v1 = bytesToInt(in, inOff + 4);
-
-        for (int i = 0; i < rounds; i++)
-        {
-            v0    += ((v1 << 4 ^ v1 >>> 5) + v1) ^ _sum0[i];
-            v1    += ((v0 << 4 ^ v0 >>> 5) + v0) ^ _sum1[i];
-        }
-
-        unpackInt(v0, out, outOff);
-        unpackInt(v1, out, outOff + 4);
-
-        return block_size;
-    }
-
-    private int decryptBlock(
-        byte[]  in,
-        int     inOff,
-        byte[]  out,
-        int     outOff)
-    {
-        // Pack bytes into integers
-        int v0 = bytesToInt(in, inOff);
-        int v1 = bytesToInt(in, inOff + 4);
-
-        for (int i = rounds-1; i >= 0; i--)
-        {
-            v1  -= ((v0 << 4 ^ v0 >>> 5) + v0) ^ _sum1[i];
-            v0  -= ((v1 << 4 ^ v1 >>> 5) + v1) ^ _sum0[i];
-        }
-
-        unpackInt(v0, out, outOff);
-        unpackInt(v1, out, outOff + 4);
-
-        return block_size;
-    }
-
-    private int bytesToInt(byte[] in, int inOff)
-    {
-        return ((in[inOff++]) << 24) |
-                 ((in[inOff++] & 255) << 16) |
-                 ((in[inOff++] & 255) <<  8) |
-                 ((in[inOff] & 255));
-    }
-
-    private void unpackInt(int v, byte[] out, int outOff)
-    {
-        out[outOff++] = (byte)(v >>> 24);
-        out[outOff++] = (byte)(v >>> 16);
-        out[outOff++] = (byte)(v >>>  8);
-        out[outOff  ] = (byte)v;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/package.html
deleted file mode 100644
index e945dac00..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/engines/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Basic cipher classes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/DESExample.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
deleted file mode 100644
index 16989971d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
+++ /dev/null
@@ -1,419 +0,0 @@
-package org.bouncycastle.crypto.examples;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.BufferedReader;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
-import org.bouncycastle.crypto.params.DESedeParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.util.encoders.Hex;
-
-/**
- * DESExample is a simple DES based encryptor/decryptor.
- * 

- * The program is command line driven, with the input
- * and output files specified on the command line.
- * 
- * java org.bouncycastle.crypto.examples.DESExample infile outfile [keyfile]
- * 

- * A new key is generated for each encryption, if key is not specified,
- * then the example will assume encryption is required, and as output
- * create deskey.dat in the current directory.  This key is a hex
- * encoded byte-stream that is used for the decryption.  The output
- * file is Hex encoded, 60 characters wide text file.
- * 

- * When encrypting;
- * 
    
- *  
  • the infile is expected to be a byte stream (text or binary)
- *  
  • there is no keyfile specified on the input line
- * 

- * 

- * When decrypting;
- *  
  • the infile is expected to be the 60 character wide base64 
- *    encoded file
- *  
  • the keyfile is expected to be a base64 encoded file
- * 
    
- * This example shows how to use the light-weight API, DES and
- * the filesystem for message encryption and decryption.
- *
- */
-public class DESExample extends Object
-{
-    // Encrypting or decrypting ?
-    private boolean encrypt = true;
-
-    // To hold the initialised DESede cipher
-    private PaddedBufferedBlockCipher cipher = null;
-
-    // The input stream of bytes to be processed for encryption
-    private BufferedInputStream in = null;
-
-    // The output stream of bytes to be procssed
-    private BufferedOutputStream out = null;
-
-    // The key
-    private byte[] key = null;
-
-    /*
-     * start the application
-     */
-    public static void main(String[] args)
-    {
-        boolean encrypt = true;
-        String infile = null;
-        String outfile = null;
-        String keyfile = null;
-
-        if (args.length < 2)
-        {
-            DESExample de = new DESExample();
-            System.err.println("Usage: java "+de.getClass().getName()+
-                                " infile outfile [keyfile]");
-            System.exit(1);
-        }
-
-        keyfile = "deskey.dat";
-        infile = args[0];
-        outfile = args[1];
-
-        if (args.length > 2)
-        {
-            encrypt = false;
-            keyfile = args[2];
-        }
-
-        DESExample de = new DESExample(infile, outfile, keyfile, encrypt);
-        de.process();
-    }
-
-    // Default constructor, used for the usage message
-    public DESExample()
-    {
-    }
-
-    /*
-     * Constructor, that takes the arguments appropriate for
-     * processing the command line directives.
-     */
-    public DESExample(
-                String infile,
-                String outfile,
-                String keyfile,
-                boolean encrypt)
-    {
-        /* 
-         * First, determine that infile & keyfile exist as appropriate.
-         *
-         * This will also create the BufferedInputStream as required
-         * for reading the input file.  All input files are treated
-         * as if they are binary, even if they contain text, it's the
-         * bytes that are encrypted.
-         */
-        this.encrypt = encrypt;
-        try
-        {
-            in = new BufferedInputStream(new FileInputStream(infile));
-        }
-        catch (FileNotFoundException fnf)
-        {
-            System.err.println("Input file not found ["+infile+"]");
-            System.exit(1);
-        }
-
-        try
-        {
-            out = new BufferedOutputStream(new FileOutputStream(outfile));
-        }
-        catch (IOException fnf)
-        {
-            System.err.println("Output file not created ["+outfile+"]");
-            System.exit(1);
-        }
-
-        if (encrypt)
-        {
-            try
-            {
-                /*
-                 * The process of creating a new key requires a 
-                 * number of steps.
-                 *
-                 * First, create the parameters for the key generator
-                 * which are a secure random number generator, and
-                 * the length of the key (in bits).
-                 */
-                SecureRandom sr = null;
-                try
-                {
-                    sr = new SecureRandom();
-                    /*
-                     * This following call to setSeed() makes the
-                     * initialisation of the SecureRandom object
-                     * _very_ fast, but not secure AT ALL.  
-                     *
-                     * Remove the line, recreate the class file and 
-                     * then run DESExample again to see the difference.
-                     *
-                     * The initialisation of a SecureRandom object
-                     * can take 5 or more seconds depending on the
-                     * CPU that the program is running on.  That can
-                     * be annoying during unit testing.
-                     *     -- jon
-                     */
-                    sr.setSeed("www.bouncycastle.org".getBytes());
-                }
-                catch (Exception nsa)
-                {
-                    System.err.println("Hmmm, no SHA1PRNG, you need the "+
-                                        "Sun implementation");
-                    System.exit(1);
-                }
-                KeyGenerationParameters kgp = new KeyGenerationParameters(
-                                    sr, 
-                                    DESedeParameters.DES_EDE_KEY_LENGTH*8);
-
-                /*
-                 * Second, initialise the key generator with the parameters
-                 */
-                DESedeKeyGenerator kg = new DESedeKeyGenerator();
-                kg.init(kgp);
-
-                /*
-                 * Third, and finally, generate the key
-                 */
-                key = kg.generateKey();
-
-                /*
-                 * We can now output the key to the file, but first
-                 * hex encode the key so that we can have a look
-                 * at it with a text editor if we so desire
-                 */
-                BufferedOutputStream keystream = 
-                    new BufferedOutputStream(new FileOutputStream(keyfile));
-                byte[] keyhex = Hex.encode(key);
-                keystream.write(keyhex, 0, keyhex.length);
-                keystream.flush();
-                keystream.close();
-            }
-            catch (IOException createKey)
-            {
-                System.err.println("Could not decryption create key file "+
-                                    "["+keyfile+"]");
-                System.exit(1);
-            }
-        }
-        else
-        {
-            try
-            {
-                // read the key, and decode from hex encoding
-                BufferedInputStream keystream = 
-                    new BufferedInputStream(new FileInputStream(keyfile));
-                int len = keystream.available();
-                byte[] keyhex = new byte[len];
-                keystream.read(keyhex, 0, len);
-                key = Hex.decode(keyhex);
-            }
-            catch (IOException ioe)
-            {
-                System.err.println("Decryption key file not found, "+
-                                    "or not valid ["+keyfile+"]");
-                System.exit(1);
-            }
-        }
-    }
-
-    private void process()
-    {
-        /* 
-         * Setup the DESede cipher engine, create a PaddedBufferedBlockCipher
-         * in CBC mode.
-         */
-        cipher = new PaddedBufferedBlockCipher(
-                                    new CBCBlockCipher(new DESedeEngine()));
-
-        /*
-         * The input and output streams are currently set up
-         * appropriately, and the key bytes are ready to be
-         * used.
-         *
-         */
-
-        if (encrypt)
-        {
-            performEncrypt(key);
-        }
-        else
-        {
-            performDecrypt(key);
-        }
-
-        // after processing clean up the files
-        try
-        {
-            in.close();
-            out.flush();
-            out.close();
-        }
-        catch (IOException closing)
-        {
-
-        }
-    }
-        
-    /*
-     * This method performs all the encryption and writes
-     * the cipher text to the buffered output stream created
-     * previously.
-     */
-    private void performEncrypt(byte[] key)
-    {
-        // initialise the cipher with the key bytes, for encryption
-        cipher.init(true, new KeyParameter(key));
-
-        /*
-         * Create some temporary byte arrays for use in
-         * encryption, make them a reasonable size so that
-         * we don't spend forever reading small chunks from
-         * a file.
-         *
-         * There is no particular reason for using getBlockSize()
-         * to determine the size of the input chunk.  It just
-         * was a convenient number for the example.  
-         */
-        // int inBlockSize = cipher.getBlockSize() * 5;
-        int inBlockSize = 47;
-        int outBlockSize = cipher.getOutputSize(inBlockSize);
-
-        byte[] inblock = new byte[inBlockSize];
-        byte[] outblock = new byte[outBlockSize];
-
-        /* 
-         * now, read the file, and output the chunks
-         */
-        try
-        {
-            int inL;
-            int outL;
-            byte[] rv = null;
-            while ((inL=in.read(inblock, 0, inBlockSize)) > 0)
-            {
-                outL = cipher.processBytes(inblock, 0, inL, outblock, 0);
-                /*
-                 * Before we write anything out, we need to make sure
-                 * that we've got something to write out. 
-                 */
-                if (outL > 0)
-                {
-                    rv = Hex.encode(outblock, 0, outL);
-                    out.write(rv, 0, rv.length);
-                    out.write('\n');
-                }
-            }
-
-            try
-            {
-                /*
-                 * Now, process the bytes that are still buffered
-                 * within the cipher.
-                 */
-                outL = cipher.doFinal(outblock, 0);
-                if (outL > 0)
-                {
-                    rv = Hex.encode(outblock, 0, outL);
-                    out.write(rv, 0, rv.length);
-                    out.write('\n');
-                }
-            }
-            catch (CryptoException ce)
-            {
-
-            }
-        }
-        catch (IOException ioeread)
-        {
-            ioeread.printStackTrace();
-        }
-    }
-
-    /*
-     * This method performs all the decryption and writes
-     * the plain text to the buffered output stream created
-     * previously.
-     */
-    private void performDecrypt(byte[] key)
-    {    
-        // initialise the cipher for decryption
-        cipher.init(false, new KeyParameter(key));
-
-        /* 
-         * As the decryption is from our preformatted file,
-         * and we know that it's a hex encoded format, then
-         * we wrap the InputStream with a BufferedReader
-         * so that we can read it easily.
-         */
-        BufferedReader br = new BufferedReader(new InputStreamReader(in));
-
-        /* 
-         * now, read the file, and output the chunks
-         */
-        try
-        {
-            int outL;
-            byte[] inblock = null;
-            byte[] outblock = null;
-            String rv = null;
-            while ((rv = br.readLine()) != null)
-            {
-                inblock = Hex.decode(rv);
-                outblock = new byte[cipher.getOutputSize(inblock.length)];
-
-                outL = cipher.processBytes(inblock, 0, inblock.length, 
-                                            outblock, 0);
-                /*
-                 * Before we write anything out, we need to make sure
-                 * that we've got something to write out. 
-                 */
-                if (outL > 0)
-                {
-                    out.write(outblock, 0, outL);
-                }
-            }
-
-            try
-            {
-                /*
-                 * Now, process the bytes that are still buffered
-                 * within the cipher.
-                 */
-                outL = cipher.doFinal(outblock, 0);
-                if (outL > 0)
-                {
-                    out.write(outblock, 0, outL);
-                }
-            }
-            catch (CryptoException ce)
-            {
-
-            }
-        }
-        catch (IOException ioeread)
-        {
-            ioeread.printStackTrace();
-        }
-    }
-
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/package.html
deleted file mode 100644
index 390a54009..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/examples/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Simple examples of light weight API usage.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java
deleted file mode 100644
index 268ae9b11..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java
+++ /dev/null
@@ -1,142 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.DerivationParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.params.ISO18033KDFParameters;
-import org.bouncycastle.crypto.params.KDFParameters;
-
-/**
- * Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
- * 
    
- * This implementation is based on ISO 18033/P1363a.
- */
-public class BaseKDFBytesGenerator
-    implements DerivationFunction
-{
-    private int     counterStart;
-    private Digest  digest;
-    private byte[]  shared;
-    private byte[]  iv;
-
-    /**
-     * Construct a KDF Parameters generator.
-     * 
    
-     * @param counterStart value of counter.
-     * @param digest the digest to be used as the source of derived keys.
-     */
-    protected BaseKDFBytesGenerator(
-        int     counterStart,
-        Digest  digest)
-    {
-        this.counterStart = counterStart;
-        this.digest = digest;
-    }
-
-    public void init(
-        DerivationParameters    param)
-    {
-        if (param instanceof KDFParameters)
-        {
-            KDFParameters   p = (KDFParameters)param;
-
-            shared = p.getSharedSecret();
-            iv = p.getIV();
-        }
-        else if (param instanceof ISO18033KDFParameters)
-        {
-            ISO18033KDFParameters p = (ISO18033KDFParameters)param;
-            
-            shared = p.getSeed();
-            iv = null;
-        }
-        else
-        {
-            throw new IllegalArgumentException("KDF parameters required for KDF2Generator");
-        }
-    }
-
-    /**
-     * return the underlying digest.
-     */
-    public Digest getDigest()
-    {
-        return digest;
-    }
-
-    /**
-     * fill len bytes of the output buffer with bytes generated from
-     * the derivation function.
-     *
-     * @throws IllegalArgumentException if the size of the request will cause an overflow.
-     * @throws DataLengthException if the out buffer is too small.
-     */
-    public int generateBytes(
-        byte[]  out,
-        int     outOff,
-        int     len)
-        throws DataLengthException, IllegalArgumentException
-    {
-        if ((out.length - len) < outOff)
-        {
-            throw new DataLengthException("output buffer too small");
-        }
-
-        long    oBytes = len;
-        int     outLen = digest.getDigestSize(); 
-
-        //
-        // this is at odds with the standard implementation, the
-        // maximum value should be hBits * (2^32 - 1) where hBits
-        // is the digest output size in bits. We can't have an
-        // array with a long index at the moment...
-        //
-        if (oBytes > ((2L << 32) - 1))
-        {
-            throw new IllegalArgumentException("Output length too large");
-        }
-
-        int cThreshold = (int)((oBytes + outLen - 1) / outLen);
-
-        byte[] dig = null;
-
-        dig = new byte[digest.getDigestSize()];
-
-        int counter = counterStart;
-        
-        for (int i = 0; i < cThreshold; i++)
-        {
-            digest.update(shared, 0, shared.length);
-
-            digest.update((byte)(counter >> 24));
-            digest.update((byte)(counter >> 16));
-            digest.update((byte)(counter >> 8));
-            digest.update((byte)counter);
-            
-            if (iv != null)
-            {
-                digest.update(iv, 0, iv.length);
-            }
-
-            digest.doFinal(dig, 0);
-
-            if (len > outLen)
-            {
-                System.arraycopy(dig, 0, out, outOff, outLen);
-                outOff += outLen;
-                len -= outLen;
-            }
-            else
-            {
-                System.arraycopy(dig, 0, out, outOff, len);
-            }
-            
-            counter++;
-        }
-    
-        digest.reset();
-
-        return len;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java
deleted file mode 100644
index 7111118b2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.DESParameters;
-
-public class DESKeyGenerator
-    extends CipherKeyGenerator
-{
-    /**
-     * initialise the key generator - if strength is set to zero
-     * the key generated will be 64 bits in size, otherwise
-     * strength can be 64 or 56 bits (if you don't count the parity bits).
-     *
-     * @param param the parameters to be used for key generation
-     */
-    public void init(
-        KeyGenerationParameters param)
-    {
-        super.init(param);
-
-        if (strength == 0 || strength == (56 / 8))
-        {
-            strength = DESParameters.DES_KEY_LENGTH;
-        }
-        else if (strength != DESParameters.DES_KEY_LENGTH)
-        {
-            throw new IllegalArgumentException("DES key must be "
-                    + (DESParameters.DES_KEY_LENGTH * 8)
-                    + " bits long.");
-        }
-    }
-
-    public byte[] generateKey()
-    {
-        byte[]  newKey = new byte[DESParameters.DES_KEY_LENGTH];
-
-        do
-        {
-            random.nextBytes(newKey);
-
-            DESParameters.setOddParity(newKey);
-        }
-        while (DESParameters.isWeakKey(newKey, 0));
-
-        return newKey;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java
deleted file mode 100644
index 3cab983d5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.DESedeParameters;
-
-public class DESedeKeyGenerator
-    extends DESKeyGenerator
-{
-    /**
-     * initialise the key generator - if strength is set to zero
-     * the key generated will be 192 bits in size, otherwise
-     * strength can be 128 or 192 (or 112 or 168 if you don't count
-     * parity bits), depending on whether you wish to do 2-key or 3-key
-     * triple DES.
-     *
-     * @param param the parameters to be used for key generation
-     */
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.random = param.getRandom();
-        this.strength = (param.getStrength() + 7) / 8;
-
-        if (strength == 0 || strength == (168 / 8))
-        {
-            strength = DESedeParameters.DES_EDE_KEY_LENGTH;
-        }
-        else if (strength == (112 / 8))
-        {
-            strength = 2 * DESedeParameters.DES_KEY_LENGTH;
-        }
-        else if (strength != DESedeParameters.DES_EDE_KEY_LENGTH
-                && strength != (2 * DESedeParameters.DES_KEY_LENGTH))
-        {
-            throw new IllegalArgumentException("DESede key must be "
-                + (DESedeParameters.DES_EDE_KEY_LENGTH * 8) + " or "
-                + (2 * 8 * DESedeParameters.DES_KEY_LENGTH)
-                + " bits long.");
-        }
-    }
-
-    public byte[] generateKey()
-    {
-        byte[]  newKey = new byte[strength];
-
-        do
-        {
-            random.nextBytes(newKey);
-
-            DESedeParameters.setOddParity(newKey);
-        }
-        while (DESedeParameters.isWeakKey(newKey, 0, newKey.length));
-
-        return newKey;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java
deleted file mode 100644
index f93428ef7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-import java.math.BigInteger;
-
-/**
- * a basic Diffie-Hellman key pair generator.
- *
- * This generates keys consistent for use with the basic algorithm for
- * Diffie-Hellman.
- */
-public class DHBasicKeyPairGenerator
-    implements AsymmetricCipherKeyPairGenerator
-{
-    private DHKeyGenerationParameters param;
-
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.param = (DHKeyGenerationParameters)param;
-    }
-
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.INSTANCE;
-        DHParameters dhp = param.getParameters();
-
-        BigInteger x = helper.calculatePrivate(dhp, param.getRandom()); 
-        BigInteger y = helper.calculatePublic(dhp, x);
-
-        return new AsymmetricCipherKeyPair(
-            new DHPublicKeyParameters(y, dhp),
-            new DHPrivateKeyParameters(x, dhp));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java
deleted file mode 100644
index e0d86fc33..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.util.BigIntegers;
-
-class DHKeyGeneratorHelper
-{
-    static final DHKeyGeneratorHelper INSTANCE = new DHKeyGeneratorHelper();
-
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
-    private DHKeyGeneratorHelper()
-    {
-    }
-
-    BigInteger calculatePrivate(DHParameters dhParams, SecureRandom random)
-    {
-        BigInteger p = dhParams.getP();
-        int limit = dhParams.getL();
-
-        if (limit != 0)
-        {
-            return new BigInteger(limit, random).setBit(limit - 1);
-        }
-
-        BigInteger min = TWO;
-        int m = dhParams.getM();
-        if (m != 0)
-        {
-            min = ONE.shiftLeft(m - 1);
-        }
-
-        BigInteger max = p.subtract(TWO);
-        BigInteger q = dhParams.getQ();
-        if (q != null)
-        {
-            max = q.subtract(TWO);
-        }
-
-        return BigIntegers.createRandomInRange(min, max, random);
-    }
-
-    BigInteger calculatePublic(DHParameters dhParams, BigInteger x)
-    {
-        return dhParams.getG().modPow(x, dhParams.getP());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java
deleted file mode 100644
index d07ca80de..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-import java.math.BigInteger;
-
-/**
- * a Diffie-Hellman key pair generator.
- *
- * This generates keys consistent for use in the MTI/A0 key agreement protocol
- * as described in "Handbook of Applied Cryptography", Pages 516-519.
- */
-public class DHKeyPairGenerator
-    implements AsymmetricCipherKeyPairGenerator
-{
-    private DHKeyGenerationParameters param;
-
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.param = (DHKeyGenerationParameters)param;
-    }
-
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.INSTANCE;
-        DHParameters dhp = param.getParameters();
-
-        BigInteger x = helper.calculatePrivate(dhp, param.getRandom()); 
-        BigInteger y = helper.calculatePublic(dhp, x);
-
-        return new AsymmetricCipherKeyPair(
-            new DHPublicKeyParameters(y, dhp),
-            new DHPrivateKeyParameters(x, dhp));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java
deleted file mode 100644
index f5d426426..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.params.DHParameters;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-public class DHParametersGenerator
-{
-    private int             size;
-    private int             certainty;
-    private SecureRandom    random;
-
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
-    /**
-     * Initialise the parameters generator.
-     * 
-     * @param size bit length for the prime p
-     * @param certainty level of certainty for the prime number tests
-     * @param random  a source of randomness
-     */
-    public void init(
-        int             size,
-        int             certainty,
-        SecureRandom    random)
-    {
-        this.size = size;
-        this.certainty = certainty;
-        this.random = random;
-    }
-
-    /**
-     * which generates the p and g values from the given parameters,
-     * returning the DHParameters object.
-     * 
    
-     * Note: can take a while...
-     */
-    public DHParameters generateParameters()
-    {
-        //
-        // find a safe prime p where p = 2*q + 1, where p and q are prime.
-        //
-        BigInteger[] safePrimes = DHParametersHelper.generateSafePrimes(size, certainty, random);
-
-        BigInteger p = safePrimes[0];
-        BigInteger q = safePrimes[1];
-        BigInteger g = DHParametersHelper.selectGenerator(p, q, random);
-
-        return new DHParameters(p, g, q, TWO, null);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
deleted file mode 100644
index 118bc9ccb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.util.BigIntegers;
-
-class DHParametersHelper
-{
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
-    /*
-     * Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
-     * 
-     * (see: Handbook of Applied Cryptography 4.86)
-     */
-    static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
-    {
-        BigInteger p, q;
-        int qLength = size - 1;
-
-        for (;;)
-        {
-            q = new BigInteger(qLength, 2, random);
-
-            // p <- 2q + 1
-            p = q.shiftLeft(1).add(ONE);
-
-            if (p.isProbablePrime(certainty) && (certainty <= 2 || q.isProbablePrime(certainty)))
-            {
-                break;
-            }
-        }
-
-        return new BigInteger[] { p, q };
-    }
-
-    /*
-     * Select a high order element of the multiplicative group Zp*
-     * 
-     * p and q must be s.t. p = 2*q + 1, where p and q are prime (see generateSafePrimes)
-     */
-    static BigInteger selectGenerator(BigInteger p, BigInteger q, SecureRandom random)
-    {
-        BigInteger pMinusTwo = p.subtract(TWO);
-        BigInteger g;
-
-        /*
-         * (see: Handbook of Applied Cryptography 4.80)
-         */
-//        do
-//        {
-//            g = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
-//        }
-//        while (g.modPow(TWO, p).equals(ONE) || g.modPow(q, p).equals(ONE));
-
-
-        /*
-         * RFC 2631 2.2.1.2 (and see: Handbook of Applied Cryptography 4.81)
-         */
-        do
-        {
-            BigInteger h = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
-
-            g = h.modPow(TWO, p);
-        }
-        while (g.equals(ONE));
-
-
-        return g;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java
deleted file mode 100644
index 93f49cfa2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-import org.bouncycastle.util.BigIntegers;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * a DSA key pair generator.
- *
- * This generates DSA keys in line with the method described 
- * in FIPS 186-3 B.1 FFC Key Pair Generation.
- */
-public class DSAKeyPairGenerator
-    implements AsymmetricCipherKeyPairGenerator
-{
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-
-    private DSAKeyGenerationParameters param;
-
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.param = (DSAKeyGenerationParameters)param;
-    }
-
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        DSAParameters dsaParams = param.getParameters();
-
-        BigInteger x = generatePrivateKey(dsaParams.getQ(), param.getRandom());
-        BigInteger y = calculatePublicKey(dsaParams.getP(), dsaParams.getG(), x);
-
-        return new AsymmetricCipherKeyPair(
-            new DSAPublicKeyParameters(y, dsaParams),
-            new DSAPrivateKeyParameters(x, dsaParams));
-    }
-
-    private static BigInteger generatePrivateKey(BigInteger q, SecureRandom random)
-    {
-        // TODO Prefer this method? (change test cases that used fixed random)
-        // B.1.1 Key Pair Generation Using Extra Random Bits
-//        BigInteger c = new BigInteger(q.bitLength() + 64, random);
-//        return c.mod(q.subtract(ONE)).add(ONE);
-
-        // B.1.2 Key Pair Generation by Testing Candidates
-        return BigIntegers.createRandomInRange(ONE, q.subtract(ONE), random);
-    }
-
-    private static BigInteger calculatePublicKey(BigInteger p, BigInteger g, BigInteger x)
-    {
-        return g.modPow(x, p);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
deleted file mode 100644
index be977d71b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ /dev/null
@@ -1,337 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAValidationParameters;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.BigIntegers;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-// TODO Update javadoc to mention FIPS 186-3 when done
-/**
- * generate suitable parameters for DSA, in line with FIPS 186-2.
- */
-public class DSAParametersGenerator
-{
-    private int             L, N;
-    private int             certainty;
-    private SecureRandom    random;
-
-    private static final BigInteger ZERO = BigInteger.valueOf(0);
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
-    /**
-     * initialise the key generator.
-     *
-     * @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments)
-     * @param certainty measure of robustness of prime (for FIPS 186-2 compliance this should be at least 80).
-     * @param random random byte source.
-     */
-    public void init(
-        int             size,
-        int             certainty,
-        SecureRandom    random)
-    {
-        init(size, getDefaultN(size), certainty, random);
-    }
-
-    // TODO Make public to enable support for DSA keys > 1024 bits
-    private void init(
-        int             L,
-        int             N,
-        int             certainty,
-        SecureRandom    random)
-    {
-        // TODO Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2)
-        // TODO Should we enforce the minimum 'certainty' values as per C.3 Table C.1?
-
-        this.L = L;
-        this.N = N;
-        this.certainty = certainty;
-        this.random = random;
-    }
-
-    /**
-     * which generates the p and g values from the given parameters,
-     * returning the DSAParameters object.
-     * 
    
-     * Note: can take a while...
-     */
-    public DSAParameters generateParameters()
-    {
-        return L > 1024
-            ? generateParameters_FIPS186_3()
-            : generateParameters_FIPS186_2();
-    }
-
-    private DSAParameters generateParameters_FIPS186_2()
-    {
-        byte[]          seed = new byte[20];
-        byte[]          part1 = new byte[20];
-        byte[]          part2 = new byte[20];
-        byte[]          u = new byte[20];
-        SHA1Digest      sha1 = new SHA1Digest();
-        int             n = (L - 1) / 160;
-        byte[]          w = new byte[L / 8];
-
-        for (;;)
-        {
-            random.nextBytes(seed);
-
-            hash(sha1, seed, part1);
-            System.arraycopy(seed, 0, part2, 0, seed.length);
-            inc(part2);
-            hash(sha1, part2, part2);
-
-            for (int i = 0; i != u.length; i++)
-            {
-                u[i] = (byte)(part1[i] ^ part2[i]);
-            }
-
-            u[0] |= (byte)0x80;
-            u[19] |= (byte)0x01;
-
-            BigInteger q = new BigInteger(1, u);
-
-            if (!q.isProbablePrime(certainty))
-            {
-                continue;
-            }
-
-            byte[] offset = Arrays.clone(seed);
-            inc(offset);
-
-            for (int counter = 0; counter < 4096; ++counter)
-            {
-                for (int k = 0; k < n; k++)
-                {
-                    inc(offset);
-                    hash(sha1, offset, part1);
-                    System.arraycopy(part1, 0, w, w.length - (k + 1) * part1.length, part1.length);
-                }
-
-                inc(offset);
-                hash(sha1, offset, part1);
-                System.arraycopy(part1, part1.length - ((w.length - (n) * part1.length)), w, 0, w.length - n * part1.length);
-
-                w[0] |= (byte)0x80;
-
-                BigInteger x = new BigInteger(1, w);
-
-                BigInteger c = x.mod(q.shiftLeft(1));
-
-                BigInteger p = x.subtract(c.subtract(ONE));
-
-                if (p.bitLength() != L)
-                {
-                    continue;
-                }
-
-                if (p.isProbablePrime(certainty))
-                {
-                    BigInteger g = calculateGenerator_FIPS186_2(p, q, random);
-
-                    return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter));
-                }
-            }
-        }
-    }
-
-    private static BigInteger calculateGenerator_FIPS186_2(BigInteger p, BigInteger q, SecureRandom r)
-    {
-        BigInteger e = p.subtract(ONE).divide(q);
-        BigInteger pSub2 = p.subtract(TWO);
-
-        for (;;)
-        {
-            BigInteger h = BigIntegers.createRandomInRange(TWO, pSub2, r);
-            BigInteger g = h.modPow(e, p);
-            if (g.bitLength() > 1)
-            {
-                return g;
-            }
-        }
-    }
-
-    /**
-     * generate suitable parameters for DSA, in line with
-     * FIPS 186-3 A.1 Generation of the FFC Primes p and q.
-     */
-    private DSAParameters generateParameters_FIPS186_3()
-    {
-// A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function
-        // FIXME This should be configurable (digest size in bits must be >= N)
-        Digest d = new SHA256Digest();
-        int outlen = d.getDigestSize() * 8;
-
-// 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If
-//    the pair is not in the list, then return INVALID.
-        // Note: checked at initialisation
-
-// 2. If (seedlen < N), then return INVALID.
-        // FIXME This should be configurable (must be >= N)
-        int seedlen = N;
-        byte[] seed = new byte[seedlen / 8];
-
-// 3. n = ceiling(L ℠outlen) – 1.
-        int n = (L - 1) / outlen;
-
-// 4. b = L – 1 – (n ∗ outlen).
-        int b = (L - 1) % outlen;
-
-        byte[] output = new byte[d.getDigestSize()];
-        for (;;)
-        {
-// 5. Get an arbitrary sequence of seedlen bits as the domain_parameter_seed.
-            random.nextBytes(seed);
-
-// 6. U = Hash (domain_parameter_seed) mod 2^(N–1).
-            hash(d, seed, output);
-            BigInteger U = new BigInteger(1, output).mod(ONE.shiftLeft(N - 1));
-
-// 7. q = 2^(N–1) + U + 1 – ( U mod 2).
-            BigInteger q = ONE.shiftLeft(N - 1).add(U).add(ONE).subtract(U.mod(TWO));
-
-// 8. Test whether or not q is prime as specified in Appendix C.3.
-            // TODO Review C.3 for primality checking
-            if (!q.isProbablePrime(certainty))
-            {
-// 9. If q is not a prime, then go to step 5.
-                continue;
-            }
-
-// 10. offset = 1.
-            // Note: 'offset' value managed incrementally
-            byte[] offset = Arrays.clone(seed);
-
-// 11. For counter = 0 to (4L – 1) do
-            int counterLimit = 4 * L;
-            for (int counter = 0; counter < counterLimit; ++counter)
-            {
-// 11.1 For j = 0 to n do
-//      Vj = Hash ((domain_parameter_seed + offset + j) mod 2^seedlen).
-// 11.2 W = V0 + (V1 ∗ 2^outlen) + ... + (V^(n–1) ∗ 2^((n–1) ∗ outlen)) + ((Vn mod 2^b) ∗ 2^(n ∗ outlen)).
-                // TODO Assemble w as a byte array
-                BigInteger W = ZERO;
-                for (int j = 0, exp = 0; j <= n; ++j, exp += outlen)
-                {
-                    inc(offset);
-                    hash(d, offset, output);
-
-                    BigInteger Vj = new BigInteger(1, output);
-                    if (j == n)
-                    {
-                        Vj = Vj.mod(ONE.shiftLeft(b));
-                    }
-
-                    W = W.add(Vj.shiftLeft(exp));
-                }
-
-// 11.3 X = W + 2^(L–1). Comment: 0 ≤ W < 2L–1; hence, 2L–1 ≤ X < 2L.
-                BigInteger X = W.add(ONE.shiftLeft(L - 1));
- 
-// 11.4 c = X mod 2q.
-                BigInteger c = X.mod(q.shiftLeft(1));
-
-// 11.5 p = X - (c - 1). Comment: p ≡ 1 (mod 2q).
-                BigInteger p = X.subtract(c.subtract(ONE));
-
-// 11.6 If (p < 2^(L - 1)), then go to step 11.9
-                if (p.bitLength() != L)
-                {
-                    continue;
-                }
-
-// 11.7 Test whether or not p is prime as specified in Appendix C.3.
-                // TODO Review C.3 for primality checking
-                if (p.isProbablePrime(certainty))
-                {
-// 11.8 If p is determined to be prime, then return VALID and the values of p, q and
-//      (optionally) the values of domain_parameter_seed and counter.
-                    // TODO Make configurable (8-bit unsigned)?
-//                    int index = 1;
-//                    BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, index);
-//                    if (g != null)
-//                    {
-//                        // TODO Should 'index' be a part of the validation parameters?
-//                        return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter));
-//                    }
-
-                    BigInteger g = calculateGenerator_FIPS186_3_Unverifiable(p, q, random);
-                    return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter));
-                }
-
-// 11.9 offset = offset + n + 1.      Comment: Increment offset; then, as part of
-//                                    the loop in step 11, increment counter; if
-//                                    counter < 4L, repeat steps 11.1 through 11.8.
-                // Note: 'offset' value already incremented in inner loop
-            }
-// 12. Go to step 5.
-        }
-    }
-
-    private static BigInteger calculateGenerator_FIPS186_3_Unverifiable(BigInteger p, BigInteger q,
-        SecureRandom r)
-    {
-        return calculateGenerator_FIPS186_2(p, q, r);
-    }
-
-//    private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q,
-//        byte[] seed, int index)
-//    {
-//// A.2.3 Verifiable Canonical Generation of the Generator g
-//        BigInteger e = p.subtract(ONE).divide(q);
-//        byte[] ggen = Hex.decode("6767656E");
-//
-//        // 7. U = domain_parameter_seed || "ggen" || index || count.
-//        byte[] U = new byte[seed.length + ggen.length + 1 + 2];
-//        System.arraycopy(seed, 0, U, 0, seed.length);
-//        System.arraycopy(ggen, 0, U, seed.length, ggen.length);
-//        U[U.length - 3] = (byte)index; 
-//
-//        byte[] w = new byte[d.getDigestSize()];
-//        for (int count = 1; count < (1 << 16); ++count)
-//        {
-//            inc(U);
-//            hash(d, U, w);
-//            BigInteger W = new BigInteger(1, w);
-//            BigInteger g = W.modPow(e, p);
-//            if (g.compareTo(TWO) >= 0)
-//            {
-//                return g;
-//            }
-//        }
-//
-//        return null;
-//    }
-
-    private static void hash(Digest d, byte[] input, byte[] output)
-    {
-        d.update(input, 0, input.length);
-        d.doFinal(output, 0);
-    }
-
-    private static int getDefaultN(int L)
-    {
-        return L > 1024 ? 256 : 160;
-    }
-
-    private static void inc(byte[] buf)
-    {
-        for (int i = buf.length - 1; i >= 0; --i)
-        {
-            byte b = (byte)((buf[i] + 1) & 0xff);
-            buf[i] = b;
-
-            if (b != 0)
-            {
-                break;
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
deleted file mode 100644
index d77bd747a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.math.ec.ECConstants;
-import org.bouncycastle.math.ec.ECPoint;
-
-public class ECKeyPairGenerator
-    implements AsymmetricCipherKeyPairGenerator, ECConstants
-{
-    ECDomainParameters  params;
-    SecureRandom        random;
-
-    public void init(
-        KeyGenerationParameters param)
-    {
-        ECKeyGenerationParameters  ecP = (ECKeyGenerationParameters)param;
-
-        this.random = ecP.getRandom();
-        this.params = ecP.getDomainParameters();
-    }
-
-    /**
-     * Given the domain parameters this routine generates an EC key
-     * pair in accordance with X9.62 section 5.2.1 pages 26, 27.
-     */
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        BigInteger n = params.getN();
-        int        nBitLength = n.bitLength();
-        BigInteger d;
-
-        do
-        {
-            d = new BigInteger(nBitLength, random);
-        }
-        while (d.equals(ZERO)  || (d.compareTo(n) >= 0));
-
-        ECPoint Q = params.getG().multiply(d);
-
-        return new AsymmetricCipherKeyPair(
-            new ECPublicKeyParameters(Q, params),
-            new ECPrivateKeyParameters(d, params));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java
deleted file mode 100644
index f23b69767..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-
-/**
- * a ElGamal key pair generator.
- * 
    
- * This generates keys consistent for use with ElGamal as described in
- * page 164 of "Handbook of Applied Cryptography".
- */
-public class ElGamalKeyPairGenerator
-    implements AsymmetricCipherKeyPairGenerator
-{
-    private ElGamalKeyGenerationParameters param;
-
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.param = (ElGamalKeyGenerationParameters)param;
-    }
-
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.INSTANCE;
-        ElGamalParameters egp = param.getParameters();
-        DHParameters dhp = new DHParameters(egp.getP(), egp.getG(), null, egp.getL());  
-
-        BigInteger x = helper.calculatePrivate(dhp, param.getRandom()); 
-        BigInteger y = helper.calculatePublic(dhp, x);
-
-        return new AsymmetricCipherKeyPair(
-            new ElGamalPublicKeyParameters(y, egp),
-            new ElGamalPrivateKeyParameters(x, egp));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java
deleted file mode 100644
index 21e8c2a06..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.params.ElGamalParameters;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-public class ElGamalParametersGenerator
-{
-    private int             size;
-    private int             certainty;
-    private SecureRandom    random;
-
-    public void init(
-        int             size,
-        int             certainty,
-        SecureRandom    random)
-    {
-        this.size = size;
-        this.certainty = certainty;
-        this.random = random;
-    }
-
-    /**
-     * which generates the p and g values from the given parameters,
-     * returning the ElGamalParameters object.
-     * 
    
-     * Note: can take a while...
-     */
-    public ElGamalParameters generateParameters()
-    {
-        //
-        // find a safe prime p where p = 2*q + 1, where p and q are prime.
-        //
-        BigInteger[] safePrimes = DHParametersHelper.generateSafePrimes(size, certainty, random);
-
-        BigInteger p = safePrimes[0];
-        BigInteger q = safePrimes[1];
-        BigInteger g = DHParametersHelper.selectGenerator(p, q, random);
-
-        return new ElGamalParameters(p, g);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java
deleted file mode 100644
index 3e13c2120..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters;
-import org.bouncycastle.crypto.params.GOST3410Parameters;
-import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters;
-import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * a GOST3410 key pair generator.
- * This generates GOST3410 keys in line with the method described
- * in GOST R 34.10-94.
- */
-public class GOST3410KeyPairGenerator
-        implements AsymmetricCipherKeyPairGenerator
-    {
-        private static final BigInteger ZERO = BigInteger.valueOf(0);
-
-        private GOST3410KeyGenerationParameters param;
-
-        public void init(
-            KeyGenerationParameters param)
-        {
-            this.param = (GOST3410KeyGenerationParameters)param;
-        }
-
-        public AsymmetricCipherKeyPair generateKeyPair()
-        {
-            BigInteger      p, q, a, x, y;
-            GOST3410Parameters   GOST3410Params = param.getParameters();
-            SecureRandom    random = param.getRandom();
-
-            q = GOST3410Params.getQ();
-            p = GOST3410Params.getP();
-            a = GOST3410Params.getA();
-
-            do
-            {
-                x = new BigInteger(256, random);
-            }
-            while (x.equals(ZERO) || x.compareTo(q) >= 0);
-
-            //
-            // calculate the public key.
-            //
-            y = a.modPow(x, p);
-
-            return new AsymmetricCipherKeyPair(
-                    new GOST3410PublicKeyParameters(y, GOST3410Params),
-                    new GOST3410PrivateKeyParameters(x, GOST3410Params));
-        }
-    }
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java
deleted file mode 100644
index 1c7cecf84..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java
+++ /dev/null
@@ -1,541 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.params.GOST3410Parameters;
-import org.bouncycastle.crypto.params.GOST3410ValidationParameters;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * generate suitable parameters for GOST3410.
- */
-public class GOST3410ParametersGenerator
-{
-    private int             size;
-    private int             typeproc;
-    private SecureRandom    init_random;
-
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
-    /**
-     * initialise the key generator.
-     *
-     * @param size size of the key
-     * @param typeproc type procedure A,B = 1;  A',B' - else
-     * @param random random byte source.
-     */
-    public void init(
-        int             size,
-        int             typeproc,
-        SecureRandom    random)
-    {
-        this.size = size;
-        this.typeproc = typeproc;
-        this.init_random = random;
-    }
-
-    //Procedure A
-    private int procedure_A(int x0, int c,  BigInteger[] pq, int size)
-    {
-        //Verify and perform condition: 065536)
-        {
-            x0 = init_random.nextInt()/32768;
-        }
-
-        while((c<0 || c>65536) || (c/2==0))
-        {
-            c = init_random.nextInt()/32768 + 1;
-        }
-
-        BigInteger C = new BigInteger(Integer.toString(c));
-        BigInteger constA16 = new BigInteger("19381");
-
-        //step1
-        BigInteger[] y = new BigInteger[1]; // begin length = 1
-        y[0] = new BigInteger(Integer.toString(x0));
-
-        //step 2
-        int[] t = new int[1]; // t - orders; begin length = 1
-        t[0] = size;
-        int s = 0;
-        for (int i=0; t[i]>=17; i++)
-        {
-            // extension array t
-            int tmp_t[] = new int[t.length + 1];             ///////////////
-            System.arraycopy(t,0,tmp_t,0,t.length);          //  extension
-            t = new int[tmp_t.length];                       //  array t
-            System.arraycopy(tmp_t, 0, t, 0, tmp_t.length);  ///////////////
-
-            t[i+1] = t[i]/2;
-            s = i+1;
-        }
-
-        //step3
-        BigInteger p[] = new BigInteger[s+1];
-        p[s] = new BigInteger("8003",16); //set min prime number length 16 bit
-
-        int m = s-1;  //step4
-
-        for (int i=0; i=0) 
-                {
-                    break; //step 14
-                }
-                else
-                {
-                    pq[0] = p[0];
-                    pq[1] = p[1];
-                    return y[0].intValue(); //return for procedure B step 2
-                }
-            }
-        }
-        return y[0].intValue();
-    }
-
-    //Procedure A'
-    private long procedure_Aa(long x0, long c, BigInteger[] pq, int size)
-    {
-        //Verify and perform condition: 04294967296L)
-        {
-            x0 = init_random.nextInt()*2;
-        }
-
-        while((c<0 || c>4294967296L) || (c/2==0))
-        {
-            c = init_random.nextInt()*2+1;
-        }
-
-        BigInteger C = new BigInteger(Long.toString(c));
-        BigInteger constA32 = new BigInteger("97781173");
-
-        //step1
-        BigInteger[] y = new BigInteger[1]; // begin length = 1
-        y[0] = new BigInteger(Long.toString(x0));
-
-        //step 2
-        int[] t = new int[1]; // t - orders; begin length = 1
-        t[0] = size;
-        int s = 0;
-        for (int i=0; t[i]>=33; i++)
-        {
-            // extension array t
-            int tmp_t[] = new int[t.length + 1];             ///////////////
-            System.arraycopy(t,0,tmp_t,0,t.length);          //  extension
-            t = new int[tmp_t.length];                       //  array t
-            System.arraycopy(tmp_t, 0, t, 0, tmp_t.length);  ///////////////
-
-            t[i+1] = t[i]/2;
-            s = i+1;
-        }
-
-        //step3
-        BigInteger p[] = new BigInteger[s+1];
-        p[s] = new BigInteger("8000000B",16); //set min prime number length 32 bit
-
-        int m = s-1;  //step4
-
-        for (int i=0; i=0)
-                {
-                    break; //step 14
-                }
-                else
-                {
-                    pq[0] = p[0];
-                    pq[1] = p[1];
-                    return y[0].longValue(); //return for procedure B' step 2
-                }
-            }
-        }
-        return y[0].longValue();
-    }
-
-    //Procedure B
-    private void procedure_B(int x0, int c, BigInteger[] pq)
-    {
-        //Verify and perform condition: 065536)
-        {
-            x0 = init_random.nextInt()/32768;
-        }
-
-        while((c<0 || c>65536) || (c/2==0))
-        {
-            c = init_random.nextInt()/32768 + 1;
-        }
-
-        BigInteger [] qp = new BigInteger[2];
-        BigInteger q = null, Q = null, p = null;
-        BigInteger C = new BigInteger(Integer.toString(c));
-        BigInteger constA16 = new BigInteger("19381");
-
-        //step1
-        x0 = procedure_A(x0, c, qp, 256);
-        q = qp[0];
-
-        //step2
-        x0 = procedure_A(x0, c, qp, 512);
-        Q = qp[0];
-
-        BigInteger[] y = new BigInteger[65];
-        y[0] = new BigInteger(Integer.toString(x0));
-
-        int tp = 1024;
-
- step3: for(;;)
-        {
-            //step 3
-            for (int j=0; j<64; j++)
-            {
-                y[j+1] = (y[j].multiply(constA16).add(C)).mod(TWO.pow(16));
-            }
-
-            //step 4
-            BigInteger Y = new BigInteger("0");
- 
-            for (int j=0; j<64; j++)
-            {
-                Y = Y.add(y[j].multiply(TWO.pow(16*j)));
-            }
-
-            y[0] = y[64]; //step 5
-
-            //step 6
-            BigInteger N = TWO.pow(tp-1).divide(q.multiply(Q)).
-                               add((TWO.pow(tp-1).multiply(Y)).
-                                   divide(q.multiply(Q).multiply(TWO.pow(1024))));
-
-            if (N.mod(TWO).compareTo(ONE)==0)
-            {
-                N = N.add(ONE);
-            }
-
-            int k = 0; //step 7
-
-     step8: for(;;)
-            {
-                //step 11
-                p = q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))).add(ONE);
-
-                if (p.compareTo(TWO.pow(tp))==1)
-                {
-                    continue step3; //step 9
-                }
-
-                //step10
-                if ((TWO.modPow(q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)==0) &&
-                    (TWO.modPow(q.multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)!=0))
-                {
-                    pq[0] = p;
-                    pq[1] = q;
-                    return;
-                }
-                else
-                {
-                    k += 2;
-                    continue step8;
-                }
-            }
-        }
-    }
-
-    //Procedure B'
-    private void procedure_Bb(long x0, long c, BigInteger[] pq)
-    {
-        //Verify and perform condition: 04294967296L)
-        {
-            x0 = init_random.nextInt()*2;
-        }
-
-        while((c<0 || c>4294967296L) || (c/2==0))
-        {
-            c = init_random.nextInt()*2+1;
-        }
-
-        BigInteger [] qp = new BigInteger[2];
-        BigInteger q = null, Q = null, p = null;
-        BigInteger C = new BigInteger(Long.toString(c));
-        BigInteger constA32 = new BigInteger("97781173");
-
-        //step1
-        x0 = procedure_Aa(x0, c, qp, 256);
-        q = qp[0];
-
-        //step2
-        x0 = procedure_Aa(x0, c, qp, 512);
-        Q = qp[0];
-
-        BigInteger[] y = new BigInteger[33];
-        y[0] = new BigInteger(Long.toString(x0));
-
-        int tp = 1024;
-
- step3: for(;;)
-        {
-            //step 3
-            for (int j=0; j<32; j++)
-            {
-                y[j+1] = (y[j].multiply(constA32).add(C)).mod(TWO.pow(32));
-            }
-
-            //step 4
-            BigInteger Y = new BigInteger("0");
-            for (int j=0; j<32; j++)
-            {
-                Y = Y.add(y[j].multiply(TWO.pow(32*j)));
-            }
-
-            y[0] = y[32]; //step 5
-
-            //step 6
-            BigInteger N = TWO.pow(tp-1).divide(q.multiply(Q)).
-                               add((TWO.pow(tp-1).multiply(Y)).
-                                   divide(q.multiply(Q).multiply(TWO.pow(1024))));
-
-            if (N.mod(TWO).compareTo(ONE)==0)
-            {
-                N = N.add(ONE);
-            }
-
-            int k = 0; //step 7
-
-     step8: for(;;)
-            {
-                //step 11
-                p = q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))).add(ONE);
-
-                if (p.compareTo(TWO.pow(tp))==1)
-                {
-                    continue step3; //step 9
-                }
-
-                //step10
-                if ((TWO.modPow(q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)==0) &&
-                    (TWO.modPow(q.multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)!=0))
-                {
-                    pq[0] = p;
-                    pq[1] = q;
-                    return;
-                }
-                else
-                {
-                    k += 2;
-                    continue step8;
-                }
-            }
-        }
-    }
-
-
-    /**
-     * Procedure C
-     * procedure generates the a value from the given p,q,
-     * returning the a value.
-     */
-    private BigInteger procedure_C(BigInteger p, BigInteger q)
-    {
-        BigInteger pSub1 = p.subtract(ONE);
-        BigInteger pSub1DivQ = pSub1.divide(q);
-        int length = p.bitLength();
-
-        for(;;)
-        {
-            BigInteger d = new BigInteger(length, init_random);
-
-            // 1 < d < p-1
-            if (d.compareTo(ONE) > 0 && d.compareTo(pSub1) < 0)
-            {
-                BigInteger a = d.modPow(pSub1DivQ, p);
-
-                if (a.compareTo(ONE) != 0)
-                {
-                    return a;
-                }
-            }
-        }
-    }
-
-    /**
-     * which generates the p , q and a values from the given parameters,
-     * returning the GOST3410Parameters object.
-     */
-    public GOST3410Parameters generateParameters()
-    {
-        BigInteger [] pq = new BigInteger[2];
-        BigInteger    q = null, p = null, a = null;
-
-        int  x0, c;
-        long  x0L, cL;
-
-        if (typeproc==1)
-        {
-            x0 = init_random.nextInt();
-            c  = init_random.nextInt();
-
-            switch(size)
-            {
-            case 512:  
-                procedure_A(x0, c, pq, 512); 
-                break;
-            case 1024: 
-                procedure_B(x0, c, pq); 
-                break;
-            default: 
-                throw new IllegalArgumentException("Ooops! key size 512 or 1024 bit.");
-            }
-            p = pq[0];  q = pq[1];
-            a = procedure_C(p, q);
-            //System.out.println("p:"+p.toString(16)+"\n"+"q:"+q.toString(16)+"\n"+"a:"+a.toString(16));
-            //System.out.println("p:"+p+"\n"+"q:"+q+"\n"+"a:"+a);
-            return new GOST3410Parameters(p, q, a, new GOST3410ValidationParameters(x0, c));
-        }
-        else
-        {
-            x0L = init_random.nextLong();
-            cL  = init_random.nextLong();
-
-            switch(size)
-            {
-            case 512:  
-                procedure_Aa(x0L, cL, pq, 512); 
-                break;
-            case 1024: 
-                procedure_Bb(x0L, cL, pq); 
-                break;
-            default: 
-                throw new IllegalStateException("Ooops! key size 512 or 1024 bit.");
-            }
-            p = pq[0];  q = pq[1];
-            a = procedure_C(p, q);
-            //System.out.println("p:"+p.toString(16)+"\n"+"q:"+q.toString(16)+"\n"+"a:"+a.toString(16));
-            //System.out.println("p:"+p+"\n"+"q:"+q+"\n"+"a:"+a);
-            return new GOST3410Parameters(p, q, a, new GOST3410ValidationParameters(x0L, cL));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java
deleted file mode 100644
index 7789b7b54..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.Digest;
-
-/**
- * KDF1 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
- * 
    
- * This implementation is based on ISO 18033/IEEE P1363a.
- */
-public class KDF1BytesGenerator
-    extends BaseKDFBytesGenerator
-{
-    /**
-     * Construct a KDF1 byte generator.
-     * 
    
-     * @param digest the digest to be used as the source of derived keys.
-     */
-    public KDF1BytesGenerator(
-        Digest  digest)
-    {
-        super(0, digest);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java
deleted file mode 100644
index cab05ac65..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.Digest;
-
-/**
- * KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
- * 
    
- * This implementation is based on IEEE P1363/ISO 18033.
- */
-public class KDF2BytesGenerator
-    extends BaseKDFBytesGenerator
-{
-    /**
-     * Construct a KDF2 bytes generator. Generates key material
-     * according to IEEE P1363 or ISO 18033 depending on the initialisation.
-     * 
    
-     * @param digest the digest to be used as the source of derived keys.
-     */
-    public KDF2BytesGenerator(
-        Digest  digest)
-    {
-        super(1, digest);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java
deleted file mode 100644
index e93c0d73e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.DerivationParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.params.MGFParameters;
-
-/**
- * Generator for MGF1 as defined in PKCS 1v2
- */
-public class MGF1BytesGenerator
-    implements DerivationFunction
-{
-    private Digest  digest;
-    private byte[]  seed;
-    private int     hLen;
-
-    /**
-     * @param digest the digest to be used as the source of generated bytes
-     */
-    public MGF1BytesGenerator(
-        Digest  digest)
-    {
-        this.digest = digest;
-        this.hLen = digest.getDigestSize();
-    }
-
-    public void init(
-        DerivationParameters    param)
-    {
-        if (!(param instanceof MGFParameters))
-        {
-            throw new IllegalArgumentException("MGF parameters required for MGF1Generator");
-        }
-
-        MGFParameters   p = (MGFParameters)param;
-
-        seed = p.getSeed();
-    }
-
-    /**
-     * return the underlying digest.
-     */
-    public Digest getDigest()
-    {
-        return digest;
-    }
-
-    /**
-     * int to octet string.
-     */
-    private void ItoOSP(
-        int     i,
-        byte[]  sp)
-    {
-        sp[0] = (byte)(i >>> 24);
-        sp[1] = (byte)(i >>> 16);
-        sp[2] = (byte)(i >>> 8);
-        sp[3] = (byte)(i >>> 0);
-    }
-
-    /**
-     * fill len bytes of the output buffer with bytes generated from
-     * the derivation function.
-     *
-     * @throws DataLengthException if the out buffer is too small.
-     */
-    public int generateBytes(
-        byte[]  out,
-        int     outOff,
-        int     len)
-        throws DataLengthException, IllegalArgumentException
-    {
-        if ((out.length - len) < outOff)
-        {
-            throw new DataLengthException("output buffer too small");
-        }
-        
-        byte[]  hashBuf = new byte[hLen];
-        byte[]  C = new byte[4];
-        int     counter = 0;
-
-        digest.reset();
-
-        if (len > hLen)
-        {
-            do
-            {
-                ItoOSP(counter, C);
-    
-                digest.update(seed, 0, seed.length);
-                digest.update(C, 0, C.length);
-                digest.doFinal(hashBuf, 0);
-    
-                System.arraycopy(hashBuf, 0, out, outOff + counter * hLen, hLen);
-            }
-            while (++counter < (len / hLen));
-        }
-
-        if ((counter * hLen) < len)
-        {
-            ItoOSP(counter, C);
-
-            digest.update(seed, 0, seed.length);
-            digest.update(C, 0, C.length);
-            digest.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, out, outOff + counter * hLen, len - (counter * hLen));
-        }
-
-        return len;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java
deleted file mode 100644
index ceb39407f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java
+++ /dev/null
@@ -1,365 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.NaccacheSternKeyGenerationParameters;
-import org.bouncycastle.crypto.params.NaccacheSternKeyParameters;
-import org.bouncycastle.crypto.params.NaccacheSternPrivateKeyParameters;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-import java.util.Vector;
-
-/**
- * Key generation parameters for NaccacheStern cipher. For details on this cipher, please see
- * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
- */
-public class NaccacheSternKeyPairGenerator 
-    implements AsymmetricCipherKeyPairGenerator 
-{
-
-    private static int[] smallPrimes =
-    {
-        3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67,
-        71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149,
-        151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233,
-        239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331,
-        337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431,
-        433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523,
-        541, 547, 557
-    };
-    
-    private NaccacheSternKeyGenerationParameters param;
-
-    private static final BigInteger ONE = BigInteger.valueOf(1); // JDK 1.1 compatibility
-
-    /*
-     * (non-Javadoc)
-     * 
-     * @see org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator#init(org.bouncycastle.crypto.KeyGenerationParameters)
-     */
-    public void init(KeyGenerationParameters param)
-    {
-        this.param = (NaccacheSternKeyGenerationParameters)param;
-    }
-
-    /*
-     * (non-Javadoc)
-     * 
-     * @see org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator#generateKeyPair()
-     */
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        int strength = param.getStrength();
-        SecureRandom rand = param.getRandom();
-        int certainty = param.getCertainty();
-        boolean debug = param.isDebug();
-
-        if (debug)
-        {
-            System.out.println("Fetching first " + param.getCntSmallPrimes() + " primes.");
-        }
-
-        Vector smallPrimes = findFirstPrimes(param.getCntSmallPrimes());
-        smallPrimes = permuteList(smallPrimes, rand);
-
-        BigInteger u = ONE;
-        BigInteger v = ONE;
-
-        for (int i = 0; i < smallPrimes.size() / 2; i++)
-        {
-            u = u.multiply((BigInteger)smallPrimes.elementAt(i));
-        }
-        for (int i = smallPrimes.size() / 2; i < smallPrimes.size(); i++)
-        {
-            v = v.multiply((BigInteger)smallPrimes.elementAt(i));
-        }
-
-        BigInteger sigma = u.multiply(v);
-
-        // n = (2 a u p_ + 1 ) ( 2 b v q_ + 1)
-        // -> |n| = strength
-        // |2| = 1 in bits
-        // -> |a| * |b| = |n| - |u| - |v| - |p_| - |q_| - |2| -|2|
-        // remainingStrength = strength - sigma.bitLength() - p_.bitLength() -
-        // q_.bitLength() - 1 -1
-        int remainingStrength = strength - sigma.bitLength() - 48;
-        BigInteger a = generatePrime(remainingStrength / 2 + 1, certainty, rand);
-        BigInteger b = generatePrime(remainingStrength / 2 + 1, certainty, rand);
-
-        BigInteger p_;
-        BigInteger q_;
-        BigInteger p;
-        BigInteger q;
-        long tries = 0;
-        if (debug)
-        {
-            System.out.println("generating p and q");
-        }
-
-        BigInteger _2au = a.multiply(u).shiftLeft(1);
-        BigInteger _2bv = b.multiply(v).shiftLeft(1);
-
-        for (;;)
-        {
-            tries++;
-
-            p_ = generatePrime(24, certainty, rand);
-   
-            p = p_.multiply(_2au).add(ONE);
-
-            if (!p.isProbablePrime(certainty))
-            {
-                continue;
-            }
-
-            for (;;)
-            {
-                q_ = generatePrime(24, certainty, rand);
-
-                if (p_.equals(q_))
-                {
-                    continue;
-                }
-
-                q = q_.multiply(_2bv).add(ONE);
-
-                if (q.isProbablePrime(certainty))
-                {
-                    break;
-                }
-            }
-
-            if (!sigma.gcd(p_.multiply(q_)).equals(ONE))
-            {
-                // System.out.println("sigma.gcd(p_.mult(q_)) != 1!\n p_: " + p_
-                // +"\n q_: "+ q_ );
-                continue;
-            }
-
-            if (p.multiply(q).bitLength() < strength)
-            {
-                if (debug)
-                {
-                    System.out.println("key size too small. Should be " + strength + " but is actually "
-                                    + p.multiply(q).bitLength());
-                }
-                continue;
-            }
-            break;
-        }
-
-        if (debug)
-        {
-            System.out.println("needed " + tries + " tries to generate p and q.");
-        }
-
-        BigInteger n = p.multiply(q);
-        BigInteger phi_n = p.subtract(ONE).multiply(q.subtract(ONE));
-        BigInteger g;
-        tries = 0;
-        if (debug)
-        {
-            System.out.println("generating g");
-        }
-        for (;;)
-        {
-
-            Vector gParts = new Vector();
-            for (int ind = 0; ind != smallPrimes.size(); ind++)
-            {
-                BigInteger i = (BigInteger)smallPrimes.elementAt(ind);
-                BigInteger e = phi_n.divide(i);
-
-                for (;;)
-                {
-                    tries++;
-                    g = new BigInteger(strength, certainty, rand);
-                    if (g.modPow(e, n).equals(ONE))
-                    {
-                        continue;
-                    }
-                    gParts.addElement(g);
-                    break;
-                }
-            }
-            g = ONE;
-            for (int i = 0; i < smallPrimes.size(); i++)
-            {
-                g = g.multiply(((BigInteger)gParts.elementAt(i)).modPow(sigma.divide((BigInteger)smallPrimes.elementAt(i)), n)).mod(n);
-            }
-
-            // make sure that g is not divisible by p_i or q_i
-            boolean divisible = false;
-            for (int i = 0; i < smallPrimes.size(); i++)
-            {
-                if (g.modPow(phi_n.divide((BigInteger)smallPrimes.elementAt(i)), n).equals(ONE))
-                {
-                    if (debug)
-                    {
-                        System.out.println("g has order phi(n)/" + smallPrimes.elementAt(i) + "\n g: " + g);
-                    }
-                    divisible = true;
-                    break;
-                }
-            }
-            
-            if (divisible)
-            {
-                continue;
-            }
-
-            // make sure that g has order > phi_n/4
-
-            if (g.modPow(phi_n.divide(BigInteger.valueOf(4)), n).equals(ONE))
-            {
-                if (debug)
-                {
-                    System.out.println("g has order phi(n)/4\n g:" + g);
-                }
-                continue;
-            }
-
-            if (g.modPow(phi_n.divide(p_), n).equals(ONE))
-            {
-                if (debug)
-                {
-                    System.out.println("g has order phi(n)/p'\n g: " + g);
-                }
-                continue;
-            }
-            if (g.modPow(phi_n.divide(q_), n).equals(ONE))
-            {
-                if (debug)
-                {
-                    System.out.println("g has order phi(n)/q'\n g: " + g);
-                }
-                continue;
-            }
-            if (g.modPow(phi_n.divide(a), n).equals(ONE))
-            {
-                if (debug)
-                {
-                    System.out.println("g has order phi(n)/a\n g: " + g);
-                }
-                continue;
-            }
-            if (g.modPow(phi_n.divide(b), n).equals(ONE))
-            {
-                if (debug)
-                {
-                    System.out.println("g has order phi(n)/b\n g: " + g);
-                }
-                continue;
-            }
-            break;
-        }
-        if (debug)
-        {
-            System.out.println("needed " + tries + " tries to generate g");
-            System.out.println();
-            System.out.println("found new NaccacheStern cipher variables:");
-            System.out.println("smallPrimes: " + smallPrimes);
-            System.out.println("sigma:...... " + sigma + " (" + sigma.bitLength() + " bits)");
-            System.out.println("a:.......... " + a);
-            System.out.println("b:.......... " + b);
-            System.out.println("p':......... " + p_);
-            System.out.println("q':......... " + q_);
-            System.out.println("p:.......... " + p);
-            System.out.println("q:.......... " + q);
-            System.out.println("n:.......... " + n);
-            System.out.println("phi(n):..... " + phi_n);
-            System.out.println("g:.......... " + g);
-            System.out.println();
-        }
-
-        return new AsymmetricCipherKeyPair(new NaccacheSternKeyParameters(false, g, n, sigma.bitLength()),
-                        new NaccacheSternPrivateKeyParameters(g, n, sigma.bitLength(), smallPrimes, phi_n));
-    }
-
-    private static BigInteger generatePrime(
-            int bitLength, 
-            int certainty,
-            SecureRandom rand)
-    {
-        BigInteger p_ = new BigInteger(bitLength, certainty, rand);
-        while (p_.bitLength() != bitLength)
-        {
-            p_ = new BigInteger(bitLength, certainty, rand);
-        }
-        return p_;
-    }
-
-    /**
-     * Generates a permuted ArrayList from the original one. The original List
-     * is not modified
-     * 
-     * @param arr
-     *            the ArrayList to be permuted
-     * @param rand
-     *            the source of Randomness for permutation
-     * @return a new ArrayList with the permuted elements.
-     */
-    private static Vector permuteList(
-        Vector arr, 
-        SecureRandom rand) 
-    {
-        Vector retval = new Vector();
-        Vector tmp = new Vector();
-        for (int i = 0; i < arr.size(); i++) 
-        {
-            tmp.addElement(arr.elementAt(i));
-        }
-        retval.addElement(tmp.elementAt(0));
-        tmp.removeElementAt(0);
-        while (tmp.size() != 0) 
-        {
-            retval.insertElementAt(tmp.elementAt(0), getInt(rand, retval.size() + 1));
-            tmp.removeElementAt(0);
-        }
-        return retval;
-    }
-
-    private static int getInt(
-        SecureRandom rand,
-        int n)
-    {
-        if ((n & -n) == n) 
-        {
-            return (int)((n * (long)(rand.nextInt() & 0x7fffffff)) >> 31);
-        }
-
-        int bits, val;
-        do
-        {
-            bits = rand.nextInt() & 0x7fffffff;
-            val = bits % n;
-        }
-        while (bits - val + (n-1) < 0);
-
-        return val;
-    }
-
-    /**
-     * Finds the first 'count' primes starting with 3
-     * 
-     * @param count
-     *            the number of primes to find
-     * @return a vector containing the found primes as Integer
-     */
-    private static Vector findFirstPrimes(
-        int count) 
-    {
-        Vector primes = new Vector(count);
-
-        for (int i = 0; i != count; i++)
-        {
-            primes.addElement(BigInteger.valueOf(smallPrimes[i]));
-        }
-        
-        return primes;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
deleted file mode 100644
index 8a4d28ab4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Generator for PBE derived keys and ivs as usd by OpenSSL.
- * 
    
- * The scheme is a simple extension of PKCS 5 V2.0 Scheme 1 using MD5 with an
- * iteration count of 1.
- * 
    
- */
-public class OpenSSLPBEParametersGenerator
-    extends PBEParametersGenerator
-{
-    private Digest  digest = new MD5Digest();
-
-    /**
-     * Construct a OpenSSL Parameters generator. 
-     */
-    public OpenSSLPBEParametersGenerator()
-    {
-    }
-
-    /**
-     * Initialise - note the iteration count for this algorithm is fixed at 1.
-     * 
-     * @param password password to use.
-     * @param salt salt to use.
-     */
-    public void init(
-       byte[] password,
-       byte[] salt)
-    {
-        super.init(password, salt, 1);
-    }
-    
-    /**
-     * the derived key function, the ith hash of the password and the salt.
-     */
-    private byte[] generateDerivedKey(
-        int bytesNeeded)
-    {
-        byte[]  buf = new byte[digest.getDigestSize()];
-        byte[]  key = new byte[bytesNeeded];
-        int     offset = 0;
-        
-        for (;;)
-        {
-            digest.update(password, 0, password.length);
-            digest.update(salt, 0, salt.length);
-
-            digest.doFinal(buf, 0);
-            
-            int len = (bytesNeeded > buf.length) ? buf.length : bytesNeeded;
-            System.arraycopy(buf, 0, key, offset, len);
-            offset += len;
-
-            // check if we need any more
-            bytesNeeded -= len;
-            if (bytesNeeded == 0)
-            {
-                break;
-            }
-
-            // do another round
-            digest.reset();
-            digest.update(buf, 0, buf.length);
-        }
-        
-        return key;
-    }
-
-    /**
-     * Generate a key parameter derived from the password, salt, and iteration
-     * count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     * @exception IllegalArgumentException if the key length larger than the base hash size.
-     */
-    public CipherParameters generateDerivedParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        byte[]  dKey = generateDerivedKey(keySize);
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-
-    /**
-     * Generate a key with initialisation vector parameter derived from
-     * the password, salt, and iteration count we are currently initialised
-     * with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @param ivSize the size of the iv we want (in bits)
-     * @return a ParametersWithIV object.
-     * @exception IllegalArgumentException if keySize + ivSize is larger than the base hash size.
-     */
-    public CipherParameters generateDerivedParameters(
-        int     keySize,
-        int     ivSize)
-    {
-        keySize = keySize / 8;
-        ivSize = ivSize / 8;
-
-        byte[]  dKey = generateDerivedKey(keySize + ivSize);
-
-        return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), dKey, keySize, ivSize);
-    }
-
-    /**
-     * Generate a key parameter for use with a MAC derived from the password,
-     * salt, and iteration count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     * @exception IllegalArgumentException if the key length larger than the base hash size.
-     */
-    public CipherParameters generateDerivedMacParameters(
-        int keySize)
-    {
-        return generateDerivedParameters(keySize);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java
deleted file mode 100644
index bf2f36891..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java
+++ /dev/null
@@ -1,221 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.ExtendedDigest;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0.
- * 
    
- * The document this implementation is based on can be found at
- * 
- * RSA's PKCS12 Page
- */
-public class PKCS12ParametersGenerator
-    extends PBEParametersGenerator
-{
-    public static final int KEY_MATERIAL = 1;
-    public static final int IV_MATERIAL  = 2;
-    public static final int MAC_MATERIAL = 3;
-
-    private Digest digest;
-
-    private int     u;
-    private int     v;
-
-    /**
-     * Construct a PKCS 12 Parameters generator. This constructor will
-     * accept any digest which also implements ExtendedDigest.
-     *
-     * @param digest the digest to be used as the source of derived keys.
-     * @exception IllegalArgumentException if an unknown digest is passed in.
-     */
-    public PKCS12ParametersGenerator(
-        Digest  digest)
-    {
-        this.digest = digest;
-        if (digest instanceof ExtendedDigest)
-        {
-            u = digest.getDigestSize();
-            v = ((ExtendedDigest)digest).getByteLength();
-        }
-        else
-        {
-            throw new IllegalArgumentException("Digest " + digest.getAlgorithmName() + " unsupported");
-        }
-    }
-
-    /**
-     * add a + b + 1, returning the result in a. The a value is treated
-     * as a BigInteger of length (b.length * 8) bits. The result is 
-     * modulo 2^b.length in case of overflow.
-     */
-    private void adjust(
-        byte[]  a,
-        int     aOff,
-        byte[]  b)
-    {
-        int  x = (b[b.length - 1] & 0xff) + (a[aOff + b.length - 1] & 0xff) + 1;
-
-        a[aOff + b.length - 1] = (byte)x;
-        x >>>= 8;
-
-        for (int i = b.length - 2; i >= 0; i--)
-        {
-            x += (b[i] & 0xff) + (a[aOff + i] & 0xff);
-            a[aOff + i] = (byte)x;
-            x >>>= 8;
-        }
-    }
-
-    /**
-     * generation of a derived key ala PKCS12 V1.0.
-     */
-    private byte[] generateDerivedKey(
-        int idByte,
-        int n)
-    {
-        byte[]  D = new byte[v];
-        byte[]  dKey = new byte[n];
-
-        for (int i = 0; i != D.length; i++)
-        {
-            D[i] = (byte)idByte;
-        }
-
-        byte[]  S;
-
-        if ((salt != null) && (salt.length != 0))
-        {
-            S = new byte[v * ((salt.length + v - 1) / v)];
-
-            for (int i = 0; i != S.length; i++)
-            {
-                S[i] = salt[i % salt.length];
-            }
-        }
-        else
-        {
-            S = new byte[0];
-        }
-
-        byte[]  P;
-
-        if ((password != null) && (password.length != 0))
-        {
-            P = new byte[v * ((password.length + v - 1) / v)];
-
-            for (int i = 0; i != P.length; i++)
-            {
-                P[i] = password[i % password.length];
-            }
-        }
-        else
-        {
-            P = new byte[0];
-        }
-
-        byte[]  I = new byte[S.length + P.length];
-
-        System.arraycopy(S, 0, I, 0, S.length);
-        System.arraycopy(P, 0, I, S.length, P.length);
-
-        byte[]  B = new byte[v];
-        int     c = (n + u - 1) / u;
-
-        for (int i = 1; i <= c; i++)
-        {
-            byte[]  A = new byte[u];
-
-            digest.update(D, 0, D.length);
-            digest.update(I, 0, I.length);
-            digest.doFinal(A, 0);
-            for (int j = 1; j != iterationCount; j++)
-            {
-                digest.update(A, 0, A.length);
-                digest.doFinal(A, 0);
-            }
-
-            for (int j = 0; j != B.length; j++)
-            {
-                B[j] = A[j % A.length];
-            }
-
-            for (int j = 0; j != I.length / v; j++)
-            {
-                adjust(I, j * v, B);
-            }
-
-            if (i == c)
-            {
-                System.arraycopy(A, 0, dKey, (i - 1) * u, dKey.length - ((i - 1) * u));
-            }
-            else
-            {
-                System.arraycopy(A, 0, dKey, (i - 1) * u, A.length);
-            }
-        }
-
-        return dKey;
-    }
-
-    /**
-     * Generate a key parameter derived from the password, salt, and iteration
-     * count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     */
-    public CipherParameters generateDerivedParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        byte[]  dKey = generateDerivedKey(KEY_MATERIAL, keySize);
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-
-    /**
-     * Generate a key with initialisation vector parameter derived from
-     * the password, salt, and iteration count we are currently initialised
-     * with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @param ivSize the size of the iv we want (in bits)
-     * @return a ParametersWithIV object.
-     */
-    public CipherParameters generateDerivedParameters(
-        int     keySize,
-        int     ivSize)
-    {
-        keySize = keySize / 8;
-        ivSize = ivSize / 8;
-
-        byte[]  dKey = generateDerivedKey(KEY_MATERIAL, keySize);
-
-        byte[]  iv = generateDerivedKey(IV_MATERIAL, ivSize);
-
-        return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), iv, 0, ivSize);
-    }
-
-    /**
-     * Generate a key parameter for use with a MAC derived from the password,
-     * salt, and iteration count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     */
-    public CipherParameters generateDerivedMacParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        byte[]  dKey = generateDerivedKey(MAC_MATERIAL, keySize);
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java
deleted file mode 100644
index 1c62eccc2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Generator for PBE derived keys and ivs as defined by PKCS 5 V2.0 Scheme 1.
- * Note this generator is limited to the size of the hash produced by the
- * digest used to drive it.
- * 
    
- * The document this implementation is based on can be found at
- * 
- * RSA's PKCS5 Page
- */
-public class PKCS5S1ParametersGenerator
-    extends PBEParametersGenerator
-{
-    private Digest  digest;
-
-    /**
-     * Construct a PKCS 5 Scheme 1 Parameters generator. 
-     *
-     * @param digest the digest to be used as the source of derived keys.
-     */
-    public PKCS5S1ParametersGenerator(
-        Digest  digest)
-    {
-        this.digest = digest;
-    }
-
-    /**
-     * the derived key function, the ith hash of the password and the salt.
-     */
-    private byte[] generateDerivedKey()
-    {
-        byte[] digestBytes = new byte[digest.getDigestSize()];
-
-        digest.update(password, 0, password.length);
-        digest.update(salt, 0, salt.length);
-
-        digest.doFinal(digestBytes, 0);
-        for (int i = 1; i < iterationCount; i++)
-        {
-            digest.update(digestBytes, 0, digestBytes.length);
-            digest.doFinal(digestBytes, 0);
-        }
-
-        return digestBytes;
-    }
-
-    /**
-     * Generate a key parameter derived from the password, salt, and iteration
-     * count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     * @exception IllegalArgumentException if the key length larger than the base hash size.
-     */
-    public CipherParameters generateDerivedParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        if (keySize > digest.getDigestSize())
-        {
-            throw new IllegalArgumentException(
-                   "Can't generate a derived key " + keySize + " bytes long.");
-        }
-
-        byte[]  dKey = generateDerivedKey();
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-
-    /**
-     * Generate a key with initialisation vector parameter derived from
-     * the password, salt, and iteration count we are currently initialised
-     * with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @param ivSize the size of the iv we want (in bits)
-     * @return a ParametersWithIV object.
-     * @exception IllegalArgumentException if keySize + ivSize is larger than the base hash size.
-     */
-    public CipherParameters generateDerivedParameters(
-        int     keySize,
-        int     ivSize)
-    {
-        keySize = keySize / 8;
-        ivSize = ivSize / 8;
-
-        if ((keySize + ivSize) > digest.getDigestSize())
-        {
-            throw new IllegalArgumentException(
-                   "Can't generate a derived key " + (keySize + ivSize) + " bytes long.");
-        }
-
-        byte[]  dKey = generateDerivedKey();
-
-        return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), dKey, keySize, ivSize);
-    }
-
-    /**
-     * Generate a key parameter for use with a MAC derived from the password,
-     * salt, and iteration count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     * @exception IllegalArgumentException if the key length larger than the base hash size.
-     */
-    public CipherParameters generateDerivedMacParameters(
-        int keySize)
-    {
-        return generateDerivedParameters(keySize);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
deleted file mode 100644
index 9b4972d5f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
+++ /dev/null
@@ -1,151 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Generator for PBE derived keys and ivs as defined by PKCS 5 V2.0 Scheme 2.
- * This generator uses a SHA-1 HMac as the calculation function.
- * 
    
- * The document this implementation is based on can be found at
- * 
- * RSA's PKCS5 Page
- */
-public class PKCS5S2ParametersGenerator
-    extends PBEParametersGenerator
-{
-    private Mac    hMac = new HMac(new SHA1Digest());
-
-    /**
-     * construct a PKCS5 Scheme 2 Parameters generator.
-     */
-    public PKCS5S2ParametersGenerator()
-    {
-    }
-
-    private void F(
-        byte[]  P,
-        byte[]  S,
-        int     c,
-        byte[]  iBuf,
-        byte[]  out,
-        int     outOff)
-    {
-        byte[]              state = new byte[hMac.getMacSize()];
-        CipherParameters    param = new KeyParameter(P);
-
-        hMac.init(param);
-
-        if (S != null)
-        {
-            hMac.update(S, 0, S.length);
-        }
-
-        hMac.update(iBuf, 0, iBuf.length);
-
-        hMac.doFinal(state, 0);
-
-        System.arraycopy(state, 0, out, outOff, state.length);
-
-        if (c == 0)
-        {
-            throw new IllegalArgumentException("iteration count must be at least 1.");
-        }
-        
-        for (int count = 1; count < c; count++)
-        {
-            hMac.init(param);
-            hMac.update(state, 0, state.length);
-            hMac.doFinal(state, 0);
-
-            for (int j = 0; j != state.length; j++)
-            {
-                out[outOff + j] ^= state[j];
-            }
-        }
-    }
-
-    private void intToOctet(
-        byte[]  buf,
-        int     i)
-    {
-        buf[0] = (byte)(i >>> 24);
-        buf[1] = (byte)(i >>> 16);
-        buf[2] = (byte)(i >>> 8);
-        buf[3] = (byte)i;
-    }
-
-    private byte[] generateDerivedKey(
-        int dkLen)
-    {
-        int     hLen = hMac.getMacSize();
-        int     l = (dkLen + hLen - 1) / hLen;
-        byte[]  iBuf = new byte[4];
-        byte[]  out = new byte[l * hLen];
-
-        for (int i = 1; i <= l; i++)
-        {
-            intToOctet(iBuf, i);
-
-            F(password, salt, iterationCount, iBuf, out, (i - 1) * hLen);
-        }
-
-        return out;
-    }
-
-    /**
-     * Generate a key parameter derived from the password, salt, and iteration
-     * count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     */
-    public CipherParameters generateDerivedParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        byte[]  dKey = generateDerivedKey(keySize);
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-
-    /**
-     * Generate a key with initialisation vector parameter derived from
-     * the password, salt, and iteration count we are currently initialised
-     * with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @param ivSize the size of the iv we want (in bits)
-     * @return a ParametersWithIV object.
-     */
-    public CipherParameters generateDerivedParameters(
-        int     keySize,
-        int     ivSize)
-    {
-        keySize = keySize / 8;
-        ivSize = ivSize / 8;
-
-        byte[]  dKey = generateDerivedKey(keySize + ivSize);
-
-        return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), dKey, keySize, ivSize);
-    }
-
-    /**
-     * Generate a key parameter for use with a MAC derived from the password,
-     * salt, and iteration count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     */
-    public CipherParameters generateDerivedMacParameters(
-        int keySize)
-    {
-        return generateDerivedParameters(keySize);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java
deleted file mode 100644
index add671433..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * Generate a random factor suitable for use with RSA blind signatures
- * as outlined in Chaum's blinding and unblinding as outlined in
- * "Handbook of Applied Cryptography", page 475.
- */
-public class RSABlindingFactorGenerator
-{
-    private static BigInteger ZERO = BigInteger.valueOf(0);
-    private static BigInteger ONE = BigInteger.valueOf(1);
-
-    private RSAKeyParameters key;
-    private SecureRandom random;
-
-    /**
-     * Initialise the factor generator
-     *
-     * @param param the necessary RSA key parameters.
-     */
-    public void init(
-        CipherParameters param)
-    {
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom rParam = (ParametersWithRandom)param;
-
-            key = (RSAKeyParameters)rParam.getParameters();
-            random = rParam.getRandom();
-        }
-        else
-        {
-            key = (RSAKeyParameters)param;
-            random = new SecureRandom();
-        }
-
-        if (key instanceof RSAPrivateCrtKeyParameters)
-        {
-            throw new IllegalArgumentException("generator requires RSA public key");
-        }
-    }
-
-    /**
-     * Generate a suitable blind factor for the public key the generator was initialised with.
-     *
-     * @return a random blind factor
-     */
-    public BigInteger generateBlindingFactor()
-    {
-        if (key == null)
-        {
-            throw new IllegalStateException("generator not initialised");
-        }
-
-        BigInteger m = key.getModulus();
-        int length = m.bitLength() - 1; // must be less than m.bitLength()
-        BigInteger factor;
-        BigInteger gcd;
-
-        do
-        {
-            factor = new BigInteger(length, random);
-            gcd = factor.gcd(m);
-        }
-        while (factor.equals(ZERO) || factor.equals(ONE) || !gcd.equals(ONE));
-
-        return factor;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
deleted file mode 100644
index f58069d54..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+++ /dev/null
@@ -1,147 +0,0 @@
-package org.bouncycastle.crypto.generators;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-import java.math.BigInteger;
-
-/**
- * an RSA key pair generator.
- */
-public class RSAKeyPairGenerator
-    implements AsymmetricCipherKeyPairGenerator
-{
-    private static final BigInteger ONE = BigInteger.valueOf(1);
-
-    private RSAKeyGenerationParameters param;
-
-    public void init(
-        KeyGenerationParameters param)
-    {
-        this.param = (RSAKeyGenerationParameters)param;
-    }
-
-    public AsymmetricCipherKeyPair generateKeyPair()
-    {
-        BigInteger    p, q, n, d, e, pSub1, qSub1, phi;
-
-        //
-        // p and q values should have a length of half the strength in bits
-        //
-        int strength = param.getStrength();
-        int pbitlength = (strength + 1) / 2;
-        int qbitlength = strength - pbitlength;
-        int mindiffbits = strength / 3;
-
-        e = param.getPublicExponent();
-
-        // TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
-        // (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
-
-        //
-        // generate p, prime and (p-1) relatively prime to e
-        //
-        for (;;)
-        {
-            p = new BigInteger(pbitlength, 1, param.getRandom());
-            
-            if (p.mod(e).equals(ONE))
-            {
-                continue;
-            }
-            
-            if (!p.isProbablePrime(param.getCertainty()))
-            {
-                continue;
-            }
-            
-            if (e.gcd(p.subtract(ONE)).equals(ONE)) 
-            {
-                break;
-            }
-        }
-
-        //
-        // generate a modulus of the required length
-        //
-        for (;;)
-        {
-            // generate q, prime and (q-1) relatively prime to e,
-            // and not equal to p
-            //
-            for (;;)
-            {
-                q = new BigInteger(qbitlength, 1, param.getRandom());
-
-                if (q.subtract(p).abs().bitLength() < mindiffbits)
-                {
-                    continue;
-                }
-                
-                if (q.mod(e).equals(ONE))
-                {
-                    continue;
-                }
-            
-                if (!q.isProbablePrime(param.getCertainty()))
-                {
-                    continue;
-                }
-            
-                if (e.gcd(q.subtract(ONE)).equals(ONE)) 
-                {
-                    break;
-                } 
-            }
-
-            //
-            // calculate the modulus
-            //
-            n = p.multiply(q);
-
-            if (n.bitLength() == param.getStrength()) 
-            {
-                break;
-            } 
-
-            //
-            // if we get here our primes aren't big enough, make the largest
-            // of the two p and try again
-            //
-            p = p.max(q);
-        }
-
-        if (p.compareTo(q) < 0)
-        {
-            phi = p;
-            p = q;
-            q = phi;
-        }
-
-        pSub1 = p.subtract(ONE);
-        qSub1 = q.subtract(ONE);
-        phi = pSub1.multiply(qSub1);
-
-        //
-        // calculate the private exponent
-        //
-        d = e.modInverse(phi);
-
-        //
-        // calculate the CRT factors
-        //
-        BigInteger    dP, dQ, qInv;
-
-        dP = d.remainder(pSub1);
-        dQ = d.remainder(qSub1);
-        qInv = q.modInverse(p);
-
-        return new AsymmetricCipherKeyPair(
-                new RSAKeyParameters(false, n, e),
-                new RSAPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/package.html
deleted file mode 100644
index 9d73ce3e8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/generators/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Generators for keys, key pairs and password based encryption algorithms.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java
deleted file mode 100644
index ef0b03e26..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.crypto.io;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.crypto.Digest;
-
-public class DigestInputStream
-    extends FilterInputStream
-{
-    protected Digest digest;
-
-    public DigestInputStream(
-        InputStream stream,
-        Digest      digest)
-    {
-        super(stream);
-        this.digest = digest;
-    }
-
-    public int read()
-        throws IOException
-    {
-        int b = in.read();
-
-        if (b >= 0)
-        {
-            digest.update((byte)b);
-        }
-        return b;
-    }
-
-    public int read(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        int n = in.read(b, off, len);
-        if (n > 0)
-        {
-            digest.update(b, off, n);
-        }
-        return n;
-    }
-
-    public Digest getDigest()
-    {
-        return digest;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java
deleted file mode 100644
index 290795470..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.crypto.io;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.crypto.Digest;
-
-public class DigestOutputStream
-    extends FilterOutputStream
-{
-    protected Digest digest;
-
-    public DigestOutputStream(
-        OutputStream    stream,
-        Digest          digest)
-    {
-        super(stream);
-        this.digest = digest;
-    }
-
-    public void write(int b)
-        throws IOException
-    {
-        digest.update((byte)b);
-        out.write(b);
-    }
-
-    public void write(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        digest.update(b, off, len);
-        out.write(b, off, len);
-    }
-
-    public Digest getDigest()
-    {
-        return digest;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java
deleted file mode 100644
index b78548c65..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.crypto.io;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.crypto.Mac;
-
-public class MacInputStream
-    extends FilterInputStream
-{
-    protected Mac mac;
-
-    public MacInputStream(
-        InputStream stream,
-        Mac         mac)
-    {
-        super(stream);
-        this.mac = mac;
-    }
-
-    public int read()
-        throws IOException
-    {
-        int b = in.read();
-
-        if (b >= 0)
-        {
-            mac.update((byte)b);
-        }
-        return b;
-    }
-
-    public int read(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        int n = in.read(b, off, len);
-        if (n >= 0)
-        {
-            mac.update(b, off, n);
-        }
-        return n;
-    }
-
-    public Mac getMac()
-    {
-        return mac;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java
deleted file mode 100644
index 2cac1c38b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.crypto.io;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.crypto.Mac;
-
-public class MacOutputStream
-    extends FilterOutputStream
-{
-    protected Mac mac;
-
-    public MacOutputStream(
-        OutputStream stream,
-        Mac          mac)
-    {
-        super(stream);
-        this.mac = mac;
-    }
-
-    public void write(int b)
-        throws IOException
-    {
-        mac.update((byte)b);
-        out.write(b);
-    }
-
-    public void write(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        mac.update(b, off, len);
-        out.write(b, off, len);
-    }
-
-    public Mac getMac()
-    {
-        return mac;
-    }
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerInputStream.java
deleted file mode 100644
index 9583e4cf9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerInputStream.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.crypto.io;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.crypto.Signer;
-
-public class SignerInputStream
-    extends FilterInputStream
-{
-    protected Signer signer;
-
-    public SignerInputStream(
-        InputStream stream,
-        Signer      signer)
-    {
-        super(stream);
-        this.signer = signer;
-    }
-
-    public int read()
-        throws IOException
-    {
-        int b = in.read();
-
-        if (b >= 0)
-        {
-            signer.update((byte)b);
-        }
-        return b;
-    }
-
-    public int read(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        int n = in.read(b, off, len);
-        if (n > 0)
-        {
-            signer.update(b, off, n);
-        }
-        return n;
-    }
-
-    public Signer getSigner()
-    {
-        return signer;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerOutputStream.java
deleted file mode 100644
index dc5fd2ef3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/SignerOutputStream.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.crypto.io;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.crypto.Signer;
-
-public class SignerOutputStream
-    extends FilterOutputStream
-{
-    protected Signer signer;
-
-    public SignerOutputStream(
-        OutputStream    stream,
-        Signer          signer)
-    {
-        super(stream);
-        this.signer = signer;
-    }
-
-    public void write(int b)
-        throws IOException
-    {
-        signer.update((byte)b);
-        out.write(b);
-    }
-
-    public void write(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        signer.update(b, off, len);
-        out.write(b, off, len);
-    }
-
-    public Signer getSigner()
-    {
-        return signer;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/package.html
deleted file mode 100644
index f2c9e406e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/io/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for doing "enhanced" I/O with Digests and MACs.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java
deleted file mode 100644
index 6de39a850..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java
+++ /dev/null
@@ -1,174 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-
-public class BlockCipherMac
-    implements Mac
-{
-    private byte[]          mac;
-
-    private byte[]          buf;
-    private int             bufOff;
-    private BlockCipher     cipher;
-
-    private int             macSize;
-
-    /**
-     * create a standard MAC based on a block cipher. This will produce an
-     * authentication code half the length of the block size of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @deprecated use CBCBlockCipherMac
-     */
-    public BlockCipherMac(
-        BlockCipher     cipher)
-    {
-        this(cipher, (cipher.getBlockSize() * 8) / 2);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits.
-     * 
    
-     * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     * @deprecated use CBCBlockCipherMac
-     */
-    public BlockCipherMac(
-        BlockCipher     cipher,
-        int             macSizeInBits)
-    {
-        if ((macSizeInBits % 8) != 0)
-        {
-            throw new IllegalArgumentException("MAC size must be multiple of 8");
-        }
-
-        this.cipher = new CBCBlockCipher(cipher);
-        this.macSize = macSizeInBits / 8;
-
-        mac = new byte[cipher.getBlockSize()];
-
-        buf = new byte[cipher.getBlockSize()];
-        bufOff = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName();
-    }
-
-    public void init(
-        CipherParameters    params)
-    {
-        reset();
-
-        cipher.init(true, params);
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    public void update(
-        byte        in)
-    {
-        if (bufOff == buf.length)
-        {
-            cipher.processBlock(buf, 0, mac, 0);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    public void update(
-        byte[]      in,
-        int         inOff,
-        int         len)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize = cipher.getBlockSize();
-        int resultLen = 0;
-        int gapLen = blockSize - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += cipher.processBlock(buf, 0, mac, 0);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > blockSize)
-            {
-                resultLen += cipher.processBlock(in, inOff, mac, 0);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        int blockSize = cipher.getBlockSize();
-
-        //
-        // pad with zeroes
-        //
-        while (bufOff < blockSize)
-        {
-            buf[bufOff] = 0;
-            bufOff++;
-        }
-
-        cipher.processBlock(buf, 0, mac, 0);
-
-        System.arraycopy(mac, 0, out, outOff, macSize);
-
-        reset();
-
-        return macSize;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        /*
-         * reset the underlying cipher.
-         */
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java
deleted file mode 100644
index 9bf6cb0ef..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java
+++ /dev/null
@@ -1,229 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.BlockCipherPadding;
-
-/**
- * standard CBC Block Cipher MAC - if no padding is specified the default of
- * pad of zeroes is used.
- */
-public class CBCBlockCipherMac
-    implements Mac
-{
-    private byte[]              mac;
-
-    private byte[]              buf;
-    private int                 bufOff;
-    private BlockCipher         cipher;
-    private BlockCipherPadding  padding;
-
-    private int                 macSize;
-
-    /**
-     * create a standard MAC based on a CBC block cipher. This will produce an
-     * authentication code half the length of the block size of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     */
-    public CBCBlockCipherMac(
-        BlockCipher     cipher)
-    {
-        this(cipher, (cipher.getBlockSize() * 8) / 2, null);
-    }
-
-    /**
-     * create a standard MAC based on a CBC block cipher. This will produce an
-     * authentication code half the length of the block size of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param padding the padding to be used to complete the last block.
-     */
-    public CBCBlockCipherMac(
-        BlockCipher         cipher,
-        BlockCipherPadding  padding)
-    {
-        this(cipher, (cipher.getBlockSize() * 8) / 2, padding);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits. This class uses CBC mode as the basis for the
-     * MAC generation.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     */
-    public CBCBlockCipherMac(
-        BlockCipher     cipher,
-        int             macSizeInBits)
-    {
-        this(cipher, macSizeInBits, null);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits. This class uses CBC mode as the basis for the
-     * MAC generation.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     * @param padding the padding to be used to complete the last block.
-     */
-    public CBCBlockCipherMac(
-        BlockCipher         cipher,
-        int                 macSizeInBits,
-        BlockCipherPadding  padding)
-    {
-        if ((macSizeInBits % 8) != 0)
-        {
-            throw new IllegalArgumentException("MAC size must be multiple of 8");
-        }
-
-        this.cipher = new CBCBlockCipher(cipher);
-        this.padding = padding;
-        this.macSize = macSizeInBits / 8;
-
-        mac = new byte[cipher.getBlockSize()];
-
-        buf = new byte[cipher.getBlockSize()];
-        bufOff = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName();
-    }
-
-    public void init(
-        CipherParameters    params)
-    {
-        reset();
-
-        cipher.init(true, params);
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    public void update(
-        byte        in)
-    {
-        if (bufOff == buf.length)
-        {
-            cipher.processBlock(buf, 0, mac, 0);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    public void update(
-        byte[]      in,
-        int         inOff,
-        int         len)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize = cipher.getBlockSize();
-        int gapLen = blockSize - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            cipher.processBlock(buf, 0, mac, 0);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > blockSize)
-            {
-                cipher.processBlock(in, inOff, mac, 0);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        int blockSize = cipher.getBlockSize();
-
-        if (padding == null)
-        {
-            //
-            // pad with zeroes
-            //
-            while (bufOff < blockSize)
-            {
-                buf[bufOff] = 0;
-                bufOff++;
-            }
-        }
-        else
-        {
-            if (bufOff == blockSize)
-            {
-                cipher.processBlock(buf, 0, mac, 0);
-                bufOff = 0;
-            }
-
-            padding.addPadding(buf, bufOff);
-        }
-
-        cipher.processBlock(buf, 0, mac, 0);
-
-        System.arraycopy(mac, 0, out, outOff, macSize);
-
-        reset();
-
-        return macSize;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        /*
-         * reset the underlying cipher.
-         */
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java
deleted file mode 100644
index d7ad61266..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java
+++ /dev/null
@@ -1,388 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.paddings.BlockCipherPadding;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
- */
-class MacCFBBlockCipher
-{
-    private byte[]          IV;
-    private byte[]          cfbV;
-    private byte[]          cfbOutV;
-
-    private int                 blockSize;
-    private BlockCipher         cipher = null;
-
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of the
-     * feedback mode.
-     * @param blockSize the block size in bits (note: a multiple of 8)
-     */
-    public MacCFBBlockCipher(
-        BlockCipher         cipher,
-        int                 bitBlockSize)
-    {
-        this.cipher = cipher;
-        this.blockSize = bitBlockSize / 8;
-
-        this.IV = new byte[cipher.getBlockSize()];
-        this.cfbV = new byte[cipher.getBlockSize()];
-        this.cfbOutV = new byte[cipher.getBlockSize()];
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     * An IV which is too short is handled in FIPS compliant fashion.
-     *
-     * @param param the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        if (params instanceof ParametersWithIV)
-        {
-                ParametersWithIV ivParam = (ParametersWithIV)params;
-                byte[]      iv = ivParam.getIV();
-
-                if (iv.length < IV.length)
-                {
-                    System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length);
-                }
-                else
-                {
-                    System.arraycopy(iv, 0, IV, 0, IV.length);
-                }
-
-                reset();
-
-                cipher.init(true, ivParam.getParameters());
-        }
-        else
-        {
-                reset();
-
-                cipher.init(true, params);
-        }
-    }
-
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/CFB"
-     * and the block size in bits.
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/CFB" + (blockSize * 8);
-    }
-
-    /**
-     * return the block size we are operating at.
-     *
-     * @return the block size we are operating at (in bytes).
-     */
-    public int getBlockSize()
-    {
-        return blockSize;
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(cfbV, 0, cfbOutV, 0);
-
-        //
-        // XOR the cfbV with the plaintext producing the cipher text
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
-        System.arraycopy(out, outOff, cfbV, cfbV.length - blockSize, blockSize);
-
-        return blockSize;
-    }
-
-    /**
-     * reset the chaining vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        System.arraycopy(IV, 0, cfbV, 0, IV.length);
-
-        cipher.reset();
-    }
-
-    void getMacBlock(
-        byte[]  mac)
-    {
-        cipher.processBlock(cfbV, 0, mac, 0);
-    }
-}
-
-public class CFBBlockCipherMac
-    implements Mac
-{
-    private byte[]              mac;
-
-    private byte[]              buf;
-    private int                 bufOff;
-    private MacCFBBlockCipher   cipher;
-    private BlockCipherPadding  padding = null;
-
-
-    private int                 macSize;
-
-    /**
-     * create a standard MAC based on a CFB block cipher. This will produce an
-     * authentication code half the length of the block size of the cipher, with
-     * the CFB mode set to 8 bits.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     */
-    public CFBBlockCipherMac(
-        BlockCipher     cipher)
-    {
-        this(cipher, 8, (cipher.getBlockSize() * 8) / 2, null);
-    }
-
-    /**
-     * create a standard MAC based on a CFB block cipher. This will produce an
-     * authentication code half the length of the block size of the cipher, with
-     * the CFB mode set to 8 bits.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param padding the padding to be used.
-     */
-    public CFBBlockCipherMac(
-        BlockCipher         cipher,
-        BlockCipherPadding  padding)
-    {
-        this(cipher, 8, (cipher.getBlockSize() * 8) / 2, padding);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits. This class uses CFB mode as the basis for the
-     * MAC generation.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param cfbBitSize the size of an output block produced by the CFB mode.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     */
-    public CFBBlockCipherMac(
-        BlockCipher         cipher,
-        int                 cfbBitSize,
-        int                 macSizeInBits)
-    {
-        this(cipher, cfbBitSize, macSizeInBits, null);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits. This class uses CFB mode as the basis for the
-     * MAC generation.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param cfbBitSize the size of an output block produced by the CFB mode.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     * @param padding a padding to be used.
-     */
-    public CFBBlockCipherMac(
-        BlockCipher         cipher,
-        int                 cfbBitSize,
-        int                 macSizeInBits,
-        BlockCipherPadding  padding)
-    {
-        if ((macSizeInBits % 8) != 0)
-        {
-            throw new IllegalArgumentException("MAC size must be multiple of 8");
-        }
-
-        mac = new byte[cipher.getBlockSize()];
-
-        this.cipher = new MacCFBBlockCipher(cipher, cfbBitSize);
-        this.padding = padding;
-        this.macSize = macSizeInBits / 8;
-
-        buf = new byte[this.cipher.getBlockSize()];
-        bufOff = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName();
-    }
-
-    public void init(
-        CipherParameters    params)
-    {
-        reset();
-
-        cipher.init(params);
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    public void update(
-        byte        in)
-    {
-        if (bufOff == buf.length)
-        {
-            cipher.processBlock(buf, 0, mac, 0);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    public void update(
-        byte[]      in,
-        int         inOff,
-        int         len)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize = cipher.getBlockSize();
-        int resultLen = 0;
-        int gapLen = blockSize - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += cipher.processBlock(buf, 0, mac, 0);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > blockSize)
-            {
-                resultLen += cipher.processBlock(in, inOff, mac, 0);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-    }
-
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-    {
-        int blockSize = cipher.getBlockSize();
-
-        //
-        // pad with zeroes
-        //
-        if (this.padding == null)
-        {
-            while (bufOff < blockSize)
-            {
-                buf[bufOff] = 0;
-                bufOff++;
-            }
-        }
-        else
-        {
-            padding.addPadding(buf, bufOff);
-        }
-
-        cipher.processBlock(buf, 0, mac, 0);
-
-        cipher.getMacBlock(mac);
-
-        System.arraycopy(mac, 0, out, outOff, macSize);
-
-        reset();
-
-        return macSize;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        /*
-         * reset the underlying cipher.
-         */
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CMac.java
deleted file mode 100644
index c5bc50489..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/CMac.java
+++ /dev/null
@@ -1,237 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
-
-/**
- * CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
- * 
    
- * CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
- * 
    
- * CMAC is a NIST recomendation - see 
- * csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
- * 
    
- * CMAC/OMAC1 is a blockcipher-based message authentication code designed and
- * analyzed by Tetsu Iwata and Kaoru Kurosawa.
- * 
    
- * CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message 
- * Authentication Code). OMAC stands for One-Key CBC MAC.
- * 
    
- * It supports 128- or 64-bits block ciphers, with any key size, and returns
- * a MAC with dimension less or equal to the block size of the underlying 
- * cipher.
- * 
    
- */
-public class CMac implements Mac
-{
-    private static final byte CONSTANT_128 = (byte)0x87;
-    private static final byte CONSTANT_64 = (byte)0x1b;
-
-    private byte[] ZEROES;
-
-    private byte[] mac;
-
-    private byte[] buf;
-    private int bufOff;
-    private BlockCipher cipher;
-
-    private int macSize;
-
-    private byte[] L, Lu, Lu2;
-
-    /**
-     * create a standard MAC based on a CBC block cipher (64 or 128 bit block).
-     * This will produce an authentication code the length of the block size
-     * of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     */
-    public CMac(BlockCipher cipher)
-    {
-        this(cipher, cipher.getBlockSize() * 8);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher        the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128.
-     */
-    public CMac(BlockCipher cipher, int macSizeInBits)
-    {
-        if ((macSizeInBits % 8) != 0)
-        {
-            throw new IllegalArgumentException("MAC size must be multiple of 8");
-        }
-
-        if (macSizeInBits > (cipher.getBlockSize() * 8))
-        {
-            throw new IllegalArgumentException(
-                "MAC size must be less or equal to "
-                    + (cipher.getBlockSize() * 8));
-        }
-
-        if (cipher.getBlockSize() != 8 && cipher.getBlockSize() != 16)
-        {
-            throw new IllegalArgumentException(
-                "Block size must be either 64 or 128 bits");
-        }
-
-        this.cipher = new CBCBlockCipher(cipher);
-        this.macSize = macSizeInBits / 8;
-
-        mac = new byte[cipher.getBlockSize()];
-
-        buf = new byte[cipher.getBlockSize()];
-
-        ZEROES = new byte[cipher.getBlockSize()];
-
-        bufOff = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName();
-    }
-
-    private byte[] doubleLu(byte[] in)
-    {
-        int FirstBit = (in[0] & 0xFF) >> 7;
-        byte[] ret = new byte[in.length];
-        for (int i = 0; i < in.length - 1; i++)
-        {
-            ret[i] = (byte)((in[i] << 1) + ((in[i + 1] & 0xFF) >> 7));
-        }
-        ret[in.length - 1] = (byte)(in[in.length - 1] << 1);
-        if (FirstBit == 1)
-        {
-            ret[in.length - 1] ^= in.length == 16 ? CONSTANT_128 : CONSTANT_64;
-        }
-        return ret;
-    }
-
-    public void init(CipherParameters params)
-    {
-        reset();
-
-        cipher.init(true, params);
-
-        //initializes the L, Lu, Lu2 numbers
-        L = new byte[ZEROES.length];
-        cipher.processBlock(ZEROES, 0, L, 0);
-        Lu = doubleLu(L);
-        Lu2 = doubleLu(Lu);
-
-        cipher.init(true, params);
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    public void update(byte in)
-    {
-        if (bufOff == buf.length)
-        {
-            cipher.processBlock(buf, 0, mac, 0);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    public void update(byte[] in, int inOff, int len)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException(
-                "Can't have a negative input length!");
-        }
-
-        int blockSize = cipher.getBlockSize();
-        int gapLen = blockSize - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            cipher.processBlock(buf, 0, mac, 0);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > blockSize)
-            {
-                cipher.processBlock(in, inOff, mac, 0);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-    {
-        int blockSize = cipher.getBlockSize();
-
-        byte[] lu;
-        if (bufOff == blockSize)
-        {
-            lu = Lu;
-        }
-        else
-        {
-            new ISO7816d4Padding().addPadding(buf, bufOff);
-            lu = Lu2;
-        }
-
-        for (int i = 0; i < mac.length; i++)
-        {
-            buf[i] ^= lu[i];
-        }
-
-        cipher.processBlock(buf, 0, mac, 0);
-
-        System.arraycopy(mac, 0, out, outOff, macSize);
-
-        reset();
-
-        return macSize;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        /*
-         * reset the underlying cipher.
-         */
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java
deleted file mode 100644
index b71975b8f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java
+++ /dev/null
@@ -1,298 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
-
-/**
- * implementation of GOST 28147-89 MAC
- */
-public class GOST28147Mac
-    implements Mac
-{
-    private int                 blockSize = 8;
-    private int                 macSize = 4;
-    private int                 bufOff;
-    private byte[]              buf;
-    private byte[]              mac;
-    private boolean             firstStep = true;
-    private int[]               workingKey = null;
-
-    //
-    // This is default S-box - E_A.
-    private byte S[] = {
-            0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5,
-            0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1,
-            0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9,
-            0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6,
-            0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6,
-            0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6,
-            0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE,
-            0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4
-    };
-    
-    public GOST28147Mac()
-    {
-        mac = new byte[blockSize];
-
-        buf = new byte[blockSize];
-        bufOff = 0;
-    }
-
-    private int[] generateWorkingKey(
-        byte[]  userKey)
-    {
-        if (userKey.length != 32)
-        {
-            throw new IllegalArgumentException("Key length invalid. Key needs to be 32 byte - 256 bit!!!");
-        }
-
-        int key[] = new int[8];
-        for(int i=0; i!=8; i++)
-        {
-            key[i] = bytesToint(userKey,i*4);
-        }
-
-        return key;
-    }
-    
-    public void init(
-        CipherParameters params)
-        throws IllegalArgumentException
-    {
-        reset();
-        buf = new byte[blockSize];
-        if (params instanceof ParametersWithSBox)
-        {
-            ParametersWithSBox   param = (ParametersWithSBox)params;
-
-            //
-            // Set the S-Box
-            //
-            System.arraycopy(param.getSBox(), 0, this.S, 0, param.getSBox().length);
-
-            //
-            // set key if there is one
-            //
-            if (param.getParameters() != null)
-            {
-                workingKey = generateWorkingKey(((KeyParameter)param.getParameters()).getKey());
-            }
-        }
-        else if (params instanceof KeyParameter)
-        {
-            workingKey = generateWorkingKey(((KeyParameter)params).getKey());
-        }
-        else
-        {
-           throw new IllegalArgumentException("invalid parameter passed to GOST28147 init - " + params.getClass().getName());
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return "GOST28147Mac";
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    private int gost28147_mainStep(int n1, int key)
-    {
-        int cm = (key + n1); // CM1
-        
-        // S-box replacing
-        
-        int om = S[  0 + ((cm >> (0 * 4)) & 0xF)] << (0 * 4);
-        om += S[ 16 + ((cm >> (1 * 4)) & 0xF)] << (1 * 4);
-        om += S[ 32 + ((cm >> (2 * 4)) & 0xF)] << (2 * 4);
-        om += S[ 48 + ((cm >> (3 * 4)) & 0xF)] << (3 * 4);
-        om += S[ 64 + ((cm >> (4 * 4)) & 0xF)] << (4 * 4);
-        om += S[ 80 + ((cm >> (5 * 4)) & 0xF)] << (5 * 4);
-        om += S[ 96 + ((cm >> (6 * 4)) & 0xF)] << (6 * 4);
-        om += S[112 + ((cm >> (7 * 4)) & 0xF)] << (7 * 4);
-        
-        return om << 11 | om >>> (32-11); // 11-leftshift
-    }
-    
-    private void gost28147MacFunc(
-            int[]   workingKey,
-            byte[]  in,
-            int     inOff,
-            byte[]  out,
-            int     outOff)
-    {
-        int N1, N2, tmp;  //tmp -> for saving N1
-        N1 = bytesToint(in, inOff);
-        N2 = bytesToint(in, inOff + 4);
-        
-        for(int k = 0; k < 2; k++)  // 1-16 steps
-        {
-            for(int j = 0; j < 8; j++)
-            {
-                tmp = N1;
-                N1 = N2 ^ gost28147_mainStep(N1, workingKey[j]); // CM2
-                N2 = tmp;
-            }
-        }
-        
-        intTobytes(N1, out, outOff);
-        intTobytes(N2, out, outOff + 4);
-    }
-    
-    //array of bytes to type int
-    private int bytesToint(
-            byte[]  in,
-            int     inOff)
-    {
-        return  ((in[inOff + 3] << 24) & 0xff000000) + ((in[inOff + 2] << 16) & 0xff0000) +
-        ((in[inOff + 1] << 8) & 0xff00) + (in[inOff] & 0xff);
-    }
-    
-    //int to array of bytes
-    private void intTobytes(
-            int     num,
-            byte[]  out,
-            int     outOff)
-    {
-        out[outOff + 3] = (byte)(num >>> 24);
-        out[outOff + 2] = (byte)(num >>> 16);
-        out[outOff + 1] = (byte)(num >>> 8);
-        out[outOff] =     (byte)num;
-    }
-        
-    private byte[] CM5func(byte[] buf, int bufOff, byte[] mac)
-    {
-        byte[] sum = new byte[buf.length - bufOff];
-
-        System.arraycopy(buf, bufOff, sum, 0, mac.length);
-
-        for (int i = 0; i != mac.length; i++)
-        {
-            sum[i] = (byte)(sum[i] ^ mac[i]);
-        }
-
-        return sum;
-    }
-
-    public void update(byte in)
-            throws IllegalStateException
-    {
-        if (bufOff == buf.length)
-        {
-            byte[] sumbuf = new byte[buf.length];
-            System.arraycopy(buf, 0, sumbuf, 0, mac.length);
-
-            if (firstStep)
-            {
-                firstStep = false;
-            }
-            else
-            {
-                sumbuf = CM5func(buf, 0, mac);
-            }
-
-            gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    public void update(byte[] in, int inOff, int len)
-        throws DataLengthException, IllegalStateException
-    {
-            if (len < 0)
-            {
-                throw new IllegalArgumentException("Can't have a negative input length!");
-            }
-
-            int gapLen = blockSize - bufOff;
-
-            if (len > gapLen)
-            {
-                System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-                byte[] sumbuf = new byte[buf.length];
-                System.arraycopy(buf, 0, sumbuf, 0, mac.length);
-
-                if (firstStep)
-                {
-                    firstStep = false;
-                }
-                else
-                {
-                    sumbuf = CM5func(buf, 0, mac);
-                }
-
-                gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
-
-                bufOff = 0;
-                len -= gapLen;
-                inOff += gapLen;
-
-                while (len > blockSize)
-                {
-                    sumbuf = CM5func(in, inOff, mac);
-                    gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
-
-                    len -= blockSize;
-                    inOff += blockSize;
-                }
-            }
-
-            System.arraycopy(in, inOff, buf, bufOff, len);
-
-            bufOff += len;    
-    }     
-
-    public int doFinal(byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        //padding with zero
-        while (bufOff < blockSize)
-        {
-            buf[bufOff] = 0;
-            bufOff++;
-        }
-
-        byte[] sumbuf = new byte[buf.length];
-        System.arraycopy(buf, 0, sumbuf, 0, mac.length);
-
-        if (firstStep)
-        {
-            firstStep = false;
-        }
-        else
-        {
-            sumbuf = CM5func(buf, 0, mac);
-        }
-
-        gost28147MacFunc(workingKey, sumbuf, 0, mac, 0);
-
-        System.arraycopy(mac, (mac.length/2)-macSize, out, outOff, macSize);
-
-        reset();
-
-        return macSize;
-    }
-
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        firstStep = true;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/HMac.java
deleted file mode 100644
index 0bd4d39b2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/HMac.java
+++ /dev/null
@@ -1,199 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import java.util.Hashtable;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.ExtendedDigest;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * HMAC implementation based on RFC2104
- *
- * H(K XOR opad, H(K XOR ipad, text))
- */
-public class HMac
-    implements Mac
-{
-    private final static byte IPAD = (byte)0x36;
-    private final static byte OPAD = (byte)0x5C;
-
-    private Digest digest;
-    private int digestSize;
-    private int blockLength;
-    
-    private byte[] inputPad;
-    private byte[] outputPad;
-
-    private static Hashtable blockLengths;
-    
-    static
-    {
-        blockLengths = new Hashtable();
-        
-        blockLengths.put("GOST3411", new Integer(32));
-        
-        blockLengths.put("MD2", new Integer(16));
-        blockLengths.put("MD4", new Integer(64));
-        blockLengths.put("MD5", new Integer(64));
-        
-        blockLengths.put("RIPEMD128", new Integer(64));
-        blockLengths.put("RIPEMD160", new Integer(64));
-        
-        blockLengths.put("SHA-1", new Integer(64));
-        blockLengths.put("SHA-224", new Integer(64));
-        blockLengths.put("SHA-256", new Integer(64));
-        blockLengths.put("SHA-384", new Integer(128));
-        blockLengths.put("SHA-512", new Integer(128));
-        
-        blockLengths.put("Tiger", new Integer(64));
-        blockLengths.put("Whirlpool", new Integer(64));
-    }
-    
-    private static int getByteLength(
-        Digest digest)
-    {
-        if (digest instanceof ExtendedDigest)
-        {
-            return ((ExtendedDigest)digest).getByteLength();
-        }
-        
-        Integer  b = (Integer)blockLengths.get(digest.getAlgorithmName());
-        
-        if (b == null)
-        {       
-            throw new IllegalArgumentException("unknown digest passed: " + digest.getAlgorithmName());
-        }
-        
-        return b.intValue();
-    }
-    
-    /**
-     * Base constructor for one of the standard digest algorithms that the 
-     * byteLength of the algorithm is know for.
-     * 
-     * @param digest the digest.
-     */
-    public HMac(
-        Digest digest)
-    {
-        this(digest, getByteLength(digest));
-    }
-
-    private HMac(
-        Digest digest,
-        int    byteLength)
-    {
-        this.digest = digest;
-        digestSize = digest.getDigestSize();
-
-        this.blockLength = byteLength;
-
-        inputPad = new byte[blockLength];
-        outputPad = new byte[blockLength];
-    }
-    
-    public String getAlgorithmName()
-    {
-        return digest.getAlgorithmName() + "/HMAC";
-    }
-
-    public Digest getUnderlyingDigest()
-    {
-        return digest;
-    }
-
-    public void init(
-        CipherParameters params)
-    {
-        digest.reset();
-
-        byte[] key = ((KeyParameter)params).getKey();
-
-        if (key.length > blockLength)
-        {
-            digest.update(key, 0, key.length);
-            digest.doFinal(inputPad, 0);
-            for (int i = digestSize; i < inputPad.length; i++)
-            {
-                inputPad[i] = 0;
-            }
-        }
-        else
-        {
-            System.arraycopy(key, 0, inputPad, 0, key.length);
-            for (int i = key.length; i < inputPad.length; i++)
-            {
-                inputPad[i] = 0;
-            }
-        }
-
-        outputPad = new byte[inputPad.length];
-        System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length);
-
-        for (int i = 0; i < inputPad.length; i++)
-        {
-            inputPad[i] ^= IPAD;
-        }
-
-        for (int i = 0; i < outputPad.length; i++)
-        {
-            outputPad[i] ^= OPAD;
-        }
-
-        digest.update(inputPad, 0, inputPad.length);
-    }
-
-    public int getMacSize()
-    {
-        return digestSize;
-    }
-
-    public void update(
-        byte in)
-    {
-        digest.update(in);
-    }
-
-    public void update(
-        byte[] in,
-        int inOff,
-        int len)
-    {
-        digest.update(in, inOff, len);
-    }
-
-    public int doFinal(
-        byte[] out,
-        int outOff)
-    {
-        byte[] tmp = new byte[digestSize];
-        digest.doFinal(tmp, 0);
-
-        digest.update(outputPad, 0, outputPad.length);
-        digest.update(tmp, 0, tmp.length);
-
-        int     len = digest.doFinal(out, outOff);
-
-        reset();
-
-        return len;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * reset the underlying digest.
-         */
-        digest.reset();
-
-        /*
-         * reinitialize the digest.
-         */
-        digest.update(inputPad, 0, inputPad.length);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java
deleted file mode 100644
index 330b39e73..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java
+++ /dev/null
@@ -1,305 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.BlockCipherPadding;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
- *
- * This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
- * class must be changed to protected  
- */
-
-public class ISO9797Alg3Mac 
-    implements Mac 
-{
-    private byte[]              mac;
-    
-    private byte[]              buf;
-    private int                 bufOff;
-    private BlockCipher         cipher;
-    private BlockCipherPadding  padding;
-    
-    private int                 macSize;
-    private KeyParameter        lastKey2;
-    private KeyParameter        lastKey3;
-    
-    /**
-     * create a Retail-MAC based on a CBC block cipher. This will produce an
-     * authentication code of the length of the block size of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation. This must
-     * be DESEngine.
-     */
-    public ISO9797Alg3Mac(
-            BlockCipher     cipher)
-    {
-        this(cipher, cipher.getBlockSize() * 8, null);
-    }
-    
-    /**
-     * create a Retail-MAC based on a CBC block cipher. This will produce an
-     * authentication code of the length of the block size of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param padding the padding to be used to complete the last block.
-     */
-    public ISO9797Alg3Mac(
-        BlockCipher         cipher,
-        BlockCipherPadding  padding)
-    {
-        this(cipher, cipher.getBlockSize() * 8, padding);
-    }
-
-    /**
-     * create a Retail-MAC based on a block cipher with the size of the
-     * MAC been given in bits. This class uses single DES CBC mode as the basis for the
-     * MAC generation.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     */
-    public ISO9797Alg3Mac(
-        BlockCipher     cipher,
-        int             macSizeInBits)
-    {
-        this(cipher, macSizeInBits, null);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits. This class uses single DES CBC mode as the basis for the
-     * MAC generation. The final block is decrypted and then encrypted using the
-     * middle and right part of the key.
-     * 
    
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-     * @param padding the padding to be used to complete the last block.
-     */
-    public ISO9797Alg3Mac(
-        BlockCipher         cipher,
-        int                 macSizeInBits,
-        BlockCipherPadding  padding)
-    {
-        if ((macSizeInBits % 8) != 0)
-        {
-            throw new IllegalArgumentException("MAC size must be multiple of 8");
-        }
-
-        if (!(cipher instanceof DESEngine))
-        {
-            throw new IllegalArgumentException("cipher must be instance of DESEngine");
-        }
-
-        this.cipher = new CBCBlockCipher(cipher);
-        this.padding = padding;
-        this.macSize = macSizeInBits / 8;
-
-        mac = new byte[cipher.getBlockSize()];
-
-        buf = new byte[cipher.getBlockSize()];
-        bufOff = 0;
-    }
-    
-    public String getAlgorithmName()
-    {
-        return "ISO9797Alg3";
-    }
-
-    public void init(CipherParameters params)
-    {
-        reset();
-
-        if (!(params instanceof KeyParameter || params instanceof ParametersWithIV))
-        {
-            throw new IllegalArgumentException(
-                    "params must be an instance of KeyParameter or ParametersWithIV");
-        }
-
-        // KeyParameter must contain a double or triple length DES key,
-        // however the underlying cipher is a single DES. The middle and
-        // right key are used only in the final step.
-
-        KeyParameter kp;
-
-        if (params instanceof KeyParameter)
-        {
-            kp = (KeyParameter)params;
-        }
-        else
-        {
-            kp = (KeyParameter)((ParametersWithIV)params).getParameters();
-        }
-
-        KeyParameter key1;
-        byte[] keyvalue = kp.getKey();
-
-        if (keyvalue.length == 16)
-        { // Double length DES key
-            key1 = new KeyParameter(keyvalue, 0, 8);
-            this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
-            this.lastKey3 = key1;
-        }
-        else if (keyvalue.length == 24)
-        { // Triple length DES key
-            key1 = new KeyParameter(keyvalue, 0, 8);
-            this.lastKey2 = new KeyParameter(keyvalue, 8, 8);
-            this.lastKey3 = new KeyParameter(keyvalue, 16, 8);
-        }
-        else
-        {
-            throw new IllegalArgumentException(
-                    "Key must be either 112 or 168 bit long");
-        }
-
-        if (params instanceof ParametersWithIV)
-        {
-            cipher.init(true, new ParametersWithIV(key1, ((ParametersWithIV)params).getIV()));
-        }
-        else
-        {
-            cipher.init(true, key1);
-        }
-    }
-    
-    public int getMacSize()
-    {
-        return macSize;
-    }
-    
-    public void update(
-            byte        in)
-    {
-        if (bufOff == buf.length)
-        {
-            cipher.processBlock(buf, 0, mac, 0);
-            bufOff = 0;
-        }
-        
-        buf[bufOff++] = in;
-    }
-    
-    
-    public void update(
-            byte[]      in,
-            int         inOff,
-            int         len)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-        
-        int blockSize = cipher.getBlockSize();
-        int resultLen = 0;
-        int gapLen = blockSize - bufOff;
-        
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-            
-            resultLen += cipher.processBlock(buf, 0, mac, 0);
-            
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-            
-            while (len > blockSize)
-            {
-                resultLen += cipher.processBlock(in, inOff, mac, 0);
-                
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-        
-        System.arraycopy(in, inOff, buf, bufOff, len);
-        
-        bufOff += len;
-    }
-    
-    public int doFinal(
-            byte[]  out,
-            int     outOff)
-    {
-        int blockSize = cipher.getBlockSize();
-        
-        if (padding == null)
-        {
-            //
-            // pad with zeroes
-            //
-            while (bufOff < blockSize)
-            {
-                buf[bufOff] = 0;
-                bufOff++;
-            }
-        }
-        else
-        {
-            if (bufOff == blockSize)
-            {
-                cipher.processBlock(buf, 0, mac, 0);
-                bufOff = 0;
-            }
-            
-            padding.addPadding(buf, bufOff);
-        }
-        
-        cipher.processBlock(buf, 0, mac, 0);
-
-        // Added to code from base class
-        DESEngine deseng = new DESEngine();
-        
-        deseng.init(false, this.lastKey2);
-        deseng.processBlock(mac, 0, mac, 0);
-        
-        deseng.init(true, this.lastKey3);
-        deseng.processBlock(mac, 0, mac, 0);
-        // ****
-        
-        System.arraycopy(mac, 0, out, outOff, macSize);
-        
-        reset();
-        
-        return macSize;
-    }
-
-    
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-        
-        bufOff = 0;
-        
-        /*
-         * reset the underlying cipher.
-         */
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java
deleted file mode 100644
index 7463afd38..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * HMAC implementation based on RFC2104
- *
- * H(K XOR opad, H(K XOR ipad, text))
- */
-public class OldHMac
-implements Mac
-{
-    private final static int BLOCK_LENGTH = 64;
-
-    private final static byte IPAD = (byte)0x36;
-    private final static byte OPAD = (byte)0x5C;
-
-    private Digest digest;
-    private int digestSize;
-    private byte[] inputPad = new byte[BLOCK_LENGTH];
-    private byte[] outputPad = new byte[BLOCK_LENGTH];
-
-    /**
-     * @deprecated uses incorrect pad for SHA-512 and SHA-384 use HMac.
-     */
-    public OldHMac(
-        Digest digest)
-    {
-        this.digest = digest;
-        digestSize = digest.getDigestSize();
-    }
-
-    public String getAlgorithmName()
-    {
-        return digest.getAlgorithmName() + "/HMAC";
-    }
-
-    public Digest getUnderlyingDigest()
-    {
-        return digest;
-    }
-
-    public void init(
-        CipherParameters params)
-    {
-        digest.reset();
-
-        byte[] key = ((KeyParameter)params).getKey();
-
-        if (key.length > BLOCK_LENGTH)
-        {
-            digest.update(key, 0, key.length);
-            digest.doFinal(inputPad, 0);
-            for (int i = digestSize; i < inputPad.length; i++)
-            {
-                inputPad[i] = 0;
-            }
-        }
-        else
-        {
-            System.arraycopy(key, 0, inputPad, 0, key.length);
-            for (int i = key.length; i < inputPad.length; i++)
-            {
-                inputPad[i] = 0;
-            }
-        }
-
-        outputPad = new byte[inputPad.length];
-        System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length);
-
-        for (int i = 0; i < inputPad.length; i++)
-        {
-            inputPad[i] ^= IPAD;
-        }
-
-        for (int i = 0; i < outputPad.length; i++)
-        {
-            outputPad[i] ^= OPAD;
-        }
-
-        digest.update(inputPad, 0, inputPad.length);
-    }
-
-    public int getMacSize()
-    {
-        return digestSize;
-    }
-
-    public void update(
-        byte in)
-    {
-        digest.update(in);
-    }
-
-    public void update(
-        byte[] in,
-        int inOff,
-        int len)
-    {
-        digest.update(in, inOff, len);
-    }
-
-    public int doFinal(
-        byte[] out,
-        int outOff)
-    {
-        byte[] tmp = new byte[digestSize];
-        digest.doFinal(tmp, 0);
-
-        digest.update(outputPad, 0, outputPad.length);
-        digest.update(tmp, 0, tmp.length);
-
-        int     len = digest.doFinal(out, outOff);
-
-        reset();
-
-        return len;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * reset the underlying digest.
-         */
-        digest.reset();
-
-        /*
-         * reinitialize the digest.
-         */
-        digest.update(inputPad, 0, inputPad.length);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java
deleted file mode 100644
index 58d06d08d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java
+++ /dev/null
@@ -1,186 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public class VMPCMac implements Mac
-{
-    private byte g;
-
-    private byte n = 0;
-    private byte[] P = null;
-    private byte s = 0;
-
-    private byte[] T;
-    private byte[] workingIV;
-
-    private byte[] workingKey;
-
-    private byte x1, x2, x3, x4;
-
-    public int doFinal(byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        // Execute the Post-Processing Phase
-        for (int r = 1; r < 25; r++)
-        {
-            s = P[(s + P[n & 0xff]) & 0xff];
-
-            x4 = P[(x4 + x3 + r) & 0xff];
-            x3 = P[(x3 + x2 + r) & 0xff];
-            x2 = P[(x2 + x1 + r) & 0xff];
-            x1 = P[(x1 + s + r) & 0xff];
-            T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1);
-            T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2);
-            T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3);
-            T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4);
-            g = (byte) ((g + 4) & 0x1f);
-
-            byte temp = P[n & 0xff];
-            P[n & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-            n = (byte) ((n + 1) & 0xff);
-        }
-
-        // Input T to the IV-phase of the VMPC KSA
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + T[m & 0x1f]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-
-        // Store 20 new outputs of the VMPC Stream Cipher in table M
-        byte[] M = new byte[20];
-        for (int i = 0; i < 20; i++)
-        {
-            s = P[(s + P[i & 0xff]) & 0xff];
-            M[i] = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
-
-            byte temp = P[i & 0xff];
-            P[i & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-
-        System.arraycopy(M, 0, out, outOff, M.length);
-        reset();
-
-        return M.length;
-    }
-
-    public String getAlgorithmName()
-    {
-        return "VMPC-MAC";
-    }
-
-    public int getMacSize()
-    {
-        return 20;
-    }
-
-    public void init(CipherParameters params) throws IllegalArgumentException
-    {
-        if (!(params instanceof ParametersWithIV))
-        {
-            throw new IllegalArgumentException(
-                "VMPC-MAC Init parameters must include an IV");
-        }
-
-        ParametersWithIV ivParams = (ParametersWithIV) params;
-        KeyParameter key = (KeyParameter) ivParams.getParameters();
-
-        if (!(ivParams.getParameters() instanceof KeyParameter))
-        {
-            throw new IllegalArgumentException(
-                "VMPC-MAC Init parameters must include a key");
-        }
-
-        this.workingIV = ivParams.getIV();
-
-        if (workingIV == null || workingIV.length < 1 || workingIV.length > 768)
-        {
-            throw new IllegalArgumentException(
-                "VMPC-MAC requires 1 to 768 bytes of IV");
-        }
-
-        this.workingKey = key.getKey();
-
-        reset();
-
-    }
-
-    private void initKey(byte[] keyBytes, byte[] ivBytes)
-    {
-        s = 0;
-        P = new byte[256];
-        for (int i = 0; i < 256; i++)
-        {
-            P[i] = (byte) i;
-        }
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-        for (int m = 0; m < 768; m++)
-        {
-            s = P[(s + P[m & 0xff] + ivBytes[m % ivBytes.length]) & 0xff];
-            byte temp = P[m & 0xff];
-            P[m & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-        }
-        n = 0;
-    }
-
-    public void reset()
-    {
-        initKey(this.workingKey, this.workingIV);
-        g = x1 = x2 = x3 = x4 = n = 0;
-        T = new byte[32];
-        for (int i = 0; i < 32; i++)
-        {
-            T[i] = 0;
-        }
-    }
-
-    public void update(byte in) throws IllegalStateException
-    {
-        s = P[(s + P[n & 0xff]) & 0xff];
-        byte c = (byte) (in ^ P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff]);
-
-        x4 = P[(x4 + x3) & 0xff];
-        x3 = P[(x3 + x2) & 0xff];
-        x2 = P[(x2 + x1) & 0xff];
-        x1 = P[(x1 + s + c) & 0xff];
-        T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1);
-        T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2);
-        T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3);
-        T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4);
-        g = (byte) ((g + 4) & 0x1f);
-
-        byte temp = P[n & 0xff];
-        P[n & 0xff] = P[s & 0xff];
-        P[s & 0xff] = temp;
-        n = (byte) ((n + 1) & 0xff);
-    }
-
-    public void update(byte[] in, int inOff, int len)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + len) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        for (int i = 0; i < len; i++)
-        {
-            update(in[i]);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/package.html
deleted file mode 100644
index 0b1f86dd3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/macs/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for creating MACs and HMACs.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java
deleted file mode 100644
index 3c3bf3416..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java
+++ /dev/null
@@ -1,108 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A block cipher mode that includes authenticated encryption with a streaming mode and optional associated data.
- * @see org.bouncycastle.crypto.params.AEADParameters
- */
-public interface AEADBlockCipher
-{
-    /**
-     * initialise the underlying cipher. Parameter can either be an AEADParameters or a ParametersWithIV object.
-     *
-     * @param forEncryption true if we are setting up for encryption, false otherwise.
-     * @param params the necessary parameters for the underlying cipher to be initialised.
-     * @exception IllegalArgumentException if the params argument is inappropriate.
-     */
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException;
-
-    /**
-     * Return the name of the algorithm.
-     * 
-     * @return the algorithm name.
-     */
-    public String getAlgorithmName();
-
-    /**
-     * return the cipher this object wraps.
-     *
-     * @return the cipher this object wraps.
-     */
-    public BlockCipher getUnderlyingCipher();
-
-    /**
-     * encrypt/decrypt a single byte.
-     *
-     * @param in the byte to be processed.
-     * @param out the output buffer the processed byte goes into.
-     * @param outOff the offset into the output byte array the processed data starts at.
-     * @return the number of bytes written to out.
-     * @exception DataLengthException if the output buffer is too small.
-     */
-    public int processByte(byte in, byte[] out, int outOff)
-        throws DataLengthException;
-
-    /**
-     * process a block of bytes from in putting the result into out.
-     *
-     * @param in the input byte array.
-     * @param inOff the offset into the in array where the data to be processed starts.
-     * @param len the number of bytes to be processed.
-     * @param out the output buffer the processed bytes go into.
-     * @param outOff the offset into the output byte array the processed data starts at.
-     * @return the number of bytes written to out.
-     * @exception DataLengthException if the output buffer is too small.
-     */
-    public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-        throws DataLengthException;
-
-    /**
-     * Finish the operation either appending or verifying the MAC at the end of the data.
-     *
-     * @param out space for any resulting output data.
-     * @param outOff offset into out to start copying the data at.
-     * @return number of bytes written into out.
-     * @throws IllegalStateException if the cipher is in an inappropriate state.
-     * @throws org.bouncycastle.crypto.InvalidCipherTextException if the MAC fails to match.
-     */
-    public int doFinal(byte[] out, int outOff)
-        throws IllegalStateException, InvalidCipherTextException;
-
-    /**
-     * Return the value of the MAC associated with the last stream processed.
-     *
-     * @return MAC for plaintext data.
-     */
-    public byte[] getMac();
-
-    /**
-     * return the size of the output buffer required for a processBytes
-     * an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to processBytes
-     * with len bytes of input.
-     */
-    public int getUpdateOutputSize(int len);
-
-    /**
-     * return the size of the output buffer required for a processBytes plus a
-     * doFinal with an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to processBytes and doFinal
-     * with len bytes of input.
-     */
-    public int getOutputSize(int len);
-
-    /**
-     * Reset the cipher. After resetting the cipher is in the same state
-     * as it was after the last init (if there was one).
-     */
-    public void reset();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java
deleted file mode 100644
index f75c5463c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java
+++ /dev/null
@@ -1,235 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Arrays;
-
-/**
- * implements Cipher-Block-Chaining (CBC) mode on top of a simple cipher.
- */
-public class CBCBlockCipher
-    implements BlockCipher
-{
-    private byte[]          IV;
-    private byte[]          cbcV;
-    private byte[]          cbcNextV;
-
-    private int             blockSize;
-    private BlockCipher     cipher = null;
-    private boolean         encrypting;
-
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of chaining.
-     */
-    public CBCBlockCipher(
-        BlockCipher cipher)
-    {
-        this.cipher = cipher;
-        this.blockSize = cipher.getBlockSize();
-
-        this.IV = new byte[blockSize];
-        this.cbcV = new byte[blockSize];
-        this.cbcNextV = new byte[blockSize];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     *
-     * @param encrypting if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting,
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        this.encrypting = encrypting;
-        
-        if (params instanceof ParametersWithIV)
-        {
-                ParametersWithIV ivParam = (ParametersWithIV)params;
-                byte[]      iv = ivParam.getIV();
-
-                if (iv.length != blockSize)
-                {
-                    throw new IllegalArgumentException("initialisation vector must be the same length as block size");
-                }
-
-                System.arraycopy(iv, 0, IV, 0, iv.length);
-
-                reset();
-
-                cipher.init(encrypting, ivParam.getParameters());
-        }
-        else
-        {
-                reset();
-
-                cipher.init(encrypting, params);
-        }
-    }
-
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/CBC".
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/CBC";
-    }
-
-    /**
-     * return the block size of the underlying cipher.
-     *
-     * @return the block size of the underlying cipher.
-     */
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        return (encrypting) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff);
-    }
-
-    /**
-     * reset the chaining vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        System.arraycopy(IV, 0, cbcV, 0, IV.length);
-        Arrays.fill(cbcNextV, (byte)0);
-
-        cipher.reset();
-    }
-
-    /**
-     * Do the appropriate chaining step for CBC mode encryption.
-     *
-     * @param in the array containing the data to be encrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int encryptBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        /*
-         * XOR the cbcV and the input,
-         * then encrypt the cbcV
-         */
-        for (int i = 0; i < blockSize; i++)
-        {
-            cbcV[i] ^= in[inOff + i];
-        }
-
-        int length = cipher.processBlock(cbcV, 0, out, outOff);
-
-        /*
-         * copy ciphertext to cbcV
-         */
-        System.arraycopy(out, outOff, cbcV, 0, cbcV.length);
-
-        return length;
-    }
-
-    /**
-     * Do the appropriate chaining step for CBC mode decryption.
-     *
-     * @param in the array containing the data to be decrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the decrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int decryptBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        System.arraycopy(in, inOff, cbcNextV, 0, blockSize);
-
-        int length = cipher.processBlock(in, inOff, out, outOff);
-
-        /*
-         * XOR the cbcV and the output
-         */
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] ^= cbcV[i];
-        }
-
-        /*
-         * swap the back up buffer into next position
-         */
-        byte[]  tmp;
-
-        tmp = cbcV;
-        cbcV = cbcNextV;
-        cbcNextV = tmp;
-
-        return length;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java
deleted file mode 100644
index bedc3d136..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java
+++ /dev/null
@@ -1,338 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import java.io.ByteArrayOutputStream;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Implements the Counter with Cipher Block Chaining mode (CCM) detailed in
- * NIST Special Publication 800-38C.
- * 
    
- * Note: this mode is a packet mode - it needs all the data up front.
- */
-public class CCMBlockCipher
-    implements AEADBlockCipher
-{
-    private BlockCipher           cipher;
-    private int                   blockSize;
-    private boolean               forEncryption;
-    private byte[]                nonce;
-    private byte[]                associatedText;
-    private int                   macSize;
-    private CipherParameters      keyParam;
-    private byte[]                macBlock;
-    private ByteArrayOutputStream data = new ByteArrayOutputStream();
-
-    /**
-     * Basic constructor.
-     *
-     * @param c the block cipher to be used.
-     */
-    public CCMBlockCipher(BlockCipher c)
-    {
-        this.cipher = c;
-        this.blockSize = c.getBlockSize();
-        this.macBlock = new byte[blockSize];
-        
-        if (blockSize != 16)
-        {
-            throw new IllegalArgumentException("cipher required with a block size of 16.");
-        }
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-
-    public void init(boolean forEncryption, CipherParameters params)
-          throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-
-        if (params instanceof AEADParameters)
-        {
-            AEADParameters param = (AEADParameters)params;
-
-            nonce = param.getNonce();
-            associatedText = param.getAssociatedText();
-            macSize = param.getMacSize() / 8;
-            keyParam = param.getKey();
-        }
-        else if (params instanceof ParametersWithIV)
-        {
-            ParametersWithIV param = (ParametersWithIV)params;
-
-            nonce = param.getIV();
-            associatedText = null;
-            macSize = macBlock.length / 2;
-            keyParam = param.getParameters();
-        }
-        else
-        {
-            throw new IllegalArgumentException("invalid parameters passed to CCM");
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/CCM";
-    }
-
-    public int processByte(byte in, byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        data.write(in);
-
-        return 0;
-    }
-
-    public int processBytes(byte[] in, int inOff, int inLen, byte[] out, int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        data.write(in, inOff, inLen);
-
-        return 0;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-        throws IllegalStateException, InvalidCipherTextException
-    {
-        byte[] text = data.toByteArray();
-        byte[] enc = processPacket(text, 0, text.length);
-
-        System.arraycopy(enc, 0, out, outOff, enc.length);
-
-        reset();
-
-        return enc.length;
-    }
-
-    public void reset()
-    {
-        cipher.reset();
-        data.reset();
-    }
-
-    /**
-     * Returns a byte array containing the mac calculated as part of the
-     * last encrypt or decrypt operation.
-     * 
-     * @return the last mac calculated.
-     */
-    public byte[] getMac()
-    {
-        byte[] mac = new byte[macSize];
-        
-        System.arraycopy(macBlock, 0, mac, 0, mac.length);
-        
-        return mac;
-    }
-
-    public int getUpdateOutputSize(int len)
-    {
-        return 0;
-    }
-
-    public int getOutputSize(int len)
-    {
-        if (forEncryption)
-        {
-            return data.size() + len + macSize;
-        }
-        else
-        {
-            return data.size() + len - macSize;
-        }
-    }
-
-    public byte[] processPacket(byte[] in, int inOff, int inLen)
-        throws IllegalStateException, InvalidCipherTextException
-    {
-        if (keyParam == null)
-        {
-            throw new IllegalStateException("CCM cipher unitialized.");
-        }
-        
-        BlockCipher ctrCipher = new SICBlockCipher(cipher);
-        byte[] iv = new byte[blockSize];
-        byte[] out;
-
-        iv[0] = (byte)(((15 - nonce.length) - 1) & 0x7);
-        
-        System.arraycopy(nonce, 0, iv, 1, nonce.length);
-        
-        ctrCipher.init(forEncryption, new ParametersWithIV(keyParam, iv));
-        
-        if (forEncryption)
-        {
-            int index = inOff;
-            int outOff = 0;
-            
-            out = new byte[inLen + macSize];
-            
-            calculateMac(in, inOff, inLen, macBlock);
-            
-            ctrCipher.processBlock(macBlock, 0, macBlock, 0);   // S0
-            
-            while (index < inLen - blockSize)                   // S1...
-            {
-                ctrCipher.processBlock(in, index, out, outOff);
-                outOff += blockSize;
-                index += blockSize;
-            }
-            
-            byte[] block = new byte[blockSize];
-            
-            System.arraycopy(in, index, block, 0, inLen - index);
-            
-            ctrCipher.processBlock(block, 0, block, 0);
-            
-            System.arraycopy(block, 0, out, outOff, inLen - index);
-            
-            outOff += inLen - index;
-
-            System.arraycopy(macBlock, 0, out, outOff, out.length - outOff);
-        }
-        else
-        {
-            int index = inOff;
-            int outOff = 0;
-            
-            out = new byte[inLen - macSize];
-            
-            System.arraycopy(in, inOff + inLen - macSize, macBlock, 0, macSize);
-            
-            ctrCipher.processBlock(macBlock, 0, macBlock, 0);
-            
-            for (int i = macSize; i != macBlock.length; i++)
-            {
-                macBlock[i] = 0;
-            }
-            
-            while (outOff < out.length - blockSize)
-            {
-                ctrCipher.processBlock(in, index, out, outOff);
-                outOff += blockSize;
-                index += blockSize;
-            }
-            
-            byte[] block = new byte[blockSize];
-            
-            System.arraycopy(in, index, block, 0, out.length - outOff);
-            
-            ctrCipher.processBlock(block, 0, block, 0);
-            
-            System.arraycopy(block, 0, out, outOff, out.length - outOff);
-            
-            byte[] calculatedMacBlock = new byte[blockSize];
-            
-            calculateMac(out, 0, out.length, calculatedMacBlock);
-            
-            if (!Arrays.constantTimeAreEqual(macBlock, calculatedMacBlock))
-            {
-                throw new InvalidCipherTextException("mac check in CCM failed");
-            }
-        }
-        
-        return out;
-    }
-    
-    private int calculateMac(byte[] data, int dataOff, int dataLen, byte[] macBlock)
-    {
-        Mac    cMac = new CBCBlockCipherMac(cipher, macSize * 8);
-
-        cMac.init(keyParam);
-
-        //
-        // build b0
-        //
-        byte[] b0 = new byte[16];
-    
-        if (hasAssociatedText())
-        {
-            b0[0] |= 0x40;
-        }
-        
-        b0[0] |= (((cMac.getMacSize() - 2) / 2) & 0x7) << 3;
-
-        b0[0] |= ((15 - nonce.length) - 1) & 0x7;
-        
-        System.arraycopy(nonce, 0, b0, 1, nonce.length);
-        
-        int q = dataLen;
-        int count = 1;
-        while (q > 0)
-        {
-            b0[b0.length - count] = (byte)(q & 0xff);
-            q >>>= 8;
-            count++;
-        }
-        
-        cMac.update(b0, 0, b0.length);
-        
-        //
-        // process associated text
-        //
-        if (hasAssociatedText())
-        {
-            int extra;
-            
-            if (associatedText.length < ((1 << 16) - (1 << 8)))
-            {
-                cMac.update((byte)(associatedText.length >> 8));
-                cMac.update((byte)associatedText.length);
-                
-                extra = 2;
-            }
-            else // can't go any higher than 2^32
-            {
-                cMac.update((byte)0xff);
-                cMac.update((byte)0xfe);
-                cMac.update((byte)(associatedText.length >> 24));
-                cMac.update((byte)(associatedText.length >> 16));
-                cMac.update((byte)(associatedText.length >> 8));
-                cMac.update((byte)associatedText.length);
-                
-                extra = 6;
-            }
-            
-            cMac.update(associatedText, 0, associatedText.length);
-            
-            extra = (extra + associatedText.length) % 16;
-            if (extra != 0)
-            {
-                for (int i = 0; i != 16 - extra; i++)
-                {
-                    cMac.update((byte)0x00);
-                }
-            }
-        }
-        
-        //
-        // add the text
-        //
-        cMac.update(data, dataOff, dataLen);
-
-        return cMac.doFinal(macBlock, 0);
-    }
-
-    private boolean hasAssociatedText()
-    {
-        return associatedText != null && associatedText.length != 0;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java
deleted file mode 100644
index 0de045023..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java
+++ /dev/null
@@ -1,250 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
- */
-public class CFBBlockCipher
-    implements BlockCipher
-{
-    private byte[]          IV;
-    private byte[]          cfbV;
-    private byte[]          cfbOutV;
-
-    private int             blockSize;
-    private BlockCipher     cipher = null;
-    private boolean         encrypting;
-
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of the
-     * feedback mode.
-     * @param bitBlockSize the block size in bits (note: a multiple of 8)
-     */
-    public CFBBlockCipher(
-        BlockCipher cipher,
-        int         bitBlockSize)
-    {
-        this.cipher = cipher;
-        this.blockSize = bitBlockSize / 8;
-
-        this.IV = new byte[cipher.getBlockSize()];
-        this.cfbV = new byte[cipher.getBlockSize()];
-        this.cfbOutV = new byte[cipher.getBlockSize()];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     * An IV which is too short is handled in FIPS compliant fashion.
-     *
-     * @param encrypting if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting,
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        this.encrypting = encrypting;
-        
-        if (params instanceof ParametersWithIV)
-        {
-                ParametersWithIV ivParam = (ParametersWithIV)params;
-                byte[]      iv = ivParam.getIV();
-
-                if (iv.length < IV.length)
-                {
-                    // prepend the supplied IV with zeros (per FIPS PUB 81)
-                    System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length);
-                    for (int i = 0; i < IV.length - iv.length; i++)
-                    {
-                        IV[i] = 0;
-                    }
-                }
-                else
-                {
-                    System.arraycopy(iv, 0, IV, 0, IV.length);
-                }
-
-                reset();
-
-                cipher.init(true, ivParam.getParameters());
-        }
-        else
-        {
-                reset();
-
-                cipher.init(true, params);
-        }
-    }
-
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/CFB"
-     * and the block size in bits.
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/CFB" + (blockSize * 8);
-    }
-
-    /**
-     * return the block size we are operating at.
-     *
-     * @return the block size we are operating at (in bytes).
-     */
-    public int getBlockSize()
-    {
-        return blockSize;
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        return (encrypting) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff);
-    }
-
-    /**
-     * Do the appropriate processing for CFB mode encryption.
-     *
-     * @param in the array containing the data to be encrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int encryptBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(cfbV, 0, cfbOutV, 0);
-
-        //
-        // XOR the cfbV with the plaintext producing the ciphertext
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
-        System.arraycopy(out, outOff, cfbV, cfbV.length - blockSize, blockSize);
-
-        return blockSize;
-    }
-
-    /**
-     * Do the appropriate processing for CFB mode decryption.
-     *
-     * @param in the array containing the data to be decrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int decryptBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(cfbV, 0, cfbOutV, 0);
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
-        System.arraycopy(in, inOff, cfbV, cfbV.length - blockSize, blockSize);
-
-        //
-        // XOR the cfbV with the ciphertext producing the plaintext
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]);
-        }
-
-        return blockSize;
-    }
-
-    /**
-     * reset the chaining vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        System.arraycopy(IV, 0, cfbV, 0, IV.length);
-
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java
deleted file mode 100644
index b8e5b6105..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java
+++ /dev/null
@@ -1,265 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to
- * be used to produce cipher text which is the same length as the plain text.
- */
-public class CTSBlockCipher
-    extends BufferedBlockCipher
-{
-    private int     blockSize;
-
-    /**
-     * Create a buffered block cipher that uses Cipher Text Stealing
-     *
-     * @param cipher the underlying block cipher this buffering object wraps.
-     */
-    public CTSBlockCipher(
-        BlockCipher     cipher)
-    {
-        if ((cipher instanceof OFBBlockCipher) || (cipher instanceof CFBBlockCipher))
-        {
-            throw new IllegalArgumentException("CTSBlockCipher can only accept ECB, or CBC ciphers");
-        }
-
-        this.cipher = cipher;
-
-        blockSize = cipher.getBlockSize();
-
-        buf = new byte[blockSize * 2];
-        bufOff = 0;
-    }
-
-    /**
-     * return the size of the output buffer required for an update 
-     * an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update
-     * with len bytes of input.
-     */
-    public int getUpdateOutputSize(
-        int len)
-    {
-        int total       = len + bufOff;
-        int leftOver    = total % buf.length;
-
-        if (leftOver == 0)
-        {
-            return total - buf.length;
-        }
-
-        return total - leftOver;
-    }
-
-    /**
-     * return the size of the output buffer required for an update plus a
-     * doFinal with an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update and doFinal
-     * with len bytes of input.
-     */
-    public int getOutputSize(
-        int len)
-    {
-        return len + bufOff;
-    }
-
-    /**
-     * process a single byte, producing an output block if neccessary.
-     *
-     * @param in the input byte.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processByte(
-        byte        in,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        int         resultLen = 0;
-
-        if (bufOff == buf.length)
-        {
-            resultLen = cipher.processBlock(buf, 0, out, outOff);
-            System.arraycopy(buf, blockSize, buf, 0, blockSize);
-
-            bufOff = blockSize;
-        }
-
-        buf[bufOff++] = in;
-
-        return resultLen;
-    }
-
-    /**
-     * process an array of bytes, producing output if necessary.
-     *
-     * @param in the input byte array.
-     * @param inOff the offset at which the input data starts.
-     * @param len the number of bytes to be copied out of the input array.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize   = getBlockSize();
-        int length      = getUpdateOutputSize(len);
-        
-        if (length > 0)
-        {
-            if ((outOff + length) > out.length)
-            {
-                throw new DataLengthException("output buffer too short");
-            }
-        }
-
-        int resultLen = 0;
-        int gapLen = buf.length - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += cipher.processBlock(buf, 0, out, outOff);
-            System.arraycopy(buf, blockSize, buf, 0, blockSize);
-
-            bufOff = blockSize;
-
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > blockSize)
-            {
-                System.arraycopy(in, inOff, buf, bufOff, blockSize);
-                resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
-                System.arraycopy(buf, blockSize, buf, 0, blockSize);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-
-        return resultLen;
-    }
-
-    /**
-     * Process the last block in the buffer.
-     *
-     * @param out the array the block currently being held is copied into.
-     * @param outOff the offset at which the copying starts.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there is insufficient space in out for
-     * the output.
-     * @exception IllegalStateException if the underlying cipher is not
-     * initialised.
-     * @exception InvalidCipherTextException if cipher text decrypts wrongly (in
-     * case the exception will never get thrown).
-     */
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-        throws DataLengthException, IllegalStateException, InvalidCipherTextException
-    {
-        if (bufOff + outOff > out.length)
-        {
-            throw new DataLengthException("output buffer to small in doFinal");
-        }
-
-        int     blockSize = cipher.getBlockSize();
-        int     len = bufOff - blockSize;
-        byte[]  block = new byte[blockSize];
-
-        if (forEncryption)
-        {
-            cipher.processBlock(buf, 0, block, 0);
-            
-            if (bufOff < blockSize)
-            {
-                throw new DataLengthException("need at least one block of input for CTS");
-            }
-
-            for (int i = bufOff; i != buf.length; i++)
-            {
-                buf[i] = block[i - blockSize];
-            }
-
-            for (int i = blockSize; i != bufOff; i++)
-            {
-                buf[i] ^= block[i - blockSize];
-            }
-
-            if (cipher instanceof CBCBlockCipher)
-            {
-                BlockCipher c = ((CBCBlockCipher)cipher).getUnderlyingCipher();
-
-                c.processBlock(buf, blockSize, out, outOff);
-            }
-            else
-            {
-                cipher.processBlock(buf, blockSize, out, outOff);
-            }
-
-            System.arraycopy(block, 0, out, outOff + blockSize, len);
-        }
-        else
-        {
-            byte[]  lastBlock = new byte[blockSize];
-
-            if (cipher instanceof CBCBlockCipher)
-            {
-                BlockCipher c = ((CBCBlockCipher)cipher).getUnderlyingCipher();
-
-                c.processBlock(buf, 0, block, 0);
-            }
-            else
-            {
-                cipher.processBlock(buf, 0, block, 0);
-            }
-
-            for (int i = blockSize; i != bufOff; i++)
-            {
-                lastBlock[i - blockSize] = (byte)(block[i - blockSize] ^ buf[i]);
-            }
-
-            System.arraycopy(buf, blockSize, block, 0, len);
-
-            cipher.processBlock(block, 0, out, outOff);
-            System.arraycopy(lastBlock, 0, out, outOff + blockSize, len);
-        }
-
-        int offset = bufOff;
-
-        reset();
-
-        return offset;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
deleted file mode 100644
index 327026e8b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
+++ /dev/null
@@ -1,304 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Arrays;
-
-/**
- * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and 
- * Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
- * 
- * http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
- * 
- * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block 
- * cipher to encrypt and authenticate data. It's on-line (the length of a 
- * message isn't needed to begin processing it), has good performances, it's
- * simple and provably secure (provided the underlying block cipher is secure).
- * 
- * Of course, this implementations is NOT thread-safe.
- */
-public class EAXBlockCipher
-    implements AEADBlockCipher
-{
-    private static final byte nTAG = 0x0;
-
-    private static final byte hTAG = 0x1;
-
-    private static final byte cTAG = 0x2;
-
-    private SICBlockCipher cipher;
-
-    private boolean forEncryption;
-
-    private int blockSize;
-
-    private Mac mac;
-
-    private byte[] nonceMac;
-    private byte[] associatedTextMac;
-    private byte[] macBlock;
-    
-    private int macSize;
-    private byte[] bufBlock;
-    private int bufOff;
-
-    /**
-     * Constructor that accepts an instance of a block cipher engine.
-     *
-     * @param cipher the engine to use
-     */
-    public EAXBlockCipher(BlockCipher cipher)
-    {
-        blockSize = cipher.getBlockSize();
-        mac = new CMac(cipher);
-        macBlock = new byte[blockSize];
-        bufBlock = new byte[blockSize * 2];
-        associatedTextMac = new byte[mac.getMacSize()];
-        nonceMac = new byte[mac.getMacSize()];
-        this.cipher = new SICBlockCipher(cipher);
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getUnderlyingCipher().getAlgorithmName() + "/EAX";
-    }
-
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher.getUnderlyingCipher();
-    }
-
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-
-        byte[] nonce, associatedText;
-        CipherParameters keyParam;
-
-        if (params instanceof AEADParameters)
-        {
-            AEADParameters param = (AEADParameters)params;
-
-            nonce = param.getNonce();
-            associatedText = param.getAssociatedText();
-            macSize = param.getMacSize() / 8;
-            keyParam = param.getKey();
-        }
-        else if (params instanceof ParametersWithIV)
-        {
-            ParametersWithIV param = (ParametersWithIV)params;
-
-            nonce = param.getIV();
-            associatedText = new byte[0];
-            macSize = mac.getMacSize() / 2;
-            keyParam = param.getParameters();
-        }
-        else
-        {
-            throw new IllegalArgumentException("invalid parameters passed to EAX");
-        }
-
-        byte[] tag = new byte[blockSize];
-
-        mac.init(keyParam);
-        tag[blockSize - 1] = hTAG;
-        mac.update(tag, 0, blockSize);
-        mac.update(associatedText, 0, associatedText.length);
-        mac.doFinal(associatedTextMac, 0);
-
-        tag[blockSize - 1] = nTAG;
-        mac.update(tag, 0, blockSize);
-        mac.update(nonce, 0, nonce.length);
-        mac.doFinal(nonceMac, 0);
-
-        tag[blockSize - 1] = cTAG;
-        mac.update(tag, 0, blockSize);
-
-        cipher.init(true, new ParametersWithIV(keyParam, nonceMac));
-    }
-
-    private void calculateMac()
-    {
-        byte[] outC = new byte[blockSize];
-        mac.doFinal(outC, 0);
-
-        for (int i = 0; i < macBlock.length; i++)
-        {
-            macBlock[i] = (byte)(nonceMac[i] ^ associatedTextMac[i] ^ outC[i]);
-        }
-    }
-
-    public void reset()
-    {
-        reset(true);
-    }
-
-    private void reset(
-        boolean clearMac)
-    {
-        cipher.reset();
-        mac.reset();
-
-        bufOff = 0;
-        Arrays.fill(bufBlock, (byte)0);
-
-        if (clearMac)
-        {
-            Arrays.fill(macBlock, (byte)0);
-        }
-
-        byte[] tag = new byte[blockSize];
-        tag[blockSize - 1] = cTAG;
-        mac.update(tag, 0, blockSize);
-    }
-
-    public int processByte(byte in, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        return process(in, out, outOff);
-    }
-
-    public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        int resultLen = 0;
-
-        for (int i = 0; i != len; i++)
-        {
-            resultLen += process(in[inOff + i], out, outOff + resultLen);
-        }
-
-        return resultLen;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-        throws IllegalStateException, InvalidCipherTextException
-    {
-        int extra = bufOff;
-        byte[] tmp = new byte[bufBlock.length];
-
-        bufOff = 0;
-
-        if (forEncryption)
-        {
-            cipher.processBlock(bufBlock, 0, tmp, 0);
-            cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
-
-            System.arraycopy(tmp, 0, out, outOff, extra);
-
-            mac.update(tmp, 0, extra);
-
-            calculateMac();
-
-            System.arraycopy(macBlock, 0, out, outOff + extra, macSize);
-
-            reset(false);
-
-            return extra + macSize;
-        }
-        else
-        {
-            if (extra > macSize)
-            {
-                mac.update(bufBlock, 0, extra - macSize);
-
-                cipher.processBlock(bufBlock, 0, tmp, 0);
-                cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
-
-                System.arraycopy(tmp, 0, out, outOff, extra - macSize);
-            }
-
-            calculateMac();
-
-            if (!verifyMac(bufBlock, extra - macSize))
-            {
-                throw new InvalidCipherTextException("mac check in EAX failed");
-            }
-
-            reset(false);
-
-            return extra - macSize;
-        }
-    }
-
-    public byte[] getMac()
-    {
-        byte[] mac = new byte[macSize];
-
-        System.arraycopy(macBlock, 0, mac, 0, macSize);
-
-        return mac;
-    }
-
-    public int getUpdateOutputSize(int len)
-    {
-        return ((len + bufOff) / blockSize) * blockSize;
-    }
-
-    public int getOutputSize(int len)
-    {
-        if (forEncryption)
-        {
-             return len + bufOff + macSize;
-        }
-        else
-        {
-             return len + bufOff - macSize;
-        }
-    }
-
-    private int process(byte b, byte[] out, int outOff)
-    {
-        bufBlock[bufOff++] = b;
-
-        if (bufOff == bufBlock.length)
-        {
-            int size;
-
-            if (forEncryption)
-            {
-                size = cipher.processBlock(bufBlock, 0, out, outOff);
-
-                mac.update(out, outOff, blockSize);
-            }
-            else
-            {
-                mac.update(bufBlock, 0, blockSize);
-
-                size = cipher.processBlock(bufBlock, 0, out, outOff);
-            }
-
-            bufOff = blockSize;
-            System.arraycopy(bufBlock, blockSize, bufBlock, 0, blockSize);
-
-            return size;
-        }
-
-        return 0;
-    }
-
-    private boolean verifyMac(byte[] mac, int off)
-    {
-        for (int i = 0; i < macSize; i++)
-        {
-            if (macBlock[i] != mac[off + i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
deleted file mode 100644
index 8e7c31525..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
+++ /dev/null
@@ -1,416 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
-import org.bouncycastle.crypto.modes.gcm.Tables8kGCMMultiplier;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.util.Pack;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Implements the Galois/Counter mode (GCM) detailed in
- * NIST Special Publication 800-38D.
- */
-public class GCMBlockCipher
-    implements AEADBlockCipher
-{
-    private static final int BLOCK_SIZE = 16;
-    private static final byte[] ZEROES = new byte[BLOCK_SIZE];
-
-    // not final due to a compiler bug 
-    private BlockCipher   cipher;
-    private GCMMultiplier multiplier;
-
-    // These fields are set by init and not modified by processing
-    private boolean             forEncryption;
-    private int                 macSize;
-    private byte[]              nonce;
-    private byte[]              A;
-    private KeyParameter        keyParam;
-    private byte[]              H;
-    private byte[]              initS;
-    private byte[]              J0;
-
-    // These fields are modified during processing
-    private byte[]      bufBlock;
-    private byte[]      macBlock;
-    private byte[]      S;
-    private byte[]      counter;
-    private int         bufOff;
-    private long        totalLength;
-
-    public GCMBlockCipher(BlockCipher c)
-    {
-        this(c, null);
-    }
-
-    public GCMBlockCipher(BlockCipher c, GCMMultiplier m)
-    {
-        if (c.getBlockSize() != BLOCK_SIZE)
-        {
-            throw new IllegalArgumentException(
-                "cipher required with a block size of " + BLOCK_SIZE + ".");
-        }
-
-        if (m == null)
-        {
-            // TODO Consider a static property specifying default multiplier
-            m = new Tables8kGCMMultiplier();
-        }
-
-        this.cipher = c;
-        this.multiplier = m;
-    }
-
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/GCM";
-    }
-
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-        this.macBlock = null;
-
-        if (params instanceof AEADParameters)
-        {
-            AEADParameters param = (AEADParameters)params;
-
-            nonce = param.getNonce();
-            A = param.getAssociatedText();
-
-            int macSizeBits = param.getMacSize();
-            if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0)
-            {
-                throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits);
-            }
-
-            macSize = macSizeBits / 8; 
-            keyParam = param.getKey();
-        }
-        else if (params instanceof ParametersWithIV)
-        {
-            ParametersWithIV param = (ParametersWithIV)params;
-
-            nonce = param.getIV();
-            A = null;
-            macSize = 16;
-            keyParam = (KeyParameter)param.getParameters();
-        }
-        else
-        {
-            throw new IllegalArgumentException("invalid parameters passed to GCM");
-        }
-
-        int bufLength = forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize); 
-        this.bufBlock = new byte[bufLength];
-
-        if (nonce == null || nonce.length < 1)
-        {
-            throw new IllegalArgumentException("IV must be at least 1 byte");
-        }
-
-        if (A == null)
-        {
-            // Avoid lots of null checks
-            A = new byte[0];
-        }
-
-        // Cipher always used in forward mode
-        cipher.init(true, keyParam);
-
-        // TODO This should be configurable by init parameters
-        // (but must be 16 if nonce length not 12) (BLOCK_SIZE?)
-//        this.tagLength = 16;
-
-        this.H = new byte[BLOCK_SIZE];
-        cipher.processBlock(ZEROES, 0, H, 0);
-        multiplier.init(H);
-
-        this.initS = gHASH(A);
-
-        if (nonce.length == 12)
-        {
-            this.J0 = new byte[16];
-            System.arraycopy(nonce, 0, J0, 0, nonce.length);
-            this.J0[15] = 0x01;
-        }
-        else
-        {
-            this.J0 = gHASH(nonce);
-            byte[] X = new byte[16];
-            packLength((long)nonce.length * 8, X, 8);
-            xor(this.J0, X);
-            multiplier.multiplyH(this.J0);
-        }
-
-        this.S = Arrays.clone(initS);
-        this.counter = Arrays.clone(J0);
-        this.bufOff = 0;
-        this.totalLength = 0;
-    }
-
-    public byte[] getMac()
-    {
-        return Arrays.clone(macBlock);
-    }
-
-    public int getOutputSize(int len)
-    {
-        if (forEncryption)
-        {
-             return len + bufOff + macSize;
-        }
-
-        return len + bufOff - macSize;
-    }
-
-    public int getUpdateOutputSize(int len)
-    {
-        return ((len + bufOff) / BLOCK_SIZE) * BLOCK_SIZE;
-    }
-
-    public int processByte(byte in, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        return process(in, out, outOff);
-    }
-
-    public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        int resultLen = 0;
-
-        for (int i = 0; i != len; i++)
-        {
-//            resultLen += process(in[inOff + i], out, outOff + resultLen);
-            bufBlock[bufOff++] = in[inOff + i];
-
-            if (bufOff == bufBlock.length)
-            {
-                gCTRBlock(bufBlock, BLOCK_SIZE, out, outOff + resultLen);
-                if (!forEncryption)
-                {
-                    System.arraycopy(bufBlock, BLOCK_SIZE, bufBlock, 0, macSize);
-                }
-//              bufOff = 0;
-                bufOff = bufBlock.length - BLOCK_SIZE;
-//              return bufBlock.Length;
-                resultLen += BLOCK_SIZE;
-            }
-        }
-
-        return resultLen;
-    }
-
-    private int process(byte in, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        bufBlock[bufOff++] = in;
-
-        if (bufOff == bufBlock.length)
-        {
-            gCTRBlock(bufBlock, BLOCK_SIZE, out, outOff);
-            if (!forEncryption)
-            {
-                System.arraycopy(bufBlock, BLOCK_SIZE, bufBlock, 0, macSize);
-            }
-//            bufOff = 0;
-            bufOff = bufBlock.length - BLOCK_SIZE;
-//            return bufBlock.length;
-            return BLOCK_SIZE;
-        }
-
-        return 0;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-        throws IllegalStateException, InvalidCipherTextException
-    {
-        int extra = bufOff;
-        if (!forEncryption)
-        {
-            if (extra < macSize)
-            {
-                throw new InvalidCipherTextException("data too short");
-            }
-            extra -= macSize;
-        }
-
-        if (extra > 0)
-        {
-            byte[] tmp = new byte[BLOCK_SIZE];
-            System.arraycopy(bufBlock, 0, tmp, 0, extra);
-            gCTRBlock(tmp, extra, out, outOff);
-        }
-
-        // Final gHASH
-        byte[] X = new byte[16];
-        packLength((long)A.length * 8, X, 0);
-        packLength(totalLength * 8, X, 8);
-
-        xor(S, X);
-        multiplier.multiplyH(S);
-
-        // TODO Fix this if tagLength becomes configurable
-        // T = MSBt(GCTRk(J0,S))
-        byte[] tag = new byte[BLOCK_SIZE];
-        cipher.processBlock(J0, 0, tag, 0);
-        xor(tag, S);
-
-        int resultLen = extra;
-
-        // We place into macBlock our calculated value for T
-        this.macBlock = new byte[macSize];
-        System.arraycopy(tag, 0, macBlock, 0, macSize);
-
-        if (forEncryption)
-        {
-            // Append T to the message
-            System.arraycopy(macBlock, 0, out, outOff + bufOff, macSize);
-            resultLen += macSize;
-        }
-        else
-        {
-            // Retrieve the T value from the message and compare to calculated one
-            byte[] msgMac = new byte[macSize];
-            System.arraycopy(bufBlock, extra, msgMac, 0, macSize);
-            if (!Arrays.constantTimeAreEqual(this.macBlock, msgMac))
-            {
-                throw new InvalidCipherTextException("mac check in GCM failed");
-            }
-        }
-
-        reset(false);
-
-        return resultLen;
-    }
-
-    public void reset()
-    {
-        reset(true);
-    }
-
-    private void reset(
-        boolean clearMac)
-    {
-        S = Arrays.clone(initS);
-        counter = Arrays.clone(J0);
-        bufOff = 0;
-        totalLength = 0;
-
-        if (bufBlock != null)
-        {
-            Arrays.fill(bufBlock, (byte)0);
-        }
-
-        if (clearMac)
-        {
-            macBlock = null;
-        }
-
-        cipher.reset();
-    }
-
-    private void gCTRBlock(byte[] buf, int bufCount, byte[] out, int outOff)
-    {
-//        inc(counter);
-        for (int i = 15; i >= 12; --i)
-        {
-            byte b = (byte)((counter[i] + 1) & 0xff);
-            counter[i] = b;
-
-            if (b != 0)
-            {
-                break;
-            }
-        }
-
-        byte[] tmp = new byte[BLOCK_SIZE];
-        cipher.processBlock(counter, 0, tmp, 0);
-
-        byte[] hashBytes;
-        if (forEncryption)
-        {
-            System.arraycopy(ZEROES, bufCount, tmp, bufCount, BLOCK_SIZE - bufCount);
-            hashBytes = tmp;
-        }
-        else
-        {
-            hashBytes = buf;
-        }
-
-        for (int i = bufCount - 1; i >= 0; --i)
-        {
-            tmp[i] ^= buf[i];
-            out[outOff + i] = tmp[i];
-        }
-
-//        gHASHBlock(hashBytes);
-        xor(S, hashBytes);
-        multiplier.multiplyH(S);
-
-        totalLength += bufCount;
-    }
-
-    private byte[] gHASH(byte[] b)
-    {
-        byte[] Y = new byte[16];
-
-        for (int pos = 0; pos < b.length; pos += 16)
-        {
-            byte[] X = new byte[16];
-            int num = Math.min(b.length - pos, 16);
-            System.arraycopy(b, pos, X, 0, num);
-            xor(Y, X);
-            multiplier.multiplyH(Y);
-        }
-
-        return Y;
-    }
-
-//    private void gHASHBlock(byte[] block)
-//    {
-//        xor(S, block);
-//        multiplier.multiplyH(S);
-//    }
-
-//    private static void inc(byte[] block)
-//    {
-//        for (int i = 15; i >= 12; --i)
-//        {
-//            byte b = (byte)((block[i] + 1) & 0xff);
-//            block[i] = b;
-//
-//            if (b != 0)
-//            {
-//                break;
-//            }
-//        }
-//    }
-
-    private static void xor(byte[] block, byte[] val)
-    {
-        for (int i = 15; i >= 0; --i)
-        {
-            block[i] ^= val[i];
-        }
-    }
-
-    private static void packLength(long count, byte[] bs, int off)
-    {
-        Pack.intToBigEndian((int)(count >>> 32), bs, off); 
-        Pack.intToBigEndian((int)count, bs, off + 4);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java
deleted file mode 100644
index 388634195..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java
+++ /dev/null
@@ -1,226 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * implements the GOST 28147 OFB counter mode (GCTR).
- */
-public class GOFBBlockCipher
-    implements BlockCipher
-{
-    private byte[]          IV;
-    private byte[]          ofbV;
-    private byte[]          ofbOutV;
-
-    private final int             blockSize;
-    private final BlockCipher     cipher;
-
-    boolean firstStep = true;
-    int N3;
-    int N4;
-    static final int C1 = 16843012; //00000001000000010000000100000100
-    static final int C2 = 16843009; //00000001000000010000000100000001
-
-
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of the
-     * counter mode (must have a 64 bit block size).
-     */
-    public GOFBBlockCipher(
-        BlockCipher cipher)
-    {
-        this.cipher = cipher;
-        this.blockSize = cipher.getBlockSize();
-        
-        if (blockSize != 8)
-        {
-            throw new IllegalArgumentException("GCTR only for 64 bit block ciphers");
-        }
-
-        this.IV = new byte[cipher.getBlockSize()];
-        this.ofbV = new byte[cipher.getBlockSize()];
-        this.ofbOutV = new byte[cipher.getBlockSize()];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     * An IV which is too short is handled in FIPS compliant fashion.
-     *
-     * @param encrypting if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting, //ignored by this CTR mode
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        firstStep = true;
-        N3 = 0;
-        N4 = 0;
-
-        if (params instanceof ParametersWithIV)
-        {
-                ParametersWithIV ivParam = (ParametersWithIV)params;
-                byte[]      iv = ivParam.getIV();
-
-                if (iv.length < IV.length)
-                {
-                    // prepend the supplied IV with zeros (per FIPS PUB 81)
-                    System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); 
-                    for (int i = 0; i < IV.length - iv.length; i++)
-                    {
-                        IV[i] = 0;
-                    }
-                }
-                else
-                {
-                    System.arraycopy(iv, 0, IV, 0, IV.length);
-                }
-
-                reset();
-
-                cipher.init(true, ivParam.getParameters());
-        }
-        else
-        {
-                reset();
-
-                cipher.init(true, params);
-        }
-    }
-
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/GCTR"
-     * and the block size in bits
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/GCTR";
-    }
-
-    
-    /**
-     * return the block size we are operating at (in bytes).
-     *
-     * @return the block size we are operating at (in bytes).
-     */
-    public int getBlockSize()
-    {
-        return blockSize;
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (firstStep)
-        {
-            firstStep = false;
-            cipher.processBlock(ofbV, 0, ofbOutV, 0);
-            N3 = bytesToint(ofbOutV, 0);
-            N4 = bytesToint(ofbOutV, 4);
-        }
-        N3 += C2;
-        N4 += C1;
-        intTobytes(N3, ofbV, 0);
-        intTobytes(N4, ofbV, 4);
-
-        cipher.processBlock(ofbV, 0, ofbOutV, 0);
-
-        //
-        // XOR the ofbV with the plaintext producing the cipher text (and
-        // the next input block).
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
-        System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);
-
-        return blockSize;
-    }
-
-    /**
-     * reset the feedback vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        System.arraycopy(IV, 0, ofbV, 0, IV.length);
-
-        cipher.reset();
-    }
-
-    //array of bytes to type int
-    private int bytesToint(
-        byte[]  in,
-        int     inOff)
-    {
-        return  ((in[inOff + 3] << 24) & 0xff000000) + ((in[inOff + 2] << 16) & 0xff0000) +
-                ((in[inOff + 1] << 8) & 0xff00) + (in[inOff] & 0xff);
-    }
-
-    //int to array of bytes
-    private void intTobytes(
-            int     num,
-            byte[]  out,
-            int     outOff)
-    {
-            out[outOff + 3] = (byte)(num >>> 24);
-            out[outOff + 2] = (byte)(num >>> 16);
-            out[outOff + 1] = (byte)(num >>> 8);
-            out[outOff] =     (byte)num;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java
deleted file mode 100644
index f209b9fcd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java
+++ /dev/null
@@ -1,179 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * implements a Output-FeedBack (OFB) mode on top of a simple cipher.
- */
-public class OFBBlockCipher
-    implements BlockCipher
-{
-    private byte[]          IV;
-    private byte[]          ofbV;
-    private byte[]          ofbOutV;
-
-    private final int             blockSize;
-    private final BlockCipher     cipher;
-
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of the
-     * feedback mode.
-     * @param blockSize the block size in bits (note: a multiple of 8)
-     */
-    public OFBBlockCipher(
-        BlockCipher cipher,
-        int         blockSize)
-    {
-        this.cipher = cipher;
-        this.blockSize = blockSize / 8;
-
-        this.IV = new byte[cipher.getBlockSize()];
-        this.ofbV = new byte[cipher.getBlockSize()];
-        this.ofbOutV = new byte[cipher.getBlockSize()];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     * An IV which is too short is handled in FIPS compliant fashion.
-     *
-     * @param encrypting if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             encrypting, //ignored by this OFB mode
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        if (params instanceof ParametersWithIV)
-        {
-                ParametersWithIV ivParam = (ParametersWithIV)params;
-                byte[]      iv = ivParam.getIV();
-
-                if (iv.length < IV.length)
-                {
-                    // prepend the supplied IV with zeros (per FIPS PUB 81)
-                    System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); 
-                    for (int i = 0; i < IV.length - iv.length; i++)
-                    {
-                        IV[i] = 0;
-                    }
-                }
-                else
-                {
-                    System.arraycopy(iv, 0, IV, 0, IV.length);
-                }
-
-                reset();
-
-                cipher.init(true, ivParam.getParameters());
-        }
-        else
-        {
-                reset();
-
-                cipher.init(true, params);
-        }
-    }
-
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/OFB"
-     * and the block size in bits
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/OFB" + (blockSize * 8);
-    }
-
-    
-    /**
-     * return the block size we are operating at (in bytes).
-     *
-     * @return the block size we are operating at (in bytes).
-     */
-    public int getBlockSize()
-    {
-        return blockSize;
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[]      in,
-        int         inOff,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(ofbV, 0, ofbOutV, 0);
-
-        //
-        // XOR the ofbV with the plaintext producing the cipher text (and
-        // the next input block).
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
-        System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);
-
-        return blockSize;
-    }
-
-    /**
-     * reset the feedback vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        System.arraycopy(IV, 0, ofbV, 0, IV.length);
-
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java
deleted file mode 100644
index e48731b3f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java
+++ /dev/null
@@ -1,312 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-
-/**
- * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode
- * on top of a simple cipher. This class assumes the IV has been prepended
- * to the data stream already, and just accomodates the reset after
- * (blockSize + 2) bytes have been read.
- * 
    
- * For further info see RFC 2440.
- */
-public class OpenPGPCFBBlockCipher
-    implements BlockCipher
-{
-    private byte[] IV;
-    private byte[] FR;
-    private byte[] FRE;
-
-    private BlockCipher cipher;
-
-    private int count;
-    private int blockSize;
-    private boolean forEncryption;
-    
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of the
-     * feedback mode.
-     */
-    public OpenPGPCFBBlockCipher(
-        BlockCipher cipher)
-    {
-        this.cipher = cipher;
-
-        this.blockSize = cipher.getBlockSize();
-        this.IV = new byte[blockSize];
-        this.FR = new byte[blockSize];
-        this.FRE = new byte[blockSize];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-    
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/PGPCFB"
-     * and the block size in bits.
-     */
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/OpenPGPCFB";
-    }
-    
-    /**
-     * return the block size we are operating at.
-     *
-     * @return the block size we are operating at (in bytes).
-     */
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        return (forEncryption) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff);
-    }
-    
-    /**
-     * reset the chaining vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        count = 0;
-
-        System.arraycopy(IV, 0, FR, 0, FR.length);
-
-        cipher.reset();
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     * An IV which is too short is handled in FIPS compliant fashion.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean forEncryption,
-        CipherParameters params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-     
-        reset();
-
-        cipher.init(true, params);
-    }
-    
-    /**
-     * Encrypt one byte of data according to CFB mode.
-     * @param data the byte to encrypt
-     * @param blockOff offset in the current block
-     * @return the encrypted byte
-     */
-    private byte encryptByte(byte data, int blockOff)
-    {
-        return (byte)(FRE[blockOff] ^ data);
-    }
-    
-    /**
-     * Do the appropriate processing for CFB IV mode encryption.
-     *
-     * @param in the array containing the data to be encrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int encryptBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        if (count > blockSize)
-        {
-            FR[blockSize - 2] = out[outOff] = encryptByte(in[inOff], blockSize - 2);
-            FR[blockSize - 1] = out[outOff + 1] = encryptByte(in[inOff + 1], blockSize - 1);
-
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 2; n < blockSize; n++) 
-            {
-                FR[n - 2] = out[outOff + n] = encryptByte(in[inOff + n], n - 2);
-            }
-        }
-        else if (count == 0)
-        {
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 0; n < blockSize; n++) 
-            {
-                FR[n] = out[outOff + n] = encryptByte(in[inOff + n], n);
-            }
-            
-            count += blockSize;
-        }
-        else if (count == blockSize)
-        {
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            out[outOff] = encryptByte(in[inOff], 0);
-            out[outOff + 1] = encryptByte(in[inOff + 1], 1);
-
-            //
-            // do reset
-            //
-            System.arraycopy(FR, 2, FR, 0, blockSize - 2);
-            System.arraycopy(out, outOff, FR, blockSize - 2, 2);
-
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 2; n < blockSize; n++) 
-            {
-                FR[n - 2] = out[outOff + n] = encryptByte(in[inOff + n], n - 2);
-            }
-
-            count += blockSize;
-        }
-        
-        return blockSize;
-    }
-
-    /**
-     * Do the appropriate processing for CFB IV mode decryption.
-     *
-     * @param in the array containing the data to be decrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int decryptBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        if (count > blockSize)
-        {
-            byte inVal = in[inOff];
-            FR[blockSize - 2] = inVal;
-            out[outOff] = encryptByte(inVal, blockSize - 2);
-
-            inVal = in[inOff + 1];
-            FR[blockSize - 1] = inVal;
-            out[outOff + 1] = encryptByte(inVal, blockSize - 1);
-
-            cipher.processBlock(FR, 0, FRE, 0);
-            
-            for (int n = 2; n < blockSize; n++) 
-            {
-                inVal = in[inOff + n];
-                FR[n - 2] = inVal;
-                out[outOff + n] = encryptByte(inVal, n - 2);
-            }
-        } 
-        else if (count == 0)
-        {
-            cipher.processBlock(FR, 0, FRE, 0);
-            
-            for (int n = 0; n < blockSize; n++) 
-            {
-                FR[n] = in[inOff + n];
-                out[n] = encryptByte(in[inOff + n], n);
-            }
-            
-            count += blockSize;
-        }
-        else if (count == blockSize)
-        {
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            byte inVal1 = in[inOff];
-            byte inVal2 = in[inOff + 1];
-            out[outOff    ] = encryptByte(inVal1, 0);
-            out[outOff + 1] = encryptByte(inVal2, 1);
-            
-            System.arraycopy(FR, 2, FR, 0, blockSize - 2);
-
-            FR[blockSize - 2] = inVal1;
-            FR[blockSize - 1] = inVal2;
-
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 2; n < blockSize; n++) 
-            {
-                byte inVal = in[inOff + n];
-                FR[n - 2] = inVal;
-                out[outOff + n] = encryptByte(inVal, n - 2);
-            }
-
-            count += blockSize;
-        }
-        
-        return blockSize;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java
deleted file mode 100644
index bd9f15385..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java
+++ /dev/null
@@ -1,450 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode on top of a simple cipher. For further info see RFC 2440.
- */
-public class PGPCFBBlockCipher
-    implements BlockCipher
-{
-    private byte[] IV;
-    private byte[] FR;
-    private byte[] FRE;
-    private byte[] tmp;
-
-    private BlockCipher cipher;
-
-    private int count;
-    private int blockSize;
-    private boolean forEncryption;
-    
-    private boolean inlineIv; // if false we don't need to prepend an IV
-
-    /**
-     * Basic constructor.
-     *
-     * @param cipher the block cipher to be used as the basis of the
-     * feedback mode.
-     * @param inlineIv if true this is for PGP CFB with a prepended iv.
-     */
-    public PGPCFBBlockCipher(
-        BlockCipher cipher,
-        boolean     inlineIv)
-    {
-        this.cipher = cipher;
-        this.inlineIv = inlineIv;
-
-        this.blockSize = cipher.getBlockSize();
-        this.IV = new byte[blockSize];
-        this.FR = new byte[blockSize];
-        this.FRE = new byte[blockSize];
-        this.tmp = new byte[blockSize];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-    
-    /**
-     * return the algorithm name and mode.
-     *
-     * @return the name of the underlying algorithm followed by "/PGPCFB"
-     * and the block size in bits.
-     */
-    public String getAlgorithmName()
-    {
-        if (inlineIv)
-        {
-            return cipher.getAlgorithmName() + "/PGPCFBwithIV";
-        }
-        else
-        {
-            return cipher.getAlgorithmName() + "/PGPCFB";
-        }
-    }
-    
-    /**
-     * return the block size we are operating at.
-     *
-     * @return the block size we are operating at (in bytes).
-     */
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-    /**
-     * Process one block of input from the array in and write it to
-     * the out array.
-     *
-     * @param in the array containing the input data.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the output data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    public int processBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (inlineIv)
-        {
-            return (forEncryption) ? encryptBlockWithIV(in, inOff, out, outOff) : decryptBlockWithIV(in, inOff, out, outOff);
-        }
-        else
-        {
-            return (forEncryption) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff);
-        }
-    }
-    
-    /**
-     * reset the chaining vector back to the IV and reset the underlying
-     * cipher.
-     */
-    public void reset()
-    {
-        count = 0;
-
-        for (int i = 0; i != FR.length; i++)
-        {
-            if (inlineIv)
-            {
-                FR[i] = 0;
-            }
-            else
-            {
-                FR[i] = IV[i]; // if simple mode, key is IV (even if this is zero)
-            }
-        }
-
-        cipher.reset();
-    }
-
-    /**
-     * Initialise the cipher and, possibly, the initialisation vector (IV).
-     * If an IV isn't passed as part of the parameter, the IV will be all zeros.
-     * An IV which is too short is handled in FIPS compliant fashion.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean forEncryption,
-        CipherParameters params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-     
-        if (params instanceof ParametersWithIV)
-        {
-                ParametersWithIV ivParam = (ParametersWithIV)params;
-                byte[]      iv = ivParam.getIV();
-
-                if (iv.length < IV.length)
-                {
-                    // prepend the supplied IV with zeros (per FIPS PUB 81)
-                    System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length);
-                    for (int i = 0; i < IV.length - iv.length; i++)
-                    {
-                            IV[i] = 0;
-                    }
-                }
-                else
-                {
-                    System.arraycopy(iv, 0, IV, 0, IV.length);
-                }
-
-                reset();
-
-                cipher.init(true, ivParam.getParameters());
-        }
-        else
-        {
-                reset();
-
-                cipher.init(true, params);
-        }
-    }
-    
-    /**
-     * Encrypt one byte of data according to CFB mode.
-     * @param data the byte to encrypt
-     * @param where am i in the current block, determines when to resync the block
-     * @returns the encrypted byte
-     */
-    private byte encryptByte(byte data, int blockOff)
-    {
-        return (byte)(FRE[blockOff] ^ data);
-    }
-    
-    /**
-     * Do the appropriate processing for CFB IV mode encryption.
-     *
-     * @param in the array containing the data to be encrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int encryptBlockWithIV(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        if (count == 0)
-        {
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 0; n < blockSize; n++) 
-            {
-                out[outOff + n] = encryptByte(IV[n], n);
-            }
-            
-            System.arraycopy(out, outOff, FR, 0, blockSize);
-
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            out[outOff + blockSize] = encryptByte(IV[blockSize - 2], 0);
-            out[outOff + blockSize + 1] = encryptByte(IV[blockSize - 1], 1);
-
-            System.arraycopy(out, outOff + 2, FR, 0, blockSize);
-            
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 0; n < blockSize; n++) 
-            {
-                out[outOff + blockSize + 2 + n] = encryptByte(in[inOff + n], n);
-            }
-
-            System.arraycopy(out, outOff + blockSize + 2, FR, 0, blockSize);
-
-            count += 2 * blockSize + 2;
-
-            return 2 * blockSize + 2;
-        }
-        else if (count >= blockSize + 2)
-        {
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 0; n < blockSize; n++) 
-            {
-                out[outOff + n] = encryptByte(in[inOff + n], n);
-            }
-            
-            System.arraycopy(out, outOff, FR, 0, blockSize);
-        }
-        
-        return blockSize;
-    }
-
-    /**
-     * Do the appropriate processing for CFB IV mode decryption.
-     *
-     * @param in the array containing the data to be decrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int decryptBlockWithIV(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        if (count == 0)
-        {
-            for (int n = 0; n < blockSize; n++) 
-            {
-                FR[n] = in[inOff + n];
-            }
-            
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            count += blockSize;
-
-            return 0;
-        }
-        else if (count == blockSize)
-        {
-            // copy in buffer so that this mode works if in and out are the same 
-            System.arraycopy(in, inOff, tmp, 0, blockSize);
-        
-            System.arraycopy(FR, 2, FR, 0, blockSize - 2);
-            
-            FR[blockSize - 2] = tmp[0];
-            FR[blockSize - 1] = tmp[1];
-
-            cipher.processBlock(FR, 0, FRE, 0);
-
-            for (int n = 0; n < blockSize - 2; n++) 
-            {
-                out[outOff + n] = encryptByte(tmp[n + 2], n);
-            }
-
-            System.arraycopy(tmp, 2, FR, 0, blockSize - 2);
-
-            count += 2;
-
-            return blockSize - 2;
-        }
-        else if (count >= blockSize + 2)
-        {
-            // copy in buffer so that this mode works if in and out are the same 
-            System.arraycopy(in, inOff, tmp, 0, blockSize);
-
-            out[outOff + 0] = encryptByte(tmp[0], blockSize - 2);
-            out[outOff + 1] = encryptByte(tmp[1], blockSize - 1);
-
-            System.arraycopy(tmp, 0, FR, blockSize - 2, 2);
-
-            cipher.processBlock(FR, 0, FRE, 0);
-            
-            for (int n = 0; n < blockSize - 2; n++) 
-            {
-                out[outOff + n + 2] = encryptByte(tmp[n + 2], n);
-            }
-            
-            System.arraycopy(tmp, 2, FR, 0, blockSize - 2);
-            
-        } 
-        
-        return blockSize;
-    }
-    
-    /**
-     * Do the appropriate processing for CFB mode encryption.
-     *
-     * @param in the array containing the data to be encrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int encryptBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {        
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        cipher.processBlock(FR, 0, FRE, 0);
-        for (int n = 0; n < blockSize; n++) 
-        {
-            out[outOff + n] = encryptByte(in[inOff + n], n);
-        }
-        
-        for (int n = 0; n < blockSize; n++) 
-        {
-            FR[n] = out[outOff + n];
-        }
-        
-        return blockSize;
-        
-    }
-    
-    /**
-     * Do the appropriate processing for CFB mode decryption.
-     *
-     * @param in the array containing the data to be decrypted.
-     * @param inOff offset into the in array the data starts at.
-     * @param out the array the encrypted data will be copied into.
-     * @param outOff the offset into the out array the output will start at.
-     * @exception DataLengthException if there isn't enough data in in, or
-     * space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     * @return the number of bytes processed and produced.
-     */
-    private int decryptBlock(
-        byte[] in,
-        int inOff,
-        byte[] out,
-        int outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-        
-        cipher.processBlock(FR, 0, FRE, 0);
-        for (int n = 0; n < blockSize; n++) 
-        {
-            out[outOff + n] = encryptByte(in[inOff + n], n);
-        }
-        
-        for (int n = 0; n < blockSize; n++) 
-        {
-            FR[n] = in[inOff + n];
-        }
-        
-        return blockSize;
-        
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java
deleted file mode 100644
index f15ed6736..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java
+++ /dev/null
@@ -1,253 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A wrapper class that allows block ciphers to be used to process data in
- * a piecemeal fashion with PKCS5/PKCS7 padding. The PaddedBlockCipher
- * outputs a block only when the buffer is full and more data is being added,
- * or on a doFinal (unless the current block in the buffer is a pad block).
- * The padding mechanism used is the one outlined in PKCS5/PKCS7.
- *
- * @deprecated use org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher instead.
- */
-public class PaddedBlockCipher
-    extends BufferedBlockCipher
-{
-    /**
-     * Create a buffered block cipher with, or without, padding.
-     *
-     * @param cipher the underlying block cipher this buffering object wraps.
-     */
-    public PaddedBlockCipher(
-        BlockCipher     cipher)
-    {
-        this.cipher = cipher;
-
-        buf = new byte[cipher.getBlockSize()];
-        bufOff = 0;
-    }
-
-    /**
-     * return the size of the output buffer required for an update plus a
-     * doFinal with an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update and doFinal
-     * with len bytes of input.
-     */
-    public int getOutputSize(
-        int len)
-    {
-        int total       = len + bufOff;
-        int leftOver    = total % buf.length;
-
-        if (leftOver == 0)
-        {
-            if (forEncryption)
-            {
-                return total + buf.length;
-            }
-
-            return total;
-        }
-
-        return total - leftOver + buf.length;
-    }
-
-    /**
-     * return the size of the output buffer required for an update 
-     * an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update
-     * with len bytes of input.
-     */
-    public int getUpdateOutputSize(
-        int len)
-    {
-        int total       = len + bufOff;
-        int leftOver    = total % buf.length;
-
-        if (leftOver == 0)
-        {
-            return total - buf.length;
-        }
-
-        return total - leftOver;
-    }
-
-    /**
-     * process a single byte, producing an output block if neccessary.
-     *
-     * @param in the input byte.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processByte(
-        byte        in,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        int         resultLen = 0;
-
-        if (bufOff == buf.length)
-        {
-            resultLen = cipher.processBlock(buf, 0, out, outOff);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-
-        return resultLen;
-    }
-
-    /**
-     * process an array of bytes, producing output if necessary.
-     *
-     * @param in the input byte array.
-     * @param inOff the offset at which the input data starts.
-     * @param len the number of bytes to be copied out of the input array.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize   = getBlockSize();
-        int length      = getUpdateOutputSize(len);
-        
-        if (length > 0)
-        {
-            if ((outOff + length) > out.length)
-            {
-                throw new DataLengthException("output buffer too short");
-            }
-        }
-
-        int resultLen = 0;
-        int gapLen = buf.length - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += cipher.processBlock(buf, 0, out, outOff);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > buf.length)
-            {
-                resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-
-        return resultLen;
-    }
-
-    /**
-     * Process the last block in the buffer. If the buffer is currently
-     * full and padding needs to be added a call to doFinal will produce
-     * 2 * getBlockSize() bytes.
-     *
-     * @param out the array the block currently being held is copied into.
-     * @param outOff the offset at which the copying starts.
-     * @exception DataLengthException if there is insufficient space in out for
-     * the output or we are decrypting and the input is not block size aligned.
-     * @exception IllegalStateException if the underlying cipher is not
-     * initialised.
-     * @exception InvalidCipherTextException if padding is expected and not found.
-     */
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-        throws DataLengthException, IllegalStateException, InvalidCipherTextException
-    {
-        int blockSize = cipher.getBlockSize();
-        int resultLen = 0;
-
-        if (forEncryption)
-        {
-            if (bufOff == blockSize)
-            {
-                if ((outOff + 2 * blockSize) > out.length)
-                {
-                    throw new DataLengthException("output buffer too short");
-                }
-
-                resultLen = cipher.processBlock(buf, 0, out, outOff);
-                bufOff = 0;
-            }
-
-            //
-            // add PKCS7 padding
-            //
-            byte code = (byte)(blockSize - bufOff);
-
-            while (bufOff < blockSize)
-            {
-                buf[bufOff] = code;
-                bufOff++;
-            }
-
-            resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
-        }
-        else
-        {
-            if (bufOff == blockSize)
-            {
-                resultLen = cipher.processBlock(buf, 0, buf, 0);
-                bufOff = 0;
-            }
-            else
-            {
-                throw new DataLengthException("last block incomplete in decryption");
-            }
-
-            //
-            // remove PKCS7 padding
-            //
-            int count = buf[blockSize - 1] & 0xff;
-
-            if ((count < 0) || (count > blockSize))
-            {
-                throw new InvalidCipherTextException("pad block corrupted");
-            }
-
-            resultLen -= count;
-
-            System.arraycopy(buf, 0, out, outOff, resultLen);
-        }
-
-        reset();
-
-        return resultLen;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java
deleted file mode 100644
index a92e5a525..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Implements the Segmented Integer Counter (SIC) mode on top of a simple
- * block cipher. This mode is also known as CTR mode.
- */
-public class SICBlockCipher implements BlockCipher
-{
-    private final BlockCipher     cipher;
-    private final int             blockSize;
-    
-    private byte[]          IV;
-    private byte[]          counter;
-    private byte[]          counterOut;
-
-
-    /**
-     * Basic constructor.
-     *
-     * @param c the block cipher to be used.
-     */
-    public SICBlockCipher(BlockCipher c)
-    {
-        this.cipher = c;
-        this.blockSize = cipher.getBlockSize();
-        this.IV = new byte[blockSize];
-        this.counter = new byte[blockSize];
-        this.counterOut = new byte[blockSize];
-    }
-
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-
-    public void init(
-        boolean             forEncryption, //ignored by this CTR mode
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        if (params instanceof ParametersWithIV)
-        {
-          ParametersWithIV ivParam = (ParametersWithIV)params;
-          byte[]           iv      = ivParam.getIV();
-          System.arraycopy(iv, 0, IV, 0, IV.length);
-
-          reset();
-          cipher.init(true, ivParam.getParameters());
-        }
-        else
-        {
-            throw new IllegalArgumentException("SIC mode requires ParametersWithIV");
-        }
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName() + "/SIC";
-    }
-
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-
-    public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
-          throws DataLengthException, IllegalStateException
-    {
-        cipher.processBlock(counter, 0, counterOut, 0);
-
-        //
-        // XOR the counterOut with the plaintext producing the cipher text
-        //
-        for (int i = 0; i < counterOut.length; i++)
-        {
-          out[outOff + i] = (byte)(counterOut[i] ^ in[inOff + i]);
-        }
-
-        int    carry = 1;
-        
-        for (int i = counter.length - 1; i >= 0; i--)
-        {
-            int    x = (counter[i] & 0xff) + carry;
-            
-            if (x > 0xff)
-            {
-                carry = 1;
-            }
-            else
-            {
-                carry = 0;
-            }
-            
-            counter[i] = (byte)x;
-        }
-
-        return counter.length;
-    }
-
-
-    public void reset()
-    {
-        System.arraycopy(IV, 0, counter, 0, counter.length);
-        cipher.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java
deleted file mode 100644
index f2be2fc4b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-import org.bouncycastle.util.Arrays;
-
-public class BasicGCMExponentiator implements GCMExponentiator
-{
-    private byte[] x;
-
-    public void init(byte[] x)
-    {
-        this.x = Arrays.clone(x);
-    }
-
-    public void exponentiateX(long pow, byte[] output)
-    {
-        // Initial value is little-endian 1
-        byte[] y = GCMUtil.oneAsBytes();
-
-        if (pow > 0)
-        {
-            byte[] powX = Arrays.clone(x);
-            do
-            {
-                if ((pow & 1L) != 0)
-                {
-                    GCMUtil.multiply(y, powX);
-                }
-                GCMUtil.multiply(powX, powX);
-                pow >>>= 1;
-            }
-            while (pow > 0);
-        }
-
-        System.arraycopy(y, 0, output, 0, 16);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java
deleted file mode 100644
index a98d5b2a9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-import org.bouncycastle.util.Arrays;
-
-public class BasicGCMMultiplier implements GCMMultiplier
-{
-    private byte[] H;
-
-    public void init(byte[] H)
-    {
-        this.H = Arrays.clone(H);
-    }
-
-    public void multiplyH(byte[] x)
-    {
-        GCMUtil.multiply(x, H);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMExponentiator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMExponentiator.java
deleted file mode 100644
index e1cc5c76b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMExponentiator.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-public interface GCMExponentiator
-{
-    void init(byte[] x);
-    void exponentiateX(long pow, byte[] output);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMMultiplier.java
deleted file mode 100644
index f52f61051..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMMultiplier.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-public interface GCMMultiplier
-{
-    void init(byte[] H);
-    void multiplyH(byte[] x);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
deleted file mode 100644
index e1949dc12..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
+++ /dev/null
@@ -1,129 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-import org.bouncycastle.crypto.util.Pack;
-import org.bouncycastle.util.Arrays;
-
-abstract class GCMUtil
-{
-    static byte[] oneAsBytes()
-    {
-        byte[] tmp = new byte[16];
-        tmp[0] = (byte)0x80;
-        return tmp;
-    }
-
-    static int[] oneAsInts()
-    {
-        int[] tmp = new int[4];
-        tmp[0] = 0x80000000;
-        return tmp;
-    }
-
-    static int[] asInts(byte[] bs)
-    {
-        int[] us = new int[4];
-        us[0] = Pack.bigEndianToInt(bs, 0);
-        us[1] = Pack.bigEndianToInt(bs, 4);
-        us[2] = Pack.bigEndianToInt(bs, 8);
-        us[3] = Pack.bigEndianToInt(bs, 12);
-        return us;
-    }
-
-    static void multiply(byte[] block, byte[] val)
-    {
-        byte[] tmp = Arrays.clone(block);
-        byte[] c = new byte[16];
-
-        for (int i = 0; i < 16; ++i)
-        {
-            byte bits = val[i];
-            for (int j = 7; j >= 0; --j)
-            {
-                if ((bits & (1 << j)) != 0)
-                {
-                    xor(c, tmp);
-                }
-
-                boolean lsb = (tmp[15] & 1) != 0;
-                shiftRight(tmp);
-                if (lsb)
-                {
-                    // R = new byte[]{ 0xe1, ... };
-//                    GCMUtil.xor(v, R);
-                    tmp[0] ^= (byte)0xe1;
-                }
-            }
-        }
-
-        System.arraycopy(c, 0, block, 0, 16);
-    }
-
-    // P is the value with only bit i=1 set
-    static void multiplyP(int[] x)
-    {
-        boolean lsb = (x[3] & 1) != 0;
-        shiftRight(x);
-        if (lsb)
-        {
-            // R = new int[]{ 0xe1000000, 0, 0, 0 };
-//            xor(v, R);
-            x[0] ^= 0xe1000000;
-        }
-    }
-
-    static void multiplyP8(int[] x)
-    {
-        for (int i = 8; i != 0; --i)
-        {
-            multiplyP(x);
-        }
-    }
-
-    static void shiftRight(byte[] block)
-    {
-        int i = 0;
-        int bit = 0;
-        for (;;)
-        {
-            int b = block[i] & 0xff;
-            block[i] = (byte) ((b >>> 1) | bit);
-            if (++i == 16)
-            {
-                break;
-            }
-            bit = (b & 1) << 7;
-        }
-    }
-
-    static void shiftRight(int[] block)
-    {
-        int i = 0;
-        int bit = 0;
-        for (;;)
-        {
-            int b = block[i];
-            block[i] = (b >>> 1) | bit;
-            if (++i == 4)
-            {
-                break;
-            }
-            bit = b << 31;
-        }
-    }
-
-    static void xor(byte[] block, byte[] val)
-    {
-        for (int i = 15; i >= 0; --i)
-        {
-            block[i] ^= val[i];
-        }
-    }
-
-    static void xor(int[] block, int[] val)
-    {
-        for (int i = 3; i >= 0; --i)
-        {
-            block[i] ^= val[i];
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.java
deleted file mode 100644
index f10aa2830..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-import org.bouncycastle.util.Arrays;
-
-public class Tables1kGCMExponentiator implements GCMExponentiator
-{
-    // A lookup table of the power-of-two powers of 'x'
-    byte[][] lookupPowX2 = new byte[64][];
-
-    public void init(byte[] x)
-    {
-        // Initial value is little-endian 1
-        lookupPowX2[0] = new byte[16];
-        lookupPowX2[0][0] = (byte)0x80;
-
-        lookupPowX2[1] = Arrays.clone(x); 
-
-        for (int i = 2; i != 64; ++i)
-        {
-            byte[] tmp = Arrays.clone(lookupPowX2[i - 1]);
-            GCMUtil.multiply(tmp, tmp);
-            lookupPowX2[i] = tmp;
-        }
-    }
-
-    public void exponentiateX(long pow, byte[] output)
-    {
-        // Initial value is little-endian 1
-        byte[] y = GCMUtil.oneAsBytes();
-        int powX2 = 1;
-
-        while (pow > 0)
-        {
-            if ((pow & 1L) != 0)
-            {
-                GCMUtil.multiply(y, lookupPowX2[powX2]);
-            }
-            ++powX2;
-            pow >>>= 1;
-        }
-
-        System.arraycopy(y, 0, output, 0, 16);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java
deleted file mode 100644
index 4b670b7ee..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-import org.bouncycastle.crypto.util.Pack;
-
-public class Tables64kGCMMultiplier
-    implements GCMMultiplier
-{
-    private final int[][][] M = new int[16][256][];
-
-    public void init(byte[] H)
-    {
-        M[0][0] = new int[4];
-        M[0][128] = GCMUtil.asInts(H);
-        for (int j = 64; j >= 1; j >>= 1)
-        {
-            int[] tmp = new int[4];
-            System.arraycopy(M[0][j + j], 0, tmp, 0, 4);
-
-            GCMUtil.multiplyP(tmp);
-            M[0][j] = tmp;
-        }
-
-        int i = 0;
-        for (;;)
-        {
-            for (int j = 2; j < 256; j += j)
-            {
-                for (int k = 1; k < j; ++k)
-                {
-                    int[] tmp = new int[4];
-                    System.arraycopy(M[i][j], 0, tmp, 0, 4);
-
-                    GCMUtil.xor(tmp, M[i][k]);
-                    M[i][j + k] = tmp;
-                }
-            }
-
-            if (++i == 16)
-            {
-                return;
-            }
-
-            M[i][0] = new int[4];
-            for (int j = 128; j > 0; j >>= 1)
-            {
-                int[] tmp = new int[4];
-                System.arraycopy(M[i - 1][j], 0, tmp, 0, 4);
-
-                GCMUtil.multiplyP8(tmp);
-                M[i][j] = tmp;
-            }
-        }
-    }
-
-    public void multiplyH(byte[] x)
-    {
-//      assert x.Length == 16;
-
-        int[] z = new int[4];
-        for (int i = 15; i >= 0; --i)
-        {
-//            GCMUtil.xor(z, M[i][x[i] & 0xff]);
-            int[] m = M[i][x[i] & 0xff];
-            z[0] ^= m[0];
-            z[1] ^= m[1];
-            z[2] ^= m[2];
-            z[3] ^= m[3];
-        }
-
-        Pack.intToBigEndian(z[0], x, 0);
-        Pack.intToBigEndian(z[1], x, 4);
-        Pack.intToBigEndian(z[2], x, 8);
-        Pack.intToBigEndian(z[3], x, 12);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java
deleted file mode 100644
index 47728b14b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java
+++ /dev/null
@@ -1,102 +0,0 @@
-package org.bouncycastle.crypto.modes.gcm;
-
-import org.bouncycastle.crypto.util.Pack;
-
-public class Tables8kGCMMultiplier implements GCMMultiplier
-{
-    private final int[][][] M = new int[32][16][];
-
-    public void init(byte[] H)
-    {
-        M[0][0] = new int[4];
-        M[1][0] = new int[4];
-        M[1][8] = GCMUtil.asInts(H);
-
-        for (int j = 4; j >= 1; j >>= 1)
-        {
-            int[] tmp = new int[4];
-            System.arraycopy(M[1][j + j], 0, tmp, 0, 4);
-
-            GCMUtil.multiplyP(tmp);
-            M[1][j] = tmp;
-        }
-
-        {
-            int[] tmp = new int[4];
-            System.arraycopy(M[1][1], 0, tmp, 0, 4);
-
-            GCMUtil.multiplyP(tmp);
-            M[0][8] = tmp;
-        }
-
-        for (int j = 4; j >= 1; j >>= 1)
-        {
-            int[] tmp = new int[4];
-            System.arraycopy(M[0][j + j], 0, tmp, 0, 4);
-
-            GCMUtil.multiplyP(tmp);
-            M[0][j] = tmp;
-        }
-
-        int i = 0;
-        for (;;)
-        {
-            for (int j = 2; j < 16; j += j)
-            {
-                for (int k = 1; k < j; ++k)
-                {
-                    int[] tmp = new int[4];
-                    System.arraycopy(M[i][j], 0, tmp, 0, 4);
-
-                    GCMUtil.xor(tmp, M[i][k]);
-                    M[i][j + k] = tmp;
-                }
-            }
-
-            if (++i == 32)
-            {
-                return;
-            }
-
-            if (i > 1)
-            {
-                M[i][0] = new int[4];
-                for(int j = 8; j > 0; j >>= 1)
-                {
-                  int[] tmp = new int[4];
-                  System.arraycopy(M[i - 2][j], 0, tmp, 0, 4);
-
-                  GCMUtil.multiplyP8(tmp);
-                  M[i][j] = tmp;
-                }
-            }
-        }
-    }
-
-    public void multiplyH(byte[] x)
-    {
-//      assert x.Length == 16;
-
-        int[] z = new int[4];
-        for (int i = 15; i >= 0; --i)
-        {
-//            GCMUtil.xor(z, M[i + i][x[i] & 0x0f]);
-            int[] m = M[i + i][x[i] & 0x0f];
-            z[0] ^= m[0];
-            z[1] ^= m[1];
-            z[2] ^= m[2];
-            z[3] ^= m[3];
-//            GCMUtil.xor(z, M[i + i + 1][(x[i] & 0xf0) >>> 4]);
-            m = M[i + i + 1][(x[i] & 0xf0) >>> 4];
-            z[0] ^= m[0];
-            z[1] ^= m[1];
-            z[2] ^= m[2];
-            z[3] ^= m[3];
-        }
-
-        Pack.intToBigEndian(z[0], x, 0);
-        Pack.intToBigEndian(z[1], x, 4);
-        Pack.intToBigEndian(z[2], x, 8);
-        Pack.intToBigEndian(z[3], x, 12);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/package.html
deleted file mode 100644
index 5402df449..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/modes/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Modes for symmetric ciphers.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/package.html
deleted file mode 100644
index ee5487ffa..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Base classes for the lightweight API.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java
deleted file mode 100644
index 7c4f0aee3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * Block cipher padders are expected to conform to this interface
- */
-public interface BlockCipherPadding
-{
-    /**
-     * Initialise the padder.
-     *
-     * @param random the source of randomness for the padding, if required.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException;
-
-    /**
-     * Return the name of the algorithm the cipher implements.
-     *
-     * @return the name of the algorithm the cipher implements.
-     */
-    public String getPaddingName();
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     * 
    
-     * Note: this assumes that the last block of plain text is always 
-     * passed to it inside in. i.e. if inOff is zero, indicating the
-     * entire block is to be overwritten with padding the value of in
-     * should be the same as the last block of plain text. The reason
-     * for this is that some modes such as "trailing bit compliment"
-     * base the padding on the last byte of plain text.
-     * 
    
-     */
-    public int addPadding(byte[] in, int inOff);
-
-    /**
-     * return the number of pad bytes present in the block.
-     * @exception InvalidCipherTextException if the padding is badly formed
-     * or invalid.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java
deleted file mode 100644
index 63e29d84c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A padder that adds ISO10126-2 padding to a block.
- */
-public class ISO10126d2Padding
-    implements BlockCipherPadding
-{
-    SecureRandom    random;
-
-    /**
-     * Initialise the padder.
-     *
-     * @param random a SecureRandom if available.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException
-    {
-        if (random != null)
-        {
-            this.random = random;
-        }
-        else
-        {
-            this.random = new SecureRandom();
-        }
-    }
-
-    /**
-     * Return the name of the algorithm the padder implements.
-     *
-     * @return the name of the algorithm the padder implements.
-     */
-    public String getPaddingName()
-    {
-        return "ISO10126-2";
-    }
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     */
-    public int addPadding(
-        byte[]  in,
-        int     inOff)
-    {
-        byte code = (byte)(in.length - inOff);
-
-        while (inOff < (in.length - 1))
-        {
-            in[inOff] = (byte)random.nextInt();
-            inOff++;
-        }
-
-        in[inOff] = code;
-
-        return code;
-    }
-
-    /**
-     * return the number of pad bytes present in the block.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException
-    {
-        int count = in[in.length - 1] & 0xff;
-
-        if (count > in.length)
-        {
-            throw new InvalidCipherTextException("pad block corrupted");
-        }
-
-        return count;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java
deleted file mode 100644
index 54c31a9ba..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A padder that adds the padding according to the scheme referenced in
- * ISO 7814-4 - scheme 2 from ISO 9797-1. The first byte is 0x80, rest is 0x00
- */
-public class ISO7816d4Padding
-    implements BlockCipherPadding
-{
-    /**
-     * Initialise the padder.
-     *
-     * @param random - a SecureRandom if available.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException
-    {
-        // nothing to do.
-    }
-
-    /**
-     * Return the name of the algorithm the padder implements.
-     *
-     * @return the name of the algorithm the padder implements.
-     */
-    public String getPaddingName()
-    {
-        return "ISO7816-4";
-    }
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     */
-    public int addPadding(
-        byte[]  in,
-        int     inOff)
-    {
-        int added = (in.length - inOff);
-
-        in [inOff]= (byte) 0x80;
-        inOff ++;
-        
-        while (inOff < in.length)
-        {
-            in[inOff] = (byte) 0;
-            inOff++;
-        }
-
-        return added;
-    }
-
-    /**
-     * return the number of pad bytes present in the block.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException
-    {
-        int count = in.length - 1;
-
-        while (count > 0 && in[count] == 0)
-        {
-            count--;
-        }
-
-        if (in[count] != (byte)0x80)
-        {
-            throw new InvalidCipherTextException("pad block corrupted");
-        }
-        
-        return in.length - count;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java
deleted file mode 100644
index 93b149fa1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java
+++ /dev/null
@@ -1,76 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A padder that adds PKCS7/PKCS5 padding to a block.
- */
-public class PKCS7Padding
-    implements BlockCipherPadding
-{
-    /**
-     * Initialise the padder.
-     *
-     * @param random - a SecureRandom if available.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException
-    {
-        // nothing to do.
-    }
-
-    /**
-     * Return the name of the algorithm the padder implements.
-     *
-     * @return the name of the algorithm the padder implements.
-     */
-    public String getPaddingName()
-    {
-        return "PKCS7";
-    }
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     */
-    public int addPadding(
-        byte[]  in,
-        int     inOff)
-    {
-        byte code = (byte)(in.length - inOff);
-
-        while (inOff < in.length)
-        {
-            in[inOff] = code;
-            inOff++;
-        }
-
-        return code;
-    }
-
-    /**
-     * return the number of pad bytes present in the block.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException
-    {
-        int count = in[in.length - 1] & 0xff;
-
-        if (count > in.length || count == 0)
-        {
-            throw new InvalidCipherTextException("pad block corrupted");
-        }
-        
-        for (int i = 1; i <= count; i++)
-        {
-            if (in[in.length - i] != count)
-            {
-                throw new InvalidCipherTextException("pad block corrupted");
-            }
-        }
-
-        return count;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java
deleted file mode 100644
index ec412b954..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java
+++ /dev/null
@@ -1,298 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-/**
- * A wrapper class that allows block ciphers to be used to process data in
- * a piecemeal fashion with padding. The PaddedBufferedBlockCipher
- * outputs a block only when the buffer is full and more data is being added,
- * or on a doFinal (unless the current block in the buffer is a pad block).
- * The default padding mechanism used is the one outlined in PKCS5/PKCS7.
- */
-public class PaddedBufferedBlockCipher
-    extends BufferedBlockCipher
-{
-    BlockCipherPadding  padding;
-
-    /**
-     * Create a buffered block cipher with the desired padding.
-     *
-     * @param cipher the underlying block cipher this buffering object wraps.
-     * @param padding the padding type.
-     */
-    public PaddedBufferedBlockCipher(
-        BlockCipher         cipher,
-        BlockCipherPadding  padding)
-    {
-        this.cipher = cipher;
-        this.padding = padding;
-
-        buf = new byte[cipher.getBlockSize()];
-        bufOff = 0;
-    }
-
-    /**
-     * Create a buffered block cipher PKCS7 padding
-     *
-     * @param cipher the underlying block cipher this buffering object wraps.
-     */
-    public PaddedBufferedBlockCipher(
-        BlockCipher     cipher)
-    {
-        this(cipher, new PKCS7Padding());
-    }
-
-    /**
-     * initialise the cipher.
-     *
-     * @param forEncryption if true the cipher is initialised for
-     *  encryption, if false for decryption.
-     * @param params the key and other data required by the cipher.
-     * @exception IllegalArgumentException if the params argument is
-     * inappropriate.
-     */
-    public void init(
-        boolean             forEncryption,
-        CipherParameters    params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-
-        reset();
-
-        if (params instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    p = (ParametersWithRandom)params;
-
-            padding.init(p.getRandom());
-
-            cipher.init(forEncryption, p.getParameters());
-        }
-        else
-        {
-            padding.init(null);
-
-            cipher.init(forEncryption, params);
-        }
-    }
-
-    /**
-     * return the minimum size of the output buffer required for an update
-     * plus a doFinal with an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update and doFinal
-     * with len bytes of input.
-     */
-    public int getOutputSize(
-        int len)
-    {
-        int total       = len + bufOff;
-        int leftOver    = total % buf.length;
-
-        if (leftOver == 0)
-        {
-            if (forEncryption)
-            {
-                return total + buf.length;
-            }
-
-            return total;
-        }
-
-        return total - leftOver + buf.length;
-    }
-
-    /**
-     * return the size of the output buffer required for an update 
-     * an input of len bytes.
-     *
-     * @param len the length of the input.
-     * @return the space required to accommodate a call to update
-     * with len bytes of input.
-     */
-    public int getUpdateOutputSize(
-        int len)
-    {
-        int total       = len + bufOff;
-        int leftOver    = total % buf.length;
-
-        if (leftOver == 0)
-        {
-            return total - buf.length;
-        }
-
-        return total - leftOver;
-    }
-
-    /**
-     * process a single byte, producing an output block if neccessary.
-     *
-     * @param in the input byte.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processByte(
-        byte        in,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        int         resultLen = 0;
-
-        if (bufOff == buf.length)
-        {
-            resultLen = cipher.processBlock(buf, 0, out, outOff);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-
-        return resultLen;
-    }
-
-    /**
-     * process an array of bytes, producing output if necessary.
-     *
-     * @param in the input byte array.
-     * @param inOff the offset at which the input data starts.
-     * @param len the number of bytes to be copied out of the input array.
-     * @param out the space for any output that might be produced.
-     * @param outOff the offset from which the output will be copied.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there isn't enough space in out.
-     * @exception IllegalStateException if the cipher isn't initialised.
-     */
-    public int processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len,
-        byte[]      out,
-        int         outOff)
-        throws DataLengthException, IllegalStateException
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int blockSize   = getBlockSize();
-        int length      = getUpdateOutputSize(len);
-        
-        if (length > 0)
-        {
-            if ((outOff + length) > out.length)
-            {
-                throw new DataLengthException("output buffer too short");
-            }
-        }
-
-        int resultLen = 0;
-        int gapLen = buf.length - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += cipher.processBlock(buf, 0, out, outOff);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > buf.length)
-            {
-                resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-
-        return resultLen;
-    }
-
-    /**
-     * Process the last block in the buffer. If the buffer is currently
-     * full and padding needs to be added a call to doFinal will produce
-     * 2 * getBlockSize() bytes.
-     *
-     * @param out the array the block currently being held is copied into.
-     * @param outOff the offset at which the copying starts.
-     * @return the number of output bytes copied to out.
-     * @exception DataLengthException if there is insufficient space in out for
-     * the output or we are decrypting and the input is not block size aligned.
-     * @exception IllegalStateException if the underlying cipher is not
-     * initialised.
-     * @exception InvalidCipherTextException if padding is expected and not found.
-     */
-    public int doFinal(
-        byte[]  out,
-        int     outOff)
-        throws DataLengthException, IllegalStateException, InvalidCipherTextException
-    {
-        int blockSize = cipher.getBlockSize();
-        int resultLen = 0;
-
-        if (forEncryption)
-        {
-            if (bufOff == blockSize)
-            {
-                if ((outOff + 2 * blockSize) > out.length)
-                {
-                    reset();
-
-                    throw new DataLengthException("output buffer too short");
-                }
-
-                resultLen = cipher.processBlock(buf, 0, out, outOff);
-                bufOff = 0;
-            }
-
-            padding.addPadding(buf, bufOff);
-
-            resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
-
-            reset();
-        }
-        else
-        {
-            if (bufOff == blockSize)
-            {
-                resultLen = cipher.processBlock(buf, 0, buf, 0);
-                bufOff = 0;
-            }
-            else
-            {
-                reset();
-
-                throw new DataLengthException("last block incomplete in decryption");
-            }
-
-            try
-            {
-                resultLen -= padding.padCount(buf);
-
-                System.arraycopy(buf, 0, out, outOff, resultLen);
-            }
-            finally
-            {
-                reset();
-            }
-        }
-
-        return resultLen;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java
deleted file mode 100644
index 219912fe4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A padder that adds Trailing-Bit-Compliment padding to a block.
- * 
    
- * This padding pads the block out with the compliment of the last bit
- * of the plain text.
- * 
    
- */
-public class TBCPadding
-    implements BlockCipherPadding
-{
-    /**
-     * Initialise the padder.
-     *
-     * @param random - a SecureRandom if available.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException
-    {
-        // nothing to do.
-    }
-
-    /**
-     * Return the name of the algorithm the padder implements.
-     *
-     * @return the name of the algorithm the padder implements.
-     */
-    public String getPaddingName()
-    {
-        return "TBC";
-    }
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     * 
    
-     * Note: this assumes that the last block of plain text is always 
-     * passed to it inside in. i.e. if inOff is zero, indicating the
-     * entire block is to be overwritten with padding the value of in
-     * should be the same as the last block of plain text.
-     * 
    
-     */
-    public int addPadding(
-        byte[]  in,
-        int     inOff)
-    {
-        int     count = in.length - inOff;
-        byte    code;
-        
-        if (inOff > 0)
-        {
-            code = (byte)((in[inOff - 1] & 0x01) == 0 ? 0xff : 0x00);
-        }
-        else
-        {
-            code = (byte)((in[in.length - 1] & 0x01) == 0 ? 0xff : 0x00);
-        }
-            
-        while (inOff < in.length)
-        {
-            in[inOff] = code;
-            inOff++;
-        }
-
-        return count;
-    }
-
-    /**
-     * return the number of pad bytes present in the block.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException
-    {
-        byte code = in[in.length - 1];
-
-        int index = in.length - 1;
-        while (index > 0 && in[index - 1] == code)
-        {
-            index--;
-        }
-
-        return in.length - index;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java
deleted file mode 100644
index d4d34aad6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A padder that adds X9.23 padding to a block - if a SecureRandom is
- * passed in random padding is assumed, otherwise padding with zeros is used.
- */
-public class X923Padding
-    implements BlockCipherPadding
-{
-    SecureRandom    random = null;
-
-    /**
-     * Initialise the padder.
-     *
-     * @param random a SecureRandom if one is available.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException
-    {
-        this.random = random;
-    }
-
-    /**
-     * Return the name of the algorithm the padder implements.
-     *
-     * @return the name of the algorithm the padder implements.
-     */
-    public String getPaddingName()
-    {
-        return "X9.23";
-    }
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     */
-    public int addPadding(
-        byte[]  in,
-        int     inOff)
-    {
-        byte code = (byte)(in.length - inOff);
-
-        while (inOff < in.length - 1)
-        {
-            if (random == null)
-            {
-                in[inOff] = 0;
-            }
-            else
-            {
-                in[inOff] = (byte)random.nextInt();
-            }
-            inOff++;
-        }
-
-        in[inOff] = code;
-
-        return code;
-    }
-
-    /**
-     * return the number of pad bytes present in the block.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException
-    {
-        int count = in[in.length - 1] & 0xff;
-
-        if (count > in.length)
-        {
-            throw new InvalidCipherTextException("pad block corrupted");
-        }
-
-        return count;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java
deleted file mode 100644
index c75602863..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package org.bouncycastle.crypto.paddings;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.InvalidCipherTextException;
-
-/**
- * A padder that adds NULL byte padding to a block.
- */
-public class ZeroBytePadding
-    implements BlockCipherPadding
-{
-    /**
-     * Initialise the padder.
-     *
-     * @param random - a SecureRandom if available.
-     */
-    public void init(SecureRandom random)
-        throws IllegalArgumentException
-    {
-        // nothing to do.
-    }
-
-    /**
-     * Return the name of the algorithm the padder implements.
-     *
-     * @return the name of the algorithm the padder implements.
-     */
-    public String getPaddingName()
-    {
-        return "ZeroByte";
-    }
-
-    /**
-     * add the pad bytes to the passed in block, returning the
-     * number of bytes added.
-     */
-    public int addPadding(
-        byte[]  in,
-        int     inOff)
-    {
-        int added = (in.length - inOff);
-
-        while (inOff < in.length)
-        {
-            in[inOff] = (byte) 0;
-            inOff++;
-        }
-
-        return added;
-    }
-
-    /**
-     * return the number of pad bytes present in the block.
-     */
-    public int padCount(byte[] in)
-        throws InvalidCipherTextException
-    {
-        int count = in.length;
-
-        while (count > 0)
-        {
-            if (in[count - 1] != 0)
-            {
-                break;
-            }
-
-            count--;
-        }
-
-        return in.length - count;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/package.html
deleted file mode 100644
index 2b82e60f1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/paddings/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Paddings for symmetric ciphers.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AEADParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AEADParameters.java
deleted file mode 100644
index b60ef400e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AEADParameters.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class AEADParameters
-    implements CipherParameters
-{
-    private byte[] associatedText;
-    private byte[] nonce;
-    private KeyParameter key;
-    private int macSize;
-
-    /**
-     * Base constructor.
-     *
-     * @param key key to be used by underlying cipher
-     * @param macSize macSize in bits
-     * @param nonce nonce to be used
-     * @param associatedText associated text, if any
-     */
-    public AEADParameters(KeyParameter key, int macSize, byte[] nonce, byte[] associatedText)
-    {
-        this.key = key;
-        this.nonce = nonce;
-        this.macSize = macSize;
-        this.associatedText = associatedText;
-    }
-
-    public KeyParameter getKey()
-    {
-        return key;
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    public byte[] getAssociatedText()
-    {
-        return associatedText;
-    }
-
-    public byte[] getNonce()
-    {
-        return nonce;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java
deleted file mode 100644
index 03ba7253b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class AsymmetricKeyParameter
-    implements CipherParameters
-{
-    boolean privateKey;
-
-    public AsymmetricKeyParameter(
-        boolean privateKey)
-    {
-        this.privateKey = privateKey;
-    }
-
-    public boolean isPrivate()
-    {
-        return privateKey;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java
deleted file mode 100644
index 520062cfe..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class CCMParameters
-    extends AEADParameters
-{
-    /**
-     * Base constructor.
-     * 
-     * @param key key to be used by underlying cipher
-     * @param macSize macSize in bits
-     * @param nonce nonce to be used
-     * @param associatedText associated text, if any
-     */
-    public CCMParameters(KeyParameter key, int macSize, byte[] nonce, byte[] associatedText)
-    {
-        super(key, macSize, nonce, associatedText);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESParameters.java
deleted file mode 100644
index 5bee3604f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESParameters.java
+++ /dev/null
@@ -1,107 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class DESParameters
-    extends KeyParameter
-{
-    public DESParameters(
-        byte[]  key)
-    {
-        super(key);
-
-        if (isWeakKey(key, 0))
-        {
-            throw new IllegalArgumentException("attempt to create weak DES key");
-        }
-    }
-
-    /*
-     * DES Key length in bytes.
-     */
-    static public final int DES_KEY_LENGTH = 8;
-
-    /*
-     * Table of weak and semi-weak keys taken from Schneier pp281
-     */
-    static private final int N_DES_WEAK_KEYS = 16;
-
-    static private byte[] DES_weak_keys =
-    {
-        /* weak keys */
-        (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01, (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01,
-        (byte)0x1f,(byte)0x1f,(byte)0x1f,(byte)0x1f, (byte)0x0e,(byte)0x0e,(byte)0x0e,(byte)0x0e,
-        (byte)0xe0,(byte)0xe0,(byte)0xe0,(byte)0xe0, (byte)0xf1,(byte)0xf1,(byte)0xf1,(byte)0xf1,
-        (byte)0xfe,(byte)0xfe,(byte)0xfe,(byte)0xfe, (byte)0xfe,(byte)0xfe,(byte)0xfe,(byte)0xfe,
-
-        /* semi-weak keys */
-        (byte)0x01,(byte)0xfe,(byte)0x01,(byte)0xfe, (byte)0x01,(byte)0xfe,(byte)0x01,(byte)0xfe,
-        (byte)0x1f,(byte)0xe0,(byte)0x1f,(byte)0xe0, (byte)0x0e,(byte)0xf1,(byte)0x0e,(byte)0xf1,
-        (byte)0x01,(byte)0xe0,(byte)0x01,(byte)0xe0, (byte)0x01,(byte)0xf1,(byte)0x01,(byte)0xf1,
-        (byte)0x1f,(byte)0xfe,(byte)0x1f,(byte)0xfe, (byte)0x0e,(byte)0xfe,(byte)0x0e,(byte)0xfe,
-        (byte)0x01,(byte)0x1f,(byte)0x01,(byte)0x1f, (byte)0x01,(byte)0x0e,(byte)0x01,(byte)0x0e,
-        (byte)0xe0,(byte)0xfe,(byte)0xe0,(byte)0xfe, (byte)0xf1,(byte)0xfe,(byte)0xf1,(byte)0xfe,
-        (byte)0xfe,(byte)0x01,(byte)0xfe,(byte)0x01, (byte)0xfe,(byte)0x01,(byte)0xfe,(byte)0x01,
-        (byte)0xe0,(byte)0x1f,(byte)0xe0,(byte)0x1f, (byte)0xf1,(byte)0x0e,(byte)0xf1,(byte)0x0e,
-        (byte)0xe0,(byte)0x01,(byte)0xe0,(byte)0x01, (byte)0xf1,(byte)0x01,(byte)0xf1,(byte)0x01,
-        (byte)0xfe,(byte)0x1f,(byte)0xfe,(byte)0x1f, (byte)0xfe,(byte)0x0e,(byte)0xfe,(byte)0x0e,
-        (byte)0x1f,(byte)0x01,(byte)0x1f,(byte)0x01, (byte)0x0e,(byte)0x01,(byte)0x0e,(byte)0x01,
-        (byte)0xfe,(byte)0xe0,(byte)0xfe,(byte)0xe0, (byte)0xfe,(byte)0xf1,(byte)0xfe,(byte)0xf1
-    };
-
-    /**
-     * DES has 16 weak keys.  This method will check
-     * if the given DES key material is weak or semi-weak.
-     * Key material that is too short is regarded as weak.
-     * 
    
-     * See "Applied
-     * Cryptography" by Bruce Schneier for more information.
-     *
-     * @return true if the given DES key material is weak or semi-weak,
-     *     false otherwise.
-     */
-    public static boolean isWeakKey(
-        byte[] key,
-        int offset)
-    {
-        if (key.length - offset < DES_KEY_LENGTH)
-        {
-            throw new IllegalArgumentException("key material too short.");
-        }
-
-        nextkey: for (int i = 0; i < N_DES_WEAK_KEYS; i++)
-        {
-            for (int j = 0; j < DES_KEY_LENGTH; j++)
-            {
-                if (key[j + offset] != DES_weak_keys[i * DES_KEY_LENGTH + j])
-                {
-                    continue nextkey;
-                }
-            }
-
-            return true;
-        }
-        return false;
-    }
-
-    /**
-     * DES Keys use the LSB as the odd parity bit.  This can
-     * be used to check for corrupt keys.
-     *
-     * @param bytes the byte array to set the parity on.
-     */
-    public static void setOddParity(
-        byte[] bytes)
-    {
-        for (int i = 0; i < bytes.length; i++)
-        {
-            int b = bytes[i];
-            bytes[i] = (byte)((b & 0xfe) |
-                            ((((b >> 1) ^
-                            (b >> 2) ^
-                            (b >> 3) ^
-                            (b >> 4) ^
-                            (b >> 5) ^
-                            (b >> 6) ^
-                            (b >> 7)) ^ 0x01) & 0x01));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java
deleted file mode 100644
index 3a4bbfcae..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class DESedeParameters
-    extends DESParameters
-{
-    /*
-     * DES-EDE Key length in bytes.
-     */
-    static public final int DES_EDE_KEY_LENGTH = 24;
-
-    public DESedeParameters(
-        byte[]  key)
-    {
-        super(key);
-
-        if (isWeakKey(key, 0, key.length))
-        {
-            throw new IllegalArgumentException("attempt to create weak DESede key");
-        }
-    }
-
-    /**
-     * return true if the passed in key is a DES-EDE weak key.
-     *
-     * @param key bytes making up the key
-     * @param offset offset into the byte array the key starts at
-     * @param length number of bytes making up the key
-     */
-    public static boolean isWeakKey(
-        byte[]  key,
-        int     offset,
-        int     length)
-    {
-        for (int i = offset; i < length; i += DES_KEY_LENGTH)
-        {
-            if (DESParameters.isWeakKey(key, i))
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * return true if the passed in key is a DES-EDE weak key.
-     *
-     * @param key bytes making up the key
-     * @param offset offset into the byte array the key starts at
-     */
-    public static boolean isWeakKey(
-        byte[]  key,
-        int     offset)
-    {
-        return isWeakKey(key, offset, key.length - offset);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java
deleted file mode 100644
index 34c730ebf..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-public class DHKeyGenerationParameters
-    extends KeyGenerationParameters
-{
-    private DHParameters    params;
-
-    public DHKeyGenerationParameters(
-        SecureRandom    random,
-        DHParameters    params)
-    {
-        super(random, getStrength(params));
-
-        this.params = params;
-    }
-
-    public DHParameters getParameters()
-    {
-        return params;
-    }
-
-    static int getStrength(DHParameters params)
-    {
-        return params.getL() != 0 ? params.getL() : params.getP().bitLength();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java
deleted file mode 100644
index e686f3572..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-
-public class DHKeyParameters
-    extends AsymmetricKeyParameter
-{
-    private DHParameters    params;
-
-    protected DHKeyParameters(
-        boolean         isPrivate,
-        DHParameters    params)
-    {
-        super(isPrivate);
-
-        this.params = params;
-    }   
-
-    public DHParameters getParameters()
-    {
-        return params;
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof DHKeyParameters))
-        {
-            return false;
-        }
-
-        DHKeyParameters    dhKey = (DHKeyParameters)obj;
-
-        if (params == null)
-        {
-            return dhKey.getParameters() == null;
-        }
-        else
-        { 
-            return params.equals(dhKey.getParameters());
-        }
-    }
-    
-    public int hashCode()
-    {
-        int code = isPrivate() ? 0 : 1;
-        
-        if (params != null)
-        {
-            code ^= params.hashCode();
-        }
-        
-        return code;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHParameters.java
deleted file mode 100644
index 95352ceec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHParameters.java
+++ /dev/null
@@ -1,188 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-import java.math.BigInteger;
-
-public class DHParameters
-    implements CipherParameters
-{
-    private static final int DEFAULT_MINIMUM_LENGTH = 160;
-
-    // not final due to compiler bug in "simpler" JDKs
-    private BigInteger              g;
-    private BigInteger              p;
-    private BigInteger              q;
-    private BigInteger              j;
-    private int                     m;
-    private int                     l;
-    private DHValidationParameters  validation;
-
-    private static int getDefaultMParam(
-        int lParam)
-    {
-        if (lParam == 0)
-        {
-            return DEFAULT_MINIMUM_LENGTH;
-        }
-
-        return lParam < DEFAULT_MINIMUM_LENGTH ? lParam : DEFAULT_MINIMUM_LENGTH;
-    }
-
-    public DHParameters(
-        BigInteger  p,
-        BigInteger  g)
-    {
-        this(p, g, null, 0);
-    }
-
-    public DHParameters(
-        BigInteger  p,
-        BigInteger  g,
-        BigInteger  q)
-    {
-        this(p, g, q, 0);
-    }
-
-    public DHParameters(
-        BigInteger  p,
-        BigInteger  g,
-        BigInteger  q,
-        int         l)
-    {
-        this(p, g, q, getDefaultMParam(l), l, null, null);
-    }
-
-    public DHParameters(
-        BigInteger  p,
-        BigInteger  g,
-        BigInteger  q,
-        int         m,
-        int         l)
-    {
-        this(p, g, q, m, l, null, null);
-    }
-
-    public DHParameters(
-        BigInteger              p,
-        BigInteger              g,
-        BigInteger              q,
-        BigInteger              j,
-        DHValidationParameters  validation)
-    {
-        this(p, g, q, DEFAULT_MINIMUM_LENGTH, 0, j, validation);
-    }
-
-    public DHParameters(
-        BigInteger              p,
-        BigInteger              g,
-        BigInteger              q,
-        int                     m,
-        int                     l,
-        BigInteger              j,
-        DHValidationParameters  validation)
-    {
-        if (l != 0)
-        {
-            if (l >= p.bitLength())
-            {
-                throw new IllegalArgumentException("when l value specified, it must be less than bitlength(p)");
-            }
-            if (l < m)
-            {
-                throw new IllegalArgumentException("when l value specified, it may not be less than m value");
-            }
-        }
-
-        this.g = g;
-        this.p = p;
-        this.q = q;
-        this.m = m;
-        this.l = l;
-        this.j = j;
-        this.validation = validation;
-    }
-
-    public BigInteger getP()
-    {
-        return p;
-    }
-
-    public BigInteger getG()
-    {
-        return g;
-    }
-
-    public BigInteger getQ()
-    {
-        return q;
-    }
-
-    /**
-     * Return the subgroup factor J.
-     *
-     * @return subgroup factor
-     */
-    public BigInteger getJ()
-    {
-        return j;
-    }
-
-    /**
-     * Return the minimum length of the private value.
-     *
-     * @return the minimum length of the private value in bits.
-     */
-    public int getM()
-    {
-        return m;
-    }
-
-    /**
-     * Return the private value length in bits - if set, zero otherwise
-     *
-     * @return the private value length in bits, zero otherwise.
-     */
-    public int getL()
-    {
-        return l;
-    }
-
-    public DHValidationParameters getValidationParameters()
-    {
-        return validation;
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof DHParameters))
-        {
-            return false;
-        }
-
-        DHParameters    pm = (DHParameters)obj;
-
-        if (this.getQ() != null)
-        {
-            if (!this.getQ().equals(pm.getQ()))
-            {
-                return false;
-            }
-        }
-        else
-        {
-            if (pm.getQ() != null)
-            {
-                return false;
-            }
-        }
-
-        return pm.getP().equals(p) && pm.getG().equals(g);
-    }
-    
-    public int hashCode()
-    {
-        return getP().hashCode() ^ getG().hashCode() ^ (getQ() != null ? getQ().hashCode() : 0);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java
deleted file mode 100644
index ee1b34f9c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class DHPrivateKeyParameters
-    extends DHKeyParameters
-{
-    private BigInteger      x;
-
-    public DHPrivateKeyParameters(
-        BigInteger      x,
-        DHParameters    params)
-    {
-        super(true, params);
-
-        this.x = x;
-    }   
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-
-    public int hashCode()
-    {
-        return x.hashCode() ^ super.hashCode();
-    }
-    
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof DHPrivateKeyParameters))
-        {
-            return false;
-        }
-
-        DHPrivateKeyParameters  other = (DHPrivateKeyParameters)obj;
-
-        return other.getX().equals(this.x) && super.equals(obj);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java
deleted file mode 100644
index ed531603d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class DHPublicKeyParameters
-    extends DHKeyParameters
-{
-    private BigInteger      y;
-
-    public DHPublicKeyParameters(
-        BigInteger      y,
-        DHParameters    params)
-    {
-        super(false, params);
-
-        this.y = y;
-    }   
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-
-    public int hashCode()
-    {
-        return y.hashCode() ^ super.hashCode();
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof DHPublicKeyParameters))
-        {
-            return false;
-        }
-
-        DHPublicKeyParameters   other = (DHPublicKeyParameters)obj;
-
-        return other.getY().equals(y) && super.equals(obj);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java
deleted file mode 100644
index b22f7a03d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.util.Arrays;
-
-public class DHValidationParameters
-{
-    private byte[]  seed;
-    private int     counter;
-
-    public DHValidationParameters(
-        byte[]  seed,
-        int     counter)
-    {
-        this.seed = seed;
-        this.counter = counter;
-    }
-
-    public int getCounter()
-    {
-        return counter;
-    }
-
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof DHValidationParameters))
-        {
-            return false;
-        }
-
-        DHValidationParameters  other = (DHValidationParameters)o;
-
-        if (other.counter != this.counter)
-        {
-            return false;
-        }
-
-        return Arrays.areEqual(this.seed, other.seed);
-    }
-
-    public int hashCode()
-    {
-        return counter ^ Arrays.hashCode(seed);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java
deleted file mode 100644
index 29fa91e6c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-public class DSAKeyGenerationParameters
-    extends KeyGenerationParameters
-{
-    private DSAParameters    params;
-
-    public DSAKeyGenerationParameters(
-        SecureRandom    random,
-        DSAParameters   params)
-    {
-        super(random, params.getP().bitLength() - 1);
-
-        this.params = params;
-    }
-
-    public DSAParameters getParameters()
-    {
-        return params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java
deleted file mode 100644
index 11bb9d978..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class DSAKeyParameters
-    extends AsymmetricKeyParameter
-{
-    private DSAParameters    params;
-
-    public DSAKeyParameters(
-        boolean         isPrivate,
-        DSAParameters   params)
-    {
-        super(isPrivate);
-
-        this.params = params;
-    }   
-
-    public DSAParameters getParameters()
-    {
-        return params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java
deleted file mode 100644
index 7f76d117a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java
+++ /dev/null
@@ -1,74 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class DSAParameters
-    implements CipherParameters
-{
-    private BigInteger              g;
-    private BigInteger              q;
-    private BigInteger              p;
-    private DSAValidationParameters validation;
-
-    public DSAParameters(
-        BigInteger  p,
-        BigInteger  q,
-        BigInteger  g)
-    {
-        this.g = g;
-        this.p = p;
-        this.q = q;
-    }   
-
-    public DSAParameters(
-        BigInteger              p,
-        BigInteger              q,
-        BigInteger              g,
-        DSAValidationParameters params)
-    {
-        this.g = g;
-        this.p = p;
-        this.q = q;
-        this.validation = params;
-    }   
-
-    public BigInteger getP()
-    {
-        return p;
-    }
-
-    public BigInteger getQ()
-    {
-        return q;
-    }
-
-    public BigInteger getG()
-    {
-        return g;
-    }
-
-    public DSAValidationParameters getValidationParameters()
-    {
-        return validation;
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof DSAParameters))
-        {
-            return false;
-        }
-
-        DSAParameters    pm = (DSAParameters)obj;
-
-        return (pm.getP().equals(p) && pm.getQ().equals(q) && pm.getG().equals(g));
-    }
-    
-    public int hashCode()
-    {
-        return getP().hashCode() ^ getQ().hashCode() ^ getG().hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java
deleted file mode 100644
index 3bef3f40a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class DSAPrivateKeyParameters
-    extends DSAKeyParameters
-{
-    private BigInteger      x;
-
-    public DSAPrivateKeyParameters(
-        BigInteger      x,
-        DSAParameters   params)
-    {
-        super(true, params);
-
-        this.x = x;
-    }   
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java
deleted file mode 100644
index c0066568f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class DSAPublicKeyParameters
-    extends DSAKeyParameters
-{
-    private BigInteger      y;
-
-    public DSAPublicKeyParameters(
-        BigInteger      y,
-        DSAParameters   params)
-    {
-        super(false, params);
-
-        this.y = y;
-    }   
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java
deleted file mode 100644
index 1cc4b93e5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.util.Arrays;
-
-public class DSAValidationParameters
-{
-    private byte[]  seed;
-    private int     counter;
-
-    public DSAValidationParameters(
-        byte[]  seed,
-        int     counter)
-    {
-        this.seed = seed;
-        this.counter = counter;
-    }
-
-    public int getCounter()
-    {
-        return counter;
-    }
-
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-
-    public int hashCode()
-    {
-        return counter ^ Arrays.hashCode(seed);
-    }
-    
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof DSAValidationParameters))
-        {
-            return false;
-        }
-
-        DSAValidationParameters  other = (DSAValidationParameters)o;
-
-        if (other.counter != this.counter)
-        {
-            return false;
-        }
-
-        return Arrays.areEqual(this.seed, other.seed);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java
deleted file mode 100644
index 95a3ec96c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java
+++ /dev/null
@@ -1,81 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.math.ec.ECConstants;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-
-public class ECDomainParameters
-    implements ECConstants
-{
-    ECCurve     curve;
-    byte[]      seed;
-    ECPoint     G;
-    BigInteger  n;
-    BigInteger  h;
-
-    public ECDomainParameters(
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n)
-    {
-        this.curve = curve;
-        this.G = G;
-        this.n = n;
-        this.h = ONE;
-        this.seed = null;
-    }
-
-    public ECDomainParameters(
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n,
-        BigInteger  h)
-    {
-        this.curve = curve;
-        this.G = G;
-        this.n = n;
-        this.h = h;
-        this.seed = null;
-    }
-
-    public ECDomainParameters(
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n,
-        BigInteger  h,
-        byte[]      seed)
-    {
-        this.curve = curve;
-        this.G = G;
-        this.n = n;
-        this.h = h;
-        this.seed = seed;
-    }
-
-    public ECCurve getCurve()
-    {
-        return curve;
-    }
-
-    public ECPoint getG()
-    {
-        return G;
-    }
-
-    public BigInteger getN()
-    {
-        return n;
-    }
-
-    public BigInteger getH()
-    {
-        return h;
-    }
-
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java
deleted file mode 100644
index be3f20f5c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-public class ECKeyGenerationParameters
-    extends KeyGenerationParameters
-{
-    private ECDomainParameters  domainParams;
-
-    public ECKeyGenerationParameters(
-        ECDomainParameters      domainParams,
-        SecureRandom            random)
-    {
-        super(random, domainParams.getN().bitLength());
-
-        this.domainParams = domainParams;
-    }
-
-    public ECDomainParameters getDomainParameters()
-    {
-        return domainParams;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java
deleted file mode 100644
index 19825c5b4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class ECKeyParameters
-    extends AsymmetricKeyParameter
-{
-    ECDomainParameters params;
-
-    protected ECKeyParameters(
-        boolean             isPrivate,
-        ECDomainParameters  params)
-    {
-        super(isPrivate);
-
-        this.params = params;
-    }
-
-    public ECDomainParameters getParameters()
-    {
-        return params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java
deleted file mode 100644
index 3e49983e9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class ECPrivateKeyParameters
-    extends ECKeyParameters
-{
-    BigInteger d;
-
-    public ECPrivateKeyParameters(
-        BigInteger          d,
-        ECDomainParameters  params)
-    {
-        super(true, params);
-        this.d = d;
-    }
-
-    public BigInteger getD()
-    {
-        return d;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java
deleted file mode 100644
index 5fbea19ee..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.math.ec.ECPoint;
-
-public class ECPublicKeyParameters
-    extends ECKeyParameters
-{
-    ECPoint Q;
-
-    public ECPublicKeyParameters(
-        ECPoint             Q,
-        ECDomainParameters  params)
-    {
-        super(false, params);
-        this.Q = Q;
-    }
-
-    public ECPoint getQ()
-    {
-        return Q;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java
deleted file mode 100644
index f5fbabd5f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-public class ElGamalKeyGenerationParameters
-    extends KeyGenerationParameters
-{
-    private ElGamalParameters    params;
-
-    public ElGamalKeyGenerationParameters(
-        SecureRandom        random,
-        ElGamalParameters   params)
-    {
-        super(random, getStrength(params));
-
-        this.params = params;
-    }
-
-    public ElGamalParameters getParameters()
-    {
-        return params;
-    }
-
-    static int getStrength(ElGamalParameters params)
-    {
-        return params.getL() != 0 ? params.getL() : params.getP().bitLength();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyParameters.java
deleted file mode 100644
index 725069318..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalKeyParameters.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-
-public class ElGamalKeyParameters
-    extends AsymmetricKeyParameter
-{
-    private ElGamalParameters    params;
-
-    protected ElGamalKeyParameters(
-        boolean         isPrivate,
-        ElGamalParameters    params)
-    {
-        super(isPrivate);
-
-        this.params = params;
-    }   
-
-    public ElGamalParameters getParameters()
-    {
-        return params;
-    }
-
-    public int hashCode()
-    {
-        return (params != null) ? params.hashCode() : 0;
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof ElGamalKeyParameters))
-        {
-            return false;
-        }
-
-        ElGamalKeyParameters    dhKey = (ElGamalKeyParameters)obj;
-
-        if (params == null)
-        {
-            return dhKey.getParameters() == null;
-        }
-        else
-        { 
-            return params.equals(dhKey.getParameters());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalParameters.java
deleted file mode 100644
index 166eff35d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalParameters.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class ElGamalParameters
-    implements CipherParameters
-{
-    private BigInteger              g;
-    private BigInteger              p;
-    private int                     l;
-
-    public ElGamalParameters(
-        BigInteger  p,
-        BigInteger  g)
-    {
-        this(p, g, 0);
-    }
-
-    public ElGamalParameters(
-        BigInteger  p,
-        BigInteger  g,
-        int         l)
-    {
-        this.g = g;
-        this.p = p;
-        this.l = l;
-    }
-
-    public BigInteger getP()
-    {
-        return p;
-    }
-
-    /**
-     * return the generator - g
-     */
-    public BigInteger getG()
-    {
-        return g;
-    }
-
-    /**
-     * return private value limit - l
-     */
-    public int getL()
-    {
-        return l;
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof ElGamalParameters))
-        {
-            return false;
-        }
-
-        ElGamalParameters    pm = (ElGamalParameters)obj;
-
-        return pm.getP().equals(p) && pm.getG().equals(g) && pm.getL() == l;
-    }
-    
-    public int hashCode()
-    {
-        return (getP().hashCode() ^ getG().hashCode()) + l;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.java
deleted file mode 100644
index b8fb529f4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class ElGamalPrivateKeyParameters
-    extends ElGamalKeyParameters
-{
-    private BigInteger      x;
-
-    public ElGamalPrivateKeyParameters(
-        BigInteger      x,
-        ElGamalParameters    params)
-    {
-        super(true, params);
-
-        this.x = x;
-    }   
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof ElGamalPrivateKeyParameters))
-        {
-            return false;
-        }
-
-        ElGamalPrivateKeyParameters  pKey = (ElGamalPrivateKeyParameters)obj;
-
-        if (!pKey.getX().equals(x))
-        {
-            return false;
-        }
-
-        return super.equals(obj);
-    }
-    
-    public int hashCode()
-    {
-        return getX().hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.java
deleted file mode 100644
index d7da7a93b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class ElGamalPublicKeyParameters
-    extends ElGamalKeyParameters
-{
-    private BigInteger      y;
-
-    public ElGamalPublicKeyParameters(
-        BigInteger      y,
-        ElGamalParameters    params)
-    {
-        super(false, params);
-
-        this.y = y;
-    }   
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-
-    public int hashCode()
-    {
-        return y.hashCode() ^ super.hashCode();
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof ElGamalPublicKeyParameters))
-        {
-            return false;
-        }
-
-        ElGamalPublicKeyParameters   other = (ElGamalPublicKeyParameters)obj;
-
-        return other.getY().equals(y) && super.equals(obj);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.java
deleted file mode 100644
index 74e05a964..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-import java.security.SecureRandom;
-
-public class GOST3410KeyGenerationParameters
-        extends KeyGenerationParameters
-{
-        private GOST3410Parameters    params;
-
-        public GOST3410KeyGenerationParameters(
-            SecureRandom    random,
-            GOST3410Parameters   params)
-        {
-            super(random, params.getP().bitLength() - 1);
-
-            this.params = params;
-        }
-
-        public GOST3410Parameters getParameters()
-        {
-            return params;
-        }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyParameters.java
deleted file mode 100644
index 6716924af..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410KeyParameters.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class GOST3410KeyParameters
-        extends AsymmetricKeyParameter
-{
-    private GOST3410Parameters    params;
-
-    public GOST3410KeyParameters(
-        boolean         isPrivate,
-        GOST3410Parameters   params)
-    {
-        super(isPrivate);
-
-        this.params = params;
-    }
-
-    public GOST3410Parameters getParameters()
-    {
-        return params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410Parameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410Parameters.java
deleted file mode 100644
index 07450f612..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410Parameters.java
+++ /dev/null
@@ -1,74 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-import java.math.BigInteger;
-
-public class GOST3410Parameters
-   implements CipherParameters
-{
-    private BigInteger              p;
-    private BigInteger              q;
-    private BigInteger              a;
-    private GOST3410ValidationParameters validation;
-
-    public GOST3410Parameters(
-        BigInteger  p,
-        BigInteger  q,
-        BigInteger  a)
-    {
-        this.p = p;
-        this.q = q;
-        this.a = a;
-    }
-
-    public GOST3410Parameters(
-        BigInteger              p,
-        BigInteger              q,
-        BigInteger              a,
-        GOST3410ValidationParameters params)
-    {
-        this.a = a;
-        this.p = p;
-        this.q = q;
-        this.validation = params;
-    }
-
-    public BigInteger getP()
-    {
-        return p;
-    }
-
-    public BigInteger getQ()
-    {
-        return q;
-    }
-
-    public BigInteger getA()
-    {
-        return a;
-    }
-
-    public GOST3410ValidationParameters getValidationParameters()
-    {
-        return validation;
-    }
-
-    public int hashCode()
-    {
-        return p.hashCode() ^ q.hashCode() ^ a.hashCode();
-    }
-
-    public boolean equals(
-        Object  obj)
-    {
-        if (!(obj instanceof GOST3410Parameters))
-        {
-            return false;
-        }
-
-        GOST3410Parameters    pm = (GOST3410Parameters)obj;
-
-        return (pm.getP().equals(p) && pm.getQ().equals(q) && pm.getA().equals(a));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.java
deleted file mode 100644
index 408e06577..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class GOST3410PrivateKeyParameters
-        extends GOST3410KeyParameters
-{
-    private BigInteger      x;
-
-    public GOST3410PrivateKeyParameters(
-        BigInteger      x,
-        GOST3410Parameters   params)
-    {
-        super(true, params);
-
-        this.x = x;
-    }
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.java
deleted file mode 100644
index 9dfd2d98a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class GOST3410PublicKeyParameters
-        extends GOST3410KeyParameters
-{
-    private BigInteger      y;
-
-    public GOST3410PublicKeyParameters(
-        BigInteger      y,
-        GOST3410Parameters   params)
-    {
-        super(false, params);
-
-        this.y = y;
-    }
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410ValidationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410ValidationParameters.java
deleted file mode 100644
index c2a4fb57a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/GOST3410ValidationParameters.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-public class GOST3410ValidationParameters
-{
-    private int x0;
-    private int c;
-    private long x0L;
-    private long cL;
-
-
-    public GOST3410ValidationParameters(
-        int  x0,
-        int  c)
-    {
-        this.x0 = x0;
-        this.c = c;
-    }
-
-    public GOST3410ValidationParameters(
-        long  x0L,
-        long  cL)
-    {
-        this.x0L = x0L;
-        this.cL = cL;
-    }
-
-    public int getC()
-    {
-        return c;
-    }
-
-    public int getX0()
-    {
-        return x0;
-    }
-
-    public long getCL()
-    {
-        return cL;
-    }
-
-    public long getX0L()
-    {
-        return x0L;
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof GOST3410ValidationParameters))
-        {
-            return false;
-        }
-
-        GOST3410ValidationParameters  other = (GOST3410ValidationParameters)o;
-
-        if (other.c != this.c)
-        {
-            return false;
-        }
-
-        if (other.x0 != this.x0)
-        {
-            return false;
-        }
-
-        if (other.cL != this.cL)
-        {
-            return false;
-        }
-
-        if (other.x0L != this.x0L)
-        {
-            return false;
-        }
-
-        return true;
-    }
-
-    public int hashCode()
-    {
-        return x0 ^ c ^ (int) x0L ^ (int)(x0L >> 32) ^ (int) cL ^ (int)(cL >> 32);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESParameters.java
deleted file mode 100644
index 0600b3465..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESParameters.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-/**
- * parameters for using an integrated cipher in stream mode.
- */
-public class IESParameters
-    implements CipherParameters
-{
-    private byte[]  derivation;
-    private byte[]  encoding;
-    private int     macKeySize;
-
-    /**
-     * @param derivation the derivation parameter for the KDF function.
-     * @param encoding the encoding parameter for the KDF function.
-     * @param macKeySize the size of the MAC key (in bits).
-     */
-    public IESParameters(
-        byte[]  derivation,
-        byte[]  encoding,
-        int     macKeySize)
-    {
-        this.derivation = derivation;
-        this.encoding = encoding;
-        this.macKeySize = macKeySize;
-    }
-
-    public byte[] getDerivationV()
-    {
-        return derivation;
-    }
-
-    public byte[] getEncodingV()
-    {
-        return encoding;
-    }
-
-    public int getMacKeySize()
-    {
-        return macKeySize;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java
deleted file mode 100644
index ef61b2cc3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-
-public class IESWithCipherParameters
-    extends IESParameters
-{
-    private int cipherKeySize;
-
-    /**
-     * @param derivation the derivation parameter for the KDF function.
-     * @param encoding the encoding parameter for the KDF function.
-     * @param macKeySize the size of the MAC key (in bits).
-     * @param cipherKeySize the size of the associated Cipher key (in bits).
-     */
-    public IESWithCipherParameters(
-        byte[]  derivation,
-        byte[]  encoding,
-        int     macKeySize,
-        int     cipherKeySize)
-    {
-        super(derivation, encoding, macKeySize);
-
-        this.cipherKeySize = cipherKeySize;
-    }
-
-    public int getCipherKeySize()
-    {
-        return cipherKeySize;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java
deleted file mode 100644
index 8dffe2eec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.DerivationParameters;
-
-/**
- * parameters for Key derivation functions for ISO-18033
- */
-public class ISO18033KDFParameters
-    implements DerivationParameters
-{
-    byte[]  seed;
-
-    public ISO18033KDFParameters(
-        byte[]  seed)
-    {
-        this.seed = seed;
-    }
-
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java
deleted file mode 100644
index f3bac6479..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.DerivationParameters;
-
-/**
- * parameters for Key derivation functions for IEEE P1363a
- */
-public class KDFParameters
-    implements DerivationParameters
-{
-    byte[]  iv;
-    byte[]  shared;
-
-    public KDFParameters(
-        byte[]  shared,
-        byte[]  iv)
-    {
-        this.shared = shared;
-        this.iv = iv;
-    }
-
-    public byte[] getSharedSecret()
-    {
-        return shared;
-    }
-
-    public byte[] getIV()
-    {
-        return iv;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java
deleted file mode 100644
index 5c4fe0e0b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class KeyParameter
-    implements CipherParameters
-{
-    private byte[]  key;
-
-    public KeyParameter(
-        byte[]  key)
-    {
-        this(key, 0, key.length);
-    }
-
-    public KeyParameter(
-        byte[]  key,
-        int     keyOff,
-        int     keyLen)
-    {
-        this.key = new byte[keyLen];
-
-        System.arraycopy(key, keyOff, this.key, 0, keyLen);
-    }
-
-    public byte[] getKey()
-    {
-        return key;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java
deleted file mode 100644
index 847bd989c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.DerivationParameters;
-
-/**
- * parameters for mask derivation functions.
- */
-public class MGFParameters
-    implements DerivationParameters
-{
-    byte[]  seed;
-
-    public MGFParameters(
-        byte[]  seed)
-    {
-        this(seed, 0, seed.length);
-    }
-
-    public MGFParameters(
-        byte[]  seed,
-        int     off,
-        int     len)
-    {
-        this.seed = new byte[len];
-        System.arraycopy(seed, off, this.seed, 0, len);
-    }
-
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPrivateParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPrivateParameters.java
deleted file mode 100644
index 832c07fdd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPrivateParameters.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class MQVPrivateParameters
-    implements CipherParameters
-{
-    private ECPrivateKeyParameters staticPrivateKey;
-    private ECPrivateKeyParameters ephemeralPrivateKey;
-    private ECPublicKeyParameters ephemeralPublicKey;
-
-    public MQVPrivateParameters(
-        ECPrivateKeyParameters  staticPrivateKey,
-        ECPrivateKeyParameters  ephemeralPrivateKey)
-    {
-        this(staticPrivateKey, ephemeralPrivateKey, null);
-    }
-
-    public MQVPrivateParameters(
-        ECPrivateKeyParameters  staticPrivateKey,
-        ECPrivateKeyParameters  ephemeralPrivateKey,
-        ECPublicKeyParameters   ephemeralPublicKey)
-    {
-        this.staticPrivateKey = staticPrivateKey;
-        this.ephemeralPrivateKey = ephemeralPrivateKey;
-        this.ephemeralPublicKey = ephemeralPublicKey;
-    }
-
-    public ECPrivateKeyParameters getStaticPrivateKey()
-    {
-        return staticPrivateKey;
-    }
-
-    public ECPrivateKeyParameters getEphemeralPrivateKey()
-    {
-        return ephemeralPrivateKey;
-    }
-
-    public ECPublicKeyParameters getEphemeralPublicKey()
-    {
-        return ephemeralPublicKey;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPublicParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPublicParameters.java
deleted file mode 100644
index b3b246711..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/MQVPublicParameters.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class MQVPublicParameters
-    implements CipherParameters
-{
-    private ECPublicKeyParameters staticPublicKey;
-    private ECPublicKeyParameters ephemeralPublicKey;
-
-    public MQVPublicParameters(
-        ECPublicKeyParameters   staticPublicKey,
-        ECPublicKeyParameters   ephemeralPublicKey)
-    {
-        this.staticPublicKey = staticPublicKey;
-        this.ephemeralPublicKey = ephemeralPublicKey;
-    }
-
-    public ECPublicKeyParameters getStaticPublicKey()
-    {
-        return staticPublicKey;
-    }
-
-    public ECPublicKeyParameters getEphemeralPublicKey()
-    {
-        return ephemeralPublicKey;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java
deleted file mode 100644
index 758fcd79b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java
+++ /dev/null
@@ -1,97 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-/**
- * Parameters for NaccacheStern public private key generation. For details on
- * this cipher, please see
- * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
- */
-public class NaccacheSternKeyGenerationParameters extends KeyGenerationParameters
-{
-
-    // private BigInteger publicExponent;
-    private int certainty;
-
-    private int cntSmallPrimes;
-
-    private boolean debug = false;
-
-    /**
-     * Parameters for generating a NaccacheStern KeyPair.
-     * 
-     * @param random
-     *            The source of randomness
-     * @param strength
-     *            The desired strength of the Key in Bits
-     * @param certainty
-     *            the probability that the generated primes are not really prime
-     *            as integer: 2^(-certainty) is then the probability
-     * @param cntSmallPrimes
-     *            How many small key factors are desired
-     */
-    public NaccacheSternKeyGenerationParameters(SecureRandom random, int strength, int certainty, int cntSmallPrimes)
-    {
-        this(random, strength, certainty, cntSmallPrimes, false);
-    }
-
-    /**
-     * Parameters for a NaccacheStern KeyPair.
-     * 
-     * @param random
-     *            The source of randomness
-     * @param strength
-     *            The desired strength of the Key in Bits
-     * @param certainty
-     *            the probability that the generated primes are not really prime
-     *            as integer: 2^(-certainty) is then the probability
-     * @param cntSmallPrimes
-     *            How many small key factors are desired
-     * @param debug
-     *            Turn debugging on or off (reveals secret information, use with
-     *            caution)
-     */
-    public NaccacheSternKeyGenerationParameters(SecureRandom random,
-            int strength, int certainty, int cntSmallPrimes, boolean debug)
-    {
-        super(random, strength);
-
-        this.certainty = certainty;
-        if (cntSmallPrimes % 2 == 1)
-        {
-            throw new IllegalArgumentException("cntSmallPrimes must be a multiple of 2");
-        }
-        if (cntSmallPrimes < 30)
-        {
-            throw new IllegalArgumentException("cntSmallPrimes must be >= 30 for security reasons");
-        }
-        this.cntSmallPrimes = cntSmallPrimes;
-
-        this.debug = debug;
-    }
-
-    /**
-     * @return Returns the certainty.
-     */
-    public int getCertainty()
-    {
-        return certainty;
-    }
-
-    /**
-     * @return Returns the cntSmallPrimes.
-     */
-    public int getCntSmallPrimes()
-    {
-        return cntSmallPrimes;
-    }
-
-    public boolean isDebug()
-    {
-        return debug;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java
deleted file mode 100644
index 21b6a286d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-/**
- * Public key parameters for NaccacheStern cipher. For details on this cipher,
- * please see
- * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
- */
-public class NaccacheSternKeyParameters extends AsymmetricKeyParameter
-{
-
-    private BigInteger g, n;
-
-    int lowerSigmaBound;
-
-    /**
-     * @param privateKey
-     */
-    public NaccacheSternKeyParameters(boolean privateKey, BigInteger g, BigInteger n, int lowerSigmaBound)
-    {
-        super(privateKey);
-        this.g = g;
-        this.n = n;
-        this.lowerSigmaBound = lowerSigmaBound;
-    }
-
-    /**
-     * @return Returns the g.
-     */
-    public BigInteger getG()
-    {
-        return g;
-    }
-
-    /**
-     * @return Returns the lowerSigmaBound.
-     */
-    public int getLowerSigmaBound()
-    {
-        return lowerSigmaBound;
-    }
-
-    /**
-     * @return Returns the n.
-     */
-    public BigInteger getModulus()
-    {
-        return n;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java
deleted file mode 100644
index 6d0ec4868..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-import java.util.Vector;
-
-/**
- * Private key parameters for NaccacheStern cipher. For details on this cipher,
- * please see
- * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
- */
-public class NaccacheSternPrivateKeyParameters extends NaccacheSternKeyParameters 
-{
-    private BigInteger phi_n;
-    private Vector     smallPrimes;
-
-    /**
-     * Constructs a NaccacheSternPrivateKey
-     * 
-     * @param g
-     *            the public enryption parameter g
-     * @param n
-     *            the public modulus n = p*q
-     * @param lowerSigmaBound
-     *            the public lower sigma bound up to which data can be encrypted
-     * @param smallPrimes
-     *            the small primes, of which sigma is constructed in the right
-     *            order
-     * @param phi_n
-     *            the private modulus phi(n) = (p-1)(q-1)
-     */
-    public NaccacheSternPrivateKeyParameters(BigInteger g, BigInteger n,
-            int lowerSigmaBound, Vector smallPrimes,
-            BigInteger phi_n)
-    {
-        super(true, g, n, lowerSigmaBound);
-        this.smallPrimes = smallPrimes;
-        this.phi_n = phi_n;
-    }
-
-    public BigInteger getPhi_n()
-    {
-        return phi_n;
-    }
-
-    public Vector getSmallPrimes()
-    {
-        return smallPrimes;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java
deleted file mode 100644
index 4a1e6e9a3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class ParametersWithIV
-    implements CipherParameters
-{
-    private byte[]              iv;
-    private CipherParameters    parameters;
-
-    public ParametersWithIV(
-        CipherParameters    parameters,
-        byte[]              iv)
-    {
-        this(parameters, iv, 0, iv.length);
-    }
-
-    public ParametersWithIV(
-        CipherParameters    parameters,
-        byte[]              iv,
-        int                 ivOff,
-        int                 ivLen)
-    {
-        this.iv = new byte[ivLen];
-        this.parameters = parameters;
-
-        System.arraycopy(iv, ivOff, this.iv, 0, ivLen);
-    }
-
-    public byte[] getIV()
-    {
-        return iv;
-    }
-
-    public CipherParameters getParameters()
-    {
-        return parameters;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java
deleted file mode 100644
index a7b18e51f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-import java.security.SecureRandom;
-
-public class ParametersWithRandom
-    implements CipherParameters
-{
-    private SecureRandom        random;
-    private CipherParameters    parameters;
-
-    public ParametersWithRandom(
-        CipherParameters    parameters,
-        SecureRandom        random)
-    {
-        this.random = random;
-        this.parameters = parameters;
-    }
-
-    public ParametersWithRandom(
-        CipherParameters    parameters)
-    {
-        this(parameters, new SecureRandom());
-    }
-
-    public SecureRandom getRandom()
-    {
-        return random;
-    }
-
-    public CipherParameters getParameters()
-    {
-        return parameters;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java
deleted file mode 100644
index b226a9d9d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class ParametersWithSBox
-    implements CipherParameters
-{
-    private CipherParameters  parameters;
-    private byte[]            sBox;
-
-    public ParametersWithSBox(
-        CipherParameters parameters,
-        byte[]           sBox)
-    {
-        this.parameters = parameters;
-        this.sBox = sBox;
-    }
-
-    public byte[] getSBox()
-    {
-        return sBox;
-    }
-
-    public CipherParameters getParameters()
-    {
-        return parameters;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java
deleted file mode 100644
index 73765dd50..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-/**
- * Cipher parameters with a fixed salt value associated with them.
- */
-public class ParametersWithSalt
-    implements CipherParameters
-{
-    private byte[]              salt;
-    private CipherParameters    parameters;
-
-    public ParametersWithSalt(
-        CipherParameters    parameters,
-        byte[]              salt)
-    {
-        this(parameters, salt, 0, salt.length);
-    }
-
-    public ParametersWithSalt(
-        CipherParameters    parameters,
-        byte[]              salt,
-        int                 saltOff,
-        int                 saltLen)
-    {
-        this.salt = new byte[saltLen];
-        this.parameters = parameters;
-
-        System.arraycopy(salt, saltOff, this.salt, 0, saltLen);
-    }
-
-    public byte[] getSalt()
-    {
-        return salt;
-    }
-
-    public CipherParameters getParameters()
-    {
-        return parameters;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java
deleted file mode 100644
index dc33ec5b9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class RC2Parameters
-    implements CipherParameters
-{
-    private byte[]  key;
-    private int     bits;
-
-    public RC2Parameters(
-        byte[]  key)
-    {
-        this(key, (key.length > 128) ? 1024 : (key.length * 8));
-    }
-
-    public RC2Parameters(
-        byte[]  key,
-        int     bits)
-    {
-        this.key = new byte[key.length];
-        this.bits = bits;
-
-        System.arraycopy(key, 0, this.key, 0, key.length);
-    }
-
-    public byte[] getKey()
-    {
-        return key;
-    }
-
-    public int getEffectiveKeyBits()
-    {
-        return bits;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java
deleted file mode 100644
index 6cbd57f1f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-public class RC5Parameters
-    implements CipherParameters
-{
-    private byte[]  key;
-    private int     rounds;
-
-    public RC5Parameters(
-        byte[]  key,
-        int     rounds)
-    {
-        if (key.length > 255)
-        {
-            throw new IllegalArgumentException("RC5 key length can be no greater than 255");
-        }
-
-        this.key = new byte[key.length];
-        this.rounds = rounds;
-
-        System.arraycopy(key, 0, this.key, 0, key.length);
-    }
-
-    public byte[] getKey()
-    {
-        return key;
-    }
-
-    public int getRounds()
-    {
-        return rounds;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSABlindingParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSABlindingParameters.java
deleted file mode 100644
index c7fa6ba6b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSABlindingParameters.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import org.bouncycastle.crypto.CipherParameters;
-
-import java.math.BigInteger;
-
-public class RSABlindingParameters
-    implements CipherParameters
-{
-    private RSAKeyParameters publicKey;
-    private BigInteger       blindingFactor;
-
-    public RSABlindingParameters(
-        RSAKeyParameters publicKey,
-        BigInteger       blindingFactor)
-    {
-        if (publicKey instanceof RSAPrivateCrtKeyParameters)
-        {
-            throw new IllegalArgumentException("RSA parameters should be for a public key");
-        }
-        
-        this.publicKey = publicKey;
-        this.blindingFactor = blindingFactor;
-    }
-
-    public RSAKeyParameters getPublicKey()
-    {
-        return publicKey;
-    }
-
-    public BigInteger getBlindingFactor()
-    {
-        return blindingFactor;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java
deleted file mode 100644
index 38b55fcdd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.KeyGenerationParameters;
-
-public class RSAKeyGenerationParameters
-    extends KeyGenerationParameters
-{
-    private BigInteger publicExponent;
-    private int certainty;
-
-    public RSAKeyGenerationParameters(
-        BigInteger      publicExponent,
-        SecureRandom    random,
-        int             strength,
-        int             certainty)
-    {
-        super(random, strength);
-
-        if (strength < 12)
-        {
-            throw new IllegalArgumentException("key strength too small");
-        }
-
-        //
-        // public exponent cannot be even
-        //
-        if (!publicExponent.testBit(0)) 
-        {
-                throw new IllegalArgumentException("public exponent cannot be even");
-        }
-        
-        this.publicExponent = publicExponent;
-        this.certainty = certainty;
-    }
-
-    public BigInteger getPublicExponent()
-    {
-        return publicExponent;
-    }
-
-    public int getCertainty()
-    {
-        return certainty;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java
deleted file mode 100644
index 4a2d93546..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class RSAKeyParameters
-    extends AsymmetricKeyParameter
-{
-    private BigInteger      modulus;
-    private BigInteger      exponent;
-
-    public RSAKeyParameters(
-        boolean     isPrivate,
-        BigInteger  modulus,
-        BigInteger  exponent)
-    {
-        super(isPrivate);
-
-        this.modulus = modulus;
-        this.exponent = exponent;
-    }   
-
-    public BigInteger getModulus()
-    {
-        return modulus;
-    }
-
-    public BigInteger getExponent()
-    {
-        return exponent;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java
deleted file mode 100644
index b61cb5c48..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.bouncycastle.crypto.params;
-
-import java.math.BigInteger;
-
-public class RSAPrivateCrtKeyParameters
-    extends RSAKeyParameters
-{
-    private BigInteger  e;
-    private BigInteger  p;
-    private BigInteger  q;
-    private BigInteger  dP;
-    private BigInteger  dQ;
-    private BigInteger  qInv;
-
-    /**
-     * 
-     */
-    public RSAPrivateCrtKeyParameters(
-        BigInteger  modulus,
-        BigInteger  publicExponent,
-        BigInteger  privateExponent,
-        BigInteger  p,
-        BigInteger  q,
-        BigInteger  dP,
-        BigInteger  dQ,
-        BigInteger  qInv)
-    {
-        super(true, modulus, privateExponent);
-
-        this.e = publicExponent;
-        this.p = p;
-        this.q = q;
-        this.dP = dP;
-        this.dQ = dQ;
-        this.qInv = qInv;
-    }
-
-    public BigInteger getPublicExponent()
-    {
-        return e;
-    }
-
-    public BigInteger getP()
-    {
-        return p;
-    }
-
-    public BigInteger getQ()
-    {
-        return q;
-    }
-
-    public BigInteger getDP()
-    {
-        return dP;
-    }
-
-    public BigInteger getDQ()
-    {
-        return dQ;
-    }
-
-    public BigInteger getQInv()
-    {
-        return qInv;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/package.html
deleted file mode 100644
index 4e00a7548..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/params/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for parameter objects for ciphers and generators.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/DigestRandomGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/DigestRandomGenerator.java
deleted file mode 100644
index f36b62c23..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/DigestRandomGenerator.java
+++ /dev/null
@@ -1,123 +0,0 @@
-package org.bouncycastle.crypto.prng;
-
-import org.bouncycastle.crypto.Digest;
-
-/**
- * Random generation based on the digest with counter. Calling addSeedMaterial will
- * always increase the entropy of the hash.
- * 
    
- * Internal access to the digest is synchronized so a single one of these can be shared.
- * 
    
- */
-public class DigestRandomGenerator
-    implements RandomGenerator
-{
-    private static long         CYCLE_COUNT = 10;
-
-    private long                stateCounter;
-    private long                seedCounter;
-    private Digest              digest;
-    private byte[]              state;
-    private byte[]              seed;
-
-    // public constructors
-    public DigestRandomGenerator(
-        Digest digest)
-    {
-        this.digest = digest;
-
-        this.seed = new byte[digest.getDigestSize()];
-        this.seedCounter = 1;
-
-        this.state = new byte[digest.getDigestSize()];
-        this.stateCounter = 1;
-    }
-
-    public void addSeedMaterial(byte[] inSeed)
-    {
-        synchronized (this)
-        {
-            digestUpdate(inSeed);
-            digestUpdate(seed);
-            digestDoFinal(seed);
-        }
-    }
-
-    public void addSeedMaterial(long rSeed)
-    {
-        synchronized (this)
-        {
-            digestAddCounter(rSeed);
-            digestUpdate(seed);
-
-            digestDoFinal(seed);
-        }
-    }
-
-    public void nextBytes(byte[] bytes)
-    {
-        nextBytes(bytes, 0, bytes.length);
-    }
-
-    public void nextBytes(byte[] bytes, int start, int len)
-    {
-        synchronized (this)
-        {
-            int stateOff = 0;
-
-            generateState();
-
-            int end = start + len;
-            for (int i = start; i != end; i++)
-            {
-                if (stateOff == state.length)
-                {
-                    generateState();
-                    stateOff = 0;
-                }
-                bytes[i] = state[stateOff++];
-            }
-        }
-    }
-
-    private void cycleSeed()
-    {
-        digestUpdate(seed);
-        digestAddCounter(seedCounter++);
-
-        digestDoFinal(seed);
-    }
-
-    private void generateState()
-    {
-        digestAddCounter(stateCounter++);
-        digestUpdate(state);
-        digestUpdate(seed);
-
-        digestDoFinal(state);
-
-        if ((stateCounter % CYCLE_COUNT) == 0)
-        {
-            cycleSeed();
-        }
-    }
-
-    private void digestAddCounter(long seed)
-    {
-        for (int i = 0; i != 8; i++)
-        {
-            digest.update((byte)seed);
-            seed >>>= 8;
-        }
-    }
-
-    private void digestUpdate(byte[] inSeed)
-    {
-        digest.update(inSeed, 0, inSeed.length);
-    }
-
-    private void digestDoFinal(byte[] result)
-    {
-        digest.doFinal(result, 0);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/RandomGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/RandomGenerator.java
deleted file mode 100644
index 47ff68e3e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/RandomGenerator.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.bouncycastle.crypto.prng;
-
-/**
- * Generic interface for objects generating random bytes.
- */
-public interface RandomGenerator
-{
-    /**
-     * Add more seed material to the generator.
-     *
-     * @param seed a byte array to be mixed into the generator's state.
-     */
-    void addSeedMaterial(byte[] seed);
-
-    /**
-     * Add more seed material to the generator.
-     *
-     * @param seed a long value to be mixed into the generator's state.
-     */
-    void addSeedMaterial(long seed);
-
-    /**
-     * Fill bytes with random values.
-     *
-     * @param bytes byte array to be filled.
-     */
-    void nextBytes(byte[] bytes);
-
-    /**
-     * Fill part of bytes with random values.
-     *
-     * @param bytes byte array to be filled.
-     * @param start index to start filling at.
-     * @param len length of segment to fill.
-     */
-    void nextBytes(byte[] bytes, int start, int len);
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ReversedWindowGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ReversedWindowGenerator.java
deleted file mode 100644
index fbb2639ce..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ReversedWindowGenerator.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package org.bouncycastle.crypto.prng;
-
-/**
- * Takes bytes generated by an underling RandomGenerator and reverses the order in
- * each small window (of configurable size).
- * 
    
- * Access to internals is synchronized so a single one of these can be shared.
- * 
    
- */
-public class ReversedWindowGenerator
-    implements RandomGenerator
-{
-    private final RandomGenerator generator;
-
-    private byte[] window;
-    private int windowCount;
-
-    public ReversedWindowGenerator(
-        RandomGenerator generator,
-        int             windowSize)
-    {
-        if (generator == null)
-        {
-            throw new IllegalArgumentException("generator cannot be null");
-        }
-        if (windowSize < 2)
-        {
-            throw new IllegalArgumentException("windowSize must be at least 2");
-        }
-
-        this.generator = generator;
-        this.window = new byte[windowSize];
-    }
-
-    /**
-     * Add more seed material to the generator.
-     *
-     * @param seed a byte array to be mixed into the generator's state.
-     */
-    public void addSeedMaterial(
-        byte[] seed)
-    {
-        synchronized (this)
-        {
-            windowCount = 0;
-            generator.addSeedMaterial(seed);
-        }
-    }
-
-    /**
-     * Add more seed material to the generator.
-     *
-     * @param seed a long value to be mixed into the generator's state.
-     */
-    public void addSeedMaterial(
-        long seed)
-    {
-        synchronized (this)
-        {
-            windowCount = 0;
-            generator.addSeedMaterial(seed);
-        }
-    }
-
-    /**
-     * Fill bytes with random values.
-     *
-     * @param bytes byte array to be filled.
-     */
-    public void nextBytes(
-        byte[] bytes)
-    {
-        doNextBytes(bytes, 0, bytes.length);
-    }
-
-    /**
-     * Fill part of bytes with random values.
-     *
-     * @param bytes byte array to be filled.
-     * @param start index to start filling at.
-     * @param len length of segment to fill.
-     */
-    public void nextBytes(
-        byte[]  bytes,
-        int     start,
-        int     len)
-    {
-        doNextBytes(bytes, start, len);
-    }
-
-    private void doNextBytes(
-        byte[]  bytes,
-        int     start,
-        int     len)
-    {
-        synchronized (this)
-        {
-            int done = 0;
-            while (done < len)
-            {
-                if (windowCount < 1)
-                {
-                    generator.nextBytes(window, 0, window.length);
-                    windowCount = window.length;
-                }
-
-                bytes[start + done++] = window[--windowCount];
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ThreadedSeedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ThreadedSeedGenerator.java
deleted file mode 100644
index 6b2d5ec21..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/ThreadedSeedGenerator.java
+++ /dev/null
@@ -1,95 +0,0 @@
-package org.bouncycastle.crypto.prng;
-
-/**
- * A thread based seed generator - one source of randomness.
- * 
    
- * Based on an idea from Marcus Lippert.
- * 
    
- */
-public class ThreadedSeedGenerator
-{
-    private class SeedGenerator
-        implements Runnable
-    {
-        private volatile int counter = 0;
-        private volatile boolean stop = false;
-
-        public void run()
-        {
-            while (!this.stop)
-            {
-                this.counter++;
-            }
-
-        }
-
-        public byte[] generateSeed(
-            int numbytes,
-            boolean fast)
-        {
-            Thread t = new Thread(this);
-            byte[] result = new byte[numbytes];
-            this.counter = 0;
-            this.stop = false;
-            int last = 0;
-            int end;
-
-            t.start();
-            if(fast)
-            {
-                end = numbytes;
-            }
-            else
-            {
-                end = numbytes * 8;
-            }
-            for (int i = 0; i < end; i++)
-            {
-                while (this.counter == last)
-                {
-                    try
-                    {
-                        Thread.sleep(1);
-                    }
-                    catch (InterruptedException e)
-                    {
-                        // ignore
-                    }
-                }
-                last = this.counter;
-                if (fast)
-                {
-                    result[i] = (byte) (last & 0xff);
-                }
-                else
-                {
-                    int bytepos = i/8;
-                    result[bytepos] = (byte) ((result[bytepos] << 1) | (last & 1));
-                }
-
-            }
-            stop = true;
-            return result;
-        }
-    }
-
-    /**
-     * Generate seed bytes. Set fast to false for best quality.
-     * 
    
-     * If fast is set to true, the code should be round about 8 times faster when
-     * generating a long sequence of random bytes. 20 bytes of random values using
-     * the fast mode take less than half a second on a Nokia e70. If fast is set to false,
-     * it takes round about 2500 ms.
-     * 
    
-     * @param numBytes the number of bytes to generate
-     * @param fast true if fast mode should be used
-     */
-    public byte[] generateSeed(
-        int numBytes,
-        boolean fast)
-    {
-        SeedGenerator gen = new SeedGenerator();
-
-        return gen.generateSeed(numBytes, fast);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java
deleted file mode 100644
index d218e9788..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package org.bouncycastle.crypto.prng;
-
-public class VMPCRandomGenerator implements RandomGenerator
-{
-    private byte n = 0;
-
-    /**
-     * Permutation generated by code: 
-     * // First 1850 fractional digit of Pi number. 
-     * byte[] key = new BigInteger("14159265358979323846...5068006422512520511").toByteArray();
-     * s = 0;
-     * P = new byte[256];
-     * for (int i = 0; i < 256; i++) {
-     *     P[i] = (byte) i;
-     * }
-     * for (int m = 0; m < 768; m++) {
-     *     s = P[(s + P[m & 0xff] + key[m % key.length]) & 0xff];
-     *     byte temp = P[m & 0xff];
-     *     P[m & 0xff] = P[s & 0xff];
-     *     P[s & 0xff] = temp;
-     * } 
-     */
-    private byte[] P =
-    {
-        (byte) 0xbb, (byte) 0x2c, (byte) 0x62, (byte) 0x7f,
-        (byte) 0xb5, (byte) 0xaa, (byte) 0xd4, (byte) 0x0d, (byte) 0x81,
-        (byte) 0xfe, (byte) 0xb2, (byte) 0x82, (byte) 0xcb, (byte) 0xa0,
-        (byte) 0xa1, (byte) 0x08, (byte) 0x18, (byte) 0x71, (byte) 0x56,
-        (byte) 0xe8, (byte) 0x49, (byte) 0x02, (byte) 0x10, (byte) 0xc4,
-        (byte) 0xde, (byte) 0x35, (byte) 0xa5, (byte) 0xec, (byte) 0x80,
-        (byte) 0x12, (byte) 0xb8, (byte) 0x69, (byte) 0xda, (byte) 0x2f,
-        (byte) 0x75, (byte) 0xcc, (byte) 0xa2, (byte) 0x09, (byte) 0x36,
-        (byte) 0x03, (byte) 0x61, (byte) 0x2d, (byte) 0xfd, (byte) 0xe0,
-        (byte) 0xdd, (byte) 0x05, (byte) 0x43, (byte) 0x90, (byte) 0xad,
-        (byte) 0xc8, (byte) 0xe1, (byte) 0xaf, (byte) 0x57, (byte) 0x9b,
-        (byte) 0x4c, (byte) 0xd8, (byte) 0x51, (byte) 0xae, (byte) 0x50,
-        (byte) 0x85, (byte) 0x3c, (byte) 0x0a, (byte) 0xe4, (byte) 0xf3,
-        (byte) 0x9c, (byte) 0x26, (byte) 0x23, (byte) 0x53, (byte) 0xc9,
-        (byte) 0x83, (byte) 0x97, (byte) 0x46, (byte) 0xb1, (byte) 0x99,
-        (byte) 0x64, (byte) 0x31, (byte) 0x77, (byte) 0xd5, (byte) 0x1d,
-        (byte) 0xd6, (byte) 0x78, (byte) 0xbd, (byte) 0x5e, (byte) 0xb0,
-        (byte) 0x8a, (byte) 0x22, (byte) 0x38, (byte) 0xf8, (byte) 0x68,
-        (byte) 0x2b, (byte) 0x2a, (byte) 0xc5, (byte) 0xd3, (byte) 0xf7,
-        (byte) 0xbc, (byte) 0x6f, (byte) 0xdf, (byte) 0x04, (byte) 0xe5,
-        (byte) 0x95, (byte) 0x3e, (byte) 0x25, (byte) 0x86, (byte) 0xa6,
-        (byte) 0x0b, (byte) 0x8f, (byte) 0xf1, (byte) 0x24, (byte) 0x0e,
-        (byte) 0xd7, (byte) 0x40, (byte) 0xb3, (byte) 0xcf, (byte) 0x7e,
-        (byte) 0x06, (byte) 0x15, (byte) 0x9a, (byte) 0x4d, (byte) 0x1c,
-        (byte) 0xa3, (byte) 0xdb, (byte) 0x32, (byte) 0x92, (byte) 0x58,
-        (byte) 0x11, (byte) 0x27, (byte) 0xf4, (byte) 0x59, (byte) 0xd0,
-        (byte) 0x4e, (byte) 0x6a, (byte) 0x17, (byte) 0x5b, (byte) 0xac,
-        (byte) 0xff, (byte) 0x07, (byte) 0xc0, (byte) 0x65, (byte) 0x79,
-        (byte) 0xfc, (byte) 0xc7, (byte) 0xcd, (byte) 0x76, (byte) 0x42,
-        (byte) 0x5d, (byte) 0xe7, (byte) 0x3a, (byte) 0x34, (byte) 0x7a,
-        (byte) 0x30, (byte) 0x28, (byte) 0x0f, (byte) 0x73, (byte) 0x01,
-        (byte) 0xf9, (byte) 0xd1, (byte) 0xd2, (byte) 0x19, (byte) 0xe9,
-        (byte) 0x91, (byte) 0xb9, (byte) 0x5a, (byte) 0xed, (byte) 0x41,
-        (byte) 0x6d, (byte) 0xb4, (byte) 0xc3, (byte) 0x9e, (byte) 0xbf,
-        (byte) 0x63, (byte) 0xfa, (byte) 0x1f, (byte) 0x33, (byte) 0x60,
-        (byte) 0x47, (byte) 0x89, (byte) 0xf0, (byte) 0x96, (byte) 0x1a,
-        (byte) 0x5f, (byte) 0x93, (byte) 0x3d, (byte) 0x37, (byte) 0x4b,
-        (byte) 0xd9, (byte) 0xa8, (byte) 0xc1, (byte) 0x1b, (byte) 0xf6,
-        (byte) 0x39, (byte) 0x8b, (byte) 0xb7, (byte) 0x0c, (byte) 0x20,
-        (byte) 0xce, (byte) 0x88, (byte) 0x6e, (byte) 0xb6, (byte) 0x74,
-        (byte) 0x8e, (byte) 0x8d, (byte) 0x16, (byte) 0x29, (byte) 0xf2,
-        (byte) 0x87, (byte) 0xf5, (byte) 0xeb, (byte) 0x70, (byte) 0xe3,
-        (byte) 0xfb, (byte) 0x55, (byte) 0x9f, (byte) 0xc6, (byte) 0x44,
-        (byte) 0x4a, (byte) 0x45, (byte) 0x7d, (byte) 0xe2, (byte) 0x6b,
-        (byte) 0x5c, (byte) 0x6c, (byte) 0x66, (byte) 0xa9, (byte) 0x8c,
-        (byte) 0xee, (byte) 0x84, (byte) 0x13, (byte) 0xa7, (byte) 0x1e,
-        (byte) 0x9d, (byte) 0xdc, (byte) 0x67, (byte) 0x48, (byte) 0xba,
-        (byte) 0x2e, (byte) 0xe6, (byte) 0xa4, (byte) 0xab, (byte) 0x7c,
-        (byte) 0x94, (byte) 0x00, (byte) 0x21, (byte) 0xef, (byte) 0xea,
-        (byte) 0xbe, (byte) 0xca, (byte) 0x72, (byte) 0x4f, (byte) 0x52,
-        (byte) 0x98, (byte) 0x3f, (byte) 0xc2, (byte) 0x14, (byte) 0x7b,
-        (byte) 0x3b, (byte) 0x54 };
-
-    /**
-     * Value generated in the same way as {@link VMPCRandomGenerator#P};
-     */
-    private byte s = (byte) 0xbe;
-
-    public VMPCRandomGenerator()
-    {
-    }
-
-    public void addSeedMaterial(byte[] seed)
-    {
-        for (int m = 0; m < seed.length; m++)
-        {
-            s = P[(s + P[n & 0xff] + seed[m]) & 0xff];
-            byte temp = P[n & 0xff];
-            P[n & 0xff] = P[s & 0xff];
-            P[s & 0xff] = temp;
-            n = (byte) ((n + 1) & 0xff);
-        }
-    }
-
-    public void addSeedMaterial(long seed)
-    {
-        byte[] s = new byte[4];
-        s[3] = (byte) (seed & 0x000000ff);
-        s[2] = (byte) ((seed & 0x0000ff00) >> 8);
-        s[1] = (byte) ((seed & 0x00ff0000) >> 16);
-        s[0] = (byte) ((seed & 0xff000000) >> 24);
-        addSeedMaterial(s);
-    }
-
-    public void nextBytes(byte[] bytes)
-    {
-        nextBytes(bytes, 0, bytes.length);
-    }
-
-    public void nextBytes(byte[] bytes, int start, int len)
-    {
-        synchronized (P)
-        {
-            int end = start + len;
-            for (int i = start; i != end; i++)
-            {
-                s = P[(s + P[n & 0xff]) & 0xff];
-                bytes[i] = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff];
-                byte temp = P[n & 0xff];
-                P[n & 0xff] = P[s & 0xff];
-                P[s & 0xff] = temp;
-                n = (byte) ((n + 1) & 0xff);
-            }
-        }
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/package.html
deleted file mode 100644
index 99525fbf0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/prng/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Lightweight psuedo-random number generators.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
deleted file mode 100644
index 79ab96f41..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
+++ /dev/null
@@ -1,154 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-public class DSADigestSigner
-    implements Signer
-{
-    private final Digest digest;
-    private final DSA dsaSigner;
-    private boolean forSigning;
-
-    public DSADigestSigner(
-        DSA    signer,
-        Digest digest)
-    {
-        this.digest = digest;
-        this.dsaSigner = signer;
-    }
-
-    public void init(
-        boolean           forSigning,
-        CipherParameters   parameters)
-    {
-        this.forSigning = forSigning;
-
-        AsymmetricKeyParameter k;
-
-        if (parameters instanceof ParametersWithRandom)
-        {
-            k = (AsymmetricKeyParameter)((ParametersWithRandom)parameters).getParameters();
-        }
-        else
-        {
-            k = (AsymmetricKeyParameter)parameters;
-        }
-
-        if (forSigning && !k.isPrivate())
-        {
-            throw new IllegalArgumentException("Signing Requires Private Key.");
-        }
-
-        if (!forSigning && k.isPrivate())
-        {
-            throw new IllegalArgumentException("Verification Requires Public Key.");
-        }
-
-        reset();
-
-        dsaSigner.init(forSigning, parameters);
-    }
-
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(
-        byte input)
-    {
-        digest.update(input);
-    }
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(
-        byte[]  input,
-        int     inOff,
-        int     length)
-    {
-        digest.update(input, inOff, length);
-    }
-
-    /**
-     * Generate a signature for the message we've been loaded with using
-     * the key we were initialised with.
-     */
-    public byte[] generateSignature()
-    {
-        if (!forSigning)
-        {
-            throw new IllegalStateException("DSADigestSigner not initialised for signature generation.");
-        }
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        BigInteger[] sig = dsaSigner.generateSignature(hash);
-
-        return derEncode(sig[0], sig[1]);
-    }
-
-    public boolean verifySignature(
-        byte[] signature)
-    {
-        if (forSigning)
-        {
-            throw new IllegalStateException("DSADigestSigner not initialised for verification");
-        }
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        try
-        {
-            BigInteger[] sig = derDecode(signature);
-            return dsaSigner.verifySignature(hash, sig[0], sig[1]);
-        }
-        catch (IOException e)
-        {
-            return false;
-        }
-    }
-
-    public void reset()
-    {
-        digest.reset();
-    }
-
-    private byte[] derEncode(
-        BigInteger  r,
-        BigInteger  s)
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(new DERInteger(r));
-        v.add(new DERInteger(s));
-
-        return new DERSequence(v).getDEREncoded();
-    }
-
-    private BigInteger[] derDecode(
-        byte[] encoding)
-        throws IOException
-    {
-        ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(encoding);
-
-        return new BigInteger[]
-        {
-            ((DERInteger)s.getObjectAt(0)).getValue(),
-            ((DERInteger)s.getObjectAt(1)).getValue()
-        };
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
deleted file mode 100644
index a96cef077..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.DSAKeyParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * The Digital Signature Algorithm - as described in "Handbook of Applied
- * Cryptography", pages 452 - 453.
- */
-public class DSASigner
-    implements DSA
-{
-    DSAKeyParameters key;
-
-    SecureRandom    random;
-
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
-    {
-        if (forSigning)
-        {
-            if (param instanceof ParametersWithRandom)
-            {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                this.random = rParam.getRandom();
-                this.key = (DSAPrivateKeyParameters)rParam.getParameters();
-            }
-            else
-            {
-                this.random = new SecureRandom();
-                this.key = (DSAPrivateKeyParameters)param;
-            }
-        }
-        else
-        {
-            this.key = (DSAPublicKeyParameters)param;
-        }
-    }
-
-    /**
-     * generate a signature for the given message using the key we were
-     * initialised with. For conventional DSA the message should be a SHA-1
-     * hash of the message of interest.
-     *
-     * @param message the message that will be verified later.
-     */
-    public BigInteger[] generateSignature(
-        byte[] message)
-    {
-        DSAParameters   params = key.getParameters();
-        BigInteger      m = calculateE(params.getQ(), message);
-        BigInteger      k;
-        int                  qBitLength = params.getQ().bitLength();
-
-        do 
-        {
-            k = new BigInteger(qBitLength, random);
-        }
-        while (k.compareTo(params.getQ()) >= 0);
-
-        BigInteger  r = params.getG().modPow(k, params.getP()).mod(params.getQ());
-
-        k = k.modInverse(params.getQ()).multiply(
-                    m.add(((DSAPrivateKeyParameters)key).getX().multiply(r)));
-
-        BigInteger  s = k.mod(params.getQ());
-
-        BigInteger[]  res = new BigInteger[2];
-
-        res[0] = r;
-        res[1] = s;
-
-        return res;
-    }
-
-    /**
-     * return true if the value r and s represent a DSA signature for
-     * the passed in message for standard DSA the message should be a
-     * SHA-1 hash of the real message to be verified.
-     */
-    public boolean verifySignature(
-        byte[]      message,
-        BigInteger  r,
-        BigInteger  s)
-    {
-        DSAParameters   params = key.getParameters();
-        BigInteger      m = calculateE(params.getQ(), message);
-        BigInteger      zero = BigInteger.valueOf(0);
-
-        if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0)
-        {
-            return false;
-        }
-
-        if (zero.compareTo(s) >= 0 || params.getQ().compareTo(s) <= 0)
-        {
-            return false;
-        }
-
-        BigInteger  w = s.modInverse(params.getQ());
-
-        BigInteger  u1 = m.multiply(w).mod(params.getQ());
-        BigInteger  u2 = r.multiply(w).mod(params.getQ());
-
-        u1 = params.getG().modPow(u1, params.getP());
-        u2 = ((DSAPublicKeyParameters)key).getY().modPow(u2, params.getP());
-
-        BigInteger  v = u1.multiply(u2).mod(params.getP()).mod(params.getQ());
-
-        return v.equals(r);
-    }
-
-    private BigInteger calculateE(BigInteger n, byte[] message)
-    {
-        if (n.bitLength() >= message.length * 8)
-        {
-            return new BigInteger(1, message);
-        }
-        else
-        {
-            byte[] trunc = new byte[n.bitLength() / 8];
-
-            System.arraycopy(message, 0, trunc, 0, trunc.length);
-
-            return new BigInteger(1, trunc);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
deleted file mode 100644
index 99217b02a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.ECKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.math.ec.ECAlgorithms;
-import org.bouncycastle.math.ec.ECConstants;
-import org.bouncycastle.math.ec.ECPoint;
-
-/**
- * EC-DSA as described in X9.62
- */
-public class ECDSASigner
-    implements ECConstants, DSA
-{
-    ECKeyParameters key;
-
-    SecureRandom    random;
-
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
-    {
-        if (forSigning)
-        {
-            if (param instanceof ParametersWithRandom)
-            {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                this.random = rParam.getRandom();
-                this.key = (ECPrivateKeyParameters)rParam.getParameters();
-            }
-            else
-            {
-                this.random = new SecureRandom();
-                this.key = (ECPrivateKeyParameters)param;
-            }
-        }
-        else
-        {
-            this.key = (ECPublicKeyParameters)param;
-        }
-    }
-
-    // 5.3 pg 28
-    /**
-     * generate a signature for the given message using the key we were
-     * initialised with. For conventional DSA the message should be a SHA-1
-     * hash of the message of interest.
-     *
-     * @param message the message that will be verified later.
-     */
-    public BigInteger[] generateSignature(
-        byte[] message)
-    {
-        BigInteger n = key.getParameters().getN();
-        BigInteger e = calculateE(n, message);
-        BigInteger r = null;
-        BigInteger s = null;
-
-        // 5.3.2
-        do // generate s
-        {
-            BigInteger k = null;
-            int        nBitLength = n.bitLength();
-
-            do // generate r
-            {
-                do
-                {
-                    k = new BigInteger(nBitLength, random);
-                }
-                while (k.equals(ZERO) || k.compareTo(n) >= 0);
-
-                ECPoint p = key.getParameters().getG().multiply(k);
-
-                // 5.3.3
-                BigInteger x = p.getX().toBigInteger();
-
-                r = x.mod(n);
-            }
-            while (r.equals(ZERO));
-
-            BigInteger d = ((ECPrivateKeyParameters)key).getD();
-
-            s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n);
-        }
-        while (s.equals(ZERO));
-
-        BigInteger[]  res = new BigInteger[2];
-
-        res[0] = r;
-        res[1] = s;
-
-        return res;
-    }
-
-    // 5.4 pg 29
-    /**
-     * return true if the value r and s represent a DSA signature for
-     * the passed in message (for standard DSA the message should be
-     * a SHA-1 hash of the real message to be verified).
-     */
-    public boolean verifySignature(
-        byte[]      message,
-        BigInteger  r,
-        BigInteger  s)
-    {
-        BigInteger n = key.getParameters().getN();
-        BigInteger e = calculateE(n, message);
-
-        // r in the range [1,n-1]
-        if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0)
-        {
-            return false;
-        }
-
-        // s in the range [1,n-1]
-        if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0)
-        {
-            return false;
-        }
-
-        BigInteger c = s.modInverse(n);
-
-        BigInteger u1 = e.multiply(c).mod(n);
-        BigInteger u2 = r.multiply(c).mod(n);
-
-        ECPoint G = key.getParameters().getG();
-        ECPoint Q = ((ECPublicKeyParameters)key).getQ();
-
-        ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
-
-        BigInteger v = point.getX().toBigInteger().mod(n);
-
-        return v.equals(r);
-    }
-
-    private BigInteger calculateE(BigInteger n, byte[] message)
-    {  
-        if (n.bitLength() > message.length * 8)
-        {
-            return new BigInteger(1, message);
-        }
-        else
-        {
-            int messageBitLength = message.length * 8;
-            BigInteger trunc = new BigInteger(1, message);
-
-            if (messageBitLength - n.bitLength() > 0)
-            {
-                trunc = trunc.shiftRight(messageBitLength - n.bitLength());
-            }
-
-            return trunc;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java
deleted file mode 100644
index 777cc8d16..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java
+++ /dev/null
@@ -1,152 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.ECKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.math.ec.ECAlgorithms;
-import org.bouncycastle.math.ec.ECConstants;
-import org.bouncycastle.math.ec.ECPoint;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * GOST R 34.10-2001 Signature Algorithm
- */
-public class ECGOST3410Signer
-    implements DSA
-{
-    ECKeyParameters key;
-
-    SecureRandom    random;
-
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
-    {
-        if (forSigning)
-        {
-            if (param instanceof ParametersWithRandom)
-            {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                this.random = rParam.getRandom();
-                this.key = (ECPrivateKeyParameters)rParam.getParameters();
-            }
-            else
-            {
-                this.random = new SecureRandom();
-                this.key = (ECPrivateKeyParameters)param;
-            }
-        }
-        else
-        {
-            this.key = (ECPublicKeyParameters)param;
-        }
-    }
-
-    /**
-     * generate a signature for the given message using the key we were
-     * initialised with. For conventional GOST3410 the message should be a GOST3411
-     * hash of the message of interest.
-     *
-     * @param message the message that will be verified later.
-     */
-    public BigInteger[] generateSignature(
-        byte[] message)
-    {
-        byte[] mRev = new byte[message.length]; // conversion is little-endian
-        for (int i = 0; i != mRev.length; i++)
-        {
-            mRev[i] = message[mRev.length - 1 - i];
-        }
-        
-        BigInteger e = new BigInteger(1, mRev);
-        BigInteger n = key.getParameters().getN();
-
-        BigInteger r = null;
-        BigInteger s = null;
-
-        do // generate s
-        {
-            BigInteger k = null;
-
-            do // generate r
-            {
-                do
-                {
-                    k = new BigInteger(n.bitLength(), random);
-                }
-                while (k.equals(ECConstants.ZERO));
-
-                ECPoint p = key.getParameters().getG().multiply(k);
-
-                BigInteger x = p.getX().toBigInteger();
-
-                r = x.mod(n);
-            }
-            while (r.equals(ECConstants.ZERO));
-
-            BigInteger d = ((ECPrivateKeyParameters)key).getD();
-
-            s = (k.multiply(e)).add(d.multiply(r)).mod(n);
-        }
-        while (s.equals(ECConstants.ZERO));
-
-        BigInteger[]  res = new BigInteger[2];
-
-        res[0] = r;
-        res[1] = s;
-
-        return res;
-    }
-
-    /**
-     * return true if the value r and s represent a GOST3410 signature for
-     * the passed in message (for standard GOST3410 the message should be
-     * a GOST3411 hash of the real message to be verified).
-     */
-    public boolean verifySignature(
-        byte[]      message,
-        BigInteger  r,
-        BigInteger  s)
-    {
-        byte[] mRev = new byte[message.length]; // conversion is little-endian
-        for (int i = 0; i != mRev.length; i++)
-        {
-            mRev[i] = message[mRev.length - 1 - i];
-        }
-        
-        BigInteger e = new BigInteger(1, mRev);
-        BigInteger n = key.getParameters().getN();
-
-        // r in the range [1,n-1]
-        if (r.compareTo(ECConstants.ONE) < 0 || r.compareTo(n) >= 0)
-        {
-            return false;
-        }
-
-        // s in the range [1,n-1]
-        if (s.compareTo(ECConstants.ONE) < 0 || s.compareTo(n) >= 0)
-        {
-            return false;
-        }
-
-        BigInteger v = e.modInverse(n);
-
-        BigInteger z1 = s.multiply(v).mod(n);
-        BigInteger z2 = (n.subtract(r)).multiply(v).mod(n);
-
-        ECPoint G = key.getParameters().getG(); // P
-        ECPoint Q = ((ECPublicKeyParameters)key).getQ();
-
-        ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, z1, Q, z2);
-
-        BigInteger R = point.getX().toBigInteger().mod(n);
-
-        return R.equals(r);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java
deleted file mode 100644
index 5651bbf50..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java
+++ /dev/null
@@ -1,182 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
-import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
-import org.bouncycastle.crypto.params.ECKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.math.ec.ECAlgorithms;
-import org.bouncycastle.math.ec.ECConstants;
-import org.bouncycastle.math.ec.ECPoint;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * EC-NR as described in IEEE 1363-2000
- */
-public class ECNRSigner
-    implements DSA
-{
-    private boolean             forSigning;
-    private ECKeyParameters     key;
-    private SecureRandom        random;
-
-    public void init(
-        boolean          forSigning, 
-        CipherParameters param) 
-    {
-        this.forSigning = forSigning;
-        
-        if (forSigning)
-        {
-            if (param instanceof ParametersWithRandom)
-            {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                this.random = rParam.getRandom();
-                this.key = (ECPrivateKeyParameters)rParam.getParameters();
-            }
-            else
-            {
-                this.random = new SecureRandom();
-                this.key = (ECPrivateKeyParameters)param;
-            }
-        }
-        else
-        {
-            this.key = (ECPublicKeyParameters)param;
-        }
-    }
-
-    // Section 7.2.5 ECSP-NR, pg 34
-    /**
-     * generate a signature for the given message using the key we were
-     * initialised with.  Generally, the order of the curve should be at 
-     * least as long as the hash of the message of interest, and with 
-     * ECNR it *must* be at least as long.  
-     *
-     * @param digest  the digest to be signed.
-     * @exception DataLengthException if the digest is longer than the key allows
-     */
-    public BigInteger[] generateSignature(
-        byte[] digest)
-    {
-        if (! this.forSigning) 
-        {
-            throw new IllegalStateException("not initialised for signing");
-        }
-        
-        BigInteger n = ((ECPrivateKeyParameters)this.key).getParameters().getN();
-        int nBitLength = n.bitLength();
-        
-        BigInteger e = new BigInteger(1, digest);
-        int eBitLength = e.bitLength();
-        
-        ECPrivateKeyParameters  privKey = (ECPrivateKeyParameters)key;
-               
-        if (eBitLength > nBitLength) 
-        {
-            throw new DataLengthException("input too large for ECNR key.");
-        }
-
-        BigInteger r = null;
-        BigInteger s = null;
-
-        AsymmetricCipherKeyPair tempPair;
-        do // generate r
-        {
-            // generate another, but very temporary, key pair using 
-            // the same EC parameters
-            ECKeyPairGenerator keyGen = new ECKeyPairGenerator();
-            
-            keyGen.init(new ECKeyGenerationParameters(privKey.getParameters(), this.random));
-            
-            tempPair = keyGen.generateKeyPair();
-
-            //    BigInteger Vx = tempPair.getPublic().getW().getAffineX();
-            ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic();        // get temp's public key
-            BigInteger Vx = V.getQ().getX().toBigInteger();        // get the point's x coordinate
-            
-            r = Vx.add(e).mod(n);
-        }
-        while (r.equals(ECConstants.ZERO));
-
-        // generate s
-        BigInteger x = privKey.getD();                // private key value
-        BigInteger u = ((ECPrivateKeyParameters)tempPair.getPrivate()).getD();    // temp's private key value
-        s = u.subtract(r.multiply(x)).mod(n);
-
-        BigInteger[]  res = new BigInteger[2];
-        res[0] = r;
-        res[1] = s;
-
-        return res;
-    }
-
-    // Section 7.2.6 ECVP-NR, pg 35
-    /**
-     * return true if the value r and s represent a signature for the 
-     * message passed in. Generally, the order of the curve should be at 
-     * least as long as the hash of the message of interest, and with 
-     * ECNR, it *must* be at least as long.  But just in case the signer
-     * applied mod(n) to the longer digest, this implementation will
-     * apply mod(n) during verification.
-     *
-     * @param digest  the digest to be verified.
-     * @param r       the r value of the signature.
-     * @param s       the s value of the signature.
-     * @exception DataLengthException if the digest is longer than the key allows
-     */
-    public boolean verifySignature(
-        byte[]      digest,
-        BigInteger  r,
-        BigInteger  s)
-    {
-        if (this.forSigning) 
-        {
-            throw new IllegalStateException("not initialised for verifying");
-        }
-
-        ECPublicKeyParameters pubKey = (ECPublicKeyParameters)key;
-        BigInteger n = pubKey.getParameters().getN();
-        int nBitLength = n.bitLength();
-        
-        BigInteger e = new BigInteger(1, digest);
-        int eBitLength = e.bitLength();
-        
-        if (eBitLength > nBitLength) 
-        {
-            throw new DataLengthException("input too large for ECNR key.");
-        }
-        
-        // r in the range [1,n-1]
-        if (r.compareTo(ECConstants.ONE) < 0 || r.compareTo(n) >= 0) 
-        {
-            return false;
-        }
-
-        // s in the range [0,n-1]           NB: ECNR spec says 0
-        if (s.compareTo(ECConstants.ZERO) < 0 || s.compareTo(n) >= 0) 
-        {
-            return false;
-        }
-
-        // compute P = sG + rW
-
-        ECPoint G = pubKey.getParameters().getG();
-        ECPoint W = pubKey.getQ();
-        // calculate P using Bouncy math
-        ECPoint P = ECAlgorithms.sumOfTwoMultiplies(G, s, W, r);
-
-        BigInteger x = P.getX().toBigInteger();
-        BigInteger t = r.subtract(x).mod(n);
-
-        return t.equals(e);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java
deleted file mode 100644
index 9fcc41b91..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java
+++ /dev/null
@@ -1,127 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.*;
-
-import java.security.SecureRandom;
-import java.math.BigInteger;
-
-/**
- * GOST R 34.10-94 Signature Algorithm
- */
-public class GOST3410Signer
-        implements DSA
-{
-        GOST3410KeyParameters key;
-
-        SecureRandom    random;
-
-        public void init(
-            boolean                 forSigning,
-            CipherParameters        param)
-        {
-            if (forSigning)
-            {
-                if (param instanceof ParametersWithRandom)
-                {
-                    ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                    this.random = rParam.getRandom();
-                    this.key = (GOST3410PrivateKeyParameters)rParam.getParameters();
-                }
-                else
-                {
-                    this.random = new SecureRandom();
-                    this.key = (GOST3410PrivateKeyParameters)param;
-                }
-            }
-            else
-            {
-                this.key = (GOST3410PublicKeyParameters)param;
-            }
-        }
-
-        /**
-         * generate a signature for the given message using the key we were
-         * initialised with. For conventional GOST3410 the message should be a GOST3411
-         * hash of the message of interest.
-         *
-         * @param message the message that will be verified later.
-         */
-        public BigInteger[] generateSignature(
-            byte[] message)
-        {
-            byte[] mRev = new byte[message.length]; // conversion is little-endian
-            for (int i = 0; i != mRev.length; i++)
-            {
-                mRev[i] = message[mRev.length - 1 - i];
-            }
-            
-            BigInteger      m = new BigInteger(1, mRev);
-            GOST3410Parameters   params = key.getParameters();
-            BigInteger      k;
-
-            do
-            {
-                k = new BigInteger(params.getQ().bitLength(), random);
-            }
-            while (k.compareTo(params.getQ()) >= 0);
-
-            BigInteger  r = params.getA().modPow(k, params.getP()).mod(params.getQ());
-
-            BigInteger  s = k.multiply(m).
-                                add(((GOST3410PrivateKeyParameters)key).getX().multiply(r)).
-                                    mod(params.getQ());
-
-            BigInteger[]  res = new BigInteger[2];
-
-            res[0] = r;
-            res[1] = s;
-
-            return res;
-        }
-
-        /**
-         * return true if the value r and s represent a GOST3410 signature for
-         * the passed in message for standard GOST3410 the message should be a
-         * GOST3411 hash of the real message to be verified.
-         */
-        public boolean verifySignature(
-            byte[]      message,
-            BigInteger  r,
-            BigInteger  s)
-        {
-            byte[] mRev = new byte[message.length]; // conversion is little-endian
-            for (int i = 0; i != mRev.length; i++)
-            {
-                mRev[i] = message[mRev.length - 1 - i];
-            }
-            
-            BigInteger           m = new BigInteger(1, mRev);
-            GOST3410Parameters   params = key.getParameters();
-            BigInteger           zero = BigInteger.valueOf(0);
-
-            if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0)
-            {
-                return false;
-            }
-
-            if (zero.compareTo(s) >= 0 || params.getQ().compareTo(s) <= 0)
-            {
-                return false;
-            }
-
-            BigInteger  v = m.modPow(params.getQ().subtract(new BigInteger("2")),params.getQ());
-
-            BigInteger  z1 = s.multiply(v).mod(params.getQ());
-            BigInteger  z2 = (params.getQ().subtract(r)).multiply(v).mod(params.getQ());
-            
-            z1 = params.getA().modPow(z1, params.getP());
-            z2 = ((GOST3410PublicKeyParameters)key).getY().modPow(z2, params.getP());
-
-            BigInteger  u = z1.multiply(z2).mod(params.getP()).mod(params.getQ());
-
-            return u.equals(r);
-        }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java
deleted file mode 100644
index 6819e1414..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java
+++ /dev/null
@@ -1,136 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Arrays;
-
-public class GenericSigner
-    implements Signer
-{
-    private final AsymmetricBlockCipher engine;
-    private final Digest digest;
-    private boolean forSigning;
-
-    public GenericSigner(
-        AsymmetricBlockCipher engine,
-        Digest                digest)
-    {
-        this.engine = engine;
-        this.digest = digest;
-    }
-
-    /**
-     * initialise the signer for signing or verification.
-     *
-     * @param forSigning
-     *            true if for signing, false otherwise
-     * @param parameters
-     *            necessary parameters.
-     */
-    public void init(
-        boolean          forSigning,
-        CipherParameters parameters)
-    {
-        this.forSigning = forSigning;
-        AsymmetricKeyParameter k;
-
-        if (parameters instanceof ParametersWithRandom)
-        {
-            k = (AsymmetricKeyParameter)((ParametersWithRandom)parameters).getParameters();
-        }
-        else
-        {
-            k = (AsymmetricKeyParameter)parameters;
-        }
-
-        if (forSigning && !k.isPrivate())
-        {
-            throw new IllegalArgumentException("signing requires private key");
-        }
-
-        if (!forSigning && k.isPrivate())
-        {
-            throw new IllegalArgumentException("verification requires public key");
-        }
-
-        reset();
-
-        engine.init(forSigning, parameters);
-    }
-
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(
-        byte input)
-    {
-        digest.update(input);
-    }
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(
-        byte[]  input,
-        int     inOff,
-        int     length)
-    {
-        digest.update(input, inOff, length);
-    }
-
-    /**
-     * Generate a signature for the message we've been loaded with using the key
-     * we were initialised with.
-     */
-    public byte[] generateSignature()
-        throws CryptoException, DataLengthException
-    {
-        if (!forSigning)
-        {
-            throw new IllegalStateException("GenericSigner not initialised for signature generation.");
-        }
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        return engine.processBlock(hash, 0, hash.length);
-    }
-
-    /**
-     * return true if the internal state represents the signature described in
-     * the passed in array.
-     */
-    public boolean verifySignature(
-        byte[] signature)
-    {
-        if (forSigning)
-        {
-            throw new IllegalStateException("GenericSigner not initialised for verification");
-        }
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        try
-        {
-            byte[] sig = engine.processBlock(signature, 0, signature.length);
-
-            return Arrays.constantTimeAreEqual(sig, hash);
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-    }
-
-    public void reset()
-    {
-        digest.reset();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
deleted file mode 100644
index 684eea3d4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
+++ /dev/null
@@ -1,621 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.SignerWithRecovery;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.ParametersWithSalt;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-/**
- * ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).
- * 
    
- * Note: the usual length for the salt is the length of the hash 
- * function used in bytes.
- */
-public class ISO9796d2PSSSigner
-    implements SignerWithRecovery
-{
-    static final public int   TRAILER_IMPLICIT    = 0xBC;
-    static final public int   TRAILER_RIPEMD160   = 0x31CC;
-    static final public int   TRAILER_RIPEMD128   = 0x32CC;
-    static final public int   TRAILER_SHA1        = 0x33CC;
-
-    private Digest                      digest;
-    private AsymmetricBlockCipher       cipher;
-    
-    private SecureRandom                random;
-    private byte[]                      standardSalt;
-
-    private int         hLen;
-    private int         trailer;
-    private int         keyBits;
-    private byte[]      block;
-    private byte[]      mBuf;
-    private int         messageLength;
-    private int         saltLength;
-    private boolean     fullMessage;
-    private byte[]      recoveredMessage;
-
-    /**
-     * Generate a signer for the with either implicit or explicit trailers
-     * for ISO9796-2, scheme 2 or 3.
-     * 
-     * @param cipher base cipher to use for signature creation/verification
-     * @param digest digest to use.
-     * @param saltLength length of salt in bytes.
-     * @param implicit whether or not the trailer is implicit or gives the hash.
-     */
-    public ISO9796d2PSSSigner(
-        AsymmetricBlockCipher   cipher,
-        Digest                  digest,
-        int                     saltLength,
-        boolean                 implicit)
-    {
-        this.cipher = cipher;
-        this.digest = digest;
-        this.hLen = digest.getDigestSize();
-        this.saltLength = saltLength;
-
-        if (implicit)
-        {
-            trailer = TRAILER_IMPLICIT;
-        }
-        else
-        {
-            if (digest instanceof SHA1Digest)
-            {
-                trailer = TRAILER_SHA1;
-            }
-            else if (digest instanceof RIPEMD160Digest)
-            {
-                trailer = TRAILER_RIPEMD160;
-            }
-            else if (digest instanceof RIPEMD128Digest)
-            {
-                trailer = TRAILER_RIPEMD128;
-            }
-            else
-            {
-                throw new IllegalArgumentException("no valid trailer for digest");
-            }
-        }
-    }
-
-    /**
-     * Constructor for a signer with an explicit digest trailer.
-     * 
-     * @param cipher cipher to use.
-     * @param digest digest to sign with.
-     * @param saltLength length of salt in bytes.
-     */
-    public ISO9796d2PSSSigner(
-        AsymmetricBlockCipher   cipher,
-        Digest                  digest,
-        int                     saltLength)
-    {
-        this(cipher, digest, saltLength, false);
-    }
-    
-    /**
-     * Initialise the signer.
-     * 
-     * @param forSigning true if for signing, false if for verification.
-     * @param param parameters for signature generation/verification. If the
-     * parameters are for generation they should be a ParametersWithRandom,
-     * a ParametersWithSalt, or just an RSAKeyParameters object. If RSAKeyParameters
-     * are passed in a SecureRandom will be created.
-     * @exception IllegalArgumentException if wrong parameter type or a fixed 
-     * salt is passed in which is the wrong length.
-     */
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
-    {
-        RSAKeyParameters    kParam;
-        int                 lengthOfSalt = saltLength;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    p = (ParametersWithRandom)param;
-
-            kParam = (RSAKeyParameters)p.getParameters();
-            if (forSigning)
-            {
-                random = p.getRandom();
-            }
-        }
-        else if (param instanceof ParametersWithSalt)
-        {
-            ParametersWithSalt    p = (ParametersWithSalt)param;
-
-            kParam = (RSAKeyParameters)p.getParameters();
-            standardSalt = p.getSalt();
-            lengthOfSalt = standardSalt.length;
-            if (standardSalt.length != saltLength)
-            {
-                throw new IllegalArgumentException("Fixed salt is of wrong length");
-            }
-        }
-        else
-        {
-            kParam = (RSAKeyParameters)param;
-            if (forSigning)
-            {
-                random = new SecureRandom();
-            }
-        }
-        
-        cipher.init(forSigning, kParam);
-
-        keyBits = kParam.getModulus().bitLength();
-
-        block = new byte[(keyBits + 7) / 8];
-        
-        if (trailer == TRAILER_IMPLICIT)
-        {
-            mBuf = new byte[block.length - digest.getDigestSize() - lengthOfSalt - 1 - 1];
-        }
-        else
-        {
-            mBuf = new byte[block.length - digest.getDigestSize() - lengthOfSalt - 1 - 2];
-        }
-
-        reset();
-    }
-
-    /**
-     * compare two byte arrays - constant time
-     */
-    private boolean isSameAs(
-        byte[]    a,
-        byte[]    b)
-    {
-        boolean isOkay = true;
-
-        if (messageLength != b.length)
-        {
-            isOkay = false;
-        }
-
-        for (int i = 0; i != b.length; i++)
-        {
-            if (a[i] != b[i])
-            {
-                isOkay = false;
-            }
-        }
-
-        return isOkay;
-    }
-    
-    /**
-     * clear possible sensitive data
-     */
-    private void clearBlock(
-        byte[]  block)
-    {
-        for (int i = 0; i != block.length; i++)
-        {
-            block[i] = 0;
-        }
-    }
-
-    public void updateWithRecoveredMessage(byte[] signature)
-        throws InvalidCipherTextException
-    {
-        throw new RuntimeException("not implemented"); // TODO:
-    }
-
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(
-        byte    b)
-    {
-        if (messageLength < mBuf.length)
-        {
-            mBuf[messageLength++] = b;
-        }
-        else
-        {
-            digest.update(b);
-        }
-    }
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(
-        byte[]  in,
-        int     off,
-        int     len)
-    {
-        while (len > 0 && messageLength < mBuf.length)
-        {
-            this.update(in[off]);
-            off++;
-            len--;
-        }
-        
-        if (len > 0)
-        {
-            digest.update(in, off, len);
-        }
-    }
-
-    /**
-     * reset the internal state
-     */
-    public void reset()
-    {
-        digest.reset();
-        messageLength = 0;
-        if (mBuf != null)
-        {
-            clearBlock(mBuf);
-        }
-        if (recoveredMessage != null)
-        {
-            clearBlock(recoveredMessage);
-            recoveredMessage = null;
-        }
-        fullMessage = false;
-    }
-
-    /**
-     * generate a signature for the loaded message using the key we were
-     * initialised with.
-     */
-    public byte[] generateSignature()
-        throws CryptoException
-    {
-        int     digSize = digest.getDigestSize();
-
-        byte[]    m2Hash = new byte[digSize];
-  
-        digest.doFinal(m2Hash, 0);
-
-        byte[]  C = new byte[8];
-        LtoOSP(messageLength * 8, C);
-
-        digest.update(C, 0, C.length);
-
-        digest.update(mBuf, 0, messageLength);
-        
-        digest.update(m2Hash, 0, m2Hash.length);
-        
-        byte[]    salt;
-        
-        if (standardSalt != null)
-        {
-            salt = standardSalt;
-        }
-        else
-        {
-            salt = new byte[saltLength];
-            random.nextBytes(salt);
-        }
-        
-        digest.update(salt, 0, salt.length);
-
-        byte[]    hash = new byte[digest.getDigestSize()];
-        
-        digest.doFinal(hash, 0);
-        
-        int tLength = 2;
-        if (trailer == TRAILER_IMPLICIT)
-        {
-            tLength = 1;
-        }
-        
-        int    off = block.length - messageLength - salt.length - hLen - tLength - 1;
-        
-        block[off] = 0x01;
-  
-        System.arraycopy(mBuf, 0, block, off + 1, messageLength);
-        System.arraycopy(salt, 0, block, off + 1 + messageLength, salt.length);
-
-        byte[] dbMask = maskGeneratorFunction1(hash, 0, hash.length, block.length - hLen - tLength);
-        for (int i = 0; i != dbMask.length; i++)
-        {
-            block[i] ^= dbMask[i];
-        }
-        
-        System.arraycopy(hash, 0, block, block.length - hLen - tLength, hLen);
-        
-        if (trailer == TRAILER_IMPLICIT)
-        {
-            block[block.length - 1] = (byte)TRAILER_IMPLICIT;
-        }
-        else
-        {
-            block[block.length - 2] = (byte)(trailer >>> 8);
-            block[block.length - 1] = (byte)trailer;
-        }
-        
-        block[0] &= 0x7f;
-
-        byte[]  b = cipher.processBlock(block, 0, block.length);
-
-        clearBlock(mBuf);
-        clearBlock(block);
-        messageLength = 0;
-
-        return b;
-    }
-
-    /**
-     * return true if the signature represents a ISO9796-2 signature
-     * for the passed in message.
-     */
-    public boolean verifySignature(
-        byte[]      signature)
-    {
-        byte[] block;
-
-        try
-        {
-            block = cipher.processBlock(signature, 0, signature.length);
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-        
-        //
-        // adjust block size for leading zeroes if necessary
-        //
-        if (block.length < (keyBits + 7) / 8)
-        {
-            byte[] tmp = new byte[(keyBits + 7) / 8];
-
-            System.arraycopy(block, 0, tmp, tmp.length - block.length, block.length);
-            clearBlock(block);
-            block = tmp;
-        }
-
-        int tLength;
-
-        if (((block[block.length - 1] & 0xFF) ^ 0xBC) == 0)
-        {
-            tLength = 1;
-        }
-        else
-        {
-            int sigTrail = ((block[block.length - 2] & 0xFF) << 8) | (block[block.length - 1] & 0xFF);
-
-            switch (sigTrail)
-            {
-            case TRAILER_RIPEMD160:
-                    if (!(digest instanceof RIPEMD160Digest))
-                    {
-                        throw new IllegalStateException("signer should be initialised with RIPEMD160");
-                    }
-                    break;
-            case TRAILER_SHA1:
-                    if (!(digest instanceof SHA1Digest))
-                    {
-                        throw new IllegalStateException("signer should be initialised with SHA1");
-                    }
-                    break;
-            case TRAILER_RIPEMD128:
-                    if (!(digest instanceof RIPEMD128Digest))
-                    {
-                        throw new IllegalStateException("signer should be initialised with RIPEMD128");
-                    }
-                    break;
-            default:
-                throw new IllegalArgumentException("unrecognised hash in signature");
-            }
-
-            tLength = 2;
-        }
-
-        //
-        // calculate H(m2)
-        //
-        byte[]    m2Hash = new byte[hLen];
-        digest.doFinal(m2Hash, 0);
-        
-        //
-        // remove the mask
-        //
-        byte[] dbMask = maskGeneratorFunction1(block, block.length - hLen - tLength, hLen, block.length - hLen - tLength);
-        for (int i = 0; i != dbMask.length; i++)
-        {
-            block[i] ^= dbMask[i];
-        }
-
-        block[0] &= 0x7f;
-        
-        //
-        // find out how much padding we've got
-        //
-        int mStart = 0;
-        for (; mStart != block.length; mStart++)
-        {
-            if (block[mStart] == 0x01)
-            {
-                break;
-            }
-        }
-
-        mStart++;
-
-        if (mStart >= block.length)
-        {
-            clearBlock(block);
-            return false;
-        }
-
-        fullMessage = (mStart > 1);
-
-        recoveredMessage = new byte[dbMask.length - mStart - saltLength];
-
-        System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length);
-
-        //
-        // check the hashes
-        //
-        byte[]  C = new byte[8];
-        LtoOSP(recoveredMessage.length * 8, C);
-        
-        digest.update(C, 0, C.length);
-
-        if (recoveredMessage.length != 0)
-        {
-            digest.update(recoveredMessage, 0, recoveredMessage.length);
-        }
-
-        digest.update(m2Hash, 0, m2Hash.length);
-
-        // Update for the salt
-        digest.update(block, mStart + recoveredMessage.length, saltLength);
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        int off = block.length - tLength - hash.length;
-
-        boolean isOkay = true;
-
-        for (int i = 0; i != hash.length; i++)
-        {
-            if (hash[i] != block[off + i])
-            {
-                isOkay = false;
-            }
-        }
-
-        clearBlock(block);
-        clearBlock(hash);
-
-        if (!isOkay)
-        {
-            fullMessage = false;
-            clearBlock(recoveredMessage);
-            return false;
-        }
-
-        //
-        // if they've input a message check what we've recovered against
-        // what was input.
-        //
-        if (messageLength != 0)
-        {
-            if (!isSameAs(mBuf, recoveredMessage))
-            {
-                clearBlock(mBuf);
-                return false;
-            }
-
-            messageLength = 0;
-        }
-
-        clearBlock(mBuf);
-        return true;
-    }
-
-    /**
-     * Return true if the full message was recoveredMessage.
-     * 
-     * @return true on full message recovery, false otherwise, or if not sure.
-     * @see org.bouncycastle.crypto.SignerWithRecovery#hasFullMessage()
-     */
-    public boolean hasFullMessage()
-    {
-        return fullMessage;
-    }
-
-    /**
-     * Return a reference to the recoveredMessage message.
-     * 
-     * @return the full/partial recoveredMessage message.
-     * @see org.bouncycastle.crypto.SignerWithRecovery#getRecoveredMessage()
-     */
-    public byte[] getRecoveredMessage()
-    {
-        return recoveredMessage;
-    }
-
-    /**
-     * int to octet string.
-     */
-    private void ItoOSP(
-        int     i,
-        byte[]  sp)
-    {
-        sp[0] = (byte)(i >>> 24);
-        sp[1] = (byte)(i >>> 16);
-        sp[2] = (byte)(i >>> 8);
-        sp[3] = (byte)(i >>> 0);
-    }
-
-    /**
-     * long to octet string.
-     */
-    private void LtoOSP(
-        long    l,
-        byte[]  sp)
-    {
-        sp[0] = (byte)(l >>> 56);
-        sp[1] = (byte)(l >>> 48);
-        sp[2] = (byte)(l >>> 40);
-        sp[3] = (byte)(l >>> 32);
-        sp[4] = (byte)(l >>> 24);
-        sp[5] = (byte)(l >>> 16);
-        sp[6] = (byte)(l >>> 8);
-        sp[7] = (byte)(l >>> 0);
-    }
-    /**
-     * mask generator function, as described in PKCS1v2.
-     */
-    private byte[] maskGeneratorFunction1(
-        byte[]  Z,
-        int     zOff,
-        int     zLen,
-        int     length)
-    {
-        byte[]  mask = new byte[length];
-        byte[]  hashBuf = new byte[hLen];
-        byte[]  C = new byte[4];
-        int     counter = 0;
-
-        digest.reset();
-
-        while (counter < (length / hLen))
-        {
-            ItoOSP(counter, C);
-
-            digest.update(Z, zOff, zLen);
-            digest.update(C, 0, C.length);
-            digest.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, mask, counter * hLen, hLen);
-            
-            counter++;
-        }
-
-        if ((counter * hLen) < length)
-        {
-            ItoOSP(counter, C);
-
-            digest.update(Z, zOff, zLen);
-            digest.update(C, 0, C.length);
-            digest.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, mask, counter * hLen, mask.length - (counter * hLen));
-        }
-
-        return mask;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java
deleted file mode 100644
index 9aab4ffb6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java
+++ /dev/null
@@ -1,614 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import java.util.Hashtable;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.SignerWithRecovery;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.util.Arrays;
-
-/**
- * ISO9796-2 - mechanism using a hash function with recovery (scheme 1)
- */
-public class ISO9796d2Signer
-    implements SignerWithRecovery
-{
-    static final public int   TRAILER_IMPLICIT    = 0xBC;
-    static final public int   TRAILER_RIPEMD160   = 0x31CC;
-    static final public int   TRAILER_RIPEMD128   = 0x32CC;
-    static final public int   TRAILER_SHA1        = 0x33CC;
-    static final public int   TRAILER_SHA256      = 0x34CC;
-    static final public int   TRAILER_SHA512      = 0x35CC;
-    static final public int   TRAILER_SHA384      = 0x36CC;
-    static final public int   TRAILER_WHIRLPOOL   = 0x37CC;
-
-    private static Hashtable  trailerMap          = new Hashtable();
-
-    static
-    {
-        trailerMap.put("RIPEMD128", new Integer(TRAILER_RIPEMD128));
-        trailerMap.put("RIPEMD160", new Integer(TRAILER_RIPEMD160));
-
-        trailerMap.put("SHA-1", new Integer(TRAILER_SHA1));
-        trailerMap.put("SHA-256", new Integer(TRAILER_SHA256));
-        trailerMap.put("SHA-384", new Integer(TRAILER_SHA384));
-        trailerMap.put("SHA-512", new Integer(TRAILER_SHA512));
-
-        trailerMap.put("Whirlpool", new Integer(TRAILER_WHIRLPOOL));
-    }
-
-    private Digest                      digest;
-    private AsymmetricBlockCipher       cipher;
-
-    private int         trailer;
-    private int         keyBits;
-    private byte[]      block;
-    private byte[]      mBuf;
-    private int         messageLength;
-    private boolean     fullMessage;
-    private byte[]      recoveredMessage;
-
-    private byte[]      preSig;
-    private byte[]      preBlock;
-
-    /**
-     * Generate a signer for the with either implicit or explicit trailers
-     * for ISO9796-2.
-     * 
-     * @param cipher base cipher to use for signature creation/verification
-     * @param digest digest to use.
-     * @param implicit whether or not the trailer is implicit or gives the hash.
-     */
-    public ISO9796d2Signer(
-        AsymmetricBlockCipher   cipher,
-        Digest                  digest,
-        boolean                 implicit)
-    {
-        this.cipher = cipher;
-        this.digest = digest;
-
-        if (implicit)
-        {
-            trailer = TRAILER_IMPLICIT;
-        }
-        else
-        {
-            Integer trailerObj = (Integer)trailerMap.get(digest.getAlgorithmName());
-
-            if (trailerObj != null)
-            {
-                trailer = trailerObj.intValue();
-            }
-            else
-            {
-                throw new IllegalArgumentException("no valid trailer for digest");
-            }
-        }
-    }
-
-    /**
-     * Constructor for a signer with an explicit digest trailer.
-     * 
-     * @param cipher cipher to use.
-     * @param digest digest to sign with.
-     */
-    public ISO9796d2Signer(
-        AsymmetricBlockCipher   cipher,
-        Digest                  digest)
-    {
-        this(cipher, digest, false);
-    }
-    
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
-    {
-        RSAKeyParameters  kParam = (RSAKeyParameters)param;
-
-        cipher.init(forSigning, kParam);
-
-        keyBits = kParam.getModulus().bitLength();
-
-        block = new byte[(keyBits + 7) / 8];
-        
-        if (trailer == TRAILER_IMPLICIT)
-        {
-            mBuf = new byte[block.length - digest.getDigestSize() - 2];
-        }
-        else
-        {
-            mBuf = new byte[block.length - digest.getDigestSize() - 3];
-        }
-
-        reset();
-    }
-
-    /**
-     * compare two byte arrays - constant time
-     */
-    private boolean isSameAs(
-        byte[]    a,
-        byte[]    b)
-    {
-        boolean isOkay = true;
-
-        if (messageLength > mBuf.length)
-        {
-            if (mBuf.length > b.length)
-            {
-                isOkay = false;
-            }
-            
-            for (int i = 0; i != mBuf.length; i++)
-            {
-                if (a[i] != b[i])
-                {
-                    isOkay = false;
-                }
-            }
-        }
-        else
-        {
-            if (messageLength != b.length)
-            {
-                isOkay = false;
-            }
-            
-            for (int i = 0; i != b.length; i++)
-            {
-                if (a[i] != b[i])
-                {
-                    isOkay = false;
-                }
-            }
-        }
-        
-        return isOkay;
-    }
-    
-    /**
-     * clear possible sensitive data
-     */
-    private void clearBlock(
-        byte[]  block)
-    {
-        for (int i = 0; i != block.length; i++)
-        {
-            block[i] = 0;
-        }
-    }
-
-    public void updateWithRecoveredMessage(byte[] signature)
-        throws InvalidCipherTextException
-    {
-        byte[]      block = cipher.processBlock(signature, 0, signature.length);
-
-        if (((block[0] & 0xC0) ^ 0x40) != 0)
-        {
-            throw new InvalidCipherTextException("malformed signature");
-        }
-
-        if (((block[block.length - 1] & 0xF) ^ 0xC) != 0)
-        {
-            throw new InvalidCipherTextException("malformed signature");
-        }
-
-        int     delta = 0;
-
-        if (((block[block.length - 1] & 0xFF) ^ 0xBC) == 0)
-        {
-            delta = 1;
-        }
-        else
-        {
-            int sigTrail = ((block[block.length - 2] & 0xFF) << 8) | (block[block.length - 1] & 0xFF);
-            Integer trailerObj = (Integer)trailerMap.get(digest.getAlgorithmName());
-
-            if (trailerObj != null)
-            {
-                if (sigTrail != trailerObj.intValue())
-                {
-                    throw new IllegalStateException("signer initialised with wrong digest for trailer " + sigTrail);
-                }
-            }
-            else
-            {
-                throw new IllegalArgumentException("unrecognised hash in signature");
-            }
-
-            delta = 2;
-        }
-
-        //
-        // find out how much padding we've got
-        //
-        int mStart = 0;
-
-        for (mStart = 0; mStart != block.length; mStart++)
-        {
-            if (((block[mStart] & 0x0f) ^ 0x0a) == 0)
-            {
-                break;
-            }
-        }
-
-        mStart++;
-
-        int off = block.length - delta - digest.getDigestSize();
-
-        //
-        // there must be at least one byte of message string
-        //
-        if ((off - mStart) <= 0)
-        {
-            throw new InvalidCipherTextException("malformed block");
-        }
-
-        //
-        // if we contain the whole message as well, check the hash of that.
-        //
-        if ((block[0] & 0x20) == 0)
-        {
-            fullMessage = true;
-
-            recoveredMessage = new byte[off - mStart];
-            System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length);
-        }
-        else
-        {
-            fullMessage = false;
-
-            recoveredMessage = new byte[off - mStart];
-            System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length);
-        }
-
-        preSig = signature;
-        preBlock = block;
-
-        digest.update(recoveredMessage, 0, recoveredMessage.length);
-        messageLength = recoveredMessage.length;
-    }
-    
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(
-        byte    b)
-    {
-        digest.update(b);
-
-        if (preSig == null && messageLength < mBuf.length)
-        {
-            mBuf[messageLength] = b;
-        }
-
-        messageLength++;
-    }
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(
-        byte[]  in,
-        int     off,
-        int     len)
-    {
-        digest.update(in, off, len);
-
-        if (preSig == null && messageLength < mBuf.length)
-        {
-            for (int i = 0; i < len && (i + messageLength) < mBuf.length; i++)
-            {
-                mBuf[messageLength + i] = in[off + i];
-            }
-        }
-
-        messageLength += len;
-    }
-
-    /**
-     * reset the internal state
-     */
-    public void reset()
-    {
-        digest.reset();
-        messageLength = 0;
-        clearBlock(mBuf);
-        
-        if (recoveredMessage != null)
-        {
-            clearBlock(recoveredMessage);
-        }
-        
-        recoveredMessage = null;
-        fullMessage = false;
-    }
-
-    /**
-     * generate a signature for the loaded message using the key we were
-     * initialised with.
-     */
-    public byte[] generateSignature()
-        throws CryptoException
-    {
-        int     digSize = digest.getDigestSize();
-
-        int t = 0;
-        int delta = 0;
-
-        if (trailer == TRAILER_IMPLICIT)
-        {
-            t = 8;
-            delta = block.length - digSize - 1;
-            digest.doFinal(block, delta);
-            block[block.length - 1] = (byte)TRAILER_IMPLICIT;
-        }
-        else
-        {
-            t = 16;
-            delta = block.length - digSize - 2;
-            digest.doFinal(block, delta);
-            block[block.length - 2] = (byte)(trailer >>> 8);
-            block[block.length - 1] = (byte)trailer;
-        }
-
-        byte    header = 0;
-        int     x = (digSize + messageLength) * 8 + t + 4 - keyBits;
-
-        if (x > 0)
-        {
-            int mR = messageLength - ((x + 7) / 8);
-            header = 0x60;
-
-            delta -= mR;
-            
-            System.arraycopy(mBuf, 0, block, delta, mR);
-        }
-        else
-        {
-            header = 0x40;
-            delta -= messageLength;
-            
-            System.arraycopy(mBuf, 0, block, delta, messageLength);
-        }
-        
-        if ((delta - 1) > 0)
-        {
-            for (int i = delta - 1; i != 0; i--)
-            {
-                block[i] = (byte)0xbb;
-            }
-            block[delta - 1] ^= (byte)0x01;
-            block[0] = (byte)0x0b;
-            block[0] |= header;
-        }
-        else
-        {
-            block[0] = (byte)0x0a;
-            block[0] |= header;
-        }
-
-        byte[]  b = cipher.processBlock(block, 0, block.length);
-
-        clearBlock(mBuf);
-        clearBlock(block);
-
-        return b;
-    }
-
-    /**
-     * return true if the signature represents a ISO9796-2 signature
-     * for the passed in message.
-     */
-    public boolean verifySignature(
-        byte[]      signature)
-    {
-        byte[]      block = null;
-        boolean     updateWithRecoveredCalled;
-
-        if (preSig == null)
-        {
-            updateWithRecoveredCalled = false;
-            try
-            {
-                block = cipher.processBlock(signature, 0, signature.length);
-            }
-            catch (Exception e)
-            {
-                return false;
-            }
-        }
-        else
-        {
-            if (!Arrays.areEqual(preSig, signature))
-            {
-                throw new IllegalStateException("updateWithRecoveredMessage called on different signature");
-            }
-
-            updateWithRecoveredCalled = true;
-            block = preBlock;
-
-            preSig = null;
-            preBlock = null;
-        }
-
-        if (((block[0] & 0xC0) ^ 0x40) != 0)
-        {
-            return returnFalse(block);
-        }
-
-        if (((block[block.length - 1] & 0xF) ^ 0xC) != 0)
-        {
-            return returnFalse(block);
-        }
-
-        int     delta = 0;
-
-        if (((block[block.length - 1] & 0xFF) ^ 0xBC) == 0)
-        {
-            delta = 1;
-        }
-        else
-        {
-            int sigTrail = ((block[block.length - 2] & 0xFF) << 8) | (block[block.length - 1] & 0xFF);
-            Integer trailerObj = (Integer)trailerMap.get(digest.getAlgorithmName());
-
-            if (trailerObj != null)
-            {
-                if (sigTrail != trailerObj.intValue())
-                {
-                    throw new IllegalStateException("signer initialised with wrong digest for trailer " + sigTrail);
-                }
-            }
-            else
-            {
-                throw new IllegalArgumentException("unrecognised hash in signature");
-            }
-
-            delta = 2;
-        }
-
-        //
-        // find out how much padding we've got
-        //
-        int mStart = 0;
-
-        for (mStart = 0; mStart != block.length; mStart++)
-        {
-            if (((block[mStart] & 0x0f) ^ 0x0a) == 0)
-            {
-                break;
-            }
-        }
-
-        mStart++;
-
-        //
-        // check the hashes
-        //
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        int off = block.length - delta - hash.length;
-
-        //
-        // there must be at least one byte of message string
-        //
-        if ((off - mStart) <= 0)
-        {
-            return returnFalse(block);
-        }
-
-        //
-        // if we contain the whole message as well, check the hash of that.
-        //
-        if ((block[0] & 0x20) == 0)
-        {
-            fullMessage = true;
-
-            // check right number of bytes passed in.
-            if (messageLength > off - mStart)
-            {
-                return returnFalse(block);
-            }
-            
-            digest.reset();
-            digest.update(block, mStart, off - mStart);
-            digest.doFinal(hash, 0);
-
-            boolean isOkay = true;
-
-            for (int i = 0; i != hash.length; i++)
-            {
-                block[off + i] ^= hash[i];
-                if (block[off + i] != 0)
-                {
-                    isOkay = false;
-                }
-            }
-
-            if (!isOkay)
-            {
-                return returnFalse(block);
-            }
-
-            recoveredMessage = new byte[off - mStart];
-            System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length);
-        }
-        else
-        {
-            fullMessage = false;
-            
-            digest.doFinal(hash, 0);
-
-            boolean isOkay = true;
-
-            for (int i = 0; i != hash.length; i++)
-            {
-                block[off + i] ^= hash[i];
-                if (block[off + i] != 0)
-                {
-                    isOkay = false;
-                }
-            }
-
-            if (!isOkay)
-            {
-                return returnFalse(block);
-            }
-
-            recoveredMessage = new byte[off - mStart];
-            System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length);
-        }
-
-        //
-        // if they've input a message check what we've recovered against
-        // what was input.
-        //
-        if (messageLength != 0 && !updateWithRecoveredCalled)
-        {
-            if (!isSameAs(mBuf, recoveredMessage))
-            {
-                return returnFalse(block);
-            }
-        }
-        
-        clearBlock(mBuf);
-        clearBlock(block);
-
-        return true;
-    }
-
-    private boolean returnFalse(byte[] block)
-    {
-        clearBlock(mBuf);
-        clearBlock(block);
-
-        return false;
-    }
-
-    /**
-     * Return true if the full message was recoveredMessage.
-     * 
-     * @return true on full message recovery, false otherwise.
-     * @see org.bouncycastle.crypto.SignerWithRecovery#hasFullMessage()
-     */
-    public boolean hasFullMessage()
-    {
-        return fullMessage;
-    }
-
-    /**
-     * Return a reference to the recoveredMessage message.
-     * 
-     * @return the full/partial recoveredMessage message.
-     * @see org.bouncycastle.crypto.SignerWithRecovery#getRecoveredMessage()
-     */
-    public byte[] getRecoveredMessage()
-    {
-        return recoveredMessage;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java
deleted file mode 100644
index 8c9eb9401..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java
+++ /dev/null
@@ -1,348 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSABlindingParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-/**
- * RSA-PSS as described in PKCS# 1 v 2.1.
- * 
    
- * Note: the usual value for the salt length is the number of
- * bytes in the hash function.
- */
-public class PSSSigner
-    implements Signer
-{
-    static final public byte   TRAILER_IMPLICIT    = (byte)0xBC;
-
-    private Digest                      contentDigest;
-    private Digest                      mgfDigest;
-    private AsymmetricBlockCipher       cipher;
-    private SecureRandom                random;
-
-    private int                         hLen;
-    private int                         mgfhLen;
-    private int                         sLen;
-    private int                         emBits;
-    private byte[]                      salt;
-    private byte[]                      mDash;
-    private byte[]                      block;
-    private byte                        trailer;
-
-    /**
-     * basic constructor
-     *
-     * @param cipher the asymmetric cipher to use.
-     * @param digest the digest to use.
-     * @param sLen the length of the salt to use (in bytes).
-     */
-    public PSSSigner(
-        AsymmetricBlockCipher   cipher,
-        Digest                  digest,
-        int                     sLen)
-    {
-        this(cipher, digest, sLen, TRAILER_IMPLICIT);
-    }
-
-    public PSSSigner(
-        AsymmetricBlockCipher   cipher,
-        Digest                  contentDigest,
-        Digest                  mgfDigest,
-        int                     sLen)
-    {
-        this(cipher, contentDigest, mgfDigest, sLen, TRAILER_IMPLICIT);
-    }
-
-    public PSSSigner(
-            AsymmetricBlockCipher   cipher,
-            Digest                  digest,
-            int                     sLen,
-            byte                    trailer)
-    {
-        this(cipher, digest, digest, sLen, trailer);
-    }
-
-    public PSSSigner(
-        AsymmetricBlockCipher   cipher,
-        Digest                  contentDigest,
-        Digest                  mgfDigest,
-        int                     sLen,
-        byte                    trailer)
-    {
-        this.cipher = cipher;
-        this.contentDigest = contentDigest;
-        this.mgfDigest = mgfDigest;
-        this.hLen = contentDigest.getDigestSize();
-        this.mgfhLen = mgfDigest.getDigestSize();
-        this.sLen = sLen;
-        this.salt = new byte[sLen];
-        this.mDash = new byte[8 + sLen + hLen];
-        this.trailer = trailer;
-    }
-
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
-    {
-        CipherParameters  params;
-
-        if (param instanceof ParametersWithRandom)
-        {
-            ParametersWithRandom    p = (ParametersWithRandom)param;
-
-            params = p.getParameters();
-            random = p.getRandom();
-        }
-        else
-        {
-            params = param;
-            if (forSigning)
-            {
-                random = new SecureRandom();
-            }
-        }
-
-        cipher.init(forSigning, params);
-
-        RSAKeyParameters kParam;
-
-        if (params instanceof RSABlindingParameters)
-        {
-            kParam = ((RSABlindingParameters)params).getPublicKey();
-        }
-        else
-        {
-            kParam = (RSAKeyParameters)params;
-        }
-        
-        emBits = kParam.getModulus().bitLength() - 1;
-
-        if (emBits < (8 * hLen + 8 * sLen + 9))
-        {
-            throw new IllegalArgumentException("key too small for specified hash and salt lengths");
-        }
-
-        block = new byte[(emBits + 7) / 8];
-
-        reset();
-    }
-
-    /**
-     * clear possible sensitive data
-     */
-    private void clearBlock(
-        byte[]  block)
-    {
-        for (int i = 0; i != block.length; i++)
-        {
-            block[i] = 0;
-        }
-    }
-
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(
-        byte    b)
-    {
-        contentDigest.update(b);
-    }
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(
-        byte[]  in,
-        int     off,
-        int     len)
-    {
-        contentDigest.update(in, off, len);
-    }
-
-    /**
-     * reset the internal state
-     */
-    public void reset()
-    {
-        contentDigest.reset();
-    }
-
-    /**
-     * generate a signature for the message we've been loaded with using
-     * the key we were initialised with.
-     */
-    public byte[] generateSignature()
-        throws CryptoException, DataLengthException
-    {
-        contentDigest.doFinal(mDash, mDash.length - hLen - sLen);
-
-        if (sLen != 0)
-        {
-            random.nextBytes(salt);
-
-            System.arraycopy(salt, 0, mDash, mDash.length - sLen, sLen);
-        }
-
-        byte[]  h = new byte[hLen];
-
-        contentDigest.update(mDash, 0, mDash.length);
-
-        contentDigest.doFinal(h, 0);
-
-        block[block.length - sLen - 1 - hLen - 1] = 0x01;
-        System.arraycopy(salt, 0, block, block.length - sLen - hLen - 1, sLen);
-
-        byte[] dbMask = maskGeneratorFunction1(h, 0, h.length, block.length - hLen - 1);
-        for (int i = 0; i != dbMask.length; i++)
-        {
-            block[i] ^= dbMask[i];
-        }
-
-        block[0] &= (0xff >> ((block.length * 8) - emBits));
-
-        System.arraycopy(h, 0, block, block.length - hLen - 1, hLen);
-
-        block[block.length - 1] = trailer;
-
-        byte[]  b = cipher.processBlock(block, 0, block.length);
-
-        clearBlock(block);
-
-        return b;
-    }
-
-    /**
-     * return true if the internal state represents the signature described
-     * in the passed in array.
-     */
-    public boolean verifySignature(
-        byte[]      signature)
-    {
-        contentDigest.doFinal(mDash, mDash.length - hLen - sLen);
-
-        try
-        {
-            byte[] b = cipher.processBlock(signature, 0, signature.length);
-            System.arraycopy(b, 0, block, block.length - b.length, b.length);
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-
-        if (block[block.length - 1] != trailer)
-        {
-            clearBlock(block);
-            return false;
-        }
-
-        byte[] dbMask = maskGeneratorFunction1(block, block.length - hLen - 1, hLen, block.length - hLen - 1);
-
-        for (int i = 0; i != dbMask.length; i++)
-        {
-            block[i] ^= dbMask[i];
-        }
-
-        block[0] &= (0xff >> ((block.length * 8) - emBits));
-
-        for (int i = 0; i != block.length - hLen - sLen - 2; i++)
-        {
-            if (block[i] != 0)
-            {
-                clearBlock(block);
-                return false;
-            }
-        }
-
-        if (block[block.length - hLen - sLen - 2] != 0x01)
-        {
-            clearBlock(block);
-            return false;
-        }
-
-        System.arraycopy(block, block.length - sLen - hLen - 1, mDash, mDash.length - sLen, sLen);
-
-        contentDigest.update(mDash, 0, mDash.length);
-        contentDigest.doFinal(mDash, mDash.length - hLen);
-
-        for (int i = block.length - hLen - 1, j = mDash.length - hLen;
-                                                 j != mDash.length; i++, j++)
-        {
-            if ((block[i] ^ mDash[j]) != 0)
-            {
-                clearBlock(mDash);
-                clearBlock(block);
-                return false;
-            }
-        }
-
-        clearBlock(mDash);
-        clearBlock(block);
-
-        return true;
-    }
-
-    /**
-     * int to octet string.
-     */
-    private void ItoOSP(
-        int     i,
-        byte[]  sp)
-    {
-        sp[0] = (byte)(i >>> 24);
-        sp[1] = (byte)(i >>> 16);
-        sp[2] = (byte)(i >>> 8);
-        sp[3] = (byte)(i >>> 0);
-    }
-
-    /**
-     * mask generator function, as described in PKCS1v2.
-     */
-    private byte[] maskGeneratorFunction1(
-        byte[]  Z,
-        int     zOff,
-        int     zLen,
-        int     length)
-    {
-        byte[]  mask = new byte[length];
-        byte[]  hashBuf = new byte[mgfhLen];
-        byte[]  C = new byte[4];
-        int     counter = 0;
-
-        mgfDigest.reset();
-
-        while (counter < (length / mgfhLen))
-        {
-            ItoOSP(counter, C);
-
-            mgfDigest.update(Z, zOff, zLen);
-            mgfDigest.update(C, 0, C.length);
-            mgfDigest.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, mask, counter * mgfhLen, mgfhLen);
-
-            counter++;
-        }
-
-        if ((counter * mgfhLen) < length)
-        {
-            ItoOSP(counter, C);
-
-            mgfDigest.update(Z, zOff, zLen);
-            mgfDigest.update(C, 0, C.length);
-            mgfDigest.doFinal(hashBuf, 0);
-
-            System.arraycopy(hashBuf, 0, mask, counter * mgfhLen, mask.length - (counter * mgfhLen));
-        }
-
-        return mask;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
deleted file mode 100644
index 46ef72c3d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
+++ /dev/null
@@ -1,230 +0,0 @@
-package org.bouncycastle.crypto.signers;
-
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DigestInfo;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-
-import java.util.Hashtable;
-
-public class RSADigestSigner
-    implements Signer
-{
-    private final AsymmetricBlockCipher rsaEngine = new PKCS1Encoding(new RSABlindedEngine());
-    private final AlgorithmIdentifier algId;
-    private final Digest digest;
-    private boolean forSigning;
-
-    private static final Hashtable oidMap = new Hashtable();
-
-    /*
-     * Load OID table.
-     */
-    static
-    {
-        oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
-        oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
-        oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-
-        oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
-        oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
-        oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256);
-        oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
-        oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
-
-        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
-        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
-        oidMap.put("MD5", PKCSObjectIdentifiers.md5);
-    }
-
-    public RSADigestSigner(
-        Digest digest)
-    {
-        this.digest = digest;
-
-        algId = new AlgorithmIdentifier((DERObjectIdentifier)oidMap.get(digest.getAlgorithmName()), DERNull.INSTANCE);
-    }
-
-    /**
-     * @deprecated
-     */
-    public String getAlgorithmName()
-    {
-        return digest.getAlgorithmName() + "withRSA";
-    }
-
-    /**
-     * initialise the signer for signing or verification.
-     *
-     * @param forSigning
-     *            true if for signing, false otherwise
-     * @param parameters
-     *            necessary parameters.
-     */
-    public void init(
-        boolean          forSigning,
-        CipherParameters parameters)
-    {
-        this.forSigning = forSigning;
-        AsymmetricKeyParameter k;
-
-        if (parameters instanceof ParametersWithRandom)
-        {
-            k = (AsymmetricKeyParameter)((ParametersWithRandom)parameters).getParameters();
-        }
-        else
-        {
-            k = (AsymmetricKeyParameter)parameters;
-        }
-
-        if (forSigning && !k.isPrivate())
-        {
-            throw new IllegalArgumentException("signing requires private key");
-        }
-
-        if (!forSigning && k.isPrivate())
-        {
-            throw new IllegalArgumentException("verification requires public key");
-        }
-
-        reset();
-
-        rsaEngine.init(forSigning, parameters);
-    }
-
-    /**
-     * update the internal digest with the byte b
-     */
-    public void update(
-        byte input)
-    {
-        digest.update(input);
-    }
-
-    /**
-     * update the internal digest with the byte array in
-     */
-    public void update(
-        byte[]  input,
-        int     inOff,
-        int     length)
-    {
-        digest.update(input, inOff, length);
-    }
-
-    /**
-     * Generate a signature for the message we've been loaded with using the key
-     * we were initialised with.
-     */
-    public byte[] generateSignature()
-        throws CryptoException, DataLengthException
-    {
-        if (!forSigning)
-        {
-            throw new IllegalStateException("RSADigestSigner not initialised for signature generation.");
-        }
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        byte[] data = derEncode(hash);
-        return rsaEngine.processBlock(data, 0, data.length);
-    }
-
-    /**
-     * return true if the internal state represents the signature described in
-     * the passed in array.
-     */
-    public boolean verifySignature(
-        byte[] signature)
-    {
-        if (forSigning)
-        {
-            throw new IllegalStateException("RSADigestSigner not initialised for verification");
-        }
-
-        byte[] hash = new byte[digest.getDigestSize()];
-        digest.doFinal(hash, 0);
-
-        byte[] sig;
-        byte[] expected;
-
-        try
-        {
-            sig = rsaEngine.processBlock(signature, 0, signature.length);
-            expected = derEncode(hash);
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-
-        if (sig.length == expected.length)
-        {
-            for (int i = 0; i < sig.length; i++)
-            {
-                if (sig[i] != expected[i])
-                {
-                    return false;
-                }
-            }
-        }
-        else if (sig.length == expected.length - 2)  // NULL left out
-        {
-            int sigOffset = sig.length - hash.length - 2;
-            int expectedOffset = expected.length - hash.length - 2;
-
-            expected[1] -= 2;      // adjust lengths
-            expected[3] -= 2;
-
-            for (int i = 0; i < hash.length; i++)
-            {
-                if (sig[sigOffset + i] != expected[expectedOffset + i])  // check hash
-                {
-                    return false;
-                }
-            }
-
-            for (int i = 0; i < sigOffset; i++)
-            {
-                if (sig[i] != expected[i])  // check header less NULL
-                {
-                    return false;
-                }
-            }
-        }
-        else
-        {
-            return false;
-        }
-
-        return true;
-    }
-
-    public void reset()
-    {
-        digest.reset();
-    }
-
-    private byte[] derEncode(
-        byte[] hash)
-    {
-        DigestInfo dInfo = new DigestInfo(algId, hash);
-
-        return dInfo.getDEREncoded();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/package.html
deleted file mode 100644
index 151d3d5e8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/signers/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Basic signers.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java
deleted file mode 100644
index b7338c442..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 7.2
- */
-public class AlertDescription
-{
-    public static final short close_notify = 0;
-    public static final short unexpected_message = 10;
-    public static final short bad_record_mac = 20;
-    public static final short decryption_failed = 21;
-    public static final short record_overflow = 22;
-    public static final short decompression_failure = 30;
-    public static final short handshake_failure = 40;
-    /* 41 is not defined, for historical reasons */
-    public static final short bad_certificate = 42;
-    public static final short unsupported_certificate = 43;
-    public static final short certificate_revoked = 44;
-    public static final short certificate_expired = 45;
-    public static final short certificate_unknown = 46;
-    public static final short illegal_parameter = 47;
-    public static final short unknown_ca = 48;
-    public static final short access_denied = 49;
-    public static final short decode_error = 50;
-    public static final short decrypt_error = 51;
-    public static final short export_restriction = 60;
-    public static final short protocol_version = 70;
-    public static final short insufficient_security = 71;
-    public static final short internal_error = 80;
-    public static final short user_canceled = 90;
-    public static final short no_renegotiation = 100;
-
-    /*
-     *  RFC 3546
-     */
-    public static final short unsupported_extension = 110;
-    public static final short certificate_unobtainable = 111;
-    public static final short unrecognized_name = 112;
-    public static final short bad_certificate_status_response = 113;
-    public static final short bad_certificate_hash_value = 114;
-
-    /*
-     *  RFC 4279
-     */
-    public static final short unknown_psk_identity = 115;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java
deleted file mode 100644
index b0b131d60..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 7.2
- */
-public class AlertLevel
-{
-    public static final short warning = 1;
-    public static final short fatal = 2;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
deleted file mode 100644
index 42fc818a2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-
-/**
- * A certificate verifyer, that will always return true.
- * 
- * 
    - * DO NOT USE THIS FILE UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.
- * 
    
- * 
- * @deprecated Perform certificate verification in TlsAuthentication implementation
- */
-public class AlwaysValidVerifyer implements CertificateVerifyer
-{
-    /**
-     * Return true.
-     * 
-     * @see org.bouncycastle.crypto.tls.CertificateVerifyer#isValid(org.bouncycastle.asn1.x509.X509CertificateStructure[])
-     */
-    public boolean isValid(X509CertificateStructure[] certs)
-    {
-        return true;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java
deleted file mode 100644
index f017897cc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java
+++ /dev/null
@@ -1,123 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * A queue for bytes. This file could be more optimized.
- */
-public class ByteQueue
-{
-    /**
-     * @return The smallest number which can be written as 2^x which is bigger than i.
-     */
-    public static final int nextTwoPow(int i)
-    {
-        /*
-         * This code is based of a lot of code I found on the Internet which mostly
-         * referenced a book called "Hacking delight".
-         */
-        i |= (i >> 1);
-        i |= (i >> 2);
-        i |= (i >> 4);
-        i |= (i >> 8);
-        i |= (i >> 16);
-        return i + 1;
-    }
-
-    /**
-     * The initial size for our buffer.
-     */
-    private static final int INITBUFSIZE = 1024;
-
-    /**
-     * The buffer where we store our data.
-     */
-    private byte[] databuf = new byte[ByteQueue.INITBUFSIZE];
-
-    /**
-     * How many bytes at the beginning of the buffer are skipped.
-     */
-    private int skipped = 0;
-
-    /**
-     * How many bytes in the buffer are valid data.
-     */
-    private int available = 0;
-
-    /**
-     * Read data from the buffer.
-     * 
-     * @param buf The buffer where the read data will be copied to.
-     * @param offset How many bytes to skip at the beginning of buf.
-     * @param len How many bytes to read at all.
-     * @param skip How many bytes from our data to skip.
-     */
-    public void read(byte[] buf, int offset, int len, int skip)
-    {
-        if ((available - skip) < len)
-        {
-            throw new TlsRuntimeException("Not enough data to read");
-        }
-        if ((buf.length - offset) < len)
-        {
-            throw new TlsRuntimeException("Buffer size of " + buf.length
-                + " is too small for a read of " + len + " bytes");
-        }
-        System.arraycopy(databuf, skipped + skip, buf, offset, len);
-        return;
-    }
-
-    /**
-     * Add some data to our buffer.
-     * 
-     * @param data A byte-array to read data from.
-     * @param offset How many bytes to skip at the beginning of the array.
-     * @param len How many bytes to read from the array.
-     */
-    public void addData(byte[] data, int offset, int len)
-    {
-        if ((skipped + available + len) > databuf.length)
-        {
-            byte[] tmp = new byte[ByteQueue.nextTwoPow(data.length)];
-            System.arraycopy(databuf, skipped, tmp, 0, available);
-            skipped = 0;
-            databuf = tmp;
-        }
-        System.arraycopy(data, offset, databuf, skipped + available, len);
-        available += len;
-    }
-
-    /**
-     * Remove some bytes from our data from the beginning.
-     * 
-     * @param i How many bytes to remove.
-     */
-    public void removeData(int i)
-    {
-        if (i > available)
-        {
-            throw new TlsRuntimeException("Cannot remove " + i + " bytes, only got " + available);
-        }
-
-        /*
-         * Skip the data.
-         */
-        available -= i;
-        skipped += i;
-
-        /*
-         * If more than half of our data is skipped, we will move the data in the buffer.
-         */
-        if (skipped > (databuf.length / 2))
-        {
-            System.arraycopy(databuf, skipped, databuf, 0, available);
-            skipped = 0;
-        }
-    }
-
-    /**
-     * @return The number of bytes which are available in this buffer.
-     */
-    public int size()
-    {
-        return available;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/Certificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
deleted file mode 100644
index b3816b001..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
+++ /dev/null
@@ -1,122 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-
-/**
- * A representation for a certificate chain as used by a tls server.
- */
-public class Certificate
-{
-    public static final Certificate EMPTY_CHAIN = new Certificate(new X509CertificateStructure[0]);
-
-    /**
-     * The certificates.
-     */
-    protected X509CertificateStructure[] certs;
-
-    /**
-     * Parse the ServerCertificate message.
-     * 
-     * @param is The stream where to parse from.
-     * @return A Certificate object with the certs, the server has sended.
-     * @throws IOException If something goes wrong during parsing.
-     */
-    protected static Certificate parse(InputStream is) throws IOException
-    {
-        X509CertificateStructure[] certs;
-        int left = TlsUtils.readUint24(is);
-        if (left == 0)
-        {
-            return EMPTY_CHAIN;
-        }
-        Vector tmp = new Vector();
-        while (left > 0)
-        {
-            int size = TlsUtils.readUint24(is);
-            left -= 3 + size;
-            byte[] buf = new byte[size];
-            TlsUtils.readFully(buf, is);
-            ByteArrayInputStream bis = new ByteArrayInputStream(buf);
-            ASN1InputStream ais = new ASN1InputStream(bis);
-            DERObject o = ais.readObject();
-            tmp.addElement(X509CertificateStructure.getInstance(o));
-            if (bis.available() > 0)
-            {
-                throw new IllegalArgumentException(
-                    "Sorry, there is garbage data left after the certificate");
-            }
-        }
-        certs = new X509CertificateStructure[tmp.size()];
-        for (int i = 0; i < tmp.size(); i++)
-        {
-            certs[i] = (X509CertificateStructure)tmp.elementAt(i);
-        }
-        return new Certificate(certs);
-    }
-
-    /**
-     * Encodes version of the ClientCertificate message
-     * 
-     * @param os stream to write the message to
-     * @throws IOException If something goes wrong
-     */
-    protected void encode(OutputStream os) throws IOException
-    {
-        Vector encCerts = new Vector();
-        int totalSize = 0;
-        for (int i = 0; i < this.certs.length; ++i)
-        {
-            byte[] encCert = certs[i].getEncoded(ASN1Encodable.DER);
-            encCerts.addElement(encCert);
-            totalSize += encCert.length + 3;
-        }
-
-        TlsUtils.writeUint24(totalSize + 3, os);
-        TlsUtils.writeUint24(totalSize, os);
-
-        for (int i = 0; i < encCerts.size(); ++i)
-        {
-            byte[] encCert = (byte[])encCerts.elementAt(i);
-            TlsUtils.writeOpaque24(encCert, os);
-        }
-    }
-
-    /**
-     * Private constructor from a cert array.
-     * 
-     * @param certs The certs the chain should contain.
-     */
-    public Certificate(X509CertificateStructure[] certs)
-    {
-        if (certs == null)
-        {
-            throw new IllegalArgumentException("'certs' cannot be null");
-        }
-
-        this.certs = certs;
-    }
-
-    /**
-     * @return An array which contains the certs, this chain contains.
-     */
-    public X509CertificateStructure[] getCerts()
-    {
-        X509CertificateStructure[] result = new X509CertificateStructure[certs.length];
-        System.arraycopy(certs, 0, result, 0, certs.length);
-        return result;
-    }
-
-    public boolean isEmpty()
-    {
-        return certs.length == 0;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
deleted file mode 100644
index 294fe281b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.util.Vector;
-
-public class CertificateRequest
-{
-    private short[] certificateTypes;
-    private Vector certificateAuthorities;
-
-    public CertificateRequest(short[] certificateTypes, Vector certificateAuthorities)
-    {
-        this.certificateTypes = certificateTypes;
-        this.certificateAuthorities = certificateAuthorities;
-    }
-
-    public short[] getCertificateTypes()
-    {
-        return certificateTypes;
-    }
-
-    /**
-     * @return Vector of X500Name
-     */
-    public Vector getCertificateAuthorities()
-    {
-        return certificateAuthorities;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java
deleted file mode 100644
index e3902d490..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-
-/**
- * This should be implemented by any class which can find out, if a given certificate
- * chain is being accepted by an client.
- * 
- * @deprecated Perform certificate verification in TlsAuthentication implementation
- */
-public interface CertificateVerifyer
-{
-    /**
-     * @param certs The certs, which are part of the chain.
-     * @return True, if the chain is accepted, false otherwise.
-     */
-    public boolean isValid(X509CertificateStructure[] certs);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java
deleted file mode 100644
index 114ca45f0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 A.5
- */
-public class CipherSuite
-{
-    public static final int TLS_NULL_WITH_NULL_NULL = 0x0000;
-    public static final int TLS_RSA_WITH_NULL_MD5 = 0x0001;
-    public static final int TLS_RSA_WITH_NULL_SHA = 0x0002;
-    public static final int TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003;
-    public static final int TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
-    public static final int TLS_RSA_WITH_RC4_128_SHA = 0x0005;
-    public static final int TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006;
-    public static final int TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007;
-    public static final int TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008;
-    public static final int TLS_RSA_WITH_DES_CBC_SHA = 0x0009;
-    public static final int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
-    public static final int TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B;
-    public static final int TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C;
-    public static final int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D;
-    public static final int TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E;
-    public static final int TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F;
-    public static final int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010;
-    public static final int TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011;
-    public static final int TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012;
-    public static final int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
-    public static final int TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014;
-    public static final int TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015;
-    public static final int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016;
-    public static final int TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017;
-    public static final int TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018;
-    public static final int TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019;
-    public static final int TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A;
-    public static final int TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B;
-
-    /*
-     * RFC 3268
-     */
-    public static final int TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
-    public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
-    public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
-    public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
-    public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
-    public static final int TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034;
-    public static final int TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035;
-    public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
-    public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
-    public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
-    public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
-    public static final int TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A;
-
-    /*
-     * RFC 4279
-     */
-    public static final int TLS_PSK_WITH_RC4_128_SHA = 0x008A;
-    public static final int TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B;
-    public static final int TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C;
-    public static final int TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D;
-    public static final int TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E;
-    public static final int TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F;
-    public static final int TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090;
-    public static final int TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091;
-    public static final int TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092;
-    public static final int TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093;
-    public static final int TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094;
-    public static final int TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095;
-
-    /*
-     * RFC 4492
-     */
-    public static final int TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001;
-    public static final int TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002;
-    public static final int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003;
-    public static final int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004;
-    public static final int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005;
-    public static final int TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006;
-    public static final int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
-    public static final int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008;
-    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009;
-    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A;
-    public static final int TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B;
-    public static final int TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C;
-    public static final int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D;
-    public static final int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E;
-    public static final int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F;
-    public static final int TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010;
-    public static final int TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011;
-    public static final int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012;
-    public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013;
-    public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014;
-    public static final int TLS_ECDH_anon_WITH_NULL_SHA = 0xC015;
-    public static final int TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016;
-    public static final int TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017;
-    public static final int TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018;
-    public static final int TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019;
-
-    /*
-     * RFC 5054
-     */
-    public static final int TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A;
-    public static final int TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B;
-    public static final int TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C;
-    public static final int TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D;
-    public static final int TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E;
-    public static final int TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F;
-    public static final int TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020;
-    public static final int TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021;
-    public static final int TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022;
-
-    /*
-     * RFC 5289
-     */
-    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023;
-    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024;
-    public static final int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025;
-    public static final int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026;
-    public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027;
-    public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028;
-    public static final int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029;
-    public static final int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A;
-    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B;
-    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C;
-    public static final int TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D;
-    public static final int TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E;
-    public static final int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F;
-    public static final int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030;
-    public static final int TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031;
-    public static final int TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032;
-
-    /*
-     * RFC 5746
-     */
-    public static final int TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java
deleted file mode 100644
index 57dcd0da3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 7.4.4
- */
-public class ClientCertificateType
-{
-    public static final short rsa_sign = 1;
-    public static final short dss_sign = 2;
-    public static final short rsa_fixed_dh = 3;
-    public static final short dss_fixed_dh = 4;
-
-    /*
-     * RFC 4492 5.5
-     */
-    public static final short ecdsa_sign = 64;
-    public static final short rsa_fixed_ecdh = 65;
-    public static final short ecdsa_fixed_ecdh = 66;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java
deleted file mode 100644
index f4594e03a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-
-/**
- * A combined hash, which implements md5(m) || sha1(m).
- */
-class CombinedHash implements Digest
-{
-    private MD5Digest md5;
-    private SHA1Digest sha1;
-
-    CombinedHash()
-    {
-        this.md5 = new MD5Digest();
-        this.sha1 = new SHA1Digest();
-    }
-
-    CombinedHash(CombinedHash t)
-    {
-        this.md5 = new MD5Digest(t.md5);
-        this.sha1 = new SHA1Digest(t.sha1);
-    }
-
-    /**
-     * @see org.bouncycastle.crypto.Digest#getAlgorithmName()
-     */
-    public String getAlgorithmName()
-    {
-        return md5.getAlgorithmName() + " and " + sha1.getAlgorithmName() + " for TLS 1.0";
-    }
-
-    /**
-     * @see org.bouncycastle.crypto.Digest#getDigestSize()
-     */
-    public int getDigestSize()
-    {
-        return 16 + 20;
-    }
-
-    /**
-     * @see org.bouncycastle.crypto.Digest#update(byte)
-     */
-    public void update(byte in)
-    {
-        md5.update(in);
-        sha1.update(in);
-    }
-
-    /**
-     * @see org.bouncycastle.crypto.Digest#update(byte[],int,int)
-     */
-    public void update(byte[] in, int inOff, int len)
-    {
-        md5.update(in, inOff, len);
-        sha1.update(in, inOff, len);
-    }
-
-    /**
-     * @see org.bouncycastle.crypto.Digest#doFinal(byte[],int)
-     */
-    public int doFinal(byte[] out, int outOff)
-    {
-        int i1 = md5.doFinal(out, outOff);
-        int i2 = sha1.doFinal(out, outOff + 16);
-        return i1 + i2;
-    }
-
-    /**
-     * @see org.bouncycastle.crypto.Digest#reset()
-     */
-    public void reset()
-    {
-        md5.reset();
-        sha1.reset();
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java
deleted file mode 100644
index 50be7a317..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 6.1
- */
-public class CompressionMethod
-{
-    public static final short NULL = 0;
-
-    /*
-     * RFC 3749 2
-     */
-    public static final short DEFLATE = 1;
-
-    /*
-     * Values from 224 decimal (0xE0) through 255 decimal (0xFF)
-     * inclusive are reserved for private use.
-     */
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ContentType.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ContentType.java
deleted file mode 100644
index d814eac04..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ContentType.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 6.2.1
- */
-public class ContentType
-{
-    public static final short change_cipher_spec = 20;
-    public static final short alert = 21;
-    public static final short handshake = 22;
-    public static final short application_data = 23;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsAgreementCredentials.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsAgreementCredentials.java
deleted file mode 100644
index d03c8069d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsAgreementCredentials.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.agreement.DHBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.util.BigIntegers;
-
-public class DefaultTlsAgreementCredentials implements TlsAgreementCredentials
-{
-    protected Certificate clientCert;
-    protected AsymmetricKeyParameter clientPrivateKey;
-
-    protected BasicAgreement basicAgreement;
-
-    public DefaultTlsAgreementCredentials(Certificate clientCertificate, AsymmetricKeyParameter clientPrivateKey)
-    {
-        if (clientCertificate == null)
-        {
-            throw new IllegalArgumentException("'clientCertificate' cannot be null");
-        }
-        if (clientCertificate.certs.length == 0)
-        {
-            throw new IllegalArgumentException("'clientCertificate' cannot be empty");
-        }
-        if (clientPrivateKey == null)
-        {
-            throw new IllegalArgumentException("'clientPrivateKey' cannot be null");
-        }
-        if (!clientPrivateKey.isPrivate())
-        {
-            throw new IllegalArgumentException("'clientPrivateKey' must be private");
-        }
-
-        if (clientPrivateKey instanceof DHPrivateKeyParameters)
-        {
-            basicAgreement = new DHBasicAgreement();
-        }
-        else if (clientPrivateKey instanceof ECPrivateKeyParameters)
-        {
-            basicAgreement = new ECDHBasicAgreement();
-        }
-        else
-        {
-            throw new IllegalArgumentException("'clientPrivateKey' type not supported: "
-                + clientPrivateKey.getClass().getName());
-        }
-
-        this.clientCert = clientCertificate;
-        this.clientPrivateKey = clientPrivateKey;
-    }
-
-    public Certificate getCertificate()
-    {
-        return clientCert;
-    }
-
-    public byte[] generateAgreement(AsymmetricKeyParameter serverPublicKey)
-    {
-        basicAgreement.init(clientPrivateKey);
-        BigInteger agreementValue = basicAgreement.calculateAgreement(serverPublicKey);
-        return BigIntegers.asUnsignedByteArray(agreementValue);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
deleted file mode 100644
index cdf1f73d2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-
-public class DefaultTlsCipherFactory implements TlsCipherFactory
-{
-    public TlsCipher createCipher(TlsClientContext context, int encryptionAlgorithm, int digestAlgorithm) throws IOException
-    {
-        switch (encryptionAlgorithm)
-        {
-            case EncryptionAlgorithm._3DES_EDE_CBC:
-                return createDESedeCipher(context, 24, digestAlgorithm);
-            case EncryptionAlgorithm.AES_128_CBC:
-                return createAESCipher(context, 16, digestAlgorithm);
-            case EncryptionAlgorithm.AES_256_CBC:
-                return createAESCipher(context, 32, digestAlgorithm);
-            default:
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    protected TlsCipher createAESCipher(TlsClientContext context, int cipherKeySize, int digestAlgorithm) throws IOException
-    {
-        return new TlsBlockCipher(context, createAESBlockCipher(),
-            createAESBlockCipher(), createDigest(digestAlgorithm), createDigest(digestAlgorithm), cipherKeySize);
-    }
-
-    protected TlsCipher createDESedeCipher(TlsClientContext context, int cipherKeySize, int digestAlgorithm) throws IOException
-    {
-        return new TlsBlockCipher(context, createDESedeBlockCipher(),
-            createDESedeBlockCipher(), createDigest(digestAlgorithm), createDigest(digestAlgorithm), cipherKeySize);
-    }
-
-    protected BlockCipher createAESBlockCipher()
-    {
-        return new CBCBlockCipher(new AESFastEngine());
-    }
-
-    protected BlockCipher createDESedeBlockCipher()
-    {
-        return new CBCBlockCipher(new DESedeEngine());
-    }
-
-    protected Digest createDigest(int digestAlgorithm) throws IOException
-    {
-        switch (digestAlgorithm)
-        {
-            case DigestAlgorithm.MD5:
-                return new MD5Digest();
-            case DigestAlgorithm.SHA:
-                return new SHA1Digest();
-            case DigestAlgorithm.SHA256:
-                return new SHA256Digest();
-            case DigestAlgorithm.SHA384:
-                return new SHA384Digest();
-            default:
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java
deleted file mode 100644
index 3101493bc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java
+++ /dev/null
@@ -1,238 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.util.Hashtable;
-
-public abstract class DefaultTlsClient implements TlsClient
-{
-    protected TlsCipherFactory cipherFactory;
-
-    protected TlsClientContext context;
-
-    protected int selectedCipherSuite;
-    protected int selectedCompressionMethod;
-
-    public DefaultTlsClient()
-    {
-        this(new DefaultTlsCipherFactory());
-    }
-
-    public DefaultTlsClient(TlsCipherFactory cipherFactory)
-    {
-        this.cipherFactory = cipherFactory;
-    }
-
-    public void init(TlsClientContext context)
-    {
-        this.context = context;
-    }
-
-    public int[] getCipherSuites()
-    {
-        return new int[] {
-            CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-            CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-            CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-        };
-    }
-
-    public Hashtable getClientExtensions()
-    {
-        return null;
-    }
-
-    public short[] getCompressionMethods()
-    {
-        return new short[] { CompressionMethod.NULL };
-    }
-
-    public void notifySessionID(byte[] sessionID)
-    {
-        // Currently ignored 
-    }
-
-    public void notifySelectedCipherSuite(int selectedCipherSuite)
-    {
-        this.selectedCipherSuite = selectedCipherSuite;
-    }
-
-    public void notifySelectedCompressionMethod(short selectedCompressionMethod)
-    {
-        this.selectedCompressionMethod = selectedCompressionMethod;
-    }
-
-    public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException
-    {
-        if (!secureRenegotiation)
-        {
-            /*
-             * RFC 5746 3.4. If the extension is not present, the server does not support
-             * secure renegotiation; set secure_renegotiation flag to FALSE. In this case,
-             * some clients may want to terminate the handshake instead of continuing; see
-             * Section 4.1 for discussion.
-             */
-//            throw new TlsFatalAlert(AlertDescription.handshake_failure);
-        }
-    }
-
-    public void processServerExtensions(Hashtable serverExtensions)
-    {
-    }
-
-    public TlsKeyExchange getKeyExchange() throws IOException
-    {
-        switch (selectedCipherSuite)
-        {
-            case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA:
-                return createRSAKeyExchange();
-
-            case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA:
-                return createDHKeyExchange(KeyExchangeAlgorithm.DH_DSS);
-
-            case CipherSuite.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA:
-                return createDHKeyExchange(KeyExchangeAlgorithm.DH_RSA);
-
-            case CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
-                return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_DSS);
-
-            case CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-                return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_RSA);
-
-            case CipherSuite.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
-                return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_ECDSA);
-
-            case CipherSuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
-                return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_ECDSA);
-
-            case CipherSuite.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
-                return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_RSA);
-
-            case CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
-                return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_RSA);
-
-            default:
-                /*
-                 * Note: internal error here; the TlsProtocolHandler verifies that the
-                 * server-selected cipher suite was in the list of client-offered cipher
-                 * suites, so if we now can't produce an implementation, we shouldn't have
-                 * offered it!
-                 */
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public TlsCompression getCompression() throws IOException
-    {
-        switch (selectedCompressionMethod)
-        {
-            case CompressionMethod.NULL:
-                return new TlsNullCompression();
-
-            default:
-                /*
-                 * Note: internal error here; the TlsProtocolHandler verifies that the
-                 * server-selected compression method was in the list of client-offered compression
-                 * methods, so if we now can't produce an implementation, we shouldn't have
-                 * offered it!
-                 */
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public TlsCipher getCipher() throws IOException
-    {
-        switch (selectedCipherSuite)
-        {
-            case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
-                return cipherFactory.createCipher(context, EncryptionAlgorithm._3DES_EDE_CBC, DigestAlgorithm.SHA);
-
-            case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
-                return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC, DigestAlgorithm.SHA);
-
-            case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
-                return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC, DigestAlgorithm.SHA);
-
-            default:
-                /*
-                 * Note: internal error here; the TlsProtocolHandler verifies that the
-                 * server-selected cipher suite was in the list of client-offered cipher
-                 * suites, so if we now can't produce an implementation, we shouldn't have
-                 * offered it!
-                 */
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    protected TlsKeyExchange createDHKeyExchange(int keyExchange)
-    {
-        return new TlsDHKeyExchange(context, keyExchange);
-    }
-
-    protected TlsKeyExchange createDHEKeyExchange(int keyExchange)
-    {
-        return new TlsDHEKeyExchange(context, keyExchange);
-    }
-
-    protected TlsKeyExchange createECDHKeyExchange(int keyExchange)
-    {
-        return new TlsECDHKeyExchange(context, keyExchange);
-    }
-
-    protected TlsKeyExchange createECDHEKeyExchange(int keyExchange)
-    {
-        return new TlsECDHEKeyExchange(context, keyExchange);
-    }
-
-    protected TlsKeyExchange createRSAKeyExchange()
-    {
-        return new TlsRSAKeyExchange(context);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java
deleted file mode 100644
index b26a18a4b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-public class DefaultTlsSignerCredentials implements TlsSignerCredentials
-{
-    protected TlsClientContext context;
-    protected Certificate clientCert;
-    protected AsymmetricKeyParameter clientPrivateKey;
-
-    protected TlsSigner clientSigner;
-
-    public DefaultTlsSignerCredentials(TlsClientContext context, Certificate clientCertificate,
-        AsymmetricKeyParameter clientPrivateKey)
-    {
-        if (clientCertificate == null)
-        {
-            throw new IllegalArgumentException("'clientCertificate' cannot be null");
-        }
-        if (clientCertificate.certs.length == 0)
-        {
-            throw new IllegalArgumentException("'clientCertificate' cannot be empty");
-        }
-        if (clientPrivateKey == null)
-        {
-            throw new IllegalArgumentException("'clientPrivateKey' cannot be null");
-        }
-        if (!clientPrivateKey.isPrivate())
-        {
-            throw new IllegalArgumentException("'clientPrivateKey' must be private");
-        }
-
-        if (clientPrivateKey instanceof RSAKeyParameters)
-        {
-            clientSigner = new TlsRSASigner();
-        }
-        else if (clientPrivateKey instanceof DSAPrivateKeyParameters)
-        {
-            clientSigner = new TlsDSSSigner();
-        }
-        else if (clientPrivateKey instanceof ECPrivateKeyParameters)
-        {
-            clientSigner = new TlsECDSASigner();
-        }
-        else
-        {
-            throw new IllegalArgumentException("'clientPrivateKey' type not supported: "
-                + clientPrivateKey.getClass().getName());
-        }
-
-        this.context = context;
-        this.clientCert = clientCertificate;
-        this.clientPrivateKey = clientPrivateKey;
-    }
-
-    public Certificate getCertificate()
-    {
-        return clientCert;
-    }
-
-    public byte[] generateCertificateSignature(byte[] md5andsha1) throws IOException
-    {
-        try
-        {
-            return clientSigner.calculateRawSignature(context.getSecureRandom(), clientPrivateKey,
-                md5andsha1);
-        }
-        catch (CryptoException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
deleted file mode 100644
index 25f463175..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public class DigestAlgorithm
-{
-    /*
-     * Note that the values here are implementation-specific and arbitrary.
-     * It is recommended not to depend on the particular values (e.g. serialization).
-     */
-    public static final int NULL = 0;
-    public static final int MD5 = 1;
-    public static final int SHA = 2;
-
-    /*
-     * RFC 5289
-     */
-    public static final int SHA256 = 3;
-    public static final int SHA384 = 4;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECCurveType.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECCurveType.java
deleted file mode 100644
index 0b6542fc2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECCurveType.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 4492 5.4
- */
-public class ECCurveType
-{
-    /**
-     * Indicates the elliptic curve domain parameters are conveyed verbosely, and the
-     * underlying finite field is a prime field.
-     */
-    public static final short explicit_prime = 1;
-
-    /**
-     * Indicates the elliptic curve domain parameters are conveyed verbosely, and the
-     * underlying finite field is a characteristic-2 field.
-     */
-    public static final short explicit_char2 = 2;
-
-    /**
-     * Indicates that a named curve is used. This option SHOULD be used when applicable.
-     */
-    public static final short named_curve = 3;
-
-    /*
-     * Values 248 through 255 are reserved for private use.
-     */
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECPointFormat.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECPointFormat.java
deleted file mode 100644
index 969d42ee2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ECPointFormat.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 4492 5.1.2
- */
-public class ECPointFormat
-{
-    public static final short uncompressed = 0;
-    public static final short ansiX962_compressed_prime = 1;
-    public static final short ansiX962_compressed_char2 = 2;
-
-    /*
-     * reserved (248..255)
-     */
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
deleted file mode 100644
index 4d8fa6870..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public class EncryptionAlgorithm
-{
-    /*
-     * Note that the values here are implementation-specific and arbitrary.
-     * It is recommended not to depend on the particular values (e.g. serialization).
-     */
-    public static final int NULL = 0;
-    public static final int RC4_40 = 1;
-    public static final int RC4_128 = 2;
-    public static final int RC2_CBC_40 = 3;
-    public static final int IDEA_CBC = 4;
-    public static final int DES40_CBC = 5;
-    public static final int DES_CBC = 6;
-    public static final int _3DES_EDE_CBC = 7;
-
-    /*
-     * RFC 3268
-     */
-    public static final int AES_128_CBC = 8;
-    public static final int AES_256_CBC = 9;
-
-    /*
-     * RFC 5289
-     */
-    public static final int AES_128_GCM = 10;
-    public static final int AES_256_GCM = 11;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java
deleted file mode 100644
index 204f92afc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 4366 2.3
- */
-public class ExtensionType
-{
-    public static final int server_name = 0;
-    public static final int max_fragment_length = 1;
-    public static final int client_certificate_url = 2;
-    public static final int trusted_ca_keys = 3;
-    public static final int truncated_hmac = 4;
-    public static final int status_request = 5;
-
-    /*
-     * RFC 4492
-     */
-    public static final int elliptic_curves = 10;
-    public static final int ec_point_formats = 11;
-
-    /*
-     * RFC 5054 2.8.1
-     */
-    public static final int srp = 12;
-
-    /*
-     * RFC 5746 6
-     */
-    public static final int renegotiation_info = 0xff01;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/HandshakeType.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/HandshakeType.java
deleted file mode 100644
index 14e271dae..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/HandshakeType.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246 7.4
- */
-public class HandshakeType
-{
-    public static final short hello_request = 0;
-    public static final short client_hello = 1;
-    public static final short server_hello = 2;
-    public static final short certificate = 11;
-    public static final short server_key_exchange = 12;
-    public static final short certificate_request = 13;
-    public static final short server_hello_done = 14;
-    public static final short certificate_verify = 15;
-    public static final short client_key_exchange = 16;
-    public static final short finished = 20;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
deleted file mode 100644
index 6415663da..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public class KeyExchangeAlgorithm
-{
-    /*
-     * Note that the values here are implementation-specific and arbitrary.
-     * It is recommended not to depend on the particular values (e.g. serialization).
-     */
-    public static final int NULL = 0;
-    public static final int RSA = 1;
-    public static final int RSA_EXPORT = 2;
-    public static final int DHE_DSS = 3;
-    public static final int DHE_DSS_EXPORT = 4;
-    public static final int DHE_RSA = 5;
-    public static final int DHE_RSA_EXPORT = 6;
-    public static final int DH_DSS = 7;
-    public static final int DH_DSS_EXPORT = 8;
-    public static final int DH_RSA = 9;
-    public static final int DH_RSA_EXPORT = 10;
-    public static final int DH_anon = 11;
-    public static final int DH_anon_EXPORT = 12;
-    public static final int PSK = 13;
-    public static final int DHE_PSK = 14;
-    public static final int RSA_PSK = 15;
-    public static final int ECDH_ECDSA = 16;
-    public static final int ECDHE_ECDSA = 17;
-    public static final int ECDH_RSA = 18;
-    public static final int ECDHE_RSA = 19;
-    public static final int ECDH_anon = 20;
-    public static final int SRP = 21;
-    public static final int SRP_DSS = 22;
-    public static final int SRP_RSA = 23;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java
deleted file mode 100644
index 75e74740a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-/**
- * A temporary class to wrap old CertificateVerifyer stuff for new TlsAuthentication
- * 
- * @deprecated
- */
-public class LegacyTlsAuthentication implements TlsAuthentication
-{
-    protected CertificateVerifyer verifyer;
-
-    public LegacyTlsAuthentication(CertificateVerifyer verifyer)
-    {
-        this.verifyer = verifyer;
-    }
-
-    public void notifyServerCertificate(Certificate serverCertificate) throws IOException
-    {
-        if (!this.verifyer.isValid(serverCertificate.getCerts()))
-        {
-            throw new TlsFatalAlert(AlertDescription.user_canceled);
-        }
-    }
-
-    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java
deleted file mode 100644
index 2af98b845..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-/**
- * A temporary class to use LegacyTlsAuthentication
- * 
- * @deprecated
- */
-public class LegacyTlsClient extends DefaultTlsClient
-{
-    /** @deprecated */
-    protected CertificateVerifyer verifyer;
-
-    /**
-     * @deprecated
-     */
-    public LegacyTlsClient(CertificateVerifyer verifyer)
-    {
-        super();
-
-        this.verifyer = verifyer;
-    }
-
-    public TlsAuthentication getAuthentication() throws IOException
-    {
-        return new LegacyTlsAuthentication(verifyer);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
deleted file mode 100644
index bebabcb45..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-
-/**
- * RFC 4492 5.1.1
- * 
- * The named curves defined here are those specified in SEC 2 [13]. Note that many of
- * these curves are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00
- * through 0xFEFF are reserved for private use. Values 0xFF01 and 0xFF02 indicate that the
- * client supports arbitrary prime and characteristic-2 curves, respectively (the curve
- * parameters must be encoded explicitly in ECParameters).
- */
-public class NamedCurve
-{
-    public static final int sect163k1 = 1;
-    public static final int sect163r1 = 2;
-    public static final int sect163r2 = 3;
-    public static final int sect193r1 = 4;
-    public static final int sect193r2 = 5;
-    public static final int sect233k1 = 6;
-    public static final int sect233r1 = 7;
-    public static final int sect239k1 = 8;
-    public static final int sect283k1 = 9;
-    public static final int sect283r1 = 10;
-    public static final int sect409k1 = 11;
-    public static final int sect409r1 = 12;
-    public static final int sect571k1 = 13;
-    public static final int sect571r1 = 14;
-    public static final int secp160k1 = 15;
-    public static final int secp160r1 = 16;
-    public static final int secp160r2 = 17;
-    public static final int secp192k1 = 18;
-    public static final int secp192r1 = 19;
-    public static final int secp224k1 = 20;
-    public static final int secp224r1 = 21;
-    public static final int secp256k1 = 22;
-    public static final int secp256r1 = 23;
-    public static final int secp384r1 = 24;
-    public static final int secp521r1 = 25;
-
-    /*
-     * reserved (0xFE00..0xFEFF)
-     */
-
-    public static final int arbitrary_explicit_prime_curves = 0xFF01;
-    public static final int arbitrary_explicit_char2_curves = 0xFF02;
-
-    private static final String[] curveNames = new String[] {
-        "sect163k1",
-        "sect163r1",
-        "sect163r2",
-        "sect193r1",
-        "sect193r2",
-        "sect233k1",
-        "sect233r1",
-        "sect239k1",
-        "sect283k1",
-        "sect283r1",
-        "sect409k1",
-        "sect409r1",
-        "sect571k1",
-        "sect571r1",
-        "secp160k1",
-        "secp160r1",
-        "secp160r2",
-        "secp192k1",
-        "secp192r1",
-        "secp224k1",
-        "secp224r1",
-        "secp256k1",
-        "secp256r1",
-        "secp384r1",
-        "secp521r1", };
-
-    static ECDomainParameters getECParameters(int namedCurve)
-    {
-        int index = namedCurve - 1;
-        if (index < 0 || index >= curveNames.length)
-        {
-            return null;
-        }
-
-        String curveName = curveNames[index];
-
-        // Lazily created the first time a particular curve is accessed
-        X9ECParameters ecP = SECNamedCurves.getByName(curveName);
-
-        if (ecP == null)
-        {
-            return null;
-        }
-
-        // It's a bit inefficient to do this conversion every time
-        return new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(),
-            ecP.getSeed());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
deleted file mode 100644
index 269401bcb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
+++ /dev/null
@@ -1,158 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-/**
- * An implementation of the TLS 1.0 record layer.
- */
-class RecordStream
-{
-    private TlsProtocolHandler handler;
-    private InputStream is;
-    private OutputStream os;
-    private CombinedHash hash;
-    private TlsCompression readCompression = null;
-    private TlsCompression writeCompression = null;
-    private TlsCipher readCipher = null;
-    private TlsCipher writeCipher = null;
-    private ByteArrayOutputStream buffer = new ByteArrayOutputStream();
-
-    RecordStream(TlsProtocolHandler handler, InputStream is, OutputStream os)
-    {
-        this.handler = handler;
-        this.is = is;
-        this.os = os;
-        this.hash = new CombinedHash();
-        this.readCompression = new TlsNullCompression();
-        this.writeCompression = this.readCompression;
-        this.readCipher = new TlsNullCipher();
-        this.writeCipher = this.readCipher;
-    }
-
-    void clientCipherSpecDecided(TlsCompression tlsCompression, TlsCipher tlsCipher)
-    {
-        this.writeCompression = tlsCompression;
-        this.writeCipher = tlsCipher;
-    }
-
-    void serverClientSpecReceived()
-    {
-        this.readCompression = this.writeCompression;
-        this.readCipher = this.writeCipher;
-    }
-
-    public void readData() throws IOException
-    {
-        short type = TlsUtils.readUint8(is);
-        TlsUtils.checkVersion(is, handler);
-        int size = TlsUtils.readUint16(is);
-        byte[] buf = decodeAndVerify(type, is, size);
-        handler.processData(type, buf, 0, buf.length);
-    }
-
-    protected byte[] decodeAndVerify(short type, InputStream is, int len) throws IOException
-    {
-        byte[] buf = new byte[len];
-        TlsUtils.readFully(buf, is);
-        byte[] decoded = readCipher.decodeCiphertext(type, buf, 0, buf.length);
-
-        OutputStream cOut = readCompression.decompress(buffer);
-
-        if (cOut == buffer)
-        {
-            return decoded;
-        }
-
-        cOut.write(decoded, 0, decoded.length);
-        cOut.flush();
-        return getBufferContents();
-    }
-
-    protected void writeMessage(short type, byte[] message, int offset, int len) throws IOException
-    {
-        if (type == ContentType.handshake)
-        {
-            updateHandshakeData(message, offset, len);
-        }
-
-        OutputStream cOut = writeCompression.compress(buffer);
-
-        byte[] ciphertext;
-        if (cOut == buffer)
-        {
-            ciphertext = writeCipher.encodePlaintext(type, message, offset, len);
-        }
-        else
-        {
-            cOut.write(message, offset, len);
-            cOut.flush();
-            byte[] compressed = getBufferContents();
-            ciphertext = writeCipher.encodePlaintext(type, compressed, 0, compressed.length);
-        }
-
-        byte[] writeMessage = new byte[ciphertext.length + 5];
-        TlsUtils.writeUint8(type, writeMessage, 0);
-        TlsUtils.writeVersion(writeMessage, 1);
-        TlsUtils.writeUint16(ciphertext.length, writeMessage, 3);
-        System.arraycopy(ciphertext, 0, writeMessage, 5, ciphertext.length);
-        os.write(writeMessage);
-        os.flush();
-    }
-
-    void updateHandshakeData(byte[] message, int offset, int len)
-    {
-        hash.update(message, offset, len);
-    }
-
-    byte[] getCurrentHash()
-    {
-        return doFinal(new CombinedHash(hash));
-    }
-
-    protected void close() throws IOException
-    {
-        IOException e = null;
-        try
-        {
-            is.close();
-        }
-        catch (IOException ex)
-        {
-            e = ex;
-        }
-        try
-        {
-            os.close();
-        }
-        catch (IOException ex)
-        {
-            e = ex;
-        }
-        if (e != null)
-        {
-            throw e;
-        }
-    }
-
-    protected void flush() throws IOException
-    {
-        os.flush();
-    }
-
-    private byte[] getBufferContents()
-    {
-        byte[] contents = buffer.toByteArray();
-        buffer.reset();
-        return contents;
-    }
-
-    private static byte[] doFinal(CombinedHash ch)
-    {
-        byte[] bs = new byte[ch.getDigestSize()];
-        ch.doFinal(bs, 0);
-        return bs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java
deleted file mode 100644
index 841c0fb78..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java
+++ /dev/null
@@ -1,188 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Hashtable;
-
-import org.bouncycastle.util.Arrays;
-
-public abstract class SRPTlsClient implements TlsClient
-{
-    public static final Integer EXT_SRP = new Integer(ExtensionType.srp);
-
-    protected TlsCipherFactory cipherFactory;
-    protected byte[] identity;
-    protected byte[] password;
-
-    protected TlsClientContext context;
-
-    protected int selectedCompressionMethod;
-    protected int selectedCipherSuite;
-
-    public SRPTlsClient(byte[] identity, byte[] password)
-    {
-        this(new DefaultTlsCipherFactory(), identity, password);
-    }
-
-    public SRPTlsClient(TlsCipherFactory cipherFactory, byte[] identity, byte[] password)
-    {
-        this.cipherFactory = cipherFactory;
-        this.identity = Arrays.clone(identity);
-        this.password = Arrays.clone(password);
-    }
-
-    public void init(TlsClientContext context)
-    {
-        this.context = context;
-    }
-
-    public int[] getCipherSuites()
-    {
-        return new int[] {
-            CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, };
-    }
-
-    public Hashtable getClientExtensions() throws IOException
-    {
-        Hashtable clientExtensions = new Hashtable();
-
-        ByteArrayOutputStream srpData = new ByteArrayOutputStream();
-        TlsUtils.writeOpaque8(this.identity, srpData);
-        clientExtensions.put(EXT_SRP, srpData.toByteArray());
-
-        return clientExtensions;
-    }
-
-    public short[] getCompressionMethods()
-    {
-        return new short[] { CompressionMethod.NULL };
-    }
-
-    public void notifySessionID(byte[] sessionID)
-    {
-        // Currently ignored 
-    }
-
-    public void notifySelectedCipherSuite(int selectedCipherSuite)
-    {
-        this.selectedCipherSuite = selectedCipherSuite;
-    }
-
-    public void notifySelectedCompressionMethod(short selectedCompressionMethod)
-    {
-        this.selectedCompressionMethod = selectedCompressionMethod;
-    }
-
-    public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException
-    {
-        if (!secureRenegotiation)
-        {
-            /*
-             * RFC 5746 3.4. If the extension is not present, the server does not support
-             * secure renegotiation; set secure_renegotiation flag to FALSE. In this case,
-             * some clients may want to terminate the handshake instead of continuing; see
-             * Section 4.1 for discussion.
-             */
-//            throw new TlsFatalAlert(AlertDescription.handshake_failure);
-        }
-    }
-
-    public void processServerExtensions(Hashtable serverExtensions)
-    {
-        // There is no server response for the SRP extension
-    }
-
-    public TlsKeyExchange getKeyExchange() throws IOException
-    {
-        switch (selectedCipherSuite)
-        {
-            case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
-                return createSRPKeyExchange(KeyExchangeAlgorithm.SRP);
-
-            case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
-                return createSRPKeyExchange(KeyExchangeAlgorithm.SRP_RSA);
-
-            case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
-                return createSRPKeyExchange(KeyExchangeAlgorithm.SRP_DSS);
-
-            default:
-                /*
-                 * Note: internal error here; the TlsProtocolHandler verifies that the
-                 * server-selected cipher suite was in the list of client-offered cipher
-                 * suites, so if we now can't produce an implementation, we shouldn't have
-                 * offered it!
-                 */
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public TlsCompression getCompression() throws IOException
-    {
-        switch (selectedCompressionMethod)
-        {
-            case CompressionMethod.NULL:
-                return new TlsNullCompression();
-
-            default:
-                /*
-                 * Note: internal error here; the TlsProtocolHandler verifies that the
-                 * server-selected compression method was in the list of client-offered compression
-                 * methods, so if we now can't produce an implementation, we shouldn't have
-                 * offered it!
-                 */
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public TlsCipher getCipher() throws IOException
-    {
-        switch (selectedCipherSuite)
-        {
-            case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
-                return cipherFactory.createCipher(context, EncryptionAlgorithm._3DES_EDE_CBC,
-                    DigestAlgorithm.SHA);
-
-            case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
-                return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC,
-                    DigestAlgorithm.SHA);
-
-            case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
-            case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
-                return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC,
-                    DigestAlgorithm.SHA);
-
-            default:
-                /*
-                 * Note: internal error here; the TlsProtocolHandler verifies that the
-                 * server-selected cipher suite was in the list of client-offered cipher
-                 * suites, so if we now can't produce an implementation, we shouldn't have
-                 * offered it!
-                 */
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    protected TlsKeyExchange createSRPKeyExchange(int keyExchange)
-    {
-        return new TlsSRPKeyExchange(context, keyExchange, identity, password);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java
deleted file mode 100644
index b3c433d17..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public class SecurityParameters
-{
-    byte[] clientRandom = null;
-    byte[] serverRandom = null;
-    byte[] masterSecret = null;
-
-    public byte[] getClientRandom()
-    {
-        return clientRandom;
-    }
-
-    public byte[] getServerRandom()
-    {
-        return serverRandom;
-    }
-
-    public byte[] getMasterSecret()
-    {
-        return masterSecret;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java
deleted file mode 100644
index 9e70ed0a7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-
-public interface TlsAgreementCredentials extends TlsCredentials
-{
-    byte[] generateAgreement(AsymmetricKeyParameter serverPublicKey) throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAuthentication.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAuthentication.java
deleted file mode 100644
index e2800096e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsAuthentication.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-public interface TlsAuthentication
-{
-    /**
-     * Called by the protocol handler to report the server certificate
-     * Note: this method is responsible for certificate verification and validation
-     * 
-     * @param serverCertificate the server certificate received
-     * @throws IOException
-     */
-    void notifyServerCertificate(Certificate serverCertificate) throws IOException;
-
-    /**
-     * Return client credentials in response to server's certificate request
-     * 
-     * @param certificateRequest details of the certificate request
-     * @return a TlsCredentials object or null for no client authentication
-     * @throws IOException
-     */
-    TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java
deleted file mode 100644
index 0ff421316..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java
+++ /dev/null
@@ -1,219 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Arrays;
-
-/**
- * A generic TLS 1.0 block cipher. This can be used for AES or 3DES for example.
- */
-public class TlsBlockCipher implements TlsCipher
-{
-    protected TlsClientContext context;
-
-    protected BlockCipher encryptCipher;
-    protected BlockCipher decryptCipher;
-
-    protected TlsMac writeMac;
-    protected TlsMac readMac;
-
-    public TlsBlockCipher(TlsClientContext context, BlockCipher encryptCipher,
-        BlockCipher decryptCipher, Digest writeDigest, Digest readDigest, int cipherKeySize)
-    {
-        this.context = context;
-        this.encryptCipher = encryptCipher;
-        this.decryptCipher = decryptCipher;
-
-        int prfSize = (2 * cipherKeySize) + writeDigest.getDigestSize()
-            + readDigest.getDigestSize() + encryptCipher.getBlockSize()
-            + decryptCipher.getBlockSize();
-
-        SecurityParameters securityParameters = context.getSecurityParameters();
-
-        byte[] key_block = TlsUtils.PRF(securityParameters.masterSecret, "key expansion",
-            TlsUtils.concat(securityParameters.serverRandom, securityParameters.clientRandom),
-            prfSize);
-
-        int offset = 0;
-
-        // Init MACs
-        writeMac = new TlsMac(writeDigest, key_block, offset, writeDigest.getDigestSize());
-        offset += writeDigest.getDigestSize();
-        readMac = new TlsMac(readDigest, key_block, offset, readDigest.getDigestSize());
-        offset += readDigest.getDigestSize();
-
-        // Init Ciphers
-        this.initCipher(true, encryptCipher, key_block, cipherKeySize, offset, offset
-            + (cipherKeySize * 2));
-        offset += cipherKeySize;
-        this.initCipher(false, decryptCipher, key_block, cipherKeySize, offset, offset
-            + cipherKeySize + encryptCipher.getBlockSize());
-
-    }
-
-    protected void initCipher(boolean forEncryption, BlockCipher cipher, byte[] key_block,
-        int key_size, int key_offset, int iv_offset)
-    {
-        KeyParameter key_parameter = new KeyParameter(key_block, key_offset, key_size);
-        ParametersWithIV parameters_with_iv = new ParametersWithIV(key_parameter, key_block,
-            iv_offset, cipher.getBlockSize());
-        cipher.init(forEncryption, parameters_with_iv);
-    }
-
-    public byte[] encodePlaintext(short type, byte[] plaintext, int offset, int len)
-    {
-        int blocksize = encryptCipher.getBlockSize();
-
-        // Add a random number of extra blocks worth of padding
-        int minPaddingSize = blocksize - ((len + writeMac.getSize() + 1) % blocksize);
-        int maxExtraPadBlocks = (255 - minPaddingSize) / blocksize;
-        int actualExtraPadBlocks = chooseExtraPadBlocks(context.getSecureRandom(), maxExtraPadBlocks);
-        int paddingsize = minPaddingSize + (actualExtraPadBlocks * blocksize);
-
-        int totalsize = len + writeMac.getSize() + paddingsize + 1;
-        byte[] outbuf = new byte[totalsize];
-        System.arraycopy(plaintext, offset, outbuf, 0, len);
-        byte[] mac = writeMac.calculateMac(type, plaintext, offset, len);
-        System.arraycopy(mac, 0, outbuf, len, mac.length);
-        int paddoffset = len + mac.length;
-        for (int i = 0; i <= paddingsize; i++)
-        {
-            outbuf[i + paddoffset] = (byte)paddingsize;
-        }
-        for (int i = 0; i < totalsize; i += blocksize)
-        {
-            encryptCipher.processBlock(outbuf, i, outbuf, i);
-        }
-        return outbuf;
-    }
-
-    public byte[] decodeCiphertext(short type, byte[] ciphertext, int offset, int len)
-        throws IOException
-    {
-        // TODO TLS 1.1 (RFC 4346) introduces an explicit IV
-
-        int minLength = readMac.getSize() + 1;
-        int blocksize = decryptCipher.getBlockSize();
-        boolean decrypterror = false;
-
-        /*
-         * ciphertext must be at least (macsize + 1) bytes long
-         */
-        if (len < minLength)
-        {
-            throw new TlsFatalAlert(AlertDescription.decode_error);
-        }
-
-        /*
-         * ciphertext must be a multiple of blocksize
-         */
-        if (len % blocksize != 0)
-        {
-            throw new TlsFatalAlert(AlertDescription.decryption_failed);
-        }
-
-        /*
-         * Decrypt all the ciphertext using the blockcipher
-         */
-        for (int i = 0; i < len; i += blocksize)
-        {
-            decryptCipher.processBlock(ciphertext, i + offset, ciphertext, i + offset);
-        }
-
-        /*
-         * Check if padding is correct
-         */
-        int lastByteOffset = offset + len - 1;
-
-        byte paddingsizebyte = ciphertext[lastByteOffset];
-
-        // Note: interpret as unsigned byte
-        int paddingsize = paddingsizebyte & 0xff;
-
-        int maxPaddingSize = len - minLength;
-        if (paddingsize > maxPaddingSize)
-        {
-            decrypterror = true;
-            paddingsize = 0;
-        }
-        else
-        {
-            /*
-             * Now, check all the padding-bytes (constant-time comparison).
-             */
-            byte diff = 0;
-            for (int i = lastByteOffset - paddingsize; i < lastByteOffset; ++i)
-            {
-                diff |= (ciphertext[i] ^ paddingsizebyte);
-            }
-            if (diff != 0)
-            {
-                /* Wrong padding */
-                decrypterror = true;
-                paddingsize = 0;
-            }
-        }
-
-        /*
-         * We now don't care if padding verification has failed or not, we will calculate
-         * the mac to give an attacker no kind of timing profile he can use to find out if
-         * mac verification failed or padding verification failed.
-         */
-        int plaintextlength = len - minLength - paddingsize;
-        byte[] calculatedMac = readMac.calculateMac(type, ciphertext, offset, plaintextlength);
-
-        /*
-         * Check all bytes in the mac (constant-time comparison).
-         */
-        byte[] decryptedMac = new byte[calculatedMac.length];
-        System.arraycopy(ciphertext, offset + plaintextlength, decryptedMac, 0,
-            calculatedMac.length);
-
-        if (!Arrays.constantTimeAreEqual(calculatedMac, decryptedMac))
-        {
-            decrypterror = true;
-        }
-
-        /*
-         * Now, it is safe to fail.
-         */
-        if (decrypterror)
-        {
-            throw new TlsFatalAlert(AlertDescription.bad_record_mac);
-        }
-
-        byte[] plaintext = new byte[plaintextlength];
-        System.arraycopy(ciphertext, offset, plaintext, 0, plaintextlength);
-        return plaintext;
-    }
-
-    protected int chooseExtraPadBlocks(SecureRandom r, int max)
-    {
-//        return r.nextInt(max + 1);
-
-        int x = r.nextInt();
-        int n = lowestBitSet(x);
-        return Math.min(n, max);
-    }
-
-    protected int lowestBitSet(int x)
-    {
-        if (x == 0)
-        {
-            return 32;
-        }
-
-        int n = 0;
-        while ((x & 1) == 0)
-        {
-            ++n;
-            x >>= 1;
-        }
-        return n;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipher.java
deleted file mode 100644
index 559914b51..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipher.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-public interface TlsCipher
-{
-    byte[] encodePlaintext(short type, byte[] plaintext, int offset, int len) throws IOException;
-
-    byte[] decodeCiphertext(short type, byte[] ciphertext, int offset, int len) throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java
deleted file mode 100644
index 77ea8f3bc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-public interface TlsCipherFactory
-{
-    /**
-     * See enumeration classes EncryptionAlgorithm and DigestAlgorithm for appropriate argument values
-     */
-    TlsCipher createCipher(TlsClientContext context, int encryptionAlgorithm, int digestAlgorithm) throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
deleted file mode 100644
index 62b73b7f4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.util.Hashtable;
-
-public interface TlsClient
-{
-    void init(TlsClientContext context);
-
-    int[] getCipherSuites();
-
-    short[] getCompressionMethods();
-
-    // Hashtable is (Integer -> byte[])
-    Hashtable getClientExtensions() throws IOException;
-
-    void notifySessionID(byte[] sessionID);
-
-    void notifySelectedCipherSuite(int selectedCipherSuite);
-
-    void notifySelectedCompressionMethod(short selectedCompressionMethod);
-
-    void notifySecureRenegotiation(boolean secureNegotiation) throws IOException;
-
-    // Hashtable is (Integer -> byte[])
-    void processServerExtensions(Hashtable serverExtensions);
-
-    TlsKeyExchange getKeyExchange() throws IOException;
-
-    TlsAuthentication getAuthentication() throws IOException;
-
-    TlsCompression getCompression() throws IOException;
-
-    TlsCipher getCipher() throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContext.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContext.java
deleted file mode 100644
index faffa3c26..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContext.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.security.SecureRandom;
-
-public interface TlsClientContext
-{
-    SecureRandom getSecureRandom();
-
-    SecurityParameters getSecurityParameters();
-
-    Object getUserObject();
-
-    void setUserObject(Object userObject);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContextImpl.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContextImpl.java
deleted file mode 100644
index eb8d21f09..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsClientContextImpl.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.security.SecureRandom;
-
-class TlsClientContextImpl implements TlsClientContext
-{
-    private SecureRandom secureRandom;
-    private SecurityParameters securityParameters;
-
-    private Object userObject = null;
-
-    TlsClientContextImpl(SecureRandom secureRandom, SecurityParameters securityParameters)
-    {
-        this.secureRandom = secureRandom;
-        this.securityParameters = securityParameters;
-    }
-
-    public SecureRandom getSecureRandom()
-    {
-        return secureRandom;
-    }
-
-    public SecurityParameters getSecurityParameters()
-    {
-        return securityParameters;
-    }
-
-    public Object getUserObject()
-    {
-        return userObject;
-    }
-
-    public void setUserObject(Object userObject)
-    {
-        this.userObject = userObject;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCompression.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCompression.java
deleted file mode 100644
index cdeb7e332..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCompression.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.OutputStream;
-
-public interface TlsCompression
-{
-    OutputStream compress(OutputStream output);
-
-    OutputStream decompress(OutputStream output);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCredentials.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCredentials.java
deleted file mode 100644
index b8a8747eb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsCredentials.java
+++ /dev/null
@@ -1,6 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public interface TlsCredentials
-{
-    Certificate getCertificate();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
deleted file mode 100644
index 81b1e7157..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.io.SignerInputStream;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-class TlsDHEKeyExchange extends TlsDHKeyExchange
-{
-    TlsDHEKeyExchange(TlsClientContext context, int keyExchange)
-    {
-        super(context, keyExchange);
-    }
-
-    public void skipServerKeyExchange() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerKeyExchange(InputStream is)
-        throws IOException
-    {
-        SecurityParameters securityParameters = context.getSecurityParameters();
-
-        Signer signer = initSigner(tlsSigner, securityParameters);
-        InputStream sigIn = new SignerInputStream(is, signer);
-
-        byte[] pBytes = TlsUtils.readOpaque16(sigIn);
-        byte[] gBytes = TlsUtils.readOpaque16(sigIn);
-        byte[] YsBytes = TlsUtils.readOpaque16(sigIn);
-
-        byte[] sigByte = TlsUtils.readOpaque16(is);
-        if (!signer.verifySignature(sigByte))
-        {
-            throw new TlsFatalAlert(AlertDescription.bad_certificate);
-        }
-
-        BigInteger p = new BigInteger(1, pBytes);
-        BigInteger g = new BigInteger(1, gBytes);
-        BigInteger Ys = new BigInteger(1, YsBytes);
-
-        this.dhAgreeServerPublicKey = validateDHPublicKey(new DHPublicKeyParameters(Ys,
-            new DHParameters(p, g)));
-    }
-
-    protected Signer initSigner(TlsSigner tlsSigner, SecurityParameters securityParameters)
-    {
-        Signer signer = tlsSigner.createVerifyer(this.serverPublicKey);
-        signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
-        signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
-        return signer;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
deleted file mode 100644
index 6f00a4716..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
+++ /dev/null
@@ -1,250 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.agreement.DHBasicAgreement;
-import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-import org.bouncycastle.util.BigIntegers;
-
-/**
- * TLS 1.0 DH key exchange.
- */
-class TlsDHKeyExchange implements TlsKeyExchange
-{
-    protected static final BigInteger ONE = BigInteger.valueOf(1);
-    protected static final BigInteger TWO = BigInteger.valueOf(2);
-
-    protected TlsClientContext context;
-    protected int keyExchange;
-    protected TlsSigner tlsSigner;
-
-    protected AsymmetricKeyParameter serverPublicKey = null;
-    protected DHPublicKeyParameters dhAgreeServerPublicKey = null;
-    protected TlsAgreementCredentials agreementCredentials;
-    protected DHPrivateKeyParameters dhAgreeClientPrivateKey = null;
-
-    TlsDHKeyExchange(TlsClientContext context, int keyExchange)
-    {
-        switch (keyExchange)
-        {
-            case KeyExchangeAlgorithm.DH_RSA:
-            case KeyExchangeAlgorithm.DH_DSS:
-                this.tlsSigner = null;
-                break;
-            case KeyExchangeAlgorithm.DHE_RSA:
-                this.tlsSigner = new TlsRSASigner();
-                break;
-            case KeyExchangeAlgorithm.DHE_DSS:
-                this.tlsSigner = new TlsDSSSigner();
-                break;
-            default:
-                throw new IllegalArgumentException("unsupported key exchange algorithm");
-        }
-
-        this.context = context;
-        this.keyExchange = keyExchange;
-    }
-
-    public void skipServerCertificate() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerCertificate(Certificate serverCertificate) throws IOException
-    {
-        X509CertificateStructure x509Cert = serverCertificate.certs[0];
-        SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
-
-        try
-        {
-            this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
-        }
-        catch (RuntimeException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
-        }
-
-        if (tlsSigner == null)
-        {
-            try
-            {
-                this.dhAgreeServerPublicKey = validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
-            }
-            catch (ClassCastException e)
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
-        }
-        else
-        {
-            if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature);
-        }
-
-        // TODO 
-        /*
-         * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
-         * signing algorithm for the certificate must be the same as the algorithm for the
-         * certificate key."
-         */
-    }
-
-    public void skipServerKeyExchange() throws IOException
-    {
-        // OK
-    }
-
-    public void processServerKeyExchange(InputStream is)
-        throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        short[] types = certificateRequest.getCertificateTypes();
-        for (int i = 0; i < types.length; ++i)
-        {
-            switch (types[i])
-            {
-                case ClientCertificateType.rsa_sign:
-                case ClientCertificateType.dss_sign:
-                case ClientCertificateType.rsa_fixed_dh:
-                case ClientCertificateType.dss_fixed_dh:
-                case ClientCertificateType.ecdsa_sign:
-                    break;
-                default:
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-        }
-    }
-
-    public void skipClientCredentials() throws IOException
-    {
-        this.agreementCredentials = null;
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
-    {
-        if (clientCredentials instanceof TlsAgreementCredentials)
-        {
-            // TODO Validate client cert has matching parameters (see 'areCompatibleParameters')?
-
-            this.agreementCredentials = (TlsAgreementCredentials)clientCredentials;
-        }
-        else if (clientCredentials instanceof TlsSignerCredentials)
-        {
-            // OK
-        }
-        else
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public void generateClientKeyExchange(OutputStream os) throws IOException
-    {
-        /*
-         * RFC 2246 7.4.7.2 If the client certificate already contains a suitable
-         * Diffie-Hellman key, then Yc is implicit and does not need to be sent again. In
-         * this case, the Client Key Exchange message will be sent, but will be empty.
-         */
-        if (agreementCredentials != null)
-        {
-            TlsUtils.writeUint24(0, os);
-        }
-        else
-        {
-            generateEphemeralClientKeyExchange(dhAgreeServerPublicKey.getParameters(), os);
-        }
-    }
-
-    public byte[] generatePremasterSecret() throws IOException
-    {
-        if (agreementCredentials != null)
-        {
-            return agreementCredentials.generateAgreement(dhAgreeServerPublicKey);
-        }
-
-        return calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey);
-    }
-
-    protected boolean areCompatibleParameters(DHParameters a, DHParameters b)
-    {
-        return a.getP().equals(b.getP()) && a.getG().equals(b.getG());
-    }
-
-    protected byte[] calculateDHBasicAgreement(DHPublicKeyParameters publicKey,
-        DHPrivateKeyParameters privateKey)
-    {
-        DHBasicAgreement dhAgree = new DHBasicAgreement();
-        dhAgree.init(dhAgreeClientPrivateKey);
-        BigInteger agreement = dhAgree.calculateAgreement(dhAgreeServerPublicKey);
-        return BigIntegers.asUnsignedByteArray(agreement);
-    }
-
-    protected AsymmetricCipherKeyPair generateDHKeyPair(DHParameters dhParams)
-    {
-        DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator();
-        dhGen.init(new DHKeyGenerationParameters(context.getSecureRandom(), dhParams));
-        return dhGen.generateKeyPair();
-    }
-
-    protected void generateEphemeralClientKeyExchange(DHParameters dhParams, OutputStream os)
-        throws IOException
-    {
-        AsymmetricCipherKeyPair dhAgreeClientKeyPair = generateDHKeyPair(dhParams);
-        this.dhAgreeClientPrivateKey = (DHPrivateKeyParameters)dhAgreeClientKeyPair.getPrivate();
-
-        BigInteger Yc = ((DHPublicKeyParameters)dhAgreeClientKeyPair.getPublic()).getY();
-        byte[] keData = BigIntegers.asUnsignedByteArray(Yc);
-        TlsUtils.writeUint24(keData.length + 2, os);
-        TlsUtils.writeOpaque16(keData, os);
-    }
-
-    protected DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key)
-        throws IOException
-    {
-        BigInteger Y = key.getY();
-        DHParameters params = key.getParameters();
-        BigInteger p = params.getP();
-        BigInteger g = params.getG();
-
-        if (!p.isProbablePrime(2))
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-        if (g.compareTo(TWO) < 0 || g.compareTo(p.subtract(TWO)) > 0)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-        if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(ONE)) > 0)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        // TODO See RFC 2631 for more discussion of Diffie-Hellman validation
-
-        return key;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
deleted file mode 100644
index 2dcacd71f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.signers.DSADigestSigner;
-
-abstract class TlsDSASigner implements TlsSigner
-{
-    public byte[] calculateRawSignature(SecureRandom secureRandom, AsymmetricKeyParameter privateKey, byte[] md5andsha1)
-        throws CryptoException
-    {
-        // Note: Only use the SHA1 part of the hash
-        Signer signer = new DSADigestSigner(createDSAImpl(), new NullDigest());
-        signer.init(true, new ParametersWithRandom(privateKey, secureRandom));
-        signer.update(md5andsha1, 16, 20);
-        return signer.generateSignature();
-    }
-
-    public Signer createVerifyer(AsymmetricKeyParameter publicKey)
-    {
-        Signer verifyer = new DSADigestSigner(createDSAImpl(), new SHA1Digest());
-        verifyer.init(false, publicKey);
-        return verifyer;
-    }
-
-    protected abstract DSA createDSAImpl();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java
deleted file mode 100644
index 5a2400bbe..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-import org.bouncycastle.crypto.signers.DSASigner;
-
-class TlsDSSSigner extends TlsDSASigner
-{
-    public boolean isValidPublicKey(AsymmetricKeyParameter publicKey)
-    {
-        return publicKey instanceof DSAPublicKeyParameters;
-    }
-
-    protected DSA createDSAImpl()
-    {
-        return new DSASigner();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
deleted file mode 100644
index ee3d5a8be..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
+++ /dev/null
@@ -1,112 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.io.SignerInputStream;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.math.ec.ECPoint;
-
-/**
- * ECDHE key exchange (see RFC 4492)
- */
-class TlsECDHEKeyExchange extends TlsECDHKeyExchange
-{
-    TlsECDHEKeyExchange(TlsClientContext context, int keyExchange)
-    {
-        super(context, keyExchange);
-    }
-
-    public void skipServerKeyExchange() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerKeyExchange(InputStream is)
-        throws IOException
-    {
-        SecurityParameters securityParameters = context.getSecurityParameters();
-
-        Signer signer = initSigner(tlsSigner, securityParameters);
-        InputStream sigIn = new SignerInputStream(is, signer);
-
-        short curveType = TlsUtils.readUint8(sigIn);
-        ECDomainParameters curve_params;
-
-        //  Currently, we only support named curves
-        if (curveType == ECCurveType.named_curve)
-        {
-            int namedCurve = TlsUtils.readUint16(sigIn);
-
-            // TODO Check namedCurve is one we offered?
-
-            curve_params = NamedCurve.getECParameters(namedCurve);
-        }
-        else
-        {
-            // TODO Add support for explicit curve parameters (read from sigIn)
-
-            throw new TlsFatalAlert(AlertDescription.handshake_failure);
-        }
-
-        byte[] publicBytes = TlsUtils.readOpaque8(sigIn);
-
-        byte[] sigByte = TlsUtils.readOpaque16(is);
-        if (!signer.verifySignature(sigByte))
-        {
-            throw new TlsFatalAlert(AlertDescription.bad_certificate);
-        }
-
-        // TODO Check curve_params not null
-
-        ECPoint Q = curve_params.getCurve().decodePoint(publicBytes);
-
-        this.ecAgreeServerPublicKey = validateECPublicKey(new ECPublicKeyParameters(Q, curve_params));
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        /*
-         * RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable
-         * with ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is
-         * prohibited because the use of a long-term ECDH client key would jeopardize the
-         * forward secrecy property of these algorithms.
-         */
-        short[] types = certificateRequest.getCertificateTypes();
-        for (int i = 0; i < types.length; ++i)
-        {
-            switch (types[i])
-            {
-                case ClientCertificateType.rsa_sign:
-                case ClientCertificateType.dss_sign:
-                case ClientCertificateType.ecdsa_sign:
-                    break;
-                default:
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-        }
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
-    {
-        if (clientCredentials instanceof TlsSignerCredentials)
-        {
-            // OK
-        }
-        else
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    protected Signer initSigner(TlsSigner tlsSigner, SecurityParameters securityParameters)
-    {
-        Signer signer = tlsSigner.createVerifyer(this.serverPublicKey);
-        signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
-        signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
-        return signer;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java
deleted file mode 100644
index 1543ad00a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java
+++ /dev/null
@@ -1,245 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-import org.bouncycastle.util.BigIntegers;
-
-/**
- * ECDH key exchange (see RFC 4492)
- */
-class TlsECDHKeyExchange implements TlsKeyExchange
-{
-    protected TlsClientContext context;
-    protected int keyExchange;
-    protected TlsSigner tlsSigner;
-
-    protected AsymmetricKeyParameter serverPublicKey;
-    protected ECPublicKeyParameters ecAgreeServerPublicKey;
-    protected TlsAgreementCredentials agreementCredentials;
-    protected ECPrivateKeyParameters ecAgreeClientPrivateKey = null;
-
-    TlsECDHKeyExchange(TlsClientContext context, int keyExchange)
-    {
-        switch (keyExchange)
-        {
-            case KeyExchangeAlgorithm.ECDHE_RSA:
-                this.tlsSigner = new TlsRSASigner();
-                break;
-            case KeyExchangeAlgorithm.ECDHE_ECDSA:
-                this.tlsSigner = new TlsECDSASigner();
-                break;
-            case KeyExchangeAlgorithm.ECDH_RSA:
-            case KeyExchangeAlgorithm.ECDH_ECDSA:
-                this.tlsSigner = null;
-                break;
-            default:
-                throw new IllegalArgumentException("unsupported key exchange algorithm");
-        }
-
-        this.context = context;
-        this.keyExchange = keyExchange;
-    }
-
-    public void skipServerCertificate() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerCertificate(Certificate serverCertificate) throws IOException
-    {
-        X509CertificateStructure x509Cert = serverCertificate.certs[0];
-        SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
-
-        try
-        {
-            this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
-        }
-        catch (RuntimeException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
-        }
-
-        if (tlsSigner == null)
-        {
-            try
-            {
-                this.ecAgreeServerPublicKey = validateECPublicKey((ECPublicKeyParameters)this.serverPublicKey);
-            }
-            catch (ClassCastException e)
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
-        }
-        else
-        {
-            if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature);
-        }
-        
-        // TODO 
-        /*
-         * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
-         * signing algorithm for the certificate must be the same as the algorithm for the
-         * certificate key."
-         */
-    }
-
-    public void skipServerKeyExchange() throws IOException
-    {
-        // do nothing
-    }
-
-    public void processServerKeyExchange(InputStream is)
-        throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        /*
-         * RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable
-         * with ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is
-         * prohibited because the use of a long-term ECDH client key would jeopardize the
-         * forward secrecy property of these algorithms.
-         */
-        short[] types = certificateRequest.getCertificateTypes();
-        for (int i = 0; i < types.length; ++i)
-        {
-            switch (types[i])
-            {
-                case ClientCertificateType.rsa_sign:
-                case ClientCertificateType.dss_sign:
-                case ClientCertificateType.ecdsa_sign:
-                case ClientCertificateType.rsa_fixed_ecdh:
-                case ClientCertificateType.ecdsa_fixed_ecdh:
-                    break;
-                default:
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-        }
-    }
-
-    public void skipClientCredentials() throws IOException
-    {
-        this.agreementCredentials = null;
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
-    {
-        if (clientCredentials instanceof TlsAgreementCredentials)
-        {
-            // TODO Validate client cert has matching parameters (see 'areOnSameCurve')?
-
-            this.agreementCredentials = (TlsAgreementCredentials)clientCredentials;
-        }
-        else if (clientCredentials instanceof TlsSignerCredentials)
-        {
-            // OK
-        }
-        else
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public void generateClientKeyExchange(OutputStream os) throws IOException
-    {
-        if (agreementCredentials != null)
-        {
-            TlsUtils.writeUint24(0, os);
-        }
-        else
-        {
-            generateEphemeralClientKeyExchange(ecAgreeServerPublicKey.getParameters(), os);
-        }
-    }
-
-    public byte[] generatePremasterSecret() throws IOException
-    {
-        if (agreementCredentials != null)
-        {
-            return agreementCredentials.generateAgreement(ecAgreeServerPublicKey);
-        }
-
-        return calculateECDHBasicAgreement(ecAgreeServerPublicKey, ecAgreeClientPrivateKey);
-    }
-
-    protected boolean areOnSameCurve(ECDomainParameters a, ECDomainParameters b)
-    {
-        // TODO Move to ECDomainParameters.equals() or other utility method?
-        return a.getCurve().equals(b.getCurve()) && a.getG().equals(b.getG())
-            && a.getN().equals(b.getN()) && a.getH().equals(b.getH());
-    }
-
-    protected byte[] externalizeKey(ECPublicKeyParameters keyParameters) throws IOException
-    {
-        // TODO Add support for compressed encoding and SPF extension
-
-        /*
-         * RFC 4492 5.7. ...an elliptic curve point in uncompressed or compressed format.
-         * Here, the format MUST conform to what the server has requested through a
-         * Supported Point Formats Extension if this extension was used, and MUST be
-         * uncompressed if this extension was not used.
-         */
-        return keyParameters.getQ().getEncoded();
-    }
-
-    protected AsymmetricCipherKeyPair generateECKeyPair(ECDomainParameters ecParams)
-    {
-        ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
-        ECKeyGenerationParameters keyGenerationParameters = new ECKeyGenerationParameters(ecParams,
-            context.getSecureRandom());
-        keyPairGenerator.init(keyGenerationParameters);
-        return keyPairGenerator.generateKeyPair();
-    }
-
-    protected void generateEphemeralClientKeyExchange(ECDomainParameters ecParams, OutputStream os)
-        throws IOException
-    {
-        AsymmetricCipherKeyPair ecAgreeClientKeyPair = generateECKeyPair(ecParams);
-        this.ecAgreeClientPrivateKey = (ECPrivateKeyParameters)ecAgreeClientKeyPair.getPrivate();
-
-        byte[] keData = externalizeKey((ECPublicKeyParameters)ecAgreeClientKeyPair.getPublic());
-        TlsUtils.writeUint24(keData.length + 1, os);
-        TlsUtils.writeOpaque8(keData, os);
-    }
-
-    protected byte[] calculateECDHBasicAgreement(ECPublicKeyParameters publicKey,
-        ECPrivateKeyParameters privateKey)
-    {
-        ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement();
-        basicAgreement.init(privateKey);
-        BigInteger agreement = basicAgreement.calculateAgreement(publicKey);
-        return BigIntegers.asUnsignedByteArray(agreement);
-    }
-
-    protected ECPublicKeyParameters validateECPublicKey(ECPublicKeyParameters key)
-        throws IOException
-    {
-        // TODO Check RFC 4492 for validation
-        return key;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java
deleted file mode 100644
index a01f92561..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.signers.ECDSASigner;
-
-class TlsECDSASigner extends TlsDSASigner
-{
-    public boolean isValidPublicKey(AsymmetricKeyParameter publicKey)
-    {
-        return publicKey instanceof ECPublicKeyParameters;
-    }
-
-    protected DSA createDSAImpl()
-    {
-        return new ECDSASigner();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java
deleted file mode 100644
index 3380deee9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-public class TlsFatalAlert extends IOException
-{
-    private static final long serialVersionUID = 3584313123679111168L;
-
-    private short alertDescription;
-
-    public TlsFatalAlert(short alertDescription)
-    {
-        this.alertDescription = alertDescription;
-    }
-
-    public short getAlertDescription()
-    {
-        return alertDescription;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java
deleted file mode 100644
index d4914ee9c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * An InputStream for an TLS 1.0 connection.
- */
-class TlsInputStream extends InputStream
-{
-    private byte[] buf = new byte[1];
-    private TlsProtocolHandler handler = null;
-
-    TlsInputStream(TlsProtocolHandler handler)
-    {
-        this.handler = handler;
-    }
-
-    public int read(byte[] buf, int offset, int len) throws IOException
-    {
-        return this.handler.readApplicationData(buf, offset, len);
-    }
-
-    public int read() throws IOException
-    {
-        if (this.read(buf) < 0)
-        {
-            return -1;
-        }
-        return buf[0] & 0xff;
-    }
-
-    public void close() throws IOException
-    {
-        handler.close();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java
deleted file mode 100644
index c0f3fc257..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-/**
- * A generic interface for key exchange implementations in TLS 1.0.
- */
-public interface TlsKeyExchange
-{
-    void skipServerCertificate() throws IOException;
-
-    void processServerCertificate(Certificate serverCertificate) throws IOException;
-
-    void skipServerKeyExchange() throws IOException;
-
-    void processServerKeyExchange(InputStream is)
-        throws IOException;
-
-    void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException;
-
-    void skipClientCredentials() throws IOException;
-
-    void processClientCredentials(TlsCredentials clientCredentials) throws IOException;
-
-    void generateClientKeyExchange(OutputStream os) throws IOException;
-
-    byte[] generatePremasterSecret() throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
deleted file mode 100644
index 04c65982c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-/**
- * A generic TLS MAC implementation, which can be used with any kind of Digest to act as
- * an HMAC.
- */
-public class TlsMac
-{
-    protected long seqNo;
-    protected HMac mac;
-
-    /**
-     * Generate a new instance of an TlsMac.
-     * 
-     * @param digest The digest to use.
-     * @param key_block A byte-array where the key for this mac is located.
-     * @param offset The number of bytes to skip, before the key starts in the buffer.
-     * @param len The length of the key.
-     */
-    public TlsMac(Digest digest, byte[] key_block, int offset, int len)
-    {
-        this.mac = new HMac(digest);
-        KeyParameter param = new KeyParameter(key_block, offset, len);
-        this.mac.init(param);
-        this.seqNo = 0;
-    }
-
-    /**
-     * @return The Keysize of the mac.
-     */
-    public int getSize()
-    {
-        return mac.getMacSize();
-    }
-
-    /**
-     * Calculate the mac for some given data.
-     * 
    
-     * TlsMac will keep track of the sequence number internally.
-     * 
-     * @param type The message type of the message.
-     * @param message A byte-buffer containing the message.
-     * @param offset The number of bytes to skip, before the message starts.
-     * @param len The length of the message.
-     * @return A new byte-buffer containing the mac value.
-     */
-    public byte[] calculateMac(short type, byte[] message, int offset, int len)
-    {
-        ByteArrayOutputStream bosMac = new ByteArrayOutputStream(13);
-        try
-        {
-            TlsUtils.writeUint64(seqNo++, bosMac);
-            TlsUtils.writeUint8(type, bosMac);
-            TlsUtils.writeVersion(bosMac);
-            TlsUtils.writeUint16(len, bosMac);
-        }
-        catch (IOException e)
-        {
-            // This should never happen
-            throw new IllegalStateException("Internal error during mac calculation");
-        }
-
-        byte[] macHeader = bosMac.toByteArray();
-        mac.update(macHeader, 0, macHeader.length);
-        mac.update(message, offset, len);
-
-        byte[] result = new byte[mac.getMacSize()];
-        mac.doFinal(result, 0);
-        return result;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCipher.java
deleted file mode 100644
index 9e706a524..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCipher.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * A NULL CipherSuite in java, this should only be used during handshake.
- */
-public class TlsNullCipher implements TlsCipher
-{
-    public byte[] encodePlaintext(short type, byte[] plaintext, int offset, int len)
-    {
-        return copyData(plaintext, offset, len);
-    }
-
-    public byte[] decodeCiphertext(short type, byte[] ciphertext, int offset, int len)
-    {
-        return copyData(ciphertext, offset, len);
-    }
-
-    protected byte[] copyData(byte[] text, int offset, int len)
-    {
-        byte[] result = new byte[len];
-        System.arraycopy(text, offset, result, 0, len);
-        return result;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCompression.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCompression.java
deleted file mode 100644
index 93810442e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsNullCompression.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.OutputStream;
-
-public class TlsNullCompression implements TlsCompression
-{
-    public OutputStream compress(OutputStream output)
-    {
-        return output;
-    }
-
-    public OutputStream decompress(OutputStream output)
-    {
-        return output;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsOutputStream.java
deleted file mode 100644
index 6eab66214..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsOutputStream.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * An OutputStream for an TLS connection.
- */
-class TlsOutputStream extends OutputStream
-{
-    private byte[] buf = new byte[1];
-    private TlsProtocolHandler handler;
-
-    TlsOutputStream(TlsProtocolHandler handler)
-    {
-        this.handler = handler;
-    }
-
-    public void write(byte buf[], int offset, int len) throws IOException
-    {
-        this.handler.writeData(buf, offset, len);
-    }
-
-    public void write(int arg0) throws IOException
-    {
-        buf[0] = (byte)arg0;
-        this.write(buf, 0, 1);
-    }
-
-    public void close() throws IOException
-    {
-        handler.close();
-    }
-
-    public void flush() throws IOException
-    {
-        handler.flush();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java
deleted file mode 100644
index a62d8741e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java
+++ /dev/null
@@ -1,1210 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.SecureRandom;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.crypto.prng.ThreadedSeedGenerator;
-import org.bouncycastle.util.Arrays;
-
-/**
- * An implementation of all high level protocols in TLS 1.0.
- */
-public class TlsProtocolHandler
-{
-    private static final Integer EXT_RenegotiationInfo = new Integer(ExtensionType.renegotiation_info);
-
-    /*
-     * Our Connection states
-     */
-    private static final short CS_CLIENT_HELLO_SEND = 1;
-    private static final short CS_SERVER_HELLO_RECEIVED = 2;
-    private static final short CS_SERVER_CERTIFICATE_RECEIVED = 3;
-    private static final short CS_SERVER_KEY_EXCHANGE_RECEIVED = 4;
-    private static final short CS_CERTIFICATE_REQUEST_RECEIVED = 5;
-    private static final short CS_SERVER_HELLO_DONE_RECEIVED = 6;
-    private static final short CS_CLIENT_KEY_EXCHANGE_SEND = 7;
-    private static final short CS_CERTIFICATE_VERIFY_SEND = 8;
-    private static final short CS_CLIENT_CHANGE_CIPHER_SPEC_SEND = 9;
-    private static final short CS_CLIENT_FINISHED_SEND = 10;
-    private static final short CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED = 11;
-    private static final short CS_DONE = 12;
-
-    private static final byte[] emptybuf = new byte[0];
-
-    private static final String TLS_ERROR_MESSAGE = "Internal TLS error, this could be an attack";
-
-    /*
-     * Queues for data from some protocols.
-     */
-    private ByteQueue applicationDataQueue = new ByteQueue();
-    private ByteQueue changeCipherSpecQueue = new ByteQueue();
-    private ByteQueue alertQueue = new ByteQueue();
-    private ByteQueue handshakeQueue = new ByteQueue();
-
-    /*
-     * The Record Stream we use
-     */
-    private RecordStream rs;
-    private SecureRandom random;
-
-    private TlsInputStream tlsInputStream = null;
-    private TlsOutputStream tlsOutputStream = null;
-
-    private boolean closed = false;
-    private boolean failedWithError = false;
-    private boolean appDataReady = false;
-    private Hashtable clientExtensions;
-
-    private SecurityParameters securityParameters = null;
-
-    private TlsClientContextImpl tlsClientContext = null;
-    private TlsClient tlsClient = null;
-    private int[] offeredCipherSuites = null;
-    private short[] offeredCompressionMethods = null;
-    private TlsKeyExchange keyExchange = null;
-    private TlsAuthentication authentication = null;
-    private CertificateRequest certificateRequest = null;
-
-    private short connection_state = 0;
-
-    private static SecureRandom createSecureRandom()
-    {
-        /*
-         * We use our threaded seed generator to generate a good random seed. If the user
-         * has a better random seed, he should use the constructor with a SecureRandom.
-         */
-        ThreadedSeedGenerator tsg = new ThreadedSeedGenerator();
-        SecureRandom random = new SecureRandom();
-
-        /*
-         * Hopefully, 20 bytes in fast mode are good enough.
-         */
-        random.setSeed(tsg.generateSeed(20, true));
-
-        return random;
-    }
-
-    public TlsProtocolHandler(InputStream is, OutputStream os)
-    {
-        this(is, os, createSecureRandom());
-    }
-
-    public TlsProtocolHandler(InputStream is, OutputStream os, SecureRandom sr)
-    {
-        this.rs = new RecordStream(this, is, os);
-        this.random = sr;
-    }
-
-    protected void processData(short protocol, byte[] buf, int offset, int len) throws IOException
-    {
-        /*
-         * Have a look at the protocol type, and add it to the correct queue.
-         */
-        switch (protocol)
-        {
-            case ContentType.change_cipher_spec:
-                changeCipherSpecQueue.addData(buf, offset, len);
-                processChangeCipherSpec();
-                break;
-            case ContentType.alert:
-                alertQueue.addData(buf, offset, len);
-                processAlert();
-                break;
-            case ContentType.handshake:
-                handshakeQueue.addData(buf, offset, len);
-                processHandshake();
-                break;
-            case ContentType.application_data:
-                if (!appDataReady)
-                {
-                    this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                }
-                applicationDataQueue.addData(buf, offset, len);
-                processApplicationData();
-                break;
-            default:
-                /*
-                 * Uh, we don't know this protocol.
-                 * 
-                 * RFC2246 defines on page 13, that we should ignore this.
-                 */
-        }
-    }
-
-    private void processHandshake() throws IOException
-    {
-        boolean read;
-        do
-        {
-            read = false;
-            /*
-             * We need the first 4 bytes, they contain type and length of the message.
-             */
-            if (handshakeQueue.size() >= 4)
-            {
-                byte[] beginning = new byte[4];
-                handshakeQueue.read(beginning, 0, 4, 0);
-                ByteArrayInputStream bis = new ByteArrayInputStream(beginning);
-                short type = TlsUtils.readUint8(bis);
-                int len = TlsUtils.readUint24(bis);
-
-                /*
-                 * Check if we have enough bytes in the buffer to read the full message.
-                 */
-                if (handshakeQueue.size() >= (len + 4))
-                {
-                    /*
-                     * Read the message.
-                     */
-                    byte[] buf = new byte[len];
-                    handshakeQueue.read(buf, 0, len, 4);
-                    handshakeQueue.removeData(len + 4);
-
-                    /*
-                     * RFC 2246 7.4.9. The value handshake_messages includes all handshake
-                     * messages starting at client hello up to, but not including, this
-                     * finished message. [..] Note: [Also,] Hello Request messages are
-                     * omitted from handshake hashes.
-                     */
-                    switch (type)
-                    {
-                        case HandshakeType.hello_request:
-                        case HandshakeType.finished:
-                            break;
-                        default:
-                            rs.updateHandshakeData(beginning, 0, 4);
-                            rs.updateHandshakeData(buf, 0, len);
-                            break;
-                    }
-
-                    /*
-                     * Now, parse the message.
-                     */
-                    processHandshakeMessage(type, buf);
-                    read = true;
-                }
-            }
-        }
-        while (read);
-    }
-
-    private void processHandshakeMessage(short type, byte[] buf) throws IOException
-    {
-        ByteArrayInputStream is = new ByteArrayInputStream(buf);
-
-        switch (type)
-        {
-            case HandshakeType.certificate:
-            {
-                switch (connection_state)
-                {
-                    case CS_SERVER_HELLO_RECEIVED:
-                    {
-                        // Parse the Certificate message and send to cipher suite
-
-                        Certificate serverCertificate = Certificate.parse(is);
-
-                        assertEmpty(is);
-
-                        this.keyExchange.processServerCertificate(serverCertificate);
-
-                        this.authentication = tlsClient.getAuthentication();
-                        this.authentication.notifyServerCertificate(serverCertificate);
-
-                        break;
-                    }
-                    default:
-                        this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                }
-
-                connection_state = CS_SERVER_CERTIFICATE_RECEIVED;
-                break;
-            }
-            case HandshakeType.finished:
-                switch (connection_state)
-                {
-                    case CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED:
-                        /*
-                         * Read the checksum from the finished message, it has always 12
-                         * bytes.
-                         */
-                        byte[] serverVerifyData = new byte[12];
-                        TlsUtils.readFully(serverVerifyData, is);
-
-                        assertEmpty(is);
-
-                        /*
-                         * Calculate our own checksum.
-                         */
-                        byte[] expectedServerVerifyData = TlsUtils.PRF(
-                            securityParameters.masterSecret, "server finished",
-                            rs.getCurrentHash(), 12);
-
-                        /*
-                         * Compare both checksums.
-                         */
-                        if (!Arrays.constantTimeAreEqual(expectedServerVerifyData, serverVerifyData))
-                        {
-                            /*
-                             * Wrong checksum in the finished message.
-                             */
-                            this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
-                        }
-
-                        connection_state = CS_DONE;
-
-                        /*
-                         * We are now ready to receive application data.
-                         */
-                        this.appDataReady = true;
-                        break;
-                    default:
-                        this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                }
-                break;
-            case HandshakeType.server_hello:
-                switch (connection_state)
-                {
-                    case CS_CLIENT_HELLO_SEND:
-                        /*
-                         * Read the server hello message
-                         */
-                        TlsUtils.checkVersion(is, this);
-
-                        /*
-                         * Read the server random
-                         */
-                        securityParameters.serverRandom = new byte[32];
-                        TlsUtils.readFully(securityParameters.serverRandom, is);
-
-                        byte[] sessionID = TlsUtils.readOpaque8(is);
-                        if (sessionID.length > 32)
-                        {
-                            this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
-                        }
-
-                        this.tlsClient.notifySessionID(sessionID);
-
-                        /*
-                         * Find out which CipherSuite the server has chosen and check that
-                         * it was one of the offered ones.
-                         */
-                        int selectedCipherSuite = TlsUtils.readUint16(is);
-                        if (!arrayContains(offeredCipherSuites, selectedCipherSuite)
-                            || selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
-                        {
-                            this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
-                        }
-
-                        this.tlsClient.notifySelectedCipherSuite(selectedCipherSuite);
-
-                        /*
-                         * Find out which CompressionMethod the server has chosen and check that
-                         * it was one of the offered ones.
-                         */
-                        short selectedCompressionMethod = TlsUtils.readUint8(is);
-                        if (!arrayContains(offeredCompressionMethods, selectedCompressionMethod))
-                        {
-                            this.failWithError(AlertLevel.fatal, AlertDescription.illegal_parameter);
-                        }
-
-                        this.tlsClient.notifySelectedCompressionMethod(selectedCompressionMethod);
-
-                        /*
-                         * RFC3546 2.2 The extended server hello message format MAY be
-                         * sent in place of the server hello message when the client has
-                         * requested extended functionality via the extended client hello
-                         * message specified in Section 2.1. ... Note that the extended
-                         * server hello message is only sent in response to an extended
-                         * client hello message. This prevents the possibility that the
-                         * extended server hello message could "break" existing TLS 1.0
-                         * clients.
-                         */
-
-                        /*
-                         * TODO RFC 3546 2.3 If [...] the older session is resumed, then
-                         * the server MUST ignore extensions appearing in the client
-                         * hello, and send a server hello containing no extensions.
-                         */
-
-                        // Integer -> byte[]
-                        Hashtable serverExtensions = new Hashtable();
-
-                        if (is.available() > 0)
-                        {
-                            // Process extensions from extended server hello
-                            byte[] extBytes = TlsUtils.readOpaque16(is);
-
-                            ByteArrayInputStream ext = new ByteArrayInputStream(extBytes);
-                            while (ext.available() > 0)
-                            {
-                                Integer extType = new Integer(TlsUtils.readUint16(ext));
-                                byte[] extValue = TlsUtils.readOpaque16(ext);
-
-                                /*
-                                 * RFC 5746 Note that sending a "renegotiation_info"
-                                 * extension in response to a ClientHello containing only
-                                 * the SCSV is an explicit exception to the prohibition in
-                                 * RFC 5246, Section 7.4.1.4, on the server sending
-                                 * unsolicited extensions and is only allowed because the
-                                 * client is signaling its willingness to receive the
-                                 * extension via the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-                                 * SCSV. TLS implementations MUST continue to comply with
-                                 * Section 7.4.1.4 for all other extensions.
-                                 */
-
-                                if (!extType.equals(EXT_RenegotiationInfo)
-                                    && clientExtensions.get(extType) == null)
-                                {
-                                    /*
-                                     * RFC 3546 2.3 Note that for all extension types
-                                     * (including those defined in future), the extension
-                                     * type MUST NOT appear in the extended server hello
-                                     * unless the same extension type appeared in the
-                                     * corresponding client hello. Thus clients MUST abort
-                                     * the handshake if they receive an extension type in
-                                     * the extended server hello that they did not request
-                                     * in the associated (extended) client hello.
-                                     */
-                                    this.failWithError(AlertLevel.fatal,
-                                        AlertDescription.unsupported_extension);
-                                }
-
-                                if (serverExtensions.containsKey(extType))
-                                {
-                                    /*
-                                     * RFC 3546 2.3 Also note that when multiple
-                                     * extensions of different types are present in the
-                                     * extended client hello or the extended server hello,
-                                     * the extensions may appear in any order. There MUST
-                                     * NOT be more than one extension of the same type.
-                                     */
-                                    this.failWithError(AlertLevel.fatal,
-                                        AlertDescription.illegal_parameter);
-                                }
-
-                                serverExtensions.put(extType, extValue);
-                            }
-                        }
-
-                        assertEmpty(is);
-
-                        /*
-                         * RFC 5746 3.4. When a ServerHello is received, the client MUST
-                         * check if it includes the "renegotiation_info" extension:
-                         */
-                        {
-                            boolean secure_negotiation = serverExtensions.containsKey(EXT_RenegotiationInfo);
-
-                            /*
-                             * If the extension is present, set the secure_renegotiation
-                             * flag to TRUE. The client MUST then verify that the length
-                             * of the "renegotiated_connection" field is zero, and if it
-                             * is not, MUST abort the handshake (by sending a fatal
-                             * handshake_failure alert).
-                             */
-                            if (secure_negotiation)
-                            {
-                                byte[] renegExtValue = (byte[])serverExtensions.get(EXT_RenegotiationInfo);
-
-                                if (!Arrays.constantTimeAreEqual(renegExtValue,
-                                    createRenegotiationInfo(emptybuf)))
-                                {
-                                    this.failWithError(AlertLevel.fatal,
-                                        AlertDescription.handshake_failure);
-                                }
-                            }
-
-                            tlsClient.notifySecureRenegotiation(secure_negotiation);
-                        }
-
-                        if (clientExtensions != null)
-                        {
-                            tlsClient.processServerExtensions(serverExtensions);
-                        }
-
-                        this.keyExchange = tlsClient.getKeyExchange();
-
-                        connection_state = CS_SERVER_HELLO_RECEIVED;
-                        break;
-                    default:
-                        this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                }
-                break;
-            case HandshakeType.server_hello_done:
-                switch (connection_state)
-                {
-                    case CS_SERVER_CERTIFICATE_RECEIVED:
-
-                        // There was no server key exchange message; check it's OK
-                        this.keyExchange.skipServerKeyExchange();
-
-                        // NB: Fall through to next case label
-
-                    case CS_SERVER_KEY_EXCHANGE_RECEIVED:
-                    case CS_CERTIFICATE_REQUEST_RECEIVED:
-
-                        assertEmpty(is);
-
-                        connection_state = CS_SERVER_HELLO_DONE_RECEIVED;
-
-                        TlsCredentials clientCreds = null;
-                        if (certificateRequest == null)
-                        {
-                            this.keyExchange.skipClientCredentials();
-                        }
-                        else
-                        {
-                            clientCreds = this.authentication.getClientCredentials(certificateRequest);
-
-                            Certificate clientCert;
-                            if (clientCreds == null)
-                            {
-                                this.keyExchange.skipClientCredentials();
-                                clientCert = Certificate.EMPTY_CHAIN;
-                            }
-                            else
-                            {
-                                this.keyExchange.processClientCredentials(clientCreds);
-                                clientCert = clientCreds.getCertificate();
-                            }
-
-                            sendClientCertificate(clientCert);
-                        }
-
-                        /*
-                         * Send the client key exchange message, depending on the key
-                         * exchange we are using in our CipherSuite.
-                         */
-                        sendClientKeyExchange();
-
-                        connection_state = CS_CLIENT_KEY_EXCHANGE_SEND;
-
-                        if (clientCreds != null && clientCreds instanceof TlsSignerCredentials)
-                        {
-                            TlsSignerCredentials signerCreds = (TlsSignerCredentials)clientCreds;
-                            byte[] md5andsha1 = rs.getCurrentHash();
-                            byte[] clientCertificateSignature = signerCreds.generateCertificateSignature(
-                                md5andsha1);
-                            sendCertificateVerify(clientCertificateSignature);
-
-                            connection_state = CS_CERTIFICATE_VERIFY_SEND;
-                        }
-
-                        /*
-                         * Now, we send change cipher state
-                         */
-                        byte[] cmessage = new byte[1];
-                        cmessage[0] = 1;
-                        rs.writeMessage(ContentType.change_cipher_spec, cmessage, 0,
-                            cmessage.length);
-
-                        connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC_SEND;
-
-                        /*
-                         * Calculate the master_secret
-                         */
-                        byte[] pms = this.keyExchange.generatePremasterSecret();
-
-                        securityParameters.masterSecret = TlsUtils.PRF(pms, "master secret",
-                            TlsUtils.concat(securityParameters.clientRandom,
-                                securityParameters.serverRandom), 48);
-
-                        // TODO Is there a way to ensure the data is really overwritten?
-                        /*
-                         * RFC 2246 8.1. The pre_master_secret should be deleted from
-                         * memory once the master_secret has been computed.
-                         */
-                        Arrays.fill(pms, (byte)0);
-
-                        /*
-                         * Initialize our cipher suite
-                         */
-                        rs.clientCipherSpecDecided(tlsClient.getCompression(), tlsClient.getCipher());
-
-                        /*
-                         * Send our finished message.
-                         */
-                        byte[] clientVerifyData = TlsUtils.PRF(securityParameters.masterSecret,
-                            "client finished", rs.getCurrentHash(), 12);
-
-                        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-                        TlsUtils.writeUint8(HandshakeType.finished, bos);
-                        TlsUtils.writeOpaque24(clientVerifyData, bos);
-                        byte[] message = bos.toByteArray();
-
-                        rs.writeMessage(ContentType.handshake, message, 0, message.length);
-
-                        this.connection_state = CS_CLIENT_FINISHED_SEND;
-                        break;
-                    default:
-                        this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
-                }
-                break;
-            case HandshakeType.server_key_exchange:
-            {
-                switch (connection_state)
-                {
-                    case CS_SERVER_HELLO_RECEIVED:
-
-                        // There was no server certificate message; check it's OK
-                        this.keyExchange.skipServerCertificate();
-                        this.authentication = null;
-
-                        // NB: Fall through to next case label
-
-                    case CS_SERVER_CERTIFICATE_RECEIVED:
-
-                        this.keyExchange.processServerKeyExchange(is);
-
-                        assertEmpty(is);
-                        break;
-
-                    default:
-                        this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                }
-
-                this.connection_state = CS_SERVER_KEY_EXCHANGE_RECEIVED;
-                break;
-            }
-            case HandshakeType.certificate_request:
-            {
-                switch (connection_state)
-                {
-                    case CS_SERVER_CERTIFICATE_RECEIVED:
-
-                        // There was no server key exchange message; check it's OK
-                        this.keyExchange.skipServerKeyExchange();
-
-                        // NB: Fall through to next case label
-
-                    case CS_SERVER_KEY_EXCHANGE_RECEIVED:
-                    {
-                    	if (this.authentication == null)
-                    	{
-                            /*
-                             * RFC 2246 7.4.4. It is a fatal handshake_failure alert
-                             * for an anonymous server to request client identification.
-                             */
-                    		this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
-                    	}
-
-                        int numTypes = TlsUtils.readUint8(is);
-                        short[] certificateTypes = new short[numTypes];
-                        for (int i = 0; i < numTypes; ++i)
-                        {
-                            certificateTypes[i] = TlsUtils.readUint8(is);
-                        }
-
-                        byte[] authorities = TlsUtils.readOpaque16(is);
-
-                        assertEmpty(is);
-
-                        Vector authorityDNs = new Vector();
-
-                        ByteArrayInputStream bis = new ByteArrayInputStream(authorities);
-                        while (bis.available() > 0)
-                        {
-                            byte[] dnBytes = TlsUtils.readOpaque16(bis);
-                            authorityDNs.addElement(X500Name.getInstance(ASN1Object.fromByteArray(dnBytes)));
-                        }
-
-                        this.certificateRequest = new CertificateRequest(certificateTypes,
-                            authorityDNs);
-                        this.keyExchange.validateCertificateRequest(this.certificateRequest);
-
-                        break;
-                    }
-                    default:
-                        this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                }
-
-                this.connection_state = CS_CERTIFICATE_REQUEST_RECEIVED;
-                break;
-            }
-            case HandshakeType.hello_request:
-                /*
-                 * RFC 2246 7.4.1.1 Hello request This message will be ignored by the
-                 * client if the client is currently negotiating a session. This message
-                 * may be ignored by the client if it does not wish to renegotiate a
-                 * session, or the client may, if it wishes, respond with a
-                 * no_renegotiation alert.
-                 */
-                if (connection_state == CS_DONE)
-                {
-                    // Renegotiation not supported yet
-                    sendAlert(AlertLevel.warning, AlertDescription.no_renegotiation);
-                }
-                break;
-            case HandshakeType.client_key_exchange:
-            case HandshakeType.certificate_verify:
-            case HandshakeType.client_hello:
-            default:
-                // We do not support this!
-                this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-                break;
-        }
-    }
-
-    private void processApplicationData()
-    {
-        /*
-         * There is nothing we need to do here.
-         * 
-         * This function could be used for callbacks when application data arrives in the
-         * future.
-         */
-    }
-
-    private void processAlert() throws IOException
-    {
-        while (alertQueue.size() >= 2)
-        {
-            /*
-             * An alert is always 2 bytes. Read the alert.
-             */
-            byte[] tmp = new byte[2];
-            alertQueue.read(tmp, 0, 2, 0);
-            alertQueue.removeData(2);
-            short level = tmp[0];
-            short description = tmp[1];
-            if (level == AlertLevel.fatal)
-            {
-                /*
-                 * This is a fatal error.
-                 */
-                this.failedWithError = true;
-                this.closed = true;
-                /*
-                 * Now try to close the stream, ignore errors.
-                 */
-                try
-                {
-                    rs.close();
-                }
-                catch (Exception e)
-                {
-
-                }
-                throw new IOException(TLS_ERROR_MESSAGE);
-            }
-            else
-            {
-                /*
-                 * This is just a warning.
-                 */
-                if (description == AlertDescription.close_notify)
-                {
-                    /*
-                     * Close notify
-                     */
-                    this.failWithError(AlertLevel.warning, AlertDescription.close_notify);
-                }
-                /*
-                 * If it is just a warning, we continue.
-                 */
-            }
-        }
-    }
-
-    /**
-     * This method is called, when a change cipher spec message is received.
-     * 
-     * @throws IOException If the message has an invalid content or the handshake is not
-     *             in the correct state.
-     */
-    private void processChangeCipherSpec() throws IOException
-    {
-        while (changeCipherSpecQueue.size() > 0)
-        {
-            /*
-             * A change cipher spec message is only one byte with the value 1.
-             */
-            byte[] b = new byte[1];
-            changeCipherSpecQueue.read(b, 0, 1, 0);
-            changeCipherSpecQueue.removeData(1);
-            if (b[0] != 1)
-            {
-                /*
-                 * This should never happen.
-                 */
-                this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
-            }
-
-            /*
-             * Check if we are in the correct connection state.
-             */
-            if (this.connection_state != CS_CLIENT_FINISHED_SEND)
-            {
-                this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure);
-            }
-
-            rs.serverClientSpecReceived();
-
-            this.connection_state = CS_SERVER_CHANGE_CIPHER_SPEC_RECEIVED;
-        }
-    }
-
-    private void sendClientCertificate(Certificate clientCert) throws IOException
-    {
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        TlsUtils.writeUint8(HandshakeType.certificate, bos);
-        clientCert.encode(bos);
-        byte[] message = bos.toByteArray();
-
-        rs.writeMessage(ContentType.handshake, message, 0, message.length);
-    }
-
-    private void sendClientKeyExchange() throws IOException
-    {
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        TlsUtils.writeUint8(HandshakeType.client_key_exchange, bos);
-        this.keyExchange.generateClientKeyExchange(bos);
-        byte[] message = bos.toByteArray();
-
-        rs.writeMessage(ContentType.handshake, message, 0, message.length);
-    }
-
-    private void sendCertificateVerify(byte[] data) throws IOException
-    {
-        /*
-         * Send signature of handshake messages so far to prove we are the owner of the
-         * cert See RFC 2246 sections 4.7, 7.4.3 and 7.4.8
-         */
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        TlsUtils.writeUint8(HandshakeType.certificate_verify, bos);
-        TlsUtils.writeUint24(data.length + 2, bos);
-        TlsUtils.writeOpaque16(data, bos);
-        byte[] message = bos.toByteArray();
-
-        rs.writeMessage(ContentType.handshake, message, 0, message.length);
-    }
-
-    /**
-     * Connects to the remote system.
-     * 
-     * @param verifyer Will be used when a certificate is received to verify that this
-     *            certificate is accepted by the client.
-     * @throws IOException If handshake was not successful.
-     * 
-     * @deprecated use version taking TlsClient
-     */
-    public void connect(CertificateVerifyer verifyer) throws IOException
-    {
-        this.connect(new LegacyTlsClient(verifyer));
-    }
-
-    /**
-     * Connects to the remote system using client authentication
-     * 
-     * @param tlsClient
-     * @throws IOException If handshake was not successful.
-     */
-    public void connect(TlsClient tlsClient) throws IOException
-    {
-        if (tlsClient == null)
-        {
-            throw new IllegalArgumentException("'tlsClient' cannot be null");
-        }
-        if (this.tlsClient != null)
-        {
-            throw new IllegalStateException("connect can only be called once");
-        }
-
-        /*
-         * Send Client hello
-         * 
-         * First, generate some random data.
-         */
-        this.securityParameters = new SecurityParameters();
-        this.securityParameters.clientRandom = new byte[32];
-        random.nextBytes(securityParameters.clientRandom);
-        TlsUtils.writeGMTUnixTime(securityParameters.clientRandom, 0);
-
-        this.tlsClientContext = new TlsClientContextImpl(random, securityParameters);
-        this.tlsClient = tlsClient;
-        this.tlsClient.init(tlsClientContext);
-
-        ByteArrayOutputStream os = new ByteArrayOutputStream();
-        TlsUtils.writeVersion(os);
-        os.write(securityParameters.clientRandom);
-
-        /*
-         * Length of Session id
-         */
-        TlsUtils.writeUint8((short)0, os);
-
-        /*
-         * Cipher suites
-         */
-        this.offeredCipherSuites = this.tlsClient.getCipherSuites();
-
-        // Integer -> byte[]
-        this.clientExtensions = this.tlsClient.getClientExtensions();
-
-        // Cipher Suites (and SCSV)
-        {
-            /*
-             * RFC 5746 3.4. The client MUST include either an empty "renegotiation_info"
-             * extension, or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite
-             * value in the ClientHello. Including both is NOT RECOMMENDED.
-             */
-            boolean noRenegExt = clientExtensions == null
-                || clientExtensions.get(EXT_RenegotiationInfo) == null;
-
-            int count = offeredCipherSuites.length;
-            if (noRenegExt)
-            {
-                // Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-                ++count;
-            }
-
-            TlsUtils.writeUint16(2 * count, os);
-            TlsUtils.writeUint16Array(offeredCipherSuites, os);
-
-            if (noRenegExt)
-            {
-                TlsUtils.writeUint16(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV, os);
-            }
-        }
-
-        // Compression methods
-        this.offeredCompressionMethods = this.tlsClient.getCompressionMethods();
-
-        TlsUtils.writeUint8((short)offeredCompressionMethods.length, os);
-        TlsUtils.writeUint8Array(offeredCompressionMethods, os);
-
-        // Extensions
-        if (clientExtensions != null)
-        {
-            ByteArrayOutputStream ext = new ByteArrayOutputStream();
-
-            Enumeration keys = clientExtensions.keys();
-            while (keys.hasMoreElements())
-            {
-                Integer extType = (Integer)keys.nextElement();
-                writeExtension(ext, extType, (byte[])clientExtensions.get(extType));
-            }
-
-            TlsUtils.writeOpaque16(ext.toByteArray(), os);
-        }
-
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        TlsUtils.writeUint8(HandshakeType.client_hello, bos);
-        TlsUtils.writeUint24(os.size(), bos);
-        bos.write(os.toByteArray());
-        byte[] message = bos.toByteArray();
-
-        safeWriteMessage(ContentType.handshake, message, 0, message.length);
-
-        connection_state = CS_CLIENT_HELLO_SEND;
-
-        /*
-         * We will now read data, until we have completed the handshake.
-         */
-        while (connection_state != CS_DONE)
-        {
-            safeReadData();
-        }
-
-        this.tlsInputStream = new TlsInputStream(this);
-        this.tlsOutputStream = new TlsOutputStream(this);
-    }
-
-    /**
-     * Read data from the network. The method will return immediately, if there is still
-     * some data left in the buffer, or block until some application data has been read
-     * from the network.
-     * 
-     * @param buf The buffer where the data will be copied to.
-     * @param offset The position where the data will be placed in the buffer.
-     * @param len The maximum number of bytes to read.
-     * @return The number of bytes read.
-     * @throws IOException If something goes wrong during reading data.
-     */
-    protected int readApplicationData(byte[] buf, int offset, int len) throws IOException
-    {
-        while (applicationDataQueue.size() == 0)
-        {
-            /*
-             * We need to read some data.
-             */
-            if (this.closed)
-            {
-                if (this.failedWithError)
-                {
-                    /*
-                     * Something went terribly wrong, we should throw an IOException
-                     */
-                    throw new IOException(TLS_ERROR_MESSAGE);
-                }
-
-                /*
-                 * Connection has been closed, there is no more data to read.
-                 */
-                return -1;
-            }
-
-            safeReadData();
-        }
-        len = Math.min(len, applicationDataQueue.size());
-        applicationDataQueue.read(buf, offset, len, 0);
-        applicationDataQueue.removeData(len);
-        return len;
-    }
-
-    private void safeReadData() throws IOException
-    {
-        try
-        {
-            rs.readData();
-        }
-        catch (TlsFatalAlert e)
-        {
-            if (!this.closed)
-            {
-                this.failWithError(AlertLevel.fatal, e.getAlertDescription());
-            }
-            throw e;
-        }
-        catch (IOException e)
-        {
-            if (!this.closed)
-            {
-                this.failWithError(AlertLevel.fatal, AlertDescription.internal_error);
-            }
-            throw e;
-        }
-        catch (RuntimeException e)
-        {
-            if (!this.closed)
-            {
-                this.failWithError(AlertLevel.fatal, AlertDescription.internal_error);
-            }
-            throw e;
-        }
-    }
-
-    private void safeWriteMessage(short type, byte[] buf, int offset, int len) throws IOException
-    {
-        try
-        {
-            rs.writeMessage(type, buf, offset, len);
-        }
-        catch (TlsFatalAlert e)
-        {
-            if (!this.closed)
-            {
-                this.failWithError(AlertLevel.fatal, e.getAlertDescription());
-            }
-            throw e;
-        }
-        catch (IOException e)
-        {
-            if (!closed)
-            {
-                this.failWithError(AlertLevel.fatal, AlertDescription.internal_error);
-            }
-            throw e;
-        }
-        catch (RuntimeException e)
-        {
-            if (!closed)
-            {
-                this.failWithError(AlertLevel.fatal, AlertDescription.internal_error);
-            }
-            throw e;
-        }
-    }
-
-    /**
-     * Send some application data to the remote system.
-     * 
    
-     * The method will handle fragmentation internally.
-     * 
-     * @param buf The buffer with the data.
-     * @param offset The position in the buffer where the data is placed.
-     * @param len The length of the data.
-     * @throws IOException If something goes wrong during sending.
-     */
-    protected void writeData(byte[] buf, int offset, int len) throws IOException
-    {
-        if (this.closed)
-        {
-            if (this.failedWithError)
-            {
-                throw new IOException(TLS_ERROR_MESSAGE);
-            }
-
-            throw new IOException("Sorry, connection has been closed, you cannot write more data");
-        }
-
-        /*
-         * Protect against known IV attack!
-         * 
-         * DO NOT REMOVE THIS LINE, EXCEPT YOU KNOW EXACTLY WHAT YOU ARE DOING HERE.
-         */
-        safeWriteMessage(ContentType.application_data, emptybuf, 0, 0);
-
-        do
-        {
-            /*
-             * We are only allowed to write fragments up to 2^14 bytes.
-             */
-            int toWrite = Math.min(len, 1 << 14);
-
-            safeWriteMessage(ContentType.application_data, buf, offset, toWrite);
-
-            offset += toWrite;
-            len -= toWrite;
-        }
-        while (len > 0);
-
-    }
-
-    /**
-     * @return An OutputStream which can be used to send data.
-     */
-    public OutputStream getOutputStream()
-    {
-        return this.tlsOutputStream;
-    }
-
-    /**
-     * @return An InputStream which can be used to read data.
-     */
-    public InputStream getInputStream()
-    {
-        return this.tlsInputStream;
-    }
-
-    /**
-     * Terminate this connection with an alert.
-     * 
    
-     * Can be used for normal closure too.
-     * 
-     * @param alertLevel The level of the alert, an be AlertLevel.fatal or AL_warning.
-     * @param alertDescription The exact alert message.
-     * @throws IOException If alert was fatal.
-     */
-    private void failWithError(short alertLevel, short alertDescription) throws IOException
-    {
-        /*
-         * Check if the connection is still open.
-         */
-        if (!closed)
-        {
-            /*
-             * Prepare the message
-             */
-            this.closed = true;
-
-            if (alertLevel == AlertLevel.fatal)
-            {
-                /*
-                 * This is a fatal message.
-                 */
-                this.failedWithError = true;
-            }
-            sendAlert(alertLevel, alertDescription);
-            rs.close();
-            if (alertLevel == AlertLevel.fatal)
-            {
-                throw new IOException(TLS_ERROR_MESSAGE);
-            }
-        }
-        else
-        {
-            throw new IOException(TLS_ERROR_MESSAGE);
-        }
-    }
-
-    private void sendAlert(short alertLevel, short alertDescription) throws IOException
-    {
-        byte[] error = new byte[2];
-        error[0] = (byte)alertLevel;
-        error[1] = (byte)alertDescription;
-
-        rs.writeMessage(ContentType.alert, error, 0, 2);
-    }
-
-    /**
-     * Closes this connection.
-     * 
-     * @throws IOException If something goes wrong during closing.
-     */
-    public void close() throws IOException
-    {
-        if (!closed)
-        {
-            this.failWithError(AlertLevel.warning, AlertDescription.close_notify);
-        }
-    }
-
-    /**
-     * Make sure the InputStream is now empty. Fail otherwise.
-     * 
-     * @param is The InputStream to check.
-     * @throws IOException If is is not empty.
-     */
-    protected void assertEmpty(ByteArrayInputStream is) throws IOException
-    {
-        if (is.available() > 0)
-        {
-            throw new TlsFatalAlert(AlertDescription.decode_error);
-        }
-    }
-
-    protected void flush() throws IOException
-    {
-        rs.flush();
-    }
-
-    private static boolean arrayContains(short[] a, short n)
-    {
-        for (int i = 0; i < a.length; ++i)
-        {
-            if (a[i] == n)
-            {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    private static boolean arrayContains(int[] a, int n)
-    {
-        for (int i = 0; i < a.length; ++i)
-        {
-            if (a[i] == n)
-            {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    private static byte[] createRenegotiationInfo(byte[] renegotiated_connection)
-        throws IOException
-    {
-        ByteArrayOutputStream buf = new ByteArrayOutputStream();
-        TlsUtils.writeOpaque8(renegotiated_connection, buf);
-        return buf.toByteArray();
-    }
-
-    private static void writeExtension(OutputStream output, Integer extType, byte[] extValue)
-        throws IOException
-    {
-        TlsUtils.writeUint16(extType.intValue(), output);
-        TlsUtils.writeOpaque16(extValue, output);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java
deleted file mode 100644
index 0f940014f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java
+++ /dev/null
@@ -1,191 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-
-/**
- * TLS 1.0 RSA key exchange.
- */
-class TlsRSAKeyExchange implements TlsKeyExchange
-{
-    protected TlsClientContext context;
-
-    protected AsymmetricKeyParameter serverPublicKey = null;
-
-    protected RSAKeyParameters rsaServerPublicKey = null;
-
-    protected byte[] premasterSecret;
-
-    TlsRSAKeyExchange(TlsClientContext context)
-    {
-        this.context = context;
-    }
-
-    public void skipServerCertificate() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerCertificate(Certificate serverCertificate) throws IOException
-    {
-        X509CertificateStructure x509Cert = serverCertificate.certs[0];
-        SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
-
-        try
-        {
-            this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
-        }
-        catch (RuntimeException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
-        }
-
-        // Sanity check the PublicKeyFactory
-        if (this.serverPublicKey.isPrivate())
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-
-        this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey);
-
-        TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment);
-
-        // TODO 
-        /*
-         * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
-         * signing algorithm for the certificate must be the same as the algorithm for the
-         * certificate key."
-         */
-    }
-
-    public void skipServerKeyExchange() throws IOException
-    {
-        // OK
-    }
-
-    public void processServerKeyExchange(InputStream is)
-        throws IOException
-    {
-        // TODO
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        short[] types = certificateRequest.getCertificateTypes();
-        for (int i = 0; i < types.length; ++i)
-        {
-            switch (types[i])
-            {
-                case ClientCertificateType.rsa_sign:
-                case ClientCertificateType.dss_sign:
-                case ClientCertificateType.ecdsa_sign:
-                    break;
-                default:
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-        }
-    }
-
-    public void skipClientCredentials() throws IOException
-    {
-        // OK
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
-    {
-        if (!(clientCredentials instanceof TlsSignerCredentials))
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public void generateClientKeyExchange(OutputStream os) throws IOException
-    {
-        /*
-         * Choose a PremasterSecret and send it encrypted to the server
-         */
-        premasterSecret = new byte[48];
-        context.getSecureRandom().nextBytes(premasterSecret);
-        TlsUtils.writeVersion(premasterSecret, 0);
-
-        PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine());
-        encoding.init(true, new ParametersWithRandom(this.rsaServerPublicKey, context.getSecureRandom()));
-
-        try
-        {
-            byte[] keData = encoding.processBlock(premasterSecret, 0, premasterSecret.length);
-            TlsUtils.writeUint24(keData.length + 2, os);
-            TlsUtils.writeOpaque16(keData, os);
-        }
-        catch (InvalidCipherTextException e)
-        {
-            /*
-             * This should never happen, only during decryption.
-             */
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public byte[] generatePremasterSecret() throws IOException
-    {
-        byte[] tmp = this.premasterSecret;
-        this.premasterSecret = null;
-        return tmp;
-    }
-
-    // Would be needed to process RSA_EXPORT server key exchange
-//    protected void processRSAServerKeyExchange(InputStream is, Signer signer) throws IOException
-//    {
-//        InputStream sigIn = is;
-//        if (signer != null)
-//        {
-//            sigIn = new SignerInputStream(is, signer);
-//        }
-//
-//        byte[] modulusBytes = TlsUtils.readOpaque16(sigIn);
-//        byte[] exponentBytes = TlsUtils.readOpaque16(sigIn);
-//
-//        if (signer != null)
-//        {
-//            byte[] sigByte = TlsUtils.readOpaque16(is);
-//
-//            if (!signer.verifySignature(sigByte))
-//            {
-//                handler.failWithError(AlertLevel.fatal, AlertDescription.bad_certificate);
-//            }
-//        }
-//
-//        BigInteger modulus = new BigInteger(1, modulusBytes);
-//        BigInteger exponent = new BigInteger(1, exponentBytes);
-//
-//        this.rsaServerPublicKey = validateRSAPublicKey(new RSAKeyParameters(false, modulus,
-//            exponent));
-//    }
-
-    protected RSAKeyParameters validateRSAPublicKey(RSAKeyParameters key) throws IOException
-    {
-        // TODO What is the minimum bit length required?
-//        key.getModulus().bitLength();
-
-        if (!key.getExponent().isProbablePrime(2))
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        return key;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java
deleted file mode 100644
index 43702b03e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRSASigner.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.signers.GenericSigner;
-
-class TlsRSASigner implements TlsSigner
-{
-    public byte[] calculateRawSignature(SecureRandom random, AsymmetricKeyParameter privateKey, byte[] md5andsha1)
-        throws CryptoException
-    {
-        Signer sig = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), new NullDigest());
-        sig.init(true, new ParametersWithRandom(privateKey, random));
-        sig.update(md5andsha1, 0, md5andsha1.length);
-        return sig.generateSignature();
-    }
-
-    public Signer createVerifyer(AsymmetricKeyParameter publicKey)
-    {
-        Signer s = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), new CombinedHash());
-        s.init(false, publicKey);
-        return s;
-    }
-
-    public boolean isValidPublicKey(AsymmetricKeyParameter publicKey)
-    {
-        return publicKey instanceof RSAKeyParameters && !publicKey.isPrivate();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java
deleted file mode 100644
index b5160357b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public class TlsRuntimeException extends RuntimeException
-{
-    private static final long serialVersionUID = 1928023487348344086L;
-
-    Throwable e;
-
-    public TlsRuntimeException(String message, Throwable e)
-    {
-        super(message);
-
-        this.e = e;
-    }
-
-    public TlsRuntimeException(String message)
-    {
-        super(message);
-    }
-
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java
deleted file mode 100644
index 5177316a8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java
+++ /dev/null
@@ -1,204 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.agreement.srp.SRP6Client;
-import org.bouncycastle.crypto.agreement.srp.SRP6Util;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.io.SignerInputStream;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-import org.bouncycastle.util.BigIntegers;
-
-/**
- * TLS 1.1 SRP key exchange.
- */
-class TlsSRPKeyExchange implements TlsKeyExchange
-{
-    protected TlsClientContext context;
-    protected int keyExchange;
-    protected TlsSigner tlsSigner;
-    protected byte[] identity;
-    protected byte[] password;
-
-    protected AsymmetricKeyParameter serverPublicKey = null;
-
-    protected byte[] s = null;
-    protected BigInteger B = null;
-    protected SRP6Client srpClient = new SRP6Client();
-
-    TlsSRPKeyExchange(TlsClientContext context, int keyExchange, byte[] identity, byte[] password)
-    {
-        switch (keyExchange)
-        {
-            case KeyExchangeAlgorithm.SRP:
-                this.tlsSigner = null;
-                break;
-            case KeyExchangeAlgorithm.SRP_RSA:
-                this.tlsSigner = new TlsRSASigner();
-                break;
-            case KeyExchangeAlgorithm.SRP_DSS:
-                this.tlsSigner = new TlsDSSSigner();
-                break;
-            default:
-                throw new IllegalArgumentException("unsupported key exchange algorithm");
-        }
-
-        this.context = context;
-        this.keyExchange = keyExchange;
-        this.identity = identity;
-        this.password = password;
-    }
-
-    public void skipServerCertificate() throws IOException
-    {
-        if (tlsSigner != null)
-        {
-            throw new TlsFatalAlert(AlertDescription.unexpected_message);
-        }
-    }
-
-    public void processServerCertificate(Certificate serverCertificate) throws IOException
-    {
-        if (tlsSigner == null)
-        {
-            throw new TlsFatalAlert(AlertDescription.unexpected_message);
-        }
-
-        X509CertificateStructure x509Cert = serverCertificate.certs[0];
-        SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
-
-        try
-        {
-            this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
-        }
-        catch (RuntimeException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
-        }
-
-        if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
-        {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-        }
-
-        TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature);
-        
-        // TODO 
-        /*
-         * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
-         * signing algorithm for the certificate must be the same as the algorithm for the
-         * certificate key."
-         */
-    }
-
-    public void skipServerKeyExchange() throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerKeyExchange(InputStream is) throws IOException
-    {
-        SecurityParameters securityParameters = context.getSecurityParameters();
-
-        InputStream sigIn = is;
-        Signer signer = null;
-
-        if (tlsSigner != null)
-        {
-            signer = initSigner(tlsSigner, securityParameters);
-            sigIn = new SignerInputStream(is, signer);
-        }
-
-        byte[] NBytes = TlsUtils.readOpaque16(sigIn);
-        byte[] gBytes = TlsUtils.readOpaque16(sigIn);
-        byte[] sBytes = TlsUtils.readOpaque8(sigIn);
-        byte[] BBytes = TlsUtils.readOpaque16(sigIn);
-
-        if (signer != null)
-        {
-            byte[] sigByte = TlsUtils.readOpaque16(is);
-
-            if (!signer.verifySignature(sigByte))
-            {
-                throw new TlsFatalAlert(AlertDescription.bad_certificate);
-            }
-        }
-
-        BigInteger N = new BigInteger(1, NBytes);
-        BigInteger g = new BigInteger(1, gBytes);
-
-        // TODO Validate group parameters (see RFC 5054)
-//        handler.failWithError(AlertLevel.fatal, AlertDescription.insufficient_security);
-
-        this.s = sBytes;
-
-        /*
-         * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter"
-         * alert if B % N = 0.
-         */
-        try
-        {
-            this.B = SRP6Util.validatePublicValue(N, new BigInteger(1, BBytes));
-        }
-        catch (CryptoException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        this.srpClient.init(N, g, new SHA1Digest(), context.getSecureRandom());
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void skipClientCredentials() throws IOException
-    {
-        // OK
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.internal_error);
-    }
-
-    public void generateClientKeyExchange(OutputStream os) throws IOException
-    {
-        byte[] keData = BigIntegers.asUnsignedByteArray(srpClient.generateClientCredentials(s,
-            this.identity, this.password));
-        TlsUtils.writeUint24(keData.length + 2, os);
-        TlsUtils.writeOpaque16(keData, os);
-    }
-
-    public byte[] generatePremasterSecret() throws IOException
-    {
-        try
-        {
-            // TODO Check if this needs to be a fixed size
-            return BigIntegers.asUnsignedByteArray(srpClient.calculateSecret(B));
-        }
-        catch (CryptoException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-    }
-
-    protected Signer initSigner(TlsSigner tlsSigner, SecurityParameters securityParameters)
-    {
-        Signer signer = tlsSigner.createVerifyer(this.serverPublicKey);
-        signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
-        signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
-        return signer;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSigner.java
deleted file mode 100644
index 40a46e691..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSigner.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-
-interface TlsSigner
-{
-    byte[] calculateRawSignature(SecureRandom random, AsymmetricKeyParameter privateKey, byte[] md5andsha1)
-        throws CryptoException;
-
-    Signer createVerifyer(AsymmetricKeyParameter publicKey);
-
-    boolean isValidPublicKey(AsymmetricKeyParameter publicKey);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSignerCredentials.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSignerCredentials.java
deleted file mode 100644
index f0e5ac93b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsSignerCredentials.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-public interface TlsSignerCredentials extends TlsCredentials
-{
-    byte[] generateCertificateSignature(byte[] md5andsha1) throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java
deleted file mode 100644
index 2f23b154e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java
+++ /dev/null
@@ -1,319 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.io.Streams;
-
-/**
- * Some helper fuctions for MicroTLS.
- */
-public class TlsUtils
-{
-    protected static void writeUint8(short i, OutputStream os) throws IOException
-    {
-        os.write(i);
-    }
-
-    protected static void writeUint8(short i, byte[] buf, int offset)
-    {
-        buf[offset] = (byte)i;
-    }
-
-    protected static void writeUint16(int i, OutputStream os) throws IOException
-    {
-        os.write(i >> 8);
-        os.write(i);
-    }
-
-    protected static void writeUint16(int i, byte[] buf, int offset)
-    {
-        buf[offset] = (byte)(i >> 8);
-        buf[offset + 1] = (byte)i;
-    }
-
-    protected static void writeUint24(int i, OutputStream os) throws IOException
-    {
-        os.write(i >> 16);
-        os.write(i >> 8);
-        os.write(i);
-    }
-
-    protected static void writeUint24(int i, byte[] buf, int offset)
-    {
-        buf[offset] = (byte)(i >> 16);
-        buf[offset + 1] = (byte)(i >> 8);
-        buf[offset + 2] = (byte)(i);
-    }
-
-    protected static void writeUint32(long i, OutputStream os) throws IOException
-    {
-        os.write((int)(i >> 24));
-        os.write((int)(i >> 16));
-        os.write((int)(i >> 8));
-        os.write((int)(i));
-    }
-
-    protected static void writeUint32(long i, byte[] buf, int offset)
-    {
-        buf[offset] = (byte)(i >> 24);
-        buf[offset + 1] = (byte)(i >> 16);
-        buf[offset + 2] = (byte)(i >> 8);
-        buf[offset + 3] = (byte)(i);
-    }
-
-    protected static void writeUint64(long i, OutputStream os) throws IOException
-    {
-        os.write((int)(i >> 56));
-        os.write((int)(i >> 48));
-        os.write((int)(i >> 40));
-        os.write((int)(i >> 32));
-        os.write((int)(i >> 24));
-        os.write((int)(i >> 16));
-        os.write((int)(i >> 8));
-        os.write((int)(i));
-    }
-
-
-    protected static void writeUint64(long i, byte[] buf, int offset)
-    {
-        buf[offset] = (byte)(i >> 56);
-        buf[offset + 1] = (byte)(i >> 48);
-        buf[offset + 2] = (byte)(i >> 40);
-        buf[offset + 3] = (byte)(i >> 32);
-        buf[offset + 4] = (byte)(i >> 24);
-        buf[offset + 5] = (byte)(i >> 16);
-        buf[offset + 6] = (byte)(i >> 8);
-        buf[offset + 7] = (byte)(i);
-    }
-
-    protected static void writeOpaque8(byte[] buf, OutputStream os) throws IOException
-    {
-        writeUint8((short)buf.length, os);
-        os.write(buf);
-    }
-
-    protected static void writeOpaque16(byte[] buf, OutputStream os) throws IOException
-    {
-        writeUint16(buf.length, os);
-        os.write(buf);
-    }
-
-    protected static void writeOpaque24(byte[] buf, OutputStream os) throws IOException
-    {
-        writeUint24(buf.length, os);
-        os.write(buf);
-    }
-
-    protected static void writeUint8Array(short[] uints, OutputStream os) throws IOException
-    {
-        for (int i = 0; i < uints.length; ++i)
-        {
-            writeUint8(uints[i], os);
-        }
-    }
-
-    protected static void writeUint16Array(int[] uints, OutputStream os) throws IOException
-    {
-        for (int i = 0; i < uints.length; ++i)
-        {
-            writeUint16(uints[i], os);
-        }
-    }
-
-    protected static short readUint8(InputStream is) throws IOException
-    {
-        int i = is.read();
-        if (i == -1)
-        {
-            throw new EOFException();
-        }
-        return (short)i;
-    }
-
-    protected static int readUint16(InputStream is) throws IOException
-    {
-        int i1 = is.read();
-        int i2 = is.read();
-        if ((i1 | i2) < 0)
-        {
-            throw new EOFException();
-        }
-        return i1 << 8 | i2;
-    }
-
-    protected static int readUint24(InputStream is) throws IOException
-    {
-        int i1 = is.read();
-        int i2 = is.read();
-        int i3 = is.read();
-        if ((i1 | i2 | i3) < 0)
-        {
-            throw new EOFException();
-        }
-        return (i1 << 16) | (i2 << 8) | i3;
-    }
-
-    protected static long readUint32(InputStream is) throws IOException
-    {
-        int i1 = is.read();
-        int i2 = is.read();
-        int i3 = is.read();
-        int i4 = is.read();
-        if ((i1 | i2 | i3 | i4) < 0)
-        {
-            throw new EOFException();
-        }
-        return (((long)i1) << 24) | (((long)i2) << 16) | (((long)i3) << 8) | ((long)i4);
-    }
-
-    protected static void readFully(byte[] buf, InputStream is) throws IOException
-    {
-        if (Streams.readFully(is, buf) != buf.length)
-        {
-            throw new EOFException();
-        }
-    }
-
-    protected static byte[] readOpaque8(InputStream is) throws IOException
-    {
-        short length = readUint8(is);
-        byte[] value = new byte[length];
-        readFully(value, is);
-        return value;
-    }
-
-    protected static byte[] readOpaque16(InputStream is) throws IOException
-    {
-        int length = readUint16(is);
-        byte[] value = new byte[length];
-        readFully(value, is);
-        return value;
-    }
-
-    protected static void checkVersion(byte[] readVersion, TlsProtocolHandler handler)
-        throws IOException
-    {
-        if ((readVersion[0] != 3) || (readVersion[1] != 1))
-        {
-            throw new TlsFatalAlert(AlertDescription.protocol_version);
-        }
-    }
-
-    protected static void checkVersion(InputStream is, TlsProtocolHandler handler)
-        throws IOException
-    {
-        int i1 = is.read();
-        int i2 = is.read();
-        if ((i1 != 3) || (i2 != 1))
-        {
-            throw new TlsFatalAlert(AlertDescription.protocol_version);
-        }
-    }
-
-    protected static void writeGMTUnixTime(byte[] buf, int offset)
-    {
-        int t = (int)(System.currentTimeMillis() / 1000L);
-        buf[offset] = (byte)(t >> 24);
-        buf[offset + 1] = (byte)(t >> 16);
-        buf[offset + 2] = (byte)(t >> 8);
-        buf[offset + 3] = (byte)t;
-    }
-
-    protected static void writeVersion(OutputStream os) throws IOException
-    {
-        os.write(3);
-        os.write(1);
-    }
-
-    protected static void writeVersion(byte[] buf, int offset) throws IOException
-    {
-        buf[offset] = 3;
-        buf[offset + 1] = 1;
-    }
-
-    private static void hmac_hash(Digest digest, byte[] secret, byte[] seed, byte[] out)
-    {
-        HMac mac = new HMac(digest);
-        KeyParameter param = new KeyParameter(secret);
-        byte[] a = seed;
-        int size = digest.getDigestSize();
-        int iterations = (out.length + size - 1) / size;
-        byte[] buf = new byte[mac.getMacSize()];
-        byte[] buf2 = new byte[mac.getMacSize()];
-        for (int i = 0; i < iterations; i++)
-        {
-            mac.init(param);
-            mac.update(a, 0, a.length);
-            mac.doFinal(buf, 0);
-            a = buf;
-            mac.init(param);
-            mac.update(a, 0, a.length);
-            mac.update(seed, 0, seed.length);
-            mac.doFinal(buf2, 0);
-            System.arraycopy(buf2, 0, out, (size * i), Math.min(size, out.length - (size * i)));
-        }
-    }
-
-    protected static byte[] PRF(byte[] secret, String asciiLabel, byte[] seed, int size)
-    {
-        byte[] label = Strings.toByteArray(asciiLabel);
-
-        int s_half = (secret.length + 1) / 2;
-        byte[] s1 = new byte[s_half];
-        byte[] s2 = new byte[s_half];
-        System.arraycopy(secret, 0, s1, 0, s_half);
-        System.arraycopy(secret, secret.length - s_half, s2, 0, s_half);
-
-        byte[] ls = concat(label, seed);
-
-        byte[] buf = new byte[size];
-        byte[] prf = new byte[size];
-        hmac_hash(new MD5Digest(), s1, ls, prf);
-        hmac_hash(new SHA1Digest(), s2, ls, buf);
-        for (int i = 0; i < size; i++)
-        {
-            buf[i] ^= prf[i];
-        }
-        return buf;
-    }
-
-    static byte[] concat(byte[] a, byte[] b)
-    {
-        byte[] c = new byte[a.length + b.length];
-        System.arraycopy(a, 0, c, 0, a.length);
-        System.arraycopy(b, 0, c, a.length, b.length);
-        return c;
-    }
-
-    static void validateKeyUsage(X509CertificateStructure c, int keyUsageBits) throws IOException
-    {
-        X509Extensions exts = c.getTBSCertificate().getExtensions();
-        if (exts != null)
-        {
-            X509Extension ext = exts.getExtension(X509Extension.keyUsage);
-            if (ext != null)
-            {
-                DERBitString ku = KeyUsage.getInstance(ext);
-                int bits = ku.getBytes()[0] & 0xff;
-                if ((bits & keyUsageBits) != keyUsageBits)
-                {
-                    throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-                }
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/package.html
deleted file mode 100644
index ee59f8afb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/tls/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-A lightweight TLS API.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/Pack.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/Pack.java
deleted file mode 100644
index cdea3afe0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/Pack.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package org.bouncycastle.crypto.util;
-
-public abstract class Pack
-{
-    public static int bigEndianToInt(byte[] bs, int off)
-    {
-        int n = bs[  off] << 24;
-        n |= (bs[++off] & 0xff) << 16;
-        n |= (bs[++off] & 0xff) << 8;
-        n |= (bs[++off] & 0xff);
-        return n;
-    }
-
-    public static void intToBigEndian(int n, byte[] bs, int off)
-    {
-        bs[  off] = (byte)(n >>> 24);
-        bs[++off] = (byte)(n >>> 16);
-        bs[++off] = (byte)(n >>>  8);
-        bs[++off] = (byte)(n       );
-    }
-
-    public static long bigEndianToLong(byte[] bs, int off)
-    {
-        int hi = bigEndianToInt(bs, off);
-        int lo = bigEndianToInt(bs, off + 4);
-        return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL);
-    }
-
-    public static void longToBigEndian(long n, byte[] bs, int off)
-    {
-        intToBigEndian((int)(n >>> 32), bs, off);
-        intToBigEndian((int)(n & 0xffffffffL), bs, off + 4);
-    }
-
-    public static int littleEndianToInt(byte[] bs, int off)
-    {
-        int n = bs[  off];
-        n |= (bs[++off] & 0xff) << 8;
-        n |= (bs[++off] & 0xff) << 16;
-        n |= (bs[++off] & 0xff) << 24;
-        return n;
-    }
-
-    public static void intToLittleEndian(int n, byte[] bs, int off)
-    {
-        bs[  off] = (byte)(n       );
-        bs[++off] = (byte)(n >>>  8);
-        bs[++off] = (byte)(n >>> 16);
-        bs[++off] = (byte)(n >>> 24);
-    }
-
-    public static long littleEndianToLong(byte[] bs, int off)
-    {
-        int lo = littleEndianToInt(bs, off);
-        int hi = littleEndianToInt(bs, off + 4);
-        return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL);
-    }
-
-    public static void longToLittleEndian(long n, byte[] bs, int off)
-    {
-        intToLittleEndian((int)(n & 0xffffffffL), bs, off);
-        intToLittleEndian((int)(n >>> 32), bs, off + 4);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
deleted file mode 100644
index df6c3e60c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ /dev/null
@@ -1,175 +0,0 @@
-package org.bouncycastle.crypto.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.asn1.x9.X962NamedCurves;
-import org.bouncycastle.asn1.x9.X962Parameters;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-/**
- * Factory for creating private key objects from PKCS8 PrivateKeyInfo objects.
- */
-public class PrivateKeyFactory
-{
-    /**
-     * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding.
-     * 
-     * @param privateKeyInfoData the PrivateKeyInfo encoding
-     * @return a suitable private key parameter
-     * @throws IOException on an error decoding the key
-     */
-    public static AsymmetricKeyParameter createKey(byte[] privateKeyInfoData) throws IOException
-    {
-        return createKey(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(privateKeyInfoData)));
-    }
-
-    /**
-     * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a
-     * stream.
-     * 
-     * @param inStr the stream to read the PrivateKeyInfo encoding from
-     * @return a suitable private key parameter
-     * @throws IOException on an error decoding the key
-     */
-    public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException
-    {
-        return createKey(PrivateKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
-    }
-
-    /**
-     * Create a private key parameter from the passed in PKCS8 PrivateKeyInfo object.
-     * 
-     * @param keyInfo the PrivateKeyInfo object containing the key material
-     * @return a suitable private key parameter
-     * @throws IOException on an error decoding the key
-     */
-    public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException
-    {
-        AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
-
-        if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption))
-        {
-            RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure(
-                (ASN1Sequence)keyInfo.getPrivateKey());
-
-            return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(),
-                keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(),
-                keyStructure.getPrime1(), keyStructure.getPrime2(), keyStructure.getExponent1(),
-                keyStructure.getExponent2(), keyStructure.getCoefficient());
-        }
-        // TODO?
-//      else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
-        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
-        {
-            DHParameter params = new DHParameter(
-                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-
-            BigInteger lVal = params.getL();
-            int l = lVal == null ? 0 : lVal.intValue();
-            DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
-
-            return new DHPrivateKeyParameters(derX.getValue(), dhParams);
-        }
-        else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            ElGamalParameter params = new ElGamalParameter(
-                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-
-            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-                params.getP(), params.getG()));
-        }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
-        {
-            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-            DEREncodable de = keyInfo.getAlgorithmId().getParameters();
-
-            DSAParameters parameters = null;
-            if (de != null)
-            {
-                DSAParameter params = DSAParameter.getInstance(de.getDERObject());
-                parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
-            }
-
-            return new DSAPrivateKeyParameters(derX.getValue(), parameters);
-        }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-        {
-            X962Parameters params = new X962Parameters(
-                (DERObject)keyInfo.getAlgorithmId().getParameters());
-            ECDomainParameters dParams = null;
-
-            if (params.isNamedCurve())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-                X9ECParameters ecP = X962NamedCurves.getByOID(oid);
-
-                if (ecP == null)
-                {
-                    ecP = SECNamedCurves.getByOID(oid);
-
-                    if (ecP == null)
-                    {
-                        ecP = NISTNamedCurves.getByOID(oid);
-
-                        if (ecP == null)
-                        {
-                            ecP = TeleTrusTNamedCurves.getByOID(oid);
-                        }
-                    }
-                }
-
-                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
-                    ecP.getH(), ecP.getSeed());
-            }
-            else
-            {
-                X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
-                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
-                    ecP.getH(), ecP.getSeed());
-            }
-
-            ECPrivateKeyStructure ec = new ECPrivateKeyStructure(
-                (ASN1Sequence)keyInfo.getPrivateKey());
-
-            return new ECPrivateKeyParameters(ec.getKey(), dParams);
-        }
-        else
-        {
-            throw new RuntimeException("algorithm identifier in key not recognised");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
deleted file mode 100644
index f9465cab3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ /dev/null
@@ -1,215 +0,0 @@
-package org.bouncycastle.crypto.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.asn1.x9.DHDomainParameters;
-import org.bouncycastle.asn1.x9.DHPublicKey;
-import org.bouncycastle.asn1.x9.DHValidationParms;
-import org.bouncycastle.asn1.x9.X962NamedCurves;
-import org.bouncycastle.asn1.x9.X962Parameters;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.asn1.x9.X9ECPoint;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-import org.bouncycastle.crypto.params.DHValidationParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-/**
- * Factory to create asymmetric public key parameters for asymmetric ciphers from range of
- * ASN.1 encoded SubjectPublicKeyInfo objects.
- */
-public class PublicKeyFactory
-{
-    /**
-     * Create a public key from a SubjectPublicKeyInfo encoding
-     * 
-     * @param keyInfoData the SubjectPublicKeyInfo encoding
-     * @return the appropriate key parameter
-     * @throws IOException on an error decoding the key
-     */
-    public static AsymmetricKeyParameter createKey(byte[] keyInfoData) throws IOException
-    {
-        return createKey(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(keyInfoData)));
-    }
-
-    /**
-     * Create a public key from a SubjectPublicKeyInfo encoding read from a stream
-     * 
-     * @param inStr the stream to read the SubjectPublicKeyInfo encoding from
-     * @return the appropriate key parameter
-     * @throws IOException on an error decoding the key
-     */
-    public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException
-    {
-        return createKey(SubjectPublicKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
-    }
-
-    /**
-     * Create a public key from the passed in SubjectPublicKeyInfo
-     * 
-     * @param keyInfo the SubjectPublicKeyInfo containing the key data
-     * @return the appropriate key parameter
-     * @throws IOException on an error decoding the key
-     */
-    public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException
-    {
-        AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
-
-        if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)
-            || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa))
-        {
-            RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure(
-                (ASN1Sequence)keyInfo.getPublicKey());
-
-            return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent());
-        }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
-        {
-            DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.getPublicKey());
-
-            BigInteger y = dhPublicKey.getY().getValue();
-
-            DHDomainParameters dhParams = DHDomainParameters.getInstance(keyInfo.getAlgorithmId().getParameters());
-
-            BigInteger p = dhParams.getP().getValue();
-            BigInteger g = dhParams.getG().getValue();
-            BigInteger q = dhParams.getQ().getValue();
-
-            BigInteger j = null;
-            if (dhParams.getJ() != null)
-            {
-                j = dhParams.getJ().getValue();
-            }
-
-            DHValidationParameters validation = null;
-            DHValidationParms dhValidationParms = dhParams.getValidationParms();
-            if (dhValidationParms != null)
-            {
-                byte[] seed = dhValidationParms.getSeed().getBytes();
-                BigInteger pgenCounter = dhValidationParms.getPgenCounter().getValue();
-
-                // TODO Check pgenCounter size?
-
-                validation = new DHValidationParameters(seed, pgenCounter.intValue());
-            }
-
-            return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
-        }
-        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
-        {
-            DHParameter params = new DHParameter(
-                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger derY = (DERInteger)keyInfo.getPublicKey();
-
-            BigInteger lVal = params.getL();
-            int l = lVal == null ? 0 : lVal.intValue();
-            DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
-
-            return new DHPublicKeyParameters(derY.getValue(), dhParams);
-        }
-        else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            ElGamalParameter params = new ElGamalParameter(
-                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger derY = (DERInteger)keyInfo.getPublicKey();
-
-            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-                params.getP(), params.getG()));
-        }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)
-            || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
-        {
-            DERInteger derY = (DERInteger)keyInfo.getPublicKey();
-            DEREncodable de = keyInfo.getAlgorithmId().getParameters();
-
-            DSAParameters parameters = null;
-            if (de != null)
-            {
-                DSAParameter params = DSAParameter.getInstance(de.getDERObject());
-                parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
-            }
-
-            return new DSAPublicKeyParameters(derY.getValue(), parameters);
-        }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-        {
-            X962Parameters params = new X962Parameters(
-                (DERObject)keyInfo.getAlgorithmId().getParameters());
-            ECDomainParameters dParams = null;
-
-            if (params.isNamedCurve())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-                X9ECParameters ecP = X962NamedCurves.getByOID(oid);
-
-                if (ecP == null)
-                {
-                    ecP = SECNamedCurves.getByOID(oid);
-
-                    if (ecP == null)
-                    {
-                        ecP = NISTNamedCurves.getByOID(oid);
-
-                        if (ecP == null)
-                        {
-                            ecP = TeleTrusTNamedCurves.getByOID(oid);
-                        }
-                    }
-                }
-
-                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
-                    ecP.getH(), ecP.getSeed());
-            }
-            else
-            {
-                X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
-                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
-                    ecP.getH(), ecP.getSeed());
-            }
-
-            DERBitString bits = keyInfo.getPublicKeyData();
-            byte[] data = bits.getBytes();
-            ASN1OctetString key = new DEROctetString(data);
-
-            X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
-
-            return new ECPublicKeyParameters(derQ.getPoint(), dParams);
-        }
-        else
-        {
-            throw new RuntimeException("algorithm identifier in key not recognised");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/package.html
deleted file mode 100644
index 787b892e9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/crypto/util/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Some general utility/conversion classes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/ErrorBundle.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/ErrorBundle.java
deleted file mode 100644
index 415b5e571..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/ErrorBundle.java
+++ /dev/null
@@ -1,120 +0,0 @@
-package org.bouncycastle.i18n;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Locale;
-import java.util.TimeZone;
-
-public class ErrorBundle extends MessageBundle 
-{
-
-    /**
-     * summary entry key
-     */
-    public static final String SUMMARY_ENTRY = "summary";
-    
-    /**
-     * detail entry key
-     */
-    public static final String DETAIL_ENTRY = "details";
-    
-    /**
-     * Constructs a new ErrorBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @throws NullPointerException if resource or id is null
-     */
-    public ErrorBundle(String resource, String id) throws NullPointerException
-    {
-        super(resource, id);
-    }
-    
-    /**
-     * Constructs a new ErrorBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public ErrorBundle(String resource, String id, String encoding) throws NullPointerException, UnsupportedEncodingException
-    {
-        super(resource, id, encoding);
-    }
-
-    /**
-     * Constructs a new ErrorBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     */
-    public ErrorBundle(String resource, String id, Object[] arguments) throws NullPointerException
-    {
-        super(resource, id, arguments);
-    }
-    
-    /**
-     * Constructs a new ErrorBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public ErrorBundle(String resource, String id, String encoding, Object[] arguments) throws NullPointerException, UnsupportedEncodingException
-    {
-        super(resource, id, encoding, arguments);
-    }
-    
-    /**
-     * Returns the summary message in the given locale and timezone.
-     * @param loc the {@link Locale}
-     * @param timezone the {@link TimeZone}
-     * @return the summary message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getSummary(Locale loc, TimeZone timezone) throws MissingEntryException
-    {
-        return getEntry(SUMMARY_ENTRY,loc,timezone);
-    }
-    
-    /**
-     * Returns the summary message in the given locale and the default timezone.
-     * @param loc the {@link Locale}
-     * @return the summary message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getSummary(Locale loc) throws MissingEntryException
-    {
-        return getEntry(SUMMARY_ENTRY,loc,TimeZone.getDefault());
-    }
-    
-    /**
-     * Returns the detail message in the given locale and timezone.
-     * @param loc the {@link Locale}
-     * @param timezone the {@link TimeZone}
-     * @return the detail message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getDetail(Locale loc, TimeZone timezone) throws MissingEntryException
-    {
-        return getEntry(DETAIL_ENTRY,loc,timezone);
-    }
-    
-    /**
-     * Returns the detail message in the given locale and the default timezone.
-     * @param loc the {@link Locale}
-     * @return the detail message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getDetail(Locale loc) throws MissingEntryException
-    {
-        return getEntry(DETAIL_ENTRY,loc,TimeZone.getDefault());
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocaleString.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocaleString.java
deleted file mode 100644
index b9e22320d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocaleString.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.i18n;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Locale;
-
-public class LocaleString extends LocalizedMessage
-{
-
-    public LocaleString(String resource, String id)
-    {
-        super(resource, id);
-    }
-    
-    public LocaleString(String resource, String id, String encoding) throws NullPointerException, UnsupportedEncodingException
-    {
-        super(resource, id, encoding);
-    }
-    
-    public String getLocaleString(Locale locale)
-    {
-        return this.getEntry(null, locale, null);
-    }
-    
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedException.java
deleted file mode 100644
index 373fd6cea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedException.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.bouncycastle.i18n;
-
-import java.util.Locale;
-
-/**
- * Base class for all Exceptions with localized messages.
- */
-public class LocalizedException extends Exception 
-{
-
-    protected ErrorBundle message;
-    private Throwable cause;
-    
-    /**
-     * Constructs a new LocalizedException with the specified localized message.
-     * @param message the {@link ErrorBundle} that contains the message for the exception
-     */
-    public LocalizedException(ErrorBundle message) 
-    {
-        super(message.getText(Locale.getDefault()));
-        this.message = message;
-    }
-    
-    /**
-     * Constructs a new LocalizedException with the specified localized message and cause.
-     * @param message the {@link ErrorBundle} that contains the message for the exception
-     * @param throwable the cause
-     */
-    public LocalizedException(ErrorBundle message, Throwable throwable) 
-    {
-        super(message.getText(Locale.getDefault()));
-        this.message = message;
-        this.cause = throwable;
-    }
-    
-    /**
-     * Returns the localized error message of the exception.
-     * @return the localized error message as {@link ErrorBundle}
-     */
-    public ErrorBundle getErrorMessage() 
-    {
-        return message;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java
deleted file mode 100644
index d88c22914..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java
+++ /dev/null
@@ -1,476 +0,0 @@
-package org.bouncycastle.i18n;
-
-import org.bouncycastle.i18n.filter.Filter;
-import org.bouncycastle.i18n.filter.TrustedInput;
-import org.bouncycastle.i18n.filter.UntrustedInput;
-import org.bouncycastle.i18n.filter.UntrustedUrlInput;
-
-import java.io.UnsupportedEncodingException;
-import java.nio.charset.Charset;
-import java.text.DateFormat;
-import java.text.Format;
-import java.text.MessageFormat;
-import java.util.Locale;
-import java.util.MissingResourceException;
-import java.util.ResourceBundle;
-import java.util.TimeZone;
-
-public class LocalizedMessage 
-{
-
-    protected final String id;
-    protected final String resource;
-    
-    // ISO-8859-1 is the default encoding
-    public static final String DEFAULT_ENCODING = "ISO-8859-1";
-    protected String encoding = DEFAULT_ENCODING;
-    
-    protected FilteredArguments arguments;
-    protected FilteredArguments extraArgs = null;
-    
-    protected Filter filter = null;
-    
-    protected ClassLoader loader = null;
-    
-    /**
-     * Constructs a new LocalizedMessage using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @throws NullPointerException if resource or id is null
-     */
-    public LocalizedMessage(String resource,String id) throws NullPointerException
-    {
-        if (resource == null || id == null)
-        {
-            throw new NullPointerException();
-        }
-        this.id = id;
-        this.resource = resource;
-        arguments = new FilteredArguments();
-    }
-    
-    /**
-     * Constructs a new LocalizedMessage using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public LocalizedMessage(String resource,String id, String encoding) throws NullPointerException, UnsupportedEncodingException
-    {
-        if (resource == null || id == null)
-        {
-            throw new NullPointerException();
-        }
-        this.id = id;
-        this.resource = resource;
-        arguments = new FilteredArguments();
-        if (!Charset.isSupported(encoding))
-        {
-            throw new UnsupportedEncodingException("The encoding \"" + encoding + "\" is not supported.");
-        }
-        this.encoding = encoding;
-    }
-    
-    /**
-     * Constructs a new LocalizedMessage using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     */
-    public LocalizedMessage(String resource, String id, Object[] arguments) throws NullPointerException
-    {
-        if (resource == null || id == null || arguments == null)
-        {
-            throw new NullPointerException();
-        }
-        this.id = id;
-        this.resource = resource;
-        this.arguments = new FilteredArguments(arguments);
-    }
-    
-    /**
-     * Constructs a new LocalizedMessage using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public LocalizedMessage(String resource, String id, String encoding, Object[] arguments) throws NullPointerException, UnsupportedEncodingException
-    {
-        if (resource == null || id == null || arguments == null)
-        {
-            throw new NullPointerException();
-        }
-        this.id = id;
-        this.resource = resource;
-        this.arguments = new FilteredArguments(arguments);
-        if (!Charset.isSupported(encoding))
-        {
-            throw new UnsupportedEncodingException("The encoding \"" + encoding + "\" is not supported.");
-        }
-        this.encoding = encoding;
-    }
-    
-    /**
-     * Reads the entry id + "." + key from the resource file and returns a 
-     * formated message for the given Locale and TimeZone.
-     * @param key second part of the entry id
-     * @param loc the used {@link Locale}
-     * @param timezone the used {@link TimeZone}
-     * @return a Strng containing the localized message
-     * @throws MissingEntryException if the resource file is not available or the entry does not exist.
-     */
-    public String getEntry(String key,Locale loc, TimeZone timezone) throws MissingEntryException
-    {
-        String entry = id;
-        if (key != null)
-        {
-            entry += "." + key;
-        }
-        
-        try
-        {
-            ResourceBundle bundle;
-            if (loader == null)
-            {
-                bundle = ResourceBundle.getBundle(resource,loc);
-            }
-            else
-            {
-                bundle = ResourceBundle.getBundle(resource, loc, loader);
-            }
-            String result = bundle.getString(entry);
-            if (!encoding.equals(DEFAULT_ENCODING))
-            {
-                result = new String(result.getBytes(DEFAULT_ENCODING), encoding);
-            }
-            if (!arguments.isEmpty())
-            {
-                result = formatWithTimeZone(result,arguments.getFilteredArgs(loc),loc,timezone);
-            }
-            result = addExtraArgs(result, loc);
-            return result;
-        }
-        catch (MissingResourceException mre)
-        {
-            throw new MissingEntryException("Can't find entry " + entry + " in resource file " + resource + ".",
-                    resource,
-                    entry,
-                    loc,
-                    loader != null ? loader : this.getClassLoader()); 
-        }
-        catch (UnsupportedEncodingException use)
-        {
-            // should never occur - cause we already test this in the constructor
-            throw new RuntimeException(use);
-        }
-    }
-    
-    protected String formatWithTimeZone(
-            String template,
-            Object[] arguments, 
-            Locale locale,
-            TimeZone timezone) 
-    {
-        MessageFormat mf = new MessageFormat(" ");
-        mf.setLocale(locale);
-        mf.applyPattern(template);
-        if (!timezone.equals(TimeZone.getDefault())) 
-        {
-            Format[] formats = mf.getFormats();
-            for (int i = 0; i < formats.length; i++) 
-            {
-                if (formats[i] instanceof DateFormat) 
-                {
-                    DateFormat temp = (DateFormat) formats[i];
-                    temp.setTimeZone(timezone);
-                    mf.setFormat(i,temp);
-                }
-            }
-        }
-        return mf.format(arguments);
-    }
-    
-    protected String addExtraArgs(String msg, Locale locale)
-    {
-        if (extraArgs != null)
-        {
-            StringBuffer sb = new StringBuffer(msg);
-            Object[] filteredArgs = extraArgs.getFilteredArgs(locale);
-            for (int i = 0; i < filteredArgs.length; i++)
-            {
-                sb.append(filteredArgs[i]);
-            }
-            msg = sb.toString();
-        }
-        return msg;
-    }
-    
-    /**
-     * Sets the {@link Filter} that is used to filter the arguments of this message
-     * @param filter the {@link Filter} to use. null to disable filtering.
-     */
-    public void setFilter(Filter filter)
-    {
-        arguments.setFilter(filter);
-        if (extraArgs != null)
-        {
-            extraArgs.setFilter(filter);
-        }
-        this.filter = filter;
-    }
-    
-    /**
-     * Returns the current filter.
-     * @return the current filter
-     */
-    public Filter getFilter()
-    {
-        return filter;
-    }
-    
-    /**
-     * Set the {@link ClassLoader} which loads the resource files. If it is set to null
-     * then the default {@link ClassLoader} is used. 
-     * @param loader the {@link ClassLoader} which loads the resource files
-     */
-    public void setClassLoader(ClassLoader loader)
-    {
-        this.loader = loader;
-    }
-    
-    /**
-     * Returns the {@link ClassLoader} which loads the resource files or null
-     * if the default ClassLoader is used.
-     * @return the {@link ClassLoader} which loads the resource files
-     */
-    public ClassLoader getClassLoader()
-    {
-        return loader;
-    }
-    
-    /**
-     * Returns the id of the message in the resource bundle.
-     * @return the id of the message
-     */
-    public String getId()
-    {
-        return id;
-    }
-    
-    /**
-     * Returns the name of the resource bundle for this message
-     * @return name of the resource file
-     */
-    public String getResource()
-    {
-        return resource;
-    }
-    
-    /**
-     * Returns an Object[] containing the message arguments.
-     * @return the message arguments
-     */
-    public Object[] getArguments()
-    {
-        return arguments.getArguments();
-    }
-    
-    /**
-     * 
-     * @param extraArg
-     */
-    public void setExtraArgument(Object extraArg)
-    {
-        setExtraArguments(new Object[] {extraArg});
-    }
-    
-    /**
-     * 
-     * @param extraArgs
-     */
-    public void setExtraArguments(Object[] extraArgs)
-    {
-        if (extraArgs != null)
-        {
-            this.extraArgs = new FilteredArguments(extraArgs);
-            this.extraArgs.setFilter(filter);
-        }
-        else
-        {
-            this.extraArgs = null;
-        }
-    }
-    
-    /**
-     * 
-     * @return
-     */
-    public Object[] getExtraArgs()
-    {
-        return (extraArgs == null) ? null : extraArgs.getArguments();
-    }
-    
-    protected class FilteredArguments
-    {
-        protected static final int NO_FILTER = 0;
-        protected static final int FILTER = 1;
-        protected static final int FILTER_URL = 2;
-        
-        protected Filter filter = null;
-        
-        protected boolean[] isLocaleSpecific;
-        protected int[] argFilterType;
-        protected Object[] arguments;
-        protected Object[] unpackedArgs;
-        protected Object[] filteredArgs;
-        
-        FilteredArguments()
-        {
-            this(new Object[0]);
-        }
-        
-        FilteredArguments(Object[] args)
-        {
-            this.arguments = args;
-            this.unpackedArgs = new Object[args.length];
-            this.filteredArgs = new Object[args.length];
-            this.isLocaleSpecific = new boolean[args.length];
-            this.argFilterType = new int[args.length];
-            for (int i = 0; i < args.length; i++)
-            {
-                if (args[i] instanceof TrustedInput)
-                {
-                    this.unpackedArgs[i] = ((TrustedInput) args[i]).getInput();
-                    argFilterType[i] = NO_FILTER;
-                }
-                else if (args[i] instanceof UntrustedInput)
-                {
-                    this.unpackedArgs[i] = ((UntrustedInput) args[i]).getInput();
-                    if (args[i] instanceof UntrustedUrlInput)
-                    {
-                        argFilterType[i] = FILTER_URL;
-                    }
-                    else
-                    {
-                        argFilterType[i] = FILTER;
-                    }
-                }
-                else
-                {
-                    this.unpackedArgs[i] = args[i];
-                    argFilterType[i] = FILTER;
-                }
-                
-                // locale specific
-                this.isLocaleSpecific[i] = (this.unpackedArgs[i] instanceof LocaleString);
-            }
-        }
-        
-        public boolean isEmpty()
-        {
-            return unpackedArgs.length == 0;
-        }
-        
-        public Object[] getArguments()
-        {
-            return arguments;
-        }
-        
-        public Object[] getFilteredArgs(Locale locale)
-        {
-            Object[] result = new Object[unpackedArgs.length];
-            for (int i = 0; i < unpackedArgs.length; i++)
-            {
-                Object arg;
-                if (filteredArgs[i] != null)
-                {
-                    arg = filteredArgs[i];
-                }
-                else
-                {
-                    arg = unpackedArgs[i];
-                    if (isLocaleSpecific[i])
-                    {
-                        // get locale
-                        arg = ((LocaleString) arg).getLocaleString(locale);
-                        arg = filter(argFilterType[i], arg);
-                    }
-                    else
-                    {
-                        arg = filter(argFilterType[i], arg);
-                        filteredArgs[i] = arg;
-                    }
-                }
-                result[i] = arg;
-            }
-            return result;
-        }
-        
-        private Object filter(int type, Object obj)
-        {
-            if (filter != null)
-            {
-                Object o = (null == obj) ? "null" : obj;
-                switch (type)
-                {
-                case NO_FILTER:
-                    return o;
-                case FILTER:
-                    return filter.doFilter(o.toString());
-                case FILTER_URL:
-                    return filter.doFilterUrl(o.toString());
-                default:
-                    return null;
-                }
-            }
-            else
-            {
-                return obj;
-            }
-        }
-
-        public Filter getFilter()
-        {
-            return filter;
-        }
-
-        public void setFilter(Filter filter)
-        {
-            if (filter != this.filter)
-            {
-                for (int i = 0; i < unpackedArgs.length; i++)
-                {
-                    filteredArgs[i] = null;
-                }
-            }
-            this.filter = filter;
-        }
-        
-    }
-    
-    public String toString()
-    {
-        StringBuffer sb = new StringBuffer();
-        sb.append("Resource: \"").append(resource);
-        sb.append("\" Id: \"").append(id).append("\"");
-        sb.append(" Arguments: ").append(arguments.getArguments().length).append(" normal");
-        if (extraArgs != null && extraArgs.getArguments().length > 0)
-        {
-            sb.append(", ").append(extraArgs.getArguments().length).append(" extra");
-        }
-        sb.append(" Encoding: ").append(encoding);
-        sb.append(" ClassLoader: ").append(loader);
-        return sb.toString();
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MessageBundle.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MessageBundle.java
deleted file mode 100644
index de931fcec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MessageBundle.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package org.bouncycastle.i18n;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Locale;
-import java.util.TimeZone;
-
-public class MessageBundle extends TextBundle
-{
-
-    /**
-     * title entry key
-     */
-    public static final String TITLE_ENTRY = "title";
-    
-    /**
-     * Constructs a new MessageBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @throws NullPointerException if resource or id is null
-     */
-    public MessageBundle(String resource, String id) throws NullPointerException
-    {
-        super(resource, id);
-    }
-    
-    /**
-     * Constructs a new MessageBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public MessageBundle(String resource, String id, String encoding) throws NullPointerException, UnsupportedEncodingException
-    {
-        super(resource, id, encoding);
-    }
-
-    /**
-     * Constructs a new MessageBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     */
-    public MessageBundle(String resource, String id, Object[] arguments) throws NullPointerException
-    {
-        super(resource, id, arguments);
-    }
-    
-    /**
-     * Constructs a new MessageBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public MessageBundle(String resource, String id, String encoding, Object[] arguments) throws NullPointerException, UnsupportedEncodingException
-    {
-        super(resource, id, encoding, arguments);
-    }
-    
-    /**
-     * Returns the title message in the given locale and timezone.
-     * @param loc the {@link Locale}
-     * @param timezone the {@link TimeZone}
-     * @return the title message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getTitle(Locale loc,TimeZone timezone) throws MissingEntryException
-    {
-        return getEntry(TITLE_ENTRY,loc,timezone);
-    }
-    
-    /**
-     * Returns the title message in the given locale and the default timezone.
-     * @param loc the {@link Locale}
-     * @return the title message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getTitle(Locale loc) throws MissingEntryException
-    {
-        return getEntry(TITLE_ENTRY,loc,TimeZone.getDefault());
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MissingEntryException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MissingEntryException.java
deleted file mode 100644
index ffd4d543b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/MissingEntryException.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package org.bouncycastle.i18n;
-
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.util.Locale;
-
-public class MissingEntryException extends RuntimeException 
-{
-
-    protected final String resource;
-    protected final String key;
-    protected final ClassLoader loader;
-    protected final Locale locale;
-    
-    private String debugMsg;
-
-    public MissingEntryException(String message, String resource, String key, Locale locale, ClassLoader loader) 
-    {
-        super(message);
-        this.resource = resource;
-        this.key = key;
-        this.locale = locale;
-        this.loader = loader;
-    }
-    
-    public MissingEntryException(String message, Throwable cause, String resource, String key, Locale locale, ClassLoader loader) 
-    {
-        super(message, cause);
-        this.resource = resource;
-        this.key = key;
-        this.locale = locale;
-        this.loader = loader;
-    }
-
-    public String getKey()
-    {
-        return key;
-    }
-
-    public String getResource()
-    {
-        return resource;
-    }
-    
-    public ClassLoader getClassLoader()
-    {
-        return loader;
-    }
-    
-    public Locale getLocale()
-    {
-        return locale;
-    }
-
-    public String getDebugMsg()
-    {
-        if (debugMsg == null)
-        {
-            debugMsg = "Can not find entry " + key + " in resource file " + resource + " for the locale " + locale + ".";
-            if (loader instanceof URLClassLoader)
-            {
-                URL[] urls = ((URLClassLoader) loader).getURLs();
-                debugMsg += " The following entries in the classpath were searched: ";
-                for (int i = 0; i != urls.length; i++)
-                {
-                    debugMsg += urls[i] + " ";
-                }
-            }
-        }
-        return debugMsg;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/TextBundle.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/TextBundle.java
deleted file mode 100644
index d77e84173..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/TextBundle.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package org.bouncycastle.i18n;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Locale;
-import java.util.TimeZone;
-
-public class TextBundle extends LocalizedMessage 
-{
-
-    /**
-     * text entry key
-     */
-    public static final String TEXT_ENTRY = "text";
-    
-    /**
-     * Constructs a new TextBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @throws NullPointerException if resource or id is null
-     */
-    public TextBundle(String resource, String id) throws NullPointerException 
-    {
-        super(resource, id);
-    }
-    
-    /**
-     * Constructs a new TextBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public TextBundle(String resource, String id, String encoding) throws NullPointerException, UnsupportedEncodingException 
-    {
-        super(resource, id, encoding);
-    }
-
-    /**
-     * Constructs a new TextBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     */
-    public TextBundle(String resource, String id, Object[] arguments) throws NullPointerException 
-    {
-        super(resource, id, arguments);
-    }
-    
-    /**
-     * Constructs a new TextBundle using resource as the base name for the 
-     * RessourceBundle and id as the message bundle id the resource file. 
-     * @param resource base name of the resource file 
-     * @param id the id of the corresponding bundle in the resource file
-     * @param encoding the encoding of the resource file
-     * @param arguments an array containing the arguments for the message
-     * @throws NullPointerException if resource or id is null
-     * @throws UnsupportedEncodingException if the encoding is not supported
-     */
-    public TextBundle(String resource, String id, String encoding, Object[] arguments) throws NullPointerException, UnsupportedEncodingException 
-    {
-        super(resource, id, encoding, arguments);
-    }
-    
-    /**
-     * Returns the text message in the given locale and timezone.
-     * @param loc the {@link Locale}
-     * @param timezone the {@link TimeZone}
-     * @return the text message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getText(Locale loc, TimeZone timezone) throws MissingEntryException
-    {
-        return getEntry(TEXT_ENTRY,loc,timezone);
-    }
-    
-    /**
-     * Returns the text message in the given locale and the defaut timezone.
-     * @param loc the {@link Locale}
-     * @return the text message.
-     * @throws MissingEntryException if the message is not available
-     */
-    public String getText(Locale loc) throws MissingEntryException
-    {
-        return getEntry(TEXT_ENTRY,loc,TimeZone.getDefault());
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/Filter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/Filter.java
deleted file mode 100644
index fc86aaa47..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/Filter.java
+++ /dev/null
@@ -1,21 +0,0 @@
-
-package org.bouncycastle.i18n.filter;
-
-public interface Filter
-{
-
-    /**
-     * Runs the filter on the input String and returns the filtered String
-     * @param input input String
-     * @return filtered String
-     */
-    public String doFilter(String input);
-    
-    /**
-     * Runs the filter on the input url and returns the filtered String
-     * @param input input url String
-     * @return filtered String
-     */
-    public String doFilterUrl(String input);
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java
deleted file mode 100644
index b9904bc70..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java
+++ /dev/null
@@ -1,68 +0,0 @@
-
-package org.bouncycastle.i18n.filter;
-
-/**
- * HTML Filter
- */
-public class HTMLFilter implements Filter 
-{
-
-    public String doFilter(String input) 
-    {
-        StringBuffer buf = new StringBuffer(input);
-        int i = 0;
-        while (i < buf.length()) 
-        {
-            char ch = buf.charAt(i);
-            switch (ch)
-            {
-            case '<':
-                buf.replace(i,i+1,"<");
-                break;
-            case '>':
-                buf.replace(i,i+1,">");
-                break;
-            case '(':
-                buf.replace(i,i+1,"(");
-                break;
-            case ')':
-                buf.replace(i,i+1,")");
-                break;
-            case '#':
-                buf.replace(i,i+1,"#");
-                break;
-            case '&':
-                buf.replace(i,i+1,"&");
-                break;
-            case '\"':
-                buf.replace(i,i+1,""");
-                break;
-            case '\'':
-                buf.replace(i,i+1,"'");
-                break;
-            case '%':
-                buf.replace(i,i+1,"%");
-                break;
-            case ';':
-                buf.replace(i,i+1,";");
-                break;
-            case '+':
-                buf.replace(i,i+1,"+");
-                break;
-            case '-':
-                buf.replace(i,i+1,"-");
-                break;
-            default:
-                i -= 3;
-            }
-            i += 4;
-        }
-        return buf.toString();
-    }
-    
-    public String doFilterUrl(String input)
-    {
-        return doFilter(input);
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java
deleted file mode 100644
index d55610b60..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java
+++ /dev/null
@@ -1,69 +0,0 @@
-
-package org.bouncycastle.i18n.filter;
-
-/**
- * Filter for strings to store in a SQL table.
- * 
- * escapes ' " = - / \ ; \r \n
- */
-public class SQLFilter implements Filter
-{
-
-    public String doFilter(String input) 
-    {
-        StringBuffer buf = new StringBuffer(input);
-        int i = 0;
-        while (i < buf.length()) 
-        {
-            char ch = buf.charAt(i);
-            switch (ch) 
-            {
-            case '\'':
-                buf.replace(i,i+1,"\\\'");
-                i += 1;
-                break;
-            case '\"':
-                buf.replace(i,i+1,"\\\"");
-                i += 1;
-                break;
-            case '=':
-                buf.replace(i,i+1,"\\=");
-                i += 1;
-                break;
-            case '-':
-                buf.replace(i,i+1,"\\-");
-                i += 1;
-                break;
-            case '/':
-                buf.replace(i,i+1,"\\/");
-                i += 1;
-                break;
-            case '\\':
-                buf.replace(i,i+1,"\\\\");
-                i += 1;
-                break;
-            case ';':
-                buf.replace(i,i+1,"\\;");
-                i += 1;
-                break;
-            case '\r':
-                buf.replace(i,i+1,"\\r");
-                i += 1;
-                break;
-            case '\n':
-                buf.replace(i,i+1,"\\n");
-                i += 1;
-                break;
-            default:
-            }
-            i++;
-        }
-        return buf.toString();
-    }
-    
-    public String doFilterUrl(String input)
-    {
-        return doFilter(input);
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/TrustedInput.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/TrustedInput.java
deleted file mode 100644
index 0feeeea70..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/TrustedInput.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.i18n.filter;
-
-public class TrustedInput
-{
-
-    protected Object input;
-    
-    public TrustedInput(Object input)
-    {
-        this.input = input; 
-    }
-    
-    public Object getInput()
-    {
-        return input;
-    }
-    
-    public String toString()
-    {
-        return input.toString();
-    }
-    
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java
deleted file mode 100644
index cc69ac499..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java
+++ /dev/null
@@ -1,44 +0,0 @@
-
-package org.bouncycastle.i18n.filter;
-
-/**
- * Wrapper class to mark untrusted input.
- */
-public class UntrustedInput 
-{
-
-    protected Object input;
-
-    /**
-     * Construct a new UntrustedInput instance.
-     * @param input the untrusted input Object
-     */
-    public UntrustedInput(Object input) 
-    {
-        this.input = input;
-    }
-
-    /**
-     * Returns the untrusted input as Object.
-     * @return the input as Object
-     */
-    public Object getInput() 
-    {
-        return input;
-    }
-
-    /**
-     * Returns the untrusted input convertet to a String.
-     * @return the input as String
-     */
-    public String getString() 
-    {
-        return input.toString();
-    }
-    
-    public String toString()
-    {
-        return input.toString();
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedUrlInput.java b/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedUrlInput.java
deleted file mode 100644
index 98ee1e72d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/i18n/filter/UntrustedUrlInput.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.i18n.filter;
-
-/**
- * 
- * Wrapper class to mark an untrusted Url
- */
-public class UntrustedUrlInput extends UntrustedInput
-{
-    public UntrustedUrlInput(Object url)
-    {
-        super(url);
-    }
-    
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java
deleted file mode 100644
index cd223862b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package org.bouncycastle.jcajce;
-
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.KeyFactory;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper;
-
-public class DefaultJcaJceHelper
-    implements JcaJceHelper
-{
-    public Cipher createCipher(
-        String algorithm)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        return Cipher.getInstance(algorithm);
-    }
-
-    public Mac createMac(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return Mac.getInstance(algorithm);
-    }
-
-    public KeyAgreement createKeyAgreement(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyAgreement.getInstance(algorithm);
-    }
-
-    public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return AlgorithmParameterGenerator.getInstance(algorithm);
-    }
-
-    public AlgorithmParameters createAlgorithmParameters(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return AlgorithmParameters.getInstance(algorithm);
-    }
-
-    public KeyGenerator createKeyGenerator(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyGenerator.getInstance(algorithm);
-    }
-
-    public KeyFactory createKeyFactory(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyFactory.getInstance(algorithm);
-    }
-
-    public KeyPairGenerator createKeyPairGenerator(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyPairGenerator.getInstance(algorithm);
-    }
-
-    public MessageDigest createDigest(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return MessageDigest.getInstance(algorithm);
-    }
-
-    public Signature createSignature(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return Signature.getInstance(algorithm);
-    }
-
-    public CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, CertificateException
-    {
-        return CertificateFactory.getInstance(algorithm);
-    }
-
-    public AsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey)
-    {
-        return new JceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey);
-    }
-
-    public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey)
-    {
-        return new JceSymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java
deleted file mode 100644
index c8ab05053..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java
+++ /dev/null
@@ -1,65 +0,0 @@
-package org.bouncycastle.jcajce;
-
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.KeyFactory;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-
-public interface JcaJceHelper
-{
-    Cipher createCipher(
-        String algorithm)
-        throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException;
-
-    Mac createMac(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    KeyAgreement createKeyAgreement(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    AlgorithmParameters createAlgorithmParameters(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    KeyGenerator createKeyGenerator(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    KeyFactory createKeyFactory(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    KeyPairGenerator createKeyPairGenerator(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    MessageDigest createDigest(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    Signature createSignature(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException;
-
-    CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CertificateException;
-
-    AsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey);
-
-    SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java
deleted file mode 100644
index 2bb933b63..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package org.bouncycastle.jcajce;
-
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.KeyFactory;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper;
-
-public class NamedJcaJceHelper
-    implements JcaJceHelper
-{
-    private final String providerName;
-
-    public NamedJcaJceHelper(String providerName)
-    {
-        this.providerName = providerName;
-    }
-
-    public Cipher createCipher(
-        String algorithm)
-        throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException
-    {
-        return Cipher.getInstance(algorithm, providerName);
-    }
-
-    public Mac createMac(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return Mac.getInstance(algorithm, providerName);
-    }
-
-    public KeyAgreement createKeyAgreement(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return KeyAgreement.getInstance(algorithm, providerName);
-    }
-
-    public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return AlgorithmParameterGenerator.getInstance(algorithm, providerName);
-    }
-
-    public AlgorithmParameters createAlgorithmParameters(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return AlgorithmParameters.getInstance(algorithm, providerName);
-    }
-
-    public KeyGenerator createKeyGenerator(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return KeyGenerator.getInstance(algorithm, providerName);
-    }
-
-    public KeyFactory createKeyFactory(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return KeyFactory.getInstance(algorithm, providerName);
-    }
-
-    public KeyPairGenerator createKeyPairGenerator(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return KeyPairGenerator.getInstance(algorithm, providerName);
-    }
-
-    public MessageDigest createDigest(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return MessageDigest.getInstance(algorithm, providerName);
-    }
-
-    public Signature createSignature(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        return Signature.getInstance(algorithm, providerName);
-    }
-
-    public CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException
-    {
-        return CertificateFactory.getInstance(algorithm, providerName);
-    }
-
-    public AsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey)
-    {
-        return new JceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(providerName);
-    }
-
-    public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey)
-    {
-        return new JceSymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(providerName);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java
deleted file mode 100644
index 5eb01d39c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package org.bouncycastle.jcajce;
-
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.KeyFactory;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.Signature;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper;
-
-public class ProviderJcaJceHelper
-    implements JcaJceHelper
-{
-    private final Provider provider;
-
-    public ProviderJcaJceHelper(Provider provider)
-    {
-        this.provider = provider;
-    }
-
-    public Cipher createCipher(
-        String algorithm)
-        throws NoSuchAlgorithmException, NoSuchPaddingException
-    {
-        return Cipher.getInstance(algorithm, provider);
-    }
-
-    public Mac createMac(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return Mac.getInstance(algorithm, provider);
-    }
-
-    public KeyAgreement createKeyAgreement(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyAgreement.getInstance(algorithm, provider);
-    }
-
-    public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return AlgorithmParameterGenerator.getInstance(algorithm, provider);
-    }
-
-    public AlgorithmParameters createAlgorithmParameters(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return AlgorithmParameters.getInstance(algorithm, provider);
-    }
-
-    public KeyGenerator createKeyGenerator(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyGenerator.getInstance(algorithm, provider);
-    }
-
-    public KeyFactory createKeyFactory(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyFactory.getInstance(algorithm, provider);
-    }
-
-    public KeyPairGenerator createKeyPairGenerator(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return KeyPairGenerator.getInstance(algorithm, provider);
-    }
-
-    public MessageDigest createDigest(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return MessageDigest.getInstance(algorithm, provider);
-    }
-
-    public Signature createSignature(String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return Signature.getInstance(algorithm, provider);
-    }
-
-    public CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, CertificateException
-    {
-        return CertificateFactory.getInstance(algorithm, provider);
-    }
-
-    public AsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey)
-    {
-        return new JceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(provider);
-    }
-
-    public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey)
-    {
-        return new JceSymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(provider);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java
deleted file mode 100644
index 235bfe571..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.bouncycastle.jcajce.io;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.crypto.Mac;
-
-public class MacOutputStream
-    extends OutputStream
-{
-    protected Mac mac;
-
-    public MacOutputStream(
-        Mac          mac)
-    {
-        this.mac = mac;
-    }
-
-    public void write(int b)
-        throws IOException
-    {
-        mac.update((byte)b);
-    }
-
-    public void write(
-        byte[] b,
-        int off,
-        int len)
-        throws IOException
-    {
-        mac.update(b, off, len);
-    }
-
-    public byte[] getMac()
-    {
-        return mac.doFinal();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java
deleted file mode 100644
index e82245500..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-
-/**
- * a table of locally supported named curves.
- */
-public class ECGOST3410NamedCurveTable
-{
-    /**
-     * return a parameter spec representing the passed in named
-     * curve. The routine returns null if the curve is not present.
-     * 
-     * @param name the name of the curve requested
-     * @return a parameter spec for the curve, null if it is not available.
-     */
-    public static ECNamedCurveParameterSpec getParameterSpec(
-        String  name)
-    {
-        ECDomainParameters  ecP = ECGOST3410NamedCurves.getByName(name);
-        if (ecP == null)
-        {
-            try
-            {
-                ecP = ECGOST3410NamedCurves.getByOID(new DERObjectIdentifier(name));
-            }
-            catch (IllegalArgumentException e)
-            {
-                return null; // not an oid.
-            }
-        }
-        
-        if (ecP == null)
-        {
-            return null;
-        }
-
-        return new ECNamedCurveParameterSpec(
-                                        name,
-                                        ecP.getCurve(),
-                                        ecP.getG(),
-                                        ecP.getN(),
-                                        ecP.getH(),
-                                        ecP.getSeed());
-    }
-
-    /**
-     * return an enumeration of the names of the available curves.
-     *
-     * @return an enumeration of the names of the available curves.
-     */
-    public static Enumeration getNames()
-    {
-        return ECGOST3410NamedCurves.getNames();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECKeyUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECKeyUtil.java
deleted file mode 100644
index fa65edb87..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECKeyUtil.java
+++ /dev/null
@@ -1,230 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.io.UnsupportedEncodingException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X962Parameters;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.provider.ProviderUtil;
-import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
-
-/**
- * Utility class to allow conversion of EC key parameters to explicit from named
- * curves and back (where possible).
- */
-public class ECKeyUtil
-{
-    /**
-     * Convert a passed in public EC key to have explicit parameters. If the key
-     * is already using explicit parameters it is returned.
-     *
-     * @param key key to be converted
-     * @param providerName provider name to be used.
-     * @return the equivalent key with explicit curve parameters
-     * @throws IllegalArgumentException
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     */
-    public static PublicKey publicToExplicitParameters(PublicKey key, String providerName)
-        throws IllegalArgumentException, NoSuchAlgorithmException, NoSuchProviderException
-    {
-        Provider provider = Security.getProvider(providerName);
-
-        if (provider == null)
-        {
-            throw new NoSuchProviderException("cannot find provider: " + providerName);
-        }
-
-        return publicToExplicitParameters(key, provider);
-    }
-
-    /**
-     * Convert a passed in public EC key to have explicit parameters. If the key
-     * is already using explicit parameters it is returned.
-     *
-     * @param key key to be converted
-     * @param provider provider to be used.
-     * @return the equivalent key with explicit curve parameters
-     * @throws IllegalArgumentException
-     * @throws NoSuchAlgorithmException
-     */
-    public static PublicKey publicToExplicitParameters(PublicKey key, Provider provider)
-        throws IllegalArgumentException, NoSuchAlgorithmException
-    {
-        try
-        {
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(key.getEncoded()));
-
-            if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-            {
-                throw new IllegalArgumentException("cannot convert GOST key to explicit parameters.");
-            }
-            else
-            {
-                X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
-                X9ECParameters curveParams;
-
-                if (params.isNamedCurve())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-
-                    curveParams = ECUtil.getNamedCurveByOid(oid);
-                    // ignore seed value due to JDK bug
-                    curveParams = new X9ECParameters(curveParams.getCurve(), curveParams.getG(), curveParams.getN(), curveParams.getH());
-                }
-                else if (params.isImplicitlyCA())
-                {
-                    curveParams = new X9ECParameters(ProviderUtil.getEcImplicitlyCa().getCurve(), ProviderUtil.getEcImplicitlyCa().getG(), ProviderUtil.getEcImplicitlyCa().getN(), ProviderUtil.getEcImplicitlyCa().getH());
-                }
-                else
-                {
-                    return key;   // already explicit
-                }
-
-                params = new X962Parameters(curveParams);
-
-                info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), info.getPublicKeyData().getBytes());
-
-                KeyFactory keyFact = KeyFactory.getInstance(key.getAlgorithm(), provider);
-
-                return keyFact.generatePublic(new X509EncodedKeySpec(info.getEncoded()));
-            }
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw e;
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw e;
-        }
-        catch (Exception e)
-        {               // shouldn't really happen...
-            throw new UnexpectedException(e);
-        }
-    }
-
-    /**
-     * Convert a passed in private EC key to have explicit parameters. If the key
-     * is already using explicit parameters it is returned.
-     *
-     * @param key key to be converted
-     * @param providerName provider name to be used.
-     * @return the equivalent key with explicit curve parameters
-     * @throws IllegalArgumentException
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     */
-    public static PrivateKey privateToExplicitParameters(PrivateKey key, String providerName)
-        throws IllegalArgumentException, NoSuchAlgorithmException, NoSuchProviderException
-    {
-        Provider provider = Security.getProvider(providerName);
-
-        if (provider == null)
-        {
-            throw new NoSuchProviderException("cannot find provider: " + providerName);
-        }
-
-        return privateToExplicitParameters(key, provider);
-    }
-
-    /**
-     * Convert a passed in private EC key to have explicit parameters. If the key
-     * is already using explicit parameters it is returned.
-     *
-     * @param key key to be converted
-     * @param provider provider to be used.
-     * @return the equivalent key with explicit curve parameters
-     * @throws IllegalArgumentException
-     * @throws NoSuchAlgorithmException
-     */
-    public static PrivateKey privateToExplicitParameters(PrivateKey key, Provider provider)
-        throws IllegalArgumentException, NoSuchAlgorithmException
-    {
-        try
-        {
-            PrivateKeyInfo info = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(key.getEncoded()));
-
-            if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-            {
-                throw new UnsupportedEncodingException("cannot convert GOST key to explicit parameters.");
-            }
-            else
-            {
-                X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
-                X9ECParameters curveParams;
-
-                if (params.isNamedCurve())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-
-                    curveParams = ECUtil.getNamedCurveByOid(oid);
-                    // ignore seed value due to JDK bug
-                    curveParams = new X9ECParameters(curveParams.getCurve(), curveParams.getG(), curveParams.getN(), curveParams.getH());
-                }
-                else if (params.isImplicitlyCA())
-                {
-                    curveParams = new X9ECParameters(ProviderUtil.getEcImplicitlyCa().getCurve(), ProviderUtil.getEcImplicitlyCa().getG(), ProviderUtil.getEcImplicitlyCa().getN(), ProviderUtil.getEcImplicitlyCa().getH());
-                }
-                else
-                {
-                    return key;   // already explicit
-                }
-
-                params = new X962Parameters(curveParams);
-
-                info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), info.getPrivateKey());
-
-                KeyFactory keyFact = KeyFactory.getInstance(key.getAlgorithm(), provider);
-
-                return keyFact.generatePrivate(new PKCS8EncodedKeySpec(info.getEncoded()));
-            }
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw e;
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw e;
-        }
-        catch (Exception e)
-        {          // shouldn't really happen
-            throw new UnexpectedException(e);
-        }
-    }
-
-    private static class UnexpectedException
-        extends RuntimeException
-    {
-        private Throwable cause;
-
-        UnexpectedException(Throwable cause)
-        {
-            super(cause.toString());
-
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
deleted file mode 100644
index 02affeaf5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package org.bouncycastle.jce;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-import org.bouncycastle.asn1.x9.X962NamedCurves;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-
-import java.util.Enumeration;
-import java.util.Vector;
-
-/**
- * a table of locally supported named curves.
- */
-public class ECNamedCurveTable
-{
-    /**
-     * return a parameter spec representing the passed in named
-     * curve. The routine returns null if the curve is not present.
-     * 
-     * @param name the name of the curve requested
-     * @return a parameter spec for the curve, null if it is not available.
-     */
-    public static ECNamedCurveParameterSpec getParameterSpec(
-        String  name)
-    {
-        X9ECParameters  ecP = X962NamedCurves.getByName(name);
-        if (ecP == null)
-        {
-            try
-            {
-                ecP = X962NamedCurves.getByOID(new DERObjectIdentifier(name));
-            }
-            catch (IllegalArgumentException e)
-            {
-                // ignore - not an oid
-            }
-        }
-        
-        if (ecP == null)
-        {
-            ecP = SECNamedCurves.getByName(name);
-            if (ecP == null)
-            {
-                try
-                {
-                    ecP = SECNamedCurves.getByOID(new DERObjectIdentifier(name));
-                }
-                catch (IllegalArgumentException e)
-                {
-                    // ignore - not an oid
-                }
-            }
-        }
-
-        if (ecP == null)
-        {
-            ecP = TeleTrusTNamedCurves.getByName(name);
-            if (ecP == null)
-            {
-                try
-                {
-                    ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
-                }
-                catch (IllegalArgumentException e)
-                {
-                    // ignore - not an oid
-                }
-            }
-        }
-
-        if (ecP == null)
-        {
-            ecP = NISTNamedCurves.getByName(name);
-        }
-        
-        if (ecP == null)
-        {
-            return null;
-        }
-
-        return new ECNamedCurveParameterSpec(
-                                        name,
-                                        ecP.getCurve(),
-                                        ecP.getG(),
-                                        ecP.getN(),
-                                        ecP.getH(),
-                                        ecP.getSeed());
-    }
-
-    /**
-     * return an enumeration of the names of the available curves.
-     *
-     * @return an enumeration of the names of the available curves.
-     */
-    public static Enumeration getNames()
-    {
-        Vector v = new Vector();
-        
-        addEnumeration(v, X962NamedCurves.getNames());
-        addEnumeration(v, SECNamedCurves.getNames());
-        addEnumeration(v, NISTNamedCurves.getNames());
-        addEnumeration(v, TeleTrusTNamedCurves.getNames());
-
-        return v.elements();
-    }
-
-    private static void addEnumeration(
-        Vector v, 
-        Enumeration e)
-    {
-        while (e.hasMoreElements())
-        {
-            v.addElement(e.nextElement());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java
deleted file mode 100644
index 2ffa031a3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.security.cert.CertStoreParameters;
-import java.util.Collection;
-
-public class MultiCertStoreParameters
-    implements CertStoreParameters
-{
-    private Collection certStores;
-    private boolean searchAllStores;
-
-    /**
-     * Create a parameters object which specifies searching of all the passed in stores.
-     *
-     * @param certStores CertStores making up the multi CertStore
-     */
-    public MultiCertStoreParameters(Collection certStores)
-    {
-        this(certStores, true);
-    }
-
-    /**
-     * Create a parameters object which can be to used to make a multi store made up
-     * of the passed in CertStores. If the searchAllStores parameter is false, any search on
-     * the multi-store will terminate as soon as a search query produces a result.
-     * 
-     * @param certStores CertStores making up the multi CertStore
-     * @param searchAllStores true if all CertStores should be searched on request, false if a result
-     * should be returned on the first successful CertStore query.
-     */
-    public MultiCertStoreParameters(Collection certStores, boolean searchAllStores)
-    {
-        this.certStores = certStores;
-        this.searchAllStores = searchAllStores;
-    }
-
-    public Collection getCertStores()
-    {
-        return certStores;
-    }
-
-    public boolean getSearchAllStores()
-    {
-        return searchAllStores;
-    }
-
-    public Object clone()
-    {
-        return this;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
deleted file mode 100644
index d037b113b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
+++ /dev/null
@@ -1,634 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PSSParameterSpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.CertificationRequest;
-import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.Strings;
-
-/**
- * A class for verifying and creating PKCS10 Certification requests. 
- * 
    - * CertificationRequest ::= SEQUENCE {
- *   certificationRequestInfo  CertificationRequestInfo,
- *   signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
- *   signature                 BIT STRING
- * }
- *
- * CertificationRequestInfo ::= SEQUENCE {
- *   version             INTEGER { v1(0) } (v1,...),
- *   subject             Name,
- *   subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- *   attributes          [0] Attributes{{ CRIAttributes }}
- *  }
- *
- *  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
- *
- *  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
- *    type    ATTRIBUTE.&id({IOSet}),
- *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- *  }
- * 
    
- */
-public class PKCS10CertificationRequest
-    extends CertificationRequest
-{
-    private static Hashtable            algorithms = new Hashtable();
-    private static Hashtable            params = new Hashtable();
-    private static Hashtable            keyAlgorithms = new Hashtable();
-    private static Hashtable            oids = new Hashtable();
-    private static Set                  noParams = new HashSet();
-
-    static
-    {
-        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
-        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
-        algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-        algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-        algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-        algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
-        algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-        algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
-        algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
-        algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
-        algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
-        algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-        algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-        algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-
-        //
-        // reverse mappings
-        //
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-        
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
-        oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
-        oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
-        
-        //
-        // key types
-        //
-        keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
-        keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA");
-        
-        //
-        // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
-        // The parameters field SHALL be NULL for RSA based signature algorithms.
-        //
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
-        noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-
-        //
-        // RFC 4491
-        //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        //
-        // explicit params
-        //
-        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
-        params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
-
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
-        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
-        params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
-
-        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull());
-        params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48));
-
-        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull());
-        params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
-    }
-
-    private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize)
-    {
-        return new RSASSAPSSparams(
-            hashAlgId,
-            new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
-            new DERInteger(saltSize),
-            new DERInteger(1));
-    }
-
-    private static ASN1Sequence toDERSequence(
-        byte[]  bytes)
-    {
-        try
-        {
-            ASN1InputStream         dIn = new ASN1InputStream(bytes);
-
-            return (ASN1Sequence)dIn.readObject();
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("badly encoded request");
-        }
-    }
-
-    /**
-     * construct a PKCS10 certification request from a DER encoded
-     * byte stream.
-     */
-    public PKCS10CertificationRequest(
-        byte[]  bytes)
-    {
-        super(toDERSequence(bytes));
-    }
-
-    public PKCS10CertificationRequest(
-        ASN1Sequence  sequence)
-    {
-        super(sequence);
-    }
-
-    /**
-     * create a PKCS10 certfication request using the BC provider.
-     */
-    public PKCS10CertificationRequest(
-        String              signatureAlgorithm,
-        X509Name            subject,
-        PublicKey           key,
-        ASN1Set             attributes,
-        PrivateKey          signingKey)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        this(signatureAlgorithm, subject, key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
-    }
-
-    private static X509Name convertName(
-        X500Principal    name)
-    {
-        try
-        {
-            return new X509Principal(name.getEncoded());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't convert name");
-        }
-    }
-    
-    /**
-     * create a PKCS10 certfication request using the BC provider.
-     */
-    public PKCS10CertificationRequest(
-        String              signatureAlgorithm,
-        X500Principal       subject,
-        PublicKey           key,
-        ASN1Set             attributes,
-        PrivateKey          signingKey)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
-    }
-    
-    /**
-     * create a PKCS10 certfication request using the named provider.
-     */
-    public PKCS10CertificationRequest(
-        String              signatureAlgorithm,
-        X500Principal       subject,
-        PublicKey           key,
-        ASN1Set             attributes,
-        PrivateKey          signingKey,
-        String              provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider);
-    }
-    
-    /**
-     * create a PKCS10 certfication request using the named provider.
-     */
-    public PKCS10CertificationRequest(
-        String              signatureAlgorithm,
-        X509Name            subject,
-        PublicKey           key,
-        ASN1Set             attributes,
-        PrivateKey          signingKey,
-        String              provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        String algorithmName = Strings.toUpperCase(signatureAlgorithm);
-        DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(algorithmName);
-
-        if (sigOID == null)
-        {
-            try
-            {
-                sigOID = new DERObjectIdentifier(algorithmName);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("Unknown signature type requested");
-            }
-        }
-
-        if (subject == null)
-        {
-            throw new IllegalArgumentException("subject must not be null");
-        }
-
-        if (key == null)
-        {
-            throw new IllegalArgumentException("public key must not be null");
-        }
-
-        if (noParams.contains(sigOID))
-        {
-            this.sigAlgId = new AlgorithmIdentifier(sigOID);
-        }
-        else if (params.containsKey(algorithmName))
-        {
-            this.sigAlgId = new AlgorithmIdentifier(sigOID, (DEREncodable)params.get(algorithmName));
-        }
-        else
-        {
-            this.sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE);
-        }
-
-        try
-        {
-            ASN1Sequence seq = (ASN1Sequence)ASN1Object.fromByteArray(key.getEncoded());
-            this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo(seq), attributes);
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't encode public key");
-        }
-
-        Signature sig;
-        if (provider == null)
-        {
-            sig = Signature.getInstance(signatureAlgorithm);
-        }
-        else
-        {
-            sig = Signature.getInstance(signatureAlgorithm, provider);
-        }
-
-        sig.initSign(signingKey);
-
-        try
-        {
-            sig.update(reqInfo.getEncoded(ASN1Encodable.DER));
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("exception encoding TBS cert request - " + e);
-        }
-
-        this.sigBits = new DERBitString(sig.sign());
-    }
-
-    /**
-     * return the public key associated with the certification request -
-     * the public key is created using the BC provider.
-     */
-    public PublicKey getPublicKey()
-        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
-    {
-        return getPublicKey(BouncyCastleProvider.PROVIDER_NAME);
-    }
-
-    public PublicKey getPublicKey(
-        String  provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException
-    {
-        SubjectPublicKeyInfo    subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
-        X509EncodedKeySpec      xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
-        AlgorithmIdentifier     keyAlg = subjectPKInfo.getAlgorithmId();
-        
-        try
-        {
-            try
-            {
-                if (provider == null)
-                {
-                    return KeyFactory.getInstance(keyAlg.getObjectId().getId()).generatePublic(xspec);
-                }
-                else
-                {
-                    return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec);
-                }
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                //
-                // try an alternate
-                //
-                if (keyAlgorithms.get(keyAlg.getObjectId()) != null)
-                {
-                    String  keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId());
-                    
-                    if (provider == null)
-                    {
-                        return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec);
-                    }
-                    else
-                    {
-                        return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec);
-                    }
-                }
-                
-                throw e;
-            }
-        }
-        catch (InvalidKeySpecException e)
-        {
-            throw new InvalidKeyException("error decoding public key");
-        }
-    }
-
-    /**
-     * verify the request using the BC provider.
-     */
-    public boolean verify()
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        return verify(BouncyCastleProvider.PROVIDER_NAME);
-    }
-
-    /**
-     * verify the request using the passed in provider.
-     */
-    public boolean verify(
-        String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        return verify(this.getPublicKey(provider), provider);
-    }
-
-    /**
-     * verify the request using the passed in public key and the provider..
-     */
-    public boolean verify(
-        PublicKey pubKey,
-        String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException,
-                InvalidKeyException, SignatureException
-    {
-        Signature   sig;
-
-        try
-        {
-            if (provider == null)
-            {
-                sig = Signature.getInstance(getSignatureName(sigAlgId));
-            }
-            else
-            {
-                sig = Signature.getInstance(getSignatureName(sigAlgId), provider);
-            }
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            //
-            // try an alternate
-            //
-            if (oids.get(sigAlgId.getObjectId()) != null)
-            {
-                String  signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId());
-
-                if (provider == null)
-                {
-                    sig = Signature.getInstance(signatureAlgorithm);
-                }
-                else
-                {
-                    sig = Signature.getInstance(signatureAlgorithm, provider);
-                }
-            }
-            else
-            {
-                throw e;
-            }
-        }
-
-        setSignatureParameters(sig, sigAlgId.getParameters());
-        
-        sig.initVerify(pubKey);
-
-        try
-        {
-            sig.update(reqInfo.getEncoded(ASN1Encodable.DER));
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException("exception encoding TBS cert request - " + e);
-        }
-
-        return sig.verify(sigBits.getBytes());
-    }
-
-    /**
-     * return a DER encoded byte array representing this object
-     */
-    public byte[] getEncoded()
-    {
-        try
-        {
-            return this.getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException(e.toString());
-        }
-    }
-
-    private void setSignatureParameters(
-        Signature signature,
-        DEREncodable params)
-        throws NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        if (params != null && !DERNull.INSTANCE.equals(params))
-        {
-            AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider());
-
-            try
-            {
-                sigParams.init(params.getDERObject().getDEREncoded());
-            }
-            catch (IOException e)
-            {
-                throw new SignatureException("IOException decoding parameters: " + e.getMessage());
-            }
-
-            if (signature.getAlgorithm().endsWith("MGF1"))
-            {
-                try
-                {
-                    signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class));
-                }
-                catch (GeneralSecurityException e)
-                {
-                    throw new SignatureException("Exception extracting parameters: " + e.getMessage());
-                }
-            }
-        }
-    }
-
-    static String getSignatureName(
-        AlgorithmIdentifier sigAlgId)
-    {
-        DEREncodable params = sigAlgId.getParameters();
-
-        if (params != null && !DERNull.INSTANCE.equals(params))
-        {
-            if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            {
-                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-                return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
-            }
-        }
-
-        return sigAlgId.getObjectId().getId();
-    }
-
-    private static String getDigestAlgName(
-        DERObjectIdentifier digestAlgOID)
-    {
-        if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
-        {
-            return "MD5";
-        }
-        else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID))
-        {
-            return "SHA1";
-        }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
-        else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
-        {
-            return "SHA256";
-        }
-        else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID))
-        {
-            return "SHA384";
-        }
-        else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID))
-        {
-            return "SHA512";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
-        else
-        {
-            return digestAlgOID.getId();            
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS12Util.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS12Util.java
deleted file mode 100644
index 253e4b7da..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PKCS12Util.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.pkcs.ContentInfo;
-import org.bouncycastle.asn1.pkcs.MacData;
-import org.bouncycastle.asn1.pkcs.Pfx;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DigestInfo;
-
-/**
- * Utility class for reencoding PKCS#12 files to definite length.
- */
-public class PKCS12Util
-{
-    /**
-     * Just re-encode the outer layer of the PKCS#12 file to definite length encoding.
-     *
-     * @param berPKCS12File - original PKCS#12 file
-     * @return a byte array representing the DER encoding of the PFX structure
-     * @throws IOException
-     */
-    public static byte[] convertToDefiniteLength(byte[] berPKCS12File)
-        throws IOException
-    {
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        DEROutputStream dOut = new DEROutputStream(bOut);
-
-        Pfx pfx = new Pfx(ASN1Sequence.getInstance(ASN1Object.fromByteArray(berPKCS12File)));
-
-        bOut.reset();
-
-        dOut.writeObject(pfx);
-
-        return bOut.toByteArray();
-    }
-
-    /**
-     * Re-encode the PKCS#12 structure to definite length encoding at the inner layer
-     * as well, recomputing the MAC accordingly.
-     *
-     * @param berPKCS12File - original PKCS12 file.
-     * @param provider - provider to use for MAC calculation.
-     * @return a byte array representing the DER encoding of the PFX structure.
-     * @throws IOException on parsing, encoding errors.
-     */
-    public static byte[] convertToDefiniteLength(byte[] berPKCS12File, char[] passwd, String provider)
-        throws IOException
-    {
-        Pfx pfx = new Pfx(ASN1Sequence.getInstance(ASN1Object.fromByteArray(berPKCS12File)));
-
-        ContentInfo info = pfx.getAuthSafe();
-
-        ASN1OctetString content = ASN1OctetString.getInstance(info.getContent());
-
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        DEROutputStream dOut = new DEROutputStream(bOut);
-
-        ASN1InputStream contentIn = new ASN1InputStream(content.getOctets());
-        DERObject obj = contentIn.readObject();
-
-        dOut.writeObject(obj);
-
-        info = new ContentInfo(info.getContentType(), new DEROctetString(bOut.toByteArray()));
-
-        MacData mData = pfx.getMacData();
-        try
-        {
-            int itCount = mData.getIterationCount().intValue();
-            byte[] data = ASN1OctetString.getInstance(info.getContent()).getOctets();
-            byte[] res = calculatePbeMac(mData.getMac().getAlgorithmId().getObjectId(), mData.getSalt(), itCount, passwd, data, provider);
-
-            AlgorithmIdentifier algId = new AlgorithmIdentifier(mData.getMac().getAlgorithmId().getObjectId(), new DERNull());
-            DigestInfo dInfo = new DigestInfo(algId, res);
-
-            mData = new MacData(dInfo, mData.getSalt(), itCount);
-        }
-        catch (Exception e)
-        {
-            throw new IOException("error constructing MAC: " + e.toString());
-        }
-        
-        pfx = new Pfx(info, mData);
-
-        bOut.reset();
-        
-        dOut.writeObject(pfx);
-        
-        return bOut.toByteArray();
-    }
-
-    private static byte[] calculatePbeMac(
-        DERObjectIdentifier oid,
-        byte[]              salt,
-        int                 itCount,
-        char[]              password,
-        byte[]              data,
-        String              provider)
-        throws Exception
-    {
-        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), provider);
-        PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
-        PBEKeySpec pbeSpec = new PBEKeySpec(password);
-        SecretKey key = keyFact.generateSecret(pbeSpec);
-
-        Mac mac = Mac.getInstance(oid.getId(), provider);
-        mac.init(key, defParams);
-        mac.update(data);
-
-        return mac.doFinal();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PrincipalUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PrincipalUtil.java
deleted file mode 100644
index 6ccf1e4ae..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/PrincipalUtil.java
+++ /dev/null
@@ -1,76 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.io.*;
-import java.security.cert.*;
-
-import org.bouncycastle.asn1.*;
-import org.bouncycastle.asn1.x509.*;
-
-/**
- * a utility class that will extract X509Principal objects from X.509 certificates.
- * 
    
- * Use this in preference to trying to recreate a principal from a String, not all
- * DNs are what they should be, so it's best to leave them encoded where they
- * can be.
- */
-public class PrincipalUtil
-{
-    /**
-     * return the issuer of the given cert as an X509PrincipalObject.
-     */
-    public static X509Principal getIssuerX509Principal(
-        X509Certificate cert)
-        throws CertificateEncodingException
-    {
-        try
-        {
-            TBSCertificateStructure tbsCert = TBSCertificateStructure.getInstance(
-                    ASN1Object.fromByteArray(cert.getTBSCertificate()));
-
-            return new X509Principal(tbsCert.getIssuer());
-        }
-        catch (IOException e)
-        {
-            throw new CertificateEncodingException(e.toString());
-        }
-    }
-
-    /**
-     * return the subject of the given cert as an X509PrincipalObject.
-     */
-    public static X509Principal getSubjectX509Principal(
-        X509Certificate cert)
-        throws CertificateEncodingException
-    {
-        try
-        {
-            TBSCertificateStructure tbsCert = TBSCertificateStructure.getInstance(
-                    ASN1Object.fromByteArray(cert.getTBSCertificate()));
-            return new X509Principal(tbsCert.getSubject());
-        }
-        catch (IOException e)
-        {
-            throw new CertificateEncodingException(e.toString());
-        }
-    }
-    
-    /**
-     * return the issuer of the given CRL as an X509PrincipalObject.
-     */
-    public static X509Principal getIssuerX509Principal(
-        X509CRL crl)
-        throws CRLException
-    {
-        try
-        {
-            TBSCertList tbsCertList = TBSCertList.getInstance(
-                ASN1Object.fromByteArray(crl.getTBSCertList()));
-
-            return new X509Principal(tbsCertList.getIssuer());
-        }
-        catch (IOException e)
-        {
-            throw new CRLException(e.toString());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ProviderConfigurationPermission.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ProviderConfigurationPermission.java
deleted file mode 100644
index dba4db012..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/ProviderConfigurationPermission.java
+++ /dev/null
@@ -1,133 +0,0 @@
-package org.bouncycastle.jce;
-
-import org.bouncycastle.util.Strings;
-
-import java.security.BasicPermission;
-import java.security.Permission;
-import java.util.StringTokenizer;
-
-/**
- * A permission class to define what can be done with the ConfigurableProvider interface.
- * 
    
- * Available permissions are "threadLocalEcImplicitlyCa" and "ecImplicitlyCa" which allow the setting
- * of the thread local and global ecImplicitlyCa parameters respectively.
- * 
    
- * 
    
- * Examples:
- * 
      
- * 
    • ProviderConfigurationPermission("BC"); // enable all permissions
      • 
- * 
    • ProviderConfigurationPermission("BC", "threadLocalEcImplicitlyCa"); // enable thread local only
      • 
- * 
    • ProviderConfigurationPermission("BC", "ecImplicitlyCa"); // enable global setting only
      • 
- * 
    • ProviderConfigurationPermission("BC", "threadLocalEcImplicitlyCa, ecImplicitlyCa"); // enable both explicitly
      • 
- * 
    
- * 
    
- * Note: permission checks are only enforced if a security manager is present.
- * 
    
- */
-public class ProviderConfigurationPermission
-    extends BasicPermission
-{
-    private static final int  THREAD_LOCAL_EC_IMPLICITLY_CA = 0x01;
-
-    private static final int  EC_IMPLICITLY_CA = 0x02;
-    private static final int  ALL = THREAD_LOCAL_EC_IMPLICITLY_CA | EC_IMPLICITLY_CA;
-
-    private static final String THREAD_LOCAL_EC_IMPLICITLY_CA_STR = "threadlocalecimplicitlyca";
-    private static final String EC_IMPLICITLY_CA_STR = "ecimplicitlyca";
-    private static final String ALL_STR = "all";
-
-    private final String actions;
-    private final int permissionMask;
-
-    public ProviderConfigurationPermission(String name)
-    {
-        super(name);
-        this.actions = "all";
-        this.permissionMask = ALL;
-    }
-
-    public ProviderConfigurationPermission(String name, String actions)
-    {
-        super(name, actions);
-        this.actions = actions;
-        this.permissionMask = calculateMask(actions);
-    }
-
-    private int calculateMask(
-        String actions)
-    {
-        StringTokenizer tok = new StringTokenizer(Strings.toLowerCase(actions), " ,");
-        int             mask = 0;
-
-        while (tok.hasMoreTokens())
-        {
-            String s = tok.nextToken();
-
-            if (s.equals(THREAD_LOCAL_EC_IMPLICITLY_CA_STR))
-            {
-                mask |= THREAD_LOCAL_EC_IMPLICITLY_CA;
-            }
-            else if (s.equals(EC_IMPLICITLY_CA_STR))
-            {
-                mask |= EC_IMPLICITLY_CA;
-            }
-            else if (s.equals(ALL_STR))
-            {
-                mask |= ALL;
-            }
-        }
-
-        if (mask == 0)
-        {
-            throw new IllegalArgumentException("unknown permissions passed to mask");
-        }
-        
-        return mask;
-    }
-
-    public String getActions()
-    {
-        return actions;
-    }
-
-    public boolean implies(
-        Permission permission)
-    {
-        if (!(permission instanceof ProviderConfigurationPermission))
-        {
-            return false;
-        }
-
-        if (!this.getName().equals(permission.getName()))
-        {
-            return false;
-        }
-        
-        ProviderConfigurationPermission other = (ProviderConfigurationPermission)permission;
-        
-        return (this.permissionMask & other.permissionMask) == other.permissionMask;
-    }
-
-    public boolean equals(
-        Object obj)
-    {
-        if (obj == this)
-        {
-            return true;
-        }
-
-        if (obj instanceof ProviderConfigurationPermission)
-        {
-            ProviderConfigurationPermission other = (ProviderConfigurationPermission)obj;
-
-            return this.permissionMask == other.permissionMask && this.getName().equals(other.getName());
-        }
-
-        return false;
-    }
-
-    public int hashCode()
-    {
-        return this.getName().hashCode() + this.permissionMask;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509KeyUsage.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509KeyUsage.java
deleted file mode 100644
index 2024b6594..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509KeyUsage.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.jce;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.x509.KeyUsage;
-
-/**
- * A holding class for constructing an X509 Key Usage extension.
- *
- * 
    - *    id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
- *
- *    KeyUsage ::= BIT STRING {
- *         digitalSignature        (0),
- *         nonRepudiation          (1),
- *         keyEncipherment         (2),
- *         dataEncipherment        (3),
- *         keyAgreement            (4),
- *         keyCertSign             (5),
- *         cRLSign                 (6),
- *         encipherOnly            (7),
- *         decipherOnly            (8) }
- * 
    
- */
-public class X509KeyUsage
-    extends ASN1Encodable
-{
-    public static final int        digitalSignature = 1 << 7; 
-    public static final int        nonRepudiation   = 1 << 6;
-    public static final int        keyEncipherment  = 1 << 5;
-    public static final int        dataEncipherment = 1 << 4;
-    public static final int        keyAgreement     = 1 << 3;
-    public static final int        keyCertSign      = 1 << 2;
-    public static final int        cRLSign          = 1 << 1;
-    public static final int        encipherOnly     = 1 << 0;
-    public static final int        decipherOnly     = 1 << 15;
-
-    private int usage = 0;
-
-    /**
-     * Basic constructor.
-     * 
-     * @param usage - the bitwise OR of the Key Usage flags giving the
-     * allowed uses for the key.
-     * e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment)
-     */
-    public X509KeyUsage(
-        int usage)
-    {
-        this.usage = usage;
-    }
-
-    public DERObject toASN1Object()
-    {
-        return new KeyUsage(usage);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java
deleted file mode 100644
index 80532fac4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java
+++ /dev/null
@@ -1,1258 +0,0 @@
-package org.bouncycastle.jce;
-
-import org.bouncycastle.x509.X509StoreParameters;
-
-import java.security.cert.CertStoreParameters;
-import java.security.cert.LDAPCertStoreParameters;
-
-/**
- * An expanded set of parameters for an LDAPCertStore
- */
-public class X509LDAPCertStoreParameters
-    implements X509StoreParameters, CertStoreParameters
-{
-
-    private String ldapURL;
-
-    private String baseDN;
-
-    // LDAP attributes, where data is stored
-
-    private String userCertificateAttribute;
-
-    private String cACertificateAttribute;
-
-    private String crossCertificateAttribute;
-
-    private String certificateRevocationListAttribute;
-
-    private String deltaRevocationListAttribute;
-
-    private String authorityRevocationListAttribute;
-
-    private String attributeCertificateAttributeAttribute;
-
-    private String aACertificateAttribute;
-
-    private String attributeDescriptorCertificateAttribute;
-
-    private String attributeCertificateRevocationListAttribute;
-
-    private String attributeAuthorityRevocationListAttribute;
-
-    // LDAP attributes with which data can be found
-
-    private String ldapUserCertificateAttributeName;
-
-    private String ldapCACertificateAttributeName;
-
-    private String ldapCrossCertificateAttributeName;
-
-    private String ldapCertificateRevocationListAttributeName;
-
-    private String ldapDeltaRevocationListAttributeName;
-
-    private String ldapAuthorityRevocationListAttributeName;
-
-    private String ldapAttributeCertificateAttributeAttributeName;
-
-    private String ldapAACertificateAttributeName;
-
-    private String ldapAttributeDescriptorCertificateAttributeName;
-
-    private String ldapAttributeCertificateRevocationListAttributeName;
-
-    private String ldapAttributeAuthorityRevocationListAttributeName;
-
-    // certificates and CRLs subject or issuer DN attributes, which must be
-    // matched against ldap attribute names
-
-    private String userCertificateSubjectAttributeName;
-
-    private String cACertificateSubjectAttributeName;
-
-    private String crossCertificateSubjectAttributeName;
-
-    private String certificateRevocationListIssuerAttributeName;
-
-    private String deltaRevocationListIssuerAttributeName;
-
-    private String authorityRevocationListIssuerAttributeName;
-
-    private String attributeCertificateAttributeSubjectAttributeName;
-
-    private String aACertificateSubjectAttributeName;
-
-    private String attributeDescriptorCertificateSubjectAttributeName;
-
-    private String attributeCertificateRevocationListIssuerAttributeName;
-
-    private String attributeAuthorityRevocationListIssuerAttributeName;
-
-    private String searchForSerialNumberIn;
-
-    public static class Builder
-    {
-        private String ldapURL;
-
-        private String baseDN;
-
-        // LDAP attributes, where data is stored
-
-        private String userCertificateAttribute;
-
-        private String cACertificateAttribute;
-
-        private String crossCertificateAttribute;
-
-        private String certificateRevocationListAttribute;
-
-        private String deltaRevocationListAttribute;
-
-        private String authorityRevocationListAttribute;
-
-        private String attributeCertificateAttributeAttribute;
-
-        private String aACertificateAttribute;
-
-        private String attributeDescriptorCertificateAttribute;
-
-        private String attributeCertificateRevocationListAttribute;
-
-        private String attributeAuthorityRevocationListAttribute;
-
-        // LDAP attributes with which data can be found
-
-        private String ldapUserCertificateAttributeName;
-
-        private String ldapCACertificateAttributeName;
-
-        private String ldapCrossCertificateAttributeName;
-
-        private String ldapCertificateRevocationListAttributeName;
-
-        private String ldapDeltaRevocationListAttributeName;
-
-        private String ldapAuthorityRevocationListAttributeName;
-
-        private String ldapAttributeCertificateAttributeAttributeName;
-
-        private String ldapAACertificateAttributeName;
-
-        private String ldapAttributeDescriptorCertificateAttributeName;
-
-        private String ldapAttributeCertificateRevocationListAttributeName;
-
-        private String ldapAttributeAuthorityRevocationListAttributeName;
-
-        // certificates and CRLs subject or issuer DN attributes, which must be
-        // matched against ldap attribute names
-
-        private String userCertificateSubjectAttributeName;
-
-        private String cACertificateSubjectAttributeName;
-
-        private String crossCertificateSubjectAttributeName;
-
-        private String certificateRevocationListIssuerAttributeName;
-
-        private String deltaRevocationListIssuerAttributeName;
-
-        private String authorityRevocationListIssuerAttributeName;
-
-        private String attributeCertificateAttributeSubjectAttributeName;
-
-        private String aACertificateSubjectAttributeName;
-
-        private String attributeDescriptorCertificateSubjectAttributeName;
-
-        private String attributeCertificateRevocationListIssuerAttributeName;
-
-        private String attributeAuthorityRevocationListIssuerAttributeName;
-
-        private String searchForSerialNumberIn;
-
-        public Builder()
-        {
-            this("ldap://localhost:389", "");
-        }
-
-        public Builder(String ldapURL, String baseDN)
-        {
-            this.ldapURL = ldapURL;
-            if (baseDN == null)
-            {
-                this.baseDN = "";
-            }
-            else
-            {
-                this.baseDN = baseDN;
-            }
-
-            this.userCertificateAttribute = "userCertificate";
-            this.cACertificateAttribute = "cACertificate";
-            this.crossCertificateAttribute = "crossCertificatePair";
-            this.certificateRevocationListAttribute = "certificateRevocationList";
-            this.deltaRevocationListAttribute = "deltaRevocationList";
-            this.authorityRevocationListAttribute = "authorityRevocationList";
-            this.attributeCertificateAttributeAttribute = "attributeCertificateAttribute";
-            this.aACertificateAttribute = "aACertificate";
-            this.attributeDescriptorCertificateAttribute = "attributeDescriptorCertificate";
-            this.attributeCertificateRevocationListAttribute = "attributeCertificateRevocationList";
-            this.attributeAuthorityRevocationListAttribute = "attributeAuthorityRevocationList";
-            this.ldapUserCertificateAttributeName = "cn";
-            this.ldapCACertificateAttributeName = "cn ou o";
-            this.ldapCrossCertificateAttributeName = "cn ou o";
-            this.ldapCertificateRevocationListAttributeName = "cn ou o";
-            this.ldapDeltaRevocationListAttributeName = "cn ou o";
-            this.ldapAuthorityRevocationListAttributeName = "cn ou o";
-            this.ldapAttributeCertificateAttributeAttributeName = "cn";
-            this.ldapAACertificateAttributeName = "cn o ou";
-            this.ldapAttributeDescriptorCertificateAttributeName = "cn o ou";
-            this.ldapAttributeCertificateRevocationListAttributeName = "cn o ou";
-            this.ldapAttributeAuthorityRevocationListAttributeName = "cn o ou";
-            this.userCertificateSubjectAttributeName = "cn";
-            this.cACertificateSubjectAttributeName = "o ou";
-            this.crossCertificateSubjectAttributeName = "o ou";
-            this.certificateRevocationListIssuerAttributeName = "o ou";
-            this.deltaRevocationListIssuerAttributeName = "o ou";
-            this.authorityRevocationListIssuerAttributeName = "o ou";
-            this.attributeCertificateAttributeSubjectAttributeName = "cn";
-            this.aACertificateSubjectAttributeName = "o ou";
-            this.attributeDescriptorCertificateSubjectAttributeName = "o ou";
-            this.attributeCertificateRevocationListIssuerAttributeName = "o ou";
-            this.attributeAuthorityRevocationListIssuerAttributeName = "o ou";
-            this.searchForSerialNumberIn = "uid serialNumber cn";
-        }
-
-        /**
-         * @param userCertificateAttribute       Attribute name(s) in the LDAP directory where end certificates
-         *                                       are stored. Separated by space. Defaults to "userCertificate"
-         *                                       if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setUserCertificateAttribute(String userCertificateAttribute)
-        {
-            this.userCertificateAttribute = userCertificateAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param cACertificateAttribute         Attribute name(s) in the LDAP directory where CA certificates
-         *                                       are stored. Separated by space. Defaults to "cACertificate" if
-         *                                       null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setCACertificateAttribute(String cACertificateAttribute)
-        {
-            this.cACertificateAttribute = cACertificateAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param crossCertificateAttribute      Attribute name(s), where the cross certificates are stored.
-         *                                       Separated by space. Defaults to "crossCertificatePair" if
-         *                                       null
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setCrossCertificateAttribute(String crossCertificateAttribute)
-        {
-            this.crossCertificateAttribute = crossCertificateAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param certificateRevocationListAttribute
-         *                                       Attribute name(s) in the LDAP directory where CRLs are stored.
-         *                                       Separated by space. Defaults to "certificateRevocationList" if
-         *                                       null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setCertificateRevocationListAttribute(String certificateRevocationListAttribute)
-        {
-            this.certificateRevocationListAttribute = certificateRevocationListAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param deltaRevocationListAttribute   Attribute name(s) in the LDAP directory where delta RLs are
-         *                                       stored. Separated by space. Defaults to "deltaRevocationList"
-         *                                       if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setDeltaRevocationListAttribute(String deltaRevocationListAttribute)
-        {
-            this.deltaRevocationListAttribute = deltaRevocationListAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param authorityRevocationListAttribute
-         *                                       Attribute name(s) in the LDAP directory where CRLs for
-         *                                       authorities are stored. Separated by space. Defaults to
-         *                                       "authorityRevocationList" if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAuthorityRevocationListAttribute(String authorityRevocationListAttribute)
-        {
-            this.authorityRevocationListAttribute = authorityRevocationListAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param attributeCertificateAttributeAttribute
-         *                                       Attribute name(s) in the LDAP directory where end attribute
-         *                                       certificates are stored. Separated by space. Defaults to
-         *                                       "attributeCertificateAttribute" if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeCertificateAttributeAttribute(String attributeCertificateAttributeAttribute)
-        {
-            this.attributeCertificateAttributeAttribute = attributeCertificateAttributeAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param aACertificateAttribute         Attribute name(s) in the LDAP directory where attribute
-         *                                       certificates for attribute authorities are stored. Separated
-         *                                       by space. Defaults to "aACertificate" if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAACertificateAttribute(String aACertificateAttribute)
-        {
-            this.aACertificateAttribute = aACertificateAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param attributeDescriptorCertificateAttribute
-         *                                       Attribute name(s) in the LDAP directory where self signed
-         *                                       attribute certificates for attribute authorities are stored.
-         *                                       Separated by space. Defaults to
-         *                                       "attributeDescriptorCertificate" if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeDescriptorCertificateAttribute(String attributeDescriptorCertificateAttribute)
-        {
-            this.attributeDescriptorCertificateAttribute = attributeDescriptorCertificateAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param attributeCertificateRevocationListAttribute
-         *                                       Attribute name(s) in the LDAP directory where CRLs for
-         *                                       attribute certificates are stored. Separated by space.
-         *                                       Defaults to "attributeCertificateRevocationList" if
-         *                                       null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeCertificateRevocationListAttribute(String attributeCertificateRevocationListAttribute)
-        {
-            this.attributeCertificateRevocationListAttribute = attributeCertificateRevocationListAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param attributeAuthorityRevocationListAttribute
-         *                                       Attribute name(s) in the LDAP directory where RLs for
-         *                                       attribute authority attribute certificates are stored.
-         *                                       Separated by space. Defaults to
-         *                                       "attributeAuthorityRevocationList" if null.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeAuthorityRevocationListAttribute(String attributeAuthorityRevocationListAttribute)
-        {
-            this.attributeAuthorityRevocationListAttribute = attributeAuthorityRevocationListAttribute;
-
-            return this;
-        }
-
-        /**
-         * @param ldapUserCertificateAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search
-         *                                       for the attribute value of the specified
-         *                                       userCertificateSubjectAttributeName. E.g. if
-         *                                       "cn" is used to put information about the subject for end
-         *                                       certificates, then specify "cn".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapUserCertificateAttributeName(String ldapUserCertificateAttributeName)
-        {
-            this.ldapUserCertificateAttributeName = ldapUserCertificateAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapCACertificateAttributeName The attribute name(s) in the LDAP directory where to search
-         *                                       for the attribute value of the specified
-         *                                       cACertificateSubjectAttributeName. E.g. if
-         *                                       "ou" is used to put information about the subject for CA
-         *                                       certificates, then specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapCACertificateAttributeName(String ldapCACertificateAttributeName)
-        {
-            this.ldapCACertificateAttributeName = ldapCACertificateAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapCrossCertificateAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       crossCertificateSubjectAttributeName. E.g. if
-         *                                       "o" is used to put information about the subject for cross
-         *                                       certificates, then specify "o".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapCrossCertificateAttributeName(String ldapCrossCertificateAttributeName)
-        {
-            this.ldapCrossCertificateAttributeName = ldapCrossCertificateAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapCertificateRevocationListAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       certificateRevocationListIssuerAttributeName.
-         *                                       E.g. if "ou" is used to put information about the issuer of
-         *                                       CRLs, specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapCertificateRevocationListAttributeName(String ldapCertificateRevocationListAttributeName)
-        {
-            this.ldapCertificateRevocationListAttributeName = ldapCertificateRevocationListAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapDeltaRevocationListAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       deltaRevocationListIssuerAttributeName. E.g.
-         *                                       if "ou" is used to put information about the issuer of CRLs,
-         *                                       specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapDeltaRevocationListAttributeName(String ldapDeltaRevocationListAttributeName)
-        {
-            this.ldapDeltaRevocationListAttributeName = ldapDeltaRevocationListAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapAuthorityRevocationListAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       authorityRevocationListIssuerAttributeName.
-         *                                       E.g. if "ou" is used to put information about the issuer of
-         *                                       CRLs, specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapAuthorityRevocationListAttributeName(String ldapAuthorityRevocationListAttributeName)
-        {
-            this.ldapAuthorityRevocationListAttributeName = ldapAuthorityRevocationListAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapAttributeCertificateAttributeAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       attributeCertificateAttributeSubjectAttributeName.
-         *                                       E.g. if "cn" is used to put information about the subject of
-         *                                       end attribute certificates, specify "cn".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapAttributeCertificateAttributeAttributeName(String ldapAttributeCertificateAttributeAttributeName)
-        {
-            this.ldapAttributeCertificateAttributeAttributeName = ldapAttributeCertificateAttributeAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapAACertificateAttributeName The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       aACertificateSubjectAttributeName. E.g. if
-         *                                       "ou" is used to put information about the subject of attribute
-         *                                       authority attribute certificates, specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapAACertificateAttributeName(String ldapAACertificateAttributeName)
-        {
-            this.ldapAACertificateAttributeName = ldapAACertificateAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapAttributeDescriptorCertificateAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       attributeDescriptorCertificateSubjectAttributeName.
-         *                                       E.g. if "o" is used to put information about the subject of
-         *                                       self signed attribute authority attribute certificates,
-         *                                       specify "o".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapAttributeDescriptorCertificateAttributeName(String ldapAttributeDescriptorCertificateAttributeName)
-        {
-            this.ldapAttributeDescriptorCertificateAttributeName = ldapAttributeDescriptorCertificateAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapAttributeCertificateRevocationListAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       attributeCertificateRevocationListIssuerAttributeName.
-         *                                       E.g. if "ou" is used to put information about the issuer of
-         *                                       CRLs, specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapAttributeCertificateRevocationListAttributeName(String ldapAttributeCertificateRevocationListAttributeName)
-        {
-            this.ldapAttributeCertificateRevocationListAttributeName = ldapAttributeCertificateRevocationListAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param ldapAttributeAuthorityRevocationListAttributeName
-         *                                       The attribute name(s) in the LDAP directory where to search for
-         *                                       the attribute value of the specified
-         *                                       attributeAuthorityRevocationListIssuerAttributeName.
-         *                                       E.g. if "ou" is used to put information about the issuer of
-         *                                       CRLs, specify "ou".
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setLdapAttributeAuthorityRevocationListAttributeName(String ldapAttributeAuthorityRevocationListAttributeName)
-        {
-            this.ldapAttributeAuthorityRevocationListAttributeName = ldapAttributeAuthorityRevocationListAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param userCertificateSubjectAttributeName
-         *                                       Attribute(s) in the subject of the certificate which is used
-         *                                       to be searched in the
-         *                                       ldapUserCertificateAttributeName. E.g. the
-         *                                       "cn" attribute of the DN could be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setUserCertificateSubjectAttributeName(String userCertificateSubjectAttributeName)
-        {
-            this.userCertificateSubjectAttributeName = userCertificateSubjectAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param cACertificateSubjectAttributeName
-         *                                       Attribute(s) in the subject of the certificate which is used
-         *                                       to be searched in the
-         *                                       ldapCACertificateAttributeName. E.g. the "ou"
-         *                                       attribute of the DN could be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setCACertificateSubjectAttributeName(String cACertificateSubjectAttributeName)
-        {
-            this.cACertificateSubjectAttributeName = cACertificateSubjectAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param crossCertificateSubjectAttributeName
-         *                                       Attribute(s) in the subject of the cross certificate which is
-         *                                       used to be searched in the
-         *                                       ldapCrossCertificateAttributeName. E.g. the
-         *                                       "o" attribute of the DN may be appropriate.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setCrossCertificateSubjectAttributeName(String crossCertificateSubjectAttributeName)
-        {
-            this.crossCertificateSubjectAttributeName = crossCertificateSubjectAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param certificateRevocationListIssuerAttributeName
-         *                                       Attribute(s) in the issuer of the CRL which is used to be
-         *                                       searched in the
-         *                                       ldapCertificateRevocationListAttributeName.
-         *                                       E.g. the "o" or "ou" attribute may be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setCertificateRevocationListIssuerAttributeName(String certificateRevocationListIssuerAttributeName)
-        {
-            this.certificateRevocationListIssuerAttributeName = certificateRevocationListIssuerAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param deltaRevocationListIssuerAttributeName
-         *                                       Attribute(s) in the issuer of the CRL which is used to be
-         *                                       searched in the
-         *                                       ldapDeltaRevocationListAttributeName. E.g. the
-         *                                       "o" or "ou" attribute may be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setDeltaRevocationListIssuerAttributeName(String deltaRevocationListIssuerAttributeName)
-        {
-            this.deltaRevocationListIssuerAttributeName = deltaRevocationListIssuerAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param authorityRevocationListIssuerAttributeName
-         *                                       Attribute(s) in the issuer of the CRL which is used to be
-         *                                       searched in the
-         *                                       ldapAuthorityRevocationListAttributeName. E.g.
-         *                                       the "o" or "ou" attribute may be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAuthorityRevocationListIssuerAttributeName(String authorityRevocationListIssuerAttributeName)
-        {
-            this.authorityRevocationListIssuerAttributeName = authorityRevocationListIssuerAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param attributeCertificateAttributeSubjectAttributeName
-         *                                       Attribute(s) in the subject of the attribute certificate which
-         *                                       is used to be searched in the
-         *                                       ldapAttributeCertificateAttributeAttributeName.
-         *                                       E.g. the "cn" attribute of the DN could be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeCertificateAttributeSubjectAttributeName(String attributeCertificateAttributeSubjectAttributeName)
-        {
-            this.attributeCertificateAttributeSubjectAttributeName = attributeCertificateAttributeSubjectAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param aACertificateSubjectAttributeName
-         *                                       Attribute(s) in the subject of the attribute certificate which
-         *                                       is used to be searched in the
-         *                                       ldapAACertificateAttributeName. E.g. the "ou"
-         *                                       attribute of the DN could be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAACertificateSubjectAttributeName(String aACertificateSubjectAttributeName)
-        {
-            this.aACertificateSubjectAttributeName = aACertificateSubjectAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param attributeDescriptorCertificateSubjectAttributeName
-         *                                       Attribute(s) in the subject of the attribute certificate which
-         *                                       is used to be searched in the
-         *                                       ldapAttributeDescriptorCertificateAttributeName.
-         *                                       E.g. the "o" attribute of the DN could be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeDescriptorCertificateSubjectAttributeName(String attributeDescriptorCertificateSubjectAttributeName)
-        {
-            this.attributeDescriptorCertificateSubjectAttributeName = attributeDescriptorCertificateSubjectAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param attributeCertificateRevocationListIssuerAttributeName
-         *                                       Attribute(s) in the issuer of the CRL which is used to be
-         *                                       searched in the
-         *                                       ldapAttributeCertificateRevocationListAttributeName.
-         *                                       E.g. the "o" or "ou" attribute may be used
-         *                                       certificate is searched in this LDAP attribute.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeCertificateRevocationListIssuerAttributeName(String attributeCertificateRevocationListIssuerAttributeName)
-        {
-            this.attributeCertificateRevocationListIssuerAttributeName = attributeCertificateRevocationListIssuerAttributeName;
-
-            return this;
-        }
-
-        /**
-         * @param attributeAuthorityRevocationListIssuerAttributeName
-         *                                       Anttribute(s) in the issuer of the CRL which is used to be
-         *                                       searched in the
-         *                                       ldapAttributeAuthorityRevocationListAttributeName.
-         *                                       E.g. the "o" or "ou" attribute may be used.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setAttributeAuthorityRevocationListIssuerAttributeName(String attributeAuthorityRevocationListIssuerAttributeName)
-        {
-            this.attributeAuthorityRevocationListIssuerAttributeName = attributeAuthorityRevocationListIssuerAttributeName;
-
-            return this;
-        }
-
-        /**
-         *
-         * @param searchForSerialNumberIn        If not null the serial number of the
-         *                                       certificate is searched in this LDAP attribute.
-         * @throws IllegalArgumentException if a necessary parameter is null.
-         * @return the builder
-         */
-        public Builder setSearchForSerialNumberIn(String searchForSerialNumberIn)
-        {
-            this.searchForSerialNumberIn = searchForSerialNumberIn;
-
-            return this;
-        }
-
-        public X509LDAPCertStoreParameters build()
-        {
-             if (ldapUserCertificateAttributeName == null   // migrate to setters
-                || ldapCACertificateAttributeName == null
-                || ldapCrossCertificateAttributeName == null
-                || ldapCertificateRevocationListAttributeName == null
-                || ldapDeltaRevocationListAttributeName == null
-                || ldapAuthorityRevocationListAttributeName == null
-                || ldapAttributeCertificateAttributeAttributeName == null
-                || ldapAACertificateAttributeName == null
-                || ldapAttributeDescriptorCertificateAttributeName == null
-                || ldapAttributeCertificateRevocationListAttributeName == null
-                || ldapAttributeAuthorityRevocationListAttributeName == null
-                || userCertificateSubjectAttributeName == null
-                || cACertificateSubjectAttributeName == null
-                || crossCertificateSubjectAttributeName == null
-                || certificateRevocationListIssuerAttributeName == null
-                || deltaRevocationListIssuerAttributeName == null
-                || authorityRevocationListIssuerAttributeName == null
-                || attributeCertificateAttributeSubjectAttributeName == null
-                || aACertificateSubjectAttributeName == null
-                || attributeDescriptorCertificateSubjectAttributeName == null
-                || attributeCertificateRevocationListIssuerAttributeName == null
-                || attributeAuthorityRevocationListIssuerAttributeName == null)
-            {
-                throw new IllegalArgumentException(
-                    "Necessary parameters not specified.");
-            }
-            return new X509LDAPCertStoreParameters(this);
-        }
-    }
-
-
-    private X509LDAPCertStoreParameters(Builder builder)
-    {
-        this.ldapURL = builder.ldapURL;
-        this.baseDN = builder.baseDN;
-
-        this.userCertificateAttribute = builder.userCertificateAttribute;
-        this.cACertificateAttribute = builder.cACertificateAttribute;
-        this.crossCertificateAttribute = builder.crossCertificateAttribute;
-        this.certificateRevocationListAttribute = builder.certificateRevocationListAttribute;
-        this.deltaRevocationListAttribute = builder.deltaRevocationListAttribute;
-        this.authorityRevocationListAttribute = builder.authorityRevocationListAttribute;
-        this.attributeCertificateAttributeAttribute = builder.attributeCertificateAttributeAttribute;
-        this.aACertificateAttribute = builder.aACertificateAttribute;
-        this.attributeDescriptorCertificateAttribute = builder.attributeDescriptorCertificateAttribute;
-        this.attributeCertificateRevocationListAttribute = builder.attributeCertificateRevocationListAttribute;
-        this.attributeAuthorityRevocationListAttribute = builder.attributeAuthorityRevocationListAttribute;
-        this.ldapUserCertificateAttributeName = builder.ldapUserCertificateAttributeName;
-        this.ldapCACertificateAttributeName = builder.ldapCACertificateAttributeName;
-        this.ldapCrossCertificateAttributeName = builder.ldapCrossCertificateAttributeName;
-        this.ldapCertificateRevocationListAttributeName = builder.ldapCertificateRevocationListAttributeName;
-        this.ldapDeltaRevocationListAttributeName = builder.ldapDeltaRevocationListAttributeName;
-        this.ldapAuthorityRevocationListAttributeName = builder.ldapAuthorityRevocationListAttributeName;
-        this.ldapAttributeCertificateAttributeAttributeName = builder.ldapAttributeCertificateAttributeAttributeName;
-        this.ldapAACertificateAttributeName = builder.ldapAACertificateAttributeName;
-        this.ldapAttributeDescriptorCertificateAttributeName = builder.ldapAttributeDescriptorCertificateAttributeName;
-        this.ldapAttributeCertificateRevocationListAttributeName = builder.ldapAttributeCertificateRevocationListAttributeName;
-        this.ldapAttributeAuthorityRevocationListAttributeName = builder.ldapAttributeAuthorityRevocationListAttributeName;
-        this.userCertificateSubjectAttributeName = builder.userCertificateSubjectAttributeName;
-        this.cACertificateSubjectAttributeName = builder.cACertificateSubjectAttributeName;
-        this.crossCertificateSubjectAttributeName = builder.crossCertificateSubjectAttributeName;
-        this.certificateRevocationListIssuerAttributeName = builder.certificateRevocationListIssuerAttributeName;
-        this.deltaRevocationListIssuerAttributeName = builder.deltaRevocationListIssuerAttributeName;
-        this.authorityRevocationListIssuerAttributeName = builder.authorityRevocationListIssuerAttributeName;
-        this.attributeCertificateAttributeSubjectAttributeName = builder.attributeCertificateAttributeSubjectAttributeName;
-        this.aACertificateSubjectAttributeName = builder.aACertificateSubjectAttributeName;
-        this.attributeDescriptorCertificateSubjectAttributeName = builder.attributeDescriptorCertificateSubjectAttributeName;
-        this.attributeCertificateRevocationListIssuerAttributeName = builder.attributeCertificateRevocationListIssuerAttributeName;
-        this.attributeAuthorityRevocationListIssuerAttributeName = builder.attributeAuthorityRevocationListIssuerAttributeName;
-        this.searchForSerialNumberIn = builder.searchForSerialNumberIn;
-    }
-
-    /**
-     * Returns a clone of this object.
-     */
-    public Object clone()
-    {
-        return this;
-    }
-
-    public boolean equal(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof X509LDAPCertStoreParameters))
-        {
-            return false;
-        }
-
-        X509LDAPCertStoreParameters params = (X509LDAPCertStoreParameters)o;
-        return checkField(ldapURL, params.ldapURL)
-            && checkField(baseDN, params.baseDN)
-            && checkField(userCertificateAttribute, params.userCertificateAttribute)
-            && checkField(cACertificateAttribute, params.cACertificateAttribute)
-            && checkField(crossCertificateAttribute, params.crossCertificateAttribute)
-            && checkField(certificateRevocationListAttribute, params.certificateRevocationListAttribute)
-            && checkField(deltaRevocationListAttribute, params.deltaRevocationListAttribute)
-            && checkField(authorityRevocationListAttribute, params.authorityRevocationListAttribute)
-            && checkField(attributeCertificateAttributeAttribute, params.attributeCertificateAttributeAttribute)
-            && checkField(aACertificateAttribute, params.aACertificateAttribute)
-            && checkField(attributeDescriptorCertificateAttribute, params.attributeDescriptorCertificateAttribute)
-            && checkField(attributeCertificateRevocationListAttribute, params.attributeCertificateRevocationListAttribute)
-            && checkField(attributeAuthorityRevocationListAttribute, params.attributeAuthorityRevocationListAttribute)
-            && checkField(ldapUserCertificateAttributeName, params.ldapUserCertificateAttributeName)
-            && checkField(ldapCACertificateAttributeName, params.ldapCACertificateAttributeName)
-            && checkField(ldapCrossCertificateAttributeName, params.ldapCrossCertificateAttributeName)
-            && checkField(ldapCertificateRevocationListAttributeName, params.ldapCertificateRevocationListAttributeName)
-            && checkField(ldapDeltaRevocationListAttributeName, params.ldapDeltaRevocationListAttributeName)
-            && checkField(ldapAuthorityRevocationListAttributeName, params.ldapAuthorityRevocationListAttributeName)
-            && checkField(ldapAttributeCertificateAttributeAttributeName, params.ldapAttributeCertificateAttributeAttributeName)
-            && checkField(ldapAACertificateAttributeName, params.ldapAACertificateAttributeName)
-            && checkField(ldapAttributeDescriptorCertificateAttributeName, params.ldapAttributeDescriptorCertificateAttributeName)
-            && checkField(ldapAttributeCertificateRevocationListAttributeName, params.ldapAttributeCertificateRevocationListAttributeName)
-            && checkField(ldapAttributeAuthorityRevocationListAttributeName, params.ldapAttributeAuthorityRevocationListAttributeName)
-            && checkField(userCertificateSubjectAttributeName, params.userCertificateSubjectAttributeName)
-            && checkField(cACertificateSubjectAttributeName, params.cACertificateSubjectAttributeName)
-            && checkField(crossCertificateSubjectAttributeName, params.crossCertificateSubjectAttributeName)
-            && checkField(certificateRevocationListIssuerAttributeName, params.certificateRevocationListIssuerAttributeName)
-            && checkField(deltaRevocationListIssuerAttributeName, params.deltaRevocationListIssuerAttributeName)
-            && checkField(authorityRevocationListIssuerAttributeName, params.authorityRevocationListIssuerAttributeName)
-            && checkField(attributeCertificateAttributeSubjectAttributeName, params.attributeCertificateAttributeSubjectAttributeName)
-            && checkField(aACertificateSubjectAttributeName, params.aACertificateSubjectAttributeName)
-            && checkField(attributeDescriptorCertificateSubjectAttributeName, params.attributeDescriptorCertificateSubjectAttributeName)
-            && checkField(attributeCertificateRevocationListIssuerAttributeName, params.attributeCertificateRevocationListIssuerAttributeName)
-            && checkField(attributeAuthorityRevocationListIssuerAttributeName, params.attributeAuthorityRevocationListIssuerAttributeName)
-            && checkField(searchForSerialNumberIn, params.searchForSerialNumberIn);
-    }
-
-    private boolean checkField(Object o1, Object o2)
-    {
-        if (o1 == o2)
-        {
-            return true;
-        }
-
-        if (o1 == null)
-        {
-            return false;
-        }
-
-        return o1.equals(o2);
-    }
-
-    public int hashCode()
-    {
-        int hash = 0;
-
-        hash = addHashCode(hash, userCertificateAttribute);
-        hash = addHashCode(hash, cACertificateAttribute);
-        hash = addHashCode(hash, crossCertificateAttribute);
-        hash = addHashCode(hash, certificateRevocationListAttribute);
-        hash = addHashCode(hash, deltaRevocationListAttribute);
-        hash = addHashCode(hash, authorityRevocationListAttribute);
-        hash = addHashCode(hash, attributeCertificateAttributeAttribute);
-        hash = addHashCode(hash, aACertificateAttribute);
-        hash = addHashCode(hash, attributeDescriptorCertificateAttribute);
-        hash = addHashCode(hash, attributeCertificateRevocationListAttribute);
-        hash = addHashCode(hash, attributeAuthorityRevocationListAttribute);
-        hash = addHashCode(hash, ldapUserCertificateAttributeName);
-        hash = addHashCode(hash, ldapCACertificateAttributeName);
-        hash = addHashCode(hash, ldapCrossCertificateAttributeName);
-        hash = addHashCode(hash, ldapCertificateRevocationListAttributeName);
-        hash = addHashCode(hash, ldapDeltaRevocationListAttributeName);
-        hash = addHashCode(hash, ldapAuthorityRevocationListAttributeName);
-        hash = addHashCode(hash, ldapAttributeCertificateAttributeAttributeName);
-        hash = addHashCode(hash, ldapAACertificateAttributeName);
-        hash = addHashCode(hash, ldapAttributeDescriptorCertificateAttributeName);
-        hash = addHashCode(hash, ldapAttributeCertificateRevocationListAttributeName);
-        hash = addHashCode(hash, ldapAttributeAuthorityRevocationListAttributeName);
-        hash = addHashCode(hash, userCertificateSubjectAttributeName);
-        hash = addHashCode(hash, cACertificateSubjectAttributeName);
-        hash = addHashCode(hash, crossCertificateSubjectAttributeName);
-        hash = addHashCode(hash, certificateRevocationListIssuerAttributeName);
-        hash = addHashCode(hash, deltaRevocationListIssuerAttributeName);
-        hash = addHashCode(hash, authorityRevocationListIssuerAttributeName);
-        hash = addHashCode(hash, attributeCertificateAttributeSubjectAttributeName);
-        hash = addHashCode(hash, aACertificateSubjectAttributeName);
-        hash = addHashCode(hash, attributeDescriptorCertificateSubjectAttributeName);
-        hash = addHashCode(hash, attributeCertificateRevocationListIssuerAttributeName);
-        hash = addHashCode(hash, attributeAuthorityRevocationListIssuerAttributeName);
-        hash = addHashCode(hash, searchForSerialNumberIn);
-        
-        return hash;
-    }
-
-    private int addHashCode(int hashCode, Object o)
-    {
-        return (hashCode * 29) + (o == null ? 0 : o.hashCode());
-    }
-
-    /**
-     * @return Returns the aACertificateAttribute.
-     */
-    public String getAACertificateAttribute()
-    {
-        return aACertificateAttribute;
-    }
-
-    /**
-     * @return Returns the aACertificateSubjectAttributeName.
-     */
-    public String getAACertificateSubjectAttributeName()
-    {
-        return aACertificateSubjectAttributeName;
-    }
-
-    /**
-     * @return Returns the attributeAuthorityRevocationListAttribute.
-     */
-    public String getAttributeAuthorityRevocationListAttribute()
-    {
-        return attributeAuthorityRevocationListAttribute;
-    }
-
-    /**
-     * @return Returns the attributeAuthorityRevocationListIssuerAttributeName.
-     */
-    public String getAttributeAuthorityRevocationListIssuerAttributeName()
-    {
-        return attributeAuthorityRevocationListIssuerAttributeName;
-    }
-
-    /**
-     * @return Returns the attributeCertificateAttributeAttribute.
-     */
-    public String getAttributeCertificateAttributeAttribute()
-    {
-        return attributeCertificateAttributeAttribute;
-    }
-
-    /**
-     * @return Returns the attributeCertificateAttributeSubjectAttributeName.
-     */
-    public String getAttributeCertificateAttributeSubjectAttributeName()
-    {
-        return attributeCertificateAttributeSubjectAttributeName;
-    }
-
-    /**
-     * @return Returns the attributeCertificateRevocationListAttribute.
-     */
-    public String getAttributeCertificateRevocationListAttribute()
-    {
-        return attributeCertificateRevocationListAttribute;
-    }
-
-    /**
-     * @return Returns the
-     *         attributeCertificateRevocationListIssuerAttributeName.
-     */
-    public String getAttributeCertificateRevocationListIssuerAttributeName()
-    {
-        return attributeCertificateRevocationListIssuerAttributeName;
-    }
-
-    /**
-     * @return Returns the attributeDescriptorCertificateAttribute.
-     */
-    public String getAttributeDescriptorCertificateAttribute()
-    {
-        return attributeDescriptorCertificateAttribute;
-    }
-
-    /**
-     * @return Returns the attributeDescriptorCertificateSubjectAttributeName.
-     */
-    public String getAttributeDescriptorCertificateSubjectAttributeName()
-    {
-        return attributeDescriptorCertificateSubjectAttributeName;
-    }
-
-    /**
-     * @return Returns the authorityRevocationListAttribute.
-     */
-    public String getAuthorityRevocationListAttribute()
-    {
-        return authorityRevocationListAttribute;
-    }
-
-    /**
-     * @return Returns the authorityRevocationListIssuerAttributeName.
-     */
-    public String getAuthorityRevocationListIssuerAttributeName()
-    {
-        return authorityRevocationListIssuerAttributeName;
-    }
-
-    /**
-     * @return Returns the baseDN.
-     */
-    public String getBaseDN()
-    {
-        return baseDN;
-    }
-
-    /**
-     * @return Returns the cACertificateAttribute.
-     */
-    public String getCACertificateAttribute()
-    {
-        return cACertificateAttribute;
-    }
-
-    /**
-     * @return Returns the cACertificateSubjectAttributeName.
-     */
-    public String getCACertificateSubjectAttributeName()
-    {
-        return cACertificateSubjectAttributeName;
-    }
-
-    /**
-     * @return Returns the certificateRevocationListAttribute.
-     */
-    public String getCertificateRevocationListAttribute()
-    {
-        return certificateRevocationListAttribute;
-    }
-
-    /**
-     * @return Returns the certificateRevocationListIssuerAttributeName.
-     */
-    public String getCertificateRevocationListIssuerAttributeName()
-    {
-        return certificateRevocationListIssuerAttributeName;
-    }
-
-    /**
-     * @return Returns the crossCertificateAttribute.
-     */
-    public String getCrossCertificateAttribute()
-    {
-        return crossCertificateAttribute;
-    }
-
-    /**
-     * @return Returns the crossCertificateSubjectAttributeName.
-     */
-    public String getCrossCertificateSubjectAttributeName()
-    {
-        return crossCertificateSubjectAttributeName;
-    }
-
-    /**
-     * @return Returns the deltaRevocationListAttribute.
-     */
-    public String getDeltaRevocationListAttribute()
-    {
-        return deltaRevocationListAttribute;
-    }
-
-    /**
-     * @return Returns the deltaRevocationListIssuerAttributeName.
-     */
-    public String getDeltaRevocationListIssuerAttributeName()
-    {
-        return deltaRevocationListIssuerAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapAACertificateAttributeName.
-     */
-    public String getLdapAACertificateAttributeName()
-    {
-        return ldapAACertificateAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapAttributeAuthorityRevocationListAttributeName.
-     */
-    public String getLdapAttributeAuthorityRevocationListAttributeName()
-    {
-        return ldapAttributeAuthorityRevocationListAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapAttributeCertificateAttributeAttributeName.
-     */
-    public String getLdapAttributeCertificateAttributeAttributeName()
-    {
-        return ldapAttributeCertificateAttributeAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapAttributeCertificateRevocationListAttributeName.
-     */
-    public String getLdapAttributeCertificateRevocationListAttributeName()
-    {
-        return ldapAttributeCertificateRevocationListAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapAttributeDescriptorCertificateAttributeName.
-     */
-    public String getLdapAttributeDescriptorCertificateAttributeName()
-    {
-        return ldapAttributeDescriptorCertificateAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapAuthorityRevocationListAttributeName.
-     */
-    public String getLdapAuthorityRevocationListAttributeName()
-    {
-        return ldapAuthorityRevocationListAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapCACertificateAttributeName.
-     */
-    public String getLdapCACertificateAttributeName()
-    {
-        return ldapCACertificateAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapCertificateRevocationListAttributeName.
-     */
-    public String getLdapCertificateRevocationListAttributeName()
-    {
-        return ldapCertificateRevocationListAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapCrossCertificateAttributeName.
-     */
-    public String getLdapCrossCertificateAttributeName()
-    {
-        return ldapCrossCertificateAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapDeltaRevocationListAttributeName.
-     */
-    public String getLdapDeltaRevocationListAttributeName()
-    {
-        return ldapDeltaRevocationListAttributeName;
-    }
-
-    /**
-     * @return Returns the ldapURL.
-     */
-    public String getLdapURL()
-    {
-        return ldapURL;
-    }
-
-    /**
-     * @return Returns the ldapUserCertificateAttributeName.
-     */
-    public String getLdapUserCertificateAttributeName()
-    {
-        return ldapUserCertificateAttributeName;
-    }
-
-    /**
-     * @return Returns the searchForSerialNumberIn.
-     */
-    public String getSearchForSerialNumberIn()
-    {
-        return searchForSerialNumberIn;
-    }
-
-    /**
-     * @return Returns the userCertificateAttribute.
-     */
-    public String getUserCertificateAttribute()
-    {
-        return userCertificateAttribute;
-    }
-
-    /**
-     * @return Returns the userCertificateSubjectAttributeName.
-     */
-    public String getUserCertificateSubjectAttributeName()
-    {
-        return userCertificateSubjectAttributeName;
-    }
-
-    public static X509LDAPCertStoreParameters getInstance(LDAPCertStoreParameters params)
-    {
-        String server = "ldap://" + params.getServerName() + ":" + params.getPort();
-        X509LDAPCertStoreParameters _params = new Builder(server, "").build();
-        return _params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509Principal.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509Principal.java
deleted file mode 100644
index 9cc55386e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/X509Principal.java
+++ /dev/null
@@ -1,154 +0,0 @@
-package org.bouncycastle.jce;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.X509Name;
-
-/**
- * a general extension of X509Name with a couple of extra methods and
- * constructors.
- * 
    
- * Objects of this type can be created from certificates and CRLs using the
- * PrincipalUtil class.
- * 
    
- * @see org.bouncycastle.jce.PrincipalUtil
- */
-public class X509Principal
-    extends X509Name
-    implements Principal
-{
-    private static ASN1Sequence readSequence(
-        ASN1InputStream aIn)
-        throws IOException
-    {
-        try
-        {
-            return ASN1Sequence.getInstance(aIn.readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("not an ASN.1 Sequence: " + e);
-        }
-    }
-
-    /**
-     * Constructor from an encoded byte array.
-     */
-    public X509Principal(
-        byte[]  bytes)
-        throws IOException
-    {
-        super(readSequence(new ASN1InputStream(bytes)));
-    }
-
-    /**
-     * Constructor from an X509Name object.
-     */
-    public X509Principal(
-        X509Name  name)
-    {
-        super((ASN1Sequence)name.getDERObject());
-    }
-
-    /**
-     * constructor from a table of attributes.
-     * 
    
-     * it's is assumed the table contains OID/String pairs.
-     */
-    public X509Principal(
-        Hashtable  attributes)
-    {
-        super(attributes);
-    }
-
-    /**
-     * constructor from a table of attributes and a vector giving the
-     * specific ordering required for encoding or conversion to a string.
-     * 
    
-     * it's is assumed the table contains OID/String pairs.
-     */
-    public X509Principal(
-        Vector      ordering,
-        Hashtable   attributes)
-    {
-        super(ordering, attributes);
-    }
-
-    /**
-     * constructor from a vector of attribute values and a vector of OIDs.
-     */
-    public X509Principal(
-        Vector      oids,
-        Vector      values)
-    {
-        super(oids, values);
-    }
-
-    /**
-     * takes an X509 dir name as a string of the format "C=AU,ST=Victoria", or
-     * some such, converting it into an ordered set of name attributes.
-     */
-    public X509Principal(
-        String  dirName)
-    {
-        super(dirName);
-    }
-
-    /**
-     * Takes an X509 dir name as a string of the format "C=AU,ST=Victoria", or
-     * some such, converting it into an ordered set of name attributes. If reverse
-     * is false the dir name will be encoded in the order of the (name, value) pairs 
-     * presented, otherwise the encoding will start with the last (name, value) pair
-     * and work back.
-     */
-    public X509Principal(
-        boolean reverse,
-        String  dirName)
-    {
-        super(reverse, dirName);
-    }
-
-    /**
-     * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
-     * some such, converting it into an ordered set of name attributes. lookUp 
-     * should provide a table of lookups, indexed by lowercase only strings and
-     * yielding a DERObjectIdentifier, other than that OID. and numeric oids
-     * will be processed automatically.
-     * 
    
-     * If reverse is true, create the encoded version of the sequence starting
-     * from the last element in the string.
-     */
-    public X509Principal(
-        boolean     reverse,
-        Hashtable   lookUp,
-        String      dirName)
-    {
-        super(reverse, lookUp, dirName);
-    }
-
-    public String getName()
-    {
-        return this.toString();
-    }
-
-    /**
-     * return a DER encoded byte array representing this object
-     */
-    public byte[] getEncoded()
-    {
-        try
-        {
-            return this.getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException(e.toString());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java
deleted file mode 100644
index fe613df7e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java
+++ /dev/null
@@ -1,379 +0,0 @@
-package org.bouncycastle.jce.examples;
-
-import java.io.FileOutputStream;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.DERBMPString;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
-import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
-
-/**
- * Example of how to set up a certificiate chain and a PKCS 12 store for
- * a private individual - obviously you'll need to generate your own keys,
- * and you may need to add a NetscapeCertType extension or add a key
- * usage extension depending on your application, but you should get the
- * idea! As always this is just an example...
- */
-public class PKCS12Example
-{
-    static char[]   passwd = { 'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd' };
-    
-    static X509V1CertificateGenerator  v1CertGen = new X509V1CertificateGenerator();
-    static X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
-
-    /**
-     * we generate the CA's certificate
-     */
-    public static Certificate createMasterCert(
-        PublicKey       pubKey,
-        PrivateKey      privKey)
-        throws Exception
-    {
-        //
-        // signers name 
-        //
-        String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // subjects name - the same as we are self signed.
-        //
-        String  subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // create the certificate - version 1
-        //
-
-        v1CertGen.setSerialNumber(BigInteger.valueOf(1));
-        v1CertGen.setIssuerDN(new X509Principal(issuer));
-        v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v1CertGen.setSubjectDN(new X509Principal(subject));
-        v1CertGen.setPublicKey(pubKey);
-        v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        X509Certificate cert = v1CertGen.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-        //
-        // this is actually optional - but if you want to have control
-        // over setting the friendly name this is the way to do it...
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Bouncy Primary Certificate"));
-
-        return cert;
-    }
-
-    /**
-     * we generate an intermediate certificate signed by our CA
-     */
-    public static Certificate createIntermediateCert(
-        PublicKey       pubKey,
-        PrivateKey      caPrivKey,
-        X509Certificate caCert)
-        throws Exception
-    {
-        //
-        // subject name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.OU, "Bouncy Intermediate Certificate");
-        attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.OU);
-        order.addElement(X509Principal.EmailAddress);
-
-        //
-        // create the certificate - version 3
-        //
-        v3CertGen.reset();
-
-        v3CertGen.setSerialNumber(BigInteger.valueOf(2));
-        v3CertGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
-        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v3CertGen.setSubjectDN(new X509Principal(order, attrs));
-        v3CertGen.setPublicKey(pubKey);
-        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        //
-        // extensions
-        //
-        v3CertGen.addExtension(
-            X509Extensions.SubjectKeyIdentifier,
-            false,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        v3CertGen.addExtension(
-            X509Extensions.AuthorityKeyIdentifier,
-            false,
-            new AuthorityKeyIdentifierStructure(caCert));
-
-        v3CertGen.addExtension(
-            X509Extensions.BasicConstraints,
-            true,
-            new BasicConstraints(0));
-
-        X509Certificate cert = v3CertGen.generate(caPrivKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(caCert.getPublicKey());
-
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-        //
-        // this is actually optional - but if you want to have control
-        // over setting the friendly name this is the way to do it...
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Bouncy Intermediate Certificate"));
-
-        return cert;
-    }
-
-    /**
-     * we generate a certificate signed by our CA's intermediate certficate
-     */
-    public static Certificate createCert(
-        PublicKey       pubKey,
-        PrivateKey      caPrivKey,
-        PublicKey       caPubKey)
-        throws Exception
-    {
-        //
-        // signers name table.
-        //
-        Hashtable                   sAttrs = new Hashtable();
-        Vector                      sOrder = new Vector();
-
-        sAttrs.put(X509Principal.C, "AU");
-        sAttrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        sAttrs.put(X509Principal.OU, "Bouncy Intermediate Certificate");
-        sAttrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        sOrder.addElement(X509Principal.C);
-        sOrder.addElement(X509Principal.O);
-        sOrder.addElement(X509Principal.OU);
-        sOrder.addElement(X509Principal.EmailAddress);
-
-        //
-        // subjects name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.CN, "Eric H. Echidna");
-        attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.CN);
-        order.addElement(X509Principal.EmailAddress);
-
-        //
-        // create the certificate - version 3
-        //
-        v3CertGen.reset();
-
-        v3CertGen.setSerialNumber(BigInteger.valueOf(3));
-        v3CertGen.setIssuerDN(new X509Principal(sOrder, sAttrs));
-        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v3CertGen.setSubjectDN(new X509Principal(order, attrs));
-        v3CertGen.setPublicKey(pubKey);
-        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        //
-        // add the extensions
-        //
-        v3CertGen.addExtension(
-            X509Extensions.SubjectKeyIdentifier,
-            false,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        v3CertGen.addExtension(
-            X509Extensions.AuthorityKeyIdentifier,
-            false,
-            new AuthorityKeyIdentifierStructure(caPubKey));
-
-        X509Certificate cert = v3CertGen.generate(caPrivKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(caPubKey);
-
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-        //
-        // this is also optional - in the sense that if you leave this
-        // out the keystore will add it automatically, note though that
-        // for the browser to recognise the associated private key this
-        // you should at least use the pkcs_9_localKeyId OID and set it
-        // to the same as you do for the private key's localKeyId.
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Eric's Key"));
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        return cert;
-    }
-
-    public static void main(
-        String[]    args)
-        throws Exception
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        //
-        // personal keys
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16),
-            new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-            new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-            new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-            new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-            new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-            new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
-        //
-        // intermediate keys.
-        //
-        RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
-            new BigInteger("ffff", 16));
-
-
-        RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
-            new BigInteger("ffff", 16),
-            new BigInteger("7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff", 16),
-            new BigInteger("ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649", 16),
-            new BigInteger("97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721", 16),
-            new BigInteger("6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f", 16),
-            new BigInteger("70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f", 16),
-            new BigInteger("e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d", 16));
-
-        //
-        // ca keys
-        //
-        RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec   caPrivKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16),
-            new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16),
-            new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16),
-            new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16),
-            new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16),
-            new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16),
-            new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16));
-
-
-
-        //
-        // set up the keys
-        //
-        KeyFactory          fact = KeyFactory.getInstance("RSA", "BC");
-        PrivateKey          caPrivKey = fact.generatePrivate(caPrivKeySpec);
-        PublicKey           caPubKey = fact.generatePublic(caPubKeySpec);
-        PrivateKey          intPrivKey = fact.generatePrivate(intPrivKeySpec);
-        PublicKey           intPubKey = fact.generatePublic(intPubKeySpec);
-        PrivateKey          privKey = fact.generatePrivate(privKeySpec);
-        PublicKey           pubKey = fact.generatePublic(pubKeySpec);
-
-        Certificate[] chain = new Certificate[3];
-
-        chain[2] = createMasterCert(caPubKey, caPrivKey);
-        chain[1] = createIntermediateCert(intPubKey, caPrivKey, (X509Certificate)chain[2]);
-        chain[0] = createCert(pubKey, intPrivKey, intPubKey);
-
-        //
-        // add the friendly name for the private key
-        //
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)privKey;
-
-        //
-        // this is also optional - in the sense that if you leave this
-        // out the keystore will add it automatically, note though that
-        // for the browser to recognise which certificate the private key
-        // is associated with you should at least use the pkcs_9_localKeyId
-        // OID and set it to the same as you do for the private key's
-        // corresponding certificate.
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Eric's Key"));
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        //
-        // store the key and the certificate chain
-        //
-        KeyStore store = KeyStore.getInstance("PKCS12", "BC");
-
-        store.load(null, null);
-
-        //
-        // if you haven't set the friendly name and local key id above
-        // the name below will be the name of the key
-        //
-        store.setKeyEntry("Eric's Key", privKey, null, chain);
-
-        FileOutputStream fOut = new FileOutputStream("id.p12");
-
-        store.store(fOut, passwd);
-        
-        fOut.close();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/package.html
deleted file mode 100644
index 96b319396..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/examples/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Example classes for use with the JCE.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java
deleted file mode 100644
index a0b2d900e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.jce.exception;
-
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilderException;
-
-public class ExtCertPathBuilderException
-    extends CertPathBuilderException
-    implements ExtException
-{
-    private Throwable cause;
-
-    public ExtCertPathBuilderException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public ExtCertPathBuilderException(String msg, Throwable cause, 
-        CertPath certPath, int index)
-    {
-        super(msg, cause);
-        this.cause = cause;
-    }
-    
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java
deleted file mode 100644
index e36848f4b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.jce.exception;
-
-import java.security.cert.CertPath;
-import java.security.cert.CertPathValidatorException;
-
-public class ExtCertPathValidatorException
-    extends CertPathValidatorException
-    implements ExtException
-{
-
-    private Throwable cause;
-
-    public ExtCertPathValidatorException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public ExtCertPathValidatorException(String msg, Throwable cause, 
-        CertPath certPath, int index)
-    {
-        super(msg, cause, certPath, index);
-        this.cause = cause;
-    }
-    
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java
deleted file mode 100644
index e3c33d801..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.jce.exception;
-
-import java.security.cert.CertificateEncodingException;
-
-public class ExtCertificateEncodingException
-    extends CertificateEncodingException
-    implements ExtException
-{
-    private Throwable cause;
-
-    public ExtCertificateEncodingException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtException.java
deleted file mode 100644
index 52c60ded7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.jce.exception;
-
-/**
- * 
- * This is an extended exception. Java before version 1.4 did not offer the
- * possibility the attach a cause to an exception. The cause of an exception is
- * the Throwable object which was thrown and caused the
- * exception. This interface must be implemented by all exceptions to accomplish
- * this additional functionality.
- * 
- */
-public interface ExtException
-{
-
-    /**
-     * Returns the cause of the exception.
-     * 
-     * @return The cause of the exception.
-     */
-    Throwable getCause();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java
deleted file mode 100644
index 656e23ae9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.jce.exception;
-
-import java.io.IOException;
-
-public class ExtIOException
-    extends IOException
-    implements ExtException
-{
-    private Throwable cause;
-
-    public ExtIOException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java
deleted file mode 100644
index a36abbb21..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.security.SecureRandom;
-
-/**
- * all BC provider keystores implement this interface.
- */
-public interface BCKeyStore
-{
-    /**
-     * set the random source for the key store
-     */
-    public void setRandom(SecureRandom random);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java
deleted file mode 100644
index 5aa2d9c60..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ConfigurableProvider.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-/**
- * Implemented by the BC provider. This allows setting of hidden parameters,
- * such as the ImplicitCA parameters from X.962, if used.
- */
-public interface ConfigurableProvider
-{
-    static final String      THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa";   
-    static final String      EC_IMPLICITLY_CA = "ecImplicitlyCa";
-
-    void setParameter(String parameterName, Object parameter);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java
deleted file mode 100644
index 5f7c42b92..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import org.bouncycastle.jce.spec.ECParameterSpec;
-
-/**
- * generic interface for an Elliptic Curve Key.
- */
-public interface ECKey
-{
-    /**
-     * return a parameter specification representing the EC domain parameters
-     * for the key.
-     * @deprecated this method vanises in JDK 1.5. Use getParameters().
-     */
-    public ECParameterSpec getParams();
-    
-    /**
-     * return a parameter specification representing the EC domain parameters
-     * for the key.
-     */
-    public ECParameterSpec getParameters();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java
deleted file mode 100644
index 001dab3ec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-/**
- * All BC elliptic curve keys implement this interface. You need to
- * cast the key to get access to it.
- * 
    
- * By default BC keys produce encodings without point compression,
- * to turn this on call setPointFormat() with "COMPRESSED".
- */
-public interface ECPointEncoder
-{
-    /**
-     * Set the formatting for encoding of points. If the String "UNCOMPRESSED" is passed
-     * in point compression will not be used. If the String "COMPRESSED" is passed point
-     * compression will be used. The default is "UNCOMPRESSED".
-     * 
-     * @param style the style to use.
-     */
-    public void setPointFormat(String style);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java
deleted file mode 100644
index 39d80c3c4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.math.BigInteger;
-import java.security.PrivateKey;
-
-/**
- * interface for Elliptic Curve Private keys.
- */
-public interface ECPrivateKey
-    extends ECKey, PrivateKey
-{
-    /**
-     * return the private value D.
-     */
-    public BigInteger getD();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java
deleted file mode 100644
index db2ecdced..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.security.PublicKey;
-
-import org.bouncycastle.math.ec.ECPoint;
-
-/**
- * interface for elliptic curve public keys.
- */
-public interface ECPublicKey
-    extends ECKey, PublicKey
-{
-    /**
-     * return the public point Q
-     */
-    public ECPoint getQ();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java
deleted file mode 100644
index e63948360..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import org.bouncycastle.jce.spec.ElGamalParameterSpec;
-
-public interface ElGamalKey
-{
-    public ElGamalParameterSpec getParameters();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java
deleted file mode 100644
index 609a2a84a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.math.BigInteger;
-import java.security.PrivateKey;
-
-public interface ElGamalPrivateKey
-    extends ElGamalKey, PrivateKey
-{
-    public BigInteger getX();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java
deleted file mode 100644
index c9fe35e60..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.math.BigInteger;
-import java.security.PublicKey;
-
-public interface ElGamalPublicKey
-    extends ElGamalKey, PublicKey
-{
-    public BigInteger getY();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java
deleted file mode 100644
index ad16ac3b2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-/**
- * Main interface for a GOST 3410-94 key.
- */
-public interface GOST3410Key
-{
-
-    public GOST3410Params getParameters();
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java
deleted file mode 100644
index 175913b0c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-
-public interface GOST3410Params
-{
-
-    public String getPublicKeyParamSetOID();
-
-    public String getDigestParamSetOID();
-
-    public String getEncryptionParamSetOID();
-    
-    public GOST3410PublicKeyParameterSetSpec getPublicKeyParameters();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java
deleted file mode 100644
index dcb25fe7d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.math.BigInteger;
-
-public interface GOST3410PrivateKey extends GOST3410Key, java.security.PrivateKey
-{
-
-    public BigInteger getX();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java
deleted file mode 100644
index 447cec2b3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.security.PublicKey;
-import java.math.BigInteger;
-
-public interface GOST3410PublicKey extends GOST3410Key, PublicKey
-{
-
-    public BigInteger getY();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java
deleted file mode 100644
index f1d790139..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.security.Key;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-/**
- * key pair for use with an integrated encryptor
- */
-public interface IESKey
-    extends Key
-{
-    /**
-     * return the intended recipient's/sender's public key.
-     */
-    public PublicKey getPublic();
-
-    /**
-     * return the local private key.
-     */
-    public PrivateKey getPrivate();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java
deleted file mode 100644
index a8caffd5e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-/**
- * Static/ephemeral private key (pair) for use with ECMQV key agreement
- * (Optionally provides the ephemeral public key)
- */
-public interface MQVPrivateKey
-    extends PrivateKey
-{
-    /**
-     * return the static private key.
-     */
-    PrivateKey getStaticPrivateKey();
-
-    /**
-     * return the ephemeral private key.
-     */
-    PrivateKey getEphemeralPrivateKey();
-
-    /**
-     * return the ephemeral public key (may be null).
-     */
-    PublicKey getEphemeralPublicKey();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java
deleted file mode 100644
index 1be14bd0a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.security.PublicKey;
-
-/**
- * Static/ephemeral public key pair for use with ECMQV key agreement
- */
-public interface MQVPublicKey
-    extends PublicKey
-{
-    /**
-     * return the static public key.
-     */
-    PublicKey getStaticKey();
-
-    /**
-     * return the ephemeral public key.
-     */
-    PublicKey getEphemeralKey();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java
deleted file mode 100644
index f27652ec4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.jce.interfaces;
-
-import java.util.Enumeration;
-
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-
-/**
- * allow us to set attributes on objects that can go into a PKCS12 store.
- */
-public interface PKCS12BagAttributeCarrier
-{
-    void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute);
-
-    DEREncodable getBagAttribute(
-        DERObjectIdentifier oid);
-
-    Enumeration getBagAttributeKeys();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/package.html
deleted file mode 100644
index bacde6c88..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/interfaces/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Interfaces for supporting Elliptic Curve Keys, El Gamal, and PKCS12 attributes.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
deleted file mode 100644
index 517929817..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
+++ /dev/null
@@ -1,295 +0,0 @@
-package org.bouncycastle.jce.netscape;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-/**
- *
- * 
- * Handles NetScape certificate request (KEYGEN), these are constructed as:
- * 
    
- *   SignedPublicKeyAndChallenge ::= SEQUENCE {
- *     publicKeyAndChallenge    PublicKeyAndChallenge,
- *     signatureAlgorithm       AlgorithmIdentifier,
- *     signature                BIT STRING
- *   }
- * 
    
- *
- * PublicKey's encoded-format has to be X.509.
- *
- **/
-public class NetscapeCertRequest
-    extends ASN1Encodable
-{
-    AlgorithmIdentifier    sigAlg;
-    AlgorithmIdentifier    keyAlg;
-    byte        sigBits [];
-    String challenge;
-    DERBitString content;
-    PublicKey pubkey ;
-    
-    private static ASN1Sequence getReq(
-        byte[]  r)
-        throws IOException
-    {
-        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(r));
-
-        return ASN1Sequence.getInstance(aIn.readObject());
-    }
-
-    public NetscapeCertRequest(
-        byte[]  req)
-        throws IOException
-    {
-        this(getReq(req));
-    }
-
-    public NetscapeCertRequest (ASN1Sequence spkac)
-    {
-        try
-        {
-
-            //
-            // SignedPublicKeyAndChallenge ::= SEQUENCE {
-            //    publicKeyAndChallenge    PublicKeyAndChallenge,
-            //    signatureAlgorithm    AlgorithmIdentifier,
-            //    signature        BIT STRING
-            // }
-            //
-            if (spkac.size() != 3)
-            {
-                throw new IllegalArgumentException("invalid SPKAC (size):"
-                        + spkac.size());
-            }
-
-            sigAlg = new AlgorithmIdentifier((ASN1Sequence)spkac
-                    .getObjectAt(1));
-            sigBits = ((DERBitString)spkac.getObjectAt(2)).getBytes();
-
-            //
-            // PublicKeyAndChallenge ::= SEQUENCE {
-            //    spki            SubjectPublicKeyInfo,
-            //    challenge        IA5STRING
-            // }
-            //
-            ASN1Sequence pkac = (ASN1Sequence)spkac.getObjectAt(0);
-
-            if (pkac.size() != 2)
-            {
-                throw new IllegalArgumentException("invalid PKAC (len): "
-                        + pkac.size());
-            }
-
-            challenge = ((DERIA5String)pkac.getObjectAt(1)).getString();
-
-            //this could be dangerous, as ASN.1 decoding/encoding
-            //could potentially alter the bytes
-            content = new DERBitString(pkac);
-
-            SubjectPublicKeyInfo pubkeyinfo = new SubjectPublicKeyInfo(
-                    (ASN1Sequence)pkac.getObjectAt(0));
-
-            X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(
-                    pubkeyinfo).getBytes());
-
-            keyAlg = pubkeyinfo.getAlgorithmId();
-            pubkey = KeyFactory.getInstance(keyAlg.getObjectId().getId(), "BC")
-                    .generatePublic(xspec);
-
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException(e.toString());
-        }
-    }
-
-    public NetscapeCertRequest(
-        String challenge,
-        AlgorithmIdentifier signing_alg,
-        PublicKey pub_key) throws NoSuchAlgorithmException,
-            InvalidKeySpecException, NoSuchProviderException
-    {
-
-        this.challenge = challenge;
-        sigAlg = signing_alg;
-        pubkey = pub_key;
-
-        ASN1EncodableVector content_der = new ASN1EncodableVector();
-        content_der.add(getKeySpec());
-        //content_der.add(new SubjectPublicKeyInfo(sigAlg, new RSAPublicKeyStructure(pubkey.getModulus(), pubkey.getPublicExponent()).getDERObject()));
-        content_der.add(new DERIA5String(challenge));
-
-        content = new DERBitString(new DERSequence(content_der));
-    }
-
-    public String getChallenge()
-    {
-        return challenge;
-    }
-
-    public void setChallenge(String value)
-    {
-        challenge = value;
-    }
-
-    public AlgorithmIdentifier getSigningAlgorithm()
-    {
-        return sigAlg;
-    }
-
-    public void setSigningAlgorithm(AlgorithmIdentifier value)
-    {
-        sigAlg = value;
-    }
-
-    public AlgorithmIdentifier getKeyAlgorithm()
-    {
-        return keyAlg;
-    }
-
-    public void setKeyAlgorithm(AlgorithmIdentifier value)
-    {
-        keyAlg = value;
-    }
-
-    public PublicKey getPublicKey()
-    {
-        return pubkey;
-    }
-
-    public void setPublicKey(PublicKey value)
-    {
-        pubkey = value;
-    }
-
-    public boolean verify(String challenge) throws NoSuchAlgorithmException,
-            InvalidKeyException, SignatureException, NoSuchProviderException
-    {
-        if (!challenge.equals(this.challenge))
-        {
-            return false;
-        }
-
-        //
-        // Verify the signature .. shows the response was generated
-        // by someone who knew the associated private key
-        //
-        Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(),
-                "BC");
-        sig.initVerify(pubkey);
-        sig.update(content.getBytes());
-
-        return sig.verify(sigBits);
-    }
-
-    public void sign(PrivateKey priv_key) throws NoSuchAlgorithmException,
-            InvalidKeyException, SignatureException, NoSuchProviderException,
-            InvalidKeySpecException
-    {
-        sign(priv_key, null);
-    }
-
-    public void sign(PrivateKey priv_key, SecureRandom rand)
-            throws NoSuchAlgorithmException, InvalidKeyException,
-            SignatureException, NoSuchProviderException,
-            InvalidKeySpecException
-    {
-        Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(),
-                "BC");
-
-        if (rand != null)
-        {
-            sig.initSign(priv_key, rand);
-        }
-        else
-        {
-            sig.initSign(priv_key);
-        }
-
-        ASN1EncodableVector pkac = new ASN1EncodableVector();
-
-        pkac.add(getKeySpec());
-        pkac.add(new DERIA5String(challenge));
-
-        try
-        {
-            sig.update(new DERSequence(pkac).getEncoded(ASN1Encodable.DER));
-        }
-        catch (IOException ioe)
-        {
-            throw new SignatureException(ioe.getMessage());
-        }
-
-        sigBits = sig.sign();
-    }
-
-    private DERObject getKeySpec() throws NoSuchAlgorithmException,
-            InvalidKeySpecException, NoSuchProviderException
-    {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
-        DERObject obj = null;
-        try
-        {
-
-            baos.write(pubkey.getEncoded());
-            baos.close();
-
-            ASN1InputStream derin = new ASN1InputStream(
-                    new ByteArrayInputStream(baos.toByteArray()));
-
-            obj = derin.readObject();
-        }
-        catch (IOException ioe)
-        {
-            throw new InvalidKeySpecException(ioe.getMessage());
-        }
-        return obj;
-    }
-
-    public DERObject toASN1Object()
-    {
-        ASN1EncodableVector spkac = new ASN1EncodableVector();
-        ASN1EncodableVector pkac = new ASN1EncodableVector();
-
-        try
-        {
-            pkac.add(getKeySpec());
-        }
-        catch (Exception e)
-        {
-            //ignore
-        }
-
-        pkac.add(new DERIA5String(challenge));
-
-        spkac.add(new DERSequence(pkac));
-        spkac.add(sigAlg);
-        spkac.add(new DERBitString(sigBits));
-
-        return new DERSequence(spkac);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/package.html
deleted file mode 100644
index 52ef3bf64..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/package.html
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-Utility classes for use with the JCE.
-
    
-The classes in this package support the generation of certificates and PKCS10 signing requests.
-
    
-Note: the PKCS7 class is deprecated, for a fuller version of CMS see the cms package distributed
-with the BC mail API.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java
deleted file mode 100644
index c9ac46efa..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.exception.ExtException;
-
-public class AnnotatedException
-    extends Exception
-    implements ExtException
-{
-    private Throwable _underlyingException;
-
-    AnnotatedException(String string, Throwable e)
-    {
-        super(string);
-
-        _underlyingException = e;
-    }
-
-    AnnotatedException(String string)
-    {
-        this(string, null);
-    }
-
-    Throwable getUnderlyingException()
-    {
-        return _underlyingException;
-    }
-
-    public Throwable getCause()
-    {
-        return _underlyingException;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
deleted file mode 100644
index b9db576b2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ /dev/null
@@ -1,900 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.Provider;
-import java.util.Iterator;
-import java.util.Map;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.iana.IANAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.jce.interfaces.ConfigurableProvider;
-
-/**
- * To add the provider at runtime use:
- * 
    - * import java.security.Security;
- * import org.bouncycastle.jce.provider.BouncyCastleProvider;
- *
- * Security.addProvider(new BouncyCastleProvider());
- * 
    
- * The provider can also be configured as part of your environment via
- * static registration by adding an entry to the java.security properties
- * file (found in $JAVA_HOME/jre/lib/security/java.security, where
- * $JAVA_HOME is the location of your JDK/JRE distribution). You'll find
- * detailed instructions in the file but basically it comes down to adding
- * a line:
- * 
    - * 
- *    security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider
- * 
- * 
    
- * Where <n> is the preference you want the provider at (1 being the
- * most preferred).
- * 
    Note: JCE algorithm names should be upper-case only so the case insensitive
- * test for getInstance works.
- */
-public final class BouncyCastleProvider extends Provider
-    implements ConfigurableProvider
-{
-    private static String info = "BouncyCastle Security Provider v1.46";
-
-    public static String PROVIDER_NAME = "BC";
-
-    /*
-     * Configurable symmetric ciphers
-     */
-    private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.symmetric.";
-    private static final String[] SYMMETRIC_CIPHERS =
-    {
-        "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
-        "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
-    };
-
-    /*
-     * Configurable asymmetric ciphers
-     */
-    private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.asymmetric.";
-    private static final String[] ASYMMETRIC_CIPHERS =
-    {
-        "EC"
-    };
-
-    /**
-     * Construct a new provider.  This should only be required when
-     * using runtime registration of the provider using the
-     * Security.addProvider() mechanism.
-     */
-    public BouncyCastleProvider()
-    {
-        super(PROVIDER_NAME, 1.46, info);
-
-        AccessController.doPrivileged(new PrivilegedAction()
-        {
-            public Object run()
-            {
-                setup();
-                return null;
-            }
-        });
-    }
-
-    private void setup()
-    {
-        loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS);
-        loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS);
-
-        //
-        // X509Store
-        //
-        put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-        put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-        put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-        put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
-
-        put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
-        put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
-        put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
-        put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
-        
-        //
-        // X509StreamParser
-        //
-        put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
-        put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
-        put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
-        put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
-
-
-        //
-        // KeyStore
-        //
-        put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore");
-        put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore");
-        put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
-        put("KeyStore.BCPKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
-        put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore");
-
-        put("KeyStore.PKCS12-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
-        put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES");
-
-        put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore");
-        put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES");
-
-        put("Alg.Alias.KeyStore.UBER", "BouncyCastle");
-        put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
-        put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle");
-
-        //
-        // certificate factories.
-        //
-        put("CertificateFactory.X.509", "org.bouncycastle.jce.provider.JDKX509CertificateFactory");
-        put("Alg.Alias.CertificateFactory.X509", "X.509");
-
-        //
-        // algorithm parameter generators
-        //
-        put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH");
-        put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA");
-        put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410");
-        put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal");
-        put("AlgorithmParameterGenerator.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES");
-        put("AlgorithmParameterGenerator.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES");
-        put("AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES");
-        put("AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES");
-        put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2");
-        put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2");
-
-        put("Alg.Alias.AlgorithmParameterGenerator.DIFFIEHELLMAN", "DH");
-        put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410");
-        //
-        // algorithm parameters
-        //
-        put("AlgorithmParameters.OAEP", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$OAEP");
-        put("AlgorithmParameters.PSS", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PSS");
-        put("AlgorithmParameters.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DH");
-        put("Alg.Alias.AlgorithmParameters.DIFFIEHELLMAN", "DH");
-        put("AlgorithmParameters.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DSA");
-        put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal");
-        put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES");
-        put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE");
-        put("AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2");
-
-        put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410");
-        put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE");
-
-        put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
-
-        put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-        
-        put("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-        put("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-        put("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
-        put("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
-        
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE");
-
-        put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        
-        //
-        // key agreement
-        //
-        put("KeyAgreement.DH", "org.bouncycastle.jce.provider.JCEDHKeyAgreement");
-        put("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH");
-        
-        //
-        // cipher engines
-        //
-        put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES");
-        put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
-
-        put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
-        put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
-        put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
-
-        put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
-        
-        put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES",  "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-        
-        put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147");
-        put("Alg.Alias.Cipher.GOST", "GOST28147");
-        put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
-        put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
-
-        put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding");
-        put("Cipher.RSA/RAW", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding");
-        put("Cipher.RSA/PKCS1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding");
-        put("Cipher.1.2.840.113549.1.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding");
-        put("Cipher.2.5.8.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding");
-        put("Cipher.RSA/1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PrivateOnly");
-        put("Cipher.RSA/2", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PublicOnly");
-        put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
-        put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
-        put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding");
-
-        put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
-        put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
-        put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
-        put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES");
-        put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding");
-        put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding");
-
-        put("Alg.Alias.Cipher.RSA//RAW", "RSA");
-        put("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
-        put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-        put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-        put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-        
-        put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1");
-        put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1");
-        put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL");
-
-        put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES");
-        put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
-        put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2");
-        put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES");
-        put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
-        put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2");
-        put("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES3Key");
-        put("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key");
-        put("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key");
-        put("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES2Key");
-        put("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key");
-        put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2");
-        put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2");
-        put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4");
-        put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4");
-
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "Cipher.PBEWITHSHAAND128BITRC2-CBC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "Cipher.PBEWITHSHAAND40BITRC2-CBC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4");
-
-        put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
-        put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
-        put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC");
-        put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
-        put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
-        put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
-
-        put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC");
-        put("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC");
-        
-        put("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-        
-        put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish");
-        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
-
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
-
-        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4");
-        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4");
-        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
-        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
-        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
-        put("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-        //
-        // key generators.
-        //
-        put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES");
-        put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES");
-
-        put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-        put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-
-        put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
-        put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
-        put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147");
-        put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147");
-
-        //
-        // key pair generators.
-        //
-        put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA");
-        put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH");
-        put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA");
-        put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal");
-
-        put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA");
-        put("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH");
-        
-        put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410");
-        put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410");
-        put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410");
-
-        //
-        // key factories
-        //
-        put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA");
-        put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH");
-        put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA");
-        put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal");
-        put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal");
-
-        put("KeyFactory.X.509", "org.bouncycastle.jce.provider.JDKKeyFactory$X509");
-        
-        put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA");
-        put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
-
-        put("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH");
-
-        put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410");
-        put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410");
-        put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410");
-        put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
-
-        //
-        // Algorithm parameters
-        //
-        put("AlgorithmParameters.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        put("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES");
-        put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        put("AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
-        put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
-        
-        //
-        // secret key factories.
-        //
-        put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES");
-        put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
-
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
-
-        put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
-        put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES");
-        put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2");
-        put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES");
-        put("SecretKeyFactory.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndRC2");
-        put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key");
-        put("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES2Key");
-        put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4");
-        put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4");
-        put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2");
-        put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2");
-        put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish");
-        put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160");
-        put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA");
-        put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger");
-        
-        put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL");
-        put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL");
-        put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL");
-
-        put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5");
-
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5");
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5");
-        put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12");
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12");
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12");
-        put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12");
-
-        put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
-
-        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4");
-        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4");
-        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
-        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
-        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1");
-        put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA1");
-        put("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-        
-        put("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitAESBC");
-        put("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd192BitAESBC");
-        put("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd256BitAESBC");
-        put("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And128BitAESBC");
-        put("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And192BitAESBC");
-        put("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And256BitAESBC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
-        put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
-
-        addMacAlgorithms();
-
-        addMessageDigestAlgorithms();
-
-        addSignatureAlgorithms();
-
-    // Certification Path API
-        put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
-        put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
-        put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-        put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
-        put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-        put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
-        put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
-        put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
-        put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
-        put("Alg.Alias.CertStore.X509LDAP", "LDAP");
-    }
-
-    private void loadAlgorithms(String packageName, String[] names)
-    {
-        for (int i = 0; i != names.length; i++)
-        {
-            Class clazz = null;
-            try
-            {
-                ClassLoader loader = this.getClass().getClassLoader();
-
-                if (loader != null)
-                {
-                    clazz = loader.loadClass(packageName + names[i] + "$Mappings");
-                }
-                else
-                {
-                    clazz = Class.forName(packageName + names[i] + "$Mappings");
-                }
-            }
-            catch (ClassNotFoundException e)
-            {
-                // ignore
-            }
-
-            if (clazz != null)
-            {
-                try
-                {
-                    addMappings((Map)clazz.newInstance());
-                }
-                catch (Exception e)
-                {   // this should never ever happen!!
-                    throw new InternalError("cannot create instance of "
-                        + packageName + names[i] + "$Mappings : " + e);
-                }
-            }
-        }
-    }
-
-    private void addMappings(Map mappings)
-    {
-        // can't use putAll due to JDK 1.1
-        for (Iterator it = mappings.keySet().iterator(); it.hasNext();)
-        {
-            Object key = it.next();
-
-            if (containsKey(key))
-            {
-                throw new IllegalStateException("duplicate provider key (" + key + ") found in " + mappings.getClass().getName());
-            }
-            put(key, mappings.get(key));
-        }
-    }
-
-    //
-    // macs
-    //
-    private void addMacAlgorithms()
-    {
-        put("Mac.DESMAC", "org.bouncycastle.jce.provider.JCEMac$DES");
-        put("Alg.Alias.Mac.DES", "DESMAC");
-        put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
-        put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-
-        put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
-        put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-
-        put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
-        put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-        put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
-        put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-
-        put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
-        put("Alg.Alias.Mac.RC2", "RC2MAC");
-        put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
-        put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-
-
-        put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
-        put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
-
-        put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
-
-        put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
-
-        addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC");
-        addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC");
-        addHMACAlgorithm("MD5", "org.bouncycastle.jce.provider.JCEMac$MD5", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD5HMAC");
-        addHMACAlias("MD5", IANAObjectIdentifiers.hmacMD5);
-
-        addHMACAlgorithm("SHA1", "org.bouncycastle.jce.provider.JCEMac$SHA1", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA1");
-        addHMACAlias("SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1);
-        addHMACAlias("SHA1", IANAObjectIdentifiers.hmacSHA1);
-        addHMACAlgorithm("SHA224", "org.bouncycastle.jce.provider.JCEMac$SHA224", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA224");
-        addHMACAlias("SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224);
-        addHMACAlgorithm("SHA256", "org.bouncycastle.jce.provider.JCEMac$SHA256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA256");
-        addHMACAlias("SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
-        addHMACAlgorithm("SHA384", "org.bouncycastle.jce.provider.JCEMac$SHA384", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA384");
-        addHMACAlias("SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
-        addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512");
-        addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
-
-        addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC");
-        addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC");
-        addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160);
-
-        addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER");
-        addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER);
-
-        put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA");
-        put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA");
-        put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160");
-        put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA");
-    }
-
-    private void addHMACAlgorithm(
-        String algorithm,
-        String algorithmClassName,
-        String keyGeneratorClassName)
-    {
-        String mainName = "HMAC" + algorithm;
-
-        put("Mac." + mainName, algorithmClassName);
-        put("Alg.Alias.Mac.HMAC-" + algorithm, mainName);
-        put("Alg.Alias.Mac.HMAC/" + algorithm, mainName);
-        put("KeyGenerator." + mainName, keyGeneratorClassName);
-        put("Alg.Alias.KeyGenerator.HMAC-" + algorithm, mainName);
-        put("Alg.Alias.KeyGenerator.HMAC/" + algorithm, mainName);
-    }
-
-    private void addHMACAlias(
-        String              algorithm,
-        DERObjectIdentifier oid)
-    {
-        String mainName = "HMAC" + algorithm;
-
-        put("Alg.Alias.Mac." + oid, mainName);
-        put("Alg.Alias.KeyGenerator." + oid, mainName);
-    }
-
-    //
-    // message digests
-    //
-    private void addMessageDigestAlgorithms()
-    {
-        put("MessageDigest.SHA-1", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA1");
-        put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
-        put("Alg.Alias.MessageDigest.SHA", "SHA-1");
-        put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1");
-        put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224");
-        put("Alg.Alias.MessageDigest.SHA224", "SHA-224");
-        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224");
-        put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256");
-        put("Alg.Alias.MessageDigest.SHA256", "SHA-256");
-        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
-        put("MessageDigest.SHA-384", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA384");
-        put("Alg.Alias.MessageDigest.SHA384", "SHA-384");
-        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384");
-        put("MessageDigest.SHA-512", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA512");
-        put("Alg.Alias.MessageDigest.SHA512", "SHA-512");
-        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
-        
-        put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2");
-        put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2");
-        put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4");
-        put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4");
-        put("MessageDigest.MD5", "org.bouncycastle.jce.provider.JDKMessageDigest$MD5");
-        put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5");
-        put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128");
-        put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
-        put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160");
-        put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
-        put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256");
-        put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
-        put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320");
-        put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger");
-        
-        put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool");
-        
-        put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411");
-        put("Alg.Alias.MessageDigest.GOST", "GOST3411");
-        put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411");
-        put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411");
-    }
-    
-    //
-    // signature algorithms.
-    //
-    private void addSignatureAlgorithms()
-    {
-        put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption");
-        put("Signature.MD4WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption");
-        put("Signature.MD5WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD5WithRSAEncryption");
-        put("Signature.SHA1WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption");
-        put("Signature.SHA224WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA224WithRSAEncryption");
-        put("Signature.SHA256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA256WithRSAEncryption");
-        put("Signature.SHA384WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA384WithRSAEncryption");
-        put("Signature.SHA512WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA512WithRSAEncryption");
-        put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption");
-        put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption");
-        put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption");
-        put("Signature.DSA", "org.bouncycastle.jce.provider.JDKDSASigner$stdDSA");
-        put("Signature.NONEWITHDSA", "org.bouncycastle.jce.provider.JDKDSASigner$noneDSA");
-        put("Signature.SHA1withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$SHA1WithRSAEncryption");
-        put("Signature.MD5withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$MD5WithRSAEncryption");
-        put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption");
-
-        put("Signature.RSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA");
-        put("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA");
-        put("Signature.SHA1withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA1withRSA");
-        put("Signature.SHA224withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA224withRSA");
-        put("Signature.SHA256withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA256withRSA");
-        put("Signature.SHA384withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA384withRSA");
-        put("Signature.SHA512withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA512withRSA");
-
-        put("Signature.RSA", "org.bouncycastle.jce.provider.JDKDigestSignature$noneRSA");
-        put("Signature.RAWRSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$nonePSS");
-
-        put("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
-
-        put("Alg.Alias.Signature.RAWRSA", "RSA");
-        put("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-        put("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-        put("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-        put("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-
-        put("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-
-        put("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
-        put("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
-        put("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
-        put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
-        put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
-        
-        put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption");
-        put("Alg.Alias.Signature.MD4withRSAEncryption", "MD4WithRSAEncryption");
-        put("Alg.Alias.Signature.MD5withRSAEncryption", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA1withRSAEncryption", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA224withRSAEncryption", "SHA224WithRSAEncryption");
-
-        put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA512withRSAEncryption", "SHA512WithRSAEncryption");
-
-        put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSAEncryption");
-
-        put("Alg.Alias.Signature.SHA256WITHRSAENCRYPTION", "SHA256WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption");
-
-        put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption");
-
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption");
-        put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption");
-        put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption");
-        put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption");
-        put("Alg.Alias.Signature.MD5WithRSA", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.MD5withRSA", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.MD4WithRSA", "MD4WithRSAEncryption");
-        put("Alg.Alias.Signature.MD4withRSA", "MD4WithRSAEncryption");
-        put("Alg.Alias.Signature.MD4/RSA", "MD4WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA1WithRSA", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA1withRSA", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA224WithRSA", "SHA224WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA224withRSA", "SHA224WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA256WithRSA", "SHA256WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA256withRSA", "SHA256WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA384WithRSA", "SHA384WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA384withRSA", "SHA384WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA512WithRSA", "SHA512WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA512withRSA", "SHA512WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WithRSAEncryption");
-        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WithRSAEncryption");
-        put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption");
-        put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption");
-        put("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WithRSAEncryption");
-        
-        put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption");
-        put("Alg.Alias.Signature.MD5WITHRSAENCRYPTION", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA1WITHRSAENCRYPTION", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption");
-
-        put("Alg.Alias.Signature.MD5WITHRSA", "MD5WithRSAEncryption");
-        put("Alg.Alias.Signature.SHA1WITHRSA", "SHA1WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption");
-        put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption");
-
-        addSignatureAlgorithm("SHA224", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
-        addSignatureAlgorithm("SHA256", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
-        addSignatureAlgorithm("SHA384", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-        addSignatureAlgorithm("SHA512", "DSA", "org.bouncycastle.jce.provider.JDKDSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-
-        put("Alg.Alias.Signature.SHA/DSA", "DSA");
-        put("Alg.Alias.Signature.SHA1withDSA", "DSA");
-        put("Alg.Alias.Signature.SHA1WITHDSA", "DSA");
-        put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA");
-        put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA");
-        put("Alg.Alias.Signature.DSAwithSHA1", "DSA");
-        put("Alg.Alias.Signature.DSAWITHSHA1", "DSA");
-        put("Alg.Alias.Signature.SHA1WithDSA", "DSA");
-        put("Alg.Alias.Signature.DSAWithSHA1", "DSA");
-        put("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-        put("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
-        put("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
-        put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-        
-        put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410");
-        put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410");
-        put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410");
-        put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410");
-        put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410");
-        put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410");
-        put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410");
-        
-        put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410");
-        put("Alg.Alias.Signature.GOST-3410", "GOST3410");
-        put("Alg.Alias.Signature.GOST-3410-94", "GOST3410");
-        put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410");
-        put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410");
-        put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410");
-        put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
-    }
-
-    private void addSignatureAlgorithm(
-        String digest,
-        String algorithm,
-        String className,
-        DERObjectIdentifier oid)
-    {
-        String mainName = digest + "WITH" + algorithm;
-        String jdk11Variation1 = digest + "with" + algorithm;
-        String jdk11Variation2 = digest + "With" + algorithm;
-        String alias = digest + "/" + algorithm;
-
-        put("Signature." + mainName, className);
-        put("Alg.Alias.Signature." + jdk11Variation1, mainName);
-        put("Alg.Alias.Signature." + jdk11Variation2, mainName);
-        put("Alg.Alias.Signature." + alias, mainName);
-        put("Alg.Alias.Signature." + oid, mainName);
-        put("Alg.Alias.Signature.OID." + oid, mainName);
-    }
-
-    public void setParameter(String parameterName, Object parameter)
-    {
-        ProviderUtil.setParameter(parameterName, parameter);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java
deleted file mode 100644
index dda267cd2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java
+++ /dev/null
@@ -1,620 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.TwofishEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.params.RC2Parameters;
-import org.bouncycastle.crypto.params.RC5Parameters;
-import org.bouncycastle.util.Strings;
-
-public class BrokenJCEBlockCipher
-    implements BrokenPBE
-{
-    //
-    // specs we can handle.
-    //
-    private Class[]                 availableSpecs =
-                                    {
-                                        IvParameterSpec.class,
-                                        PBEParameterSpec.class,
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class
-                                    };
- 
-    private BufferedBlockCipher     cipher;
-    private ParametersWithIV        ivParam;
-
-    private int                     pbeType = PKCS12;
-    private int                     pbeHash = SHA1;
-    private int                     pbeKeySize;
-    private int                     pbeIvSize;
-
-    private int                     ivLength = 0;
-
-    private AlgorithmParameters     engineParams = null;
-
-    protected BrokenJCEBlockCipher(
-        BlockCipher engine)
-    {
-        cipher = new PaddedBufferedBlockCipher(engine);
-    }
-        
-    protected BrokenJCEBlockCipher(
-        BlockCipher engine,
-        int         pbeType,
-        int         pbeHash,
-        int         pbeKeySize,
-        int         pbeIvSize)
-    {
-        cipher = new PaddedBufferedBlockCipher(engine);
-
-        this.pbeType = pbeType;
-        this.pbeHash = pbeHash;
-        this.pbeKeySize = pbeKeySize;
-        this.pbeIvSize = pbeIvSize;
-    }
-
-    protected int engineGetBlockSize() 
-    {
-        return cipher.getBlockSize();
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return (ivParam != null) ? ivParam.getIV() : null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        return key.getEncoded().length;
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        return cipher.getOutputSize(inputLen);
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            if (ivParam != null)
-            {
-                String  name = cipher.getUnderlyingCipher().getAlgorithmName();
-
-                if (name.indexOf('/') >= 0)
-                {
-                    name = name.substring(0, name.indexOf('/'));
-                }
-
-                try
-                {
-                    engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
-                    engineParams.init(ivParam.getIV());
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.toString());
-                }
-            }
-        }
-
-        return engineParams;
-    }
-
-    protected void engineSetMode(
-        String  mode) 
-    {
-        String  modeName = Strings.toUpperCase(mode);
-
-        if (modeName.equals("ECB"))
-        {
-            ivLength = 0;
-            cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher());
-        }
-        else if (modeName.equals("CBC"))
-        {
-            ivLength = cipher.getUnderlyingCipher().getBlockSize();
-            cipher = new PaddedBufferedBlockCipher(
-                            new CBCBlockCipher(cipher.getUnderlyingCipher()));
-        }
-        else if (modeName.startsWith("OFB"))
-        {
-            ivLength = cipher.getUnderlyingCipher().getBlockSize();
-            if (modeName.length() != 3)
-            {
-                int wordSize = Integer.parseInt(modeName.substring(3));
-
-                cipher = new PaddedBufferedBlockCipher(
-                                new OFBBlockCipher(cipher.getUnderlyingCipher(), wordSize));
-            }
-            else
-            {
-                cipher = new PaddedBufferedBlockCipher(
-                        new OFBBlockCipher(cipher.getUnderlyingCipher(), 8 * cipher.getBlockSize()));
-            }
-        }
-        else if (modeName.startsWith("CFB"))
-        {
-            ivLength = cipher.getUnderlyingCipher().getBlockSize();
-            if (modeName.length() != 3)
-            {
-                int wordSize = Integer.parseInt(modeName.substring(3));
-
-                cipher = new PaddedBufferedBlockCipher(
-                                new CFBBlockCipher(cipher.getUnderlyingCipher(), wordSize));
-            }
-            else
-            {
-                cipher = new PaddedBufferedBlockCipher(
-                        new CFBBlockCipher(cipher.getUnderlyingCipher(), 8 * cipher.getBlockSize()));
-            }
-        }
-        else
-        {
-            throw new IllegalArgumentException("can't support mode " + mode);
-        }
-    }
-
-    protected void engineSetPadding(
-        String  padding) 
-    throws NoSuchPaddingException
-    {
-        String  paddingName = Strings.toUpperCase(padding);
-
-        if (paddingName.equals("NOPADDING"))
-        {
-            cipher = new BufferedBlockCipher(cipher.getUnderlyingCipher());
-        }
-        else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING") || paddingName.equals("ISO10126PADDING"))
-        {
-            cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher());
-        }
-        else if (paddingName.equals("WITHCTS"))
-        {
-            cipher = new CTSBlockCipher(cipher.getUnderlyingCipher());
-        }
-        else
-        {
-            throw new NoSuchPaddingException("Padding " + padding + " unknown.");
-        }
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        CipherParameters        param;
-
-        //
-        // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
-        //
-        if (key instanceof JCEPBEKey)
-        {
-            param = BrokenPBE.Util.makePBEParameters((JCEPBEKey)key, params, pbeType, pbeHash,
-                        cipher.getUnderlyingCipher().getAlgorithmName(), pbeKeySize, pbeIvSize);
-
-            if (pbeIvSize != 0)
-            {
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params == null)
-        {
-            param = new KeyParameter(key.getEncoded());
-        }
-        else if (params instanceof IvParameterSpec)
-        {
-            if (ivLength != 0)
-            {
-                param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-            else
-            {
-                param = new KeyParameter(key.getEncoded());
-            }
-        }
-        else if (params instanceof RC2ParameterSpec)
-        {
-            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-
-            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-
-            if (rc2Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, rc2Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC5ParameterSpec)
-        {
-            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-
-            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-            if (rc5Param.getWordSize() != 32)
-            {
-                throw new IllegalArgumentException("can only accept RC5 word size 32 (at the moment...)");
-            }
-            if ((rc5Param.getIV() != null) && (ivLength != 0))
-            {
-                param = new ParametersWithIV(param, rc5Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else
-        {
-            throw new InvalidAlgorithmParameterException("unknown parameter type.");
-        }
-
-        if ((ivLength != 0) && !(param instanceof ParametersWithIV))
-        {
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
-            {
-                byte[]  iv = new byte[ivLength];
-
-                random.nextBytes(iv);
-                param = new ParametersWithIV(param, iv);
-                ivParam = (ParametersWithIV)param;
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("no IV set when one expected");
-            }
-        }
-
-        switch (opmode)
-        {
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.WRAP_MODE:
-            cipher.init(true, param);
-            break;
-        case Cipher.DECRYPT_MODE:
-        case Cipher.UNWRAP_MODE:
-            cipher.init(false, param);
-            break;
-        default:
-            System.out.println("eeek!");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        AlgorithmParameterSpec  paramSpec = null;
-
-        if (params != null)
-        {
-            for (int i = 0; i != availableSpecs.length; i++)
-            {
-                try
-                {
-                    paramSpec = params.getParameterSpec(availableSpecs[i]);
-                    break;
-                }
-                catch (Exception e)
-                {
-                    continue;
-                }
-            }
-
-            if (paramSpec == null)
-            {
-                throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString());
-            }
-        }
-
-        engineParams = params;
-        engineInit(opmode, key, paramSpec, random);
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-        throws InvalidKeyException
-    {
-        try
-        {
-            engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new IllegalArgumentException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        int     length = cipher.getUpdateOutputSize(inputLen);
-
-        if (length > 0)
-        {
-                byte[]  out = new byte[length];
-
-                cipher.processBytes(input, inputOffset, inputLen, out, 0);
-                return out;
-        }
-
-        cipher.processBytes(input, inputOffset, inputLen, null, 0);
-
-        return null;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-    {
-        return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        int     len = 0;
-        byte[]  tmp = new byte[engineGetOutputSize(inputLen)];
-
-        if (inputLen != 0)
-        {
-            len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0);
-        }
-
-        try
-        {
-            len += cipher.doFinal(tmp, len);
-        }
-        catch (DataLengthException e)
-        {
-            throw new IllegalBlockSizeException(e.getMessage());
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-
-        byte[]  out = new byte[len];
-
-        System.arraycopy(tmp, 0, out, 0, len);
-
-        return out;
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        int     len = 0;
-
-        if (inputLen != 0)
-        {
-                len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-        }
-
-        try
-        {
-            return len + cipher.doFinal(output, outputOffset + len);
-        }
-        catch (DataLengthException e)
-        {
-            throw new IllegalBlockSizeException(e.getMessage());
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineWrap(
-        Key     key) 
-    throws IllegalBlockSizeException, java.security.InvalidKeyException
-    {
-        byte[] encoded = key.getEncoded();
-        if (encoded == null)
-        {
-            throw new InvalidKeyException("Cannot wrap key, null encoding.");
-        }
-
-        try
-        {
-            return engineDoFinal(encoded, 0, encoded.length);
-        }
-        catch (BadPaddingException e)
-        {
-            throw new IllegalBlockSizeException(e.getMessage());
-        }
-    }
-
-    protected Key engineUnwrap(
-        byte[]  wrappedKey,
-        String  wrappedKeyAlgorithm,
-        int     wrappedKeyType) 
-    throws InvalidKeyException
-    {
-        byte[] encoded = null;
-        try
-        {
-            encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length);
-        }
-        catch (BadPaddingException e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-        catch (IllegalBlockSizeException e2)
-        {
-            throw new InvalidKeyException(e2.getMessage());
-        }
-
-        if (wrappedKeyType == Cipher.SECRET_KEY)
-        {
-            return new SecretKeySpec(encoded, wrappedKeyAlgorithm);
-        }
-        else
-        {
-            try
-            {
-                KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
-
-                if (wrappedKeyType == Cipher.PUBLIC_KEY)
-                {
-                    return kf.generatePublic(new X509EncodedKeySpec(encoded));
-                }
-                else if (wrappedKeyType == Cipher.PRIVATE_KEY)
-                {
-                    return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
-                }
-            }
-            catch (NoSuchProviderException e)
-            {
-                throw new InvalidKeyException("Unknown key type " + e.getMessage());
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                throw new InvalidKeyException("Unknown key type " + e.getMessage());
-            }
-            catch (InvalidKeySpecException e2)
-            {
-                throw new InvalidKeyException("Unknown key type " + e2.getMessage());
-            }
-
-            throw new InvalidKeyException("Unknown key type " + wrappedKeyType);
-        }
-    }
-
-    /*
-     * The ciphers that inherit from us.
-     */
-
-    /**
-     * PBEWithMD5AndDES
-     */
-    static public class BrokePBEWithMD5AndDES
-        extends BrokenJCEBlockCipher
-    {
-        public BrokePBEWithMD5AndDES()
-        {
-            super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD5, 64, 64);
-        }
-    }
-
-    /**
-     * PBEWithSHA1AndDES
-     */
-    static public class BrokePBEWithSHA1AndDES
-        extends BrokenJCEBlockCipher
-    {
-        public BrokePBEWithSHA1AndDES()
-        {
-            super(new CBCBlockCipher(new DESEngine()), PKCS5S1, SHA1, 64, 64);
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd3-KeyTripleDES-CBC
-     */
-    static public class BrokePBEWithSHAAndDES3Key
-        extends BrokenJCEBlockCipher
-    {
-        public BrokePBEWithSHAAndDES3Key()
-        {
-            super(new CBCBlockCipher(new DESedeEngine()), PKCS12, SHA1, 192, 64);
-        }
-    }
-
-    /**
-     * OldPBEWithSHAAnd3-KeyTripleDES-CBC
-     */
-    static public class OldPBEWithSHAAndDES3Key
-        extends BrokenJCEBlockCipher
-    {
-        public OldPBEWithSHAAndDES3Key()
-        {
-            super(new CBCBlockCipher(new DESedeEngine()), OLD_PKCS12, SHA1, 192, 64);
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd2-KeyTripleDES-CBC
-     */
-    static public class BrokePBEWithSHAAndDES2Key
-        extends BrokenJCEBlockCipher
-    {
-        public BrokePBEWithSHAAndDES2Key()
-        {
-            super(new CBCBlockCipher(new DESedeEngine()), PKCS12, SHA1, 128, 64);
-        }
-    }
-
-    /**
-     * OldPBEWithSHAAndTwofish-CBC
-     */
-    static public class OldPBEWithSHAAndTwofish
-        extends BrokenJCEBlockCipher
-    {
-        public OldPBEWithSHAAndTwofish()
-        {
-            super(new CBCBlockCipher(new TwofishEngine()), OLD_PKCS12, SHA1, 256, 128);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java
deleted file mode 100644
index e6186f674..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java
+++ /dev/null
@@ -1,127 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.DerivationParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.params.KDFParameters;
-
-/**
- * Generator for PBE derived keys and ivs as defined by IEEE P1363a
- * 
    
- * This implementation is based on draft 9 of IEEE P1363a. Note:
- * as this is still a draft the output of this generator may change, don't
- * use it for anything that might be subject to long term storage.
- */
-public class BrokenKDF2BytesGenerator
-    implements DerivationFunction
-{
-    private Digest  digest;
-    private byte[]  shared;
-    private byte[]  iv;
-
-    /**
-     * Construct a KDF2 Parameters generator. Generates key material
-     * according to IEEE P1363a - if you want orthodox results you should
-     * use a digest specified in the standard.
-     * 
    
-     * Note: IEEE P1363a standard is still a draft standard, if the standard
-     * changes this function, the output of this function will change as well.
-     * Don't use this routine for anything subject to long term storage.
-     *
-     * @param digest the digest to be used as the source of derived keys.
-     */
-    public BrokenKDF2BytesGenerator(
-        Digest  digest)
-    {
-        this.digest = digest;
-    }
-
-    public void init(
-        DerivationParameters    param)
-    {
-        if (!(param instanceof KDFParameters))
-        {
-            throw new IllegalArgumentException("KDF parameters required for KDF2Generator");
-        }
-
-        KDFParameters   p = (KDFParameters)param;
-
-        shared = p.getSharedSecret();
-        iv = p.getIV();
-    }
-
-    /**
-     * return the underlying digest.
-     */
-    public Digest getDigest()
-    {
-        return digest;
-    }
-
-    /**
-     * fill len bytes of the output buffer with bytes generated from
-     * the derivation function.
-     *
-     * @throws IllegalArgumentException if the size of the request will cause an overflow.
-     * @throws DataLengthException if the out buffer is too small.
-     */
-    public int generateBytes(
-        byte[]  out,
-        int     outOff,
-        int     len)
-        throws DataLengthException, IllegalArgumentException
-    {
-        if ((out.length - len) < outOff)
-        {
-            throw new DataLengthException("output buffer too small");
-        }
-
-        long    oBits = len * 8;
-
-        //
-        // this is at odds with the standard implementation, the
-        // maximum value should be hBits * (2^23 - 1) where hBits
-        // is the digest output size in bits. We can't have an
-        // array with a long index at the moment...
-        //
-        if (oBits > (digest.getDigestSize() * 8 * (2L^32 - 1)))
-        {
-            new IllegalArgumentException("Output length to large");
-        }
-    
-        int cThreshold = (int)(oBits / digest.getDigestSize());
-
-        byte[] dig = null;
-
-        dig = new byte[digest.getDigestSize()];
-
-        for (int counter = 1; counter <= cThreshold; counter++)
-        {
-            digest.update(shared, 0, shared.length);
-
-            digest.update((byte)(counter & 0xff));
-            digest.update((byte)((counter >> 8) & 0xff));
-            digest.update((byte)((counter >> 16) & 0xff));
-            digest.update((byte)((counter >> 24) & 0xff));
-
-            digest.update(iv, 0, iv.length);
-
-            digest.doFinal(dig, 0);
-
-            if ((len - outOff) > dig.length)
-            {
-                System.arraycopy(dig, 0, out, outOff, dig.length);
-                outOff += dig.length;
-            }
-            else
-            {
-                System.arraycopy(dig, 0, out, outOff, len - outOff);
-            }
-        }
-    
-        digest.reset();
-
-        return len;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java
deleted file mode 100644
index 766912b35..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java
+++ /dev/null
@@ -1,440 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-/**
- * Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0,
- * with a bug affecting 180 bit plus keys - this class is only here to
- * allow smooth migration of the version 0 keystore to version 1. Don't
- * use it (it won't be staying around).
- * 
    
- * The document this implementation is based on can be found at
- * 
- * RSA's PKCS12 Page
- */
-class OldPKCS12ParametersGenerator
-    extends PBEParametersGenerator
-{
-    public static final int KEY_MATERIAL = 1;
-    public static final int IV_MATERIAL  = 2;
-    public static final int MAC_MATERIAL = 3;
-
-    private Digest digest;
-
-    private int     u;
-    private int     v;
-
-    /**
-     * Construct a PKCS 12 Parameters generator. This constructor will
-     * accept MD5, SHA1, and RIPEMD160.
-     *
-     * @param digest the digest to be used as the source of derived keys.
-     * @exception IllegalArgumentException if an unknown digest is passed in.
-     */
-    public OldPKCS12ParametersGenerator(
-        Digest  digest)
-    {
-        this.digest = digest;
-        if (digest instanceof MD5Digest)
-        {
-            u = 128 / 8;
-            v = 512 / 8;
-        }
-        else if (digest instanceof SHA1Digest)
-        {
-            u = 160 / 8;
-            v = 512 / 8;
-        }
-        else if (digest instanceof RIPEMD160Digest)
-        {
-            u = 160 / 8;
-            v = 512 / 8;
-        }
-        else
-        {
-            throw new IllegalArgumentException("Digest " + digest.getAlgorithmName() + " unsupported");
-        }
-    }
-
-    /**
-     * add a + b + 1, returning the result in a. The a value is treated
-     * as a BigInteger of length (b.length * 8) bits. The result is 
-     * modulo 2^b.length in case of overflow.
-     */
-    private void adjust(
-        byte[]  a,
-        int     aOff,
-        byte[]  b)
-    {
-        int  x = (b[b.length - 1] & 0xff) + (a[aOff + b.length - 1] & 0xff) + 1;
-
-        a[aOff + b.length - 1] = (byte)x;
-        x >>>= 8;
-
-        for (int i = b.length - 2; i >= 0; i--)
-        {
-            x += (b[i] & 0xff) + (a[aOff + i] & 0xff);
-            a[aOff + i] = (byte)x;
-            x >>>= 8;
-        }
-    }
-
-    /**
-     * generation of a derived key ala PKCS12 V1.0.
-     */
-    private byte[] generateDerivedKey(
-        int idByte,
-        int n)
-    {
-        byte[]  D = new byte[v];
-        byte[]  dKey = new byte[n];
-
-        for (int i = 0; i != D.length; i++)
-        {
-            D[i] = (byte)idByte;
-        }
-
-        byte[]  S;
-
-        if ((salt != null) && (salt.length != 0))
-        {
-            S = new byte[v * ((salt.length + v - 1) / v)];
-
-            for (int i = 0; i != S.length; i++)
-            {
-                S[i] = salt[i % salt.length];
-            }
-        }
-        else
-        {
-            S = new byte[0];
-        }
-
-        byte[]  P;
-
-        if ((password != null) && (password.length != 0))
-        {
-            P = new byte[v * ((password.length + v - 1) / v)];
-
-            for (int i = 0; i != P.length; i++)
-            {
-                P[i] = password[i % password.length];
-            }
-        }
-        else
-        {
-            P = new byte[0];
-        }
-
-        byte[]  I = new byte[S.length + P.length];
-
-        System.arraycopy(S, 0, I, 0, S.length);
-        System.arraycopy(P, 0, I, S.length, P.length);
-
-        byte[]  B = new byte[v];
-        int     c = (n + u - 1) / u;
-
-        for (int i = 1; i <= c; i++)
-        {
-            byte[]  A = new byte[u];
-
-            digest.update(D, 0, D.length);
-            digest.update(I, 0, I.length);
-            digest.doFinal(A, 0);
-            for (int j = 1; j != iterationCount; j++)
-            {
-                digest.update(A, 0, A.length);
-                digest.doFinal(A, 0);
-            }
-
-            for (int j = 0; j != B.length; j++)
-            {
-                B[i] = A[j % A.length];
-            }
-
-            for (int j = 0; j != I.length / v; j++)
-            {
-                adjust(I, j * v, B);
-            }
-
-            if (i == c)
-            {
-                System.arraycopy(A, 0, dKey, (i - 1) * u, dKey.length - ((i - 1) * u));
-            }
-            else
-            {
-                System.arraycopy(A, 0, dKey, (i - 1) * u, A.length);
-            }
-        }
-
-        return dKey;
-    }
-
-    /**
-     * Generate a key parameter derived from the password, salt, and iteration
-     * count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     */
-    public CipherParameters generateDerivedParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        byte[]  dKey = generateDerivedKey(KEY_MATERIAL, keySize);
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-
-    /**
-     * Generate a key with initialisation vector parameter derived from
-     * the password, salt, and iteration count we are currently initialised
-     * with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @param ivSize the size of the iv we want (in bits)
-     * @return a ParametersWithIV object.
-     */
-    public CipherParameters generateDerivedParameters(
-        int     keySize,
-        int     ivSize)
-    {
-        keySize = keySize / 8;
-        ivSize = ivSize / 8;
-
-        byte[]  dKey = generateDerivedKey(KEY_MATERIAL, keySize);
-
-        byte[]  iv = generateDerivedKey(IV_MATERIAL, ivSize);
-
-        return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), iv, 0, ivSize);
-    }
-
-    /**
-     * Generate a key parameter for use with a MAC derived from the password,
-     * salt, and iteration count we are currently initialised with.
-     *
-     * @param keySize the size of the key we want (in bits)
-     * @return a KeyParameter object.
-     */
-    public CipherParameters generateDerivedMacParameters(
-        int keySize)
-    {
-        keySize = keySize / 8;
-
-        byte[]  dKey = generateDerivedKey(MAC_MATERIAL, keySize);
-
-        return new KeyParameter(dKey, 0, keySize);
-    }
-}
-
-public interface BrokenPBE
-{
-    //
-    // PBE Based encryption constants - by default we do PKCS12 with SHA-1
-    //
-    static final int        MD5         = 0;
-    static final int        SHA1        = 1;
-    static final int        RIPEMD160   = 2;
-
-    static final int        PKCS5S1     = 0;
-    static final int        PKCS5S2     = 1;
-    static final int        PKCS12      = 2;
-    static final int        OLD_PKCS12  = 3;
-
-    /**
-     * uses the appropriate mixer to generate the key and IV if neccessary.
-     */
-    static class Util
-    {
-        /**
-         * a faulty parity routine...
-         *
-         * @param bytes the byte array to set the parity on.
-         */
-        static private void setOddParity(
-            byte[] bytes)
-        {
-            for (int i = 0; i < bytes.length; i++)
-            {
-                int b = bytes[i];
-                bytes[i] = (byte)((b & 0xfe) |
-                                (((b >> 1) ^
-                                (b >> 2) ^
-                                (b >> 3) ^
-                                (b >> 4) ^
-                                (b >> 5) ^
-                                (b >> 6) ^
-                                (b >> 7)) ^ 0x01));
-            }
-        }
-
-        static private PBEParametersGenerator makePBEGenerator(
-            int                     type,
-            int                     hash)
-        {
-            PBEParametersGenerator  generator;
-    
-            if (type == PKCS5S1)
-            {
-                switch (hash)
-                {
-                case MD5:
-                    generator = new PKCS5S1ParametersGenerator(new MD5Digest());
-                    break;
-                case SHA1:
-                    generator = new PKCS5S1ParametersGenerator(new SHA1Digest());
-                    break;
-                default:
-                    throw new IllegalStateException("PKCS5 scheme 1 only supports only MD5 and SHA1.");
-                }
-            }
-            else if (type == PKCS5S2)
-            {
-                generator = new PKCS5S2ParametersGenerator();
-            }
-            else if (type == OLD_PKCS12)
-            {
-                switch (hash)
-                {
-                case MD5:
-                    generator = new OldPKCS12ParametersGenerator(new MD5Digest());
-                    break;
-                case SHA1:
-                    generator = new OldPKCS12ParametersGenerator(new SHA1Digest());
-                    break;
-                case RIPEMD160:
-                    generator = new OldPKCS12ParametersGenerator(new RIPEMD160Digest());
-                    break;
-                default:
-                    throw new IllegalStateException("unknown digest scheme for PBE encryption.");
-                }
-            }
-            else
-            {
-                switch (hash)
-                {
-                case MD5:
-                    generator = new PKCS12ParametersGenerator(new MD5Digest());
-                    break;
-                case SHA1:
-                    generator = new PKCS12ParametersGenerator(new SHA1Digest());
-                    break;
-                case RIPEMD160:
-                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
-                    break;
-                default:
-                    throw new IllegalStateException("unknown digest scheme for PBE encryption.");
-                }
-            }
-    
-            return generator;
-        }
-
-        /**
-         * construct a key and iv (if neccessary) suitable for use with a 
-         * Cipher.
-         */
-        static CipherParameters makePBEParameters(
-            JCEPBEKey               pbeKey,
-            AlgorithmParameterSpec  spec,
-            int                     type,
-            int                     hash,
-            String                  targetAlgorithm,
-            int                     keySize,
-            int                     ivSize)
-        {
-            if ((spec == null) || !(spec instanceof PBEParameterSpec))
-            {
-                throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
-            }
-    
-            PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
-            PBEParametersGenerator  generator = makePBEGenerator(type, hash);
-            byte[]                  key = pbeKey.getEncoded();
-            CipherParameters        param;
-    
-            generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());
-
-            if (ivSize != 0)
-            {
-                param = generator.generateDerivedParameters(keySize, ivSize);
-            }
-            else
-            {
-                param = generator.generateDerivedParameters(keySize);
-            }
-
-            if (targetAlgorithm.startsWith("DES"))
-            {
-                if (param instanceof ParametersWithIV)
-                {
-                    KeyParameter    kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
-
-                    setOddParity(kParam.getKey());
-                }
-                else
-                {
-                    KeyParameter    kParam = (KeyParameter)param;
-
-                    setOddParity(kParam.getKey());
-                }
-            }
-
-            for (int i = 0; i != key.length; i++)
-            {
-                key[i] = 0;
-            }
-
-            return param;
-        }
-
-        /**
-         * generate a PBE based key suitable for a MAC algorithm, the
-         * key size is chosen according the MAC size, or the hashing algorithm,
-         * whichever is greater.
-         */
-        static CipherParameters makePBEMacParameters(
-            JCEPBEKey               pbeKey,
-            AlgorithmParameterSpec  spec,
-            int                     type,
-            int                     hash,
-            int                     keySize)
-        {
-            if ((spec == null) || !(spec instanceof PBEParameterSpec))
-            {
-                throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
-            }
-    
-            PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
-            PBEParametersGenerator  generator = makePBEGenerator(type, hash);
-            byte[]                  key = pbeKey.getEncoded();
-            CipherParameters        param;
-    
-            generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());
-
-            param = generator.generateDerivedMacParameters(keySize);
-    
-            for (int i = 0; i != key.length; i++)
-            {
-                key[i] = 0;
-            }
-
-            return param;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
deleted file mode 100644
index b50773ce1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ /dev/null
@@ -1,1404 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PublicKey;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.PKIXParameters;
-import java.security.cert.PolicyQualifierInfo;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLSelector;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-import java.security.spec.DSAPublicKeySpec;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.CRLNumber;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.DistributionPoint;
-import org.bouncycastle.asn1.x509.DistributionPointName;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.PolicyInformation;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
-import org.bouncycastle.x509.X509Store;
-
-public class CertPathValidatorUtilities
-{
-    protected static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
-
-    protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
-    protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
-    protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
-    protected static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId();
-    protected static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId();
-    protected static final String KEY_USAGE = X509Extensions.KeyUsage.getId();
-    protected static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId();
-    protected static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId();
-    protected static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId();
-    protected static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId();
-    protected static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId();
-    protected static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId();
-    protected static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId();
-
-    protected static final String ANY_POLICY = "2.5.29.32.0";
-    
-    protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId();
-    
-    /*
-     * key usage bits
-     */
-    protected static final int    KEY_CERT_SIGN = 5;
-    protected static final int    CRL_SIGN = 6;
-
-    protected static final String[] crlReasons = new String[] {
-        "unspecified",
-        "keyCompromise",
-        "cACompromise",
-        "affiliationChanged",
-        "superseded",
-        "cessationOfOperation",
-        "certificateHold",
-        "unknown",
-        "removeFromCRL",
-        "privilegeWithdrawn",
-        "aACompromise" };
-    
-    /**
-     * Search the given Set of TrustAnchor's for one that is the
-     * issuer of the given X509 certificate. Uses the default provider
-     * for signature verification.
-     *
-     * @param cert the X509 certificate
-     * @param trustAnchors a Set of TrustAnchor's
-     *
-     * @return the TrustAnchor object if found or
-     * null if not.
-     *
-     * @exception AnnotatedException
-     *                if a TrustAnchor was found but the signature verification
-     *                on the given certificate has thrown an exception.
-     */
-    protected static TrustAnchor findTrustAnchor(
-        X509Certificate cert,
-        Set             trustAnchors)
-            throws AnnotatedException
-    {
-        return findTrustAnchor(cert, trustAnchors, null);
-    }
-    
-    /**
-     * Search the given Set of TrustAnchor's for one that is the
-     * issuer of the given X509 certificate. Uses the specified
-     * provider for signature verification, or the default provider
-     * if null.
-     *
-     * @param cert the X509 certificate
-     * @param trustAnchors a Set of TrustAnchor's
-     * @param sigProvider the provider to use for signature verification
-     *
-     * @return the TrustAnchor object if found or
-     * null if not.
-     *
-     * @exception AnnotatedException
-     *                if a TrustAnchor was found but the signature verification
-     *                on the given certificate has thrown an exception.
-     */
-    protected static TrustAnchor findTrustAnchor(
-        X509Certificate cert,
-        Set             trustAnchors,
-        String          sigProvider) 
-            throws AnnotatedException
-    {
-        TrustAnchor trust = null;
-        PublicKey trustPublicKey = null;
-        Exception invalidKeyEx = null;
-
-        X509CertSelector certSelectX509 = new X509CertSelector();
-        X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
-
-        try
-        {
-            certSelectX509.setSubject(certIssuer.getEncoded());
-        }
-        catch (IOException ex)
-        {
-            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
-        }
-
-        Iterator iter = trustAnchors.iterator();
-        while (iter.hasNext() && trust == null)
-        {
-            trust = (TrustAnchor) iter.next();
-            if (trust.getTrustedCert() != null)
-            {
-                if (certSelectX509.match(trust.getTrustedCert()))
-                {
-                    trustPublicKey = trust.getTrustedCert().getPublicKey();
-                }
-                else
-                {
-                    trust = null;
-                }
-            }
-            else if (trust.getCAName() != null
-                    && trust.getCAPublicKey() != null)
-            {
-                try
-                {
-                    X500Principal caName = new X500Principal(trust.getCAName());
-                    if (certIssuer.equals(caName))
-                    {
-                        trustPublicKey = trust.getCAPublicKey();
-                    }
-                    else
-                    {
-                        trust = null;
-                    }
-                }
-                catch (IllegalArgumentException ex)
-                {
-                    trust = null;
-                }
-            }
-            else
-            {
-                trust = null;
-            }
-
-            if (trustPublicKey != null)
-            {
-                try
-                {
-                    verifyX509Certificate(cert, trustPublicKey, sigProvider);
-                }
-                catch (Exception ex)
-                {
-                    invalidKeyEx = ex;
-                    trust = null;
-                }
-            }
-        }
-
-        if (trust == null && invalidKeyEx != null)
-        {
-            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", invalidKeyEx);
-        }
-
-        return trust;
-    }
-
-    protected static void addAdditionalStoresFromAltNames(
-            X509Certificate cert,
-            ExtendedPKIXParameters pkixParams)
-            throws CertificateParsingException
-    {
-        // if in the IssuerAltName extension an URI
-        // is given, add an additinal X.509 store
-        if (cert.getIssuerAlternativeNames() != null)
-        {
-            Iterator it = cert.getIssuerAlternativeNames().iterator();
-            while (it.hasNext())
-            {
-                // look for URI
-                List list = (List) it.next();
-                if (list.get(0).equals(new Integer(GeneralName.uniformResourceIdentifier)))
-                {
-                    // found
-                    String temp = (String) list.get(1);
-                    CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams);
-                }
-            }
-        }
-    }
-    /**
-     * Returns the issuer of an attribute certificate or certificate.
-     * @param cert The attribute certificate or certificate.
-     * @return The issuer as X500Principal.
-     */
-    protected static X500Principal getEncodedIssuerPrincipal(
-        Object cert)
-    {
-        if (cert instanceof X509Certificate)
-        {
-            return ((X509Certificate)cert).getIssuerX500Principal();
-        }
-        else
-        {
-            return (X500Principal)((X509AttributeCertificate)cert).getIssuer().getPrincipals()[0];
-        }
-    }
-
-    protected static Date getValidDate(PKIXParameters paramsPKIX)
-    {
-        Date validDate = paramsPKIX.getDate();
-
-        if (validDate == null)
-        {
-            validDate = new Date();
-        }
-
-        return validDate;
-    }
-
-    protected static X500Principal getSubjectPrincipal(X509Certificate cert)
-    {
-        return cert.getSubjectX500Principal();
-    }
-    
-    protected static boolean isSelfIssued(X509Certificate cert)
-    {
-        return cert.getSubjectDN().equals(cert.getIssuerDN());
-    }
-    
-    
-    /**
-     * Extract the value of the given extension, if it exists.
-     * 
-     * @param ext
-     *            The extension object.
-     * @param oid
-     *            The object identifier to obtain.
-     * @throws AnnotatedException
-     *             if the extension cannot be read.
-     */
-    protected static DERObject getExtensionValue(
-        java.security.cert.X509Extension    ext,
-        String                              oid)
-        throws AnnotatedException
-    {
-        byte[]  bytes = ext.getExtensionValue(oid);
-        if (bytes == null)
-        {
-            return null;
-        }
-
-        return getObject(oid, bytes);
-    }
-    
-    private static DERObject getObject(
-            String oid,
-            byte[] ext)
-            throws AnnotatedException
-    {
-        try
-        {
-            ASN1InputStream aIn = new ASN1InputStream(ext);
-            ASN1OctetString octs = (ASN1OctetString)aIn.readObject();
-
-            aIn = new ASN1InputStream(octs.getOctets());
-            return aIn.readObject();
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException("exception processing extension " + oid, e);
-        }
-    }
-    
-    protected static X500Principal getIssuerPrincipal(X509CRL crl)
-    {
-        return crl.getIssuerX500Principal();
-    }
-    
-    protected static AlgorithmIdentifier getAlgorithmIdentifier(
-        PublicKey key)
-        throws CertPathValidatorException
-    {
-        try
-        {
-            ASN1InputStream      aIn = new ASN1InputStream(key.getEncoded());
-
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
-
-            return info.getAlgorithmId();
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e);
-        }
-    }
-    
-    // crl checking
-
-
-    //
-    // policy checking
-    // 
-    
-    protected static final Set getQualifierSet(ASN1Sequence qualifiers) 
-        throws CertPathValidatorException
-    {
-        Set             pq   = new HashSet();
-        
-        if (qualifiers == null)
-        {
-            return pq;
-        }
-        
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-    
-        Enumeration e = qualifiers.getObjects();
-    
-        while (e.hasMoreElements())
-        {
-            try
-            {
-                aOut.writeObject(e.nextElement());
-    
-                pq.add(new PolicyQualifierInfo(bOut.toByteArray()));
-            }
-            catch (IOException ex)
-            {
-                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", ex);
-            }
-    
-            bOut.reset();
-        }
-        
-        return pq;
-    }
-    
-    protected static PKIXPolicyNode removePolicyNode(
-        PKIXPolicyNode  validPolicyTree,
-        List     []        policyNodes,
-        PKIXPolicyNode _node)
-    {
-        PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent();
-        
-        if (validPolicyTree == null)
-        {
-            return null;
-        }
-
-        if (_parent == null)
-        {
-            for (int j = 0; j < policyNodes.length; j++)
-            {
-                policyNodes[j] = new ArrayList();
-            }
-
-            return null;
-        }
-        else
-        {
-            _parent.removeChild(_node);
-            removePolicyNodeRecurse(policyNodes, _node);
-
-            return validPolicyTree;
-        }
-    }
-    
-    private static void removePolicyNodeRecurse(
-        List     []        policyNodes,
-        PKIXPolicyNode  _node)
-    {
-        policyNodes[_node.getDepth()].remove(_node);
-
-        if (_node.hasChildren())
-        {
-            Iterator _iter = _node.getChildren();
-            while (_iter.hasNext())
-            {
-                PKIXPolicyNode _child = (PKIXPolicyNode)_iter.next();
-                removePolicyNodeRecurse(policyNodes, _child);
-            }
-        }
-    }
-    
-    
-    protected static boolean processCertD1i(
-        int                 index,
-        List     []            policyNodes,
-        DERObjectIdentifier pOid,
-        Set                 pq)
-    {
-        List       policyNodeVec = policyNodes[index - 1];
-
-        for (int j = 0; j < policyNodeVec.size(); j++)
-        {
-            PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j);
-            Set            expectedPolicies = node.getExpectedPolicies();
-            
-            if (expectedPolicies.contains(pOid.getId()))
-            {
-                Set childExpectedPolicies = new HashSet();
-                childExpectedPolicies.add(pOid.getId());
-                
-                PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(),
-                                                           index,
-                                                           childExpectedPolicies,
-                                                           node,
-                                                           pq,
-                                                           pOid.getId(),
-                                                           false);
-                node.addChild(child);
-                policyNodes[index].add(child);
-                
-                return true;
-            }
-        }
-        
-        return false;
-    }
-
-    protected static void processCertD1ii(
-        int                 index,
-        List     []            policyNodes,
-        DERObjectIdentifier _poid,
-        Set _pq)
-    {
-        List       policyNodeVec = policyNodes[index - 1];
-
-        for (int j = 0; j < policyNodeVec.size(); j++)
-        {
-            PKIXPolicyNode _node = (PKIXPolicyNode)policyNodeVec.get(j);
-
-            if (ANY_POLICY.equals(_node.getValidPolicy()))
-            {
-                Set _childExpectedPolicies = new HashSet();
-                _childExpectedPolicies.add(_poid.getId());
-                
-                PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(),
-                                                           index,
-                                                           _childExpectedPolicies,
-                                                           _node,
-                                                           _pq,
-                                                           _poid.getId(),
-                                                           false);
-                _node.addChild(_child);
-                policyNodes[index].add(_child);
-                return;
-            }
-        }
-    }
-    
-    protected static void prepareNextCertB1(
-            int i,
-            List[] policyNodes,
-            String id_p,
-            Map m_idp,
-            X509Certificate cert
-            ) throws AnnotatedException,CertPathValidatorException
-    {
-        boolean idp_found = false;
-        Iterator nodes_i = policyNodes[i].iterator();
-        while (nodes_i.hasNext())
-        {
-            PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
-            if (node.getValidPolicy().equals(id_p))
-            {
-                idp_found = true;
-                node.expectedPolicies = (Set)m_idp.get(id_p);
-                break;
-            }
-        }
-
-        if (!idp_found)
-        {
-            nodes_i = policyNodes[i].iterator();
-            while (nodes_i.hasNext())
-            {
-                PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
-                if (ANY_POLICY.equals(node.getValidPolicy()))
-                {
-                    Set pq = null;
-                    ASN1Sequence policies = null;
-                    try
-                    {
-                        policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
-                    }
-                    catch (Exception e)
-                    {
-                        throw
-
-                        new AnnotatedException("Certificate policies cannot be decoded.", e);
-                    }
-                    Enumeration e = policies.getObjects();
-                    while (e.hasMoreElements())
-                    {
-                        PolicyInformation pinfo = null;
-
-                        try
-                        {
-                            pinfo = PolicyInformation.getInstance(e.nextElement());
-                        }
-                        catch (Exception ex)
-                        {
-                            throw new AnnotatedException("Policy information cannot be decoded.", ex);
-                        }
-                        if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId()))
-                        {
-                            try
-                            {
-                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
-                            }
-                            catch (CertPathValidatorException ex)
-                            {
-                                throw new ExtCertPathValidatorException(
-                                        "Policy qualifier info set could not be built.", ex);
-                            }
-                            break;
-                        }
-                    }
-                    boolean ci = false;
-                    if (cert.getCriticalExtensionOIDs() != null)
-                    {
-                        ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
-                    }
-
-                    PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
-                    if (ANY_POLICY.equals(p_node.getValidPolicy()))
-                    {
-                        PKIXPolicyNode c_node = new PKIXPolicyNode(
-                                new ArrayList(), i,
-                                (Set)m_idp.get(id_p),
-                                p_node, pq, id_p, ci);
-                        p_node.addChild(c_node);
-                        policyNodes[i].add(c_node);
-                    }
-                    break;
-                }
-            }
-        }
-    }
-    
-    protected static PKIXPolicyNode prepareNextCertB2(
-            int i,
-            List[] policyNodes,
-            String id_p,
-            PKIXPolicyNode validPolicyTree) 
-    {
-        Iterator nodes_i = policyNodes[i].iterator();
-        while (nodes_i.hasNext())
-        {
-            PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
-            if (node.getValidPolicy().equals(id_p))
-            {
-                PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
-                p_node.removeChild(node);
-                nodes_i.remove();
-                for (int k = (i - 1); k >= 0; k--)
-                {
-                    List nodes = policyNodes[k];
-                    for (int l = 0; l < nodes.size(); l++)
-                    {
-                        PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l);
-                        if (!node2.hasChildren())
-                        {
-                            validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2);
-                            if (validPolicyTree == null)
-                            {
-                                break;
-                            }
-                        }
-                    }
-                }
-            }
-        }
-        return validPolicyTree;
-    }
-    
-    protected static boolean isAnyPolicy(
-        Set policySet)
-    {
-        return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty();
-    }
-    
-    protected static void addAdditionalStoreFromLocation(String location,
-        ExtendedPKIXParameters pkixParams)
-    {
-        if (pkixParams.isAdditionalLocationsEnabled())
-        {
-            try
-            {
-                if (location.startsWith("ldap://"))
-                {
-                    // ldap://directory.d-trust.net/CN=D-TRUST
-                    // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
-                    // skip "ldap://"
-                    location = location.substring(7);
-                    // after first / baseDN starts
-                    String base = null;
-                    String url = null;
-                    if (location.indexOf("/") != -1)
-                    {
-                        base = location.substring(location.indexOf("/"));
-                        // URL
-                        url = "ldap://"
-                            + location.substring(0, location.indexOf("/"));
-                    }
-                    else
-                    {
-                        url = "ldap://" + location;
-                    }
-                    // use all purpose parameters
-                    X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
-                        url, base).build();
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                }
-            }
-            catch (Exception e)
-            {
-                // cannot happen
-                throw new RuntimeException("Exception adding X.509 stores.");
-            }
-        }
-    }
-
-    /**
-     * Return a Collection of all certificates or attribute certificates found
-     * in the X509Store's that are matching the certSelect criteriums.
-     *
-     * @param certSelect a {@link Selector} object that will be used to select
-     *            the certificates
-     * @param certStores a List containing only {@link X509Store} objects. These
-     *            are used to search for certificates.
-     *
-     * @return a Collection of all found {@link X509Certificate} or
-     *         {@link org.bouncycastle.x509.X509AttributeCertificate} objects.
-     *         May be empty but never null.
-     */
-    protected static Collection findCertificates(X509CertStoreSelector certSelect,
-        List certStores) throws AnnotatedException
-    {
-        Set certs = new HashSet();
-        Iterator iter = certStores.iterator();
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store certStore = (X509Store)obj;
-                try
-                {
-                    certs.addAll(certStore.getMatches(certSelect));
-                }
-                catch (StoreException e)
-                {
-                    throw
-
-                    new AnnotatedException(
-                        "Problem while picking certificates from X.509 store.", e);
-                }
-            }
-            else
-            {
-                CertStore certStore = (CertStore)obj;
-
-                try
-                {
-                    certs.addAll(certStore.getCertificates(certSelect));
-                }
-                catch (CertStoreException e)
-                {
-                    throw new AnnotatedException(
-                        "Problem while picking certificates from certificate store.",
-                        e);
-                }
-            }
-        }
-        return certs;
-    }
-
-    protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
-                                                 List certStores)
-    throws AnnotatedException
-    {
-        Set certs = new HashSet();
-        Iterator iter = certStores.iterator();
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store certStore = (X509Store)obj;
-                try
-                {
-                    certs.addAll(certStore.getMatches(certSelect));
-                }
-                catch (StoreException e)
-                {
-                    throw
-
-                        new AnnotatedException(
-                            "Problem while picking certificates from X.509 store.", e);
-                }
-            }
-        }
-        return certs;
-    }
-
-    protected static void addAdditionalStoresFromCRLDistributionPoint(
-        CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
-        throws AnnotatedException
-    {
-        if (crldp != null)
-        {
-            DistributionPoint dps[] = null;
-            try
-            {
-                dps = crldp.getDistributionPoints();
-            }
-            catch (Exception e)
-            {
-                throw new AnnotatedException(
-                    "Distribution points could not be read.", e);
-            }
-            for (int i = 0; i < dps.length; i++)
-            {
-                DistributionPointName dpn = dps[i].getDistributionPoint();
-                // look for URIs in fullName
-                if (dpn != null)
-                {
-                    if (dpn.getType() == DistributionPointName.FULL_NAME)
-                    {
-                        GeneralName[] genNames = GeneralNames.getInstance(
-                            dpn.getName()).getNames();
-                        // look for an URI
-                        for (int j = 0; j < genNames.length; j++)
-                        {
-                            if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier)
-                            {
-                                String location = DERIA5String.getInstance(
-                                    genNames[j].getName()).getString();
-                                CertPathValidatorUtilities
-                                    .addAdditionalStoreFromLocation(location,
-                                        pkixParams);
-                            }
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    /**
-     * Add the CRL issuers from the cRLIssuer field of the distribution point or
-     * from the certificate if not given to the issuer criterion of the
-     * selector.
-     * 
    
-     * The issuerPrincipals are a collection with a single
-     * X500Principal for X509Certificates. For
-     * {@link X509AttributeCertificate}s the issuer may contain more than one
-     * X500Principal.
-     *
-     * @param dp The distribution point.
-     * @param issuerPrincipals The issuers of the certificate or attribute
-     *            certificate which contains the distribution point.
-     * @param selector The CRL selector.
-     * @param pkixParams The PKIX parameters containing the cert stores.
-     * @throws AnnotatedException if an exception occurs while processing.
-     * @throws ClassCastException if issuerPrincipals does not
-     * contain only X500Principals.
-     */
-    protected static void getCRLIssuersFromDistributionPoint(
-        DistributionPoint dp,
-        Collection issuerPrincipals,
-        X509CRLSelector selector,
-        ExtendedPKIXParameters pkixParams)
-        throws AnnotatedException
-    {
-        List issuers = new ArrayList();
-        // indirect CRL
-        if (dp.getCRLIssuer() != null)
-        {
-            GeneralName genNames[] = dp.getCRLIssuer().getNames();
-            // look for a DN
-            for (int j = 0; j < genNames.length; j++)
-            {
-                if (genNames[j].getTagNo() == GeneralName.directoryName)
-                {
-                    try
-                    {
-                        issuers.add(new X500Principal(genNames[j].getName()
-                            .getDERObject().getEncoded()));
-                    }
-                    catch (IOException e)
-                    {
-                        throw new AnnotatedException(
-                            "CRL issuer information from distribution point cannot be decoded.",
-                            e);
-                    }
-                }
-            }
-        }
-        else
-        {
-            /*
-             * certificate issuer is CRL issuer, distributionPoint field MUST be
-             * present.
-             */
-            if (dp.getDistributionPoint() == null)
-            {
-                throw new AnnotatedException(
-                    "CRL issuer is omitted from distribution point but no distributionPoint field present.");
-            }
-            // add and check issuer principals
-            for (Iterator it=issuerPrincipals.iterator(); it.hasNext();)
-            {
-                issuers.add((X500Principal)it.next());
-            }
-        }
-        // TODO: is not found although this should correctly add the rel name. selector of Sun is buggy here or PKI test case is invalid
-        // distributionPoint
-//        if (dp.getDistributionPoint() != null)
-//        {
-//            // look for nameRelativeToCRLIssuer
-//            if (dp.getDistributionPoint().getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
-//            {
-//                // append fragment to issuer, only one
-//                // issuer can be there, if this is given
-//                if (issuers.size() != 1)
-//                {
-//                    throw new AnnotatedException(
-//                        "nameRelativeToCRLIssuer field is given but more than one CRL issuer is given.");
-//                }
-//                DEREncodable relName = dp.getDistributionPoint().getName();
-//                Iterator it = issuers.iterator();
-//                List issuersTemp = new ArrayList(issuers.size());
-//                while (it.hasNext())
-//                {
-//                    Enumeration e = null;
-//                    try
-//                    {
-//                        e = ASN1Sequence.getInstance(
-//                            new ASN1InputStream(((X500Principal) it.next())
-//                                .getEncoded()).readObject()).getObjects();
-//                    }
-//                    catch (IOException ex)
-//                    {
-//                        throw new AnnotatedException(
-//                            "Cannot decode CRL issuer information.", ex);
-//                    }
-//                    ASN1EncodableVector v = new ASN1EncodableVector();
-//                    while (e.hasMoreElements())
-//                    {
-//                        v.add((DEREncodable) e.nextElement());
-//                    }
-//                    v.add(relName);
-//                    issuersTemp.add(new X500Principal(new DERSequence(v)
-//                        .getDEREncoded()));
-//                }
-//                issuers.clear();
-//                issuers.addAll(issuersTemp);
-//            }
-//        }
-        Iterator it = issuers.iterator();
-        while (it.hasNext())
-        {
-            try
-            {
-                selector.addIssuerName(((X500Principal)it.next()).getEncoded());
-            }
-            catch (IOException ex)
-            {
-                throw new AnnotatedException(
-                    "Cannot decode CRL issuer information.", ex);
-            }
-        }
-    }
-
-    private static BigInteger getSerialNumber(
-            Object cert)
-    {
-        if (cert instanceof X509Certificate)
-        {
-            return ((X509Certificate) cert).getSerialNumber();
-        }
-        else
-        {
-            return ((X509AttributeCertificate) cert).getSerialNumber();
-        }
-    }
-    
-    protected static void getCertStatus(
-            Date validDate,
-            X509CRL crl,
-            Object cert,
-            CertStatus certStatus)
-        throws AnnotatedException
-    {
-        // use BC X509CRLObject so that indirect CRLs are supported
-        X509CRLObject bcCRL = null;
-        try
-        {
-            bcCRL = new X509CRLObject(new CertificateList((ASN1Sequence) ASN1Sequence.fromByteArray(crl.getEncoded())));
-        }
-        catch (Exception exception)
-        {
-            throw new AnnotatedException("Bouncy Castle X509CRLObject could not be created.", exception);
-        }
-        // use BC X509CRLEntryObject, so that getCertificateIssuer() is
-        // supported.
-        X509CRLEntryObject crl_entry = (X509CRLEntryObject) bcCRL.getRevokedCertificate(getSerialNumber(cert));
-        if (crl_entry != null
-                && (getEncodedIssuerPrincipal(cert).equals(crl_entry.getCertificateIssuer()) || getEncodedIssuerPrincipal(cert)
-                        .equals(getIssuerPrincipal(crl))))
-        {
-            DEREnumerated reasonCode = null;
-            if (crl_entry.hasExtensions())
-            {
-                try
-                {
-                    reasonCode = DEREnumerated
-                        .getInstance(CertPathValidatorUtilities
-                            .getExtensionValue(crl_entry,
-                                X509Extensions.ReasonCode.getId()));
-                }
-                catch (Exception e)
-                {
-                    new AnnotatedException(
-                        "Reason code CRL entry extension could not be decoded.",
-                        e);
-                }
-            }
-
-            // for reason keyCompromise, caCompromise, aACompromise or
-            // unspecified
-            if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime())
-                || reasonCode == null
-                || reasonCode.getValue().intValue() == 0
-                || reasonCode.getValue().intValue() == 1
-                || reasonCode.getValue().intValue() == 2
-                || reasonCode.getValue().intValue() == 8)
-            {
-
-                // (i) or (j) (1)
-                if (reasonCode != null)
-                {
-                    certStatus.setCertStatus(reasonCode.getValue().intValue());
-                }
-                // (i) or (j) (2)
-                else
-                {
-                    certStatus.setCertStatus(CRLReason.unspecified);
-                }
-                certStatus.setRevocationDate(crl_entry.getRevocationDate());
-            }
-        }
-    }
-
-    /**
-     * Fetches delta CRLs according to RFC 3280 section 5.2.4.
-     *
-     * @param currentDate The date for which the delta CRLs must be valid.
-     * @param paramsPKIX The extended PKIX parameters.
-     * @param completeCRL The complete CRL the delta CRL is for.
-     * @return A Set of X509CRLs with delta CRLs.
-     * @throws AnnotatedException if an exception occurs while picking the delta
-     *             CRLs.
-     */
-    protected static Set getDeltaCRLs(Date currentDate,
-        ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
-        throws AnnotatedException
-    {
-
-        X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector();
-
-        // 5.2.4 (a)
-        try
-        {
-            deltaSelect.addIssuerName(CertPathValidatorUtilities
-                .getIssuerPrincipal(completeCRL).getEncoded());
-        }
-        catch (IOException e)
-        {
-            new AnnotatedException("Cannot extract issuer from CRL.", e);
-        }
-
-        BigInteger completeCRLNumber = null;
-        try
-        {
-            DERObject derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL,
-                    CRL_NUMBER);
-            if (derObject != null)
-            {
-                completeCRLNumber = CRLNumber.getInstance(derObject).getPositiveValue();
-            }
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException(
-                "CRL number extension could not be extracted from CRL.", e);
-        }
-
-        // 5.2.4 (b)
-        byte[] idp = null;
-        try
-        {
-            idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException(
-                "Issuing distribution point extension value could not be read.",
-                e);
-        }
-
-        // 5.2.4 (d)
-
-        deltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber
-            .add(BigInteger.valueOf(1)));
-
-        deltaSelect.setIssuingDistributionPoint(idp);
-        deltaSelect.setIssuingDistributionPointEnabled(true);
-
-        // 5.2.4 (c)
-        deltaSelect.setMaxBaseCRLNumber(completeCRLNumber);
-
-        // find delta CRLs
-        Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate);
-
-        Set result = new HashSet();
-
-        for (Iterator it = temp.iterator(); it.hasNext();)
-        {
-            X509CRL crl = (X509CRL)it.next();
-            
-            if (isDeltaCRL(crl))
-            {
-                result.add(crl);
-            }
-        }
-
-        return result;
-    }
-
-    private static boolean isDeltaCRL(X509CRL crl)
-    {
-        Set critical = crl.getCriticalExtensionOIDs();
-
-        return critical.contains(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
-    }
-
-    /**
-     * Fetches complete CRLs according to RFC 3280.
-     *
-     * @param dp The distribution point for which the complete CRL
-     * @param cert The X509Certificate or
-     *            {@link org.bouncycastle.x509.X509AttributeCertificate} for
-     *            which the CRL should be searched.
-     * @param currentDate The date for which the delta CRLs must be valid.
-     * @param paramsPKIX The extended PKIX parameters.
-     * @return A Set of X509CRLs with complete
-     *         CRLs.
-     * @throws AnnotatedException if an exception occurs while picking the CRLs
-     *             or no CRLs are found.
-     */
-    protected static Set getCompleteCRLs(DistributionPoint dp, Object cert,
-        Date currentDate, ExtendedPKIXParameters paramsPKIX)
-        throws AnnotatedException
-    {
-        X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
-        try
-        {
-            Set issuers = new HashSet();
-            if (cert instanceof X509AttributeCertificate)
-            {
-                issuers.add(((X509AttributeCertificate)cert)
-                    .getIssuer().getPrincipals()[0]);
-            }
-            else
-            {
-                issuers.add(getEncodedIssuerPrincipal(cert));
-            }
-            CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
-        }
-        catch (AnnotatedException e)
-        {
-            new AnnotatedException(
-                "Could not get issuer information from distribution point.", e);
-        }
-        if (cert instanceof X509Certificate)
-        {
-            crlselect.setCertificateChecking((X509Certificate)cert);
-        }
-        else if (cert instanceof X509AttributeCertificate)
-        {
-            crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
-        }
-
-
-
-        crlselect.setCompleteCRLEnabled(true);
-
-        Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
-
-        if (crls.isEmpty())
-        {
-            if (cert instanceof X509AttributeCertificate)
-            {
-                X509AttributeCertificate aCert = (X509AttributeCertificate)cert;
-
-                throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
-            }
-            else
-            {
-                X509Certificate xCert = (X509Certificate)cert;
-
-                throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
-            }
-        }
-        return crls;
-    }
-
-    protected static Date getValidCertDateFromValidityModel(
-        ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)
-        throws AnnotatedException
-    {
-        if (paramsPKIX.getValidityModel() == ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
-        {
-            // if end cert use given signing/encryption/... time
-            if (index <= 0)
-            {
-                return CertPathValidatorUtilities.getValidDate(paramsPKIX);
-                // else use time when previous cert was created
-            }
-            else
-            {
-                if (index - 1 == 0)
-                {
-                    DERGeneralizedTime dateOfCertgen = null;
-                    try
-                    {
-                        byte[] extBytes = ((X509Certificate)certPath.getCertificates().get(index - 1)).getExtensionValue(ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen.getId());
-                        if (extBytes != null)
-                        {
-                            dateOfCertgen = DERGeneralizedTime.getInstance(ASN1Object.fromByteArray(extBytes));
-                        }
-                    }
-                    catch (IOException e)
-                    {
-                        throw new AnnotatedException(
-                            "Date of cert gen extension could not be read.");
-                    }
-                    catch (IllegalArgumentException e)
-                    {
-                        throw new AnnotatedException(
-                            "Date of cert gen extension could not be read.");
-                    }
-                    if (dateOfCertgen != null)
-                    {
-                        try
-                        {
-                            return dateOfCertgen.getDate();
-                        }
-                        catch (ParseException e)
-                        {
-                            throw new AnnotatedException(
-                                "Date from date of cert gen extension could not be parsed.",
-                                e);
-                        }
-                    }
-                    return ((X509Certificate) certPath.getCertificates().get(
-                        index - 1)).getNotBefore();
-                }
-                else
-                {
-                    return ((X509Certificate) certPath.getCertificates().get(
-                        index - 1)).getNotBefore();
-                }
-            }
-        }
-        else
-        {
-            return getValidDate(paramsPKIX);
-        }
-    }
-
-    /**
-     * Return the next working key inheriting DSA parameters if necessary.
-     * 
    
-     * This methods inherits DSA parameters from the indexed certificate or
-     * previous certificates in the certificate chain to the returned
-     * PublicKey. The list is searched upwards, meaning the end
-     * certificate is at position 0 and previous certificates are following.
-     * 
    
-     * 
    
-     * If the indexed certificate does not contain a DSA key this method simply
-     * returns the public key. If the DSA key already contains DSA parameters
-     * the key is also only returned.
-     * 
    
-     * 
-     * @param certs The certification path.
-     * @param index The index of the certificate which contains the public key
-     *            which should be extended with DSA parameters.
-     * @return The public key of the certificate in list position
-     *         index extended with DSA parameters if applicable.
-     * @throws AnnotatedException if DSA parameters cannot be inherited.
-     */
-    protected static PublicKey getNextWorkingKey(List certs, int index)
-        throws CertPathValidatorException
-    {
-        Certificate cert = (Certificate) certs.get(index);
-        PublicKey pubKey = cert.getPublicKey();
-        if (!(pubKey instanceof DSAPublicKey))
-        {
-            return pubKey;
-        }
-        DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
-        if (dsaPubKey.getParams() != null)
-        {
-            return dsaPubKey;
-        }
-        for (int i = index + 1; i < certs.size(); i++)
-        {
-            X509Certificate parentCert = (X509Certificate)certs.get(i);
-            pubKey = parentCert.getPublicKey();
-            if (!(pubKey instanceof DSAPublicKey))
-            {
-                throw new CertPathValidatorException(
-                    "DSA parameters cannot be inherited from previous certificate.");
-            }
-            DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
-            if (prevDSAPubKey.getParams() == null)
-            {
-                continue;
-            }
-            DSAParams dsaParams = prevDSAPubKey.getParams();
-            DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(
-                dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
-            try
-            {
-                KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
-                return keyFactory.generatePublic(dsaPubKeySpec);
-            }
-            catch (Exception exception)
-            {
-                throw new RuntimeException(exception.getMessage());
-            }
-        }
-        throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
-    }
-    
-    /**
-     * Find the issuer certificates of a given certificate.
-     * 
-     * @param cert
-     *            The certificate for which an issuer should be found.
-     * @param pkixParams
-     * @return A Collection object containing the issuer
-     *         X509Certificates. Never null.
-     * 
-     * @exception AnnotatedException
-     *                if an error occurs.
-     */
-    protected static Collection findIssuerCerts(
-        X509Certificate cert,
-        ExtendedPKIXBuilderParameters pkixParams)
-            throws AnnotatedException
-    {
-        X509CertStoreSelector certSelect = new X509CertStoreSelector();
-        Set certs = new HashSet();
-        try
-        {
-            certSelect.setSubject(cert.getIssuerX500Principal().getEncoded());
-        }
-        catch (IOException ex)
-        {
-            throw new AnnotatedException(
-                    "Subject criteria for certificate selector to find issuer certificate could not be set.", ex);
-        }
-
-        Iterator iter;
-
-        try
-        {
-            List matches = new ArrayList();
-
-            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getCertStores()));
-            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getStores()));
-            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getAdditionalStores()));
-
-            iter = matches.iterator();
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Issuer certificate cannot be searched.", e);
-        }
-
-        X509Certificate issuer = null;
-        while (iter.hasNext())
-        {
-            issuer = (X509Certificate) iter.next();
-            // issuer cannot be verified because possible DSA inheritance
-            // parameters are missing
-            certs.add(issuer);
-        }
-        return certs;
-    }
-
-    protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey,
-        String sigProvider)
-            throws GeneralSecurityException
-    {
-        if (sigProvider == null)
-        {
-            cert.verify(publicKey);
-        }
-        else
-        {
-            cert.verify(publicKey, sigProvider);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStatus.java
deleted file mode 100644
index ba3da1658..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStatus.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.util.Date;
-
-class CertStatus
-{
-    public static final int UNREVOKED = 11;
-
-    public static final int UNDETERMINED = 12;
-
-    int certStatus = UNREVOKED;
-
-    Date revocationDate = null;
-
-    /**
-     * @return Returns the revocationDate.
-     */
-    public Date getRevocationDate()
-    {
-        return revocationDate;
-    }
-
-    /**
-     * @param revocationDate The revocationDate to set.
-     */
-    public void setRevocationDate(Date revocationDate)
-    {
-        this.revocationDate = revocationDate;
-    }
-
-    /**
-     * @return Returns the certStatus.
-     */
-    public int getCertStatus()
-    {
-        return certStatus;
-    }
-
-    /**
-     * @param certStatus The certStatus to set.
-     */
-    public void setCertStatus(int certStatus)
-    {
-        this.certStatus = certStatus;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java
deleted file mode 100644
index 210d986d4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java
+++ /dev/null
@@ -1,104 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CRL;
-import java.security.cert.CRLSelector;
-import java.security.cert.CertSelector;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertStoreSpi;
-import java.security.cert.Certificate;
-import java.security.cert.CollectionCertStoreParameters;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-public class CertStoreCollectionSpi extends CertStoreSpi
-{
-    private CollectionCertStoreParameters params;
-
-    public CertStoreCollectionSpi(CertStoreParameters params)
-        throws InvalidAlgorithmParameterException
-    {
-        super(params);
-
-        if (!(params instanceof CollectionCertStoreParameters))
-        {
-            throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" +  params.toString());
-        }
-
-        this.params = (CollectionCertStoreParameters)params;
-    }
-
-    public Collection engineGetCertificates(
-        CertSelector selector)
-        throws CertStoreException 
-    {
-        List        col = new ArrayList();
-        Iterator    iter = params.getCollection().iterator();
-
-        if (selector == null)
-        {
-            while (iter.hasNext())
-            {
-                Object obj = iter.next();
-
-                if (obj instanceof Certificate)
-                {
-                    col.add(obj);
-                }
-            }
-        }
-        else
-        {
-            while (iter.hasNext())
-            {
-                Object obj = iter.next();
-
-                if ((obj instanceof Certificate) && selector.match((Certificate)obj))
-                {
-                    col.add(obj);
-                }
-            }
-        }
-        
-        return col;
-    }
-    
-
-    public Collection engineGetCRLs(
-        CRLSelector selector)
-        throws CertStoreException 
-    {
-        List        col = new ArrayList();
-        Iterator    iter = params.getCollection().iterator();
-
-        if (selector == null)
-        {
-            while (iter.hasNext())
-            {
-                Object obj = iter.next();
-
-                if (obj instanceof CRL)
-                {
-                    col.add(obj);
-                }
-            }
-        }
-        else
-        {
-            while (iter.hasNext())
-            {
-                Object obj = iter.next();
-
-                if ((obj instanceof CRL) && selector.match((CRL)obj))
-                {
-                    col.add(obj);
-                }
-            }
-        }
-        
-        return col;
-    }    
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DHUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DHUtil.java
deleted file mode 100644
index 2470af992..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DHUtil.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.interfaces.DHPublicKey;
-
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-/**
- * utility class for converting jce/jca DH objects
- * objects into their org.bouncycastle.crypto counterparts.
- */
-public class DHUtil
-{
-    static public AsymmetricKeyParameter generatePublicKeyParameter(
-        PublicKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof DHPublicKey)
-        {
-            DHPublicKey    k = (DHPublicKey)key;
-
-            return new DHPublicKeyParameters(k.getY(),
-                new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL()));
-        }
-
-        throw new InvalidKeyException("can't identify DH public key.");
-    }
-
-    static public AsymmetricKeyParameter generatePrivateKeyParameter(
-        PrivateKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof DHPrivateKey)
-        {
-            DHPrivateKey    k = (DHPrivateKey)key;
-
-            return new DHPrivateKeyParameters(k.getX(),
-                new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL()));
-        }
-                        
-        throw new InvalidKeyException("can't identify DH private key.");
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSABase.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSABase.java
deleted file mode 100644
index 7044e9f85..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSABase.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.math.BigInteger;
-import java.security.SignatureException;
-import java.security.Signature;
-import java.security.PrivateKey;
-import java.security.InvalidKeyException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.Digest;
-
-public abstract class DSABase
-    extends Signature
-    implements PKCSObjectIdentifiers, X509ObjectIdentifiers
-{
-    protected Digest                  digest;
-    protected DSA                     signer;
-    protected DSAEncoder              encoder;
-
-    protected DSABase(
-        String                  name,
-        Digest                  digest,
-        DSA                     signer,
-        DSAEncoder              encoder)
-    {
-        super(name);
-        
-        this.digest = digest;
-        this.signer = signer;
-        this.encoder = encoder;
-    }
-
-    protected void engineInitSign(
-        PrivateKey privateKey)
-    throws InvalidKeyException
-    {
-        doEngineInitSign(privateKey, appRandom);
-    }
-
-    protected void engineUpdate(
-        byte    b)
-        throws SignatureException
-    {
-        digest.update(b);
-    }
-
-    protected void engineUpdate(
-        byte[]  b,
-        int     off,
-        int     len) 
-        throws SignatureException
-    {
-        digest.update(b, off, len);
-    }
-
-    protected byte[] engineSign()
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        try
-        {
-            BigInteger[]    sig = signer.generateSignature(hash);
-
-            return encoder.encode(sig[0], sig[1]);
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException(e.toString());
-        }
-    }
-
-    protected boolean engineVerify(
-        byte[]  sigBytes) 
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        BigInteger[]    sig;
-
-        try
-        {
-            sig = encoder.decode(sigBytes);
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException("error decoding signature bytes.");
-        }
-
-        return signer.verifySignature(hash, sig[0], sig[1]);
-    }
-
-    protected void engineSetParameter(
-        AlgorithmParameterSpec params)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated replaced with 
-     */
-    protected void engineSetParameter(
-        String  param,
-        Object  value)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated
-     */
-    protected Object engineGetParameter(
-        String      param)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    protected abstract void doEngineInitSign(PrivateKey privateKey, SecureRandom random)
-        throws InvalidKeyException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java
deleted file mode 100644
index e0dc92ba9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.math.BigInteger;
-import java.io.IOException;
-
-public interface DSAEncoder
-{
-    byte[] encode(BigInteger r, BigInteger s)
-        throws IOException;
-
-    BigInteger[] decode(byte[] sig)
-        throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java
deleted file mode 100644
index 5cf3c229b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.DSAPublicKey;
-
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-
-/**
- * utility class for converting jce/jca DSA objects
- * objects into their org.bouncycastle.crypto counterparts.
- */
-public class DSAUtil
-{
-    static public AsymmetricKeyParameter generatePublicKeyParameter(
-        PublicKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof DSAPublicKey)
-        {
-            DSAPublicKey    k = (DSAPublicKey)key;
-
-            return new DSAPublicKeyParameters(k.getY(),
-                new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()));
-        }
-
-        throw new InvalidKeyException("can't identify DSA public key: " + key.getClass().getName());
-    }
-
-    static public AsymmetricKeyParameter generatePrivateKeyParameter(
-        PrivateKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof DSAPrivateKey)
-        {
-            DSAPrivateKey    k = (DSAPrivateKey)key;
-
-            return new DSAPrivateKeyParameters(k.getX(),
-                new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()));
-        }
-                        
-        throw new InvalidKeyException("can't identify DSA private key.");
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ElGamalUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ElGamalUtil.java
deleted file mode 100644
index 3e5500ac6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ElGamalUtil.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.interfaces.DHPublicKey;
-
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-import org.bouncycastle.jce.interfaces.ElGamalPrivateKey;
-import org.bouncycastle.jce.interfaces.ElGamalPublicKey;
-
-/**
- * utility class for converting jce/jca ElGamal objects
- * objects into their org.bouncycastle.crypto counterparts.
- */
-public class ElGamalUtil
-{
-    static public AsymmetricKeyParameter generatePublicKeyParameter(
-        PublicKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof ElGamalPublicKey)
-        {
-            ElGamalPublicKey    k = (ElGamalPublicKey)key;
-
-            return new ElGamalPublicKeyParameters(k.getY(),
-                new ElGamalParameters(k.getParameters().getP(), k.getParameters().getG()));
-        }
-        else if (key instanceof DHPublicKey)
-        {
-            DHPublicKey    k = (DHPublicKey)key;
-
-            return new ElGamalPublicKeyParameters(k.getY(),
-                new ElGamalParameters(k.getParams().getP(), k.getParams().getG()));
-        }
-
-        throw new InvalidKeyException("can't identify public key for El Gamal.");
-    }
-
-    static public AsymmetricKeyParameter generatePrivateKeyParameter(
-        PrivateKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof ElGamalPrivateKey)
-        {
-            ElGamalPrivateKey    k = (ElGamalPrivateKey)key;
-
-            return new ElGamalPrivateKeyParameters(k.getX(),
-                new ElGamalParameters(k.getParameters().getP(), k.getParameters().getG()));
-        }
-        else if (key instanceof DHPrivateKey)
-        {
-            DHPrivateKey    k = (DHPrivateKey)key;
-
-            return new ElGamalPrivateKeyParameters(k.getX(),
-                new ElGamalParameters(k.getParams().getP(), k.getParams().getG()));
-        }
-                        
-        throw new InvalidKeyException("can't identify private key for El Gamal.");
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java
deleted file mode 100644
index 3bc820f3d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.cert.CRLException;
-
-class ExtCRLException
-    extends CRLException
-{
-    Throwable cause;
-
-    ExtCRLException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/GOST3410Util.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/GOST3410Util.java
deleted file mode 100644
index 6e9d38631..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/GOST3410Util.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.GOST3410Parameters;
-import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters;
-import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters;
-import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
-import org.bouncycastle.jce.interfaces.GOST3410PublicKey;
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-
-/**
- * utility class for converting jce/jca GOST3410-94 objects
- * objects into their org.bouncycastle.crypto counterparts.
- */
-public class GOST3410Util
-{
-    static public AsymmetricKeyParameter generatePublicKeyParameter(
-        PublicKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof GOST3410PublicKey)
-        {
-            GOST3410PublicKey          k = (GOST3410PublicKey)key;
-            GOST3410PublicKeyParameterSetSpec p = k.getParameters().getPublicKeyParameters();
-            
-            return new GOST3410PublicKeyParameters(k.getY(),
-                new GOST3410Parameters(p.getP(), p.getQ(), p.getA()));
-        }
-
-        throw new InvalidKeyException("can't identify GOST3410 public key: " + key.getClass().getName());
-    }
-
-    static public AsymmetricKeyParameter generatePrivateKeyParameter(
-        PrivateKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof GOST3410PrivateKey)
-        {
-            GOST3410PrivateKey         k = (GOST3410PrivateKey)key;
-            GOST3410PublicKeyParameterSetSpec p = k.getParameters().getPublicKeyParameters();
-            
-            return new GOST3410PrivateKeyParameters(k.getX(),
-                new GOST3410Parameters(p.getP(), p.getQ(), p.getA()));
-        }
-
-        throw new InvalidKeyException("can't identify GOST3410 private key.");
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
deleted file mode 100644
index 5fb2a3a20..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
+++ /dev/null
@@ -1,1070 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.GOST28147Engine;
-import org.bouncycastle.crypto.engines.RC2Engine;
-import org.bouncycastle.crypto.engines.TwofishEngine;
-import org.bouncycastle.crypto.modes.AEADBlockCipher;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.CCMBlockCipher;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.EAXBlockCipher;
-import org.bouncycastle.crypto.modes.GCMBlockCipher;
-import org.bouncycastle.crypto.modes.GOFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
-import org.bouncycastle.crypto.modes.SICBlockCipher;
-import org.bouncycastle.crypto.paddings.BlockCipherPadding;
-import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
-import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
-import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
-import org.bouncycastle.crypto.paddings.TBCPadding;
-import org.bouncycastle.crypto.paddings.X923Padding;
-import org.bouncycastle.crypto.paddings.ZeroBytePadding;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
-import org.bouncycastle.crypto.params.RC2Parameters;
-import org.bouncycastle.crypto.params.RC5Parameters;
-import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
-import org.bouncycastle.util.Strings;
-
-public class JCEBlockCipher extends WrapCipherSpi
-    implements PBE
-{
-    //
-    // specs we can handle.
-    //
-    private Class[]                 availableSpecs =
-                                    {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
-                                        IvParameterSpec.class,
-                                        PBEParameterSpec.class,
-                                        GOST28147ParameterSpec.class
-                                    };
- 
-    private BlockCipher             baseEngine;
-    private GenericBlockCipher      cipher;
-    private ParametersWithIV        ivParam;
-
-    private int                     ivLength = 0;
-
-    private boolean                 padded;
-    
-    private PBEParameterSpec        pbeSpec = null;
-    private String                  pbeAlgorithm = null;
-    
-    private String                  modeName = null;
-
-    protected JCEBlockCipher(
-        BlockCipher engine)
-    {
-        baseEngine = engine;
-
-        cipher = new BufferedGenericBlockCipher(engine);
-    }
-        
-    protected JCEBlockCipher(
-        BlockCipher engine,
-        int         ivLength)
-    {
-        baseEngine = engine;
-
-        this.cipher = new BufferedGenericBlockCipher(engine);
-        this.ivLength = ivLength / 8;
-    }
-
-    protected JCEBlockCipher(
-        BufferedBlockCipher engine,
-        int                 ivLength)
-    {
-        baseEngine = engine.getUnderlyingCipher();
-
-        this.cipher = new BufferedGenericBlockCipher(engine);
-        this.ivLength = ivLength / 8;
-    }
-
-    protected int engineGetBlockSize() 
-    {
-        return baseEngine.getBlockSize();
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return (ivParam != null) ? ivParam.getIV() : null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        return key.getEncoded().length * 8;
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        return cipher.getOutputSize(inputLen);
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            if (pbeSpec != null)
-            {
-                try
-                {
-                    engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
-                    engineParams.init(pbeSpec);
-                }
-                catch (Exception e)
-                {
-                    return null;
-                }
-            }
-            else if (ivParam != null)
-            {
-                String  name = cipher.getUnderlyingCipher().getAlgorithmName();
-
-                if (name.indexOf('/') >= 0)
-                {
-                    name = name.substring(0, name.indexOf('/'));
-                }
-
-                try
-                {
-                    engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
-                    engineParams.init(ivParam.getIV());
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.toString());
-                }
-            }
-        }
-
-        return engineParams;
-    }
-
-    protected void engineSetMode(
-        String  mode)
-        throws NoSuchAlgorithmException
-    {
-        modeName = Strings.toUpperCase(mode);
-
-        if (modeName.equals("ECB"))
-        {
-            ivLength = 0;
-            cipher = new BufferedGenericBlockCipher(baseEngine);
-        }
-        else if (modeName.equals("CBC"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(
-                            new CBCBlockCipher(baseEngine));
-        }
-        else if (modeName.startsWith("OFB"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            if (modeName.length() != 3)
-            {
-                int wordSize = Integer.parseInt(modeName.substring(3));
-
-                cipher = new BufferedGenericBlockCipher(
-                                new OFBBlockCipher(baseEngine, wordSize));
-            }
-            else
-            {
-                cipher = new BufferedGenericBlockCipher(
-                        new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
-            }
-        }
-        else if (modeName.startsWith("CFB"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            if (modeName.length() != 3)
-            {
-                int wordSize = Integer.parseInt(modeName.substring(3));
-
-                cipher = new BufferedGenericBlockCipher(
-                                new CFBBlockCipher(baseEngine, wordSize));
-            }
-            else
-            {
-                cipher = new BufferedGenericBlockCipher(
-                        new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
-            }
-        }
-        else if (modeName.startsWith("PGP"))
-        {
-            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(
-                new PGPCFBBlockCipher(baseEngine, inlineIV));
-        }
-        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        {
-            ivLength = 0;
-            cipher = new BufferedGenericBlockCipher(
-                new OpenPGPCFBBlockCipher(baseEngine));
-        }
-        else if (modeName.startsWith("SIC"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            if (ivLength < 16)
-            {
-                throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
-            }
-            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                        new SICBlockCipher(baseEngine)));
-        }
-        else if (modeName.startsWith("CTR"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                        new SICBlockCipher(baseEngine)));
-        }
-        else if (modeName.startsWith("GOFB"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                        new GOFBBlockCipher(baseEngine)));
-        }
-        else if (modeName.startsWith("CTS"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine)));
-        }
-        else if (modeName.startsWith("CCM"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
-        }
-        else if (modeName.startsWith("EAX"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        }
-        else if (modeName.startsWith("GCM"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine));
-        }
-        else
-        {
-            throw new NoSuchAlgorithmException("can't support mode " + mode);
-        }
-    }
-
-    protected void engineSetPadding(
-        String  padding) 
-    throws NoSuchPaddingException
-    {
-        String  paddingName = Strings.toUpperCase(padding);
-
-        if (paddingName.equals("NOPADDING"))
-        {
-            if (cipher.wrapOnNoPadding())
-            {
-                cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(cipher.getUnderlyingCipher()));
-            }
-        }
-        else if (paddingName.equals("WITHCTS"))
-        {
-            cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(cipher.getUnderlyingCipher()));
-        }
-        else
-        {
-            padded = true;
-
-            if (isAEADModeName(modeName))
-            {
-                throw new NoSuchPaddingException("Only NoPadding can be used with AEAD modes.");
-            }
-            else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING"))
-            {
-                cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher());
-            }
-            else if (paddingName.equals("ZEROBYTEPADDING"))
-            {
-                cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding());
-            }
-            else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING"))
-            {
-                cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding());
-            }
-            else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING"))
-            {
-                cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new X923Padding());
-            }
-            else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING"))
-            {
-                cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding());
-            }
-            else if (paddingName.equals("TBCPADDING"))
-            {
-                cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding());
-            }
-            else
-            {
-                throw new NoSuchPaddingException("Padding " + padding + " unknown.");
-            }
-        }
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        CipherParameters        param;
-        
-        this.pbeSpec = null;
-        this.pbeAlgorithm = null;
-        this.engineParams = null;
-        
-        //
-        // basic key check
-        //
-        if (!(key instanceof SecretKey))
-        {
-            throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
-        }
-        
-        //
-        // for RC5-64 we must have some default parameters
-        //
-        if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64"))
-        {
-            throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in.");
-        }
-
-        //
-        // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
-        //
-        if (key instanceof JCEPBEKey)
-        {
-            JCEPBEKey   k = (JCEPBEKey)key;
-            
-            if (k.getOID() != null)
-            {
-                pbeAlgorithm = k.getOID().getId();
-            }
-            else
-            {
-                pbeAlgorithm = k.getAlgorithm();
-            }
-            
-            if (k.getParam() != null)
-            {
-                param = k.getParam();
-                pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount());
-            }
-            else if (params instanceof PBEParameterSpec)
-            {
-                pbeSpec = (PBEParameterSpec)params;
-                param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName());
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
-            }
-
-            if (param instanceof ParametersWithIV)
-            {
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params == null)
-        {
-            param = new KeyParameter(key.getEncoded());
-        }
-        else if (params instanceof IvParameterSpec)
-        {
-            if (ivLength != 0)
-            {
-                IvParameterSpec p = (IvParameterSpec)params;
-
-                if (p.getIV().length != ivLength && !isAEADModeName(modeName))
-                {
-                    throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long.");
-                }
-
-                param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-            else
-            {
-                if (modeName != null && modeName.equals("ECB"))
-                {
-                    throw new InvalidAlgorithmParameterException("ECB mode does not use an IV");
-                }
-                
-                param = new KeyParameter(key.getEncoded());
-            }
-        }
-        else if (params instanceof GOST28147ParameterSpec)
-        {
-            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-
-            param = new ParametersWithSBox(
-                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-
-            if (gost28147Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, gost28147Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC2ParameterSpec)
-        {
-            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-
-            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-
-            if (rc2Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, rc2Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC5ParameterSpec)
-        {
-            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-
-            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-            if (baseEngine.getAlgorithmName().startsWith("RC5"))
-            {
-                if (baseEngine.getAlgorithmName().equals("RC5-32"))
-                {
-                    if (rc5Param.getWordSize() != 32)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-                {
-                    if (rc5Param.getWordSize() != 64)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-            }
-            if ((rc5Param.getIV() != null) && (ivLength != 0))
-            {
-                param = new ParametersWithIV(param, rc5Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else
-        {
-            throw new InvalidAlgorithmParameterException("unknown parameter type.");
-        }
-
-        if ((ivLength != 0) && !(param instanceof ParametersWithIV))
-        {
-            SecureRandom    ivRandom = random;
-
-            if (ivRandom == null)
-            {
-                ivRandom = new SecureRandom();
-            }
-
-            if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
-            {
-                byte[]  iv = new byte[ivLength];
-
-                ivRandom.nextBytes(iv);
-                param = new ParametersWithIV(param, iv);
-                ivParam = (ParametersWithIV)param;
-            }
-            else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
-            {
-                throw new InvalidAlgorithmParameterException("no IV set when one expected");
-            }
-        }
-
-        if (random != null && padded)
-        {
-            param = new ParametersWithRandom(param, random);
-        }
-
-        try
-        {
-            switch (opmode)
-            {
-            case Cipher.ENCRYPT_MODE:
-            case Cipher.WRAP_MODE:
-                cipher.init(true, param);
-                break;
-            case Cipher.DECRYPT_MODE:
-            case Cipher.UNWRAP_MODE:
-                cipher.init(false, param);
-                break;
-            default:
-                throw new InvalidParameterException("unknown opmode " + opmode + " passed");
-            }
-        }
-        catch (Exception e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        AlgorithmParameterSpec  paramSpec = null;
-
-        if (params != null)
-        {
-            for (int i = 0; i != availableSpecs.length; i++)
-            {
-                try
-                {
-                    paramSpec = params.getParameterSpec(availableSpecs[i]);
-                    break;
-                }
-                catch (Exception e)
-                {
-                    // try again if possible
-                }
-            }
-
-            if (paramSpec == null)
-            {
-                throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString());
-            }
-        }
-
-        engineInit(opmode, key, paramSpec, random);
-        
-        engineParams = params;
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-        throws InvalidKeyException
-    {
-        try
-        {
-            engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        int     length = cipher.getUpdateOutputSize(inputLen);
-
-        if (length > 0)
-        {
-                byte[]  out = new byte[length];
-
-                int len = cipher.processBytes(input, inputOffset, inputLen, out, 0);
-
-                if (len == 0)
-                {
-                    return null;
-                }
-                else if (len != out.length)
-                {
-                    byte[]  tmp = new byte[len];
-
-                    System.arraycopy(out, 0, tmp, 0, len);
-
-                    return tmp;
-                }
-
-                return out;
-        }
-
-        cipher.processBytes(input, inputOffset, inputLen, null, 0);
-
-        return null;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset)
-        throws ShortBufferException
-    {
-        try
-        {
-            return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-        }
-        catch (DataLengthException e)
-        {
-            throw new ShortBufferException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        int     len = 0;
-        byte[]  tmp = new byte[engineGetOutputSize(inputLen)];
-
-        if (inputLen != 0)
-        {
-            len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0);
-        }
-
-        try
-        {
-            len += cipher.doFinal(tmp, len);
-        }
-        catch (DataLengthException e)
-        {
-            throw new IllegalBlockSizeException(e.getMessage());
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-
-        if (len == tmp.length)
-        {
-            return tmp;
-        }
-
-        byte[]  out = new byte[len];
-
-        System.arraycopy(tmp, 0, out, 0, len);
-
-        return out;
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        int     len = 0;
-
-        if (inputLen != 0)
-        {
-                len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-        }
-
-        try
-        {
-            return (len + cipher.doFinal(output, outputOffset + len));
-        }
-        catch (DataLengthException e)
-        {
-            throw new IllegalBlockSizeException(e.getMessage());
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-    }
-
-    private boolean isAEADModeName(
-        String modeName)
-    {
-        return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName);
-    }
-
-    /*
-     * The ciphers that inherit from us.
-     */
-
-    /**
-     * DES
-     */
-    static public class DES
-        extends JCEBlockCipher
-    {
-        public DES()
-        {
-            super(new DESEngine());
-        }
-    }
-
-    /**
-     * DESCBC
-     */
-    static public class DESCBC
-        extends JCEBlockCipher
-    {
-        public DESCBC()
-        {
-            super(new CBCBlockCipher(new DESEngine()), 64);
-        }
-    }
-
-    /**
-     *  GOST28147
-     */
-    static public class GOST28147
-        extends JCEBlockCipher
-    {
-        public GOST28147()
-        {
-            super(new GOST28147Engine());
-        }
-    }
-    
-    static public class GOST28147cbc
-        extends JCEBlockCipher
-    {
-        public GOST28147cbc()
-        {
-            super(new CBCBlockCipher(new GOST28147Engine()), 64);
-        }
-    }
-
-    /**
-     * RC2
-     */
-    static public class RC2
-        extends JCEBlockCipher
-    {
-        public RC2()
-        {
-            super(new RC2Engine());
-        }
-    }
-
-    /**
-     * RC2CBC
-     */
-    static public class RC2CBC
-        extends JCEBlockCipher
-    {
-        public RC2CBC()
-        {
-            super(new CBCBlockCipher(new RC2Engine()), 64);
-        }
-    }
-
-    /**
-     * PBEWithMD5AndDES
-     */
-    static public class PBEWithMD5AndDES
-        extends JCEBlockCipher
-    {
-        public PBEWithMD5AndDES()
-        {
-            super(new CBCBlockCipher(new DESEngine()));
-        }
-    }
-
-    /**
-     * PBEWithMD5AndRC2
-     */
-    static public class PBEWithMD5AndRC2
-        extends JCEBlockCipher
-    {
-        public PBEWithMD5AndRC2()
-        {
-            super(new CBCBlockCipher(new RC2Engine()));
-        }
-    }
-
-    /**
-     * PBEWithSHA1AndDES
-     */
-    static public class PBEWithSHA1AndDES
-        extends JCEBlockCipher
-    {
-        public PBEWithSHA1AndDES()
-        {
-            super(new CBCBlockCipher(new DESEngine()));
-        }
-    }
-
-    /**
-     * PBEWithSHA1AndRC2
-     */
-    static public class PBEWithSHA1AndRC2
-        extends JCEBlockCipher
-    {
-        public PBEWithSHA1AndRC2()
-        {
-            super(new CBCBlockCipher(new RC2Engine()));
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd3-KeyTripleDES-CBC
-     */
-    static public class PBEWithSHAAndDES3Key
-        extends JCEBlockCipher
-    {
-        public PBEWithSHAAndDES3Key()
-        {
-            super(new CBCBlockCipher(new DESedeEngine()));
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd2-KeyTripleDES-CBC
-     */
-    static public class PBEWithSHAAndDES2Key
-        extends JCEBlockCipher
-    {
-        public PBEWithSHAAndDES2Key()
-        {
-            super(new CBCBlockCipher(new DESedeEngine()));
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd128BitRC2-CBC
-     */
-    static public class PBEWithSHAAnd128BitRC2
-        extends JCEBlockCipher
-    {
-        public PBEWithSHAAnd128BitRC2()
-        {
-            super(new CBCBlockCipher(new RC2Engine()));
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd40BitRC2-CBC
-     */
-    static public class PBEWithSHAAnd40BitRC2
-        extends JCEBlockCipher
-    {
-        public PBEWithSHAAnd40BitRC2()
-        {
-            super(new CBCBlockCipher(new RC2Engine()));
-        }
-    }
-
-    /**
-     * PBEWithSHAAndTwofish-CBC
-     */
-    static public class PBEWithSHAAndTwofish
-        extends JCEBlockCipher
-    {
-        public PBEWithSHAAndTwofish()
-        {
-            super(new CBCBlockCipher(new TwofishEngine()));
-        }
-    }
-
-    /**
-     * PBEWithAES-CBC
-     */
-    static public class PBEWithAESCBC
-        extends JCEBlockCipher
-    {
-        public PBEWithAESCBC()
-        {
-            super(new CBCBlockCipher(new AESFastEngine()));
-        }
-    }
-
-    static private interface GenericBlockCipher
-    {
-        public void init(boolean forEncryption, CipherParameters params)
-            throws IllegalArgumentException;
-
-        public boolean wrapOnNoPadding();
-
-        public String getAlgorithmName();
-
-        public BlockCipher getUnderlyingCipher();
-
-        public int getOutputSize(int len);
-
-        public int getUpdateOutputSize(int len);
-
-        public int processByte(byte in, byte[] out, int outOff)
-            throws DataLengthException;
-
-        public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-            throws DataLengthException;
-
-        public int doFinal(byte[] out, int outOff)
-            throws IllegalStateException, InvalidCipherTextException;
-    }
-
-    private static class BufferedGenericBlockCipher
-        implements GenericBlockCipher
-    {
-        private BufferedBlockCipher cipher;
-
-        BufferedGenericBlockCipher(BufferedBlockCipher cipher)
-        {
-            this.cipher = cipher;
-        }
-
-        BufferedGenericBlockCipher(BlockCipher cipher)
-        {
-            this.cipher = new PaddedBufferedBlockCipher(cipher);
-        }
-
-        BufferedGenericBlockCipher(BlockCipher cipher, BlockCipherPadding padding)
-        {
-            this.cipher = new PaddedBufferedBlockCipher(cipher, padding);
-        }
-
-        public void init(boolean forEncryption, CipherParameters params)
-            throws IllegalArgumentException
-        {
-            cipher.init(forEncryption, params);
-        }
-
-        public boolean wrapOnNoPadding()
-        {
-            return !(cipher instanceof CTSBlockCipher);
-        }
-
-        public String getAlgorithmName()
-        {
-            return cipher.getUnderlyingCipher().getAlgorithmName();
-        }
-
-        public BlockCipher getUnderlyingCipher()
-        {
-            return cipher.getUnderlyingCipher();
-        }
-
-        public int getOutputSize(int len)
-        {
-            return cipher.getOutputSize(len);
-        }
-
-        public int getUpdateOutputSize(int len)
-        {
-            return cipher.getUpdateOutputSize(len);
-        }
-
-        public int processByte(byte in, byte[] out, int outOff) throws DataLengthException
-        {
-            return cipher.processByte(in, out, outOff);
-        }
-
-        public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException
-        {
-            return cipher.processBytes(in, inOff, len, out, outOff);
-        }
-
-        public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException
-        {
-            return cipher.doFinal(out, outOff);
-        }
-    }
-
-    private static class AEADGenericBlockCipher
-        implements GenericBlockCipher
-    {
-        private AEADBlockCipher cipher;
-
-        AEADGenericBlockCipher(AEADBlockCipher cipher)
-        {
-            this.cipher = cipher;
-        }
-
-        public void init(boolean forEncryption, CipherParameters params)
-            throws IllegalArgumentException
-        {
-            cipher.init(forEncryption, params);
-        }
-
-        public String getAlgorithmName()
-        {
-            return cipher.getUnderlyingCipher().getAlgorithmName();
-        }
-
-        public boolean wrapOnNoPadding()
-        {
-            return false;
-        }
-
-        public BlockCipher getUnderlyingCipher()
-        {
-            return cipher.getUnderlyingCipher();
-        }
-
-        public int getOutputSize(int len)
-        {
-            return cipher.getOutputSize(len);
-        }
-
-        public int getUpdateOutputSize(int len)
-        {
-            return cipher.getUpdateOutputSize(len);
-        }
-
-        public int processByte(byte in, byte[] out, int outOff) throws DataLengthException
-        {
-            return cipher.processByte(in, out, outOff);
-        }
-
-        public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException
-        {
-            return cipher.processBytes(in, inOff, len, out, outOff);
-        }
-
-        public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException
-        {
-            return cipher.doFinal(out, outOff);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
deleted file mode 100644
index a95888bee..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
+++ /dev/null
@@ -1,210 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Hashtable;
-
-import javax.crypto.KeyAgreementSpi;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.crypto.params.DESParameters;
-import org.bouncycastle.util.Strings;
-
-/**
- * Diffie-Hellman key agreement. There's actually a better way of doing this
- * if you are using long term public keys, see the light-weight version for
- * details.
- */
-public class JCEDHKeyAgreement
-    extends KeyAgreementSpi
-{
-    private BigInteger      x;
-    private BigInteger      p;
-    private BigInteger      g;
-    private BigInteger      result;
-
-    private static final Hashtable algorithms = new Hashtable();
-
-    static
-    {
-        Integer i64 = new Integer(64);
-        Integer i192 = new Integer(192);
-        Integer i128 = new Integer(128);
-        Integer i256 = new Integer(256);
-
-        algorithms.put("DES", i64);
-        algorithms.put("DESEDE", i192);
-        algorithms.put("BLOWFISH", i128);
-        algorithms.put("AES", i256);
-    }
-
-    private byte[] bigIntToBytes(
-        BigInteger    r)
-    {
-        byte[]    tmp = r.toByteArray();
-        
-        if (tmp[0] == 0)
-        {
-            byte[]    ntmp = new byte[tmp.length - 1];
-            
-            System.arraycopy(tmp, 1, ntmp, 0, ntmp.length);
-            return ntmp;
-        }
-        
-        return tmp;
-    }
-    
-    protected Key engineDoPhase(
-        Key     key,
-        boolean lastPhase) 
-        throws InvalidKeyException, IllegalStateException
-    {
-        if (x == null)
-        {
-            throw new IllegalStateException("Diffie-Hellman not initialised.");
-        }
-
-        if (!(key instanceof DHPublicKey))
-        {
-            throw new InvalidKeyException("DHKeyAgreement doPhase requires DHPublicKey");
-        }
-        DHPublicKey pubKey = (DHPublicKey)key;
-
-        if (!pubKey.getParams().getG().equals(g) || !pubKey.getParams().getP().equals(p))
-        {
-            throw new InvalidKeyException("DHPublicKey not for this KeyAgreement!");
-        }
-
-        if (lastPhase)
-        {
-            result = ((DHPublicKey)key).getY().modPow(x, p);
-            return null;
-        }
-        else
-        {
-            result = ((DHPublicKey)key).getY().modPow(x, p);
-        }
-
-        return new JCEDHPublicKey(result, pubKey.getParams());
-    }
-
-    protected byte[] engineGenerateSecret() 
-        throws IllegalStateException
-    {
-        if (x == null)
-        {
-            throw new IllegalStateException("Diffie-Hellman not initialised.");
-        }
-
-        return bigIntToBytes(result);
-    }
-
-    protected int engineGenerateSecret(
-        byte[]  sharedSecret,
-        int     offset) 
-        throws IllegalStateException, ShortBufferException
-    {
-        if (x == null)
-        {
-            throw new IllegalStateException("Diffie-Hellman not initialised.");
-        }
-
-        byte[]  secret = bigIntToBytes(result);
-
-        if (sharedSecret.length - offset < secret.length)
-        {
-            throw new ShortBufferException("DHKeyAgreement - buffer too short");
-        }
-
-        System.arraycopy(secret, 0, sharedSecret, offset, secret.length);
-
-        return secret.length;
-    }
-
-    protected SecretKey engineGenerateSecret(
-        String algorithm) 
-    {
-        if (x == null)
-        {
-            throw new IllegalStateException("Diffie-Hellman not initialised.");
-        }
-
-        String algKey = Strings.toUpperCase(algorithm);
-        byte[] res = bigIntToBytes(result);
-
-        if (algorithms.containsKey(algKey))
-        {
-            Integer length = (Integer)algorithms.get(algKey);
-
-            byte[] key = new byte[length.intValue() / 8];
-            System.arraycopy(res, 0, key, 0, key.length);
-
-            if (algKey.startsWith("DES"))
-            {
-                DESParameters.setOddParity(key);
-            }
-            
-            return new SecretKeySpec(key, algorithm);
-        }
-
-        return new SecretKeySpec(res, algorithm);
-    }
-
-    protected void engineInit(
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        if (!(key instanceof DHPrivateKey))
-        {
-            throw new InvalidKeyException("DHKeyAgreement requires DHPrivateKey for initialisation");
-        }
-        DHPrivateKey    privKey = (DHPrivateKey)key;
-
-        if (params != null)
-        {
-            if (!(params instanceof DHParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("DHKeyAgreement only accepts DHParameterSpec");
-            }
-            DHParameterSpec p = (DHParameterSpec)params;
-
-            this.p = p.getP();
-            this.g = p.getG();
-        }
-        else
-        {
-            this.p = privKey.getParams().getP();
-            this.g = privKey.getParams().getG();
-        }
-
-        this.x = this.result = privKey.getX();
-    }
-
-    protected void engineInit(
-        Key             key,
-        SecureRandom    random) 
-        throws InvalidKeyException
-    {
-        if (!(key instanceof DHPrivateKey))
-        {
-            throw new InvalidKeyException("DHKeyAgreement requires DHPrivateKey");
-        }
-
-        DHPrivateKey    privKey = (DHPrivateKey)key;
-
-        this.p = privKey.getParams().getP();
-        this.g = privKey.getParams().getG();
-        this.x = this.result = privKey.getX();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
deleted file mode 100644
index fc3848187..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
+++ /dev/null
@@ -1,177 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPrivateKeySpec;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.DHDomainParameters;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-
-public class JCEDHPrivateKey
-    implements DHPrivateKey, PKCS12BagAttributeCarrier
-{
-    static final long serialVersionUID = 311058815616901812L;
-    
-    BigInteger      x;
-
-    private DHParameterSpec dhSpec;
-    private PrivateKeyInfo  info;
-
-    private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    protected JCEDHPrivateKey()
-    {
-    }
-
-    JCEDHPrivateKey(
-        DHPrivateKey    key)
-    {
-        this.x = key.getX();
-        this.dhSpec = key.getParams();
-    }
-
-    JCEDHPrivateKey(
-        DHPrivateKeySpec    spec)
-    {
-        this.x = spec.getX();
-        this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG());
-    }
-
-    JCEDHPrivateKey(
-        PrivateKeyInfo  info)
-    {
-        ASN1Sequence    seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
-        DERInteger      derX = (DERInteger)info.getPrivateKey();
-        DERObjectIdentifier id = info.getAlgorithmId().getObjectId();
-
-        this.info = info;
-        this.x = derX.getValue();
-
-        if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement))
-        {
-            DHParameter params = new DHParameter(seq);
-
-            if (params.getL() != null)
-            {
-                this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
-            }
-            else
-            {
-                this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
-            }
-        }
-        else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
-        {
-            DHDomainParameters params = DHDomainParameters.getInstance(seq);
-
-            this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown algorithm type: " + id);
-        }
-    }
-
-    JCEDHPrivateKey(
-        DHPrivateKeyParameters  params)
-    {
-        this.x = params.getX();
-        this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL());
-    }
-
-    public String getAlgorithm()
-    {
-        return "DH";
-    }
-
-    /**
-     * return the encoding format we produce in getEncoded().
-     *
-     * @return the string "PKCS#8"
-     */
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    /**
-     * Return a PKCS8 representation of the key. The sequence returned
-     * represents a full PrivateKeyInfo object.
-     *
-     * @return a PKCS8 representation of the key.
-     */
-    public byte[] getEncoded()
-    {
-        if (info != null)
-        {
-            return info.getDEREncoded();
-        }
-        
-        PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(getX()));
-
-        return info.getDEREncoded();
-    }
-
-    public DHParameterSpec getParams()
-    {
-        return dhSpec;
-    }
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-
-    private void readObject(
-        ObjectInputStream   in)
-        throws IOException, ClassNotFoundException
-    {
-        x = (BigInteger)in.readObject();
-
-        this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt());
-    }
-
-    private void writeObject(
-        ObjectOutputStream  out)
-        throws IOException
-    {
-        out.writeObject(this.getX());
-        out.writeObject(dhSpec.getP());
-        out.writeObject(dhSpec.getG());
-        out.writeInt(dhSpec.getL());
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
deleted file mode 100644
index 942e3bf80..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
+++ /dev/null
@@ -1,179 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPublicKeySpec;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.DHDomainParameters;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-public class JCEDHPublicKey
-    implements DHPublicKey
-{
-    static final long serialVersionUID = -216691575254424324L;
-    
-    private BigInteger              y;
-    private DHParameterSpec         dhSpec;
-    private SubjectPublicKeyInfo    info;
-    
-    JCEDHPublicKey(
-        DHPublicKeySpec    spec)
-    {
-        this.y = spec.getY();
-        this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG());
-    }
-
-    JCEDHPublicKey(
-        DHPublicKey    key)
-    {
-        this.y = key.getY();
-        this.dhSpec = key.getParams();
-    }
-
-    JCEDHPublicKey(
-        DHPublicKeyParameters  params)
-    {
-        this.y = params.getY();
-        this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL());
-    }
-
-    JCEDHPublicKey(
-        BigInteger        y,
-        DHParameterSpec   dhSpec)
-    {
-        this.y = y;
-        this.dhSpec = dhSpec;
-    }
-
-    JCEDHPublicKey(
-        SubjectPublicKeyInfo    info)
-    {
-        this.info = info;
-
-        DERInteger              derY;
-        try
-        {
-            derY = (DERInteger)info.getPublicKey();
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid info structure in DH public key");
-        }
-
-        this.y = derY.getValue();
-
-        ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
-        DERObjectIdentifier id = info.getAlgorithmId().getObjectId();
-
-        // we need the PKCS check to handle older keys marked with the X9 oid.
-        if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq))
-        {
-            DHParameter             params = new DHParameter(seq);
-
-            if (params.getL() != null)
-            {
-                this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
-            }
-            else
-            {
-                this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
-            }
-        }
-        else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
-        {
-            DHDomainParameters params = DHDomainParameters.getInstance(seq);
-
-            this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown algorithm type: " + id);
-        }
-    }
-
-    public String getAlgorithm()
-    {
-        return "DH";
-    }
-
-    public String getFormat()
-    {
-        return "X.509";
-    }
-
-    public byte[] getEncoded()
-    {
-        if (info != null)
-        {
-            return info.getDEREncoded();
-        }
-
-        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y));
-
-        return info.getDEREncoded();
-    }
-
-    public DHParameterSpec getParams()
-    {
-        return dhSpec;
-    }
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-
-    private boolean isPKCSParam(ASN1Sequence seq)
-    {
-        if (seq.size() == 2)
-        {
-            return true;
-        }
-        
-        if (seq.size() > 3)
-        {
-            return false;
-        }
-
-        DERInteger l = DERInteger.getInstance(seq.getObjectAt(2));
-        DERInteger p = DERInteger.getInstance(seq.getObjectAt(0));
-
-        if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0)
-        {
-            return false;
-        }
-
-        return true;
-    }
-
-    private void readObject(
-        ObjectInputStream   in)
-        throws IOException, ClassNotFoundException
-    {
-        this.y = (BigInteger)in.readObject();
-        this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt());
-    }
-
-    private void writeObject(
-        ObjectOutputStream  out)
-        throws IOException
-    {
-        out.writeObject(this.getY());
-        out.writeObject(dhSpec.getP());
-        out.writeObject(dhSpec.getG());
-        out.writeInt(dhSpec.getL());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java
deleted file mode 100644
index a9f6d6a0f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.util.Strings;
-
-class JCEDigestUtil
-{
-    private static Set md5 = new HashSet();
-    private static Set sha1 = new HashSet();
-    private static Set sha224 = new HashSet();
-    private static Set sha256 = new HashSet();
-    private static Set sha384 = new HashSet();
-    private static Set sha512 = new HashSet();
-    
-    private static Map oids = new HashMap();
-    
-    static
-    {
-        md5.add("MD5");
-        md5.add(PKCSObjectIdentifiers.md5.getId());
-        
-        sha1.add("SHA1");
-        sha1.add("SHA-1");
-        sha1.add(OIWObjectIdentifiers.idSHA1.getId());
-        
-        sha224.add("SHA224");
-        sha224.add("SHA-224");
-        sha224.add(NISTObjectIdentifiers.id_sha224.getId());
-        
-        sha256.add("SHA256");
-        sha256.add("SHA-256");
-        sha256.add(NISTObjectIdentifiers.id_sha256.getId());
-        
-        sha384.add("SHA384");
-        sha384.add("SHA-384");
-        sha384.add(NISTObjectIdentifiers.id_sha384.getId());
-        
-        sha512.add("SHA512");
-        sha512.add("SHA-512");
-        sha512.add(NISTObjectIdentifiers.id_sha512.getId()); 
-
-        oids.put("MD5", PKCSObjectIdentifiers.md5);
-        oids.put(PKCSObjectIdentifiers.md5.getId(), PKCSObjectIdentifiers.md5);
-        
-        oids.put("SHA1", OIWObjectIdentifiers.idSHA1);
-        oids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
-        oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1);
-        
-        oids.put("SHA224", NISTObjectIdentifiers.id_sha224);
-        oids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
-        oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224);
-        
-        oids.put("SHA256", NISTObjectIdentifiers.id_sha256);
-        oids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
-        oids.put(NISTObjectIdentifiers.id_sha256.getId(), NISTObjectIdentifiers.id_sha256);
-        
-        oids.put("SHA384", NISTObjectIdentifiers.id_sha384);
-        oids.put("SHA-384", NISTObjectIdentifiers.id_sha384);
-        oids.put(NISTObjectIdentifiers.id_sha384.getId(), NISTObjectIdentifiers.id_sha384);
-        
-        oids.put("SHA512", NISTObjectIdentifiers.id_sha512);
-        oids.put("SHA-512", NISTObjectIdentifiers.id_sha512);
-        oids.put(NISTObjectIdentifiers.id_sha512.getId(), NISTObjectIdentifiers.id_sha512); 
-    }
-    
-    static Digest getDigest(
-        String digestName) 
-    {
-        digestName = Strings.toUpperCase(digestName);
-        
-        if (sha1.contains(digestName))
-        {
-            return new SHA1Digest();
-        }
-        if (md5.contains(digestName))
-        {
-            return new MD5Digest();
-        }
-        if (sha224.contains(digestName))
-        {
-            return new SHA224Digest();
-        }
-        if (sha256.contains(digestName))
-        {
-            return new SHA256Digest();
-        }
-        if (sha384.contains(digestName))
-        {
-            return new SHA384Digest();
-        }
-        if (sha512.contains(digestName))
-        {
-            return new SHA512Digest();
-        }
-        
-        return null;
-    }
-    
-    static boolean isSameDigest(
-        String digest1,
-        String digest2)
-    {
-        return (sha1.contains(digest1) && sha1.contains(digest2))
-            || (sha224.contains(digest1) && sha224.contains(digest2))
-            || (sha256.contains(digest1) && sha256.contains(digest2))
-            || (sha384.contains(digest1) && sha384.contains(digest2))
-            || (sha512.contains(digest1) && sha512.contains(digest2))
-            || (md5.contains(digest1) && md5.contains(digest2));
-    }
-    
-    static DERObjectIdentifier getOID(
-        String digestName)
-    {
-        return (DERObjectIdentifier)oids.get(digestName);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
deleted file mode 100644
index 69f352198..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
+++ /dev/null
@@ -1,380 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectOutputStream;
-import java.io.ObjectInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X962NamedCurves;
-import org.bouncycastle.asn1.x9.X962Parameters;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.jce.interfaces.ECPointEncoder;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPrivateKeySpec;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
-
-public class JCEECPrivateKey
-    implements ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder
-{
-    private String          algorithm = "EC";
-    private BigInteger      d;
-    private ECParameterSpec ecSpec;
-    private boolean         withCompression;
-
-    private DERBitString publicKey;
-
-    private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    protected JCEECPrivateKey()
-    {
-    }
-
-    JCEECPrivateKey(
-        ECPrivateKey    key)
-    {
-        this.d = key.getD();
-        this.algorithm = key.getAlgorithm();
-        this.ecSpec = key.getParameters();
-    }
-
-    public JCEECPrivateKey(
-        String              algorithm,
-        ECPrivateKeySpec    spec)
-    {
-        this.algorithm = algorithm;
-        this.d = spec.getD();
-        this.ecSpec = spec.getParams();
-    }
-
-    public JCEECPrivateKey(
-        String                  algorithm,
-        ECPrivateKeyParameters  params,
-        JCEECPublicKey          pubKey,
-        ECParameterSpec         spec)
-    {
-        ECDomainParameters      dp = params.getParameters();
-
-        this.algorithm = algorithm;
-        this.d = params.getD();
-
-        if (spec == null)
-        {
-            this.ecSpec = new ECParameterSpec(
-                            dp.getCurve(),
-                            dp.getG(),
-                            dp.getN(),
-                            dp.getH(),
-                            dp.getSeed());
-        }
-        else
-        {
-            this.ecSpec = spec;
-        }
-
-        publicKey = getPublicKeyDetails(pubKey);
-    }
-
-    public JCEECPrivateKey(
-        String                  algorithm,
-        ECPrivateKeyParameters  params)
-    {
-        this.algorithm = algorithm;
-        this.d = params.getD();
-        this.ecSpec = null;
-    }
-
-    public JCEECPrivateKey(
-        String             algorithm,
-        JCEECPrivateKey    key)
-    {
-        this.algorithm = algorithm;
-        this.d = key.d;
-        this.ecSpec = key.ecSpec;
-        this.withCompression = key.withCompression;
-        this.publicKey = key.publicKey;
-        this.attrCarrier = key.attrCarrier;
-    }
-
-    JCEECPrivateKey(
-        PrivateKeyInfo      info)
-    {
-        populateFromPrivKeyInfo(info);
-    }
-
-    private void populateFromPrivKeyInfo(PrivateKeyInfo info)
-    {
-        X962Parameters      params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
-
-        if (params.isNamedCurve())
-        {
-            DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-            X9ECParameters      ecP = ECUtil.getNamedCurveByOid(oid);
-
-            ecSpec = new ECNamedCurveParameterSpec(
-                                        ECUtil.getCurveName(oid),
-                                        ecP.getCurve(),
-                                        ecP.getG(),
-                                        ecP.getN(),
-                                        ecP.getH(),
-                                        ecP.getSeed());
-        }
-        else if (params.isImplicitlyCA())
-        {
-            ecSpec = null;
-        }
-        else
-        {
-            X9ECParameters          ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
-            ecSpec = new ECParameterSpec(ecP.getCurve(),
-                                            ecP.getG(),
-                                            ecP.getN(),
-                                            ecP.getH(),
-                                            ecP.getSeed());
-        }
-
-        if (info.getPrivateKey() instanceof DERInteger)
-        {
-            DERInteger          derD = (DERInteger)info.getPrivateKey();
-
-            this.d = derD.getValue();
-        }
-        else
-        {
-            ECPrivateKeyStructure   ec = new ECPrivateKeyStructure((ASN1Sequence)info.getPrivateKey());
-
-            this.d = ec.getKey();
-            this.publicKey = ec.getPublicKey();
-        }
-    }
-
-    public String getAlgorithm()
-    {
-        return algorithm;
-    }
-
-    /**
-     * return the encoding format we produce in getEncoded().
-     *
-     * @return the string "PKCS#8"
-     */
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    /**
-     * Return a PKCS8 representation of the key. The sequence returned
-     * represents a full PrivateKeyInfo object.
-     *
-     * @return a PKCS8 representation of the key.
-     */
-    public byte[] getEncoded()
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        DEROutputStream         dOut = new DEROutputStream(bOut);
-        X962Parameters          params = null;
-
-        if (ecSpec instanceof ECNamedCurveParameterSpec)
-        {
-            DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveParameterSpec)ecSpec).getName());
-            
-            params = new X962Parameters(curveOid);
-        }
-        else if (ecSpec == null)
-        {
-            params = new X962Parameters(DERNull.INSTANCE);
-        }
-        else
-        {
-            ECParameterSpec         p = (ECParameterSpec)ecSpec;
-            ECCurve curve = p.getG().getCurve();
-            ECPoint generator;
-            
-            if (curve instanceof ECCurve.Fp) 
-            {
-                generator = new ECPoint.Fp(curve, p.getG().getX(), p.getG().getY(), withCompression);
-            } 
-            else if (curve instanceof ECCurve.F2m) 
-            {
-                generator = new ECPoint.F2m(curve, p.getG().getX(), p.getG().getY(), withCompression);
-            }
-            else 
-            {
-                throw new UnsupportedOperationException("Subclass of ECPoint " + curve.getClass().toString() + "not supported");
-            }
-            
-            X9ECParameters ecP = new X9ECParameters(
-                  p.getCurve(),
-                  generator,
-                  p.getN(),
-                  p.getH(),
-                  p.getSeed());
-
-            params = new X962Parameters(ecP);
-        }
-
-        PrivateKeyInfo        info;
-        ECPrivateKeyStructure keyStructure;
-
-        if (publicKey != null)
-        {
-            keyStructure = new ECPrivateKeyStructure(this.getD(), publicKey, params);
-        }
-        else
-        {
-            keyStructure = new ECPrivateKeyStructure(this.getD(), params);
-        }
-
-        if (algorithm.equals("ECGOST3410"))
-        {
-            info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
-        }
-        else
-        {
-            info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
-        }
-        
-        try
-        {
-            dOut.writeObject(info);
-            dOut.close();
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("Error encoding EC private key");
-        }
-
-        return bOut.toByteArray();
-    }
-
-    public ECParameterSpec getParams()
-    {
-        return (ECParameterSpec)ecSpec;
-    }
-
-    public ECParameterSpec getParameters()
-    {
-        return (ECParameterSpec)ecSpec;
-    }
-    
-    public BigInteger getD()
-    {
-        return d;
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-    
-    public void setPointFormat(String style)
-    {
-       withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style));
-    }
-
-    ECParameterSpec engineGetSpec()
-    {
-        if (ecSpec != null)
-        {
-            return ecSpec;
-        }
-
-        return ProviderUtil.getEcImplicitlyCa();
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof JCEECPrivateKey))
-        {
-            return false;
-        }
-
-        JCEECPrivateKey other = (JCEECPrivateKey)o;
-
-        return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec()));
-    }
-
-    public int hashCode()
-    {
-        return getD().hashCode() ^ engineGetSpec().hashCode();
-    }
-
-    private DERBitString getPublicKeyDetails(JCEECPublicKey   pub)
-    {
-        try
-        {
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(pub.getEncoded()));
-
-            return info.getPublicKeyData();
-        }
-        catch (IOException e)
-        {   // should never happen
-            return null;
-        }
-    }
-
-    private void readObject(
-        ObjectInputStream in)
-        throws IOException, ClassNotFoundException
-    {
-        byte[] enc = (byte[])in.readObject();
-
-        populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(enc)));
-
-        this.algorithm = (String)in.readObject();
-        this.withCompression = in.readBoolean();
-        this.attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-        attrCarrier.readObject(in);
-    }
-
-    private void writeObject(
-        ObjectOutputStream out)
-        throws IOException
-    {
-        out.writeObject(this.getEncoded());
-        out.writeObject(algorithm);
-        out.writeBoolean(withCompression);
-
-        attrCarrier.writeObject(out);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
deleted file mode 100644
index 8cdf1f403..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
+++ /dev/null
@@ -1,448 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X962Parameters;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.asn1.x9.X9ECPoint;
-import org.bouncycastle.asn1.x9.X9IntegerConverter;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-import org.bouncycastle.jce.interfaces.ECPointEncoder;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-
-public class JCEECPublicKey
-    implements ECPublicKey, ECPointEncoder
-{
-    private String          algorithm = "EC";
-    private ECPoint         q;
-    private ECParameterSpec ecSpec;
-    private boolean         withCompression;
-    private GOST3410PublicKeyAlgParameters       gostParams;
-
-    public JCEECPublicKey(
-        String              algorithm,
-        JCEECPublicKey      key)
-    {
-        this.algorithm = algorithm;
-        this.q = key.q;
-        this.ecSpec = key.ecSpec;
-        this.withCompression = key.withCompression;
-        this.gostParams = key.gostParams;
-    }
-
-    public JCEECPublicKey(
-        String              algorithm,
-        ECPublicKeySpec     spec)
-    {
-        this.algorithm = algorithm;
-        this.q = spec.getQ();
-
-        if (spec.getParams() != null)
-        {
-            this.ecSpec = spec.getParams();
-        }
-        else
-        {
-            if (q.getCurve() == null)
-            {
-                org.bouncycastle.jce.spec.ECParameterSpec s = ProviderUtil.getEcImplicitlyCa();
-
-                q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false);
-            }
-            this.ecSpec = null;
-        }
-    }
-
-    public JCEECPublicKey(
-        String                  algorithm,
-        ECPublicKeyParameters   params,
-        ECParameterSpec         spec)
-    {
-        ECDomainParameters      dp = params.getParameters();
-
-        this.algorithm = algorithm;
-        this.q = params.getQ();
-
-        if (spec == null)
-        {
-            this.ecSpec = new ECParameterSpec(
-                            dp.getCurve(),
-                            dp.getG(),
-                            dp.getN(),
-                            dp.getH(),
-                            dp.getSeed());
-        }
-        else
-        {
-            this.ecSpec = spec;
-        }
-    }
-
-    public JCEECPublicKey(
-        String                  algorithm,
-        ECPublicKeyParameters   params)
-    {
-        this.algorithm = algorithm;
-        this.q = params.getQ();
-        this.ecSpec = null;
-    }
-
-    JCEECPublicKey(
-        ECPublicKey     key)
-    {
-        this.q = key.getQ();
-        this.algorithm = key.getAlgorithm();
-        this.ecSpec = key.getParameters();
-    }
-
-    JCEECPublicKey(
-        String            algorithm,
-        ECPoint           q,
-        ECParameterSpec   ecSpec)
-    {
-        this.algorithm = algorithm;
-        this.q = q;
-        this.ecSpec = ecSpec;
-    }
-
-    JCEECPublicKey(
-        SubjectPublicKeyInfo    info)
-    {
-        populateFromPubKeyInfo(info);
-    }
-
-    private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
-    {
-        if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-        {
-            DERBitString bits = info.getPublicKeyData();
-            ASN1OctetString key;
-            this.algorithm = "ECGOST3410";
-
-            try
-            {
-                key = (ASN1OctetString)ASN1Object.fromByteArray(bits.getBytes());
-            }
-            catch (IOException ex)
-            {
-                throw new IllegalArgumentException("error recovering public key");
-            }
-
-            byte[]          keyEnc = key.getOctets();
-            byte[]          x = new byte[32];
-            byte[]          y = new byte[32];
-
-            for (int i = 0; i != x.length; i++)
-            {
-                x[i] = keyEnc[32 - 1 - i];
-            }
-
-            for (int i = 0; i != y.length; i++)
-            {
-                y[i] = keyEnc[64 - 1 - i];
-            }
-
-            gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-
-            ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
-
-            ecSpec = spec;
-
-            this.q = spec.getCurve().createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
-        }
-        else
-        {
-            X962Parameters          params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
-            ECCurve                 curve;
-
-            if (params.isNamedCurve())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-                X9ECParameters      ecP = ECUtil.getNamedCurveByOid(oid);
-
-                ecSpec = new ECNamedCurveParameterSpec(
-                                            ECUtil.getCurveName(oid),
-                                            ecP.getCurve(),
-                                            ecP.getG(),
-                                            ecP.getN(),
-                                            ecP.getH(),
-                                            ecP.getSeed());
-                curve = ((ECParameterSpec)ecSpec).getCurve();
-            }
-            else if (params.isImplicitlyCA())
-            {
-                ecSpec = null;
-                curve = ProviderUtil.getEcImplicitlyCa().getCurve();
-            }
-            else
-            {
-                X9ECParameters ecP = new X9ECParameters(
-                            (ASN1Sequence)params.getParameters());
-                ecSpec = new ECParameterSpec(
-                                            ecP.getCurve(),
-                                            ecP.getG(),
-                                            ecP.getN(),
-                                            ecP.getH(),
-                                            ecP.getSeed());
-                curve = ((ECParameterSpec)ecSpec).getCurve();
-            }
-
-            DERBitString    bits = info.getPublicKeyData();
-            byte[]          data = bits.getBytes();
-            ASN1OctetString key = new DEROctetString(data);
-
-            //
-            // extra octet string - one of our old certs...
-            //
-            if (data[0] == 0x04 && data[1] == data.length - 2
-                && (data[2] == 0x02 || data[2] == 0x03))
-            {
-                int qLength = new X9IntegerConverter().getByteLength(curve);
-
-                if (qLength >= data.length - 3)
-                {
-                    try
-                    {
-                        key = (ASN1OctetString)ASN1Object.fromByteArray(data);
-                    }
-                    catch (IOException ex)
-                    {
-                        throw new IllegalArgumentException("error recovering public key");
-                    }
-                }
-            }
-
-            X9ECPoint derQ = new X9ECPoint(curve, key);
-
-            this.q = derQ.getPoint();
-        }
-    }
-
-    public String getAlgorithm()
-    {
-        return algorithm;
-    }
-
-    public String getFormat()
-    {
-        return "X.509";
-    }
-
-    public byte[] getEncoded()
-    {
-        SubjectPublicKeyInfo info;
-        
-        if (algorithm.equals("ECGOST3410"))
-        {
-            DEREncodable          params = null;
-            if (gostParams != null)
-            {
-                params = gostParams;
-            }
-            else if (ecSpec instanceof ECNamedCurveParameterSpec)
-            {
-                params = new GOST3410PublicKeyAlgParameters(
-                                   ECGOST3410NamedCurves.getOID(((ECNamedCurveParameterSpec)ecSpec).getName()),
-                                   CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
-            }
-            else
-            {
-                ECParameterSpec         p = (ECParameterSpec)ecSpec;
-
-                ECCurve curve = p.getG().getCurve();
-                ECPoint generator = curve.createPoint(p.getG().getX().toBigInteger(), p.getG().getY().toBigInteger(), withCompression);
-
-                X9ECParameters ecP = new X9ECParameters(
-                    p.getCurve(), generator, p.getN(), p.getH(), p.getSeed());
-
-                params = new X962Parameters(ecP);
-            }
-
-            ECPoint qq = this.getQ();
-            ECPoint point = qq.getCurve().createPoint(qq.getX().toBigInteger(), qq.getY().toBigInteger(), false);
-            ASN1OctetString p = (ASN1OctetString)(new X9ECPoint(point).getDERObject());
-
-            BigInteger      bX = this.q.getX().toBigInteger();
-            BigInteger      bY = this.q.getY().toBigInteger();
-            byte[]          encKey = new byte[64];
-            
-            byte[] val = bX.toByteArray();
-            
-            for (int i = 0; i != 32; i++)
-            {
-                encKey[i] = val[val.length - 1 - i];
-            }
-            
-            val = bY.toByteArray();
-            
-            for (int i = 0; i != 32; i++)
-            {
-                encKey[32 + i] = val[val.length - 1 - i];
-            }
-            
-            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
-        }
-        else
-        {
-            X962Parameters          params = null;
-            if (ecSpec instanceof ECNamedCurveParameterSpec)
-            {
-                DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveParameterSpec)ecSpec).getName());
-
-                if (curveOid == null)
-                {
-                    curveOid = new DERObjectIdentifier(((ECNamedCurveParameterSpec)ecSpec).getName());
-                }
-                params = new X962Parameters(curveOid);
-            }
-            else if (ecSpec == null)
-            {
-                params = new X962Parameters(DERNull.INSTANCE);
-            }
-            else
-            {
-                ECParameterSpec         p = (ECParameterSpec)ecSpec;
-
-                ECCurve curve = p.getG().getCurve();
-                ECPoint generator = curve.createPoint(p.getG().getX().toBigInteger(), p.getG().getY().toBigInteger(), withCompression);
-
-                X9ECParameters ecP = new X9ECParameters(
-                    p.getCurve(), generator, p.getN(), p.getH(), p.getSeed());
-
-                params = new X962Parameters(ecP);
-            }
-
-            ECCurve curve = this.engineGetQ().getCurve();
-            ECPoint point = curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression);
-            ASN1OctetString p = (ASN1OctetString)(new X9ECPoint(point).getDERObject());
-
-            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
-        }
-        
-        return info.getDEREncoded();
-    }
-
-    public ECParameterSpec getParams()
-    {
-        return (ECParameterSpec)ecSpec;
-    }
-
-    public ECParameterSpec getParameters()
-    {
-        return (ECParameterSpec)ecSpec;
-    }
-    
-    public org.bouncycastle.math.ec.ECPoint getQ()
-    {
-        if (ecSpec == null)
-        {
-            if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
-            {
-                return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY());
-            }
-            else
-            {
-                return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY());
-            }
-        }
-
-        return q;
-    }
-
-    public org.bouncycastle.math.ec.ECPoint engineGetQ()
-    {
-        return q;
-    }
-
-    public String toString()
-    {
-        StringBuffer    buf = new StringBuffer();
-        String          nl = System.getProperty("line.separator");
-
-        buf.append("EC Public Key").append(nl);
-        buf.append("            X: ").append(this.getQ().getX().toBigInteger().toString(16)).append(nl);
-        buf.append("            Y: ").append(this.getQ().getY().toBigInteger().toString(16)).append(nl);
-
-        return buf.toString();
-
-    }
-
-    public void setPointFormat(String style)
-    {
-       withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style));
-    }
-
-    ECParameterSpec engineGetSpec()
-    {
-        if (ecSpec != null)
-        {
-            return (ECParameterSpec)ecSpec;
-        }
-
-        return ProviderUtil.getEcImplicitlyCa();
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof JCEECPublicKey))
-        {
-            return false;
-        }
-
-        JCEECPublicKey other = (JCEECPublicKey)o;
-
-        return getQ().equals(other.getQ()) && (engineGetSpec().equals(other.engineGetSpec()));
-    }
-
-    public int hashCode()
-    {
-        return getQ().hashCode() ^ engineGetSpec().hashCode();
-    }
-
-    private void readObject(
-        ObjectInputStream in)
-        throws IOException, ClassNotFoundException
-    {
-        byte[] enc = (byte[])in.readObject();
-
-        populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(enc)));
-
-        this.algorithm = (String)in.readObject();
-        this.withCompression = in.readBoolean();
-    }
-
-    private void writeObject(
-        ObjectOutputStream out)
-        throws IOException
-    {
-        out.writeObject(this.getEncoded());
-        out.writeObject(algorithm);
-        out.writeBoolean(withCompression);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalCipher.java
deleted file mode 100644
index dae0320b8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalCipher.java
+++ /dev/null
@@ -1,330 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.interfaces.DHKey;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.BufferedAsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-import org.bouncycastle.crypto.encodings.OAEPEncoding;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.ElGamalEngine;
-import org.bouncycastle.crypto.engines.RSAEngine;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.jce.interfaces.ElGamalKey;
-import org.bouncycastle.jce.interfaces.ElGamalPrivateKey;
-import org.bouncycastle.jce.interfaces.ElGamalPublicKey;
-import org.bouncycastle.util.Strings;
-
-public class JCEElGamalCipher extends WrapCipherSpi
-{
-    private BufferedAsymmetricBlockCipher   cipher;
-    private AlgorithmParameterSpec          paramSpec;
-    private AlgorithmParameters             engineParams;
-
-    public JCEElGamalCipher(
-        AsymmetricBlockCipher   engine)
-    {
-        cipher = new BufferedAsymmetricBlockCipher(engine);
-    }
-    
-    protected int engineGetBlockSize() 
-    {
-        return cipher.getInputBlockSize();
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        if (key instanceof ElGamalKey)
-        {
-            ElGamalKey   k = (ElGamalKey)key;
-
-            return k.getParameters().getP().bitLength();
-        }
-        else if (key instanceof DHKey)
-        {
-            DHKey   k = (DHKey)key;
-
-            return k.getParams().getP().bitLength();
-        }
-
-        throw new IllegalArgumentException("not an ElGamal key!");
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        return cipher.getOutputBlockSize();
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            if (paramSpec != null)
-            {
-                try
-                {
-                    engineParams = AlgorithmParameters.getInstance("OAEP", "BC");
-                    engineParams.init(paramSpec);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.toString());
-                }
-            }
-        }
-
-        return engineParams;
-    }
-
-    protected void engineSetMode(
-        String  mode)
-        throws NoSuchAlgorithmException
-    {
-        String md = Strings.toUpperCase(mode);
-        
-        if (md.equals("NONE") || md.equals("ECB"))
-        {
-            return;
-        }
-        
-        throw new NoSuchAlgorithmException("can't support mode " + mode);
-    }
-
-    protected void engineSetPadding(
-        String  padding) 
-        throws NoSuchPaddingException
-    {
-        String pad = Strings.toUpperCase(padding);
-
-        if (pad.equals("NOPADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new ElGamalEngine());
-        }
-        else if (pad.equals("PKCS1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new PKCS1Encoding(new ElGamalEngine()));
-        }
-        else if (pad.equals("OAEPPADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine()));
-        }
-        else if (pad.equals("ISO9796-1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new ISO9796d1Encoding(new ElGamalEngine()));
-        }
-        else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), new MD5Digest()));
-        }
-        else if (pad.equals("OAEPWITHSHA1ANDMGF1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), new SHA1Digest()));
-        }
-        else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), new SHA224Digest()));
-        }
-        else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), new SHA256Digest()));
-        }
-        else if (pad.equals("OAEPWITHSHA384ANDMGF1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), new SHA384Digest()));
-        }
-        else if (pad.equals("OAEPWITHSHA512ANDMGF1PADDING"))
-        {
-            cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), new SHA512Digest()));
-        }
-        else
-        {
-            throw new NoSuchPaddingException(padding + " unavailable with ElGamal.");
-        }
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-    throws InvalidKeyException
-    {
-        CipherParameters        param;
-
-        if (params == null)
-        {
-            if (key instanceof ElGamalPublicKey)
-            {
-                param = ElGamalUtil.generatePublicKeyParameter((PublicKey)key);
-            }
-            else if (key instanceof ElGamalPrivateKey)
-            {
-                param = ElGamalUtil.generatePrivateKeyParameter((PrivateKey)key);
-            }
-            else
-            {
-                throw new InvalidKeyException("unknown key type passed to ElGamal");
-            }
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown parameter type.");
-        }
-
-        if (random != null)
-        {
-            param = new ParametersWithRandom(param, random);
-        }
-
-        switch (opmode)
-        {
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.WRAP_MODE:
-            cipher.init(true, param);
-            break;
-        case Cipher.DECRYPT_MODE:
-        case Cipher.UNWRAP_MODE:
-            cipher.init(false, param);
-            break;
-        default:
-            throw new InvalidParameterException("unknown opmode " + opmode + " passed to ElGamal");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        throw new InvalidAlgorithmParameterException("can't handle parameters in ElGamal");
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-    throws InvalidKeyException
-    {
-        engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        cipher.processBytes(input, inputOffset, inputLen);
-        return null;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-    {
-        cipher.processBytes(input, inputOffset, inputLen);
-        return 0;
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        cipher.processBytes(input, inputOffset, inputLen);
-        try
-        {
-            return cipher.doFinal();
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        byte[]  out;
-
-        cipher.processBytes(input, inputOffset, inputLen);
-
-        try
-        {
-            out = cipher.doFinal();
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-
-        for (int i = 0; i != out.length; i++)
-        {
-            output[outputOffset + i] = out[i];
-        }
-
-        return out.length;
-    }
-
-    /**
-     * classes that inherit from us.
-     */
-    static public class NoPadding
-        extends JCEElGamalCipher
-    {
-        public NoPadding()
-        {
-            super(new ElGamalEngine());
-        }
-    }
-    
-    static public class PKCS1v1_5Padding
-        extends JCEElGamalCipher
-    {
-        public PKCS1v1_5Padding()
-        {
-            super(new PKCS1Encoding(new ElGamalEngine()));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java
deleted file mode 100644
index e4cd09add..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-import org.bouncycastle.jce.interfaces.ElGamalPrivateKey;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.jce.spec.ElGamalParameterSpec;
-import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec;
-
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPrivateKeySpec;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
-public class JCEElGamalPrivateKey
-    implements ElGamalPrivateKey, DHPrivateKey, PKCS12BagAttributeCarrier
-{
-    static final long serialVersionUID = 4819350091141529678L;
-        
-    BigInteger      x;
-
-    ElGamalParameterSpec   elSpec;
-
-    private PKCS12BagAttributeCarrierImpl   attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    protected JCEElGamalPrivateKey()
-    {
-    }
-
-    JCEElGamalPrivateKey(
-        ElGamalPrivateKey    key)
-    {
-        this.x = key.getX();
-        this.elSpec = key.getParameters();
-    }
-
-    JCEElGamalPrivateKey(
-        DHPrivateKey    key)
-    {
-        this.x = key.getX();
-        this.elSpec = new ElGamalParameterSpec(key.getParams().getP(), key.getParams().getG());
-    }
-    
-    JCEElGamalPrivateKey(
-        ElGamalPrivateKeySpec    spec)
-    {
-        this.x = spec.getX();
-        this.elSpec = new ElGamalParameterSpec(spec.getParams().getP(), spec.getParams().getG());
-    }
-
-    JCEElGamalPrivateKey(
-        DHPrivateKeySpec    spec)
-    {
-        this.x = spec.getX();
-        this.elSpec = new ElGamalParameterSpec(spec.getP(), spec.getG());
-    }
-    
-    JCEElGamalPrivateKey(
-        PrivateKeyInfo  info)
-    {
-        ElGamalParameter     params = new ElGamalParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger      derX = (DERInteger)info.getPrivateKey();
-
-        this.x = derX.getValue();
-        this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG());
-    }
-
-    JCEElGamalPrivateKey(
-        ElGamalPrivateKeyParameters  params)
-    {
-        this.x = params.getX();
-        this.elSpec = new ElGamalParameterSpec(params.getParameters().getP(), params.getParameters().getG());
-    }
-
-    public String getAlgorithm()
-    {
-        return "ElGamal";
-    }
-
-    /**
-     * return the encoding format we produce in getEncoded().
-     *
-     * @return the string "PKCS#8"
-     */
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    /**
-     * Return a PKCS8 representation of the key. The sequence returned
-     * represents a full PrivateKeyInfo object.
-     *
-     * @return a PKCS8 representation of the key.
-     */
-    public byte[] getEncoded()
-    {
-        PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG()).getDERObject()), new DERInteger(getX()));
-
-        return info.getDEREncoded();
-    }
-
-    public ElGamalParameterSpec getParameters()
-    {
-        return elSpec;
-    }
-
-    public DHParameterSpec getParams()
-    {
-        return new DHParameterSpec(elSpec.getP(), elSpec.getG());
-    }
-    
-    public BigInteger getX()
-    {
-        return x;
-    }
-
-    private void readObject(
-        ObjectInputStream   in)
-        throws IOException, ClassNotFoundException
-    {
-        x = (BigInteger)in.readObject();
-
-        this.elSpec = new ElGamalParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject());
-    }
-
-    private void writeObject(
-        ObjectOutputStream  out)
-        throws IOException
-    {
-        out.writeObject(this.getX());
-        out.writeObject(elSpec.getP());
-        out.writeObject(elSpec.getG());
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java
deleted file mode 100644
index fea051b82..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java
+++ /dev/null
@@ -1,141 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPublicKeySpec;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-import org.bouncycastle.jce.interfaces.ElGamalPublicKey;
-import org.bouncycastle.jce.spec.ElGamalParameterSpec;
-import org.bouncycastle.jce.spec.ElGamalPublicKeySpec;
-
-public class JCEElGamalPublicKey
-    implements ElGamalPublicKey, DHPublicKey
-{
-    static final long serialVersionUID = 8712728417091216948L;
-        
-    private BigInteger              y;
-    private ElGamalParameterSpec    elSpec;
-
-    JCEElGamalPublicKey(
-        ElGamalPublicKeySpec    spec)
-    {
-        this.y = spec.getY();
-        this.elSpec = new ElGamalParameterSpec(spec.getParams().getP(), spec.getParams().getG());
-    }
-
-    JCEElGamalPublicKey(
-        DHPublicKeySpec    spec)
-    {
-        this.y = spec.getY();
-        this.elSpec = new ElGamalParameterSpec(spec.getP(), spec.getG());
-    }
-    
-    JCEElGamalPublicKey(
-        ElGamalPublicKey    key)
-    {
-        this.y = key.getY();
-        this.elSpec = key.getParameters();
-    }
-
-    JCEElGamalPublicKey(
-        DHPublicKey    key)
-    {
-        this.y = key.getY();
-        this.elSpec = new ElGamalParameterSpec(key.getParams().getP(), key.getParams().getG());
-    }
-    
-    JCEElGamalPublicKey(
-        ElGamalPublicKeyParameters  params)
-    {
-        this.y = params.getY();
-        this.elSpec = new ElGamalParameterSpec(params.getParameters().getP(), params.getParameters().getG());
-    }
-
-    JCEElGamalPublicKey(
-        BigInteger              y,
-        ElGamalParameterSpec    elSpec)
-    {
-        this.y = y;
-        this.elSpec = elSpec;
-    }
-
-    JCEElGamalPublicKey(
-        SubjectPublicKeyInfo    info)
-    {
-        ElGamalParameter        params = new ElGamalParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger              derY = null;
-
-        try
-        {
-            derY = (DERInteger)info.getPublicKey();
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid info structure in DSA public key");
-        }
-
-        this.y = derY.getValue();
-        this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG());
-    }
-
-    public String getAlgorithm()
-    {
-        return "ElGamal";
-    }
-
-    public String getFormat()
-    {
-        return "X.509";
-    }
-
-    public byte[] getEncoded()
-    {
-        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG()).getDERObject()), new DERInteger(y));
-
-        return info.getDEREncoded();
-    }
-
-    public ElGamalParameterSpec getParameters()
-    {
-        return elSpec;
-    }
-    
-    public DHParameterSpec getParams()
-    {
-        return new DHParameterSpec(elSpec.getP(), elSpec.getG());
-    }
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-
-    private void readObject(
-        ObjectInputStream   in)
-        throws IOException, ClassNotFoundException
-    {
-        this.y = (BigInteger)in.readObject();
-        this.elSpec = new ElGamalParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject());
-    }
-
-    private void writeObject(
-        ObjectOutputStream  out)
-        throws IOException
-    {
-        out.writeObject(this.getY());
-        out.writeObject(elSpec.getP());
-        out.writeObject(elSpec.getG());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java
deleted file mode 100644
index d3aa62cc3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java
+++ /dev/null
@@ -1,400 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.interfaces.DHPrivateKey;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.agreement.DHBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.engines.IESEngine;
-import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
-import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.params.IESParameters;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.interfaces.IESKey;
-import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
-import org.bouncycastle.jce.spec.IESParameterSpec;
-
-public class JCEIESCipher extends WrapCipherSpi
-{
-    private IESEngine               cipher;
-    private int                     state = -1;
-    private ByteArrayOutputStream   buffer = new ByteArrayOutputStream();
-    private AlgorithmParameters     engineParam = null;
-    private IESParameterSpec        engineParams = null;
-
-    //
-    // specs we can handle.
-    //
-    private Class[]                 availableSpecs =
-                                    {
-                                        IESParameterSpec.class
-                                    };
-
-    public JCEIESCipher(
-        IESEngine   engine)
-    {
-        cipher = engine;
-    }
-
-    protected int engineGetBlockSize() 
-    {
-        return 0;
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        if (!(key instanceof IESKey))
-        {
-            throw new IllegalArgumentException("must be passed IE key");
-        }
-
-        IESKey   ieKey = (IESKey)key;
-
-        if (ieKey.getPrivate() instanceof DHPrivateKey)
-        {
-            DHPrivateKey   k = (DHPrivateKey)ieKey.getPrivate();
-
-            return k.getX().bitLength();
-        }
-        else if (ieKey.getPrivate() instanceof ECPrivateKey)
-        {
-            ECPrivateKey   k = (ECPrivateKey)ieKey.getPrivate();
-
-            return k.getD().bitLength();
-        }
-
-        throw new IllegalArgumentException("not an IE key!");
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE)
-        {
-            return buffer.size() + inputLen + 20; /* SHA1 MAC size */
-        }
-        else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE)
-        {
-            return buffer.size() + inputLen - 20;
-        }
-        else
-        {
-            throw new IllegalStateException("cipher not initialised");
-        }
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParam == null)
-        {
-            if (engineParams != null)
-            {
-                String  name = "IES";
-
-                try
-                {
-                    engineParam = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
-                    engineParam.init(engineParams);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.toString());
-                }
-            }
-        }
-
-        return engineParam;
-    }
-
-    protected void engineSetMode(
-        String  mode) 
-    {
-        throw new IllegalArgumentException("can't support mode " + mode);
-    }
-
-    protected void engineSetPadding(
-        String  padding) 
-        throws NoSuchPaddingException
-    {
-        throw new NoSuchPaddingException(padding + " unavailable with RSA.");
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        if (!(key instanceof IESKey))
-        {
-            throw new InvalidKeyException("must be passed IES key");
-        }
-
-        if (params == null && (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE))
-        {
-            //
-            // if nothing is specified we set up for a 128 bit mac, with
-            // 128 bit derivation vectors.
-            //
-            byte[]  d = new byte[16];
-            byte[]  e = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(d);
-            random.nextBytes(e);
-
-            params = new IESParameterSpec(d, e, 128);
-        }
-        else if (!(params instanceof IESParameterSpec))
-        {
-            throw new InvalidAlgorithmParameterException("must be passed IES parameters");
-        }
-
-        IESKey       ieKey = (IESKey)key;
-
-        CipherParameters pubKey;
-        CipherParameters privKey;
-
-        if (ieKey.getPublic() instanceof ECPublicKey)
-        {
-            pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic());
-            privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate());
-        }
-        else
-        {
-            pubKey = DHUtil.generatePublicKeyParameter(ieKey.getPublic());
-            privKey = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate());
-        }
-
-        this.engineParams = (IESParameterSpec)params;
-
-        IESParameters       p = new IESParameters(engineParams.getDerivationV(), engineParams.getEncodingV(), engineParams.getMacKeySize());
-
-        this.state = opmode;
-
-        buffer.reset();
-
-        switch (opmode)
-        {
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.WRAP_MODE:
-            cipher.init(true, privKey, pubKey, p);
-            break;
-        case Cipher.DECRYPT_MODE:
-        case Cipher.UNWRAP_MODE:
-            cipher.init(false, privKey, pubKey, p);
-            break;
-        default:
-            System.out.println("eeek!");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        AlgorithmParameterSpec  paramSpec = null;
-
-        if (params != null)
-        {
-            for (int i = 0; i != availableSpecs.length; i++)
-            {
-                try
-                {
-                    paramSpec = params.getParameterSpec(availableSpecs[i]);
-                    break;
-                }
-                catch (Exception e)
-                {
-                    continue;
-                }
-            }
-
-            if (paramSpec == null)
-            {
-                throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString());
-            }
-        }
-
-        engineParam = params;
-        engineInit(opmode, key, paramSpec, random);
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-    throws InvalidKeyException
-    {
-        if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE)
-        {
-            try
-            {
-                engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-                return;
-            }
-            catch (InvalidAlgorithmParameterException e)
-            {
-                // fall through...
-            }
-        }
-
-        throw new IllegalArgumentException("can't handle null parameter spec in IES");
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        buffer.write(input, inputOffset, inputLen);
-        return null;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-    {
-        buffer.write(input, inputOffset, inputLen);
-        return 0;
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        if (inputLen != 0)
-        {
-            buffer.write(input, inputOffset, inputLen);
-        }
-
-        try
-        {
-            byte[]  buf = buffer.toByteArray();
-
-            buffer.reset();
-
-            return cipher.processBlock(buf, 0, buf.length);
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        if (inputLen != 0)
-        {
-            buffer.write(input, inputOffset, inputLen);
-        }
-
-        try
-        {
-            byte[]  buf = buffer.toByteArray();
-
-            buffer.reset();
-
-            buf = cipher.processBlock(buf, 0, buf.length);
-
-            System.arraycopy(buf, 0, output, outputOffset, buf.length);
-
-            return buf.length;
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-    }
-
-    /**
-     * classes that inherit from us.
-     */
-    static public class BrokenECIES
-        extends JCEIESCipher
-    {
-        public BrokenECIES()
-        {
-            super(new IESEngine(
-                   new ECDHBasicAgreement(),
-                   new BrokenKDF2BytesGenerator(new SHA1Digest()),
-                   new HMac(new SHA1Digest())));
-        }
-    }
-
-    static public class BrokenIES
-        extends JCEIESCipher
-    {
-        public BrokenIES()
-        {
-            super(new IESEngine(
-                   new DHBasicAgreement(),
-                   new BrokenKDF2BytesGenerator(new SHA1Digest()),
-                   new HMac(new SHA1Digest())));
-        }
-    }
-    
-    static public class ECIES
-        extends JCEIESCipher
-    {
-        public ECIES()
-        {
-            super(new IESEngine(
-                   new ECDHBasicAgreement(),
-                   new KDF2BytesGenerator(new SHA1Digest()),
-                   new HMac(new SHA1Digest())));
-        }
-    }
-    
-    static public class IES
-        extends JCEIESCipher
-    {
-        public IES()
-        {
-            super(new IESEngine(
-                   new DHBasicAgreement(),
-                   new KDF2BytesGenerator(new SHA1Digest()),
-                   new HMac(new SHA1Digest())));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
deleted file mode 100644
index bba6ec136..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
+++ /dev/null
@@ -1,256 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.KeyGeneratorSpi;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.generators.DESKeyGenerator;
-
-public class JCEKeyGenerator
-    extends KeyGeneratorSpi
-{
-    protected String                algName;
-    protected int                   keySize;
-    protected int                   defaultKeySize;
-    protected CipherKeyGenerator    engine;
-
-    protected boolean               uninitialised = true;
-
-    protected JCEKeyGenerator(
-        String              algName,
-        int                 defaultKeySize,
-        CipherKeyGenerator  engine)
-    {
-        this.algName = algName;
-        this.keySize = this.defaultKeySize = defaultKeySize;
-        this.engine = engine;
-    }
-
-    protected void engineInit(
-        AlgorithmParameterSpec  params,
-        SecureRandom            random)
-    throws InvalidAlgorithmParameterException
-    {
-        throw new InvalidAlgorithmParameterException("Not Implemented");
-    }
-
-    protected void engineInit(
-        SecureRandom    random)
-    {
-        if (random != null)
-        {
-            engine.init(new KeyGenerationParameters(random, defaultKeySize));
-            uninitialised = false;
-        }
-    }
-
-    protected void engineInit(
-        int             keySize,
-        SecureRandom    random)
-    {
-        try
-        {
-            engine.init(new KeyGenerationParameters(random, keySize));
-            uninitialised = false;
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new InvalidParameterException(e.getMessage());
-        }
-    }
-
-    protected SecretKey engineGenerateKey()
-    {
-        if (uninitialised)
-        {
-            engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
-            uninitialised = false;
-        }
-
-        return new SecretKeySpec(engine.generateKey(), algName);
-    }
-
-    /**
-     * the generators that are defined directly off us.
-     */
-
-    /**
-     * DES
-     */
-    public static class DES
-        extends JCEKeyGenerator
-    {
-        public DES()
-        {
-            super("DES", 64, new DESKeyGenerator());
-        }
-    }
-
-    /**
-     * RC2
-     */
-    public static class RC2
-        extends JCEKeyGenerator
-    {
-        public RC2()
-        {
-            super("RC2", 128, new CipherKeyGenerator());
-        }
-    }
-
-    /**
-     * GOST28147
-     */
-    public static class GOST28147
-        extends JCEKeyGenerator
-    {
-        public GOST28147()
-        {
-            super("GOST28147", 256, new CipherKeyGenerator());
-        }
-    }
-
-    // HMAC Related secret keys..
-  
-    /**
-     * MD2HMAC
-     */
-    public static class MD2HMAC
-        extends JCEKeyGenerator
-    {
-        public MD2HMAC()
-        {
-            super("HMACMD2", 128, new CipherKeyGenerator());
-        }
-    }
-
-
-    /**
-     * MD4HMAC
-     */
-    public static class MD4HMAC
-        extends JCEKeyGenerator
-    {
-        public MD4HMAC()
-        {
-            super("HMACMD4", 128, new CipherKeyGenerator());
-        }
-    }
-
-    /**
-     * MD5HMAC
-     */
-    public static class MD5HMAC
-        extends JCEKeyGenerator
-    {
-        public MD5HMAC()
-        {
-            super("HMACMD5", 128, new CipherKeyGenerator());
-        }
-    }
-
-
-    /**
-     * RIPE128HMAC
-     */
-    public static class RIPEMD128HMAC
-        extends JCEKeyGenerator
-    {
-        public RIPEMD128HMAC()
-        {
-            super("HMACRIPEMD128", 128, new CipherKeyGenerator());
-        }
-    }
-
-    /**
-     * RIPE160HMAC
-     */
-    public static class RIPEMD160HMAC
-        extends JCEKeyGenerator
-    {
-        public RIPEMD160HMAC()
-        {
-            super("HMACRIPEMD160", 160, new CipherKeyGenerator());
-        }
-    }
-
-
-    /**
-     * HMACSHA1
-     */
-    public static class HMACSHA1
-        extends JCEKeyGenerator
-    {
-        public HMACSHA1()
-        {
-            super("HMACSHA1", 160, new CipherKeyGenerator());
-        }
-    }
-
-    /**
-     * HMACSHA224
-     */
-    public static class HMACSHA224
-        extends JCEKeyGenerator
-    {
-        public HMACSHA224()
-        {
-            super("HMACSHA224", 224, new CipherKeyGenerator());
-        }
-    }
-    
-    /**
-     * HMACSHA256
-     */
-    public static class HMACSHA256
-        extends JCEKeyGenerator
-    {
-        public HMACSHA256()
-        {
-            super("HMACSHA256", 256, new CipherKeyGenerator());
-        }
-    }
-    
-    /**
-     * HMACSHA384
-     */
-    public static class HMACSHA384
-        extends JCEKeyGenerator
-    {
-        public HMACSHA384()
-        {
-            super("HMACSHA384", 384, new CipherKeyGenerator());
-        }
-    }
-    
-    /**
-     * HMACSHA512
-     */
-    public static class HMACSHA512
-        extends JCEKeyGenerator
-    {
-        public HMACSHA512()
-        {
-            super("HMACSHA512", 512, new CipherKeyGenerator());
-        }
-    }
-    
-    /**
-     * HMACTIGER
-     */
-    public static class HMACTIGER
-        extends JCEKeyGenerator
-    {
-        public HMACTIGER()
-        {
-            super("HMACTIGER", 192, new CipherKeyGenerator());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
deleted file mode 100644
index 6bf6fe4d6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
+++ /dev/null
@@ -1,426 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.MacSpi;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.digests.TigerDigest;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.RC2Engine;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.GOST28147Mac;
-import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-import org.bouncycastle.crypto.macs.OldHMac;
-import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public class JCEMac
-    extends MacSpi implements PBE
-{
-    private Mac macEngine;
-
-    private int                     pbeType = PKCS12;
-    private int                     pbeHash = SHA1;
-    private int                     keySize = 160;
-
-    protected JCEMac(
-        Mac macEngine)
-    {
-        this.macEngine = macEngine;
-    }
-
-    protected JCEMac(
-        Mac macEngine,
-        int pbeType,
-        int pbeHash,
-        int keySize)
-    {
-        this.macEngine = macEngine;
-        this.pbeType = pbeType;
-        this.pbeHash = pbeHash;
-        this.keySize = keySize;
-    }
-
-    protected void engineInit(
-        Key                     key,
-        AlgorithmParameterSpec  params)
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        CipherParameters        param;
-
-        if (key == null)
-        {
-            throw new InvalidKeyException("key is null");
-        }
-        
-        if (key instanceof JCEPBEKey)
-        {
-            JCEPBEKey   k = (JCEPBEKey)key;
-            
-            if (k.getParam() != null)
-            {
-                param = k.getParam();
-            }
-            else if (params instanceof PBEParameterSpec)
-            {
-                param = PBE.Util.makePBEMacParameters(k, params);
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
-            }
-        }
-        else if (params instanceof IvParameterSpec)
-        {
-            param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV());
-        }
-        else if (params == null)
-        {
-            param = new KeyParameter(key.getEncoded());
-        }
-        else
-        {
-            throw new InvalidAlgorithmParameterException("unknown parameter type.");
-        }
-
-        macEngine.init(param);
-    }
-
-    protected int engineGetMacLength() 
-    {
-        return macEngine.getMacSize();
-    }
-
-    protected void engineReset() 
-    {
-        macEngine.reset();
-    }
-
-    protected void engineUpdate(
-        byte    input) 
-    {
-        macEngine.update(input);
-    }
-
-    protected void engineUpdate(
-        byte[]  input,
-        int     offset,
-        int     len) 
-    {
-        macEngine.update(input, offset, len);
-    }
-
-    protected byte[] engineDoFinal() 
-    {
-        byte[]  out = new byte[engineGetMacLength()];
-
-        macEngine.doFinal(out, 0);
-
-        return out;
-    }
-
-    /**
-     * the classes that extend directly off us.
-     */
-
-    /**
-     * DES
-     */
-    public static class DES
-        extends JCEMac
-    {
-        public DES()
-        {
-            super(new CBCBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * RC2
-     */
-    public static class RC2
-        extends JCEMac
-    {
-        public RC2()
-        {
-            super(new CBCBlockCipherMac(new RC2Engine()));
-        }
-    }
-
-    /**
-     * GOST28147
-     */
-    public static class GOST28147
-        extends JCEMac
-    {
-        public GOST28147()
-        {
-            super(new GOST28147Mac());
-        }
-    }
-
-    
-
-    /**
-     * DES
-     */
-    public static class DESCFB8
-        extends JCEMac
-    {
-        public DESCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * RC2CFB8
-     */
-    public static class RC2CFB8
-        extends JCEMac
-    {
-        public RC2CFB8()
-        {
-            super(new CFBBlockCipherMac(new RC2Engine()));
-        }
-    }
-
-    /**
-     * DES9797Alg3with7816-4Padding
-     */
-    public static class DES9797Alg3with7816d4
-        extends JCEMac
-    {
-        public DES9797Alg3with7816d4()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-        }
-    }
-
-    /**
-     * DES9797Alg3
-     */
-    public static class DES9797Alg3
-        extends JCEMac
-    {
-        public DES9797Alg3()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine()));
-        }
-    }
-
-    /**
-     * MD2 HMac
-     */
-    public static class MD2
-        extends JCEMac
-    {
-        public MD2()
-        {
-            super(new HMac(new MD2Digest()));
-        }
-    }
-
-    /**
-     * MD4 HMac
-     */
-    public static class MD4
-        extends JCEMac
-    {
-        public MD4()
-        {
-            super(new HMac(new MD4Digest()));
-        }
-    }
-
-    /**
-     * MD5 HMac
-     */
-    public static class MD5
-        extends JCEMac
-    {
-        public MD5()
-        {
-            super(new HMac(new MD5Digest()));
-        }
-    }
-
-    /**
-     * SHA1 HMac
-     */
-    public static class SHA1
-        extends JCEMac
-    {
-        public SHA1()
-        {
-            super(new HMac(new SHA1Digest()));
-        }
-    }
-
-    /**
-     * SHA-224 HMac
-     */
-    public static class SHA224
-        extends JCEMac
-    {
-        public SHA224()
-        {
-            super(new HMac(new SHA224Digest()));
-        }
-    }
-    
-    /**
-     * SHA-256 HMac
-     */
-    public static class SHA256
-        extends JCEMac
-    {
-        public SHA256()
-        {
-            super(new HMac(new SHA256Digest()));
-        }
-    }
-
-    /**
-     * SHA-384 HMac
-     */
-    public static class SHA384
-        extends JCEMac
-    {
-        public SHA384()
-        {
-            super(new HMac(new SHA384Digest()));
-        }
-    }
-
-    public static class OldSHA384
-        extends JCEMac
-    {
-        public OldSHA384()
-        {
-            super(new OldHMac(new SHA384Digest()));
-        }
-    }
-    
-    /**
-     * SHA-512 HMac
-     */
-    public static class SHA512
-        extends JCEMac
-    {
-        public SHA512()
-        {
-            super(new HMac(new SHA512Digest()));
-        }
-    }
-
-    /**
-     * SHA-512 HMac
-     */
-    public static class OldSHA512
-        extends JCEMac
-    {
-        public OldSHA512()
-        {
-            super(new OldHMac(new SHA512Digest()));
-        }
-    }
-    
-    /**
-     * RIPEMD128 HMac
-     */
-    public static class RIPEMD128
-        extends JCEMac
-    {
-        public RIPEMD128()
-        {
-            super(new HMac(new RIPEMD128Digest()));
-        }
-    }
-
-    /**
-     * RIPEMD160 HMac
-     */
-    public static class RIPEMD160
-        extends JCEMac
-    {
-        public RIPEMD160()
-        {
-            super(new HMac(new RIPEMD160Digest()));
-        }
-    }
-
-    /**
-     * Tiger HMac
-     */
-    public static class Tiger
-        extends JCEMac
-    {
-        public Tiger()
-        {
-            super(new HMac(new TigerDigest()));
-        }
-    }
-
-    //
-    // PKCS12 states that the same algorithm should be used
-    // for the key generation as is used in the HMAC, so that
-    // is what we do here.
-    //
-
-    /**
-     * PBEWithHmacRIPEMD160
-     */
-    public static class PBEWithRIPEMD160
-        extends JCEMac
-    {
-        public PBEWithRIPEMD160()
-        {
-            super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160);
-        }
-    }
-
-    /**
-     * PBEWithHmacSHA
-     */
-    public static class PBEWithSHA
-        extends JCEMac
-    {
-        public PBEWithSHA()
-        {
-            super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160);
-        }
-    }
-
-    /**
-     * PBEWithHmacTiger
-     */
-    public static class PBEWithTiger
-        extends JCEMac
-    {
-        public PBEWithTiger()
-        {
-            super(new HMac(new TigerDigest()), PKCS12, TIGER, 192);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java
deleted file mode 100644
index 13b52306c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java
+++ /dev/null
@@ -1,151 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import javax.crypto.interfaces.PBEKey;
-import javax.crypto.spec.PBEKeySpec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public class JCEPBEKey
-    implements PBEKey
-{
-    String              algorithm;
-    DERObjectIdentifier oid;
-    int                 type;
-    int                 digest;
-    int                 keySize;
-    int                 ivSize;
-    CipherParameters    param;
-    PBEKeySpec          pbeKeySpec;
-    boolean             tryWrong = false;
-
-    /**
-     * @param param
-     */
-    public JCEPBEKey(
-        String              algorithm,
-        DERObjectIdentifier oid,
-        int                 type,
-        int                 digest,
-        int                 keySize,
-        int                 ivSize,
-        PBEKeySpec          pbeKeySpec,
-        CipherParameters    param)
-    {
-        this.algorithm = algorithm;
-        this.oid = oid;
-        this.type = type;
-        this.digest = digest;
-        this.keySize = keySize;
-        this.ivSize = ivSize;
-        this.pbeKeySpec = pbeKeySpec;
-        this.param = param;
-    }
-
-    public String getAlgorithm()
-    {
-        return algorithm;
-    }
-
-    public String getFormat()
-    {
-        return "RAW";
-    }
-
-    public byte[] getEncoded()
-    {
-        if (param != null)
-        {
-            KeyParameter    kParam;
-            
-            if (param instanceof ParametersWithIV)
-            {
-                kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
-            }
-            else
-            {
-                kParam = (KeyParameter)param;
-            }
-            
-            return kParam.getKey();
-        }
-        else
-        {
-            if (type == PBE.PKCS12)
-            {
-                return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword());
-            }
-            else
-            {   
-                return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword());
-            }
-        }
-    }
-    
-    int getType()
-    {
-        return type;
-    }
-    
-    int getDigest()
-    {
-        return digest;
-    }
-    
-    int getKeySize()
-    {
-        return keySize;
-    }
-    
-    int getIvSize()
-    {
-        return ivSize;
-    }
-    
-    CipherParameters getParam()
-    {
-        return param;
-    }
-
-    /* (non-Javadoc)
-     * @see javax.crypto.interfaces.PBEKey#getPassword()
-     */
-    public char[] getPassword()
-    {
-        return pbeKeySpec.getPassword();
-    }
-
-    /* (non-Javadoc)
-     * @see javax.crypto.interfaces.PBEKey#getSalt()
-     */
-    public byte[] getSalt()
-    {
-        return pbeKeySpec.getSalt();
-    }
-
-    /* (non-Javadoc)
-     * @see javax.crypto.interfaces.PBEKey#getIterationCount()
-     */
-    public int getIterationCount()
-    {
-        return pbeKeySpec.getIterationCount();
-    }
-    
-    public DERObjectIdentifier getOID()
-    {
-        return oid;
-    }
-    
-    void setTryWrongPKCS12Zero(boolean tryWrong)
-    {
-        this.tryWrong = tryWrong; 
-    }
-    
-    boolean shouldTryWrongPKCS12()
-    {
-        return tryWrong;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
deleted file mode 100644
index ab31432a1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
+++ /dev/null
@@ -1,495 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-import org.bouncycastle.crypto.encodings.OAEPEncoding;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSAEngine;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Strings;
-
-public class JCERSACipher extends WrapCipherSpi
-{
-    private AsymmetricBlockCipher   cipher;
-    private AlgorithmParameterSpec  paramSpec;
-    private AlgorithmParameters     engineParams;
-    private boolean                 publicKeyOnly = false;
-    private boolean                 privateKeyOnly = false;
-    private ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-
-    public JCERSACipher(
-        AsymmetricBlockCipher   engine)
-    {
-        cipher = engine;
-    }
-
-    public JCERSACipher(
-        boolean                 publicKeyOnly,
-        boolean                 privateKeyOnly,
-        AsymmetricBlockCipher   engine)
-    {
-        this.publicKeyOnly = publicKeyOnly;
-        this.privateKeyOnly = privateKeyOnly;
-        cipher = engine;
-    }
-        
-    protected int engineGetBlockSize() 
-    {
-        try
-        {
-            return cipher.getInputBlockSize();
-        }
-        catch (NullPointerException e)
-        {
-            throw new IllegalStateException("RSA Cipher not initialised");
-        }
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        if (key instanceof RSAPrivateKey)
-        {
-            RSAPrivateKey   k = (RSAPrivateKey)key;
-
-            return k.getModulus().bitLength();
-        }
-        else if (key instanceof RSAPublicKey)
-        {
-            RSAPublicKey   k = (RSAPublicKey)key;
-
-            return k.getModulus().bitLength();
-        }
-
-        throw new IllegalArgumentException("not an RSA key!");
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        try
-        {
-            return cipher.getOutputBlockSize();
-        }
-        catch (NullPointerException e)
-        {
-            throw new IllegalStateException("RSA Cipher not initialised");
-        }
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            if (paramSpec != null)
-            {
-                try
-                {
-                    engineParams = AlgorithmParameters.getInstance("OAEP", "BC");
-                    engineParams.init(paramSpec);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.toString());
-                }
-            }
-        }
-
-        return engineParams;
-    }
-
-    protected void engineSetMode(
-        String  mode)
-        throws NoSuchAlgorithmException
-    {
-        String md = Strings.toUpperCase(mode);
-        
-        if (md.equals("NONE") || md.equals("ECB"))
-        {
-            return;
-        }
-        
-        if (md.equals("1"))
-        {
-            privateKeyOnly = true;
-            publicKeyOnly = false;
-            return;
-        }
-        else if (md.equals("2"))
-        {
-            privateKeyOnly = false;
-            publicKeyOnly = true;
-            return;
-        }
-        
-        throw new NoSuchAlgorithmException("can't support mode " + mode);
-    }
-
-    protected void engineSetPadding(
-        String  padding) 
-        throws NoSuchPaddingException
-    {
-        String pad = Strings.toUpperCase(padding);
-
-        if (pad.equals("NOPADDING"))
-        {
-            cipher = new RSAEngine();
-        }
-        else if (pad.equals("PKCS1PADDING"))
-        {
-            cipher = new PKCS1Encoding(new RSAEngine());
-        }
-        else if (pad.equals("OAEPPADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine());
-        }
-        else if (pad.equals("ISO9796-1PADDING"))
-        {
-            cipher = new ISO9796d1Encoding(new RSAEngine());
-        }
-        else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine(), new MD5Digest());
-        }
-        else if (pad.equals("OAEPWITHSHA1ANDMGF1PADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine(), new SHA1Digest());
-        }
-        else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine(), new SHA224Digest());
-        }
-        else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine(), new SHA256Digest());
-        }
-        else if (pad.equals("OAEPWITHSHA384ANDMGF1PADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine(), new SHA384Digest());
-        }
-        else if (pad.equals("OAEPWITHSHA512ANDMGF1PADDING"))
-        {
-            cipher = new OAEPEncoding(new RSAEngine(), new SHA512Digest());
-        }
-        else
-        {
-            throw new NoSuchPaddingException(padding + " unavailable with RSA.");
-        }
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-    throws InvalidKeyException
-    {
-        CipherParameters        param;
-
-        if (params == null)
-        {
-            if (key instanceof RSAPublicKey)
-            {
-                if (privateKeyOnly)
-                {
-                    throw new InvalidKeyException(
-                                "mode 1 requires RSAPrivateKey");
-                }
-
-                param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)key);
-            }
-            else if (key instanceof RSAPrivateKey)
-            {
-                if (publicKeyOnly)
-                {
-                    throw new InvalidKeyException(
-                                "mode 2 requires RSAPublicKey");
-                }
-
-                param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)key);
-            }
-            else
-            {
-                throw new InvalidKeyException("unknown key type passed to RSA");
-            }
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown parameter type.");
-        }
-
-        if (!(cipher instanceof RSAEngine))
-        {
-            if (random != null)
-            {
-                param = new ParametersWithRandom(param, random);
-            }
-            else
-            {
-                param = new ParametersWithRandom(param, new SecureRandom());
-            }
-        }
-
-        switch (opmode)
-        {
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.WRAP_MODE:
-            cipher.init(true, param);
-            break;
-        case Cipher.DECRYPT_MODE:
-        case Cipher.UNWRAP_MODE:
-            cipher.init(false, param);
-            break;
-        default:
-            System.out.println("eeek!");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        throw new InvalidAlgorithmParameterException("can't handle parameters in RSA");
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-    throws InvalidKeyException
-    {
-        engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        bOut.write(input, inputOffset, inputLen);
-
-        if (cipher instanceof RSAEngine)
-        {
-            if (bOut.size() > cipher.getInputBlockSize() + 1)
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-        else
-        {
-            if (bOut.size() > cipher.getInputBlockSize())
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-
-        return null;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-    {
-        bOut.write(input, inputOffset, inputLen);
-
-        if (cipher instanceof RSAEngine)
-        {
-            if (bOut.size() > cipher.getInputBlockSize() + 1)
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-        else
-        {
-            if (bOut.size() > cipher.getInputBlockSize())
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-
-        return 0;
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        if (input != null)
-        {
-            bOut.write(input, inputOffset, inputLen);
-        }
-
-        if (cipher instanceof RSAEngine)
-        {
-            if (bOut.size() > cipher.getInputBlockSize() + 1)
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-        else
-        {
-            if (bOut.size() > cipher.getInputBlockSize())
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-
-        try
-        {
-            byte[]  bytes = bOut.toByteArray();
-
-            bOut.reset();
-
-            return cipher.processBlock(bytes, 0, bytes.length);
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        if (input != null)
-        {
-            bOut.write(input, inputOffset, inputLen);
-        }
-
-        if (cipher instanceof RSAEngine)
-        {
-            if (bOut.size() > cipher.getInputBlockSize() + 1)
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-        else
-        {
-            if (bOut.size() > cipher.getInputBlockSize())
-            {
-                throw new ArrayIndexOutOfBoundsException("too much data for RSA block");
-            }
-        }
-
-        byte[]  out;
-
-        try
-        {
-            byte[]  bytes = bOut.toByteArray();
-            bOut.reset();
-
-            out = cipher.processBlock(bytes, 0, bytes.length);
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
-
-        for (int i = 0; i != out.length; i++)
-        {
-            output[outputOffset + i] = out[i];
-        }
-
-        return out.length;
-    }
-
-    /**
-     * classes that inherit from us.
-     */
-
-    static public class NoPadding
-        extends JCERSACipher
-    {
-        public NoPadding()
-        {
-            super(new RSAEngine());
-        }
-    }
-
-    static public class PKCS1v1_5Padding
-        extends JCERSACipher
-    {
-        public PKCS1v1_5Padding()
-        {
-            super(new PKCS1Encoding(new RSAEngine()));
-        }
-    }
-
-    static public class PKCS1v1_5Padding_PrivateOnly
-        extends JCERSACipher
-    {
-        public PKCS1v1_5Padding_PrivateOnly()
-        {
-            super(false, true, new PKCS1Encoding(new RSAEngine()));
-        }
-    }
-
-    static public class PKCS1v1_5Padding_PublicOnly
-        extends JCERSACipher
-    {
-        public PKCS1v1_5Padding_PublicOnly()
-        {
-            super(true, false, new PKCS1Encoding(new RSAEngine()));
-        }
-    }
-
-    static public class OAEPPadding
-        extends JCERSACipher
-    {
-        public OAEPPadding()
-        {
-            super(new OAEPEncoding(new RSAEngine()));
-        }
-    }
-    
-    static public class ISO9796d1Padding
-        extends JCERSACipher
-    {
-        public ISO9796d1Padding()
-        {
-            super(new ISO9796d1Encoding(new RSAEngine()));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
deleted file mode 100644
index 314a35f02..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
+++ /dev/null
@@ -1,241 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-import java.math.BigInteger;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.spec.RSAPrivateCrtKeySpec;
-
-/**
- * A provider representation for a RSA private key, with CRT factors included.
- */
-public class JCERSAPrivateCrtKey
-    extends JCERSAPrivateKey
-    implements RSAPrivateCrtKey
-{
-    static final long serialVersionUID = 7834723820638524718L;
-    
-    private BigInteger  publicExponent;
-    private BigInteger  primeP;
-    private BigInteger  primeQ;
-    private BigInteger  primeExponentP;
-    private BigInteger  primeExponentQ;
-    private BigInteger  crtCoefficient;
-
-    /**
-     * construct a private key from it's org.bouncycastle.crypto equivalent.
-     *
-     * @param key the parameters object representing the private key.
-     */
-    JCERSAPrivateCrtKey(
-        RSAPrivateCrtKeyParameters key)
-    {
-        super(key);
-
-        this.publicExponent = key.getPublicExponent();
-        this.primeP = key.getP();
-        this.primeQ = key.getQ();
-        this.primeExponentP = key.getDP();
-        this.primeExponentQ = key.getDQ();
-        this.crtCoefficient = key.getQInv();
-    }
-
-    /**
-     * construct a private key from an RSAPrivateCrtKeySpec
-     *
-     * @param spec the spec to be used in construction.
-     */
-    JCERSAPrivateCrtKey(
-        RSAPrivateCrtKeySpec spec)
-    {
-        this.modulus = spec.getModulus();
-        this.publicExponent = spec.getPublicExponent();
-        this.privateExponent = spec.getPrivateExponent();
-        this.primeP = spec.getPrimeP();
-        this.primeQ = spec.getPrimeQ();
-        this.primeExponentP = spec.getPrimeExponentP();
-        this.primeExponentQ = spec.getPrimeExponentQ();
-        this.crtCoefficient = spec.getCrtCoefficient();
-    }
-
-    /**
-     * construct a private key from another RSAPrivateCrtKey.
-     *
-     * @param key the object implementing the RSAPrivateCrtKey interface.
-     */
-    JCERSAPrivateCrtKey(
-        RSAPrivateCrtKey key)
-    {
-        this.modulus = key.getModulus();
-        this.publicExponent = key.getPublicExponent();
-        this.privateExponent = key.getPrivateExponent();
-        this.primeP = key.getPrimeP();
-        this.primeQ = key.getPrimeQ();
-        this.primeExponentP = key.getPrimeExponentP();
-        this.primeExponentQ = key.getPrimeExponentQ();
-        this.crtCoefficient = key.getCrtCoefficient();
-    }
-
-    /**
-     * construct an RSA key from a private key info object.
-     */
-    JCERSAPrivateCrtKey(
-        PrivateKeyInfo  info)
-    {
-        this(new RSAPrivateKeyStructure((ASN1Sequence)info.getPrivateKey()));
-    }
-
-    /**
-     * construct an RSA key from a ASN.1 RSA private key object.
-     */
-    JCERSAPrivateCrtKey(
-        RSAPrivateKeyStructure  key)
-    {
-        this.modulus = key.getModulus();
-        this.publicExponent = key.getPublicExponent();
-        this.privateExponent = key.getPrivateExponent();
-        this.primeP = key.getPrime1();
-        this.primeQ = key.getPrime2();
-        this.primeExponentP = key.getExponent1();
-        this.primeExponentQ = key.getExponent2();
-        this.crtCoefficient = key.getCoefficient();
-    }
-
-    /**
-     * return the encoding format we produce in getEncoded().
-     *
-     * @return the encoding format we produce in getEncoded().
-     */
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    /**
-     * Return a PKCS8 representation of the key. The sequence returned
-     * represents a full PrivateKeyInfo object.
-     *
-     * @return a PKCS8 representation of the key.
-     */
-    public byte[] getEncoded()
-    {
-        PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject());
-
-        return info.getDEREncoded();
-    }
-
-    /**
-     * return the public exponent.
-     *
-     * @return the public exponent.
-     */
-    public BigInteger getPublicExponent()
-    {
-        return publicExponent;
-    }
-
-    /**
-     * return the prime P.
-     *
-     * @return the prime P.
-     */
-    public BigInteger getPrimeP()
-    {
-        return primeP;
-    }
-
-    /**
-     * return the prime Q.
-     *
-     * @return the prime Q.
-     */
-    public BigInteger getPrimeQ()
-    {
-        return primeQ;
-    }
-
-    /**
-     * return the prime exponent for P.
-     *
-     * @return the prime exponent for P.
-     */
-    public BigInteger getPrimeExponentP()
-    {
-        return primeExponentP;
-    }
-
-    /**
-     * return the prime exponent for Q.
-     *
-     * @return the prime exponent for Q.
-     */
-    public BigInteger getPrimeExponentQ()
-    {
-        return primeExponentQ;
-    }
-
-    /**
-     * return the CRT coefficient.
-     *
-     * @return the CRT coefficient.
-     */
-    public BigInteger getCrtCoefficient()
-    {
-        return crtCoefficient;
-    }
-
-    public int hashCode()
-    {
-        return this.getModulus().hashCode()
-               ^ this.getPublicExponent().hashCode()
-               ^ this.getPrivateExponent().hashCode();
-    }
-
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof RSAPrivateCrtKey))
-        {
-            return false;
-        }
-
-        RSAPrivateCrtKey key = (RSAPrivateCrtKey)o;
-
-        return this.getModulus().equals(key.getModulus())
-         && this.getPublicExponent().equals(key.getPublicExponent())
-         && this.getPrivateExponent().equals(key.getPrivateExponent())
-         && this.getPrimeP().equals(key.getPrimeP())
-         && this.getPrimeQ().equals(key.getPrimeQ())
-         && this.getPrimeExponentP().equals(key.getPrimeExponentP())
-         && this.getPrimeExponentQ().equals(key.getPrimeExponentQ())
-         && this.getCrtCoefficient().equals(key.getCrtCoefficient());
-    }
-
-    public String toString()
-    {
-        StringBuffer    buf = new StringBuffer();
-        String          nl = System.getProperty("line.separator");
-
-        buf.append("RSA Private CRT Key").append(nl);
-        buf.append("            modulus: ").append(this.getModulus().toString(16)).append(nl);
-        buf.append("    public exponent: ").append(this.getPublicExponent().toString(16)).append(nl);
-        buf.append("   private exponent: ").append(this.getPrivateExponent().toString(16)).append(nl);
-        buf.append("             primeP: ").append(this.getPrimeP().toString(16)).append(nl);
-        buf.append("             primeQ: ").append(this.getPrimeQ().toString(16)).append(nl);
-        buf.append("     primeExponentP: ").append(this.getPrimeExponentP().toString(16)).append(nl);
-        buf.append("     primeExponentQ: ").append(this.getPrimeExponentQ().toString(16)).append(nl);
-        buf.append("     crtCoefficient: ").append(this.getCrtCoefficient().toString(16)).append(nl);
-
-        return buf.toString();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
deleted file mode 100644
index 272651cca..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
+++ /dev/null
@@ -1,148 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.spec.RSAPrivateKeySpec;
-import java.util.Enumeration;
-
-public class JCERSAPrivateKey
-    implements RSAPrivateKey, PKCS12BagAttributeCarrier
-{
-    static final long serialVersionUID = 5110188922551353628L;
-
-    private static BigInteger ZERO = BigInteger.valueOf(0);
-
-    protected BigInteger modulus;
-    protected BigInteger privateExponent;
-
-    private PKCS12BagAttributeCarrierImpl   attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    protected JCERSAPrivateKey()
-    {
-    }
-
-    JCERSAPrivateKey(
-        RSAKeyParameters key)
-    {
-        this.modulus = key.getModulus();
-        this.privateExponent = key.getExponent();
-    }
-
-    JCERSAPrivateKey(
-        RSAPrivateKeySpec spec)
-    {
-        this.modulus = spec.getModulus();
-        this.privateExponent = spec.getPrivateExponent();
-    }
-
-    JCERSAPrivateKey(
-        RSAPrivateKey key)
-    {
-        this.modulus = key.getModulus();
-        this.privateExponent = key.getPrivateExponent();
-    }
-
-    public BigInteger getModulus()
-    {
-        return modulus;
-    }
-
-    public BigInteger getPrivateExponent()
-    {
-        return privateExponent;
-    }
-
-    public String getAlgorithm()
-    {
-        return "RSA";
-    }
-
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    public byte[] getEncoded()
-    {
-        PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKeyStructure(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO).getDERObject());
-
-        return info.getDEREncoded();
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof RSAPrivateKey))
-        {
-            return false;
-        }
-
-        if (o == this)
-        {
-            return true;
-        }
-
-        RSAPrivateKey key = (RSAPrivateKey)o;
-
-        return getModulus().equals(key.getModulus())
-            && getPrivateExponent().equals(key.getPrivateExponent());
-    }
-
-    public int hashCode()
-    {
-        return getModulus().hashCode() ^ getPrivateExponent().hashCode();
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-
-    private void readObject(
-        ObjectInputStream   in)
-        throws IOException, ClassNotFoundException
-    {
-        this.modulus = (BigInteger)in.readObject();
-        this.attrCarrier = new PKCS12BagAttributeCarrierImpl();
-        
-        attrCarrier.readObject(in);
-
-        this.privateExponent = (BigInteger)in.readObject();
-    }
-
-    private void writeObject(
-        ObjectOutputStream  out)
-        throws IOException
-    {
-        out.writeObject(modulus);
-
-        attrCarrier.writeObject(out);
-
-        out.writeObject(privateExponent);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java
deleted file mode 100644
index 597cb603d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.RSAPublicKeySpec;
-
-public class JCERSAPublicKey
-    implements RSAPublicKey
-{
-    static final long serialVersionUID = 2675817738516720772L;
-    
-    private BigInteger modulus;
-    private BigInteger publicExponent;
-
-    JCERSAPublicKey(
-        RSAKeyParameters key)
-    {
-        this.modulus = key.getModulus();
-        this.publicExponent = key.getExponent();
-    }
-
-    JCERSAPublicKey(
-        RSAPublicKeySpec spec)
-    {
-        this.modulus = spec.getModulus();
-        this.publicExponent = spec.getPublicExponent();
-    }
-
-    JCERSAPublicKey(
-        RSAPublicKey key)
-    {
-        this.modulus = key.getModulus();
-        this.publicExponent = key.getPublicExponent();
-    }
-
-    JCERSAPublicKey(
-        SubjectPublicKeyInfo    info)
-    {
-        try
-        {
-            RSAPublicKeyStructure   pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.getPublicKey());
-
-            this.modulus = pubKey.getModulus();
-            this.publicExponent = pubKey.getPublicExponent();
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid info structure in RSA public key");
-        }
-    }
-
-    /**
-     * return the modulus.
-     *
-     * @return the modulus.
-     */
-    public BigInteger getModulus()
-    {
-        return modulus;
-    }
-
-    /**
-     * return the public exponent.
-     *
-     * @return the public exponent.
-     */
-    public BigInteger getPublicExponent()
-    {
-        return publicExponent;
-    }
-
-    public String getAlgorithm()
-    {
-        return "RSA";
-    }
-
-    public String getFormat()
-    {
-        return "X.509";
-    }
-
-    public byte[] getEncoded()
-    {
-        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject());
-
-        return info.getDEREncoded();
-    }
-
-    public int hashCode()
-    {
-        return this.getModulus().hashCode() ^ this.getPublicExponent().hashCode();
-    }
-
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof RSAPublicKey))
-        {
-            return false;
-        }
-
-        RSAPublicKey key = (RSAPublicKey)o;
-
-        return getModulus().equals(key.getModulus())
-            && getPublicExponent().equals(key.getPublicExponent());
-    }
-
-    public String toString()
-    {
-        StringBuffer    buf = new StringBuffer();
-        String          nl = System.getProperty("line.separator");
-
-        buf.append("RSA Public Key").append(nl);
-        buf.append("            modulus: ").append(this.getModulus().toString(16)).append(nl);
-        buf.append("    public exponent: ").append(this.getPublicExponent().toString(16)).append(nl);
-
-        return buf.toString();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
deleted file mode 100644
index 94b89f14e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
+++ /dev/null
@@ -1,552 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.lang.reflect.Constructor;
-import java.security.InvalidKeyException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactorySpi;
-import javax.crypto.spec.DESKeySpec;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.params.DESParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public class JCESecretKeyFactory
-    extends SecretKeyFactorySpi
-    implements PBE
-{
-    protected String                algName;
-    protected DERObjectIdentifier   algOid;
-
-    protected JCESecretKeyFactory(
-        String               algName,
-        DERObjectIdentifier  algOid)
-    {
-        this.algName = algName;
-        this.algOid = algOid;
-    }
-
-    protected SecretKey engineGenerateSecret(
-        KeySpec keySpec)
-    throws InvalidKeySpecException
-    {
-        if (keySpec instanceof SecretKeySpec)
-        {
-            return (SecretKey)keySpec;
-        }
-
-        throw new InvalidKeySpecException("Invalid KeySpec");
-    }
-
-    protected KeySpec engineGetKeySpec(
-        SecretKey key,
-        Class keySpec)
-    throws InvalidKeySpecException
-    {
-        if (keySpec == null)
-        {
-            throw new InvalidKeySpecException("keySpec parameter is null");
-        }
-        if (key == null)
-        {
-            throw new InvalidKeySpecException("key parameter is null");
-        }
-        
-        if (SecretKeySpec.class.isAssignableFrom(keySpec))
-        {
-            return new SecretKeySpec(key.getEncoded(), algName);
-        }
-
-        try
-        {
-            Class[] parameters = { byte[].class };
-
-            Constructor c = keySpec.getConstructor(parameters);
-            Object[]    p = new Object[1];
-
-            p[0] = key.getEncoded();
-
-            return (KeySpec)c.newInstance(p);
-        }
-        catch (Exception e)
-        {
-            throw new InvalidKeySpecException(e.toString());
-        }
-    }
-
-    protected SecretKey engineTranslateKey(
-        SecretKey key)
-    throws InvalidKeyException
-    {
-        if (key == null)
-        {
-            throw new InvalidKeyException("key parameter is null");
-        }
-        
-        if (!key.getAlgorithm().equalsIgnoreCase(algName))
-        {
-            throw new InvalidKeyException("Key not of type " + algName + ".");
-        }
-
-        return new SecretKeySpec(key.getEncoded(), algName);
-    }
-
-    /*
-     * classes that inherit from us
-     */
-    
-    static public class PBEKeyFactory
-        extends JCESecretKeyFactory
-    {
-        private boolean forCipher;
-        private int     scheme;
-        private int     digest;
-        private int     keySize;
-        private int     ivSize;
-        
-        public PBEKeyFactory(
-            String              algorithm,
-            DERObjectIdentifier oid,
-            boolean             forCipher,
-            int                 scheme,
-            int                 digest,
-            int                 keySize,
-            int                 ivSize)
-        {
-            super(algorithm, oid);
-            
-            this.forCipher = forCipher;
-            this.scheme = scheme;
-            this.digest = digest;
-            this.keySize = keySize;
-            this.ivSize = ivSize;
-        }
-    
-        protected SecretKey engineGenerateSecret(
-            KeySpec keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof PBEKeySpec)
-            {
-                PBEKeySpec          pbeSpec = (PBEKeySpec)keySpec;
-                CipherParameters    param;
-                
-                if (pbeSpec.getSalt() == null)
-                {
-                    return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null);
-                }
-                
-                if (forCipher)
-                {
-                    param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize);
-                }
-                else
-                {
-                    param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);
-                }
-                
-                return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
-            }
-            
-            throw new InvalidKeySpecException("Invalid KeySpec");
-        }
-    }
-
-    static public class DESPBEKeyFactory
-        extends JCESecretKeyFactory
-    {
-        private boolean forCipher;
-        private int     scheme;
-        private int     digest;
-        private int     keySize;
-        private int     ivSize;
-        
-        public DESPBEKeyFactory(
-            String              algorithm,
-            DERObjectIdentifier oid,
-            boolean             forCipher,
-            int                 scheme,
-            int                 digest,
-            int                 keySize,
-            int                 ivSize)
-        {
-            super(algorithm, oid);
-            
-            this.forCipher = forCipher;
-            this.scheme = scheme;
-            this.digest = digest;
-            this.keySize = keySize;
-            this.ivSize = ivSize;
-        }
-    
-        protected SecretKey engineGenerateSecret(
-            KeySpec keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec instanceof PBEKeySpec)
-            {
-                PBEKeySpec pbeSpec = (PBEKeySpec)keySpec;
-                CipherParameters    param;
-                
-                if (pbeSpec.getSalt() == null)
-                {
-                    return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null);
-                }
-                
-                if (forCipher)
-                {
-                    param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize);
-                }
-                else
-                {
-                    param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);
-                }
-
-                KeyParameter kParam;
-                if (param instanceof ParametersWithIV)
-                {
-                    kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
-                }
-                else
-                {
-                    kParam = (KeyParameter)param;
-                }
-
-                DESParameters.setOddParity(kParam.getKey());
-
-                return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
-            }
-            
-            throw new InvalidKeySpecException("Invalid KeySpec");
-        }
-    }
-    
-    static public class DES
-        extends JCESecretKeyFactory
-    {
-        public DES()
-        {
-            super("DES", null);
-        }
-
-        protected SecretKey engineGenerateSecret(
-            KeySpec keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DESKeySpec)
-            {
-                DESKeySpec desKeySpec = (DESKeySpec)keySpec;
-                return new SecretKeySpec(desKeySpec.getKey(), "DES");
-            }
-
-            return super.engineGenerateSecret(keySpec);
-        }
-    }
-
-    /**
-     * PBEWithMD2AndDES
-     */
-    static public class PBEWithMD2AndDES
-        extends DESPBEKeyFactory
-    {
-        public PBEWithMD2AndDES()
-        {
-            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-        }
-    }
-
-    /**
-     * PBEWithMD2AndRC2
-     */
-    static public class PBEWithMD2AndRC2
-        extends PBEKeyFactory
-    {
-        public PBEWithMD2AndRC2()
-        {
-            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-        }
-    }
-
-   /**
-    * PBEWithMD5AndDES
-    */
-   static public class PBEWithMD5AndDES
-       extends DESPBEKeyFactory
-   {
-       public PBEWithMD5AndDES()
-       {
-           super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64);
-       }
-   }
-
-   /**
-    * PBEWithMD5AndRC2
-    */
-   static public class PBEWithMD5AndRC2
-       extends PBEKeyFactory
-   {
-       public PBEWithMD5AndRC2()
-       {
-           super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHA1AndDES
-    */
-   static public class PBEWithSHA1AndDES
-       extends DESPBEKeyFactory
-   {
-       public PBEWithSHA1AndDES()
-       {
-           super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHA1AndRC2
-    */
-   static public class PBEWithSHA1AndRC2
-       extends PBEKeyFactory
-   {
-       public PBEWithSHA1AndRC2()
-       {
-           super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHAAnd3-KeyTripleDES-CBC
-    */
-   static public class PBEWithSHAAndDES3Key
-       extends DESPBEKeyFactory
-   {
-       public PBEWithSHAAndDES3Key()
-       {
-           super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHAAnd2-KeyTripleDES-CBC
-    */
-   static public class PBEWithSHAAndDES2Key
-       extends DESPBEKeyFactory
-   {
-       public PBEWithSHAAndDES2Key()
-       {
-           super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHAAnd128BitRC2-CBC
-    */
-   static public class PBEWithSHAAnd128BitRC2
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd128BitRC2()
-       {
-           super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHAAnd40BitRC2-CBC
-    */
-   static public class PBEWithSHAAnd40BitRC2
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd40BitRC2()
-       {
-           super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbewithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64);
-       }
-   }
-
-   /**
-    * PBEWithSHAAndTwofish-CBC
-    */
-   static public class PBEWithSHAAndTwofish
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAndTwofish()
-       {
-           super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128);
-       }
-   }
-   
-   /**
-    * PBEWithSHAAnd128BitRC4
-    */
-   static public class PBEWithSHAAnd128BitRC4
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd128BitRC4()
-       {
-           super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0);
-       }
-   }
-
-   /**
-    * PBEWithSHAAnd40BitRC4
-    */
-   static public class PBEWithSHAAnd40BitRC4
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd40BitRC4()
-       {
-           super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0);
-       }
-   }
-   
-   /**
-    * PBEWithHmacRIPEMD160
-    */
-   public static class PBEWithRIPEMD160
-       extends PBEKeyFactory
-   {
-       public PBEWithRIPEMD160()
-       {
-           super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0);
-       }
-   }
-
-   /**
-    * PBEWithHmacSHA
-    */
-   public static class PBEWithSHA
-       extends PBEKeyFactory
-   {
-       public PBEWithSHA()
-       {
-           super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0);
-       }
-   }
-
-   /**
-    * PBEWithHmacTiger
-    */
-   public static class PBEWithTiger
-       extends PBEKeyFactory
-   {
-       public PBEWithTiger()
-       {
-           super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0);
-       }
-   }
-   
-   /**
-    * PBEWithSHA1And128BitAES-BC
-    */
-   static public class PBEWithSHAAnd128BitAESBC
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd128BitAESBC()
-       {
-           super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128);
-       }
-   }
-   
-   /**
-    * PBEWithSHA1And192BitAES-BC
-    */
-   static public class PBEWithSHAAnd192BitAESBC
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd192BitAESBC()
-       {
-           super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128);
-       }
-   }
-   
-   /**
-    * PBEWithSHA1And256BitAES-BC
-    */
-   static public class PBEWithSHAAnd256BitAESBC
-       extends PBEKeyFactory
-   {
-       public PBEWithSHAAnd256BitAESBC()
-       {
-           super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128);
-       }
-   }
-   
-   /**
-    * PBEWithSHA256And128BitAES-BC
-    */
-   static public class PBEWithSHA256And128BitAESBC
-       extends PBEKeyFactory
-   {
-       public PBEWithSHA256And128BitAESBC()
-       {
-           super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128);
-       }
-   }
-   
-   /**
-    * PBEWithSHA256And192BitAES-BC
-    */
-   static public class PBEWithSHA256And192BitAESBC
-       extends PBEKeyFactory
-   {
-       public PBEWithSHA256And192BitAESBC()
-       {
-           super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128);
-       }
-   }
-   
-   /**
-    * PBEWithSHA256And256BitAES-BC
-    */
-   static public class PBEWithSHA256And256BitAESBC
-       extends PBEKeyFactory
-   {
-       public PBEWithSHA256And256BitAESBC()
-       {
-           super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128);
-       }
-   }
-   
-   /**
-    * PBEWithMD5And128BitAES-OpenSSL
-    */
-   static public class PBEWithMD5And128BitAESCBCOpenSSL
-       extends PBEKeyFactory
-   {
-       public PBEWithMD5And128BitAESCBCOpenSSL()
-       {
-           super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128);
-       }
-   }
-   
-   /**
-    * PBEWithMD5And192BitAES-OpenSSL
-    */
-   static public class PBEWithMD5And192BitAESCBCOpenSSL
-       extends PBEKeyFactory
-   {
-       public PBEWithMD5And192BitAESCBCOpenSSL()
-       {
-           super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128);
-       }
-   }
-   
-   /**
-    * PBEWithMD5And256BitAES-OpenSSL
-    */
-   static public class PBEWithMD5And256BitAESCBCOpenSSL
-       extends PBEKeyFactory
-   {
-       public PBEWithMD5And256BitAESCBCOpenSSL()
-       {
-           super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128);
-       }
-   }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
deleted file mode 100644
index 9f75ee1e9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
+++ /dev/null
@@ -1,516 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamBlockCipher;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.RC4Engine;
-import org.bouncycastle.crypto.engines.SkipjackEngine;
-import org.bouncycastle.crypto.engines.TwofishEngine;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public class JCEStreamCipher
-    extends WrapCipherSpi implements PBE
-{
-    //
-    // specs we can handle.
-    //
-    private Class[]                 availableSpecs =
-                                    {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
-                                        IvParameterSpec.class,
-                                        PBEParameterSpec.class
-                                    };
-
-    private StreamCipher       cipher;
-    private ParametersWithIV   ivParam;
-
-    private int                     ivLength = 0;
-
-    private PBEParameterSpec        pbeSpec = null;
-    private String                  pbeAlgorithm = null;
-
-    protected JCEStreamCipher(
-        StreamCipher engine,
-        int          ivLength)
-    {
-        cipher = engine;
-        this.ivLength = ivLength;
-    }
-        
-    protected JCEStreamCipher(
-        BlockCipher engine,
-        int         ivLength)
-    {
-        this.ivLength = ivLength;
-
-        cipher = new StreamBlockCipher(engine);
-    }
-
-    protected int engineGetBlockSize() 
-    {
-        return 0;
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return (ivParam != null) ? ivParam.getIV() : null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        return key.getEncoded().length * 8;
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        return inputLen;
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            if (pbeSpec != null)
-            {
-                try
-                {
-                    AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
-                    engineParams.init(pbeSpec);
-                    
-                    return engineParams;
-                }
-                catch (Exception e)
-                {
-                    return null;
-                }
-            }
-        }
-        
-        return engineParams;
-    }
-
-    /**
-     * should never be called.
-     */
-    protected void engineSetMode(
-        String  mode) 
-    {
-        if (!mode.equalsIgnoreCase("ECB"))
-        {
-            throw new IllegalArgumentException("can't support mode " + mode);
-        }
-    }
-
-    /**
-     * should never be called.
-     */
-    protected void engineSetPadding(
-        String  padding) 
-    throws NoSuchPaddingException
-    {
-        if (!padding.equalsIgnoreCase("NoPadding"))
-        {
-            throw new NoSuchPaddingException("Padding " + padding + " unknown.");
-        }
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        CipherParameters        param;
-
-        this.pbeSpec = null;
-        this.pbeAlgorithm = null;
-        
-        this.engineParams = null;
-        
-        //
-        // basic key check
-        //
-        if (!(key instanceof SecretKey))
-        {
-            throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
-        }
-        
-        if (key instanceof JCEPBEKey)
-        {
-            JCEPBEKey   k = (JCEPBEKey)key;
-            
-            if (k.getOID() != null)
-            {
-                pbeAlgorithm = k.getOID().getId();
-            }
-            else
-            {
-                pbeAlgorithm = k.getAlgorithm();
-            }
-            
-            if (k.getParam() != null)
-            {
-                param = k.getParam();                
-                pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount());
-            }
-            else if (params instanceof PBEParameterSpec)
-            {
-                param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName());
-                pbeSpec = (PBEParameterSpec)params;
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
-            }
-            
-            if (k.getIvSize() != 0)
-            {
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params == null)
-        {
-            param = new KeyParameter(key.getEncoded());
-        }
-        else if (params instanceof IvParameterSpec)
-        {
-            param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV());
-            ivParam = (ParametersWithIV)param;
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown parameter type.");
-        }
-
-        if ((ivLength != 0) && !(param instanceof ParametersWithIV))
-        {
-            SecureRandom    ivRandom = random;
-
-            if (ivRandom == null)
-            {
-                ivRandom = new SecureRandom();
-            }
-
-            if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
-            {
-                byte[]  iv = new byte[ivLength];
-
-                ivRandom.nextBytes(iv);
-                param = new ParametersWithIV(param, iv);
-                ivParam = (ParametersWithIV)param;
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("no IV set when one expected");
-            }
-        }
-
-        switch (opmode)
-        {
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.WRAP_MODE:
-            cipher.init(true, param);
-            break;
-        case Cipher.DECRYPT_MODE:
-        case Cipher.UNWRAP_MODE:
-            cipher.init(false, param);
-            break;
-        default:
-            System.out.println("eeek!");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        AlgorithmParameterSpec  paramSpec = null;
-
-        if (params != null)
-        {
-            for (int i = 0; i != availableSpecs.length; i++)
-            {
-                try
-                {
-                    paramSpec = params.getParameterSpec(availableSpecs[i]);
-                    break;
-                }
-                catch (Exception e)
-                {
-                    continue;
-                }
-            }
-
-            if (paramSpec == null)
-            {
-                throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString());
-            }
-        }
-
-        engineInit(opmode, key, paramSpec, random);
-        engineParams = params;
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-        throws InvalidKeyException
-    {
-        try
-        {
-            engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        byte[]  out = new byte[inputLen];
-
-        cipher.processBytes(input, inputOffset, inputLen, out, 0);
-
-        return out;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws ShortBufferException 
-    {
-        try
-        {
-        cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-
-        return inputLen;
-        }
-        catch (DataLengthException e)
-        {
-            throw new ShortBufferException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        if (inputLen != 0)
-        {
-            byte[] out = engineUpdate(input, inputOffset, inputLen);
-
-            cipher.reset();
-            
-            return out;
-        }
-
-        cipher.reset();
-        
-        return new byte[0];
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-    {
-        if (inputLen != 0)
-        {
-            cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-        }
-
-        cipher.reset();
-        
-        return inputLen;
-    }
-
-    /*
-     * The ciphers that inherit from us.
-     */
-
-    /**
-     * DES
-     */
-    static public class DES_CFB8
-        extends JCEStreamCipher
-    {
-        public DES_CFB8()
-        {
-            super(new CFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_CFB8
-        extends JCEStreamCipher
-    {
-        public DESede_CFB8()
-        {
-            super(new CFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_CFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_CFB8()
-        {
-            super(new CFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_CFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_CFB8()
-        {
-            super(new CFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_CFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_CFB8()
-        {
-            super(new CFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
-
-    /**
-     * DES
-     */
-    static public class DES_OFB8
-        extends JCEStreamCipher
-    {
-        public DES_OFB8()
-        {
-            super(new OFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_OFB8
-        extends JCEStreamCipher
-    {
-        public DESede_OFB8()
-        {
-            super(new OFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_OFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_OFB8()
-        {
-            super(new OFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_OFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_OFB8()
-        {
-            super(new OFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_OFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_OFB8()
-        {
-            super(new OFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd128BitRC4
-     */
-    static public class PBEWithSHAAnd128BitRC4
-        extends JCEStreamCipher
-    {
-        public PBEWithSHAAnd128BitRC4()
-        {
-            super(new RC4Engine(), 0);
-        }
-    }
-
-    /**
-     * PBEWithSHAAnd40BitRC4
-     */
-    static public class PBEWithSHAAnd40BitRC4
-        extends JCEStreamCipher
-    {
-        public PBEWithSHAAnd40BitRC4()
-        {
-            super(new RC4Engine(), 0);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
deleted file mode 100644
index 12bedf40b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
+++ /dev/null
@@ -1,340 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameterGeneratorSpi;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.DSAParameterSpec;
-
-import javax.crypto.spec.DHGenParameterSpec;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-
-import org.bouncycastle.crypto.generators.DHParametersGenerator;
-import org.bouncycastle.crypto.generators.DSAParametersGenerator;
-import org.bouncycastle.crypto.generators.ElGamalParametersGenerator;
-import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.GOST3410Parameters;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-
-public abstract class JDKAlgorithmParameterGenerator
-    extends AlgorithmParameterGeneratorSpi
-{
-    protected SecureRandom  random;
-    protected int           strength = 1024;
-
-    protected void engineInit(
-        int             strength,
-        SecureRandom    random)
-    {
-        this.strength = strength;
-        this.random = random;
-    }
-
-    public static class DH
-        extends JDKAlgorithmParameterGenerator
-    {
-        private int l = 0;
-
-        protected void engineInit(
-            AlgorithmParameterSpec  genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(genParamSpec instanceof DHGenParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
-            }
-            DHGenParameterSpec  spec = (DHGenParameterSpec)genParamSpec;
-
-            this.strength = spec.getPrimeSize();
-            this.l = spec.getExponentSize();
-            this.random = random;
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            DHParametersGenerator        pGen = new DHParametersGenerator();
-
-            if (random != null)
-            {
-                pGen.init(strength, 20, random);
-            }
-            else
-            {
-                pGen.init(strength, 20, new SecureRandom());
-            }
-
-            DHParameters                p = pGen.generateParameters();
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new DHParameterSpec(p.getP(), p.getG(), l));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class DSA
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            int             strength,
-            SecureRandom    random)
-        {
-            if (strength < 512 || strength > 1024 || strength % 64 != 0)
-            {
-                throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64");
-            }
-
-            this.strength = strength;
-            this.random = random;
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec  genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DSA parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            DSAParametersGenerator pGen = new DSAParametersGenerator();
-
-            if (random != null)
-            {
-                pGen.init(strength, 20, random);
-            }
-            else
-            {
-                pGen.init(strength, 20, new SecureRandom());
-            }
-
-            DSAParameters p = pGen.generateParameters();
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG()));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class GOST3410
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-                AlgorithmParameterSpec  genParamSpec,
-                SecureRandom            random)
-        throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
-        }
-        
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
-            
-            if (random != null)
-            {
-                pGen.init(strength, 2, random);
-            }
-            else
-            {
-                pGen.init(strength, 2, new SecureRandom());
-            }
-            
-            GOST3410Parameters p = pGen.generateParameters();
-            
-            AlgorithmParameters params;
-            
-            try
-            {
-                params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-            
-            return params;
-        }
-    }
-    
-    public static class ElGamal
-        extends JDKAlgorithmParameterGenerator
-    {
-        private int l = 0;
-        
-        protected void engineInit(
-            AlgorithmParameterSpec  genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(genParamSpec instanceof DHGenParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
-            }
-            DHGenParameterSpec  spec = (DHGenParameterSpec)genParamSpec;
-
-            this.strength = spec.getPrimeSize();
-            this.l = spec.getExponentSize();
-            this.random = random;
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
-
-            if (random != null)
-            {
-                pGen.init(strength, 20, random);
-            }
-            else
-            {
-                pGen.init(strength, 20, new SecureRandom());
-            }
-
-            ElGamalParameters p = pGen.generateParameters();
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new DHParameterSpec(p.getP(), p.getG(), l));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class DES
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec  genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class RC2
-        extends JDKAlgorithmParameterGenerator
-    {
-        RC2ParameterSpec    spec = null;
-
-        protected void engineInit(
-            AlgorithmParameterSpec  genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (genParamSpec instanceof RC2ParameterSpec)
-            {
-                spec = (RC2ParameterSpec)genParamSpec;
-                return;
-            }
-
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            AlgorithmParameters params;
-
-            if (spec == null)
-            {
-                byte[]  iv = new byte[8];
-
-                if (random == null)
-                {
-                    random = new SecureRandom();
-                }
-
-                random.nextBytes(iv);
-
-                try
-                {
-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
-                    params.init(new IvParameterSpec(iv));
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.getMessage());
-                }
-            }
-            else
-            {
-                try
-                {
-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
-                    params.init(spec);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.getMessage());
-                }
-            }
-
-            return params;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
deleted file mode 100644
index bc4636fe0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
+++ /dev/null
@@ -1,1316 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.AlgorithmParametersSpi;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.DSAParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.security.spec.PSSParameterSpec;
-
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-import org.bouncycastle.asn1.misc.CAST5CBCParameters;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.pkcs.PBKDF2Params;
-import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
-import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.jce.spec.ElGamalParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-import org.bouncycastle.jce.spec.IESParameterSpec;
-
-public abstract class JDKAlgorithmParameters
-    extends AlgorithmParametersSpi
-{
-    protected boolean isASN1FormatString(String format)
-    {
-        return format == null || format.equals("ASN.1");
-    }
-
-    protected AlgorithmParameterSpec engineGetParameterSpec(
-        Class paramSpec)
-        throws InvalidParameterSpecException
-    {
-        if (paramSpec == null)
-        {
-            throw new NullPointerException("argument to getParameterSpec must not be null");
-        }
-
-        return localEngineGetParameterSpec(paramSpec);
-    }
-
-    protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
-        throws InvalidParameterSpecException;
-
-    public static class IVAlgorithmParameters
-        extends JDKAlgorithmParameters
-    {
-        private byte[]  iv;
-
-        protected byte[] engineGetEncoded() 
-            throws IOException
-        {
-            return engineGetEncoded("ASN.1");
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                 return new DEROctetString(engineGetEncoded("RAW")).getEncoded();
-            }
-            
-            if (format.equals("RAW"))
-            {
-                byte[]  tmp = new byte[iv.length];
-
-                System.arraycopy(iv, 0, tmp, 0, iv.length);
-                return tmp;
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof IvParameterSpec))
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object");
-            }
-
-            this.iv = ((IvParameterSpec)paramSpec).getIV();
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            //
-            // check that we don't have a DER encoded octet string
-            //
-            if ((params.length % 8) != 0
-                    && params[0] == 0x04 && params[1] == params.length - 2)
-            {
-                ASN1InputStream         aIn = new ASN1InputStream(params);
-                ASN1OctetString         oct = (ASN1OctetString)aIn.readObject();
-
-                params = oct.getOctets();
-            }
-
-            this.iv = new byte[params.length];
-
-            System.arraycopy(params, 0, iv, 0, iv.length);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                ASN1InputStream         aIn = new ASN1InputStream(params);
-                
-                try
-                {
-                    ASN1OctetString         oct = (ASN1OctetString)aIn.readObject();
-    
-                    engineInit(oct.getOctets());
-                }
-                catch (Exception e)
-                {
-                    throw new IOException("Exception decoding: " + e);
-                }
-                
-                return;
-            }
-
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString() 
-        {
-            return "IV Parameters";
-        }
-    }
-
-    public static class RC2AlgorithmParameters
-        extends JDKAlgorithmParameters
-    {
-        private short[] table = {
-           0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-           0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-           0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-           0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-           0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-           0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-           0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-           0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-           0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-           0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-           0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-           0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-           0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-           0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-           0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-           0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-        };
-
-        private short[] ekb = {
-           0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-           0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-           0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-           0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-           0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-           0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-           0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-           0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-           0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-           0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-           0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-           0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-           0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-           0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-           0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-           0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-        };
-
-        private byte[]  iv;
-        private int     parameterVersion = 58;
-
-        protected byte[] engineGetEncoded() 
-        {
-            byte[]  tmp = new byte[iv.length];
-
-            System.arraycopy(iv, 0, tmp, 0, iv.length);
-            return tmp;
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                if (parameterVersion == -1)
-                {
-                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-                }
-                else
-                {
-                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-                }
-            }
-
-            if (format.equals("RAW"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == RC2ParameterSpec.class)
-            {
-                if (parameterVersion != -1)
-                {
-                    if (parameterVersion < 256)
-                    {
-                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
-                    }
-                    else
-                    {
-                        return new RC2ParameterSpec(parameterVersion, iv);
-                    }
-                }
-            }
-
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec instanceof IvParameterSpec)
-            {
-                this.iv = ((IvParameterSpec)paramSpec).getIV();
-            }
-            else if (paramSpec instanceof RC2ParameterSpec)
-            {
-                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-                if (effKeyBits != -1)
-                {
-                    if (effKeyBits < 256)
-                    {
-                        parameterVersion = table[effKeyBits];
-                    }
-                    else
-                    {
-                        parameterVersion = effKeyBits;
-                    }
-                }
-
-                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-            }
-            else
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            this.iv = new byte[params.length];
-
-            System.arraycopy(params, 0, iv, 0, iv.length);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                ASN1InputStream         aIn = new ASN1InputStream(params);
-                RC2CBCParameter         p = RC2CBCParameter.getInstance(aIn.readObject());
-
-                if (p.getRC2ParameterVersion() != null)
-                {
-                    parameterVersion = p.getRC2ParameterVersion().intValue();
-                }
-
-                iv = p.getIV();
-
-                return;
-            }
-
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString() 
-        {
-            return "RC2 Parameters";
-        }
-    }
-
-    public static class CAST5AlgorithmParameters
-        extends JDKAlgorithmParameters
-    {
-        private byte[]  iv;
-        private int     keyLength = 128;
-
-        protected byte[] engineGetEncoded() 
-        {
-            byte[]  tmp = new byte[iv.length];
-
-            System.arraycopy(iv, 0, tmp, 0, iv.length);
-            return tmp;
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-            throws IOException 
-        {
-            if (isASN1FormatString(format))
-            {
-                return new CAST5CBCParameters(engineGetEncoded(), keyLength).getEncoded();
-            }
-
-            if (format.equals("RAW"))
-            {
-                return engineGetEncoded();
-            }
-
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to CAST5 parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec instanceof IvParameterSpec)
-            {
-                this.iv = ((IvParameterSpec)paramSpec).getIV();
-            }
-            else
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec required to initialise a CAST5 parameters algorithm parameters object");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            this.iv = new byte[params.length];
-
-            System.arraycopy(params, 0, iv, 0, iv.length);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                ASN1InputStream         aIn = new ASN1InputStream(params);
-                CAST5CBCParameters      p = CAST5CBCParameters.getInstance(aIn.readObject());
-
-                keyLength = p.getKeyLength();
-
-                iv = p.getIV();
-
-                return;
-            }
-
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString() 
-        {
-            return "CAST5 Parameters";
-        }
-    }
-
-    public static class PKCS12PBE
-        extends JDKAlgorithmParameters
-    {
-        PKCS12PBEParams params;
-
-        protected byte[] engineGetEncoded() 
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-
-            try
-            {
-                dOut.writeObject(params);
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Oooops! " + e.toString());
-            }
-
-            return bOut.toByteArray();
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-        {
-            if (isASN1FormatString(format))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == PBEParameterSpec.class)
-            {
-                return new PBEParameterSpec(params.getIV(),
-                                params.getIterations().intValue());
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof PBEParameterSpec))
-            {
-                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object");
-            }
-
-            PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
-
-            this.params = new PKCS12PBEParams(pbeSpec.getSalt(),
-                                pbeSpec.getIterationCount());
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            ASN1InputStream        aIn = new ASN1InputStream(params);
-
-            this.params = PKCS12PBEParams.getInstance(aIn.readObject());
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in PKCS12 PBE parameters object");
-        }
-
-        protected String engineToString() 
-        {
-            return "PKCS12 PBE Parameters";
-        }
-    }
-
-    public static class DH
-        extends JDKAlgorithmParameters
-    {
-        DHParameterSpec     currentSpec;
-
-        /**
-         * Return the PKCS#3 ASN.1 structure DHParameter.
-         * 
    
-         * 
    -         *  DHParameter ::= SEQUENCE {
-         *                   prime INTEGER, -- p
-         *                   base INTEGER, -- g
-         *                   privateValueLength INTEGER OPTIONAL}
-         * 
    
-         */
-        protected byte[] engineGetEncoded() 
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-            DHParameter             dhP = new DHParameter(currentSpec.getP(), currentSpec.getG(), currentSpec.getL());
-
-            try
-            {
-                dOut.writeObject(dhP);
-                dOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding DHParameters");
-            }
-
-            return bOut.toByteArray();
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-        {
-            if (isASN1FormatString(format))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == DHParameterSpec.class)
-            {
-                return currentSpec;
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to DH parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof DHParameterSpec))
-            {
-                throw new InvalidParameterSpecException("DHParameterSpec required to initialise a Diffie-Hellman algorithm parameters object");
-            }
-
-            this.currentSpec = (DHParameterSpec)paramSpec;
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            ASN1InputStream        aIn = new ASN1InputStream(params);
-
-            try
-            {
-                DHParameter dhP = new DHParameter((ASN1Sequence)aIn.readObject());
-
-                if (dhP.getL() != null)
-                {
-                    currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG(), dhP.getL().intValue());
-                }
-                else
-                {
-                    currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG());
-                }
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid DH Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid DH Parameter encoding.");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-
-        protected String engineToString() 
-        {
-            return "Diffie-Hellman Parameters";
-        }
-    }
-
-    public static class DSA
-        extends JDKAlgorithmParameters
-    {
-        DSAParameterSpec     currentSpec;
-
-        /**
-         * Return the X.509 ASN.1 structure DSAParameter.
-         * 
    
-         * 
    -         *  DSAParameter ::= SEQUENCE {
-         *                   prime INTEGER, -- p
-         *                   subprime INTEGER, -- q
-         *                   base INTEGER, -- g}
-         * 
    
-         */
-        protected byte[] engineGetEncoded() 
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-            DSAParameter            dsaP = new DSAParameter(currentSpec.getP(), currentSpec.getQ(), currentSpec.getG());
-
-            try
-            {
-                dOut.writeObject(dsaP);
-                dOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding DSAParameters");
-            }
-
-            return bOut.toByteArray();
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-        {
-            if (isASN1FormatString(format))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == DSAParameterSpec.class)
-            {
-                return currentSpec;
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to DSA parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof DSAParameterSpec))
-            {
-                throw new InvalidParameterSpecException("DSAParameterSpec required to initialise a DSA algorithm parameters object");
-            }
-
-            this.currentSpec = (DSAParameterSpec)paramSpec;
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            ASN1InputStream        aIn = new ASN1InputStream(params);
-
-            try
-            {
-                DSAParameter dsaP = new DSAParameter((ASN1Sequence)aIn.readObject());
-
-                currentSpec = new DSAParameterSpec(dsaP.getP(), dsaP.getQ(), dsaP.getG());
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid DSA Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid DSA Parameter encoding.");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-
-        protected String engineToString() 
-        {
-            return "DSA Parameters";
-        }
-    }
-    
-    public static class GOST3410
-        extends JDKAlgorithmParameters
-    {
-        GOST3410ParameterSpec     currentSpec;
-        
-        /**
-         * Return the X.509 ASN.1 structure GOST3410Parameter.
-         * 
    
-         * 
    -         *  GOST3410Parameter ::= SEQUENCE {
-         *                   prime INTEGER, -- p
-         *                   subprime INTEGER, -- q
-         *                   base INTEGER, -- a}
-         * 
    
-         */
-        protected byte[] engineGetEncoded()
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-            GOST3410PublicKeyAlgParameters       gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID()));
-            
-            try
-            {
-                dOut.writeObject(gost3410P);
-                dOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding GOST3410Parameters");
-            }
-            
-            return bOut.toByteArray();
-        }
-        
-        protected byte[] engineGetEncoded(
-                String format)
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                return engineGetEncoded();
-            }
-            
-            return null;
-        }
-        
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-                Class paramSpec)
-        throws InvalidParameterSpecException
-        {
-            if (paramSpec == GOST3410PublicKeyParameterSetSpec.class)
-            {
-                return currentSpec;
-            }
-            
-            throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object.");
-        }
-        
-        protected void engineInit(
-                AlgorithmParameterSpec paramSpec)
-        throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof GOST3410ParameterSpec))
-            {
-                throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object");
-            }
-            
-            this.currentSpec = (GOST3410ParameterSpec)paramSpec;
-        }
-        
-        protected void engineInit(
-                byte[] params)
-        throws IOException
-        {
-            ASN1InputStream        dIn = new ASN1InputStream(params);
-            
-            try
-            {
-                GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters((ASN1Sequence)dIn.readObject());
-                
-                currentSpec = new GOST3410ParameterSpec(gost3410P.getPublicKeyParamSet().getId(), gost3410P.getDigestParamSet().getId(), gost3410P.getEncryptionParamSet().getId());
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid GOST3410 Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid GOST3410 Parameter encoding.");
-            }
-        }
-        
-        protected void engineInit(
-                byte[] params,
-                String format)
-        throws IOException
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-        
-        protected String engineToString()
-        {
-            return "GOST3410 Parameters";
-        }
-    }
-
-    public static class ElGamal
-        extends JDKAlgorithmParameters
-    {
-        ElGamalParameterSpec     currentSpec;
-
-        /**
-         * Return the X.509 ASN.1 structure ElGamalParameter.
-         * 
    
-         * 
    -         *  ElGamalParameter ::= SEQUENCE {
-         *                   prime INTEGER, -- p
-         *                   base INTEGER, -- g}
-         * 
    
-         */
-        protected byte[] engineGetEncoded() 
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-            ElGamalParameter        elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG());
-
-            try
-            {
-                dOut.writeObject(elP);
-                dOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding ElGamalParameters");
-            }
-
-            return bOut.toByteArray();
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == ElGamalParameterSpec.class)
-            {
-                return currentSpec;
-            }
-            else if (paramSpec == DHParameterSpec.class)
-            {
-                return new DHParameterSpec(currentSpec.getP(), currentSpec.getG());
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec))
-            {
-                throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object");
-            }
-
-            if (paramSpec instanceof ElGamalParameterSpec)
-            {
-                this.currentSpec = (ElGamalParameterSpec)paramSpec;
-            }
-            else
-            {
-                DHParameterSpec s = (DHParameterSpec)paramSpec;
-                
-                this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG());
-            }
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            ASN1InputStream        aIn = new ASN1InputStream(params);
-
-            try
-            {
-                ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)aIn.readObject());
-
-                currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG());
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid ElGamal Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid ElGamal Parameter encoding.");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-
-        protected String engineToString() 
-        {
-            return "ElGamal Parameters";
-        }
-    }
-
-    public static class IES
-        extends JDKAlgorithmParameters
-    {
-        IESParameterSpec     currentSpec;
-
-        /**
-         * in the abscence of a standard way of doing it this will do for
-         * now...
-         */
-        protected byte[] engineGetEncoded() 
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-
-            try
-            {
-                ASN1EncodableVector    v = new ASN1EncodableVector();
-
-                v.add(new DEROctetString(currentSpec.getDerivationV()));
-                v.add(new DEROctetString(currentSpec.getEncodingV()));
-                v.add(new DERInteger(currentSpec.getMacKeySize()));
-
-                dOut.writeObject(new DERSequence(v));
-                dOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding IESParameters");
-            }
-
-            return bOut.toByteArray();
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == IESParameterSpec.class)
-            {
-                return currentSpec;
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof IESParameterSpec))
-            {
-                throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object");
-            }
-
-            this.currentSpec = (IESParameterSpec)paramSpec;
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            ASN1InputStream        aIn = new ASN1InputStream(params);
-
-            try
-            {
-                ASN1Sequence    s = (ASN1Sequence)aIn.readObject();
-
-                this.currentSpec = new IESParameterSpec(
-                                        ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
-                                        ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
-                                        ((DERInteger)s.getObjectAt(0)).getValue().intValue());
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid IES Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid IES Parameter encoding.");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-
-        protected String engineToString() 
-        {
-            return "IES Parameters";
-        }
-    }
-
-    public static class PSS
-        extends JDKAlgorithmParameters
-    {
-        PSSParameterSpec     currentSpec;
-
-        /**
-         * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params.
-         */
-        protected byte[] engineGetEncoded()
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DEROutputStream         dOut = new DEROutputStream(bOut);
-            PSSParameterSpec    pssSpec = (PSSParameterSpec)currentSpec;
-            RSASSAPSSparams     pssP = new RSASSAPSSparams(RSASSAPSSparams.DEFAULT_HASH_ALGORITHM, RSASSAPSSparams.DEFAULT_MASK_GEN_FUNCTION, new DERInteger(pssSpec.getSaltLength()), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
-            try
-            {
-                dOut.writeObject(pssP);
-                dOut.close();
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding PSSParameters");
-            }
-
-            return bOut.toByteArray();
-        }
-
-        protected byte[] engineGetEncoded(
-            String format)
-        {
-            if (format.equalsIgnoreCase("X.509")
-                    || format.equalsIgnoreCase("ASN.1"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == PSSParameterSpec.class && currentSpec instanceof PSSParameterSpec)
-            {
-                return currentSpec;
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof PSSParameterSpec))
-            {
-                throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object");
-            }
-
-            this.currentSpec = (PSSParameterSpec)paramSpec;
-        }
-
-        protected void engineInit(
-            byte[] params)
-            throws IOException
-        {
-            ASN1InputStream        aIn = new ASN1InputStream(params);
-
-            try
-            {
-                RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)aIn.readObject());
-
-                currentSpec = new PSSParameterSpec(
-                                       pssP.getSaltLength().getValue().intValue());
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid PSS Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid PSS Parameter encoding.");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format)
-            throws IOException
-        {
-            if (format.equalsIgnoreCase("X.509")
-                    || format.equalsIgnoreCase("ASN.1"))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-
-        protected String engineToString()
-        {
-            return "PSS Parameters";
-        }
-    }
-
-    public static class PBKDF2
-        extends JDKAlgorithmParameters
-    {
-        PBKDF2Params params;
-
-        protected byte[] engineGetEncoded()
-        {
-            try
-            {
-                return params.getEncoded(ASN1Encodable.DER);
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Oooops! " + e.toString());
-            }
-        }
-
-        protected byte[] engineGetEncoded(
-            String format)
-        {
-            if (isASN1FormatString(format))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == PBEParameterSpec.class)
-            {
-                return new PBEParameterSpec(params.getSalt(),
-                                params.getIterationCount().intValue());
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof PBEParameterSpec))
-            {
-                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object");
-            }
-
-            PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
-
-            this.params = new PBKDF2Params(pbeSpec.getSalt(),
-                                pbeSpec.getIterationCount());
-        }
-
-        protected void engineInit(
-            byte[] params)
-            throws IOException
-        {
-            this.params = PBKDF2Params.getInstance(ASN1Object.fromByteArray(params));
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format)
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in PWRIKEK parameters object");
-        }
-
-        protected String engineToString()
-        {
-            return "PBKDF2 Parameters";
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java
deleted file mode 100644
index 5d016d01a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java
+++ /dev/null
@@ -1,169 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.spec.DSAParameterSpec;
-import java.security.spec.DSAPrivateKeySpec;
-import java.util.Enumeration;
-
-public class JDKDSAPrivateKey
-    implements DSAPrivateKey, PKCS12BagAttributeCarrier
-{
-    private static final long serialVersionUID = -4677259546958385734L;
-
-    BigInteger          x;
-    DSAParams           dsaSpec;
-
-    private PKCS12BagAttributeCarrierImpl   attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    protected JDKDSAPrivateKey()
-    {
-    }
-
-    JDKDSAPrivateKey(
-        DSAPrivateKey    key)
-    {
-        this.x = key.getX();
-        this.dsaSpec = key.getParams();
-    }
-
-    JDKDSAPrivateKey(
-        DSAPrivateKeySpec    spec)
-    {
-        this.x = spec.getX();
-        this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG());
-    }
-
-    JDKDSAPrivateKey(
-        PrivateKeyInfo  info)
-    {
-        DSAParameter    params = new DSAParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger      derX = (DERInteger)info.getPrivateKey();
-
-        this.x = derX.getValue();
-        this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG());
-    }
-
-    JDKDSAPrivateKey(
-        DSAPrivateKeyParameters  params)
-    {
-        this.x = params.getX();
-        this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG());
-    }
-
-    public String getAlgorithm()
-    {
-        return "DSA";
-    }
-
-    /**
-     * return the encoding format we produce in getEncoded().
-     *
-     * @return the string "PKCS#8"
-     */
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    /**
-     * Return a PKCS8 representation of the key. The sequence returned
-     * represents a full PrivateKeyInfo object.
-     *
-     * @return a PKCS8 representation of the key.
-     */
-    public byte[] getEncoded()
-    {
-        PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).getDERObject()), new DERInteger(getX()));
-
-        return info.getDEREncoded();
-    }
-
-    public DSAParams getParams()
-    {
-        return dsaSpec;
-    }
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof DSAPrivateKey))
-        {
-            return false;
-        }
-        
-        DSAPrivateKey other = (DSAPrivateKey)o;
-        
-        return this.getX().equals(other.getX()) 
-            && this.getParams().getG().equals(other.getParams().getG()) 
-            && this.getParams().getP().equals(other.getParams().getP()) 
-            && this.getParams().getQ().equals(other.getParams().getQ());
-    }
-
-    public int hashCode()
-    {
-        return this.getX().hashCode() ^ this.getParams().getG().hashCode()
-                ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode();
-    }
-    
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-
-    private void readObject(
-        ObjectInputStream in)
-        throws IOException, ClassNotFoundException
-    {
-        this.x = (BigInteger)in.readObject();
-        this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject());
-        this.attrCarrier = new PKCS12BagAttributeCarrierImpl();
-        
-        attrCarrier.readObject(in);
-    }
-
-    private void writeObject(
-        ObjectOutputStream out)
-        throws IOException
-    {
-        out.writeObject(x);
-        out.writeObject(dsaSpec.getP());
-        out.writeObject(dsaSpec.getQ());
-        out.writeObject(dsaSpec.getG());
-
-        attrCarrier.writeObject(out);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java
deleted file mode 100644
index 392f53246..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java
+++ /dev/null
@@ -1,169 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-import java.security.spec.DSAParameterSpec;
-import java.security.spec.DSAPublicKeySpec;
-
-public class JDKDSAPublicKey
-    implements DSAPublicKey
-{
-    private static final long serialVersionUID = 1752452449903495175L;
-
-    private BigInteger      y;
-    private DSAParams       dsaSpec;
-
-    JDKDSAPublicKey(
-        DSAPublicKeySpec    spec)
-    {
-        this.y = spec.getY();
-        this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG());
-    }
-
-    JDKDSAPublicKey(
-        DSAPublicKey    key)
-    {
-        this.y = key.getY();
-        this.dsaSpec = key.getParams();
-    }
-
-    JDKDSAPublicKey(
-        DSAPublicKeyParameters  params)
-    {
-        this.y = params.getY();
-        this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG());
-    }
-
-    JDKDSAPublicKey(
-        BigInteger        y,
-        DSAParameterSpec  dsaSpec)
-    {
-        this.y = y;
-        this.dsaSpec = dsaSpec;
-    }
-
-    JDKDSAPublicKey(
-        SubjectPublicKeyInfo    info)
-    {
-
-        DERInteger              derY;
-
-        try
-        {
-            derY = (DERInteger)info.getPublicKey();
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid info structure in DSA public key");
-        }
-
-        this.y = derY.getValue();
-
-        if (isNotNull(info.getAlgorithmId().getParameters()))
-        {
-            DSAParameter params = new DSAParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-            
-            this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG());
-        }
-    }
-
-    private boolean isNotNull(DEREncodable parameters)
-    {
-        return parameters != null && !DERNull.INSTANCE.equals(parameters);
-    }
-
-    public String getAlgorithm()
-    {
-        return "DSA";
-    }
-
-    public String getFormat()
-    {
-        return "X.509";
-    }
-
-    public byte[] getEncoded()
-    {
-        if (dsaSpec == null)
-        {
-            return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new DERInteger(y)).getDEREncoded();
-        }
-
-        return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).getDERObject()), new DERInteger(y)).getDEREncoded();
-    }
-
-    public DSAParams getParams()
-    {
-        return dsaSpec;
-    }
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-
-    public String toString()
-    {
-        StringBuffer    buf = new StringBuffer();
-        String          nl = System.getProperty("line.separator");
-
-        buf.append("DSA Public Key").append(nl);
-        buf.append("            y: ").append(this.getY().toString(16)).append(nl);
-
-        return buf.toString();
-    }
-
-    public int hashCode()
-    {
-        return this.getY().hashCode() ^ this.getParams().getG().hashCode() 
-                ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode();
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (!(o instanceof DSAPublicKey))
-        {
-            return false;
-        }
-        
-        DSAPublicKey other = (DSAPublicKey)o;
-        
-        return this.getY().equals(other.getY()) 
-            && this.getParams().getG().equals(other.getParams().getG()) 
-            && this.getParams().getP().equals(other.getParams().getP()) 
-            && this.getParams().getQ().equals(other.getParams().getQ());
-    }
-
-    private void readObject(
-        ObjectInputStream in)
-        throws IOException, ClassNotFoundException
-    {
-        this.y = (BigInteger)in.readObject();
-        this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject());
-    }
-
-    private void writeObject(
-        ObjectOutputStream out)
-        throws IOException
-    {
-        out.writeObject(y);
-        out.writeObject(dsaSpec.getP());
-        out.writeObject(dsaSpec.getQ());
-        out.writeObject(dsaSpec.getG());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
deleted file mode 100644
index 135984458..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
+++ /dev/null
@@ -1,279 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.SignatureSpi;
-import java.security.interfaces.DSAKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.signers.DSASigner;
-import org.bouncycastle.jce.interfaces.GOST3410Key;
-
-public class JDKDSASigner
-    extends SignatureSpi
-    implements PKCSObjectIdentifiers, X509ObjectIdentifiers
-{
-    private Digest                  digest;
-    private DSA                     signer;
-    private SecureRandom            random;
-
-    protected JDKDSASigner(
-        Digest                  digest,
-        DSA                     signer)
-    {
-        this.digest = digest;
-        this.signer = signer;
-    }
-
-    protected void engineInitVerify(
-        PublicKey   publicKey)
-        throws InvalidKeyException
-    {
-        CipherParameters    param;
-
-        if (publicKey instanceof GOST3410Key)
-        {
-            param = GOST3410Util.generatePublicKeyParameter(publicKey);
-        }
-        else if (publicKey instanceof DSAKey)
-        {
-            param = DSAUtil.generatePublicKeyParameter(publicKey);
-        }
-        else
-        {
-            try
-            {
-                byte[]  bytes = publicKey.getEncoded();
-
-                publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes);
-
-                if (publicKey instanceof DSAKey)
-                {
-                    param = DSAUtil.generatePublicKeyParameter(publicKey);
-                }
-                else
-                {
-                    throw new InvalidKeyException("can't recognise key type in DSA based signer");
-                }
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeyException("can't recognise key type in DSA based signer");
-            }
-        }
-
-        digest.reset();
-        signer.init(false, param);
-    }
-
-    protected void engineInitSign(
-        PrivateKey      privateKey,
-        SecureRandom    random)
-        throws InvalidKeyException
-    {
-        this.random = random;
-        engineInitSign(privateKey);
-    }
-
-    protected void engineInitSign(
-        PrivateKey  privateKey)
-        throws InvalidKeyException
-    {
-        CipherParameters    param;
-
-        if (privateKey instanceof GOST3410Key)
-        {
-            param = GOST3410Util.generatePrivateKeyParameter(privateKey);
-        }
-        else
-        {
-            param = DSAUtil.generatePrivateKeyParameter(privateKey);
-        }
-
-        if (random != null)
-        {
-            param = new ParametersWithRandom(param, random);
-        }
-
-        digest.reset();
-        signer.init(true, param);
-    }
-
-    protected void engineUpdate(
-        byte    b)
-        throws SignatureException
-    {
-        digest.update(b);
-    }
-
-    protected void engineUpdate(
-        byte[]  b,
-        int     off,
-        int     len) 
-        throws SignatureException
-    {
-        digest.update(b, off, len);
-    }
-
-    protected byte[] engineSign()
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        try
-        {
-            BigInteger[]    sig = signer.generateSignature(hash);
-
-            return derEncode(sig[0], sig[1]);
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException(e.toString());
-        }
-    }
-
-    protected boolean engineVerify(
-        byte[]  sigBytes) 
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        BigInteger[]    sig;
-
-        try
-        {
-            sig = derDecode(sigBytes);
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException("error decoding signature bytes.");
-        }
-
-        return signer.verifySignature(hash, sig[0], sig[1]);
-    }
-
-    protected void engineSetParameter(
-        AlgorithmParameterSpec params)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated replaced with     
-     */
-    protected void engineSetParameter(
-        String  param,
-        Object  value)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated
-     */
-    protected Object engineGetParameter(
-        String      param)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    private byte[] derEncode(
-        BigInteger  r,
-        BigInteger  s)
-        throws IOException
-    {
-        DERInteger[] rs = new DERInteger[]{ new DERInteger(r), new DERInteger(s) };
-        return new DERSequence(rs).getEncoded(ASN1Encodable.DER);
-    }
-
-    private BigInteger[] derDecode(
-        byte[]  encoding)
-        throws IOException
-    {
-        ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(encoding);
-        return new BigInteger[]{
-            ((DERInteger)s.getObjectAt(0)).getValue(),
-            ((DERInteger)s.getObjectAt(1)).getValue()
-        };
-    }
-
-    static public class stdDSA
-        extends JDKDSASigner
-    {
-        public stdDSA()
-        {
-            super(new SHA1Digest(), new DSASigner());
-        }
-    }
-
-    static public class dsa224
-        extends JDKDSASigner
-    {
-        public dsa224()
-        {
-            super(new SHA224Digest(), new DSASigner());
-        }
-    }
-    
-    static public class dsa256
-        extends JDKDSASigner
-    {
-        public dsa256()
-        {
-            super(new SHA256Digest(), new DSASigner());
-        }
-    }
-    
-    static public class dsa384
-        extends JDKDSASigner
-    {
-        public dsa384()
-        {
-            super(new SHA384Digest(), new DSASigner());
-        }
-    }
-    
-    static public class dsa512
-        extends JDKDSASigner
-    {
-        public dsa512()
-        {
-            super(new SHA512Digest(), new DSASigner());
-        }
-    }
-
-    static public class noneDSA
-        extends JDKDSASigner
-    {
-        public noneDSA()
-        {
-            super(new NullDigest(), new DSASigner());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
deleted file mode 100644
index b2f99d3c0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
+++ /dev/null
@@ -1,366 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.SignatureSpi;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.DigestInfo;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-
-public class JDKDigestSignature
-    extends SignatureSpi
-{
-    private Digest                  digest;
-    private AsymmetricBlockCipher   cipher;
-    private AlgorithmIdentifier     algId;
-
-    // care - this constructor is actually used by outside organisations
-    protected JDKDigestSignature(
-        Digest                  digest,
-        AsymmetricBlockCipher   cipher)
-    {
-        this.digest = digest;
-        this.cipher = cipher;
-        this.algId = null;
-    }
-
-    // care - this constructor is actually used by outside organisations
-    protected JDKDigestSignature(
-        DERObjectIdentifier     objId,
-        Digest                  digest,
-        AsymmetricBlockCipher   cipher)
-    {
-        this.digest = digest;
-        this.cipher = cipher;
-        this.algId = new AlgorithmIdentifier(objId, DERNull.INSTANCE);
-    }
-
-    protected void engineInitVerify(
-        PublicKey   publicKey)
-        throws InvalidKeyException
-    {
-        if (!(publicKey instanceof RSAPublicKey))
-        {
-            throw new InvalidKeyException("Supplied key (" + getType(publicKey) + ") is not a RSAPublicKey instance");
-        }
-
-        CipherParameters    param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey);
-
-        digest.reset();
-        cipher.init(false, param);
-    }
-
-    protected void engineInitSign(
-        PrivateKey  privateKey)
-        throws InvalidKeyException
-    {
-        if (!(privateKey instanceof RSAPrivateKey))
-        {
-            throw new InvalidKeyException("Supplied key (" + getType(privateKey) + ") is not a RSAPrivateKey instance");
-        }
-
-        CipherParameters    param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey);
-
-        digest.reset();
-
-        cipher.init(true, param);
-    }
-
-    private String getType(
-        Object o)
-    {
-        if (o == null)
-        {
-            return null;
-        }
-        
-        return o.getClass().getName();
-    }
-    
-    protected void engineUpdate(
-        byte    b)
-        throws SignatureException
-    {
-        digest.update(b);
-    }
-
-    protected void engineUpdate(
-        byte[]  b,
-        int     off,
-        int     len) 
-        throws SignatureException
-    {
-        digest.update(b, off, len);
-    }
-
-    protected byte[] engineSign()
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        try
-        {
-            byte[]  bytes = derEncode(hash);
-
-            return cipher.processBlock(bytes, 0, bytes.length);
-        }
-        catch (ArrayIndexOutOfBoundsException e)
-        {
-            throw new SignatureException("key too small for signature type");
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException(e.toString());
-        }
-    }
-
-    protected boolean engineVerify(
-        byte[]  sigBytes) 
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        byte[]      sig;
-        byte[]      expected;
-
-        try
-        {
-            sig = cipher.processBlock(sigBytes, 0, sigBytes.length);
-
-            expected = derEncode(hash);
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-
-        if (sig.length == expected.length)
-        {
-            for (int i = 0; i < sig.length; i++)
-            {
-                if (sig[i] != expected[i])
-                {
-                    return false;
-                }
-            }
-        }
-        else if (sig.length == expected.length - 2)  // NULL left out
-        {
-            int sigOffset = sig.length - hash.length - 2;
-            int expectedOffset = expected.length - hash.length - 2;
-
-            expected[1] -= 2;      // adjust lengths
-            expected[3] -= 2;
-
-            for (int i = 0; i < hash.length; i++)
-            {
-                if (sig[sigOffset + i] != expected[expectedOffset + i])  // check hash
-                {
-                    return false;
-                }
-            }
-
-            for (int i = 0; i < sigOffset; i++)
-            {
-                if (sig[i] != expected[i])  // check header less NULL
-                {
-                    return false;
-                }
-            }
-        }
-        else
-        {
-            return false;
-        }
-
-        return true;
-    }
-
-    protected void engineSetParameter(
-        AlgorithmParameterSpec params)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated replaced with 
-     */
-    protected void engineSetParameter(
-        String  param,
-        Object  value)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated
-     */
-    protected Object engineGetParameter(
-        String      param)
-    {
-        return null;
-    }
-
-    protected AlgorithmParameters engineGetParameters()
-    {
-        return null;
-    }
-
-    private byte[] derEncode(
-        byte[]  hash)
-        throws IOException
-    {
-        if (algId == null)
-        {
-            // For raw RSA, the DigestInfo must be prepared externally
-            return hash;
-        }
-
-        DigestInfo              dInfo = new DigestInfo(algId, hash);
-
-        return dInfo.getEncoded(ASN1Encodable.DER);
-    }
-
-    static public class SHA1WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public SHA1WithRSAEncryption()
-        {
-            super(X509ObjectIdentifiers.id_SHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class SHA224WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public SHA224WithRSAEncryption()
-        {
-            super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class SHA256WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public SHA256WithRSAEncryption()
-        {
-            super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class SHA384WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public SHA384WithRSAEncryption()
-        {
-            super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class SHA512WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public SHA512WithRSAEncryption()
-        {
-            super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class MD2WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public MD2WithRSAEncryption()
-        {
-            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class MD4WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public MD4WithRSAEncryption()
-        {
-            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class MD5WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public MD5WithRSAEncryption()
-        {
-            super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD160WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public RIPEMD160WithRSAEncryption()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD128WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public RIPEMD128WithRSAEncryption()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD256WithRSAEncryption
-        extends JDKDigestSignature
-    {
-        public RIPEMD256WithRSAEncryption()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class noneRSA
-        extends JDKDigestSignature
-    {
-        public noneRSA()
-        {
-            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java
deleted file mode 100644
index ca36a1dbb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java
+++ /dev/null
@@ -1,72 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.DEROctetString;
-
-import java.io.IOException;
-import java.security.AlgorithmParametersSpi;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-
-public abstract class JDKECDSAAlgParameters
-    extends AlgorithmParametersSpi
-{
-    public static class SigAlgParameters
-        extends JDKAlgorithmParameters
-    {
-        protected byte[] engineGetEncoded() 
-            throws IOException
-        {
-            return engineGetEncoded("ASN.1");
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-            throws IOException
-        {
-            if (format == null)
-            {
-                return engineGetEncoded("ASN.1");
-            }
-            
-            if (format.equals("ASN.1"))
-            {
-                return new DEROctetString(engineGetEncoded("RAW")).getEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            throw new InvalidParameterSpecException("unknown parameter spec passed to ECDSA parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            throw new InvalidParameterSpecException("unknown parameter spec passed to ECDSA parameters object.");
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString() 
-        {
-            return "ECDSA Parameters";
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PrivateKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PrivateKey.java
deleted file mode 100644
index b36e6d2cb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PrivateKey.java
+++ /dev/null
@@ -1,158 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters;
-import org.bouncycastle.jce.interfaces.GOST3410Params;
-import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-
-import java.math.BigInteger;
-import java.util.Enumeration;
-
-public class JDKGOST3410PrivateKey
-    implements GOST3410PrivateKey, PKCS12BagAttributeCarrier
-{
-    BigInteger          x;
-    GOST3410Params      gost3410Spec;
-
-    private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    protected JDKGOST3410PrivateKey()
-    {
-    }
-
-    JDKGOST3410PrivateKey(
-        GOST3410PrivateKey    key)
-    {
-        this.x = key.getX();
-        this.gost3410Spec = key.getParameters();
-    }
-
-    JDKGOST3410PrivateKey(
-        GOST3410PrivateKeySpec    spec)
-    {
-        this.x = spec.getX();
-        this.gost3410Spec = new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(spec.getP(), spec.getQ(), spec.getA()));
-    }
-
-    JDKGOST3410PrivateKey(
-        PrivateKeyInfo  info)
-    {
-        GOST3410PublicKeyAlgParameters    params = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DEROctetString      derX = (DEROctetString)info.getPrivateKey();
-        byte[]              keyEnc = derX.getOctets();
-        byte[]              keyBytes = new byte[keyEnc.length];
-        
-        for (int i = 0; i != keyEnc.length; i++)
-        {
-            keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // was little endian
-        }
-        
-        this.x = new BigInteger(1, keyBytes);
-        this.gost3410Spec = GOST3410ParameterSpec.fromPublicKeyAlg(params);
-    }
-
-    JDKGOST3410PrivateKey(
-        GOST3410PrivateKeyParameters  params,
-        GOST3410ParameterSpec         spec)
-    {
-        this.x = params.getX();
-        this.gost3410Spec = spec;
-
-        if (spec == null) 
-        {
-            throw new IllegalArgumentException("spec is null");
-        }
-    }
-
-    public String getAlgorithm()
-    {
-        return "GOST3410";
-    }
-
-    /**
-     * return the encoding format we produce in getEncoded().
-     *
-     * @return the string "PKCS#8"
-     */
-    public String getFormat()
-    {
-        return "PKCS#8";
-    }
-
-    /**
-     * Return a PKCS8 representation of the key. The sequence returned
-     * represents a full PrivateKeyInfo object.
-     *
-     * @return a PKCS8 representation of the key.
-     */
-    public byte[] getEncoded()
-    {
-        PrivateKeyInfo          info;
-        byte[]                  keyEnc = this.getX().toByteArray();
-        byte[]                  keyBytes;
-
-        if (keyEnc[0] == 0)
-        {
-            keyBytes = new byte[keyEnc.length - 1];
-        }
-        else
-        {
-            keyBytes = new byte[keyEnc.length];
-        }
-        
-        for (int i = 0; i != keyBytes.length; i++)
-        {
-            keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // must be little endian
-        }
-        
-        if (gost3410Spec instanceof GOST3410ParameterSpec)
-        {
-            info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94, new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(gost3410Spec.getPublicKeyParamSetOID()), new DERObjectIdentifier(gost3410Spec.getDigestParamSetOID())).getDERObject()), new DEROctetString(keyBytes));
-        }
-        else
-        {
-            info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94), new DEROctetString(keyBytes));
-        }
-        
-        return info.getDEREncoded();
-    }
-
-    public GOST3410Params getParameters()
-    {
-        return gost3410Spec;
-    }
-
-    public BigInteger getX()
-    {
-        return x;
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PublicKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PublicKey.java
deleted file mode 100644
index b7b688697..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410PublicKey.java
+++ /dev/null
@@ -1,170 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters;
-import org.bouncycastle.jce.interfaces.GOST3410Params;
-import org.bouncycastle.jce.interfaces.GOST3410PublicKey;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeySpec;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-public class JDKGOST3410PublicKey
-    implements GOST3410PublicKey
-{
-    private BigInteger      y;
-    private GOST3410Params  gost3410Spec;
-
-    JDKGOST3410PublicKey(
-        GOST3410PublicKeySpec    spec)
-    {
-        this.y = spec.getY();
-        this.gost3410Spec = new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(spec.getP(), spec.getQ(), spec.getA()));
-    }
-
-    JDKGOST3410PublicKey(
-        GOST3410PublicKey    key)
-    {
-        this.y = key.getY();
-        this.gost3410Spec = key.getParameters();
-    }
-
-    JDKGOST3410PublicKey(
-        GOST3410PublicKeyParameters  params,
-        GOST3410ParameterSpec        spec)
-    {
-        this.y = params.getY();
-        this.gost3410Spec = spec;
-    }
-
-    JDKGOST3410PublicKey(
-        BigInteger        y,
-        GOST3410ParameterSpec  gost3410Spec)
-    {
-        this.y = y;
-        this.gost3410Spec = gost3410Spec;
-    }
-
-    JDKGOST3410PublicKey(
-        SubjectPublicKeyInfo    info)
-    {
-        GOST3410PublicKeyAlgParameters    params = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DEROctetString                    derY;
-
-        try
-        {
-            derY = (DEROctetString)info.getPublicKey();
-            
-            byte[]                  keyEnc = derY.getOctets();
-            byte[]                  keyBytes = new byte[keyEnc.length];
-            
-            for (int i = 0; i != keyEnc.length; i++)
-            {
-                keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // was little endian
-            }
-
-            this.y = new BigInteger(1, keyBytes);
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("invalid info structure in GOST3410 public key");
-        }
-
-        this.gost3410Spec = GOST3410ParameterSpec.fromPublicKeyAlg(params);
-    }
-
-    public String getAlgorithm()
-    {
-        return "GOST3410";
-    }
-
-    public String getFormat()
-    {
-        return "X.509";
-    }
-
-    public byte[] getEncoded()
-    {
-        SubjectPublicKeyInfo    info;
-        byte[]                  keyEnc = this.getY().toByteArray();
-        byte[]                  keyBytes;
-        
-        if (keyEnc[0] == 0)
-        {
-            keyBytes = new byte[keyEnc.length - 1];
-        }
-        else
-        {
-            keyBytes = new byte[keyEnc.length];
-        }
-        
-        for (int i = 0; i != keyBytes.length; i++)
-        {
-            keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // must be little endian
-        }
-        
-        if (gost3410Spec instanceof GOST3410ParameterSpec)
-        {   
-            if (gost3410Spec.getEncryptionParamSetOID() != null)
-            {
-                info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94, new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(gost3410Spec.getPublicKeyParamSetOID()), new DERObjectIdentifier(gost3410Spec.getDigestParamSetOID()), new DERObjectIdentifier(gost3410Spec.getEncryptionParamSetOID())).getDERObject()), new DEROctetString(keyBytes));
-            }
-            else
-            {
-                info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94, new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(gost3410Spec.getPublicKeyParamSetOID()), new DERObjectIdentifier(gost3410Spec.getDigestParamSetOID())).getDERObject()), new DEROctetString(keyBytes));
-            }
-        }
-        else
-        {
-            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94), new DEROctetString(keyBytes));
-        }
-
-        return info.getDEREncoded();
-    }
-
-    public GOST3410Params getParameters()
-    {
-        return gost3410Spec;
-    }
-
-    public BigInteger getY()
-    {
-        return y;
-    }
-
-    public String toString()
-    {
-        StringBuffer    buf = new StringBuffer();
-        String          nl = System.getProperty("line.separator");
-
-        buf.append("GOST3410 Public Key").append(nl);
-        buf.append("            y: ").append(this.getY().toString(16)).append(nl);
-
-        return buf.toString();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o instanceof JDKGOST3410PublicKey)
-        {
-            JDKGOST3410PublicKey other = (JDKGOST3410PublicKey)o;
-            
-            return this.y.equals(other.y) && this.gost3410Spec.equals(other.gost3410Spec);
-        }
-        
-        return false;
-    }
-    
-    public int hashCode()
-    {
-        return y.hashCode() ^ gost3410Spec.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410Signer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410Signer.java
deleted file mode 100644
index 07a2dd647..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKGOST3410Signer.java
+++ /dev/null
@@ -1,248 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.SignatureSpi;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.GOST3411Digest;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.signers.ECGOST3410Signer;
-import org.bouncycastle.crypto.signers.GOST3410Signer;
-import org.bouncycastle.jce.interfaces.ECKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.interfaces.GOST3410Key;
-import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
-
-public class JDKGOST3410Signer
-    extends SignatureSpi
-    implements PKCSObjectIdentifiers, X509ObjectIdentifiers
-{
-    private Digest                  digest;
-    private DSA                     signer;
-    private SecureRandom            random;
-
-    protected JDKGOST3410Signer(
-        Digest digest,
-        DSA signer)
-    {
-        this.digest = digest;
-        this.signer = signer;
-    }
-
-    protected void engineInitVerify(
-        PublicKey   publicKey)
-        throws InvalidKeyException
-    {
-        CipherParameters    param;
-
-        if (publicKey instanceof ECPublicKey)
-        {
-            param = ECUtil.generatePublicKeyParameter(publicKey);
-        }
-        else if (publicKey instanceof GOST3410Key)
-        {
-            param = GOST3410Util.generatePublicKeyParameter(publicKey);
-        }
-        else
-        {
-            try
-            {
-                byte[]  bytes = publicKey.getEncoded();
-
-                publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes);
-
-                if (publicKey instanceof ECPublicKey)
-                {
-                    param = ECUtil.generatePublicKeyParameter(publicKey);
-                }
-                else
-                {
-                    throw new InvalidKeyException("can't recognise key type in DSA based signer");
-                }
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeyException("can't recognise key type in DSA based signer");
-            }
-        }
-
-        digest.reset();
-        signer.init(false, param);
-    }
-
-    protected void engineInitSign(
-        PrivateKey      privateKey,
-        SecureRandom    random)
-        throws InvalidKeyException
-    {
-        this.random = random;
-        engineInitSign(privateKey);
-    }
-
-    protected void engineInitSign(
-        PrivateKey  privateKey)
-        throws InvalidKeyException
-    {
-        CipherParameters    param;
-
-        if (privateKey instanceof ECKey)
-        {
-            param = ECUtil.generatePrivateKeyParameter(privateKey);
-        }
-        else
-        {
-            param = GOST3410Util.generatePrivateKeyParameter(privateKey);
-        }
-
-        digest.reset();
-
-        if (random != null)
-        {
-            signer.init(true, new ParametersWithRandom(param, random));
-        }
-        else
-        {
-            signer.init(true, param);
-        }
-    }
-
-    protected void engineUpdate(
-        byte    b)
-        throws SignatureException
-    {
-        digest.update(b);
-    }
-
-    protected void engineUpdate(
-        byte[]  b,
-        int     off,
-        int     len) 
-        throws SignatureException
-    {
-        digest.update(b, off, len);
-    }
-
-    protected byte[] engineSign()
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        try
-        {
-            byte[]          sigBytes = new byte[64];
-            BigInteger[]    sig = signer.generateSignature(hash);
-            byte[]          r = sig[0].toByteArray();
-            byte[]          s = sig[1].toByteArray();
-
-            if (s[0] != 0)
-            {
-                System.arraycopy(s, 0, sigBytes, 32 - s.length, s.length);
-            }
-            else
-            {
-                System.arraycopy(s, 1, sigBytes, 32 - (s.length - 1), s.length - 1);
-            }
-            
-            if (r[0] != 0)
-            {
-                System.arraycopy(r, 0, sigBytes, 64 - r.length, r.length);
-            }
-            else
-            {
-                System.arraycopy(r, 1, sigBytes, 64 - (r.length - 1), r.length - 1);
-            }
-
-            return sigBytes;
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException(e.toString());
-        }
-    }
-    
-    protected boolean engineVerify(
-        byte[]  sigBytes) 
-        throws SignatureException
-    {
-        byte[]  hash = new byte[digest.getDigestSize()];
-
-        digest.doFinal(hash, 0);
-
-        BigInteger[]    sig;
-
-        try
-        {
-            byte[] r = new byte[32]; 
-            byte[] s = new byte[32];
-
-            System.arraycopy(sigBytes, 0, s, 0, 32);
-
-            System.arraycopy(sigBytes, 32, r, 0, 32);
-            
-            sig = new BigInteger[2];
-            sig[0] = new BigInteger(1, r);
-            sig[1] = new BigInteger(1, s);
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException("error decoding signature bytes.");
-        }
-
-        return signer.verifySignature(hash, sig[0], sig[1]);
-    }
-
-    protected void engineSetParameter(
-        AlgorithmParameterSpec params)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated replaced with 
-     */
-    protected void engineSetParameter(
-        String  param,
-        Object  value)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated
-     */
-    protected Object engineGetParameter(
-        String      param)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    static public class gost3410
-        extends JDKGOST3410Signer
-    {
-        public gost3410()
-        {
-            super(new GOST3411Digest(), new GOST3410Signer());
-        }
-    }
-    
-    static public class ecgost3410
-        extends JDKGOST3410Signer
-    {
-        public ecgost3410()
-        {
-            super(new GOST3411Digest(), new ECGOST3410Signer());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java
deleted file mode 100644
index 6d0b2b4d3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java
+++ /dev/null
@@ -1,142 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.signers.ISO9796d2Signer;
-
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.SignatureSpi;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-public class JDKISOSignature
-    extends SignatureSpi
-{
-    private ISO9796d2Signer         signer;
-
-    protected JDKISOSignature(
-        Digest digest,
-        AsymmetricBlockCipher cipher)
-    {
-        signer = new ISO9796d2Signer(cipher, digest, true);
-    }
-
-    protected void engineInitVerify(
-        PublicKey   publicKey)
-        throws InvalidKeyException
-    {
-        CipherParameters    param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey);
-
-        signer.init(false, param);
-    }
-
-    protected void engineInitSign(
-        PrivateKey  privateKey)
-        throws InvalidKeyException
-    {
-        CipherParameters    param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey);
-
-        signer.init(true, param);
-    }
-
-    protected void engineUpdate(
-        byte    b)
-        throws SignatureException
-    {
-        signer.update(b);
-    }
-
-    protected void engineUpdate(
-        byte[]  b,
-        int     off,
-        int     len) 
-        throws SignatureException
-    {
-        signer.update(b, off, len);
-    }
-
-    protected byte[] engineSign()
-        throws SignatureException
-    {
-        try
-        {
-            byte[]  sig = signer.generateSignature();
-
-            return sig;
-        }
-        catch (Exception e)
-        {
-            throw new SignatureException(e.toString());
-        }
-    }
-
-    protected boolean engineVerify(
-        byte[]  sigBytes) 
-        throws SignatureException
-    {
-        boolean yes = signer.verifySignature(sigBytes);
-
-        return yes;
-    }
-
-    protected void engineSetParameter(
-        AlgorithmParameterSpec params)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated replaced with 
-     */
-    protected void engineSetParameter(
-        String  param,
-        Object  value)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    /**
-     * @deprecated
-     */
-    protected Object engineGetParameter(
-        String      param)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-
-    static public class SHA1WithRSAEncryption
-        extends JDKISOSignature
-    {
-        public SHA1WithRSAEncryption()
-        {
-            super(new SHA1Digest(), new RSABlindedEngine());
-        }
-    }
-
-    static public class MD5WithRSAEncryption
-        extends JDKISOSignature
-    {
-        public MD5WithRSAEncryption()
-        {
-            super(new MD5Digest(), new RSABlindedEngine());
-        }
-    }
-
-    static public class RIPEMD160WithRSAEncryption
-        extends JDKISOSignature
-    {
-        public RIPEMD160WithRSAEncryption()
-        {
-            super(new RIPEMD160Digest(), new RSABlindedEngine());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
deleted file mode 100644
index 019567d17..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
+++ /dev/null
@@ -1,532 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactorySpi;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.DSAPrivateKeySpec;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPrivateKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHPrivateKeySpec;
-import javax.crypto.spec.DHPublicKeySpec;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.interfaces.ElGamalPrivateKey;
-import org.bouncycastle.jce.interfaces.ElGamalPublicKey;
-import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec;
-import org.bouncycastle.jce.spec.ElGamalPublicKeySpec;
-import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeySpec;
-
-public abstract class JDKKeyFactory
-    extends KeyFactorySpi
-{
-    protected boolean elGamalFactory = false;
-    
-    public JDKKeyFactory()
-    {
-    }
-
-    protected PrivateKey engineGeneratePrivate(
-        KeySpec keySpec)
-        throws InvalidKeySpecException
-    {
-        if (keySpec instanceof PKCS8EncodedKeySpec)
-        {
-            try
-            {
-                return JDKKeyFactory.createPrivateKeyFromDERStream(
-                    ((PKCS8EncodedKeySpec)keySpec).getEncoded());
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeySpecException(e.toString());
-            }
-        }
-
-        throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
-    }
-
-    protected PublicKey engineGeneratePublic(
-        KeySpec    keySpec)
-        throws InvalidKeySpecException
-    {
-        if (keySpec instanceof X509EncodedKeySpec)
-        {
-            try
-            {
-                return JDKKeyFactory.createPublicKeyFromDERStream(
-                    ((X509EncodedKeySpec)keySpec).getEncoded());
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeySpecException(e.toString());
-            }
-        }
-
-        throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
-    }
-    
-    protected KeySpec engineGetKeySpec(
-        Key    key,
-        Class    spec)
-    throws InvalidKeySpecException
-    {
-       if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8"))
-       {
-               return new PKCS8EncodedKeySpec(key.getEncoded());
-       }
-       else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509"))
-       {
-               return new X509EncodedKeySpec(key.getEncoded());
-       }
-       else if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey)
-       {
-            RSAPublicKey    k = (RSAPublicKey)key;
-
-            return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent());
-       }
-       else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof RSAPrivateKey)
-       {
-            RSAPrivateKey    k = (RSAPrivateKey)key;
-
-            return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent());
-       }
-       else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey)
-       {
-            RSAPrivateCrtKey    k = (RSAPrivateCrtKey)key;
-
-            return new RSAPrivateCrtKeySpec(
-                            k.getModulus(), k.getPublicExponent(),
-                            k.getPrivateExponent(),
-                            k.getPrimeP(), k.getPrimeQ(),
-                            k.getPrimeExponentP(), k.getPrimeExponentQ(),
-                            k.getCrtCoefficient());
-       }
-       else if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey)
-       {
-           DHPrivateKey k = (DHPrivateKey)key;
-           
-           return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG());
-       }
-       else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey)
-       {
-           DHPublicKey k = (DHPublicKey)key;
-           
-           return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
-       }
-
-       throw new RuntimeException("not implemented yet " + key + " " + spec);
-    }
-
-    protected Key engineTranslateKey(
-        Key    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof RSAPublicKey)
-        {
-            return new JCERSAPublicKey((RSAPublicKey)key);
-        }
-        else if (key instanceof RSAPrivateCrtKey)
-        {
-            return new JCERSAPrivateCrtKey((RSAPrivateCrtKey)key);
-        }
-        else if (key instanceof RSAPrivateKey)
-        {
-            return new JCERSAPrivateKey((RSAPrivateKey)key);
-        }
-        else if (key instanceof DHPublicKey)
-        {
-            if (elGamalFactory)
-            {
-                return new JCEElGamalPublicKey((DHPublicKey)key);
-            }
-            else
-            {
-                return new JCEDHPublicKey((DHPublicKey)key);
-            }
-        }
-        else if (key instanceof DHPrivateKey)
-        {
-            if (elGamalFactory)
-            {
-                return new JCEElGamalPrivateKey((DHPrivateKey)key);
-            }
-            else
-            {
-                return new JCEDHPrivateKey((DHPrivateKey)key);
-            }
-        }
-        else if (key instanceof DSAPublicKey)
-        {
-            return new JDKDSAPublicKey((DSAPublicKey)key);
-        }
-        else if (key instanceof DSAPrivateKey)
-        {
-            return new JDKDSAPrivateKey((DSAPrivateKey)key);
-        }
-        else if (key instanceof ElGamalPublicKey)
-        {
-            return new JCEElGamalPublicKey((ElGamalPublicKey)key);
-        }
-        else if (key instanceof ElGamalPrivateKey)
-        {
-            return new JCEElGamalPrivateKey((ElGamalPrivateKey)key);
-        }
-
-        throw new InvalidKeyException("key type unknown");
-    }
-
-    /**
-     * create a public key from the given DER encoded input stream. 
-     */ 
-    public static PublicKey createPublicKeyFromDERStream(
-        byte[]         in)
-        throws IOException
-    {
-        return createPublicKeyFromPublicKeyInfo(
-            new SubjectPublicKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(in)));
-    }
-
-    /**
-     * create a public key from the given public key info object.
-     */ 
-    static PublicKey createPublicKeyFromPublicKeyInfo(
-        SubjectPublicKeyInfo         info)
-    {
-        DERObjectIdentifier     algOid = info.getAlgorithmId().getObjectId();
-        
-        if (RSAUtil.isRsaOid(algOid))
-        {
-            return new JCERSAPublicKey(info);
-        }
-        else if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement))
-        {
-            return new JCEDHPublicKey(info);
-        }
-        else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber))
-        {
-            return new JCEDHPublicKey(info);
-        }
-        else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            return new JCEElGamalPublicKey(info);
-        }
-        else if (algOid.equals(X9ObjectIdentifiers.id_dsa))
-        {
-            return new JDKDSAPublicKey(info);
-        }
-        else if (algOid.equals(OIWObjectIdentifiers.dsaWithSHA1))
-        {
-            return new JDKDSAPublicKey(info);
-        }
-        else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-        {
-            return new JCEECPublicKey(info);
-        }
-        else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
-        {
-            return new JDKGOST3410PublicKey(info);
-        }
-        else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001))
-        {
-            return new JCEECPublicKey(info);
-        }
-        else
-        {
-            throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised");
-        }
-    }
-
-    /**
-     * create a private key from the given DER encoded input stream. 
-     */ 
-    protected static PrivateKey createPrivateKeyFromDERStream(
-        byte[]         in)
-        throws IOException
-    {
-        return createPrivateKeyFromPrivateKeyInfo(
-            new PrivateKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(in)));
-    }
-
-    /**
-     * create a private key from the given public key info object.
-     */ 
-    static PrivateKey createPrivateKeyFromPrivateKeyInfo(
-        PrivateKeyInfo      info)
-    {
-        DERObjectIdentifier     algOid = info.getAlgorithmId().getObjectId();
-        
-        if (RSAUtil.isRsaOid(algOid))
-        {
-              return new JCERSAPrivateCrtKey(info);
-        }
-        else if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement))
-        {
-              return new JCEDHPrivateKey(info);
-        }
-        else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber))
-        {
-              return new JCEDHPrivateKey(info);
-        }
-        else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-              return new JCEElGamalPrivateKey(info);
-        }
-        else if (algOid.equals(X9ObjectIdentifiers.id_dsa))
-        {
-              return new JDKDSAPrivateKey(info);
-        }
-        else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-        {
-              return new JCEECPrivateKey(info);
-        }
-        else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
-        {
-              return new JDKGOST3410PrivateKey(info);
-        }
-        else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001))
-        {
-              return new JCEECPrivateKey(info);
-        }
-        else
-        {
-            throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised");
-        }
-    }
-
-    public static class RSA
-        extends JDKKeyFactory
-    {
-        public RSA()
-        {
-        }
-
-        protected PrivateKey engineGeneratePrivate(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof PKCS8EncodedKeySpec)
-            {
-                try
-                {
-                    return JDKKeyFactory.createPrivateKeyFromDERStream(
-                                ((PKCS8EncodedKeySpec)keySpec).getEncoded());
-                }
-                catch (Exception e)
-                {
-                    //
-                    // in case it's just a RSAPrivateKey object...
-                    //
-                    try
-                    {
-                        return new JCERSAPrivateCrtKey(
-                            new RSAPrivateKeyStructure(
-                                (ASN1Sequence) ASN1Object.fromByteArray(((PKCS8EncodedKeySpec)keySpec).getEncoded())));
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new InvalidKeySpecException(ex.toString());
-                    }
-                }
-            }
-            else if (keySpec instanceof RSAPrivateCrtKeySpec)
-            {
-                return new JCERSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec);
-            }
-            else if (keySpec instanceof RSAPrivateKeySpec)
-            {
-                return new JCERSAPrivateKey((RSAPrivateKeySpec)keySpec);
-            }
-    
-            throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
-        }
-    
-        protected PublicKey engineGeneratePublic(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof RSAPublicKeySpec)
-            {
-                return new JCERSAPublicKey((RSAPublicKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePublic(keySpec);
-        }
-    }
-
-    public static class DH
-        extends JDKKeyFactory
-    {
-        public DH()
-        {
-        }
-
-        protected PrivateKey engineGeneratePrivate(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DHPrivateKeySpec)
-            {
-                return new JCEDHPrivateKey((DHPrivateKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePrivate(keySpec);
-        }
-    
-        protected PublicKey engineGeneratePublic(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DHPublicKeySpec)
-            {
-                return new JCEDHPublicKey((DHPublicKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePublic(keySpec);
-        }
-    }
-
-    public static class DSA
-        extends JDKKeyFactory
-    {
-        public DSA()
-        {
-        }
-
-        protected PrivateKey engineGeneratePrivate(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DSAPrivateKeySpec)
-            {
-                return new JDKDSAPrivateKey((DSAPrivateKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePrivate(keySpec);
-        }
-    
-        protected PublicKey engineGeneratePublic(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DSAPublicKeySpec)
-            {
-                return new JDKDSAPublicKey((DSAPublicKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePublic(keySpec);
-        }
-    }
-
-    public static class GOST3410
-        extends JDKKeyFactory
-    {
-        public GOST3410()
-        {
-        }
-        
-        protected PrivateKey engineGeneratePrivate(
-                KeySpec    keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec instanceof GOST3410PrivateKeySpec)
-            {
-                return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePrivate(keySpec);
-        }
-        
-        protected PublicKey engineGeneratePublic(
-                KeySpec    keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec instanceof GOST3410PublicKeySpec)
-            {
-                return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePublic(keySpec);
-        }
-    }
-    
-    public static class ElGamal
-        extends JDKKeyFactory
-    {
-        public ElGamal()
-        {
-            elGamalFactory = true;
-        }
-
-        protected PrivateKey engineGeneratePrivate(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof ElGamalPrivateKeySpec)
-            {
-                return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec);
-            }
-            else if (keySpec instanceof DHPrivateKeySpec)
-            {
-                return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePrivate(keySpec);
-        }
-    
-        protected PublicKey engineGeneratePublic(
-            KeySpec    keySpec)
-            throws InvalidKeySpecException
-        {
-            if (keySpec instanceof ElGamalPublicKeySpec)
-            {
-                return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec);
-            }
-            else if (keySpec instanceof DHPublicKeySpec)
-            {
-                return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec);
-            }
-
-            return super.engineGeneratePublic(keySpec);
-        }
-    }
-
-
-    /**
-     * This isn't really correct, however the class path project API seems to think such
-     * a key factory will exist.
-     */
-    public static class X509
-        extends JDKKeyFactory
-    {
-        public X509()
-        {
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
deleted file mode 100644
index 6c5b990c4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
+++ /dev/null
@@ -1,398 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
-import org.bouncycastle.crypto.generators.DHParametersGenerator;
-import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
-import org.bouncycastle.crypto.generators.DSAParametersGenerator;
-import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator;
-import org.bouncycastle.crypto.generators.ElGamalParametersGenerator;
-import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator;
-import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
-import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters;
-import org.bouncycastle.crypto.params.GOST3410Parameters;
-import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters;
-import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters;
-import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.jce.spec.ElGamalParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
-
-import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.DSAParameterSpec;
-import java.security.spec.RSAKeyGenParameterSpec;
-import java.util.Hashtable;
-
-import javax.crypto.spec.DHParameterSpec;
-
-public abstract class JDKKeyPairGenerator
-    extends KeyPairGenerator
-{
-    public JDKKeyPairGenerator(
-        String              algorithmName)
-    {
-        super(algorithmName);
-    }
-
-    public abstract void initialize(int strength, SecureRandom random);
-
-    public abstract KeyPair generateKeyPair();
-
-    public static class RSA
-        extends JDKKeyPairGenerator
-    {
-        final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001);
-        final static int defaultTests = 12;
-
-        RSAKeyGenerationParameters  param;
-        RSAKeyPairGenerator         engine;
-
-        public RSA()
-        {
-            super("RSA");
-
-            engine = new RSAKeyPairGenerator();
-            param = new RSAKeyGenerationParameters(defaultPublicExponent,
-                            new SecureRandom(), 2048, defaultTests);
-            engine.init(param);
-        }
-
-        public void initialize(
-            int             strength,
-            SecureRandom    random)
-        {
-            param = new RSAKeyGenerationParameters(defaultPublicExponent,
-                            random, strength, defaultTests);
-
-            engine.init(param);
-        }
-
-        public void initialize(
-            AlgorithmParameterSpec  params,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(params instanceof RSAKeyGenParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("parameter object not a RSAKeyGenParameterSpec");
-            }
-            RSAKeyGenParameterSpec     rsaParams = (RSAKeyGenParameterSpec)params;
-
-            param = new RSAKeyGenerationParameters(
-                            rsaParams.getPublicExponent(),
-                            random, rsaParams.getKeysize(), defaultTests);
-
-            engine.init(param);
-        }
-
-        public KeyPair generateKeyPair()
-        {
-            AsymmetricCipherKeyPair     pair = engine.generateKeyPair();
-            RSAKeyParameters            pub = (RSAKeyParameters)pair.getPublic();
-            RSAPrivateCrtKeyParameters  priv = (RSAPrivateCrtKeyParameters)pair.getPrivate();
-
-            return new KeyPair(new JCERSAPublicKey(pub),
-                               new JCERSAPrivateCrtKey(priv));
-        }
-    }
-
-    public static class DH
-        extends JDKKeyPairGenerator
-    {
-        private static Hashtable   params = new Hashtable();
-
-        DHKeyGenerationParameters  param;
-        DHBasicKeyPairGenerator    engine = new DHBasicKeyPairGenerator();
-        int                        strength = 1024;
-        int                        certainty = 20;
-        SecureRandom               random = new SecureRandom();
-        boolean                    initialised = false;
-
-        public DH()
-        {
-            super("DH");
-        }
-
-        public void initialize(
-            int             strength,
-            SecureRandom    random)
-        {
-            this.strength = strength;
-            this.random = random;
-        }
-
-        public void initialize(
-            AlgorithmParameterSpec  params,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(params instanceof DHParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec");
-            }
-            DHParameterSpec     dhParams = (DHParameterSpec)params;
-
-            param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL()));
-
-            engine.init(param);
-            initialised = true;
-        }
-
-        public KeyPair generateKeyPair()
-        {
-            if (!initialised)
-            {
-                Integer paramStrength = new Integer(strength);
-
-                if (params.containsKey(paramStrength))
-                {
-                    param = (DHKeyGenerationParameters)params.get(paramStrength);
-                }
-                else
-                {
-                    DHParametersGenerator   pGen = new DHParametersGenerator();
-
-                    pGen.init(strength, certainty, random);
-
-                    param = new DHKeyGenerationParameters(random, pGen.generateParameters());
-
-                    params.put(paramStrength, param);
-                }
-
-                engine.init(param);
-
-                initialised = true;
-            }
-
-            AsymmetricCipherKeyPair pair = engine.generateKeyPair();
-            DHPublicKeyParameters   pub = (DHPublicKeyParameters)pair.getPublic();
-            DHPrivateKeyParameters  priv = (DHPrivateKeyParameters)pair.getPrivate();
-
-            return new KeyPair(new JCEDHPublicKey(pub),
-                               new JCEDHPrivateKey(priv));
-        }
-    }
-
-    public static class DSA
-        extends JDKKeyPairGenerator
-    {
-        DSAKeyGenerationParameters param;
-        DSAKeyPairGenerator        engine = new DSAKeyPairGenerator();
-        int                        strength = 1024;
-        int                        certainty = 20;
-        SecureRandom               random = new SecureRandom();
-        boolean                    initialised = false;
-
-        public DSA()
-        {
-            super("DSA");
-        }
-
-        public void initialize(
-            int             strength,
-            SecureRandom    random)
-        {
-            if (strength < 512 || strength > 1024 || strength % 64 != 0)
-            {
-                throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64");
-            }
-
-            this.strength = strength;
-            this.random = random;
-        }
-
-        public void initialize(
-            AlgorithmParameterSpec  params,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(params instanceof DSAParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("parameter object not a DSAParameterSpec");
-            }
-            DSAParameterSpec     dsaParams = (DSAParameterSpec)params;
-
-            param = new DSAKeyGenerationParameters(random, new DSAParameters(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG()));
-
-            engine.init(param);
-            initialised = true;
-        }
-
-        public KeyPair generateKeyPair()
-        {
-            if (!initialised)
-            {
-                DSAParametersGenerator   pGen = new DSAParametersGenerator();
-
-                pGen.init(strength, certainty, random);
-                param = new DSAKeyGenerationParameters(random, pGen.generateParameters());
-                engine.init(param);
-                initialised = true;
-            }
-
-            AsymmetricCipherKeyPair   pair = engine.generateKeyPair();
-            DSAPublicKeyParameters     pub = (DSAPublicKeyParameters)pair.getPublic();
-            DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)pair.getPrivate();
-
-            return new KeyPair(new JDKDSAPublicKey(pub),
-                               new JDKDSAPrivateKey(priv));
-        }
-    }
-
-    public static class ElGamal
-        extends JDKKeyPairGenerator
-    {
-        ElGamalKeyGenerationParameters  param;
-        ElGamalKeyPairGenerator         engine = new ElGamalKeyPairGenerator();
-        int                             strength = 1024;
-        int                             certainty = 20;
-        SecureRandom                    random = new SecureRandom();
-        boolean                         initialised = false;
-
-        public ElGamal()
-        {
-            super("ElGamal");
-        }
-
-        public void initialize(
-            int             strength,
-            SecureRandom    random)
-        {
-            this.strength = strength;
-            this.random = random;
-        }
-
-        public void initialize(
-            AlgorithmParameterSpec  params,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec");
-            }
-            
-            if (params instanceof ElGamalParameterSpec)
-            {
-                ElGamalParameterSpec     elParams = (ElGamalParameterSpec)params;
-
-                param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG()));
-            }
-            else
-            {
-                DHParameterSpec     dhParams = (DHParameterSpec)params;
-
-                param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG(), dhParams.getL()));
-            }
-
-            engine.init(param);
-            initialised = true;
-        }
-
-        public KeyPair generateKeyPair()
-        {
-            if (!initialised)
-            {
-                ElGamalParametersGenerator   pGen = new ElGamalParametersGenerator();
-
-                pGen.init(strength, certainty, random);
-                param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters());
-                engine.init(param);
-                initialised = true;
-            }
-
-            AsymmetricCipherKeyPair         pair = engine.generateKeyPair();
-            ElGamalPublicKeyParameters      pub = (ElGamalPublicKeyParameters)pair.getPublic();
-            ElGamalPrivateKeyParameters     priv = (ElGamalPrivateKeyParameters)pair.getPrivate();
-
-            return new KeyPair(new JCEElGamalPublicKey(pub),
-                               new JCEElGamalPrivateKey(priv));
-        }
-    }
-
-    public static class GOST3410
-        extends JDKKeyPairGenerator
-    {
-        GOST3410KeyGenerationParameters param;
-        GOST3410KeyPairGenerator        engine = new GOST3410KeyPairGenerator();
-        GOST3410ParameterSpec           gost3410Params;
-        int                             strength = 1024;
-        SecureRandom                    random = null;
-        boolean                         initialised = false;
-
-        public GOST3410()
-        {
-            super("GOST3410");
-        }
-
-        public void initialize(
-            int             strength,
-            SecureRandom    random)
-        {
-            this.strength = strength;
-            this.random = random;
-        }
-    
-        private void init(
-            GOST3410ParameterSpec gParams,
-            SecureRandom          random)
-        {
-            GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters();
-            
-            param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA()));
-            
-            engine.init(param);
-            
-            initialised = true;
-            gost3410Params = gParams;
-        }
-        
-        public void initialize(
-            AlgorithmParameterSpec  params,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (!(params instanceof GOST3410ParameterSpec))
-            {
-                throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec");
-            }
-            
-            init((GOST3410ParameterSpec)params, random);
-        }
-
-        public KeyPair generateKeyPair()
-        {
-            if (!initialised)
-            {
-                init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom());
-            }
-            
-            AsymmetricCipherKeyPair   pair = engine.generateKeyPair();
-            GOST3410PublicKeyParameters  pub = (GOST3410PublicKeyParameters)pair.getPublic();
-            GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate();
-            
-            return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params));
-        }
-   }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
deleted file mode 100644
index 5bae2b9b9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
+++ /dev/null
@@ -1,1013 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.KeyStoreException;
-import java.security.KeyStoreSpi;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-import javax.crypto.CipherOutputStream;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
-import org.bouncycastle.crypto.io.DigestInputStream;
-import org.bouncycastle.crypto.io.DigestOutputStream;
-import org.bouncycastle.crypto.io.MacInputStream;
-import org.bouncycastle.crypto.io.MacOutputStream;
-import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.jce.interfaces.BCKeyStore;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.io.Streams;
-
-public class JDKKeyStore
-    extends KeyStoreSpi
-    implements BCKeyStore
-{
-    private static final int    STORE_VERSION = 1;
-
-    private static final int    STORE_SALT_SIZE = 20;
-    private static final String STORE_CIPHER = "PBEWithSHAAndTwofish-CBC";
-
-    private static final int    KEY_SALT_SIZE = 20;
-    private static final int    MIN_ITERATIONS = 1024;
-
-    private static final String KEY_CIPHER = "PBEWithSHAAnd3-KeyTripleDES-CBC";
-
-    //
-    // generic object types
-    //
-    static final int NULL           = 0;
-    static final int CERTIFICATE    = 1;
-    static final int KEY            = 2;
-    static final int SECRET         = 3;
-    static final int SEALED         = 4;
-
-    //
-    // key types
-    //
-    static final int    KEY_PRIVATE = 0;
-    static final int    KEY_PUBLIC  = 1;
-    static final int    KEY_SECRET  = 2;
-
-    protected Hashtable       table = new Hashtable();
-
-    protected SecureRandom    random = new SecureRandom();
-
-    public JDKKeyStore()
-    {
-    }
-
-    private class StoreEntry
-    {
-        int             type;
-        String          alias;
-        Object          obj;
-        Certificate[]   certChain;
-        Date            date = new Date();
-
-        StoreEntry(
-            String       alias,
-            Certificate  obj)
-        {
-            this.type = CERTIFICATE;
-            this.alias = alias;
-            this.obj = obj;
-            this.certChain = null;
-        }
-
-        StoreEntry(
-            String          alias,
-            byte[]          obj,
-            Certificate[]   certChain)
-        {
-            this.type = SECRET;
-            this.alias = alias;
-            this.obj = obj;
-            this.certChain = certChain;
-        }
-
-        StoreEntry(
-            String          alias,
-            Key             key,
-            char[]          password,
-            Certificate[]   certChain)
-            throws Exception
-        {
-            this.type = SEALED;
-            this.alias = alias;
-            this.certChain = certChain;
-
-            byte[] salt = new byte[KEY_SALT_SIZE];
-
-            random.setSeed(System.currentTimeMillis());
-            random.nextBytes(salt);
-
-            int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
-
-
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            DataOutputStream        dOut = new DataOutputStream(bOut);
-
-            dOut.writeInt(salt.length);
-            dOut.write(salt);
-            dOut.writeInt(iterationCount);
-
-            Cipher              cipher = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount);
-            CipherOutputStream  cOut = new CipherOutputStream(dOut, cipher);
-
-            dOut = new DataOutputStream(cOut);
-
-            encodeKey(key, dOut);
-
-            dOut.close();
-
-            obj = bOut.toByteArray();
-        }
-
-        StoreEntry(
-            String          alias,
-            Date            date,
-            int             type,
-            Object          obj)
-        {
-            this.alias = alias;
-            this.date = date;
-            this.type = type;
-            this.obj = obj;
-        }
-
-        StoreEntry(
-            String          alias,
-            Date            date,
-            int             type,
-            Object          obj,
-            Certificate[]   certChain)
-        {
-            this.alias = alias;
-            this.date = date;
-            this.type = type;
-            this.obj = obj;
-            this.certChain = certChain;
-        }
-
-        int getType()
-        {
-            return type;
-        }
-
-        String getAlias()
-        {
-            return alias;
-        }
-
-        Object getObject()
-        {
-            return obj;
-        }
-
-        Object getObject(
-            char[]  password)
-            throws NoSuchAlgorithmException, UnrecoverableKeyException
-        {
-            if (password == null || password.length == 0)
-            {
-                if (obj instanceof Key)
-                {
-                    return obj;
-                }
-            }
-
-            if (type == SEALED)
-            {
-                ByteArrayInputStream    bIn = new ByteArrayInputStream((byte[])obj);
-                DataInputStream         dIn = new DataInputStream(bIn);
-            
-                try
-                {
-                    byte[]      salt = new byte[dIn.readInt()];
-
-                    dIn.readFully(salt);
-
-                    int     iterationCount = dIn.readInt();
-                
-                    Cipher      cipher = makePBECipher(KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount);
-
-                    CipherInputStream cIn = new CipherInputStream(dIn, cipher);
-
-                    try
-                    {
-                        return decodeKey(new DataInputStream(cIn));
-                    }
-                    catch (Exception x)
-                    {
-                        bIn = new ByteArrayInputStream((byte[])obj);
-                        dIn = new DataInputStream(bIn);
-            
-                        salt = new byte[dIn.readInt()];
-
-                        dIn.readFully(salt);
-
-                        iterationCount = dIn.readInt();
-
-                        cipher = makePBECipher("Broken" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount);
-
-                        cIn = new CipherInputStream(dIn, cipher);
-
-                        Key k = null;
-
-                        try
-                        {
-                            k = decodeKey(new DataInputStream(cIn));
-                        }
-                        catch (Exception y)
-                        {
-                            bIn = new ByteArrayInputStream((byte[])obj);
-                            dIn = new DataInputStream(bIn);
-                
-                            salt = new byte[dIn.readInt()];
-
-                            dIn.readFully(salt);
-
-                            iterationCount = dIn.readInt();
-
-                            cipher = makePBECipher("Old" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount);
-
-                            cIn = new CipherInputStream(dIn, cipher);
-
-                            k = decodeKey(new DataInputStream(cIn));
-                        }
-
-                        //
-                        // reencrypt key with correct cipher.
-                        //
-                        if (k != null)
-                        {
-                            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-                            DataOutputStream        dOut = new DataOutputStream(bOut);
-
-                            dOut.writeInt(salt.length);
-                            dOut.write(salt);
-                            dOut.writeInt(iterationCount);
-
-                            Cipher              out = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount);
-                            CipherOutputStream  cOut = new CipherOutputStream(dOut, out);
-
-                            dOut = new DataOutputStream(cOut);
-
-                            encodeKey(k, dOut);
-
-                            dOut.close();
-
-                            obj = bOut.toByteArray();
-
-                            return k;
-                        }
-                        else
-                        {
-                            throw new UnrecoverableKeyException("no match");
-                        }
-                    }
-                }
-                catch (Exception e)
-                {
-                    throw new UnrecoverableKeyException("no match");
-                }
-            }
-            else
-            {
-                throw new RuntimeException("forget something!");
-                // TODO
-                // if we get to here key was saved as byte data, which
-                // according to the docs means it must be a private key
-                // in EncryptedPrivateKeyInfo (PKCS8 format), later...
-                //
-            }
-        }
-
-        Certificate[] getCertificateChain()
-        {
-            return certChain;
-        }
-
-        Date getDate()
-        {
-            return date;
-        }
-    }
-
-    private void encodeCertificate(
-        Certificate         cert,
-        DataOutputStream    dOut)
-        throws IOException
-    {
-        try
-        {
-            byte[]      cEnc = cert.getEncoded();
-
-            dOut.writeUTF(cert.getType());
-            dOut.writeInt(cEnc.length);
-            dOut.write(cEnc);
-        }
-        catch (CertificateEncodingException ex)
-        {
-            throw new IOException(ex.toString());
-        }
-    }
-
-    private Certificate decodeCertificate(
-        DataInputStream   dIn)
-        throws IOException
-    {
-        String      type = dIn.readUTF();
-        byte[]      cEnc = new byte[dIn.readInt()];
-
-        dIn.readFully(cEnc);
-
-        try
-        {
-            CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME);
-            ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc);
-
-            return cFact.generateCertificate(bIn);
-        }
-        catch (NoSuchProviderException ex)
-        {
-            throw new IOException(ex.toString());
-        }
-        catch (CertificateException ex)
-        {
-            throw new IOException(ex.toString());
-        }
-    }
-
-    private void encodeKey(
-        Key                 key,
-        DataOutputStream    dOut)
-        throws IOException
-    {
-        byte[]      enc = key.getEncoded();
-
-        if (key instanceof PrivateKey)
-        {
-            dOut.write(KEY_PRIVATE);
-        }
-        else if (key instanceof PublicKey)
-        {
-            dOut.write(KEY_PUBLIC);
-        }
-        else
-        {
-            dOut.write(KEY_SECRET);
-        }
-    
-        dOut.writeUTF(key.getFormat());
-        dOut.writeUTF(key.getAlgorithm());
-        dOut.writeInt(enc.length);
-        dOut.write(enc);
-    }
-
-    private Key decodeKey(
-        DataInputStream dIn)
-        throws IOException
-    {
-        int         keyType = dIn.read();
-        String      format = dIn.readUTF();
-        String      algorithm = dIn.readUTF();
-        byte[]      enc = new byte[dIn.readInt()];
-        KeySpec     spec;
-
-        dIn.readFully(enc);
-
-        if (format.equals("PKCS#8") || format.equals("PKCS8"))
-        {
-            spec = new PKCS8EncodedKeySpec(enc);
-        }
-        else if (format.equals("X.509") || format.equals("X509"))
-        {
-            spec = new X509EncodedKeySpec(enc);
-        }
-        else if (format.equals("RAW"))
-        {
-            return new SecretKeySpec(enc, algorithm);
-        }
-        else
-        {
-            throw new IOException("Key format " + format + " not recognised!");
-        }
-
-        try
-        {
-            switch (keyType)
-            {
-            case KEY_PRIVATE:
-                return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec);
-            case KEY_PUBLIC:
-                return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec);
-            case KEY_SECRET:
-                return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec);
-            default:
-                throw new IOException("Key type " + keyType + " not recognised!");
-            }
-        }
-        catch (Exception e)
-        {
-            throw new IOException("Exception creating key: " + e.toString());
-        }
-    }
-
-    protected Cipher makePBECipher(
-        String  algorithm,
-        int     mode,
-        char[]  password,
-        byte[]  salt,
-        int     iterationCount)
-        throws IOException
-    {
-        try
-        {
-            PBEKeySpec          pbeSpec = new PBEKeySpec(password);
-            SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
-            PBEParameterSpec    defParams = new PBEParameterSpec(salt, iterationCount);
-
-            Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
-
-            cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams);
-
-            return cipher;
-        }
-        catch (Exception e)
-        {
-            throw new IOException("Error initialising store of key store: " + e);
-        }
-    }
-
-    public void setRandom(
-            SecureRandom    rand)
-    {
-        this.random = rand;
-    }
-
-    public Enumeration engineAliases() 
-    {
-        return table.keys();
-    }
-
-    public boolean engineContainsAlias(
-        String  alias) 
-    {
-        return (table.get(alias) != null);
-    }
-
-    public void engineDeleteEntry(
-        String  alias) 
-        throws KeyStoreException
-    {
-        Object  entry = table.get(alias);
-
-        if (entry == null)
-        {
-            throw new KeyStoreException("no such entry as " + alias);
-        }
-
-        table.remove(alias);
-    }
-
-    public Certificate engineGetCertificate(
-        String alias) 
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry != null)
-        {
-            if (entry.getType() == CERTIFICATE)
-            {
-                return (Certificate)entry.getObject();
-            }
-            else
-            {
-                Certificate[]   chain = entry.getCertificateChain();
-
-                if (chain != null)
-                {
-                    return chain[0];
-                }
-            }
-        }
-
-        return null;
-    }
-
-    public String engineGetCertificateAlias(
-        Certificate cert) 
-    {
-        Enumeration e = table.elements();
-        while (e.hasMoreElements())
-        {
-            StoreEntry  entry = (StoreEntry)e.nextElement();
-
-            if (entry.getObject() instanceof Certificate)
-            {
-                Certificate c = (Certificate)entry.getObject();
-
-                if (c.equals(cert))
-                {
-                    return entry.getAlias();
-                }
-            }
-            else
-            {
-                Certificate[]   chain = entry.getCertificateChain();
-
-                if (chain != null && chain[0].equals(cert))
-                {
-                    return entry.getAlias();
-                }
-            }
-        }
-
-        return null;
-    }
-    
-    public Certificate[] engineGetCertificateChain(
-        String alias) 
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry != null)
-        {
-            return entry.getCertificateChain();
-        }
-
-        return null;
-    }
-    
-    public Date engineGetCreationDate(String alias) 
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry != null)
-        {
-            return entry.getDate();
-        }
-
-        return null;
-    }
-
-    public Key engineGetKey(
-        String alias,
-        char[] password) 
-        throws NoSuchAlgorithmException, UnrecoverableKeyException
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry == null || entry.getType() == CERTIFICATE)
-        {
-            return null;
-        }
-
-        return (Key)entry.getObject(password);
-    }
-
-    public boolean engineIsCertificateEntry(
-        String alias) 
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry != null && entry.getType() == CERTIFICATE)
-        {
-            return true;
-        }
-    
-        return false;
-    }
-
-    public boolean engineIsKeyEntry(
-        String alias) 
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry != null && entry.getType() != CERTIFICATE)
-        {
-            return true;
-        }
-    
-        return false;
-    }
-
-    public void engineSetCertificateEntry(
-        String      alias,
-        Certificate cert) 
-        throws KeyStoreException
-    {
-        StoreEntry  entry = (StoreEntry)table.get(alias);
-
-        if (entry != null && entry.getType() != CERTIFICATE)
-        {
-            throw new KeyStoreException("key store already has a key entry with alias " + alias);
-        }
-
-        table.put(alias, new StoreEntry(alias, cert));
-    }
-
-    public void engineSetKeyEntry(
-        String alias,
-        byte[] key,
-        Certificate[] chain) 
-        throws KeyStoreException
-    {
-        table.put(alias, new StoreEntry(alias, key, chain));
-    }
-
-    public void engineSetKeyEntry(
-        String          alias,
-        Key             key,
-        char[]          password,
-        Certificate[]   chain) 
-        throws KeyStoreException
-    {
-        if ((key instanceof PrivateKey) && (chain == null))
-        {
-            throw new KeyStoreException("no certificate chain for private key");
-        }
-
-        try
-        {
-            table.put(alias, new StoreEntry(alias, key, password, chain));
-        }
-        catch (Exception e)
-        {
-            throw new KeyStoreException(e.toString());
-        }
-    }
-
-    public int engineSize() 
-    {
-        return table.size();
-    }
-
-    protected void loadStore(
-        InputStream in)
-        throws IOException
-    {
-        DataInputStream     dIn = new DataInputStream(in);
-        int                 type = dIn.read();
-
-        while (type > NULL)
-        {
-            String          alias = dIn.readUTF();
-            Date            date = new Date(dIn.readLong());
-            int             chainLength = dIn.readInt();
-            Certificate[]   chain = null;
-
-            if (chainLength != 0)
-            {
-                chain = new Certificate[chainLength];
-
-                for (int i = 0; i != chainLength; i++)
-                {
-                    chain[i] = decodeCertificate(dIn);
-                }
-            }
-
-            switch (type)
-            {
-            case CERTIFICATE:
-                    Certificate     cert = decodeCertificate(dIn);
-
-                    table.put(alias, new StoreEntry(alias, date, CERTIFICATE, cert));
-                    break;
-            case KEY:
-                    Key     key = decodeKey(dIn);
-                    table.put(alias, new StoreEntry(alias, date, KEY, key, chain));
-                    break;
-            case SECRET:
-            case SEALED:
-                    byte[]      b = new byte[dIn.readInt()];
-
-                    dIn.readFully(b);
-                    table.put(alias, new StoreEntry(alias, date, type, b, chain));
-                    break;
-            default:
-                    throw new RuntimeException("Unknown object type in store.");
-            }
-
-            type = dIn.read();
-        }
-    }
-
-    protected void saveStore(
-        OutputStream    out)
-        throws IOException
-    {
-        Enumeration         e = table.elements();
-        DataOutputStream    dOut = new DataOutputStream(out);
-
-        while (e.hasMoreElements())
-        {
-            StoreEntry  entry = (StoreEntry)e.nextElement();
-
-            dOut.write(entry.getType());
-            dOut.writeUTF(entry.getAlias());
-            dOut.writeLong(entry.getDate().getTime());
-
-            Certificate[]   chain = entry.getCertificateChain();
-            if (chain == null)
-            {
-                dOut.writeInt(0);
-            }
-            else
-            {
-                dOut.writeInt(chain.length);
-                for (int i = 0; i != chain.length; i++)
-                {
-                    encodeCertificate(chain[i], dOut);
-                }
-            }
-
-            switch (entry.getType())
-            {
-            case CERTIFICATE:
-                    encodeCertificate((Certificate)entry.getObject(), dOut);
-                    break;
-            case KEY:
-                    encodeKey((Key)entry.getObject(), dOut);
-                    break;
-            case SEALED:
-            case SECRET:
-                    byte[]  b = (byte[])entry.getObject();
-
-                    dOut.writeInt(b.length);
-                    dOut.write(b);
-                    break;
-            default:
-                    throw new RuntimeException("Unknown object type in store.");
-            }
-        }
-
-        dOut.write(NULL);
-    }
-
-    public void engineLoad(
-        InputStream stream,
-        char[]      password) 
-        throws IOException
-    {
-        table.clear();
-
-        if (stream == null)     // just initialising
-        {
-            return;
-        }
-
-        DataInputStream     dIn = new DataInputStream(stream);
-        int                 version = dIn.readInt();
-
-        if (version != STORE_VERSION)
-        {
-            if (version != 0)
-            {
-                throw new IOException("Wrong version of key store.");
-            }
-        }
-
-        byte[]      salt = new byte[dIn.readInt()];
-
-        dIn.readFully(salt);
-
-        int         iterationCount = dIn.readInt();
-
-        //
-        // we only do an integrity check if the password is provided.
-        //
-        HMac hMac = new HMac(new SHA1Digest());
-        if (password != null && password.length != 0)
-        {
-            byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
-
-            PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
-            pbeGen.init(passKey, salt, iterationCount);
-            CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
-            Arrays.fill(passKey, (byte)0);
-
-            hMac.init(macParams);
-            MacInputStream mIn = new MacInputStream(dIn, hMac);
-
-            loadStore(mIn);
-
-            // Finalise our mac calculation
-            byte[] mac = new byte[hMac.getMacSize()];
-            hMac.doFinal(mac, 0);
-
-            // TODO Should this actually be reading the remainder of the stream?
-            // Read the original mac from the stream
-            byte[] oldMac = new byte[hMac.getMacSize()];
-            dIn.readFully(oldMac);
-
-            if (!Arrays.constantTimeAreEqual(mac, oldMac))
-            {
-                table.clear();
-                throw new IOException("KeyStore integrity check failed.");
-            }
-        }
-        else
-        {
-            loadStore(dIn);
-
-            // TODO Should this actually be reading the remainder of the stream?
-            // Parse the original mac from the stream too
-            byte[] oldMac = new byte[hMac.getMacSize()];
-            dIn.readFully(oldMac);
-        }
-    }
-
-
-    public void engineStore(OutputStream stream, char[] password) 
-        throws IOException
-    {
-        DataOutputStream    dOut = new DataOutputStream(stream);
-        byte[]              salt = new byte[STORE_SALT_SIZE];
-        int                 iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
-
-        random.nextBytes(salt);
-
-        dOut.writeInt(STORE_VERSION);
-        dOut.writeInt(salt.length);
-        dOut.write(salt);
-        dOut.writeInt(iterationCount);
-
-        HMac                    hMac = new HMac(new SHA1Digest());
-        MacOutputStream         mOut = new MacOutputStream(dOut, hMac);
-        PBEParametersGenerator  pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
-        byte[]                  passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
-
-        pbeGen.init(passKey, salt, iterationCount);
-
-        hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize()));
-
-        for (int i = 0; i != passKey.length; i++)
-        {
-            passKey[i] = 0;
-        }
-
-        saveStore(mOut);
-
-        byte[]  mac = new byte[hMac.getMacSize()];
-
-        hMac.doFinal(mac, 0);
-
-        dOut.write(mac);
-
-        dOut.close();
-    }
-
-    /**
-     * the BouncyCastle store. This wont work with the key tool as the
-     * store is stored encrypteed on disk, so the password is mandatory,
-     * however if you hard drive is in a bad part of town and you absolutely,
-     * positively, don't want nobody peeking at your things, this is the
-     * one to use, no problem! After all in a Bouncy Castle nothing can
-     * touch you.
-     *
-     * Also referred to by the alias UBER.
-     */
-    public static class BouncyCastleStore
-        extends JDKKeyStore
-    {
-        public void engineLoad(
-            InputStream stream,
-            char[]      password) 
-            throws IOException
-        {
-            table.clear();
-    
-            if (stream == null)     // just initialising
-            {
-                return;
-            }
-    
-            DataInputStream     dIn = new DataInputStream(stream);
-            int                 version = dIn.readInt();
-    
-            if (version != STORE_VERSION)
-            {
-                if (version != 0)
-                {
-                    throw new IOException("Wrong version of key store.");
-                }
-            }
-    
-            byte[]      salt = new byte[dIn.readInt()];
-
-            if (salt.length != STORE_SALT_SIZE)
-            {
-                throw new IOException("Key store corrupted.");
-            }
-    
-            dIn.readFully(salt);
-    
-            int         iterationCount = dIn.readInt();
-    
-            if ((iterationCount < 0) || (iterationCount > 4 *  MIN_ITERATIONS))
-            {
-                throw new IOException("Key store corrupted.");
-            }
-    
-            String cipherAlg;
-            if (version == 0)
-            {
-                cipherAlg = "Old" + STORE_CIPHER;
-            }
-            else
-            {
-                cipherAlg = STORE_CIPHER;
-            }
-
-            Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount);
-            CipherInputStream cIn = new CipherInputStream(dIn, cipher);
-
-            Digest dig = new SHA1Digest();
-            DigestInputStream  dgIn = new DigestInputStream(cIn, dig);
-    
-            this.loadStore(dgIn);
-
-            // Finalise our digest calculation
-            byte[] hash = new byte[dig.getDigestSize()];
-            dig.doFinal(hash, 0);
-
-            // TODO Should this actually be reading the remainder of the stream?
-            // Read the original digest from the stream
-            byte[] oldHash = new byte[dig.getDigestSize()];
-            Streams.readFully(cIn, oldHash);
-
-            if (!Arrays.constantTimeAreEqual(hash, oldHash))
-            {
-                table.clear();
-                throw new IOException("KeyStore integrity check failed.");
-            }
-        }
-    
-    
-        public void engineStore(OutputStream stream, char[] password) 
-            throws IOException
-        {
-            Cipher              cipher;
-            DataOutputStream    dOut = new DataOutputStream(stream);
-            byte[]              salt = new byte[STORE_SALT_SIZE];
-            int                 iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
-    
-            random.nextBytes(salt);
-    
-            dOut.writeInt(STORE_VERSION);
-            dOut.writeInt(salt.length);
-            dOut.write(salt);
-            dOut.writeInt(iterationCount);
-    
-            cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount);
-    
-            CipherOutputStream  cOut = new CipherOutputStream(dOut, cipher);
-            DigestOutputStream  dgOut = new DigestOutputStream(cOut, new SHA1Digest());
-    
-            this.saveStore(dgOut);
-    
-            Digest  dig = dgOut.getDigest();
-            byte[]  hash = new byte[dig.getDigestSize()];
-    
-            dig.doFinal(hash, 0);
-    
-            cOut.write(hash);
-    
-            cOut.close();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java
deleted file mode 100644
index 0b5f03e23..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java
+++ /dev/null
@@ -1,336 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.MessageDigest;
-
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.*;
-
-public class JDKMessageDigest
-    extends MessageDigest
-{
-    Digest  digest;
-
-    protected JDKMessageDigest(
-        Digest  digest)
-    {
-        super(digest.getAlgorithmName());
-
-        this.digest = digest;
-    }
-
-    public void engineReset() 
-    {
-        digest.reset();
-    }
-
-    public void engineUpdate(
-        byte    input) 
-    {
-        digest.update(input);
-    }
-
-    public void engineUpdate(
-        byte[]  input,
-        int     offset,
-        int     len) 
-    {
-        digest.update(input, offset, len);
-    }
-
-    public byte[] engineDigest() 
-    {
-        byte[]  digestBytes = new byte[digest.getDigestSize()];
-
-        digest.doFinal(digestBytes, 0);
-
-        return digestBytes;
-    }
-
-    /**
-     * classes that extend directly off us.
-     */
-    static public class SHA1
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public SHA1()
-        {
-            super(new SHA1Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            SHA1 d = (SHA1)super.clone();
-            d.digest = new SHA1Digest((SHA1Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class SHA224
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public SHA224()
-        {
-            super(new SHA224Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            SHA224 d = (SHA224)super.clone();
-            d.digest = new SHA224Digest((SHA224Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class SHA256
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public SHA256()
-        {
-            super(new SHA256Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            SHA256 d = (SHA256)super.clone();
-            d.digest = new SHA256Digest((SHA256Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class SHA384
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public SHA384()
-        {
-            super(new SHA384Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            SHA384 d = (SHA384)super.clone();
-            d.digest = new SHA384Digest((SHA384Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class SHA512
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public SHA512()
-        {
-            super(new SHA512Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            SHA512 d = (SHA512)super.clone();
-            d.digest = new SHA512Digest((SHA512Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class MD2
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public MD2()
-        {
-            super(new MD2Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            MD2 d = (MD2)super.clone();
-            d.digest = new MD2Digest((MD2Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class MD4
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public MD4()
-        {
-            super(new MD4Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            MD4 d = (MD4)super.clone();
-            d.digest = new MD4Digest((MD4Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class MD5
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public MD5()
-        {
-            super(new MD5Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            MD5 d = (MD5)super.clone();
-            d.digest = new MD5Digest((MD5Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class RIPEMD128
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public RIPEMD128()
-        {
-            super(new RIPEMD128Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            RIPEMD128 d = (RIPEMD128)super.clone();
-            d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest);
-
-            return d;
-        }
-    }
-
-    static public class RIPEMD160
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public RIPEMD160()
-        {
-            super(new RIPEMD160Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            RIPEMD160 d = (RIPEMD160)super.clone();
-            d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest);
-
-            return d;
-        }
-    }
-    
-    static public class RIPEMD256
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public RIPEMD256()
-        {
-            super(new RIPEMD256Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            RIPEMD256 d = (RIPEMD256)super.clone();
-            d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest);
-
-            return d;
-        }
-    }
-    
-    static public class RIPEMD320
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public RIPEMD320()
-        {
-            super(new RIPEMD320Digest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            RIPEMD320 d = (RIPEMD320)super.clone();
-            d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest);
-
-            return d;
-        }
-    }
-    
-    static public class Tiger
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public Tiger()
-        {
-            super(new TigerDigest());
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            Tiger d = (Tiger)super.clone();
-            d.digest = new TigerDigest((TigerDigest)digest);
-
-            return d;
-        }
-    }
-    
-    static public class GOST3411
-        extends JDKMessageDigest
-        implements Cloneable
-    {
-        public GOST3411()
-        {
-            super(new GOST3411Digest());
-        }
-    
-        public Object clone()
-        throws CloneNotSupportedException
-        {
-            GOST3411 d = (GOST3411)super.clone();
-            d.digest = new GOST3411Digest((GOST3411Digest)digest);
-
-            return d;
-        }
-    }
-    
-    static public class Whirlpool
-       extends JDKMessageDigest
-       implements Cloneable
-    {
-        public Whirlpool()
-        {
-            super(new WhirlpoolDigest());
-        }
-        
-        public Object clone()
-        throws CloneNotSupportedException
-        {
-            Whirlpool d = (Whirlpool)super.clone();
-            d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest);
-            
-            return d;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
deleted file mode 100644
index 8878b8b29..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
+++ /dev/null
@@ -1,1564 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.Key;
-import java.security.KeyStoreException;
-import java.security.KeyStoreSpi;
-import java.security.NoSuchAlgorithmException;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import javax.crypto.Cipher;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.BEROutputStream;
-import org.bouncycastle.asn1.DERBMPString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
-import org.bouncycastle.asn1.pkcs.CertBag;
-import org.bouncycastle.asn1.pkcs.ContentInfo;
-import org.bouncycastle.asn1.pkcs.EncryptedData;
-import org.bouncycastle.asn1.pkcs.MacData;
-import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.Pfx;
-import org.bouncycastle.asn1.pkcs.SafeBag;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.DigestInfo;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.jce.interfaces.BCKeyStore;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.encoders.Hex;
-
-public class JDKPKCS12KeyStore
-    extends KeyStoreSpi
-    implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore
-{
-    private static final int                SALT_SIZE = 20;
-    private static final int                MIN_ITERATIONS = 1024;
-
-    private static final Provider           bcProvider = new BouncyCastleProvider();
-
-    private IgnoresCaseHashtable            keys = new IgnoresCaseHashtable();
-    private Hashtable                       localIds = new Hashtable();
-    private IgnoresCaseHashtable            certs = new IgnoresCaseHashtable();
-    private Hashtable                       chainCerts = new Hashtable();
-    private Hashtable                       keyCerts = new Hashtable();
-
-    //
-    // generic object types
-    //
-    static final int NULL           = 0;
-    static final int CERTIFICATE    = 1;
-    static final int KEY            = 2;
-    static final int SECRET         = 3;
-    static final int SEALED         = 4;
-
-    //
-    // key types
-    //
-    static final int    KEY_PRIVATE = 0;
-    static final int    KEY_PUBLIC  = 1;
-    static final int    KEY_SECRET  = 2;
-
-    protected SecureRandom      random = new SecureRandom();
-
-    // use of final causes problems with JDK 1.2 compiler
-    private CertificateFactory  certFact;
-    private DERObjectIdentifier keyAlgorithm;
-    private DERObjectIdentifier certAlgorithm;
-
-    private class CertId
-    {
-        byte[]  id;
-
-        CertId(
-            PublicKey  key)
-        {
-            this.id = createSubjectKeyId(key).getKeyIdentifier();
-        }
-
-        CertId(
-            byte[]  id)
-        {
-            this.id = id;
-        }
-
-        public int hashCode()
-        {
-            return Arrays.hashCode(id);
-        }
-
-        public boolean equals(
-            Object  o)
-        {
-            if (o == this)
-            {
-                return true;
-            }
-
-            if (!(o instanceof CertId))
-            {
-                return false;
-            }
-
-            CertId  cId = (CertId)o;
-
-            return Arrays.areEqual(id, cId.id);
-        }
-    }
-
-    public JDKPKCS12KeyStore(
-        Provider provider,
-        DERObjectIdentifier keyAlgorithm,
-        DERObjectIdentifier certAlgorithm)
-    {
-        this.keyAlgorithm = keyAlgorithm;
-        this.certAlgorithm = certAlgorithm;
-
-        try
-        {
-            if (provider != null)
-            {
-                certFact = CertificateFactory.getInstance("X.509", provider);
-            }
-            else
-            {
-                certFact = CertificateFactory.getInstance("X.509");
-            }
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("can't create cert factory - " + e.toString());
-        }
-    }
-
-    private SubjectKeyIdentifier createSubjectKeyId(
-        PublicKey   pubKey)
-    {
-        try
-        {
-            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-                (ASN1Sequence) ASN1Object.fromByteArray(pubKey.getEncoded()));
-
-            return new SubjectKeyIdentifier(info);
-        }
-        catch (Exception e)
-        {
-            throw new RuntimeException("error creating key");
-        }
-    }
-
-    public void setRandom(
-        SecureRandom    rand)
-    {
-        this.random = rand;
-    }
-
-    public Enumeration engineAliases() 
-    {
-        Hashtable  tab = new Hashtable();
-
-        Enumeration e = certs.keys();
-        while (e.hasMoreElements())
-        {
-            tab.put(e.nextElement(), "cert");
-        }
-
-        e = keys.keys();
-        while (e.hasMoreElements())
-        {
-            String  a = (String)e.nextElement();
-            if (tab.get(a) == null)
-            {
-                tab.put(a, "key");
-            }
-        }
-
-        return tab.keys();
-    }
-
-    public boolean engineContainsAlias(
-        String  alias) 
-    {
-        return (certs.get(alias) != null || keys.get(alias) != null);
-    }
-
-    /**
-     * this is not quite complete - we should follow up on the chain, a bit
-     * tricky if a certificate appears in more than one chain...
-     */
-    public void engineDeleteEntry(
-        String  alias) 
-        throws KeyStoreException
-    {
-        Key k = (Key)keys.remove(alias);
-
-        Certificate c = (Certificate)certs.remove(alias);
-
-        if (c != null)
-        {
-            chainCerts.remove(new CertId(c.getPublicKey()));
-        }
-
-        if (k != null)
-        {
-            String  id = (String)localIds.remove(alias);
-            if (id != null)
-            {
-                c = (Certificate)keyCerts.remove(id);
-            }
-            if (c != null)
-            {
-                chainCerts.remove(new CertId(c.getPublicKey()));
-            }
-        }
-
-        if (c == null && k == null)
-        {
-            throw new KeyStoreException("no such entry as " + alias);
-        }
-    }
-
-    /**
-     * simply return the cert for the private key
-     */
-    public Certificate engineGetCertificate(
-        String alias) 
-    {
-        if (alias == null)
-        {
-            throw new IllegalArgumentException("null alias passed to getCertificate.");
-        }
-        
-        Certificate c = (Certificate)certs.get(alias);
-
-        //
-        // look up the key table - and try the local key id
-        //
-        if (c == null)
-        {
-            String  id = (String)localIds.get(alias);
-            if (id != null)
-            {
-                c = (Certificate)keyCerts.get(id);
-            }
-            else
-            {
-                c = (Certificate)keyCerts.get(alias);
-            }
-        }
-
-        return c;
-    }
-
-    public String engineGetCertificateAlias(
-        Certificate cert) 
-    {
-        Enumeration c = certs.elements();
-        Enumeration k = certs.keys();
-
-        while (c.hasMoreElements())
-        {
-            Certificate tc = (Certificate)c.nextElement();
-            String      ta = (String)k.nextElement();
-
-            if (tc.equals(cert))
-            {
-                return ta;
-            }
-        }
-
-        c = keyCerts.elements();
-        k = keyCerts.keys();
-
-        while (c.hasMoreElements())
-        {
-            Certificate tc = (Certificate)c.nextElement();
-            String      ta = (String)k.nextElement();
-
-            if (tc.equals(cert))
-            {
-                return ta;
-            }
-        }
-        
-        return null;
-    }
-    
-    public Certificate[] engineGetCertificateChain(
-        String alias) 
-    {
-        if (alias == null)
-        {
-            throw new IllegalArgumentException("null alias passed to getCertificateChain.");
-        }
-        
-        if (!engineIsKeyEntry(alias))
-        {
-            return null;
-        }
-        
-        Certificate c = engineGetCertificate(alias);
-
-        if (c != null)
-        {
-            Vector  cs = new Vector();
-
-            while (c != null)
-            {
-                X509Certificate     x509c = (X509Certificate)c;
-                Certificate         nextC = null;
-
-                byte[]  bytes = x509c.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-                if (bytes != null)
-                {
-                    try
-                    {
-                        ASN1InputStream         aIn = new ASN1InputStream(bytes);
-
-                        byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets();
-                        aIn = new ASN1InputStream(authBytes);
-
-                        AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence)aIn.readObject());
-                        if (id.getKeyIdentifier() != null)
-                        {
-                            nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier()));
-                        }
-                        
-                    }
-                    catch (IOException e)
-                    {
-                        throw new RuntimeException(e.toString());
-                    }
-                }
-
-                if (nextC == null)
-                {
-                    //
-                    // no authority key id, try the Issuer DN
-                    //
-                    Principal  i = x509c.getIssuerDN();
-                    Principal  s = x509c.getSubjectDN();
-
-                    if (!i.equals(s))
-                    {
-                        Enumeration e = chainCerts.keys();
-
-                        while (e.hasMoreElements())
-                        {
-                            X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement());
-                            Principal  sub = crt.getSubjectDN();
-                            if (sub.equals(i))
-                            {
-                                try
-                                {
-                                    x509c.verify(crt.getPublicKey());
-                                    nextC = crt;
-                                    break;
-                                }
-                                catch (Exception ex)
-                                {
-                                    // continue
-                                }
-                            }
-                        }
-                    }
-                }
-
-                cs.addElement(c);
-                if (nextC != c)     // self signed - end of the chain
-                {
-                    c = nextC;
-                }
-                else
-                {
-                    c = null;
-                }
-            }
-
-            Certificate[]   certChain = new Certificate[cs.size()];
-
-            for (int i = 0; i != certChain.length; i++)
-            {
-                certChain[i] = (Certificate)cs.elementAt(i);
-            }
-
-            return certChain;
-        }
-
-        return null;
-    }
-    
-    public Date engineGetCreationDate(String alias) 
-    {
-        return new Date();
-    }
-
-    public Key engineGetKey(
-        String alias,
-        char[] password) 
-        throws NoSuchAlgorithmException, UnrecoverableKeyException
-    {
-        if (alias == null)
-        {
-            throw new IllegalArgumentException("null alias passed to getKey.");
-        }
-        
-        return (Key)keys.get(alias);
-    }
-
-    public boolean engineIsCertificateEntry(
-        String alias) 
-    {
-        return (certs.get(alias) != null && keys.get(alias) == null);
-    }
-
-    public boolean engineIsKeyEntry(
-        String alias) 
-    {
-        return (keys.get(alias) != null);
-    }
-
-    public void engineSetCertificateEntry(
-        String      alias,
-        Certificate cert) 
-        throws KeyStoreException
-    {
-        if (keys.get(alias) != null)
-        {
-            throw new KeyStoreException("There is a key entry with the name " + alias + ".");
-        }
-
-        certs.put(alias, cert);
-        chainCerts.put(new CertId(cert.getPublicKey()), cert);
-    }
-
-    public void engineSetKeyEntry(
-        String alias,
-        byte[] key,
-        Certificate[] chain) 
-        throws KeyStoreException
-    {
-        throw new RuntimeException("operation not supported");
-    }
-
-    public void engineSetKeyEntry(
-        String          alias,
-        Key             key,
-        char[]          password,
-        Certificate[]   chain) 
-        throws KeyStoreException
-    {
-        if ((key instanceof PrivateKey) && (chain == null))
-        {
-            throw new KeyStoreException("no certificate chain for private key");
-        }
-
-        if (keys.get(alias) != null)
-        {
-            engineDeleteEntry(alias);
-        }
-
-        keys.put(alias, key);
-        certs.put(alias, chain[0]);
-
-        for (int i = 0; i != chain.length; i++)
-        {
-            chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]);
-        }
-    }
-
-    public int engineSize() 
-    {
-        Hashtable  tab = new Hashtable();
-
-        Enumeration e = certs.keys();
-        while (e.hasMoreElements())
-        {
-            tab.put(e.nextElement(), "cert");
-        }
-
-        e = keys.keys();
-        while (e.hasMoreElements())
-        {
-            String  a = (String)e.nextElement();
-            if (tab.get(a) == null)
-            {
-                tab.put(a, "key");
-            }
-        }
-
-        return tab.size();
-    }
-
-    protected PrivateKey unwrapKey(
-        AlgorithmIdentifier   algId,
-        byte[]                data,
-        char[]                password,
-        boolean               wrongPKCS12Zero)
-        throws IOException
-    {
-        String              algorithm = algId.getObjectId().getId();
-        PKCS12PBEParams     pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters());
-
-        PBEKeySpec          pbeSpec = new PBEKeySpec(password);
-        PrivateKey          out;
-
-        try
-        {
-            SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(
-                                                algorithm, bcProvider);
-            PBEParameterSpec    defParams = new PBEParameterSpec(
-                                                pbeParams.getIV(),
-                                                pbeParams.getIterations().intValue());
-
-            SecretKey           k = keyFact.generateSecret(pbeSpec);
-            
-            ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
-
-            Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
-
-            cipher.init(Cipher.UNWRAP_MODE, k, defParams);
-
-            // we pass "" as the key algorithm type as it is unknown at this point
-            out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
-        }
-        catch (Exception e)
-        {
-            throw new IOException("exception unwrapping private key - " + e.toString());
-        }
-
-        return out;
-    }
-
-    protected byte[] wrapKey(
-        String                  algorithm,
-        Key                     key,
-        PKCS12PBEParams         pbeParams,
-        char[]                  password)
-        throws IOException
-    {
-        PBEKeySpec          pbeSpec = new PBEKeySpec(password);
-        byte[]              out;
-
-        try
-        {
-            SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(
-                                                algorithm, bcProvider);
-            PBEParameterSpec    defParams = new PBEParameterSpec(
-                                                pbeParams.getIV(),
-                                                pbeParams.getIterations().intValue());
-
-            Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
-
-            cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams);
-
-            out = cipher.wrap(key);
-        }
-        catch (Exception e)
-        {
-            throw new IOException("exception encrypting data - " + e.toString());
-        }
-
-        return out;
-    }
-
-    protected byte[] cryptData(
-        boolean               forEncryption,
-        AlgorithmIdentifier   algId,
-        char[]                password,
-        boolean               wrongPKCS12Zero,
-        byte[]                data)
-        throws IOException
-    {
-        String          algorithm = algId.getObjectId().getId();
-        PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters());
-        PBEKeySpec      pbeSpec = new PBEKeySpec(password);
-
-        try
-        {
-            SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider);
-            PBEParameterSpec defParams = new PBEParameterSpec(
-                pbeParams.getIV(),
-                pbeParams.getIterations().intValue());
-            JCEPBEKey        key = (JCEPBEKey) keyFact.generateSecret(pbeSpec);
-
-            key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
-
-            Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
-            int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
-            cipher.init(mode, key, defParams);
-            return cipher.doFinal(data);
-        }
-        catch (Exception e)
-        {
-            throw new IOException("exception decrypting data - " + e.toString());
-        }
-    }
-
-    public void engineLoad(
-        InputStream stream,
-        char[]      password) 
-        throws IOException
-    {
-        if (stream == null)     // just initialising
-        {
-            return;
-        }
-
-        if (password == null)
-        {
-            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
-        }
-
-        BufferedInputStream             bufIn = new BufferedInputStream(stream);
-
-        bufIn.mark(10);
-
-        int head = bufIn.read();
-
-        if (head != 0x30)
-        {
-            throw new IOException("stream does not represent a PKCS12 key store");
-        }
-
-        bufIn.reset();
-
-        ASN1InputStream bIn = new ASN1InputStream(bufIn);
-        ASN1Sequence    obj = (ASN1Sequence)bIn.readObject();
-        Pfx             bag = new Pfx(obj);
-        ContentInfo     info = bag.getAuthSafe();
-        Vector          chain = new Vector();
-        boolean         unmarkedKey = false;
-        boolean         wrongPKCS12Zero = false;
-
-        if (bag.getMacData() != null)           // check the mac code
-        {
-            MacData                     mData = bag.getMacData();
-            DigestInfo                  dInfo = mData.getMac();
-            AlgorithmIdentifier         algId = dInfo.getAlgorithmId();
-            byte[]                      salt = mData.getSalt();
-            int                         itCount = mData.getIterationCount().intValue();
-
-            byte[]  data = ((ASN1OctetString)info.getContent()).getOctets();
-
-            try
-            {
-                byte[] res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, false, data);
-                byte[] dig = dInfo.getDigest();
-
-                if (!Arrays.constantTimeAreEqual(res, dig))
-                {
-                    if (password.length > 0)
-                    {
-                        throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
-                    }
-
-                    // Try with incorrect zero length password
-                    res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, true, data);
-
-                    if (!Arrays.constantTimeAreEqual(res, dig))
-                    {
-                        throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
-                    }
-
-                    wrongPKCS12Zero = true;
-                }
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (Exception e)
-            {
-                throw new IOException("error constructing MAC: " + e.toString());
-            }
-        }
-
-        keys = new IgnoresCaseHashtable();
-        localIds = new Hashtable();
-
-        if (info.getContentType().equals(data))
-        {
-            bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets());
-
-            AuthenticatedSafe   authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject());
-            ContentInfo[]       c = authSafe.getContentInfo();
-
-            for (int i = 0; i != c.length; i++)
-            {
-                if (c[i].getContentType().equals(data))
-                {
-                    ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets());
-                    ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
-
-                    for (int j = 0; j != seq.size(); j++)
-                    {
-                        SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
-                        if (b.getBagId().equals(pkcs8ShroudedKeyBag))
-                        {
-                            org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue());
-                            PrivateKey              privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero);
-
-                            //
-                            // set the attributes on the key
-                            //
-                            PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)privKey;
-                            String                                   alias = null;
-                            ASN1OctetString                   localId = null;
-
-                            if (b.getBagAttributes() != null)
-                            {
-                                Enumeration e = b.getBagAttributes().getObjects();
-                                while (e.hasMoreElements())
-                                {
-                                    ASN1Sequence  sq = (ASN1Sequence)e.nextElement();
-                                    DERObjectIdentifier     aOid = (DERObjectIdentifier)sq.getObjectAt(0);
-                                    ASN1Set                 attrSet = (ASN1Set)sq.getObjectAt(1);
-                                    DERObject               attr = null;
-    
-                                    if (attrSet.size() > 0)
-                                    {
-                                        attr = (DERObject)attrSet.getObjectAt(0);
-
-                                        DEREncodable existing = bagAttr.getBagAttribute(aOid);
-                                        if (existing != null)
-                                        {
-                                            // OK, but the value has to be the same
-                                            if (!existing.getDERObject().equals(attr))
-                                            {
-                                                throw new IOException(
-                                                    "attempt to add existing attribute with different value");
-                                            }
-                                        }
-                                        else
-                                        {
-                                            bagAttr.setBagAttribute(aOid, attr);
-                                        }
-                                    }
-    
-                                    if (aOid.equals(pkcs_9_at_friendlyName))
-                                    {
-                                        alias = ((DERBMPString)attr).getString();
-                                        keys.put(alias, privKey);
-                                    }
-                                    else if (aOid.equals(pkcs_9_at_localKeyId))
-                                    {
-                                        localId = (ASN1OctetString)attr;
-                                    }
-                                }
-                            }
-                        
-                            if (localId != null)
-                            {
-                                String name = new String(Hex.encode(localId.getOctets()));
-    
-                                if (alias == null)
-                                {
-                                    keys.put(name, privKey);
-                                }
-                                else
-                                {
-                                    localIds.put(alias, name);
-                                }
-                             }
-                             else
-                             {
-                                 unmarkedKey = true;
-                                 keys.put("unmarked", privKey);
-                             }
-                        }
-                        else if (b.getBagId().equals(certBag))
-                        {
-                            chain.addElement(b);
-                        }
-                        else
-                        {
-                            System.out.println("extra in data " + b.getBagId());
-                            System.out.println(ASN1Dump.dumpAsString(b));
-                        }
-                    }
-                }
-                else if (c[i].getContentType().equals(encryptedData))
-                {
-                    EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent());
-                    byte[] octets = cryptData(false, d.getEncryptionAlgorithm(),
-                        password, wrongPKCS12Zero, d.getContent().getOctets());
-                    ASN1Sequence seq = (ASN1Sequence) ASN1Object.fromByteArray(octets);
-
-                    for (int j = 0; j != seq.size(); j++)
-                    {
-                        SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
-                        
-                        if (b.getBagId().equals(certBag))
-                        {
-                            chain.addElement(b);
-                        }
-                        else if (b.getBagId().equals(pkcs8ShroudedKeyBag))
-                        {
-                            org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue());
-                            PrivateKey              privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero);
-
-                            //
-                            // set the attributes on the key
-                            //
-                            PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)privKey;
-                            String                      alias = null;
-                            ASN1OctetString              localId = null;
-
-                            Enumeration e = b.getBagAttributes().getObjects();
-                            while (e.hasMoreElements())
-                            {
-                                ASN1Sequence  sq = (ASN1Sequence)e.nextElement();
-                                DERObjectIdentifier     aOid = (DERObjectIdentifier)sq.getObjectAt(0);
-                                ASN1Set                 attrSet= (ASN1Set)sq.getObjectAt(1);
-                                DERObject               attr = null;
-
-                                if (attrSet.size() > 0)
-                                {
-                                    attr = (DERObject)attrSet.getObjectAt(0);
-
-                                    DEREncodable existing = bagAttr.getBagAttribute(aOid);
-                                    if (existing != null)
-                                    {
-                                        // OK, but the value has to be the same
-                                        if (!existing.getDERObject().equals(attr))
-                                        {
-                                            throw new IOException(
-                                                "attempt to add existing attribute with different value");
-                                        }
-                                    }
-                                    else
-                                    {
-                                        bagAttr.setBagAttribute(aOid, attr);
-                                    }
-                                }
-
-                                if (aOid.equals(pkcs_9_at_friendlyName))
-                                {
-                                    alias = ((DERBMPString)attr).getString();
-                                    keys.put(alias, privKey);
-                                }
-                                else if (aOid.equals(pkcs_9_at_localKeyId))
-                                {
-                                    localId = (ASN1OctetString)attr;
-                                }
-                            }
-
-                            String name = new String(Hex.encode(localId.getOctets()));
-
-                            if (alias == null)
-                            {
-                                keys.put(name, privKey);
-                            }
-                            else
-                            {
-                                localIds.put(alias, name);
-                            }
-                        }
-                        else if (b.getBagId().equals(keyBag))
-                        {
-                            org.bouncycastle.asn1.pkcs.PrivateKeyInfo pIn = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue());
-                            PrivateKey              privKey = JDKKeyFactory.createPrivateKeyFromPrivateKeyInfo(pIn);
-
-                            //
-                            // set the attributes on the key
-                            //
-                            PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)privKey;
-                            String                      alias = null;
-                            ASN1OctetString             localId = null;
-
-                            Enumeration e = b.getBagAttributes().getObjects();
-                            while (e.hasMoreElements())
-                            {
-                                ASN1Sequence  sq = (ASN1Sequence)e.nextElement();
-                                DERObjectIdentifier     aOid = (DERObjectIdentifier)sq.getObjectAt(0);
-                                ASN1Set                 attrSet = (ASN1Set)sq.getObjectAt(1);
-                                DERObject   attr = null;
-
-                                if (attrSet.size() > 0)
-                                {
-                                    attr = (DERObject)attrSet.getObjectAt(0);
-
-                                    DEREncodable existing = bagAttr.getBagAttribute(aOid);
-                                    if (existing != null)
-                                    {
-                                        // OK, but the value has to be the same
-                                        if (!existing.getDERObject().equals(attr))
-                                        {
-                                            throw new IOException(
-                                                "attempt to add existing attribute with different value");
-                                        }
-                                    }
-                                    else
-                                    {
-                                        bagAttr.setBagAttribute(aOid, attr);
-                                    }
-                                }
-
-                                if (aOid.equals(pkcs_9_at_friendlyName))
-                                {
-                                    alias = ((DERBMPString)attr).getString();
-                                    keys.put(alias, privKey);
-                                }
-                                else if (aOid.equals(pkcs_9_at_localKeyId))
-                                {
-                                    localId = (ASN1OctetString)attr;
-                                }
-                            }
-
-                            String name = new String(Hex.encode(localId.getOctets()));
-
-                            if (alias == null)
-                            {
-                                keys.put(name, privKey);
-                            }
-                            else
-                            {
-                                localIds.put(alias, name);
-                            }
-                        }
-                        else
-                        {
-                            System.out.println("extra in encryptedData " + b.getBagId());
-                            System.out.println(ASN1Dump.dumpAsString(b));
-                        }
-                    }
-                }
-                else
-                {
-                    System.out.println("extra " + c[i].getContentType().getId());
-                    System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent()));
-                }
-            }
-        }
-
-        certs = new IgnoresCaseHashtable();
-        chainCerts = new Hashtable();
-        keyCerts = new Hashtable();
-
-        for (int i = 0; i != chain.size(); i++)
-        {
-            SafeBag     b = (SafeBag)chain.elementAt(i);
-            CertBag     cb = new CertBag((ASN1Sequence)b.getBagValue());
-
-            if (!cb.getCertId().equals(x509Certificate))
-            {
-                throw new RuntimeException("Unsupported certificate type: " + cb.getCertId());
-            }
-
-            Certificate cert;
-
-            try
-            {
-                ByteArrayInputStream  cIn = new ByteArrayInputStream(
-                                ((ASN1OctetString)cb.getCertValue()).getOctets());
-                cert = certFact.generateCertificate(cIn);
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.toString());
-            }
-
-            //
-            // set the attributes
-            //
-            ASN1OctetString localId = null;
-            String          alias = null;
-
-            if (b.getBagAttributes() != null)
-            {
-                Enumeration e = b.getBagAttributes().getObjects();
-                while (e.hasMoreElements())
-                {
-                    ASN1Sequence  sq = (ASN1Sequence)e.nextElement();
-                    DERObjectIdentifier     oid = (DERObjectIdentifier)sq.getObjectAt(0);
-                    DERObject               attr = (DERObject)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0);
-                    PKCS12BagAttributeCarrier   bagAttr = null;
-
-                    if (cert instanceof PKCS12BagAttributeCarrier)
-                    {
-                        bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-                        DEREncodable existing = bagAttr.getBagAttribute(oid);
-                        if (existing != null)
-                        {
-                            // OK, but the value has to be the same
-                            if (!existing.getDERObject().equals(attr))
-                            {
-                                throw new IOException(
-                                    "attempt to add existing attribute with different value");
-                            }
-                        }
-                        else
-                        {
-                            bagAttr.setBagAttribute(oid, attr);
-                        }
-                    }
-
-                    if (oid.equals(pkcs_9_at_friendlyName))
-                    {
-                        alias = ((DERBMPString)attr).getString();
-                    }
-                    else if (oid.equals(pkcs_9_at_localKeyId))
-                    {
-                        localId = (ASN1OctetString)attr;
-                    }
-                }
-            }
-
-            chainCerts.put(new CertId(cert.getPublicKey()), cert);
-
-            if (unmarkedKey)
-            {
-                if (keyCerts.isEmpty())
-                {
-                    String    name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier()));
-                    
-                    keyCerts.put(name, cert);
-                    keys.put(name, keys.remove("unmarked"));
-                }
-            }
-            else
-            {
-                //
-                // the local key id needs to override the friendly name
-                //
-                if (localId != null)
-                {
-                    String name = new String(Hex.encode(localId.getOctets()));
-
-                    keyCerts.put(name, cert);
-                }
-                if (alias != null)
-                {
-                    certs.put(alias, cert);
-                }
-            }
-        }
-    }
-
-    public void engineStore(OutputStream stream, char[] password) 
-        throws IOException
-    {
-        if (password == null)
-        {
-            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
-        }
-
-        //
-        // handle the key
-        //
-        ASN1EncodableVector  keyS = new ASN1EncodableVector();
-
-
-        Enumeration ks = keys.keys();
-
-        while (ks.hasMoreElements())
-        {
-            byte[]                  kSalt = new byte[SALT_SIZE];
-
-            random.nextBytes(kSalt);
-
-            String                  name = (String)ks.nextElement();
-            PrivateKey              privKey = (PrivateKey)keys.get(name);
-            PKCS12PBEParams         kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS);
-            byte[]                  kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password);
-            AlgorithmIdentifier     kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.getDERObject());
-            org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes);
-            boolean                 attrSet = false;
-            ASN1EncodableVector     kName = new ASN1EncodableVector();
-
-            if (privKey instanceof PKCS12BagAttributeCarrier)
-            {
-                PKCS12BagAttributeCarrier   bagAttrs = (PKCS12BagAttributeCarrier)privKey;
-                //
-                // make sure we are using the local alias on store
-                //
-                DERBMPString    nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
-                if (nm == null || !nm.getString().equals(name))
-                {
-                    bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
-                }
-
-                //
-                // make sure we have a local key-id
-                //
-                if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null)
-                {
-                    Certificate             ct = engineGetCertificate(name);
-
-                    bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey()));
-                }
-
-                Enumeration e = bagAttrs.getBagAttributeKeys();
-
-                while (e.hasMoreElements())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                    ASN1EncodableVector  kSeq = new ASN1EncodableVector();
-
-                    kSeq.add(oid);
-                    kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
-
-                    attrSet = true;
-
-                    kName.add(new DERSequence(kSeq));
-                }
-            }
-
-            if (!attrSet)
-            {
-                //
-                // set a default friendly name (from the key id) and local id
-                //
-                ASN1EncodableVector     kSeq = new ASN1EncodableVector();
-                Certificate             ct = engineGetCertificate(name);
-
-                kSeq.add(pkcs_9_at_localKeyId);
-                kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey())));
-
-                kName.add(new DERSequence(kSeq));
-
-                kSeq = new ASN1EncodableVector();
-
-                kSeq.add(pkcs_9_at_friendlyName);
-                kSeq.add(new DERSet(new DERBMPString(name)));
-
-                kName.add(new DERSequence(kSeq));
-            }
-
-            SafeBag                 kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.getDERObject(), new DERSet(kName));
-            keyS.add(kBag);
-        }
-
-        byte[]                    keySEncoded = new DERSequence(keyS).getDEREncoded();
-        BERConstructedOctetString keyString = new BERConstructedOctetString(keySEncoded);
-
-        //
-        // certificate processing
-        //
-        byte[]                  cSalt = new byte[SALT_SIZE];
-
-        random.nextBytes(cSalt);
-
-        ASN1EncodableVector  certSeq = new ASN1EncodableVector();
-        PKCS12PBEParams         cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS);
-        AlgorithmIdentifier     cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.getDERObject());
-        Hashtable               doneCerts = new Hashtable();
-
-        Enumeration cs = keys.keys();
-        while (cs.hasMoreElements())
-        {
-            try
-            {
-                String              name = (String)cs.nextElement();
-                Certificate         cert = engineGetCertificate(name);
-                boolean             cAttrSet = false;
-                CertBag             cBag = new CertBag(
-                                        x509Certificate,
-                                        new DEROctetString(cert.getEncoded()));
-                ASN1EncodableVector fName = new ASN1EncodableVector();
-
-                if (cert instanceof PKCS12BagAttributeCarrier)
-                {
-                    PKCS12BagAttributeCarrier   bagAttrs = (PKCS12BagAttributeCarrier)cert;
-                    //
-                    // make sure we are using the local alias on store
-                    //
-                    DERBMPString    nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
-                    if (nm == null || !nm.getString().equals(name))
-                    {
-                        bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
-                    }
-
-                    //
-                    // make sure we have a local key-id
-                    //
-                    if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null)
-                    {
-                        bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey()));
-                    }
-
-                    Enumeration e = bagAttrs.getBagAttributeKeys();
-
-                    while (e.hasMoreElements())
-                    {
-                        DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                        ASN1EncodableVector fSeq = new ASN1EncodableVector();
-
-                        fSeq.add(oid);
-                        fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
-                        fName.add(new DERSequence(fSeq));
-
-                        cAttrSet = true;
-                    }
-                }
-
-                if (!cAttrSet)
-                {
-                    ASN1EncodableVector  fSeq = new ASN1EncodableVector();
-
-                    fSeq.add(pkcs_9_at_localKeyId);
-                    fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey())));
-                    fName.add(new DERSequence(fSeq));
-
-                    fSeq = new ASN1EncodableVector();
-
-                    fSeq.add(pkcs_9_at_friendlyName);
-                    fSeq.add(new DERSet(new DERBMPString(name)));
-
-                    fName.add(new DERSequence(fSeq));
-                }
-
-                SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName));
-
-                certSeq.add(sBag);
-
-                doneCerts.put(cert, cert);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new IOException("Error encoding certificate: " + e.toString());
-            }
-        }
-
-        cs = certs.keys();
-        while (cs.hasMoreElements())
-        {
-            try
-            {
-                String              certId = (String)cs.nextElement();
-                Certificate         cert = (Certificate)certs.get(certId);
-                boolean             cAttrSet = false;
-
-                if (keys.get(certId) != null)
-                {
-                    continue;
-                }
-
-                CertBag             cBag = new CertBag(
-                                        x509Certificate,
-                                        new DEROctetString(cert.getEncoded()));
-                ASN1EncodableVector fName = new ASN1EncodableVector();
-
-                if (cert instanceof PKCS12BagAttributeCarrier)
-                {
-                    PKCS12BagAttributeCarrier   bagAttrs = (PKCS12BagAttributeCarrier)cert;
-                    //
-                    // make sure we are using the local alias on store
-                    //
-                    DERBMPString    nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
-                    if (nm == null || !nm.getString().equals(certId))
-                    {
-                        bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId));
-                    }
-
-                    Enumeration e = bagAttrs.getBagAttributeKeys();
-
-                    while (e.hasMoreElements())
-                    {
-                        DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-
-                        // a certificate not immediately linked to a key doesn't require
-                        // a localKeyID and will confuse some PKCS12 implementations.
-                        //
-                        // If we find one, we'll prune it out.
-                        if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
-                        {
-                            continue;
-                        }
-
-                        ASN1EncodableVector fSeq = new ASN1EncodableVector();
-
-                        fSeq.add(oid);
-                        fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
-                        fName.add(new DERSequence(fSeq));
-
-                        cAttrSet = true;
-                    }
-                }
-
-                if (!cAttrSet)
-                {
-                    ASN1EncodableVector  fSeq = new ASN1EncodableVector();
-
-                    fSeq.add(pkcs_9_at_friendlyName);
-                    fSeq.add(new DERSet(new DERBMPString(certId)));
-
-                    fName.add(new DERSequence(fSeq));
-                }
-
-                SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName));
-
-                certSeq.add(sBag);
-
-                doneCerts.put(cert, cert);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new IOException("Error encoding certificate: " + e.toString());
-            }
-        }
-
-        cs = chainCerts.keys();
-        while (cs.hasMoreElements())
-        {
-            try
-            {
-                CertId              certId = (CertId)cs.nextElement();
-                Certificate         cert = (Certificate)chainCerts.get(certId);
-
-                if (doneCerts.get(cert) != null)
-                {
-                    continue;
-                }
-
-                CertBag             cBag = new CertBag(
-                                        x509Certificate,
-                                        new DEROctetString(cert.getEncoded()));
-                ASN1EncodableVector fName = new ASN1EncodableVector();
-
-                if (cert instanceof PKCS12BagAttributeCarrier)
-                {
-                    PKCS12BagAttributeCarrier   bagAttrs = (PKCS12BagAttributeCarrier)cert;
-                    Enumeration e = bagAttrs.getBagAttributeKeys();
-
-                    while (e.hasMoreElements())
-                    {
-                        DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-
-                        // a certificate not immediately linked to a key doesn't require
-                        // a localKeyID and will confuse some PKCS12 implementations.
-                        //
-                        // If we find one, we'll prune it out.
-                        if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
-                        {
-                            continue;
-                        }
-
-                        ASN1EncodableVector fSeq = new ASN1EncodableVector();
-
-                        fSeq.add(oid);
-                        fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
-                        fName.add(new DERSequence(fSeq));
-                    }
-                }
-
-                SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName));
-
-                certSeq.add(sBag);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new IOException("Error encoding certificate: " + e.toString());
-            }
-        }
-
-        byte[]          certSeqEncoded = new DERSequence(certSeq).getDEREncoded();
-        byte[]          certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded);
-        EncryptedData   cInfo = new EncryptedData(data, cAlgId, new BERConstructedOctetString(certBytes));
-
-        ContentInfo[] info = new ContentInfo[]
-        {
-            new ContentInfo(data, keyString),
-            new ContentInfo(encryptedData, cInfo.getDERObject())
-        };
-
-        AuthenticatedSafe   auth = new AuthenticatedSafe(info);
-
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        BEROutputStream         berOut = new BEROutputStream(bOut);
-
-        berOut.writeObject(auth);
-
-        byte[]              pkg = bOut.toByteArray();
-
-        ContentInfo         mainInfo = new ContentInfo(data, new BERConstructedOctetString(pkg));
-
-        //
-        // create the mac
-        //
-        byte[]                      mSalt = new byte[20];
-        int                         itCount = MIN_ITERATIONS;
-
-        random.nextBytes(mSalt);
-    
-        byte[]  data = ((ASN1OctetString)mainInfo.getContent()).getOctets();
-
-        MacData                 mData;
-
-        try
-        {
-            byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data);
-
-            AlgorithmIdentifier     algId = new AlgorithmIdentifier(id_SHA1, new DERNull());
-            DigestInfo              dInfo = new DigestInfo(algId, res);
-
-            mData = new MacData(dInfo, mSalt, itCount);
-        }
-        catch (Exception e)
-        {
-            throw new IOException("error constructing MAC: " + e.toString());
-        }
-        
-        //
-        // output the Pfx
-        //
-        Pfx                 pfx = new Pfx(mainInfo, mData);
-
-        berOut = new BEROutputStream(stream);
-
-        berOut.writeObject(pfx);
-    }
-
-    private static byte[] calculatePbeMac(
-        DERObjectIdentifier oid,
-        byte[]              salt,
-        int                 itCount,
-        char[]              password,
-        boolean             wrongPkcs12Zero,
-        byte[]              data)
-        throws Exception
-    {
-        SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider);
-        PBEParameterSpec    defParams = new PBEParameterSpec(salt, itCount);
-        PBEKeySpec          pbeSpec = new PBEKeySpec(password);
-        JCEPBEKey           key = (JCEPBEKey) keyFact.generateSecret(pbeSpec);
-        key.setTryWrongPKCS12Zero(wrongPkcs12Zero);
-
-        Mac mac = Mac.getInstance(oid.getId(), bcProvider);
-        mac.init(key, defParams);
-        mac.update(data);
-        return mac.doFinal();
-    }
-    
-    public static class BCPKCS12KeyStore
-        extends JDKPKCS12KeyStore
-    {
-        public BCPKCS12KeyStore()
-        {
-            super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC);
-        }
-    }
-
-    public static class BCPKCS12KeyStore3DES
-        extends JDKPKCS12KeyStore
-    {
-        public BCPKCS12KeyStore3DES()
-        {
-            super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-        }
-    }
-
-    public static class DefPKCS12KeyStore
-        extends JDKPKCS12KeyStore
-    {
-        public DefPKCS12KeyStore()
-        {
-            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC);
-        }
-    }
-
-    public static class DefPKCS12KeyStore3DES
-        extends JDKPKCS12KeyStore
-    {
-        public DefPKCS12KeyStore3DES()
-        {
-            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-        }
-    }
-
-    private static class IgnoresCaseHashtable
-    {
-        private Hashtable orig = new Hashtable();
-        private Hashtable keys = new Hashtable();
-
-        public void put(String key, Object value)
-        {
-            String lower = Strings.toLowerCase(key);
-            String k = (String)keys.get(lower);
-            if (k != null)
-            {
-                orig.remove(k);
-            }
-
-            keys.put(lower, key);
-            orig.put(key, value);
-        }
-
-        public Enumeration keys()
-        {
-            return orig.keys();
-        }
-
-        public Object remove(String alias)
-        {
-            String k = (String)keys.remove(Strings.toLowerCase(alias));
-            if (k == null)
-            {
-                return null;
-            }
-
-            return orig.remove(k);
-        }
-
-        public Object get(String alias)
-        {
-            String k = (String)keys.get(Strings.toLowerCase(alias));
-            if (k == null)
-            {
-                return null;
-            }
-            
-            return orig.get(k);
-        }
-
-        public Enumeration elements()
-        {
-            return orig.elements();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java
deleted file mode 100644
index cab250109..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java
+++ /dev/null
@@ -1,234 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.PSSParameterSpec;
-
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.signers.PSSSigner;
-
-public class JDKPSSSigner
-    extends Signature
-{
-    private AsymmetricBlockCipher signer;
-    private Digest digest;
-    private int saltLength;
-    private AlgorithmParameters engineParams;
-    private PSSSigner pss;
-
-    protected JDKPSSSigner(
-        String name,
-        AsymmetricBlockCipher signer,
-        Digest digest)
-    {
-        super(name);
-
-        this.signer = signer;
-        this.digest = digest;
-        if (digest != null)
-        {
-            this.saltLength = digest.getDigestSize();
-        }
-        else
-        {
-            this.saltLength = 20;
-        }
-    }
-
-    protected void engineInitVerify(
-        PublicKey   publicKey)
-        throws InvalidKeyException
-    {
-        if (!(publicKey instanceof RSAPublicKey))
-        {
-            throw new InvalidKeyException("Supplied key is not a RSAPublicKey instance");
-        }
-
-        pss = new PSSSigner(signer, digest, saltLength);
-        pss.init(false,
-            RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey));
-    }
-
-    protected void engineInitSign(
-        PrivateKey      privateKey,
-        SecureRandom    random)
-        throws InvalidKeyException
-    {
-        if (!(privateKey instanceof RSAPrivateKey))
-        {
-            throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance");
-        }
-
-        pss = new PSSSigner(signer, digest, saltLength);
-        pss.init(true, new ParametersWithRandom(RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey), random));
-    }
-
-    protected void engineInitSign(
-        PrivateKey  privateKey)
-        throws InvalidKeyException
-    {
-        if (!(privateKey instanceof RSAPrivateKey))
-        {
-            throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance");
-        }
-
-        pss = new PSSSigner(signer, digest, saltLength);
-        pss.init(true, RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey));
-    }
-
-    protected void engineUpdate(
-        byte    b)
-        throws SignatureException
-    {
-        pss.update(b);
-    }
-
-    protected void engineUpdate(
-        byte[]  b,
-        int     off,
-        int     len) 
-        throws SignatureException
-    {
-        pss.update(b, off, len);
-    }
-
-    protected byte[] engineSign()
-        throws SignatureException
-    {
-        try
-        {
-            return pss.generateSignature();
-        }
-        catch (CryptoException e)
-        {
-            throw new SignatureException(e.getMessage());
-        }
-    }
-
-    protected boolean engineVerify(
-        byte[]  sigBytes) 
-        throws SignatureException
-    {
-        return pss.verifySignature(sigBytes);
-    }
-
-    protected void engineSetParameter(
-        AlgorithmParameterSpec params)
-        throws InvalidParameterException
-    {
-        if (params instanceof PSSParameterSpec)
-        {
-            saltLength = ((PSSParameterSpec)params).getSaltLength();
-        }
-        else
-        {
-            throw new InvalidParameterException("Only PSSParameterSpec supported");
-        }
-    }
-    
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            try
-            {
-                engineParams = AlgorithmParameters.getInstance("PSS", "BC");
-                engineParams.init(new PSSParameterSpec(saltLength));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.toString());
-            }
-        }
-
-        return engineParams;
-    }
-
-    /**
-     * @deprecated replaced with 
-     */
-    protected void engineSetParameter(
-        String  param,
-        Object  value)
-    {
-        throw new UnsupportedOperationException("engineSetParameter unsupported");
-    }
-    
-    protected Object engineGetParameter(
-        String param)
-    {
-        throw new UnsupportedOperationException("engineGetParameter unsupported");
-    }
-
-    static public class PSSwithRSA
-        extends JDKPSSSigner
-    {
-        public PSSwithRSA()
-        {
-            super("SHA1withRSAandMGF1", new RSABlindedEngine(), null);
-        }
-    }
-
-    static public class SHA1withRSA
-        extends JDKPSSSigner
-    {
-        public SHA1withRSA()
-        {
-            super("SHA1withRSAandMGF1", new RSABlindedEngine(), new SHA1Digest());
-        }
-    }
-
-    static public class SHA224withRSA
-        extends JDKPSSSigner
-    {
-        public SHA224withRSA()
-        {
-            super("SHA224withRSAandMGF1", new RSABlindedEngine(), new SHA224Digest());
-        }
-    }
-
-    static public class SHA256withRSA
-        extends JDKPSSSigner
-    {
-        public SHA256withRSA()
-        {
-            super("SHA256withRSAandMGF1", new RSABlindedEngine(), new SHA256Digest());
-        }
-    }
-
-    static public class SHA384withRSA
-        extends JDKPSSSigner
-    {
-        public SHA384withRSA()
-        {
-            super("SHA384withRSAandMGF1", new RSABlindedEngine(), new SHA384Digest());
-        }
-    }
-
-    static public class SHA512withRSA
-        extends JDKPSSSigner
-    {
-        public SHA512withRSA()
-        {
-            super("SHA512withRSAandMGF1", new RSABlindedEngine(), new SHA512Digest());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java
deleted file mode 100644
index c8fc79024..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java
+++ /dev/null
@@ -1,377 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.PushbackInputStream;
-import java.security.cert.CRL;
-import java.security.cert.CRLException;
-import java.security.cert.CertPath;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactorySpi;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * class for dealing with X509 certificates.
- * 
    
- * At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"
- * base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7
- * objects.
- */
-public class JDKX509CertificateFactory
-    extends CertificateFactorySpi
-{
-    private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE");
-    private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL");
-
-    private ASN1Set            sData = null;
-    private int                sDataObjectCount = 0;
-    private InputStream        currentStream = null;
-    
-    private ASN1Set            sCrlData = null;
-    private int                sCrlDataObjectCount = 0;
-    private InputStream        currentCrlStream = null;
-
-    private Certificate readDERCertificate(
-        ASN1InputStream dIn)
-        throws IOException, CertificateParsingException
-    {
-        ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
-
-        if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
-        {
-            if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
-            {
-                sData = new SignedData(ASN1Sequence.getInstance(
-                                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();
-
-                return getCertificate();
-            }
-        }
-
-        return new X509CertificateObject(
-                            X509CertificateStructure.getInstance(seq));
-    }
-
-    private Certificate getCertificate()
-        throws CertificateParsingException
-    {
-        if (sData != null)
-        {
-            while (sDataObjectCount < sData.size())
-            {
-                Object obj = sData.getObjectAt(sDataObjectCount++);
-
-                if (obj instanceof ASN1Sequence)
-                {
-                   return new X509CertificateObject(
-                                    X509CertificateStructure.getInstance(obj));
-                }
-            }
-        }
-
-        return null;
-    }
-
-    private Certificate readPEMCertificate(
-        InputStream  in)
-        throws IOException, CertificateParsingException
-    {
-        ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in);
-
-        if (seq != null)
-        {
-            return new X509CertificateObject(
-                            X509CertificateStructure.getInstance(seq));
-        }
-
-        return null;
-    }
-
-    protected CRL createCRL(CertificateList c)
-    throws CRLException
-    {
-        return new X509CRLObject(c);
-    }
-    
-    private CRL readPEMCRL(
-        InputStream  in)
-        throws IOException, CRLException
-    {
-        ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in);
-
-        if (seq != null)
-        {
-            return createCRL(
-                            CertificateList.getInstance(seq));
-        }
-
-        return null;
-    }
-
-    private CRL readDERCRL(
-        ASN1InputStream  aIn)
-        throws IOException, CRLException
-    {
-        ASN1Sequence     seq = (ASN1Sequence)aIn.readObject();
-
-        if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
-        {
-            if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
-            {
-                sCrlData = new SignedData(ASN1Sequence.getInstance(
-                                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
-    
-                return getCRL();
-            }
-        }
-
-        return createCRL(
-                     CertificateList.getInstance(seq));
-    }
-
-    private CRL getCRL()
-        throws CRLException
-    {
-        if (sCrlData == null || sCrlDataObjectCount >= sCrlData.size())
-        {
-            return null;
-        }
-
-        return createCRL(
-                            CertificateList.getInstance(
-                                    sCrlData.getObjectAt(sCrlDataObjectCount++)));
-    }
-
-    /**
-     * Generates a certificate object and initializes it with the data
-     * read from the input stream inStream.
-     */
-    public Certificate engineGenerateCertificate(
-        InputStream in) 
-        throws CertificateException
-    {
-        if (currentStream == null)
-        {
-            currentStream = in;
-            sData = null;
-            sDataObjectCount = 0;
-        }
-        else if (currentStream != in) // reset if input stream has changed
-        {
-            currentStream = in;
-            sData = null;
-            sDataObjectCount = 0;
-        }
-
-        try
-        {
-            if (sData != null)
-            {
-                if (sDataObjectCount != sData.size())
-                {
-                    return getCertificate();
-                }
-                else
-                {
-                    sData = null;
-                    sDataObjectCount = 0;
-                    return null;
-                }
-            }
-
-            int limit = ProviderUtil.getReadLimit(in);
-
-            PushbackInputStream pis = new PushbackInputStream(in);
-            int tag = pis.read();
-
-            if (tag == -1)
-            {
-                return null;
-            }
-
-            pis.unread(tag);
-
-            if (tag != 0x30)  // assume ascii PEM encoded.
-            {
-                return readPEMCertificate(pis);
-            }
-            else
-            {
-                return readDERCertificate(new ASN1InputStream(pis, limit));
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertificateException(e.toString());
-        }
-    }
-
-    /**
-     * Returns a (possibly empty) collection view of the certificates
-     * read from the given input stream inStream.
-     */
-    public Collection engineGenerateCertificates(
-        InputStream inStream) 
-        throws CertificateException
-    {
-        Certificate     cert;
-        List            certs = new ArrayList();
-
-        while ((cert = engineGenerateCertificate(inStream)) != null)
-        {
-            certs.add(cert);
-        }
-
-        return certs;
-    }
-
-    /**
-     * Generates a certificate revocation list (CRL) object and initializes
-     * it with the data read from the input stream inStream.
-     */
-    public CRL engineGenerateCRL(
-        InputStream inStream) 
-        throws CRLException
-    {
-        if (currentCrlStream == null)
-        {
-            currentCrlStream = inStream;
-            sCrlData = null;
-            sCrlDataObjectCount = 0;
-        }
-        else if (currentCrlStream != inStream) // reset if input stream has changed
-        {
-            currentCrlStream = inStream;
-            sCrlData = null;
-            sCrlDataObjectCount = 0;
-        }
-
-        try
-        {
-            if (sCrlData != null)
-            {
-                if (sCrlDataObjectCount != sCrlData.size())
-                {
-                    return getCRL();
-                }
-                else
-                {
-                    sCrlData = null;
-                    sCrlDataObjectCount = 0;
-                    return null;
-                }
-            }
-
-            int limit = ProviderUtil.getReadLimit(inStream);
-
-            PushbackInputStream pis = new PushbackInputStream(inStream);
-            int tag = pis.read();
-
-            if (tag == -1)
-            {
-                return null;
-            }
-
-            pis.unread(tag);
-
-            if (tag != 0x30)  // assume ascii PEM encoded.
-            {
-                return readPEMCRL(pis);
-            }
-            else
-            {       // lazy evaluate to help processing of large CRLs
-                return readDERCRL(new ASN1InputStream(pis, limit, true));
-            }
-        }
-        catch (CRLException e)
-        {
-            throw e;
-        }
-        catch (Exception e)
-        {
-            throw new CRLException(e.toString());
-        }
-    }
-
-    /**
-     * Returns a (possibly empty) collection view of the CRLs read from
-     * the given input stream inStream.
-     *
-     * The inStream may contain a sequence of DER-encoded CRLs, or
-     * a PKCS#7 CRL set.  This is a PKCS#7 SignedData object, with the
-     * only signficant field being crls.  In particular the signature
-     * and the contents are ignored.
-     */
-    public Collection engineGenerateCRLs(
-        InputStream inStream) 
-        throws CRLException
-    {
-        CRL     crl;
-        List    crls = new ArrayList();
-
-        while ((crl = engineGenerateCRL(inStream)) != null)
-        {
-            crls.add(crl);
-        }
-
-        return crls;
-    }
-
-    public Iterator engineGetCertPathEncodings()
-    {
-        return PKIXCertPath.certPathEncodings.iterator();
-    }
-
-    public CertPath engineGenerateCertPath(
-        InputStream inStream)
-        throws CertificateException
-    {
-        return engineGenerateCertPath(inStream, "PkiPath");
-    }
-
-    public CertPath engineGenerateCertPath(
-        InputStream inStream,
-        String encoding)
-        throws CertificateException
-    {
-        return new PKIXCertPath(inStream, encoding);
-    }
-
-    public CertPath engineGenerateCertPath(
-        List certificates)
-        throws CertificateException
-    {
-        Iterator iter = certificates.iterator();
-        Object obj;
-        while (iter.hasNext())
-        {
-            obj = iter.next();
-            if (obj != null)
-            {
-                if (!(obj instanceof X509Certificate))
-                {
-                    throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString());
-                }
-            }
-        }
-        return new PKIXCertPath(certificates);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java
deleted file mode 100644
index 9d2975e7d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java
+++ /dev/null
@@ -1,85 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.MultiCertStoreParameters;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CRLSelector;
-import java.security.cert.CertSelector;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertStoreSpi;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-
-public class MultiCertStoreSpi
-    extends CertStoreSpi
-{
-    private MultiCertStoreParameters params;
-
-    public MultiCertStoreSpi(CertStoreParameters params)
-        throws InvalidAlgorithmParameterException
-    {
-        super(params);
-
-        if (!(params instanceof MultiCertStoreParameters))
-        {
-            throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.MultiCertStoreSpi: parameter must be a MultiCertStoreParameters object\n" +  params.toString());
-        }
-
-        this.params = (MultiCertStoreParameters)params;
-    }
-
-    public Collection engineGetCertificates(CertSelector certSelector)
-        throws CertStoreException
-    {
-        boolean searchAllStores = params.getSearchAllStores();
-        Iterator iter = params.getCertStores().iterator();
-        List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
-
-        while (iter.hasNext())
-        {
-            CertStore store = (CertStore)iter.next();
-            Collection certs = store.getCertificates(certSelector);
-
-            if (searchAllStores)
-            {
-                allCerts.addAll(certs);
-            }
-            else if (!certs.isEmpty())
-            {
-                return certs;
-            }
-        }
-
-        return allCerts;
-    }
-
-    public Collection engineGetCRLs(CRLSelector crlSelector)
-        throws CertStoreException
-    {
-        boolean searchAllStores = params.getSearchAllStores();
-        Iterator iter = params.getCertStores().iterator();
-        List allCRLs = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
-        
-        while (iter.hasNext())
-        {
-            CertStore store = (CertStore)iter.next();
-            Collection crls = store.getCRLs(crlSelector);
-
-            if (searchAllStores)
-            {
-                allCRLs.addAll(crls);
-            }
-            else if (!crls.isEmpty())
-            {
-                return crls;
-            }
-        }
-
-        return allCRLs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PBE.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PBE.java
deleted file mode 100644
index 7bd1600f0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PBE.java
+++ /dev/null
@@ -1,281 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.TigerDigest;
-import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.DESParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public interface PBE
-{
-    //
-    // PBE Based encryption constants - by default we do PKCS12 with SHA-1
-    //
-    static final int        MD5         = 0;
-    static final int        SHA1        = 1;
-    static final int        RIPEMD160   = 2;
-    static final int        TIGER       = 3;
-    static final int        SHA256      = 4;
-    static final int        MD2         = 5;
-
-    static final int        PKCS5S1     = 0;
-    static final int        PKCS5S2     = 1;
-    static final int        PKCS12      = 2;
-    static final int        OPENSSL     = 3;
-
-    /**
-     * uses the appropriate mixer to generate the key and IV if necessary.
-     */
-    static class Util
-    {
-        static private PBEParametersGenerator makePBEGenerator(
-            int                     type,
-            int                     hash)
-        {
-            PBEParametersGenerator  generator;
-    
-            if (type == PKCS5S1)
-            {
-                switch (hash)
-                {
-                case MD2:
-                    generator = new PKCS5S1ParametersGenerator(new MD2Digest());
-                    break;
-                case MD5:
-                    generator = new PKCS5S1ParametersGenerator(new MD5Digest());
-                    break;
-                case SHA1:
-                    generator = new PKCS5S1ParametersGenerator(new SHA1Digest());
-                    break;
-                default:
-                    throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
-                }
-            }
-            else if (type == PKCS5S2)
-            {
-                generator = new PKCS5S2ParametersGenerator();
-            }
-            else if (type == PKCS12)
-            {
-                switch (hash)
-                {
-                case MD2:
-                    generator = new PKCS12ParametersGenerator(new MD2Digest());
-                    break;
-                case MD5:
-                    generator = new PKCS12ParametersGenerator(new MD5Digest());
-                    break;
-                case SHA1:
-                    generator = new PKCS12ParametersGenerator(new SHA1Digest());
-                    break;
-                case RIPEMD160:
-                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
-                    break;
-                case TIGER:
-                    generator = new PKCS12ParametersGenerator(new TigerDigest());
-                    break;
-                case SHA256:
-                    generator = new PKCS12ParametersGenerator(new SHA256Digest());
-                    break;
-                default:
-                    throw new IllegalStateException("unknown digest scheme for PBE encryption.");
-                }
-            }
-            else
-            {
-                generator = new OpenSSLPBEParametersGenerator();
-            }
-    
-            return generator;
-        }
-
-        /**
-         * construct a key and iv (if necessary) suitable for use with a 
-         * Cipher.
-         */
-        static CipherParameters makePBEParameters(
-            JCEPBEKey               pbeKey,
-            AlgorithmParameterSpec  spec,
-            String                  targetAlgorithm)
-        {
-            if ((spec == null) || !(spec instanceof PBEParameterSpec))
-            {
-                throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
-            }
-    
-            PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
-            PBEParametersGenerator  generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest());
-            byte[]                  key = pbeKey.getEncoded();
-            CipherParameters        param;
-    
-            if (pbeKey.shouldTryWrongPKCS12())
-            {
-                key = new byte[2];
-            }
-            
-            generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());
-
-            if (pbeKey.getIvSize() != 0)
-            {
-                param = generator.generateDerivedParameters(pbeKey.getKeySize(), pbeKey.getIvSize());
-            }
-            else
-            {
-                param = generator.generateDerivedParameters(pbeKey.getKeySize());
-            }
-
-            if (targetAlgorithm.startsWith("DES"))
-            {
-                if (param instanceof ParametersWithIV)
-                {
-                    KeyParameter    kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
-
-                    DESParameters.setOddParity(kParam.getKey());
-                }
-                else
-                {
-                    KeyParameter    kParam = (KeyParameter)param;
-
-                    DESParameters.setOddParity(kParam.getKey());
-                }
-            }
-
-            for (int i = 0; i != key.length; i++)
-            {
-                key[i] = 0;
-            }
-
-            return param;
-        }
-
-        /**
-         * generate a PBE based key suitable for a MAC algorithm, the
-         * key size is chosen according the MAC size, or the hashing algorithm,
-         * whichever is greater.
-         */
-        static CipherParameters makePBEMacParameters(
-            JCEPBEKey               pbeKey,
-            AlgorithmParameterSpec  spec)
-        {
-            if ((spec == null) || !(spec instanceof PBEParameterSpec))
-            {
-                throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
-            }
-    
-            PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
-            PBEParametersGenerator  generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest());
-            byte[]                  key = pbeKey.getEncoded();
-            CipherParameters        param;
-    
-            if (pbeKey.shouldTryWrongPKCS12())
-            {
-                key = new byte[2];
-            }
-            
-            generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());
-
-            param = generator.generateDerivedMacParameters(pbeKey.getKeySize());
-    
-            for (int i = 0; i != key.length; i++)
-            {
-                key[i] = 0;
-            }
-
-            return param;
-        }
-    
-        /**
-         * construct a key and iv (if necessary) suitable for use with a 
-         * Cipher.
-         */
-        static CipherParameters makePBEParameters(
-            PBEKeySpec              keySpec,
-            int                     type,
-            int                     hash,
-            int                     keySize,
-            int                     ivSize)
-        {    
-            PBEParametersGenerator  generator = makePBEGenerator(type, hash);
-            byte[]                  key;
-            CipherParameters        param;
-    
-            if (type == PKCS12)
-            {
-                key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
-            }
-            else
-            {   
-                key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
-            }
-            
-            generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());
-    
-            if (ivSize != 0)
-            {
-                param = generator.generateDerivedParameters(keySize, ivSize);
-            }
-            else
-            {
-                param = generator.generateDerivedParameters(keySize);
-            }
-    
-            for (int i = 0; i != key.length; i++)
-            {
-                key[i] = 0;
-            }
-    
-            return param;
-        }
-    
-        /**
-         * generate a PBE based key suitable for a MAC algorithm, the
-         * key size is chosen according the MAC size, or the hashing algorithm,
-         * whichever is greater.
-         */
-        static CipherParameters makePBEMacParameters(
-            PBEKeySpec              keySpec,
-            int                     type,
-            int                     hash,
-            int                     keySize)
-        {
-            PBEParametersGenerator  generator = makePBEGenerator(type, hash);
-            byte[]                  key;
-            CipherParameters        param;
-    
-            if (type == PKCS12)
-            {
-                key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
-            }
-            else
-            {   
-                key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
-            }
-            
-            generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());
-    
-            param = generator.generateDerivedMacParameters(keySize);
-    
-            for (int i = 0; i != key.length; i++)
-            {
-                key[i] = 0;
-            }
-    
-            return param;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java
deleted file mode 100644
index 6f33cfe9f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java
+++ /dev/null
@@ -1,94 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.util.encoders.Base64;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-public class PEMUtil
-{
-    private final String _header1;
-    private final String _header2;
-    private final String _footer1;
-    private final String _footer2;
-
-    PEMUtil(
-        String type)
-    {
-        _header1 = "-----BEGIN " + type + "-----";
-        _header2 = "-----BEGIN X509 " + type + "-----";
-        _footer1 = "-----END " + type + "-----";
-        _footer2 = "-----END X509 " + type + "-----";
-    }
-
-    private String readLine(
-        InputStream in)
-        throws IOException
-    {
-        int             c;
-        StringBuffer    l = new StringBuffer();
-
-        do
-        {
-            while (((c = in.read()) != '\r') && c != '\n' && (c >= 0))
-            {
-                if (c == '\r')
-                {
-                    continue;
-                }
-
-                l.append((char)c);
-            }
-        }
-        while (c >= 0 && l.length() == 0);
-
-        if (c < 0)
-        {
-            return null;
-        }
-
-        return l.toString();
-    }
-
-    ASN1Sequence readPEMObject(
-        InputStream  in)
-        throws IOException
-    {
-        String          line;
-        StringBuffer    pemBuf = new StringBuffer();
-
-        while ((line = readLine(in)) != null)
-        {
-            if (line.startsWith(_header1) || line.startsWith(_header2))
-            {
-                break;
-            }
-        }
-
-        while ((line = readLine(in)) != null)
-        {
-            if (line.startsWith(_footer1) || line.startsWith(_footer2))
-            {
-                break;
-            }
-
-            pemBuf.append(line);
-        }
-
-        if (pemBuf.length() != 0)
-        {
-            DERObject o = new ASN1InputStream(Base64.decode(pemBuf.toString())).readObject();
-            if (!(o instanceof ASN1Sequence))
-            {
-                throw new IOException("malformed PEM data encountered");
-            }
-
-            return (ASN1Sequence)o;
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
deleted file mode 100644
index 984283faa..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
+++ /dev/null
@@ -1,124 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1InputStream;
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
-import java.io.ObjectOutputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-
-class PKCS12BagAttributeCarrierImpl
-    implements PKCS12BagAttributeCarrier
-{
-    private Hashtable pkcs12Attributes;
-    private Vector pkcs12Ordering;
-
-    PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
-    {
-        this.pkcs12Attributes = attributes;
-        this.pkcs12Ordering = ordering;
-    }
-
-    public PKCS12BagAttributeCarrierImpl()
-    {
-        this(new Hashtable(), new Vector());
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        if (pkcs12Attributes.containsKey(oid))
-        {                           // preserve original ordering
-            pkcs12Attributes.put(oid, attribute);
-        }
-        else
-        {
-            pkcs12Attributes.put(oid, attribute);
-            pkcs12Ordering.addElement(oid);
-        }
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return (DEREncodable)pkcs12Attributes.get(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return pkcs12Ordering.elements();
-    }
-
-    int size()
-    {
-        return pkcs12Ordering.size();
-    }
-
-    Hashtable getAttributes()
-    {
-        return pkcs12Attributes;
-    }
-
-    Vector getOrdering()
-    {
-        return pkcs12Ordering;
-    }
-
-    public void writeObject(ObjectOutputStream out)
-        throws IOException
-    {
-        if (pkcs12Ordering.size() == 0)
-        {
-            out.writeObject(new Hashtable());
-            out.writeObject(new Vector());
-        }
-        else
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            ASN1OutputStream aOut = new ASN1OutputStream(bOut);
-
-            Enumeration             e = this.getBagAttributeKeys();
-
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier    oid = (DERObjectIdentifier)e.nextElement();
-
-                aOut.writeObject(oid);
-                aOut.writeObject(pkcs12Attributes.get(oid));
-            }
-
-            out.writeObject(bOut.toByteArray());
-        }
-    }
-
-    public void readObject(ObjectInputStream in)
-        throws IOException, ClassNotFoundException
-    {
-        Object obj = in.readObject();
-
-        if (obj instanceof Hashtable)
-        {
-            this.pkcs12Attributes = (Hashtable)obj;
-            this.pkcs12Ordering = (Vector)in.readObject();
-        }
-        else
-        {
-            ASN1InputStream aIn = new ASN1InputStream((byte[])obj);
-
-            DERObjectIdentifier    oid;
-
-            while ((oid = (DERObjectIdentifier)aIn.readObject()) != null)
-            {
-                this.setBagAttribute(oid, aIn.readObject());
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java
deleted file mode 100644
index 14aef43ea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java
+++ /dev/null
@@ -1,303 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.Principal;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilderException;
-import java.security.cert.CertPathBuilderResult;
-import java.security.cert.CertPathBuilderSpi;
-import java.security.cert.CertPathParameters;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.PKIXCertPathBuilderResult;
-import java.security.cert.PKIXCertPathValidatorResult;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CertStoreSelector;
-
-public class PKIXAttrCertPathBuilderSpi
-    extends CertPathBuilderSpi
-{
-
-    /**
-     * Build and validate a CertPath using the given parameter.
-     * 
-     * @param params PKIXBuilderParameters object containing all information to
-     *            build the CertPath
-     */
-    public CertPathBuilderResult engineBuild(CertPathParameters params)
-            throws CertPathBuilderException, InvalidAlgorithmParameterException
-    {
-        if (!(params instanceof PKIXBuilderParameters)
-                && !(params instanceof ExtendedPKIXBuilderParameters))
-        {
-            throw new InvalidAlgorithmParameterException(
-                    "Parameters must be an instance of "
-                            + PKIXBuilderParameters.class.getName() + " or "
-                            + ExtendedPKIXBuilderParameters.class.getName()
-                            + ".");
-        }
-
-        ExtendedPKIXBuilderParameters pkixParams;
-        if (params instanceof ExtendedPKIXBuilderParameters)
-        {
-            pkixParams = (ExtendedPKIXBuilderParameters) params;
-        }
-        else
-        {
-            pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
-                    .getInstance((PKIXBuilderParameters) params);
-        }
-
-        Collection targets;
-        Iterator targetIter;
-        List certPathList = new ArrayList();
-        X509AttributeCertificate cert;
-
-        // search target certificates
-
-        Selector certSelect = pkixParams.getTargetConstraints();
-        if (!(certSelect instanceof X509AttributeCertStoreSelector))
-        {
-            throw new CertPathBuilderException(
-                    "TargetConstraints must be an instance of "
-                            + X509AttributeCertStoreSelector.class.getName()
-                            + " for "+this.getClass().getName()+" class.");
-        }
-
-        try
-        {
-            targets = CertPathValidatorUtilities.findCertificates((X509AttributeCertStoreSelector)certSelect, pkixParams.getStores());
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathBuilderException("Error finding target attribute certificate.", e);
-        }
-
-        if (targets.isEmpty())
-        {
-            throw new CertPathBuilderException(
-                    "No attribute certificate found matching targetContraints.");
-        }
-
-        CertPathBuilderResult result = null;
-
-        // check all potential target certificates
-        targetIter = targets.iterator();
-        while (targetIter.hasNext() && result == null)
-        {
-            cert = (X509AttributeCertificate) targetIter.next();
-            
-            X509CertStoreSelector selector = new X509CertStoreSelector();
-            Principal[] principals = cert.getIssuer().getPrincipals();
-            Set issuers = new HashSet();
-            for (int i = 0; i < principals.length; i++)
-            {
-                try
-                {
-                    if (principals[i] instanceof X500Principal)
-                    {
-                        selector.setSubject(((X500Principal)principals[i]).getEncoded());
-                    }
-                    issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getStores()));
-                    issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getCertStores()));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new ExtCertPathBuilderException(
-                        "Public key certificate for attribute certificate cannot be searched.",
-                        e);
-                }
-                catch (IOException e)
-                {
-                    throw new ExtCertPathBuilderException(
-                        "cannot encode X500Principal.",
-                        e);
-                }
-            }
-            if (issuers.isEmpty())
-            {
-                throw new CertPathBuilderException(
-                    "Public key certificate for attribute certificate cannot be found.");
-            }
-            Iterator it = issuers.iterator();
-            while (it.hasNext() && result == null)
-            {
-                result = build(cert, (X509Certificate)it.next(), pkixParams, certPathList);
-            }
-        }
-
-        if (result == null && certPathException != null)
-        {
-            throw new ExtCertPathBuilderException(
-                                    "Possible certificate chain could not be validated.",
-                                    certPathException);
-        }
-
-        if (result == null && certPathException == null)
-        {
-            throw new CertPathBuilderException(
-                    "Unable to find certificate chain.");
-        }
-
-        return result;
-    }
-
-    private Exception certPathException;
-
-    private CertPathBuilderResult build(X509AttributeCertificate attrCert, X509Certificate tbvCert,
-            ExtendedPKIXBuilderParameters pkixParams, List tbvPath)
-
-    {
-        // If tbvCert is readily present in tbvPath, it indicates having run
-        // into a cycle in the
-        // PKI graph.
-        if (tbvPath.contains(tbvCert))
-        {
-            return null;
-        }
-        // step out, the certificate is not allowed to appear in a certification
-        // chain
-        if (pkixParams.getExcludedCerts().contains(tbvCert))
-        {
-            return null;
-        }
-        // test if certificate path exceeds maximum length
-        if (pkixParams.getMaxPathLength() != -1)
-        {
-            if (tbvPath.size() - 1 > pkixParams.getMaxPathLength())
-            {
-                return null;
-            }
-        }
-
-        tbvPath.add(tbvCert);
-
-        CertificateFactory cFact;
-        CertPathValidator validator;
-        CertPathBuilderResult builderResult = null;
-
-        try
-        {
-            cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
-            validator = CertPathValidator.getInstance("RFC3281", BouncyCastleProvider.PROVIDER_NAME);
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException(
-                            "Exception creating support classes.");
-        }
-
-        try
-        {
-            // check whether the issuer of  is a TrustAnchor
-            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
-                pkixParams.getSigProvider()) != null)
-            {
-                CertPath certPath;
-                PKIXCertPathValidatorResult result;
-                try
-                {
-                    certPath = cFact.generateCertPath(tbvPath);
-                }
-                catch (Exception e)
-                {
-                    throw new AnnotatedException(
-                                            "Certification path could not be constructed from certificate list.",
-                                            e);
-                }
-
-                try
-                {
-                    result = (PKIXCertPathValidatorResult) validator.validate(
-                            certPath, pkixParams);
-                }
-                catch (Exception e)
-                {
-                    throw new AnnotatedException(
-                                            "Certification path could not be validated.",
-                                            e);
-                }
-
-                return new PKIXCertPathBuilderResult(certPath, result
-                        .getTrustAnchor(), result.getPolicyTree(), result
-                        .getPublicKey());
-
-            }
-            else
-            {
-                // add additional X.509 stores from locations in certificate
-                try
-                {
-                    CertPathValidatorUtilities.addAdditionalStoresFromAltNames(tbvCert, pkixParams);
-                }
-                catch (CertificateParsingException e)
-                {
-                    throw new AnnotatedException(
-                                            "No additional X.509 stores can be added from certificate locations.",
-                                            e);
-                }
-                Collection issuers = new HashSet();
-                // try to get the issuer certificate from one
-                // of the stores
-                try
-                {
-                    issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new AnnotatedException(
-                                            "Cannot find issuer certificate for certificate in certification path.",
-                                            e);
-                }
-                if (issuers.isEmpty())
-                {
-                    throw new AnnotatedException(
-                            "No issuer certificate for certificate in certification path found.");
-                }
-                Iterator it = issuers.iterator();
-
-                while (it.hasNext() && builderResult == null)
-                {
-                    X509Certificate issuer = (X509Certificate) it.next();
-                    // TODO Use CertPathValidatorUtilities.isSelfIssued(issuer)?
-                    // if untrusted self signed certificate continue
-                    if (issuer.getIssuerX500Principal().equals(
-                            issuer.getSubjectX500Principal()))
-                    {
-                        continue;
-                    }
-                    builderResult = build(attrCert, issuer, pkixParams, tbvPath);
-                }
-            }
-        }
-        catch (AnnotatedException e)
-        {
-            certPathException = new AnnotatedException(
-                            "No valid certification path could be build.", e);
-        }
-        if (builderResult == null)
-        {
-            tbvPath.remove(tbvCert);
-        }
-        return builderResult;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java
deleted file mode 100644
index 5b70333d7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java
+++ /dev/null
@@ -1,99 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509AttributeCertificate;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathParameters;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertPathValidatorResult;
-import java.security.cert.CertPathValidatorSpi;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Set;
-
-/**
- * CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281.
- * 
- * @see org.bouncycastle.x509.ExtendedPKIXParameters
- */
-public class PKIXAttrCertPathValidatorSpi
-    extends CertPathValidatorSpi
-{
-
-    /**
-     * Validates an attribute certificate with the given certificate path.
-     * 
-     * 
    
-     * params must be an instance of
-     * ExtendedPKIXParameters.
-     * 
    
-     * The target constraints in the params must be an
-     * X509AttributeCertStoreSelector with at least the attribute
-     * certificate criterion set. Obey that also target informations may be
-     * necessary to correctly validate this attribute certificate.
-     * 
    
-     * The attribute certificate issuer must be added to the trusted attribute
-     * issuers with {@link ExtendedPKIXParameters#setTrustedACIssuers(Set)}.
-     * 
-     * @param certPath The certificate path which belongs to the attribute
-     *            certificate issuer public key certificate.
-     * @param params The PKIX parameters.
-     * @return A PKIXCertPathValidatorResult of the result of
-     *         validating the certPath.
-     * @throws InvalidAlgorithmParameterException if params is
-     *             inappropriate for this validator.
-     * @throws CertPathValidatorException if the verification fails.
-     */
-    public CertPathValidatorResult engineValidate(CertPath certPath,
-        CertPathParameters params) throws CertPathValidatorException,
-        InvalidAlgorithmParameterException
-    {
-        if (!(params instanceof ExtendedPKIXParameters))
-        {
-            throw new InvalidAlgorithmParameterException(
-                "Parameters must be a "
-                    + ExtendedPKIXParameters.class.getName() + " instance.");
-        }
-        ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params;
-
-        Selector certSelect = pkixParams.getTargetConstraints();
-        if (!(certSelect instanceof X509AttributeCertStoreSelector))
-        {
-            throw new InvalidAlgorithmParameterException(
-                "TargetConstraints must be an instance of "
-                    + X509AttributeCertStoreSelector.class.getName() + " for "
-                    + this.getClass().getName() + " class.");
-        }
-        X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect)
-            .getAttributeCert();
-
-        CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams);
-        CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams);
-        X509Certificate issuerCert = (X509Certificate) certPath
-            .getCertificates().get(0);
-        RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams);
-        RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams);
-        RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams);
-        // 6 already done in X509AttributeCertStoreSelector
-        RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams);
-        RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams);
-        Date date = null;
-        try
-        {
-            date = CertPathValidatorUtilities
-                .getValidCertDateFromValidityModel(pkixParams, null, -1);
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathValidatorException(
-                "Could not get validity date from attribute certificate.", e);
-        }
-        RFC3281CertPathUtilities.checkCRLs(attrCert, pkixParams, issuerCert, date, certPath.getCertificates());
-        return result;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
deleted file mode 100644
index c94016d7b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
+++ /dev/null
@@ -1,155 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.PKIXParameters;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509Store;
-
-public class PKIXCRLUtil
-{
-    public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
-        throws AnnotatedException
-    {
-        Set initialSet = new HashSet();
-
-        // get complete CRL(s)
-        try
-        {
-            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
-            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
-            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
-        }
-
-        Set finalSet = new HashSet();
-        Date validityDate = currentDate;
-
-        if (paramsPKIX.getDate() != null)
-        {
-            validityDate = paramsPKIX.getDate();
-        }
-
-        // based on RFC 5280 6.3.3
-        for (Iterator it = initialSet.iterator(); it.hasNext();)
-        {
-            X509CRL crl = (X509CRL)it.next();
-
-            if (crl.getNextUpdate().after(validityDate))
-            {
-                X509Certificate cert = crlselect.getCertificateChecking();
-
-                if (cert != null)
-                {
-                    if (crl.getThisUpdate().before(cert.getNotAfter()))
-                    {
-                        finalSet.add(crl);
-                    }
-                }
-                else
-                {
-                    finalSet.add(crl);
-                }
-            }
-        }
-
-        return finalSet;
-    }
-
-    public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX)
-        throws AnnotatedException
-    {
-        Set completeSet = new HashSet();
-
-        // get complete CRL(s)
-        try
-        {
-            completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
-        }
-
-        return completeSet;
-    }
-
-/**
-     * Return a Collection of all CRLs found in the X509Store's that are
-     * matching the crlSelect criteriums.
-     *
-     * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
-     *            to select the CRLs
-     * @param crlStores a List containing only
-     *            {@link org.bouncycastle.x509.X509Store  X509Store} objects.
-     *            These are used to search for CRLs
-     *
-     * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
-     *         empty but never null.
-     */
-    private final Collection findCRLs(X509CRLStoreSelector crlSelect,
-        List crlStores) throws AnnotatedException
-    {
-        Set crls = new HashSet();
-        Iterator iter = crlStores.iterator();
-
-        AnnotatedException lastException = null;
-        boolean foundValidStore = false;
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store store = (X509Store)obj;
-
-                try
-                {
-                    crls.addAll(store.getMatches(crlSelect));
-                    foundValidStore = true;
-                }
-                catch (StoreException e)
-                {
-                    lastException = new AnnotatedException(
-                        "Exception searching in X.509 CRL store.", e);
-                }
-            }
-            else
-            {
-                CertStore store = (CertStore)obj;
-
-                try
-                {
-                    crls.addAll(store.getCRLs(crlSelect));
-                    foundValidStore = true;
-                }
-                catch (CertStoreException e)
-                {
-                    lastException = new AnnotatedException(
-                        "Exception searching in X.509 CRL store.", e);
-                }
-            }
-        }
-        if (!foundValidStore && lastException != null)
-        {
-            throw lastException;
-        }
-        return crls;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
deleted file mode 100644
index 166433748..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
+++ /dev/null
@@ -1,369 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStreamWriter;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertPath;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ListIterator;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.pkcs.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.openssl.PEMWriter;
-
-/**
- * CertPath implementation for X.509 certificates.
- * 
    
- **/
-public  class PKIXCertPath
-    extends CertPath
-{
-    static final List certPathEncodings;
-
-    static
-    {
-        List encodings = new ArrayList();
-        encodings.add("PkiPath");
-        encodings.add("PEM");
-        encodings.add("PKCS7");
-        certPathEncodings = Collections.unmodifiableList(encodings);
-    }
-
-    private List certificates;
-
-    /**
-     * @param certs
-     */
-    private List sortCerts(
-        List certs)
-    {
-        if (certs.size() < 2)
-        {
-            return certs;
-        }
-        
-        X500Principal   issuer = ((X509Certificate)certs.get(0)).getIssuerX500Principal();
-        boolean         okay = true;
-        
-        for (int i = 1; i != certs.size(); i++) 
-        {
-            X509Certificate cert = (X509Certificate)certs.get(i);
-            
-            if (issuer.equals(cert.getSubjectX500Principal()))
-            {
-                issuer = ((X509Certificate)certs.get(i)).getIssuerX500Principal();
-            }
-            else
-            {
-                okay = false;
-                break;
-            }
-        }
-        
-        if (okay)
-        {
-            return certs;
-        }
-        
-        // find end-entity cert
-        List       retList = new ArrayList(certs.size());
-        List       orig = new ArrayList(certs);
-
-        for (int i = 0; i < certs.size(); i++)
-        {
-            X509Certificate cert = (X509Certificate)certs.get(i);
-            boolean         found = false;
-            
-            X500Principal   subject = cert.getSubjectX500Principal();
-            
-            for (int j = 0; j != certs.size(); j++)
-            {
-                X509Certificate c = (X509Certificate)certs.get(j);
-                if (c.getIssuerX500Principal().equals(subject))
-                {
-                    found = true;
-                    break;
-                }
-            }
-            
-            if (!found)
-            {
-                retList.add(cert);
-                certs.remove(i);
-            }
-        }
-        
-        // can only have one end entity cert - something's wrong, give up.
-        if (retList.size() > 1)
-        {
-            return orig;
-        }
-
-        for (int i = 0; i != retList.size(); i++)
-        {
-            issuer = ((X509Certificate)retList.get(i)).getIssuerX500Principal();
-            
-            for (int j = 0; j < certs.size(); j++)
-            {
-                X509Certificate c = (X509Certificate)certs.get(j);
-                if (issuer.equals(c.getSubjectX500Principal()))
-                {
-                    retList.add(c);
-                    certs.remove(j);
-                    break;
-                }
-            }
-        }
-        
-        // make sure all certificates are accounted for.
-        if (certs.size() > 0)
-        {
-            return orig;
-        }
-        
-        return retList;
-    }
-
-    PKIXCertPath(List certificates)
-    {
-        super("X.509");
-        this.certificates = sortCerts(new ArrayList(certificates));
-    }
-
-    /**
-     * Creates a CertPath of the specified type.
-     * This constructor is protected because most users should use
-     * a CertificateFactory to create CertPaths.
-     **/
-    PKIXCertPath(
-        InputStream inStream,
-        String encoding)
-        throws CertificateException
-    {
-        super("X.509");
-        try
-        {
-            if (encoding.equalsIgnoreCase("PkiPath"))
-            {
-                ASN1InputStream derInStream = new ASN1InputStream(inStream);
-                DERObject derObject = derInStream.readObject();
-                if (!(derObject instanceof ASN1Sequence))
-                {
-                    throw new CertificateException("input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath");
-                }
-                Enumeration e = ((ASN1Sequence)derObject).getObjects();
-                certificates = new ArrayList();
-                CertificateFactory certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
-                while (e.hasMoreElements())
-                {
-                    ASN1Encodable element = (ASN1Encodable)e.nextElement();
-                    byte[] encoded = element.getEncoded(ASN1Encodable.DER);
-                    certificates.add(0, certFactory.generateCertificate(
-                        new ByteArrayInputStream(encoded)));
-                }
-            }
-            else if (encoding.equalsIgnoreCase("PKCS7") || encoding.equalsIgnoreCase("PEM"))
-            {
-                inStream = new BufferedInputStream(inStream);
-                certificates = new ArrayList();
-                CertificateFactory certFactory= CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
-                Certificate cert;
-                while ((cert = certFactory.generateCertificate(inStream)) != null)
-                {
-                    certificates.add(cert);
-                }
-            }
-            else
-            {
-                throw new CertificateException("unsupported encoding: " + encoding);
-            }
-        }
-        catch (IOException ex) 
-        {
-            throw new CertificateException("IOException throw while decoding CertPath:\n" + ex.toString()); 
-        }
-        catch (NoSuchProviderException ex) 
-        {
-            throw new CertificateException("BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString()); 
-        }
-        
-        this.certificates = sortCerts(certificates);
-    }
-    
-    /**
-     * Returns an iteration of the encodings supported by this
-     * certification path, with the default encoding
-     * first. Attempts to modify the returned Iterator via its
-     * remove method result in an UnsupportedOperationException.
-     *
-     * @return an Iterator over the names of the supported encodings (as Strings)
-     **/
-    public Iterator getEncodings()
-    {
-        return certPathEncodings.iterator();
-    }
-
-    /**
-     * Returns the encoded form of this certification path, using
-     * the default encoding.
-     *
-     * @return the encoded bytes
-     * @exception CertificateEncodingException if an encoding error occurs
-     **/
-    public byte[] getEncoded()
-        throws CertificateEncodingException
-    {
-        Iterator iter = getEncodings();
-        if (iter.hasNext())
-        {
-            Object enc = iter.next();
-            if (enc instanceof String)
-            {
-            return getEncoded((String)enc);
-            }
-        }
-        return null;
-    }
-
-    /**
-     * Returns the encoded form of this certification path, using
-     * the specified encoding.
-     *
-     * @param encoding the name of the encoding to use
-     * @return the encoded bytes
-     * @exception CertificateEncodingException if an encoding error
-     * occurs or the encoding requested is not supported
-     *
-     **/
-    public byte[] getEncoded(String encoding)
-        throws CertificateEncodingException
-    {
-        if (encoding.equalsIgnoreCase("PkiPath"))
-        {
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            ListIterator iter = certificates.listIterator(certificates.size());
-            while (iter.hasPrevious())
-            {
-                v.add(toASN1Object((X509Certificate)iter.previous()));
-            }
-
-            return toDEREncoded(new DERSequence(v));
-        }
-        else if (encoding.equalsIgnoreCase("PKCS7"))
-        {
-            ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null);
-
-            ASN1EncodableVector v = new ASN1EncodableVector();
-            for (int i = 0; i != certificates.size(); i++)
-            {
-                v.add(toASN1Object((X509Certificate)certificates.get(i)));
-            }
-            
-            SignedData  sd = new SignedData(
-                                     new DERInteger(1),
-                                     new DERSet(),
-                                     encInfo, 
-                                     new DERSet(v), 
-                                     null, 
-                                     new DERSet());
-
-            return toDEREncoded(new ContentInfo(
-                    PKCSObjectIdentifiers.signedData, sd));
-        }
-        else if (encoding.equalsIgnoreCase("PEM"))
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            PEMWriter             pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
-            try
-            {
-                for (int i = 0; i != certificates.size(); i++)
-                {
-                    pWrt.writeObject(certificates.get(i));
-                }
-            
-                pWrt.close();
-            }
-            catch (Exception e)
-            {
-                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-            }
-
-            return bOut.toByteArray();
-        }
-        else
-        {
-            throw new CertificateEncodingException("unsupported encoding: " + encoding);
-        }
-    }
-
-    /**
-     * Returns the list of certificates in this certification
-     * path. The List returned must be immutable and thread-safe. 
-     *
-     * @return an immutable List of Certificates (may be empty, but not null)
-     **/
-    public List getCertificates()
-    {
-        return Collections.unmodifiableList(new ArrayList(certificates));
-    }
-
-    /**
-     * Return a DERObject containing the encoded certificate.
-     *
-     * @param cert the X509Certificate object to be encoded
-     *
-     * @return the DERObject
-     **/
-    private DERObject toASN1Object(
-        X509Certificate cert)
-        throws CertificateEncodingException
-    {
-        try
-        {
-            return new ASN1InputStream(cert.getEncoded()).readObject();
-        }
-        catch (Exception e)
-        {
-            throw new CertificateEncodingException("Exception while encoding certificate: " + e.toString());
-        }
-    }
-    
-    private byte[] toDEREncoded(ASN1Encodable obj) 
-        throws CertificateEncodingException
-    {
-        try
-        {
-            return obj.getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new CertificateEncodingException("Exception thrown: " + e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
deleted file mode 100644
index 384eb8616..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
+++ /dev/null
@@ -1,261 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilderException;
-import java.security.cert.CertPathBuilderResult;
-import java.security.cert.CertPathBuilderSpi;
-import java.security.cert.CertPathParameters;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.PKIXCertPathBuilderResult;
-import java.security.cert.PKIXCertPathValidatorResult;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.X509CertStoreSelector;
-
-/**
- * Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
- * 
- * @see CertPathBuilderSpi
- */
-public class PKIXCertPathBuilderSpi
-    extends CertPathBuilderSpi
-{
-    /**
-     * Build and validate a CertPath using the given parameter.
-     * 
-     * @param params PKIXBuilderParameters object containing all information to
-     *            build the CertPath
-     */
-    public CertPathBuilderResult engineBuild(CertPathParameters params)
-        throws CertPathBuilderException, InvalidAlgorithmParameterException
-    {
-        if (!(params instanceof PKIXBuilderParameters)
-            && !(params instanceof ExtendedPKIXBuilderParameters))
-        {
-            throw new InvalidAlgorithmParameterException(
-                "Parameters must be an instance of "
-                    + PKIXBuilderParameters.class.getName() + " or "
-                    + ExtendedPKIXBuilderParameters.class.getName() + ".");
-        }
-
-        ExtendedPKIXBuilderParameters pkixParams = null;
-        if (params instanceof ExtendedPKIXBuilderParameters)
-        {
-            pkixParams = (ExtendedPKIXBuilderParameters) params;
-        }
-        else
-        {
-            pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
-                .getInstance((PKIXBuilderParameters) params);
-        }
-
-        Collection targets;
-        Iterator targetIter;
-        List certPathList = new ArrayList();
-        X509Certificate cert;
-
-        // search target certificates
-
-        Selector certSelect = pkixParams.getTargetConstraints();
-        if (!(certSelect instanceof X509CertStoreSelector))
-        {
-            throw new CertPathBuilderException(
-                "TargetConstraints must be an instance of "
-                    + X509CertStoreSelector.class.getName() + " for "
-                    + this.getClass().getName() + " class.");
-        }
-
-        try
-        {
-            targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getStores());
-            targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathBuilderException(
-                "Error finding target certificate.", e);
-        }
-
-        if (targets.isEmpty())
-        {
-
-            throw new CertPathBuilderException(
-                "No certificate found matching targetContraints.");
-        }
-
-        CertPathBuilderResult result = null;
-
-        // check all potential target certificates
-        targetIter = targets.iterator();
-        while (targetIter.hasNext() && result == null)
-        {
-            cert = (X509Certificate) targetIter.next();
-            result = build(cert, pkixParams, certPathList);
-        }
-
-        if (result == null && certPathException != null)
-        {
-            if (certPathException instanceof AnnotatedException)
-            {
-                throw new CertPathBuilderException(certPathException.getMessage(), certPathException.getCause());
-            }
-            throw new CertPathBuilderException(
-                "Possible certificate chain could not be validated.",
-                certPathException);
-        }
-
-        if (result == null && certPathException == null)
-        {
-            throw new CertPathBuilderException(
-                "Unable to find certificate chain.");
-        }
-
-        return result;
-    }
-
-    private Exception certPathException;
-
-    protected CertPathBuilderResult build(X509Certificate tbvCert,
-        ExtendedPKIXBuilderParameters pkixParams, List tbvPath)
-    {
-        // If tbvCert is readily present in tbvPath, it indicates having run
-        // into a cycle in the
-        // PKI graph.
-        if (tbvPath.contains(tbvCert))
-        {
-            return null;
-        }
-        // step out, the certificate is not allowed to appear in a certification
-        // chain.
-        if (pkixParams.getExcludedCerts().contains(tbvCert))
-        {
-            return null;
-        }
-        // test if certificate path exceeds maximum length
-        if (pkixParams.getMaxPathLength() != -1)
-        {
-            if (tbvPath.size() - 1 > pkixParams.getMaxPathLength())
-            {
-                return null;
-            }
-        }
-
-        tbvPath.add(tbvCert);
-
-        CertificateFactory cFact;
-        CertPathValidator validator;
-        CertPathBuilderResult builderResult = null;
-
-        try
-        {
-            cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
-            validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException("Exception creating support classes.");
-        }
-
-        try
-        {
-            // check whether the issuer of  is a TrustAnchor
-            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
-                pkixParams.getSigProvider()) != null)
-            {
-                // exception message from possibly later tried certification
-                // chains
-                CertPath certPath = null;
-                PKIXCertPathValidatorResult result = null;
-                try
-                {
-                    certPath = cFact.generateCertPath(tbvPath);
-                }
-                catch (Exception e)
-                {
-                    throw new AnnotatedException(
-                        "Certification path could not be constructed from certificate list.",
-                        e);
-                }
-
-                try
-                {
-                    result = (PKIXCertPathValidatorResult) validator.validate(
-                        certPath, pkixParams);
-                }
-                catch (Exception e)
-                {
-                    throw new AnnotatedException(
-                        "Certification path could not be validated.", e);
-                }
-
-                return new PKIXCertPathBuilderResult(certPath, result
-                    .getTrustAnchor(), result.getPolicyTree(), result
-                    .getPublicKey());
-
-            }
-            else
-            {
-                // add additional X.509 stores from locations in certificate
-                try
-                {
-                    CertPathValidatorUtilities.addAdditionalStoresFromAltNames(
-                        tbvCert, pkixParams);
-                }
-                catch (CertificateParsingException e)
-                {
-                    throw new AnnotatedException(
-                        "No additiontal X.509 stores can be added from certificate locations.",
-                        e);
-                }
-                Collection issuers = new HashSet();
-                // try to get the issuer certificate from one
-                // of the stores
-                try
-                {
-                    issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new AnnotatedException(
-                        "Cannot find issuer certificate for certificate in certification path.",
-                        e);
-                }
-                if (issuers.isEmpty())
-                {
-                    throw new AnnotatedException(
-                        "No issuer certificate for certificate in certification path found.");
-                }
-                Iterator it = issuers.iterator();
-
-                while (it.hasNext() && builderResult == null)
-                {
-                    X509Certificate issuer = (X509Certificate) it.next();
-                    builderResult = build(issuer, pkixParams, tbvPath);
-                }
-            }
-        }
-        catch (AnnotatedException e)
-        {
-            certPathException = e;
-        }
-        if (builderResult == null)
-        {
-            tbvPath.remove(tbvCert);
-        }
-        return builderResult;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
deleted file mode 100644
index ab44d3dd1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ /dev/null
@@ -1,431 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.PublicKey;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathParameters;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertPathValidatorResult;
-import java.security.cert.CertPathValidatorSpi;
-import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.PKIXCertPathValidatorResult;
-import java.security.cert.PKIXParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-
-/**
- * CertPathValidatorSpi implementation for X.509 Certificate validation � la RFC
- * 3280.
- */
-public class PKIXCertPathValidatorSpi
-        extends CertPathValidatorSpi
-{
-
-    public CertPathValidatorResult engineValidate(
-            CertPath certPath,
-            CertPathParameters params)
-            throws CertPathValidatorException,
-            InvalidAlgorithmParameterException
-    {
-        if (!(params instanceof PKIXParameters))
-        {
-            throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName()
-                    + " instance.");
-        }
-
-        ExtendedPKIXParameters paramsPKIX;
-        if (params instanceof ExtendedPKIXParameters)
-        {
-            paramsPKIX = (ExtendedPKIXParameters)params;
-        }
-        else
-        {
-            paramsPKIX = ExtendedPKIXParameters.getInstance((PKIXParameters)params);
-        }
-        if (paramsPKIX.getTrustAnchors() == null)
-        {
-            throw new InvalidAlgorithmParameterException(
-                    "trustAnchors is null, this is not allowed for certification path validation.");
-        }
-
-        //
-        // 6.1.1 - inputs
-        //
-
-        //
-        // (a)
-        //
-        List certs = certPath.getCertificates();
-        int n = certs.size();
-
-        if (certs.isEmpty())
-        {
-            throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
-        }
-
-        //
-        // (b)
-        //
-        // Date validDate = CertPathValidatorUtilities.getValidDate(paramsPKIX);
-
-        //
-        // (c)
-        //
-        Set userInitialPolicySet = paramsPKIX.getInitialPolicies();
-
-        //
-        // (d)
-        // 
-        TrustAnchor trust;
-        try
-        {
-            trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
-                    paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
-        }
-        catch (AnnotatedException e)
-        {
-            throw new CertPathValidatorException(e.getMessage(), e, certPath, certs.size() - 1);
-        }
-
-        if (trust == null)
-        {
-            throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
-        }
-
-        //
-        // (e), (f), (g) are part of the paramsPKIX object.
-        //
-        Iterator certIter;
-        int index = 0;
-        int i;
-        // Certificate for each interation of the validation loop
-        // Signature information for each iteration of the validation loop
-        //
-        // 6.1.2 - setup
-        //
-
-        //
-        // (a)
-        //
-        List[] policyNodes = new ArrayList[n + 1];
-        for (int j = 0; j < policyNodes.length; j++)
-        {
-            policyNodes[j] = new ArrayList();
-        }
-
-        Set policySet = new HashSet();
-
-        policySet.add(RFC3280CertPathUtilities.ANY_POLICY);
-
-        PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(),
-                RFC3280CertPathUtilities.ANY_POLICY, false);
-
-        policyNodes[0].add(validPolicyTree);
-
-        //
-        // (b) and (c)
-        //
-        PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator();
-
-        // (d)
-        //
-        int explicitPolicy;
-        Set acceptablePolicies = new HashSet();
-
-        if (paramsPKIX.isExplicitPolicyRequired())
-        {
-            explicitPolicy = 0;
-        }
-        else
-        {
-            explicitPolicy = n + 1;
-        }
-
-        //
-        // (e)
-        //
-        int inhibitAnyPolicy;
-
-        if (paramsPKIX.isAnyPolicyInhibited())
-        {
-            inhibitAnyPolicy = 0;
-        }
-        else
-        {
-            inhibitAnyPolicy = n + 1;
-        }
-
-        //
-        // (f)
-        //
-        int policyMapping;
-
-        if (paramsPKIX.isPolicyMappingInhibited())
-        {
-            policyMapping = 0;
-        }
-        else
-        {
-            policyMapping = n + 1;
-        }
-
-        //
-        // (g), (h), (i), (j)
-        //
-        PublicKey workingPublicKey;
-        X500Principal workingIssuerName;
-
-        X509Certificate sign = trust.getTrustedCert();
-        try
-        {
-            if (sign != null)
-            {
-                workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
-                workingPublicKey = sign.getPublicKey();
-            }
-            else
-            {
-                workingIssuerName = new X500Principal(trust.getCAName());
-                workingPublicKey = trust.getCAPublicKey();
-            }
-        }
-        catch (IllegalArgumentException ex)
-        {
-            throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath,
-                    -1);
-        }
-
-        AlgorithmIdentifier workingAlgId = null;
-        try
-        {
-            workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey);
-        }
-        catch (CertPathValidatorException e)
-        {
-            throw new ExtCertPathValidatorException(
-                    "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
-        }
-        DERObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getObjectId();
-        DEREncodable workingPublicKeyParameters = workingAlgId.getParameters();
-
-        //
-        // (k)
-        //
-        int maxPathLength = n;
-
-        //
-        // 6.1.3
-        //
-
-        if (paramsPKIX.getTargetConstraints() != null
-                && !paramsPKIX.getTargetConstraints().match((X509Certificate) certs.get(0)))
-        {
-            throw new ExtCertPathValidatorException(
-                    "Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
-        }
-
-        // 
-        // initialize CertPathChecker's
-        //
-        List pathCheckers = paramsPKIX.getCertPathCheckers();
-        certIter = pathCheckers.iterator();
-        while (certIter.hasNext())
-        {
-            ((PKIXCertPathChecker) certIter.next()).init(false);
-        }
-
-        X509Certificate cert = null;
-
-        for (index = certs.size() - 1; index >= 0; index--)
-        {
-            // try
-            // {
-            //
-            // i as defined in the algorithm description
-            //
-            i = n - index;
-
-            //
-            // set certificate to be checked in this round
-            // sign and workingPublicKey and workingIssuerName are set
-            // at the end of the for loop and initialized the
-            // first time from the TrustAnchor
-            //
-            cert = (X509Certificate) certs.get(index);
-            boolean verificationAlreadyPerformed = (index == certs.size() - 1);
-
-            //
-            // 6.1.3
-            //
-
-            RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
-                verificationAlreadyPerformed, workingIssuerName, sign);
-
-            RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
-
-            validPolicyTree = RFC3280CertPathUtilities.processCertD(certPath, index, acceptablePolicies,
-                    validPolicyTree, policyNodes, inhibitAnyPolicy);
-
-            validPolicyTree = RFC3280CertPathUtilities.processCertE(certPath, index, validPolicyTree);
-
-            RFC3280CertPathUtilities.processCertF(certPath, index, validPolicyTree, explicitPolicy);
-
-            //
-            // 6.1.4
-            //
-
-            if (i != n)
-            {
-                if (cert != null && cert.getVersion() == 1)
-                {
-                    throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
-                            certPath, index);
-                }
-
-                RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
-
-                validPolicyTree = RFC3280CertPathUtilities.prepareCertB(certPath, index, policyNodes, validPolicyTree,
-                        policyMapping);
-
-                RFC3280CertPathUtilities.prepareNextCertG(certPath, index, nameConstraintValidator);
-
-                // (h)
-                explicitPolicy = RFC3280CertPathUtilities.prepareNextCertH1(certPath, index, explicitPolicy);
-                policyMapping = RFC3280CertPathUtilities.prepareNextCertH2(certPath, index, policyMapping);
-                inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertH3(certPath, index, inhibitAnyPolicy);
-
-                //
-                // (i)
-                //
-                explicitPolicy = RFC3280CertPathUtilities.prepareNextCertI1(certPath, index, explicitPolicy);
-                policyMapping = RFC3280CertPathUtilities.prepareNextCertI2(certPath, index, policyMapping);
-
-                // (j)
-                inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
-
-                // (k)
-                RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
-
-                // (l)
-                maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
-
-                // (m)
-                maxPathLength = RFC3280CertPathUtilities.prepareNextCertM(certPath, index, maxPathLength);
-
-                // (n)
-                RFC3280CertPathUtilities.prepareNextCertN(certPath, index);
-
-                Set criticalExtensions = cert.getCriticalExtensionOIDs();
-                if (criticalExtensions != null)
-                {
-                    criticalExtensions = new HashSet(criticalExtensions);
-
-                    // these extensions are handled by the algorithm
-                    criticalExtensions.remove(RFC3280CertPathUtilities.KEY_USAGE);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_MAPPINGS);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_CONSTRAINTS);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.BASIC_CONSTRAINTS);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME);
-                    criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS);
-                }
-                else
-                {
-                    criticalExtensions = new HashSet();
-                }
-
-                // (o)
-                RFC3280CertPathUtilities.prepareNextCertO(certPath, index, criticalExtensions, pathCheckers);
-                
-                // set signing certificate for next round
-                sign = cert;
-
-                // (c)
-                workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
-
-                // (d)
-                try
-                {
-                    workingPublicKey = CertPathValidatorUtilities.getNextWorkingKey(certPath.getCertificates(), index);
-                }
-                catch (CertPathValidatorException e)
-                {
-                    throw new CertPathValidatorException("Next working key could not be retrieved.", e, certPath, index);
-                }
-
-                workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey);
-                // (f)
-                workingPublicKeyAlgorithm = workingAlgId.getObjectId();
-                // (e)
-                workingPublicKeyParameters = workingAlgId.getParameters();
-            }
-        }
-
-        //
-        // 6.1.5 Wrap-up procedure
-        //
-
-        explicitPolicy = RFC3280CertPathUtilities.wrapupCertA(explicitPolicy, cert);
-
-        explicitPolicy = RFC3280CertPathUtilities.wrapupCertB(certPath, index + 1, explicitPolicy);
-
-        //
-        // (c) (d) and (e) are already done
-        //
-
-        //
-        // (f)
-        //
-        Set criticalExtensions = cert.getCriticalExtensionOIDs();
-
-        if (criticalExtensions != null)
-        {
-            criticalExtensions = new HashSet(criticalExtensions);
-            // these extensions are handled by the algorithm
-            criticalExtensions.remove(RFC3280CertPathUtilities.KEY_USAGE);
-            criticalExtensions.remove(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
-            criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_MAPPINGS);
-            criticalExtensions.remove(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY);
-            criticalExtensions.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
-            criticalExtensions.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
-            criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_CONSTRAINTS);
-            criticalExtensions.remove(RFC3280CertPathUtilities.BASIC_CONSTRAINTS);
-            criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME);
-            criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS);
-            criticalExtensions.remove(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS);
-        }
-        else
-        {
-            criticalExtensions = new HashSet();
-        }
-
-        RFC3280CertPathUtilities.wrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions);
-
-        PKIXPolicyNode intersection = RFC3280CertPathUtilities.wrapupCertG(certPath, paramsPKIX, userInitialPolicySet,
-                index + 1, policyNodes, validPolicyTree, acceptablePolicies);
-
-        if ((explicitPolicy > 0) || (intersection != null))
-        {
-            return new PKIXCertPathValidatorResult(trust, intersection, cert.getPublicKey());
-        }
-
-        throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, index);
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
deleted file mode 100644
index 99398ba88..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
+++ /dev/null
@@ -1,1922 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralSubtree;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Strings;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-public class PKIXNameConstraintValidator
-{
-    private Set excludedSubtreesDN = new HashSet();
-
-    private Set excludedSubtreesDNS = new HashSet();
-
-    private Set excludedSubtreesEmail = new HashSet();
-
-    private Set excludedSubtreesURI = new HashSet();
-
-    private Set excludedSubtreesIP = new HashSet();
-
-    private Set permittedSubtreesDN;
-
-    private Set permittedSubtreesDNS;
-
-    private Set permittedSubtreesEmail;
-
-    private Set permittedSubtreesURI;
-
-    private Set permittedSubtreesIP;
-
-    public PKIXNameConstraintValidator()
-    {
-    }
-
-    private static boolean withinDNSubtree(
-        ASN1Sequence dns,
-        ASN1Sequence subtree)
-    {
-        if (subtree.size() < 1)
-        {
-            return false;
-        }
-
-        if (subtree.size() > dns.size())
-        {
-            return false;
-        }
-
-        for (int j = subtree.size() - 1; j >= 0; j--)
-        {
-            if (!subtree.getObjectAt(j).equals(dns.getObjectAt(j)))
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    public void checkPermittedDN(ASN1Sequence dns)
-        throws PKIXNameConstraintValidatorException
-    {
-        checkPermittedDN(permittedSubtreesDN, dns);
-    }
-
-    public void checkExcludedDN(ASN1Sequence dns)
-        throws PKIXNameConstraintValidatorException
-    {
-        checkExcludedDN(excludedSubtreesDN, dns);
-    }
-
-    private void checkPermittedDN(Set permitted, ASN1Sequence dns)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (permitted == null)
-        {
-            return;
-        }
-
-        if (permitted.isEmpty() && dns.size() == 0)
-        {
-            return;
-        }
-        Iterator it = permitted.iterator();
-
-        while (it.hasNext())
-        {
-            ASN1Sequence subtree = (ASN1Sequence)it.next();
-
-            if (withinDNSubtree(dns, subtree))
-            {
-                return;
-            }
-        }
-
-        throw new PKIXNameConstraintValidatorException(
-            "Subject distinguished name is not from a permitted subtree");
-    }
-
-    private void checkExcludedDN(Set excluded, ASN1Sequence dns)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (excluded.isEmpty())
-        {
-            return;
-        }
-
-        Iterator it = excluded.iterator();
-
-        while (it.hasNext())
-        {
-            ASN1Sequence subtree = (ASN1Sequence)it.next();
-
-            if (withinDNSubtree(dns, subtree))
-            {
-                throw new PKIXNameConstraintValidatorException(
-                    "Subject distinguished name is from an excluded subtree");
-            }
-        }
-    }
-
-    private Set intersectDN(Set permitted, Set dns)
-    {
-        Set intersect = new HashSet();
-        for (Iterator it = dns.iterator(); it.hasNext();)
-        {
-            ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it
-                .next()).getBase().getName().getDERObject());
-            if (permitted == null)
-            {
-                if (dn != null)
-                {
-                    intersect.add(dn);
-                }
-            }
-            else
-            {
-                Iterator _iter = permitted.iterator();
-                while (_iter.hasNext())
-                {
-                    ASN1Sequence subtree = (ASN1Sequence)_iter.next();
-
-                    if (withinDNSubtree(dn, subtree))
-                    {
-                        intersect.add(dn);
-                    }
-                    else if (withinDNSubtree(subtree, dn))
-                    {
-                        intersect.add(subtree);
-                    }
-                }
-            }
-        }
-        return intersect;
-    }
-
-    private Set unionDN(Set excluded, ASN1Sequence dn)
-    {
-        if (excluded.isEmpty())
-        {
-            if (dn == null)
-            {
-                return excluded;
-            }
-            excluded.add(dn);
-
-            return excluded;
-        }
-        else
-        {
-            Set intersect = new HashSet();
-
-            Iterator it = excluded.iterator();
-            while (it.hasNext())
-            {
-                ASN1Sequence subtree = (ASN1Sequence)it.next();
-
-                if (withinDNSubtree(dn, subtree))
-                {
-                    intersect.add(subtree);
-                }
-                else if (withinDNSubtree(subtree, dn))
-                {
-                    intersect.add(dn);
-                }
-                else
-                {
-                    intersect.add(subtree);
-                    intersect.add(dn);
-                }
-            }
-
-            return intersect;
-        }
-    }
-
-    private Set intersectEmail(Set permitted, Set emails)
-    {
-        Set intersect = new HashSet();
-        for (Iterator it = emails.iterator(); it.hasNext();)
-        {
-            String email = extractNameAsString(((GeneralSubtree)it.next())
-                .getBase());
-
-            if (permitted == null)
-            {
-                if (email != null)
-                {
-                    intersect.add(email);
-                }
-            }
-            else
-            {
-                Iterator it2 = permitted.iterator();
-                while (it2.hasNext())
-                {
-                    String _permitted = (String)it2.next();
-
-                    intersectEmail(email, _permitted, intersect);
-                }
-            }
-        }
-        return intersect;
-    }
-
-    private Set unionEmail(Set excluded, String email)
-    {
-        if (excluded.isEmpty())
-        {
-            if (email == null)
-            {
-                return excluded;
-            }
-            excluded.add(email);
-            return excluded;
-        }
-        else
-        {
-            Set union = new HashSet();
-
-            Iterator it = excluded.iterator();
-            while (it.hasNext())
-            {
-                String _excluded = (String)it.next();
-
-                unionEmail(_excluded, email, union);
-            }
-
-            return union;
-        }
-    }
-
-    /**
-     * Returns the intersection of the permitted IP ranges in
-     * permitted with ip.
-     *
-     * @param permitted A Set of permitted IP addresses with
-     *                  their subnet mask as byte arrays.
-     * @param ips       The IP address with its subnet mask.
-     * @return The Set of permitted IP ranges intersected with
-     *         ip.
-     */
-    private Set intersectIP(Set permitted, Set ips)
-    {
-        Set intersect = new HashSet();
-        for (Iterator it = ips.iterator(); it.hasNext();)
-        {
-            byte[] ip = ASN1OctetString.getInstance(
-                ((GeneralSubtree)it.next()).getBase().getName()).getOctets();
-            if (permitted == null)
-            {
-                if (ip != null)
-                {
-                    intersect.add(ip);
-                }
-            }
-            else
-            {
-                Iterator it2 = permitted.iterator();
-                while (it2.hasNext())
-                {
-                    byte[] _permitted = (byte[])it2.next();
-                    intersect.addAll(intersectIPRange(_permitted, ip));
-                }
-            }
-        }
-        return intersect;
-    }
-
-    /**
-     * Returns the union of the excluded IP ranges in excluded
-     * with ip.
-     *
-     * @param excluded A Set of excluded IP addresses with their
-     *                 subnet mask as byte arrays.
-     * @param ip       The IP address with its subnet mask.
-     * @return The Set of excluded IP ranges unified with
-     *         ip as byte arrays.
-     */
-    private Set unionIP(Set excluded, byte[] ip)
-    {
-        if (excluded.isEmpty())
-        {
-            if (ip == null)
-            {
-                return excluded;
-            }
-            excluded.add(ip);
-
-            return excluded;
-        }
-        else
-        {
-            Set union = new HashSet();
-
-            Iterator it = excluded.iterator();
-            while (it.hasNext())
-            {
-                byte[] _excluded = (byte[])it.next();
-                union.addAll(unionIPRange(_excluded, ip));
-            }
-
-            return union;
-        }
-    }
-
-    /**
-     * Calculates the union if two IP ranges.
-     *
-     * @param ipWithSubmask1 The first IP address with its subnet mask.
-     * @param ipWithSubmask2 The second IP address with its subnet mask.
-     * @return A Set with the union of both addresses.
-     */
-    private Set unionIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
-    {
-        Set set = new HashSet();
-
-        // difficult, adding always all IPs is not wrong
-        if (Arrays.areEqual(ipWithSubmask1, ipWithSubmask2))
-        {
-            set.add(ipWithSubmask1);
-        }
-        else
-        {
-            set.add(ipWithSubmask1);
-            set.add(ipWithSubmask2);
-        }
-        return set;
-    }
-
-    /**
-     * Calculates the interesction if two IP ranges.
-     *
-     * @param ipWithSubmask1 The first IP address with its subnet mask.
-     * @param ipWithSubmask2 The second IP address with its subnet mask.
-     * @return A Set with the single IP address with its subnet
-     *         mask as a byte array or an empty Set.
-     */
-    private Set intersectIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
-    {
-        if (ipWithSubmask1.length != ipWithSubmask2.length)
-        {
-            return Collections.EMPTY_SET;
-        }
-        byte[][] temp = extractIPsAndSubnetMasks(ipWithSubmask1, ipWithSubmask2);
-        byte ip1[] = temp[0];
-        byte subnetmask1[] = temp[1];
-        byte ip2[] = temp[2];
-        byte subnetmask2[] = temp[3];
-
-        byte minMax[][] = minMaxIPs(ip1, subnetmask1, ip2, subnetmask2);
-        byte[] min;
-        byte[] max;
-        max = min(minMax[1], minMax[3]);
-        min = max(minMax[0], minMax[2]);
-
-        // minimum IP address must be bigger than max
-        if (compareTo(min, max) == 1)
-        {
-            return Collections.EMPTY_SET;
-        }
-        // OR keeps all significant bits
-        byte[] ip = or(minMax[0], minMax[2]);
-        byte[] subnetmask = or(subnetmask1, subnetmask2);
-        return Collections.singleton(ipWithSubnetMask(ip, subnetmask));
-    }
-
-    /**
-     * Concatenates the IP address with its subnet mask.
-     *
-     * @param ip         The IP address.
-     * @param subnetMask Its subnet mask.
-     * @return The concatenated IP address with its subnet mask.
-     */
-    private byte[] ipWithSubnetMask(byte[] ip, byte[] subnetMask)
-    {
-        int ipLength = ip.length;
-        byte[] temp = new byte[ipLength * 2];
-        System.arraycopy(ip, 0, temp, 0, ipLength);
-        System.arraycopy(subnetMask, 0, temp, ipLength, ipLength);
-        return temp;
-    }
-
-    /**
-     * Splits the IP addresses and their subnet mask.
-     *
-     * @param ipWithSubmask1 The first IP address with the subnet mask.
-     * @param ipWithSubmask2 The second IP address with the subnet mask.
-     * @return An array with two elements. Each element contains the IP address
-     *         and the subnet mask in this order.
-     */
-    private byte[][] extractIPsAndSubnetMasks(
-        byte[] ipWithSubmask1,
-        byte[] ipWithSubmask2)
-    {
-        int ipLength = ipWithSubmask1.length / 2;
-        byte ip1[] = new byte[ipLength];
-        byte subnetmask1[] = new byte[ipLength];
-        System.arraycopy(ipWithSubmask1, 0, ip1, 0, ipLength);
-        System.arraycopy(ipWithSubmask1, ipLength, subnetmask1, 0, ipLength);
-
-        byte ip2[] = new byte[ipLength];
-        byte subnetmask2[] = new byte[ipLength];
-        System.arraycopy(ipWithSubmask2, 0, ip2, 0, ipLength);
-        System.arraycopy(ipWithSubmask2, ipLength, subnetmask2, 0, ipLength);
-        return new byte[][]
-            {ip1, subnetmask1, ip2, subnetmask2};
-    }
-
-    /**
-     * Based on the two IP addresses and their subnet masks the IP range is
-     * computed for each IP address - subnet mask pair and returned as the
-     * minimum IP address and the maximum address of the range.
-     *
-     * @param ip1         The first IP address.
-     * @param subnetmask1 The subnet mask of the first IP address.
-     * @param ip2         The second IP address.
-     * @param subnetmask2 The subnet mask of the second IP address.
-     * @return A array with two elements. The first/second element contains the
-     *         min and max IP address of the first/second IP address and its
-     *         subnet mask.
-     */
-    private byte[][] minMaxIPs(
-        byte[] ip1,
-        byte[] subnetmask1,
-        byte[] ip2,
-        byte[] subnetmask2)
-    {
-        int ipLength = ip1.length;
-        byte[] min1 = new byte[ipLength];
-        byte[] max1 = new byte[ipLength];
-
-        byte[] min2 = new byte[ipLength];
-        byte[] max2 = new byte[ipLength];
-
-        for (int i = 0; i < ipLength; i++)
-        {
-            min1[i] = (byte)(ip1[i] & subnetmask1[i]);
-            max1[i] = (byte)(ip1[i] & subnetmask1[i] | ~subnetmask1[i]);
-
-            min2[i] = (byte)(ip2[i] & subnetmask2[i]);
-            max2[i] = (byte)(ip2[i] & subnetmask2[i] | ~subnetmask2[i]);
-        }
-
-        return new byte[][]{min1, max1, min2, max2};
-    }
-
-    private void checkPermittedEmail(Set permitted, String email)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (permitted == null)
-        {
-            return;
-        }
-
-        Iterator it = permitted.iterator();
-
-        while (it.hasNext())
-        {
-            String str = ((String)it.next());
-
-            if (emailIsConstrained(email, str))
-            {
-                return;
-            }
-        }
-
-        if (email.length() == 0 && permitted.size() == 0)
-        {
-            return;
-        }
-
-        throw new PKIXNameConstraintValidatorException(
-            "Subject email address is not from a permitted subtree.");
-    }
-
-    private void checkExcludedEmail(Set excluded, String email)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (excluded.isEmpty())
-        {
-            return;
-        }
-
-        Iterator it = excluded.iterator();
-
-        while (it.hasNext())
-        {
-            String str = (String)it.next();
-
-            if (emailIsConstrained(email, str))
-            {
-                throw new PKIXNameConstraintValidatorException(
-                    "Email address is from an excluded subtree.");
-            }
-        }
-    }
-
-    /**
-     * Checks if the IP ip is included in the permitted set
-     * permitted.
-     *
-     * @param permitted A Set of permitted IP addresses with
-     *                  their subnet mask as byte arrays.
-     * @param ip        The IP address.
-     * @throws PKIXNameConstraintValidatorException
-     *          if the IP is not permitted.
-     */
-    private void checkPermittedIP(Set permitted, byte[] ip)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (permitted == null)
-        {
-            return;
-        }
-
-        Iterator it = permitted.iterator();
-
-        while (it.hasNext())
-        {
-            byte[] ipWithSubnet = (byte[])it.next();
-
-            if (isIPConstrained(ip, ipWithSubnet))
-            {
-                return;
-            }
-        }
-        if (ip.length == 0 && permitted.size() == 0)
-        {
-            return;
-        }
-        throw new PKIXNameConstraintValidatorException(
-            "IP is not from a permitted subtree.");
-    }
-
-    /**
-     * Checks if the IP ip is included in the excluded set
-     * excluded.
-     *
-     * @param excluded A Set of excluded IP addresses with their
-     *                 subnet mask as byte arrays.
-     * @param ip       The IP address.
-     * @throws PKIXNameConstraintValidatorException
-     *          if the IP is excluded.
-     */
-    private void checkExcludedIP(Set excluded, byte[] ip)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (excluded.isEmpty())
-        {
-            return;
-        }
-
-        Iterator it = excluded.iterator();
-
-        while (it.hasNext())
-        {
-            byte[] ipWithSubnet = (byte[])it.next();
-
-            if (isIPConstrained(ip, ipWithSubnet))
-            {
-                throw new PKIXNameConstraintValidatorException(
-                    "IP is from an excluded subtree.");
-            }
-        }
-    }
-
-    /**
-     * Checks if the IP address ip is constrained by
-     * constraint.
-     *
-     * @param ip         The IP address.
-     * @param constraint The constraint. This is an IP address concatenated with
-     *                   its subnetmask.
-     * @return true if constrained, false
-     *         otherwise.
-     */
-    private boolean isIPConstrained(byte ip[], byte[] constraint)
-    {
-        int ipLength = ip.length;
-
-        if (ipLength != (constraint.length / 2))
-        {
-            return false;
-        }
-
-        byte[] subnetMask = new byte[ipLength];
-        System.arraycopy(constraint, ipLength, subnetMask, 0, ipLength);
-
-        byte[] permittedSubnetAddress = new byte[ipLength];
-
-        byte[] ipSubnetAddress = new byte[ipLength];
-
-        // the resulting IP address by applying the subnet mask
-        for (int i = 0; i < ipLength; i++)
-        {
-            permittedSubnetAddress[i] = (byte)(constraint[i] & subnetMask[i]);
-            ipSubnetAddress[i] = (byte)(ip[i] & subnetMask[i]);
-        }
-
-        return Arrays.areEqual(permittedSubnetAddress, ipSubnetAddress);
-    }
-
-    private boolean emailIsConstrained(String email, String constraint)
-    {
-        String sub = email.substring(email.indexOf('@') + 1);
-        // a particular mailbox
-        if (constraint.indexOf('@') != -1)
-        {
-            if (email.equalsIgnoreCase(constraint))
-            {
-                return true;
-            }
-        }
-        // on particular host
-        else if (!(constraint.charAt(0) == '.'))
-        {
-            if (sub.equalsIgnoreCase(constraint))
-            {
-                return true;
-            }
-        }
-        // address in sub domain
-        else if (withinDomain(sub, constraint))
-        {
-            return true;
-        }
-        return false;
-    }
-
-    private boolean withinDomain(String testDomain, String domain)
-    {
-        String tempDomain = domain;
-        if (tempDomain.startsWith("."))
-        {
-            tempDomain = tempDomain.substring(1);
-        }
-        String[] domainParts = Strings.split(tempDomain, '.');
-        String[] testDomainParts = Strings.split(testDomain, '.');
-        // must have at least one subdomain
-        if (testDomainParts.length <= domainParts.length)
-        {
-            return false;
-        }
-        int d = testDomainParts.length - domainParts.length;
-        for (int i = -1; i < domainParts.length; i++)
-        {
-            if (i == -1)
-            {
-                if (testDomainParts[i + d].equals(""))
-                {
-                    return false;
-                }
-            }
-            else if (!domainParts[i].equalsIgnoreCase(testDomainParts[i + d]))
-            {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    private void checkPermittedDNS(Set permitted, String dns)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (permitted == null)
-        {
-            return;
-        }
-
-        Iterator it = permitted.iterator();
-
-        while (it.hasNext())
-        {
-            String str = ((String)it.next());
-
-            // is sub domain
-            if (withinDomain(dns, str) || dns.equalsIgnoreCase(str))
-            {
-                return;
-            }
-        }
-        if (dns.length() == 0 && permitted.size() == 0)
-        {
-            return;
-        }
-        throw new PKIXNameConstraintValidatorException(
-            "DNS is not from a permitted subtree.");
-    }
-
-    private void checkExcludedDNS(Set excluded, String dns)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (excluded.isEmpty())
-        {
-            return;
-        }
-
-        Iterator it = excluded.iterator();
-
-        while (it.hasNext())
-        {
-            String str = ((String)it.next());
-
-            // is sub domain or the same
-            if (withinDomain(dns, str) || dns.equalsIgnoreCase(str))
-            {
-                throw new PKIXNameConstraintValidatorException(
-                    "DNS is from an excluded subtree.");
-            }
-        }
-    }
-
-    /**
-     * The common part of email1 and email2 is
-     * added to the union union. If email1 and
-     * email2 have nothing in common they are added both.
-     *
-     * @param email1 Email address constraint 1.
-     * @param email2 Email address constraint 2.
-     * @param union  The union.
-     */
-    private void unionEmail(String email1, String email2, Set union)
-    {
-        // email1 is a particular address
-        if (email1.indexOf('@') != -1)
-        {
-            String _sub = email1.substring(email1.indexOf('@') + 1);
-            // both are a particular mailbox
-            if (email2.indexOf('@') != -1)
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(_sub, email2))
-                {
-                    union.add(email2);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (_sub.equalsIgnoreCase(email2))
-                {
-                    union.add(email2);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-        }
-        // email1 specifies a domain
-        else if (email1.startsWith("."))
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email1.indexOf('@') + 1);
-                if (withinDomain(_sub, email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2)
-                    || email1.equalsIgnoreCase(email2))
-                {
-                    union.add(email2);
-                }
-                else if (withinDomain(email2, email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            else
-            {
-                if (withinDomain(email2, email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-        }
-        // email specifies a host
-        else
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email1.indexOf('@') + 1);
-                if (_sub.equalsIgnoreCase(email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2))
-                {
-                    union.add(email2);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-        }
-    }
-
-    private void unionURI(String email1, String email2, Set union)
-    {
-        // email1 is a particular address
-        if (email1.indexOf('@') != -1)
-        {
-            String _sub = email1.substring(email1.indexOf('@') + 1);
-            // both are a particular mailbox
-            if (email2.indexOf('@') != -1)
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(_sub, email2))
-                {
-                    union.add(email2);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (_sub.equalsIgnoreCase(email2))
-                {
-                    union.add(email2);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-        }
-        // email1 specifies a domain
-        else if (email1.startsWith("."))
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email1.indexOf('@') + 1);
-                if (withinDomain(_sub, email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2)
-                    || email1.equalsIgnoreCase(email2))
-                {
-                    union.add(email2);
-                }
-                else if (withinDomain(email2, email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            else
-            {
-                if (withinDomain(email2, email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-        }
-        // email specifies a host
-        else
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email1.indexOf('@') + 1);
-                if (_sub.equalsIgnoreCase(email1))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2))
-                {
-                    union.add(email2);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    union.add(email1);
-                }
-                else
-                {
-                    union.add(email1);
-                    union.add(email2);
-                }
-            }
-        }
-    }
-
-    private Set intersectDNS(Set permitted, Set dnss)
-    {
-        Set intersect = new HashSet();
-        for (Iterator it = dnss.iterator(); it.hasNext();)
-        {
-            String dns = extractNameAsString(((GeneralSubtree)it.next())
-                .getBase());
-            if (permitted == null)
-            {
-                if (dns != null)
-                {
-                    intersect.add(dns);
-                }
-            }
-            else
-            {
-                Iterator _iter = permitted.iterator();
-                while (_iter.hasNext())
-                {
-                    String _permitted = (String)_iter.next();
-
-                    if (withinDomain(_permitted, dns))
-                    {
-                        intersect.add(_permitted);
-                    }
-                    else if (withinDomain(dns, _permitted))
-                    {
-                        intersect.add(dns);
-                    }
-                }
-            }
-        }
-
-        return intersect;
-    }
-
-    protected Set unionDNS(Set excluded, String dns)
-    {
-        if (excluded.isEmpty())
-        {
-            if (dns == null)
-            {
-                return excluded;
-            }
-            excluded.add(dns);
-
-            return excluded;
-        }
-        else
-        {
-            Set union = new HashSet();
-
-            Iterator _iter = excluded.iterator();
-            while (_iter.hasNext())
-            {
-                String _permitted = (String)_iter.next();
-
-                if (withinDomain(_permitted, dns))
-                {
-                    union.add(dns);
-                }
-                else if (withinDomain(dns, _permitted))
-                {
-                    union.add(_permitted);
-                }
-                else
-                {
-                    union.add(_permitted);
-                    union.add(dns);
-                }
-            }
-
-            return union;
-        }
-    }
-
-    /**
-     * The most restricting part from email1 and
-     * email2 is added to the intersection intersect.
-     *
-     * @param email1    Email address constraint 1.
-     * @param email2    Email address constraint 2.
-     * @param intersect The intersection.
-     */
-    private void intersectEmail(String email1, String email2, Set intersect)
-    {
-        // email1 is a particular address
-        if (email1.indexOf('@') != -1)
-        {
-            String _sub = email1.substring(email1.indexOf('@') + 1);
-            // both are a particular mailbox
-            if (email2.indexOf('@') != -1)
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(_sub, email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (_sub.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-        }
-        // email specifies a domain
-        else if (email1.startsWith("."))
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email1.indexOf('@') + 1);
-                if (withinDomain(_sub, email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2)
-                    || email1.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-                else if (withinDomain(email2, email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-            else
-            {
-                if (withinDomain(email2, email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-        }
-        // email1 specifies a host
-        else
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email2.indexOf('@') + 1);
-                if (_sub.equalsIgnoreCase(email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-        }
-    }
-
-    private void checkExcludedURI(Set excluded, String uri)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (excluded.isEmpty())
-        {
-            return;
-        }
-
-        Iterator it = excluded.iterator();
-
-        while (it.hasNext())
-        {
-            String str = ((String)it.next());
-
-            if (isUriConstrained(uri, str))
-            {
-                throw new PKIXNameConstraintValidatorException(
-                    "URI is from an excluded subtree.");
-            }
-        }
-    }
-
-    private Set intersectURI(Set permitted, Set uris)
-    {
-        Set intersect = new HashSet();
-        for (Iterator it = uris.iterator(); it.hasNext();)
-        {
-            String uri = extractNameAsString(((GeneralSubtree)it.next())
-                .getBase());
-            if (permitted == null)
-            {
-                if (uri != null)
-                {
-                    intersect.add(uri);
-                }
-            }
-            else
-            {
-                Iterator _iter = permitted.iterator();
-                while (_iter.hasNext())
-                {
-                    String _permitted = (String)_iter.next();
-                    intersectURI(_permitted, uri, intersect);
-                }
-            }
-        }
-        return intersect;
-    }
-
-    private Set unionURI(Set excluded, String uri)
-    {
-        if (excluded.isEmpty())
-        {
-            if (uri == null)
-            {
-                return excluded;
-            }
-            excluded.add(uri);
-
-            return excluded;
-        }
-        else
-        {
-            Set union = new HashSet();
-
-            Iterator _iter = excluded.iterator();
-            while (_iter.hasNext())
-            {
-                String _excluded = (String)_iter.next();
-
-                unionURI(_excluded, uri, union);
-            }
-
-            return union;
-        }
-    }
-
-    private void intersectURI(String email1, String email2, Set intersect)
-    {
-        // email1 is a particular address
-        if (email1.indexOf('@') != -1)
-        {
-            String _sub = email1.substring(email1.indexOf('@') + 1);
-            // both are a particular mailbox
-            if (email2.indexOf('@') != -1)
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(_sub, email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (_sub.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-        }
-        // email specifies a domain
-        else if (email1.startsWith("."))
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email1.indexOf('@') + 1);
-                if (withinDomain(_sub, email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2)
-                    || email1.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-                else if (withinDomain(email2, email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-            else
-            {
-                if (withinDomain(email2, email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-        }
-        // email1 specifies a host
-        else
-        {
-            if (email2.indexOf('@') != -1)
-            {
-                String _sub = email2.substring(email2.indexOf('@') + 1);
-                if (_sub.equalsIgnoreCase(email1))
-                {
-                    intersect.add(email2);
-                }
-            }
-            // email2 specifies a domain
-            else if (email2.startsWith("."))
-            {
-                if (withinDomain(email1, email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-            // email2 specifies a particular host
-            else
-            {
-                if (email1.equalsIgnoreCase(email2))
-                {
-                    intersect.add(email1);
-                }
-            }
-        }
-    }
-
-    private void checkPermittedURI(Set permitted, String uri)
-        throws PKIXNameConstraintValidatorException
-    {
-        if (permitted == null)
-        {
-            return;
-        }
-
-        Iterator it = permitted.iterator();
-
-        while (it.hasNext())
-        {
-            String str = ((String)it.next());
-
-            if (isUriConstrained(uri, str))
-            {
-                return;
-            }
-        }
-        if (uri.length() == 0 && permitted.size() == 0)
-        {
-            return;
-        }
-        throw new PKIXNameConstraintValidatorException(
-            "URI is not from a permitted subtree.");
-    }
-
-    private boolean isUriConstrained(String uri, String constraint)
-    {
-        String host = extractHostFromURL(uri);
-        // a host
-        if (!constraint.startsWith("."))
-        {
-            if (host.equalsIgnoreCase(constraint))
-            {
-                return true;
-            }
-        }
-
-        // in sub domain or domain
-        else if (withinDomain(host, constraint))
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private static String extractHostFromURL(String url)
-    {
-        // see RFC 1738
-        // remove ':' after protocol, e.g. http:
-        String sub = url.substring(url.indexOf(':') + 1);
-        // extract host from Common Internet Scheme Syntax, e.g. http://
-        if (sub.indexOf("//") != -1)
-        {
-            sub = sub.substring(sub.indexOf("//") + 2);
-        }
-        // first remove port, e.g. http://test.com:21
-        if (sub.lastIndexOf(':') != -1)
-        {
-            sub = sub.substring(0, sub.lastIndexOf(':'));
-        }
-        // remove user and password, e.g. http://john:password@test.com
-        sub = sub.substring(sub.indexOf(':') + 1);
-        sub = sub.substring(sub.indexOf('@') + 1);
-        // remove local parts, e.g. http://test.com/bla
-        if (sub.indexOf('/') != -1)
-        {
-            sub = sub.substring(0, sub.indexOf('/'));
-        }
-        return sub;
-    }
-
-    /**
-     * Checks if the given GeneralName is in the permitted set.
-     *
-     * @param name The GeneralName
-     * @throws PKIXNameConstraintValidatorException
-     *          If the name
-     */
-    public void checkPermitted(GeneralName name)
-        throws PKIXNameConstraintValidatorException
-    {
-        switch (name.getTagNo())
-        {
-            case 1:
-                checkPermittedEmail(permittedSubtreesEmail,
-                    extractNameAsString(name));
-                break;
-            case 2:
-                checkPermittedDNS(permittedSubtreesDNS, DERIA5String.getInstance(
-                    name.getName()).getString());
-                break;
-            case 4:
-                checkPermittedDN(ASN1Sequence.getInstance(name.getName()
-                    .getDERObject()));
-                break;
-            case 6:
-                checkPermittedURI(permittedSubtreesURI, DERIA5String.getInstance(
-                    name.getName()).getString());
-                break;
-            case 7:
-                byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets();
-
-                checkPermittedIP(permittedSubtreesIP, ip);
-        }
-    }
-
-    /**
-     * Check if the given GeneralName is contained in the excluded set.
-     *
-     * @param name The GeneralName.
-     * @throws PKIXNameConstraintValidatorException
-     *          If the name is
-     *          excluded.
-     */
-    public void checkExcluded(GeneralName name)
-        throws PKIXNameConstraintValidatorException
-    {
-        switch (name.getTagNo())
-        {
-            case 1:
-                checkExcludedEmail(excludedSubtreesEmail, extractNameAsString(name));
-                break;
-            case 2:
-                checkExcludedDNS(excludedSubtreesDNS, DERIA5String.getInstance(
-                    name.getName()).getString());
-                break;
-            case 4:
-                checkExcludedDN(ASN1Sequence.getInstance(name.getName()
-                    .getDERObject()));
-                break;
-            case 6:
-                checkExcludedURI(excludedSubtreesURI, DERIA5String.getInstance(
-                    name.getName()).getString());
-                break;
-            case 7:
-                byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets();
-
-                checkExcludedIP(excludedSubtreesIP, ip);
-        }
-    }
-
-    /**
-     * Updates the permitted set of these name constraints with the intersection
-     * with the given subtree.
-     *
-     * @param permitted The permitted subtrees
-     */
-
-    public void intersectPermittedSubtree(ASN1Sequence permitted)
-    {
-        Map subtreesMap = new HashMap();
-
-        // group in sets in a map ordered by tag no.
-        for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
-        {
-            GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
-            Integer tagNo = new Integer(subtree.getBase().getTagNo());
-            if (subtreesMap.get(tagNo) == null)
-            {
-                subtreesMap.put(tagNo, new HashSet());
-            }
-            ((Set)subtreesMap.get(tagNo)).add(subtree);
-        }
-
-        for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext();)
-        {
-            Map.Entry entry = (Map.Entry)it.next();
-
-            // go through all subtree groups
-            switch (((Integer)entry.getKey()).intValue())
-            {
-                case 1:
-                    permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail,
-                        (Set)entry.getValue());
-                    break;
-                case 2:
-                    permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS,
-                        (Set)entry.getValue());
-                    break;
-                case 4:
-                    permittedSubtreesDN = intersectDN(permittedSubtreesDN,
-                        (Set)entry.getValue());
-                    break;
-                case 6:
-                    permittedSubtreesURI = intersectURI(permittedSubtreesURI,
-                        (Set)entry.getValue());
-                    break;
-                case 7:
-                    permittedSubtreesIP = intersectIP(permittedSubtreesIP,
-                        (Set)entry.getValue());
-            }
-        }
-    }
-
-    private String extractNameAsString(GeneralName name)
-    {
-        return DERIA5String.getInstance(name.getName()).getString();
-    }
-
-    public void intersectEmptyPermittedSubtree(int nameType)
-    {
-        switch (nameType)
-        {
-        case 1:
-            permittedSubtreesEmail = new HashSet();
-            break;
-        case 2:
-            permittedSubtreesDNS = new HashSet();
-            break;
-        case 4:
-            permittedSubtreesDN = new HashSet();
-            break;
-        case 6:
-            permittedSubtreesURI = new HashSet();
-            break;
-        case 7:
-            permittedSubtreesIP = new HashSet();
-        }
-    }
-
-    /**
-     * Adds a subtree to the excluded set of these name constraints.
-     *
-     * @param subtree A subtree with an excluded GeneralName.
-     */
-    public void addExcludedSubtree(GeneralSubtree subtree)
-    {
-        GeneralName base = subtree.getBase();
-
-        switch (base.getTagNo())
-        {
-            case 1:
-                excludedSubtreesEmail = unionEmail(excludedSubtreesEmail,
-                    extractNameAsString(base));
-                break;
-            case 2:
-                excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
-                    extractNameAsString(base));
-                break;
-            case 4:
-                excludedSubtreesDN = unionDN(excludedSubtreesDN,
-                    (ASN1Sequence)base.getName().getDERObject());
-                break;
-            case 6:
-                excludedSubtreesURI = unionURI(excludedSubtreesURI,
-                    extractNameAsString(base));
-                break;
-            case 7:
-                excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString
-                    .getInstance(base.getName()).getOctets());
-                break;
-        }
-    }
-
-    /**
-     * Returns the maximum IP address.
-     *
-     * @param ip1 The first IP address.
-     * @param ip2 The second IP address.
-     * @return The maximum IP address.
-     */
-    private static byte[] max(byte[] ip1, byte[] ip2)
-    {
-        for (int i = 0; i < ip1.length; i++)
-        {
-            if ((ip1[i] & 0xFFFF) > (ip2[i] & 0xFFFF))
-            {
-                return ip1;
-            }
-        }
-        return ip2;
-    }
-
-    /**
-     * Returns the minimum IP address.
-     *
-     * @param ip1 The first IP address.
-     * @param ip2 The second IP address.
-     * @return The minimum IP address.
-     */
-    private static byte[] min(byte[] ip1, byte[] ip2)
-    {
-        for (int i = 0; i < ip1.length; i++)
-        {
-            if ((ip1[i] & 0xFFFF) < (ip2[i] & 0xFFFF))
-            {
-                return ip1;
-            }
-        }
-        return ip2;
-    }
-
-    /**
-     * Compares IP address ip1 with ip2. If ip1
-     * is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1
-     * otherwise.
-     *
-     * @param ip1 The first IP address.
-     * @param ip2 The second IP address.
-     * @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise.
-     */
-    private static int compareTo(byte[] ip1, byte[] ip2)
-    {
-        if (Arrays.areEqual(ip1, ip2))
-        {
-            return 0;
-        }
-        if (Arrays.areEqual(max(ip1, ip2), ip1))
-        {
-            return 1;
-        }
-        return -1;
-    }
-
-    /**
-     * Returns the logical OR of the IP addresses ip1 and
-     * ip2.
-     *
-     * @param ip1 The first IP address.
-     * @param ip2 The second IP address.
-     * @return The OR of ip1 and ip2.
-     */
-    private static byte[] or(byte[] ip1, byte[] ip2)
-    {
-        byte[] temp = new byte[ip1.length];
-        for (int i = 0; i < ip1.length; i++)
-        {
-            temp[i] = (byte)(ip1[i] | ip2[i]);
-        }
-        return temp;
-    }
-
-    public int hashCode()
-    {
-        return hashCollection(excludedSubtreesDN)
-            + hashCollection(excludedSubtreesDNS)
-            + hashCollection(excludedSubtreesEmail)
-            + hashCollection(excludedSubtreesIP)
-            + hashCollection(excludedSubtreesURI)
-            + hashCollection(permittedSubtreesDN)
-            + hashCollection(permittedSubtreesDNS)
-            + hashCollection(permittedSubtreesEmail)
-            + hashCollection(permittedSubtreesIP)
-            + hashCollection(permittedSubtreesURI);
-    }
-
-    private int hashCollection(Collection coll)
-    {
-        if (coll == null)
-        {
-            return 0;
-        }
-        int hash = 0;
-        Iterator it1 = coll.iterator();
-        while (it1.hasNext())
-        {
-            Object o = it1.next();
-            if (o instanceof byte[])
-            {
-                hash += Arrays.hashCode((byte[])o);
-            }
-            else
-            {
-                hash += o.hashCode();
-            }
-        }
-        return hash;
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof PKIXNameConstraintValidator))
-        {
-            return false;
-        }
-        PKIXNameConstraintValidator constraintValidator = (PKIXNameConstraintValidator)o;
-        return collectionsAreEqual(constraintValidator.excludedSubtreesDN, excludedSubtreesDN)
-            && collectionsAreEqual(constraintValidator.excludedSubtreesDNS, excludedSubtreesDNS)
-            && collectionsAreEqual(constraintValidator.excludedSubtreesEmail, excludedSubtreesEmail)
-            && collectionsAreEqual(constraintValidator.excludedSubtreesIP, excludedSubtreesIP)
-            && collectionsAreEqual(constraintValidator.excludedSubtreesURI, excludedSubtreesURI)
-            && collectionsAreEqual(constraintValidator.permittedSubtreesDN, permittedSubtreesDN)
-            && collectionsAreEqual(constraintValidator.permittedSubtreesDNS, permittedSubtreesDNS)
-            && collectionsAreEqual(constraintValidator.permittedSubtreesEmail, permittedSubtreesEmail)
-            && collectionsAreEqual(constraintValidator.permittedSubtreesIP, permittedSubtreesIP)
-            && collectionsAreEqual(constraintValidator.permittedSubtreesURI, permittedSubtreesURI);
-    }
-
-    private boolean collectionsAreEqual(Collection coll1, Collection coll2)
-    {
-        if (coll1 == coll2)
-        {
-            return true;
-        }
-        if (coll1 == null || coll2 == null)
-        {
-            return false;
-        }
-        if (coll1.size() != coll2.size())
-        {
-            return false;
-        }
-        Iterator it1 = coll1.iterator();
-
-        while (it1.hasNext())
-        {
-            Object a = it1.next();
-            Iterator it2 = coll2.iterator();
-            boolean found = false;
-            while (it2.hasNext())
-            {
-                Object b = it2.next();
-                if (equals(a, b))
-                {
-                    found = true;
-                    break;
-                }
-            }
-            if (!found)
-            {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    private boolean equals(Object o1, Object o2)
-    {
-        if (o1 == o2)
-        {
-            return true;
-        }
-        if (o1 == null || o2 == null)
-        {
-            return false;
-        }
-        if (o1 instanceof byte[] && o2 instanceof byte[])
-        {
-            return Arrays.areEqual((byte[])o1, (byte[])o2);
-        }
-        else
-        {
-            return o1.equals(o2);
-        }
-    }
-
-    /**
-     * Stringifies an IPv4 or v6 address with subnet mask.
-     *
-     * @param ip The IP with subnet mask.
-     * @return The stringified IP address.
-     */
-    private String stringifyIP(byte[] ip)
-    {
-        String temp = "";
-        for (int i = 0; i < ip.length / 2; i++)
-        {
-            temp += Integer.toString(ip[i] & 0x00FF) + ".";
-        }
-        temp = temp.substring(0, temp.length() - 1);
-        temp += "/";
-        for (int i = ip.length / 2; i < ip.length; i++)
-        {
-            temp += Integer.toString(ip[i] & 0x00FF) + ".";
-        }
-        temp = temp.substring(0, temp.length() - 1);
-        return temp;
-    }
-
-    private String stringifyIPCollection(Set ips)
-    {
-        String temp = "";
-        temp += "[";
-        for (Iterator it = ips.iterator(); it.hasNext();)
-        {
-            temp += stringifyIP((byte[])it.next()) + ",";
-        }
-        if (temp.length() > 1)
-        {
-            temp = temp.substring(0, temp.length() - 1);
-        }
-        temp += "]";
-        return temp;
-    }
-
-    public String toString()
-    {
-        String temp = "";
-        temp += "permitted:\n";
-        if (permittedSubtreesDN != null)
-        {
-            temp += "DN:\n";
-            temp += permittedSubtreesDN.toString() + "\n";
-        }
-        if (permittedSubtreesDNS != null)
-        {
-            temp += "DNS:\n";
-            temp += permittedSubtreesDNS.toString() + "\n";
-        }
-        if (permittedSubtreesEmail != null)
-        {
-            temp += "Email:\n";
-            temp += permittedSubtreesEmail.toString() + "\n";
-        }
-        if (permittedSubtreesURI != null)
-        {
-            temp += "URI:\n";
-            temp += permittedSubtreesURI.toString() + "\n";
-        }
-        if (permittedSubtreesIP != null)
-        {
-            temp += "IP:\n";
-            temp += stringifyIPCollection(permittedSubtreesIP) + "\n";
-        }
-        temp += "excluded:\n";
-        if (!excludedSubtreesDN.isEmpty())
-        {
-            temp += "DN:\n";
-            temp += excludedSubtreesDN.toString() + "\n";
-        }
-        if (!excludedSubtreesDNS.isEmpty())
-        {
-            temp += "DNS:\n";
-            temp += excludedSubtreesDNS.toString() + "\n";
-        }
-        if (!excludedSubtreesEmail.isEmpty())
-        {
-            temp += "Email:\n";
-            temp += excludedSubtreesEmail.toString() + "\n";
-        }
-        if (!excludedSubtreesURI.isEmpty())
-        {
-            temp += "URI:\n";
-            temp += excludedSubtreesURI.toString() + "\n";
-        }
-        if (!excludedSubtreesIP.isEmpty())
-        {
-            temp += "IP:\n";
-            temp += stringifyIPCollection(excludedSubtreesIP) + "\n";
-        }
-        return temp;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java
deleted file mode 100644
index b06d5e5b9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-public class PKIXNameConstraintValidatorException
-    extends Exception
-{
-    public PKIXNameConstraintValidatorException(String msg)
-    {
-        super(msg);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java
deleted file mode 100644
index 343760550..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java
+++ /dev/null
@@ -1,168 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.cert.PolicyNode;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-public class PKIXPolicyNode
-    implements PolicyNode
-{
-    protected List       children;
-    protected int        depth;
-    protected Set        expectedPolicies;
-    protected PolicyNode parent;
-    protected Set        policyQualifiers;
-    protected String     validPolicy;
-    protected boolean    critical;
-    
-    /*  
-     *  
-     *  CONSTRUCTORS
-     *  
-     */ 
-    
-    public PKIXPolicyNode(
-        List       _children,
-        int        _depth,
-        Set        _expectedPolicies,
-        PolicyNode _parent,
-        Set        _policyQualifiers,
-        String     _validPolicy,
-        boolean    _critical)
-    {
-        children         = _children;
-        depth            = _depth;
-        expectedPolicies = _expectedPolicies;
-        parent           = _parent;
-        policyQualifiers = _policyQualifiers;
-        validPolicy      = _validPolicy;
-        critical         = _critical;
-    }
-    
-    public void addChild(
-        PKIXPolicyNode _child)
-    {
-        children.add(_child);
-        _child.setParent(this);
-    }
-    
-    public Iterator getChildren()
-    {
-        return children.iterator();
-    }
-    
-    public int getDepth()
-    {
-        return depth;
-    }
-    
-    public Set getExpectedPolicies()
-    {
-        return expectedPolicies;
-    }
-    
-    public PolicyNode getParent()
-    {
-        return parent;
-    }
-    
-    public Set getPolicyQualifiers()
-    {
-        return policyQualifiers;
-    }
-    
-    public String getValidPolicy()
-    {
-        return validPolicy;
-    }
-    
-    public boolean hasChildren()
-    {
-        return !children.isEmpty();
-    }
-    
-    public boolean isCritical()
-    {
-        return critical;
-    }
-    
-    public void removeChild(PKIXPolicyNode _child)
-    {
-        children.remove(_child);
-    }
-    
-    public void setCritical(boolean _critical)
-    {
-        critical = _critical;
-    }
-    
-    public void setParent(PKIXPolicyNode _parent)
-    {
-        parent = _parent;
-    }
-    
-    public String toString()
-    {
-        return toString("");
-    }
-    
-    public String toString(String _indent)
-    {
-        StringBuffer _buf = new StringBuffer();
-        _buf.append(_indent);
-        _buf.append(validPolicy);
-        _buf.append(" {\n");
-        
-        for(int i = 0; i < children.size(); i++)
-        {
-            _buf.append(((PKIXPolicyNode)children.get(i)).toString(_indent + "    "));
-        }
-        
-        _buf.append(_indent);
-        _buf.append("}\n");
-        return _buf.toString();
-    }
-    
-    public Object clone()
-    {
-        return copy();
-    }
-    
-    public PKIXPolicyNode copy()
-    {
-        Set     _expectedPolicies = new HashSet();
-        Iterator _iter = expectedPolicies.iterator();
-        while (_iter.hasNext())
-        {
-            _expectedPolicies.add(new String((String)_iter.next()));
-        }
-        
-        Set     _policyQualifiers = new HashSet();
-        _iter = policyQualifiers.iterator();
-        while (_iter.hasNext())
-        {
-            _policyQualifiers.add(new String((String)_iter.next()));
-        }
-        
-        PKIXPolicyNode _node = new PKIXPolicyNode(new ArrayList(),
-                                                  depth,
-                                                  _expectedPolicies,
-                                                  null,
-                                                  _policyQualifiers,
-                                                  new String(validPolicy),
-                                                  critical);
-        
-        _iter = children.iterator();
-        while (_iter.hasNext())
-        {
-            PKIXPolicyNode _child = ((PKIXPolicyNode)_iter.next()).copy();
-            _child.setParent(_node);
-            _node.addChild(_child);
-        }
-        
-        return _node;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
deleted file mode 100644
index 6cfcbcb64..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.ByteArrayInputStream;
-
-import org.bouncycastle.jce.interfaces.ConfigurableProvider;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.ProviderConfigurationPermission;
-
-import java.security.Permission;
-
-public class ProviderUtil
-{
-    private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
-
-    private static Permission BC_EC_LOCAL_PERMISSION = new ProviderConfigurationPermission(
-                                                   "BC", ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA);
-    private static Permission BC_EC_PERMISSION = new ProviderConfigurationPermission(
-                                                   "BC", ConfigurableProvider.EC_IMPLICITLY_CA);
-
-    private static ThreadLocal threadSpec = new ThreadLocal();
-    private static volatile ECParameterSpec ecImplicitCaParams;
-
-    static void setParameter(String parameterName, Object parameter)
-    {
-        SecurityManager securityManager = System.getSecurityManager();
-
-        if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
-        {
-            ECParameterSpec curveSpec;
-
-            if (securityManager != null)
-            {
-                securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
-            }
-
-            curveSpec = (ECParameterSpec)parameter;
-
-            threadSpec.set(curveSpec);
-        }
-        else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
-        {
-            if (securityManager != null)
-            {
-                securityManager.checkPermission(BC_EC_PERMISSION);
-            }
-
-            ecImplicitCaParams = (ECParameterSpec)parameter;
-        }
-    }
-
-    public static ECParameterSpec getEcImplicitlyCa()
-    {
-        ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
-
-        if (spec != null)
-        {
-            return spec;
-        }
-
-        return ecImplicitCaParams;
-    }
-
-    static int getReadLimit(InputStream in)
-        throws IOException
-    {
-        if (in instanceof ByteArrayInputStream)
-        {
-            return in.available();
-        }
-
-        if (MAX_MEMORY > Integer.MAX_VALUE)
-        {
-            return Integer.MAX_VALUE;
-        }
-
-        return (int)MAX_MEMORY;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
deleted file mode 100644
index ef3baaa47..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
+++ /dev/null
@@ -1,2570 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.PublicKey;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilder;
-import java.security.cert.CertPathBuilderException;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.cert.X509Extension;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.DistributionPoint;
-import org.bouncycastle.asn1.x509.DistributionPointName;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.GeneralSubtree;
-import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
-import org.bouncycastle.asn1.x509.NameConstraints;
-import org.bouncycastle.asn1.x509.PolicyInformation;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
-
-public class RFC3280CertPathUtilities
-{
-    private static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
-
-    /**
-     * If the complete CRL includes an issuing distribution point (IDP) CRL
-     * extension check the following:
-     * 
    
-     * (i) If the distribution point name is present in the IDP CRL extension
-     * and the distribution field is present in the DP, then verify that one of
-     * the names in the IDP matches one of the names in the DP. If the
-     * distribution point name is present in the IDP CRL extension and the
-     * distribution field is omitted from the DP, then verify that one of the
-     * names in the IDP matches one of the names in the cRLIssuer field of the
-     * DP.
-     * 
    
-     * 
    
-     * (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
-     * extension, verify that the certificate does not include the basic
-     * constraints extension with the cA boolean asserted.
-     * 
    
-     * 
    
-     * (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
-     * extension, verify that the certificate includes the basic constraints
-     * extension with the cA boolean asserted.
-     * 
    
-     * 
    
-     * (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
-     * 
    
-     *
-     * @param dp   The distribution point.
-     * @param cert The certificate.
-     * @param crl  The CRL.
-     * @throws AnnotatedException if one of the conditions is not met or an error occurs.
-     */
-    protected static void processCRLB2(
-        DistributionPoint dp,
-        Object cert,
-        X509CRL crl)
-        throws AnnotatedException
-    {
-        IssuingDistributionPoint idp = null;
-        try
-        {
-            idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
-                RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
-        }
-        // (b) (2) (i)
-        // distribution point name is present
-        if (idp != null)
-        {
-            if (idp.getDistributionPoint() != null)
-            {
-                // make list of names
-                DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
-                List names = new ArrayList();
-
-                if (dpName.getType() == DistributionPointName.FULL_NAME)
-                {
-                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
-                    for (int j = 0; j < genNames.length; j++)
-                    {
-                        names.add(genNames[j]);
-                    }
-                }
-                if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
-                {
-                    ASN1EncodableVector vec = new ASN1EncodableVector();
-                    try
-                    {
-                        Enumeration e = ASN1Sequence.getInstance(
-                            ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getIssuerPrincipal(crl)
-                                .getEncoded())).getObjects();
-                        while (e.hasMoreElements())
-                        {
-                            vec.add((DEREncodable)e.nextElement());
-                        }
-                    }
-                    catch (IOException e)
-                    {
-                        throw new AnnotatedException("Could not read CRL issuer.", e);
-                    }
-                    vec.add(dpName.getName());
-                    names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
-                }
-                boolean matches = false;
-                // verify that one of the names in the IDP matches one
-                // of the names in the DP.
-                if (dp.getDistributionPoint() != null)
-                {
-                    dpName = dp.getDistributionPoint();
-                    GeneralName[] genNames = null;
-                    if (dpName.getType() == DistributionPointName.FULL_NAME)
-                    {
-                        genNames = GeneralNames.getInstance(dpName.getName()).getNames();
-                    }
-                    if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
-                    {
-                        if (dp.getCRLIssuer() != null)
-                        {
-                            genNames = dp.getCRLIssuer().getNames();
-                        }
-                        else
-                        {
-                            genNames = new GeneralName[1];
-                            try
-                            {
-                                genNames[0] = new GeneralName(new X509Name(
-                                    (ASN1Sequence)ASN1Sequence.fromByteArray(CertPathValidatorUtilities
-                                        .getEncodedIssuerPrincipal(cert).getEncoded())));
-                            }
-                            catch (IOException e)
-                            {
-                                throw new AnnotatedException("Could not read certificate issuer.", e);
-                            }
-                        }
-                        for (int j = 0; j < genNames.length; j++)
-                        {
-                            Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects();
-                            ASN1EncodableVector vec = new ASN1EncodableVector();
-                            while (e.hasMoreElements())
-                            {
-                                vec.add((DEREncodable)e.nextElement());
-                            }
-                            vec.add(dpName.getName());
-                            genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
-                        }
-                    }
-                    if (genNames != null)
-                    {
-                        for (int j = 0; j < genNames.length; j++)
-                        {
-                            if (names.contains(genNames[j]))
-                            {
-                                matches = true;
-                                break;
-                            }
-                        }
-                    }
-                    if (!matches)
-                    {
-                        throw new AnnotatedException(
-                            "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
-                    }
-                }
-                // verify that one of the names in
-                // the IDP matches one of the names in the cRLIssuer field of
-                // the DP
-                else
-                {
-                    if (dp.getCRLIssuer() == null)
-                    {
-                        throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must "
-                            + "be contained in DistributionPoint.");
-                    }
-                    GeneralName[] genNames = dp.getCRLIssuer().getNames();
-                    for (int j = 0; j < genNames.length; j++)
-                    {
-                        if (names.contains(genNames[j]))
-                        {
-                            matches = true;
-                            break;
-                        }
-                    }
-                    if (!matches)
-                    {
-                        throw new AnnotatedException(
-                            "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
-                    }
-                }
-            }
-            BasicConstraints bc = null;
-            try
-            {
-                bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension)cert,
-                    BASIC_CONSTRAINTS));
-            }
-            catch (Exception e)
-            {
-                throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
-            }
-
-            if (cert instanceof X509Certificate)
-            {
-                // (b) (2) (ii)
-                if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA()))
-                {
-                    throw new AnnotatedException("CA Cert CRL only contains user certificates.");
-                }
-
-                // (b) (2) (iii)
-                if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA()))
-                {
-                    throw new AnnotatedException("End CRL only contains CA certificates.");
-                }
-            }
-
-            // (b) (2) (iv)
-            if (idp.onlyContainsAttributeCerts())
-            {
-                throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
-            }
-        }
-    }
-
-    /**
-     * If the DP includes cRLIssuer, then verify that the issuer field in the
-     * complete CRL matches cRLIssuer in the DP and that the complete CRL
-     * contains an issuing distribution point extension with the indirectCRL
-     * boolean asserted. Otherwise, verify that the CRL issuer matches the
-     * certificate issuer.
-     *
-     * @param dp   The distribution point.
-     * @param cert The certificate ot attribute certificate.
-     * @param crl  The CRL for cert.
-     * @throws AnnotatedException if one of the above conditions does not apply or an error
-     *                            occurs.
-     */
-    protected static void processCRLB1(
-        DistributionPoint dp,
-        Object cert,
-        X509CRL crl)
-        throws AnnotatedException
-    {
-        DERObject idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
-        boolean isIndirect = false;
-        if (idp != null)
-        {
-            if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL())
-            {
-                isIndirect = true;
-            }
-        }
-        byte[] issuerBytes = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
-
-        boolean matchIssuer = false;
-        if (dp.getCRLIssuer() != null)
-        {
-            GeneralName genNames[] = dp.getCRLIssuer().getNames();
-            for (int j = 0; j < genNames.length; j++)
-            {
-                if (genNames[j].getTagNo() == GeneralName.directoryName)
-                {
-                    try
-                    {
-                        if (Arrays.areEqual(genNames[j].getName().getDERObject().getEncoded(), issuerBytes))
-                        {
-                            matchIssuer = true;
-                        }
-                    }
-                    catch (IOException e)
-                    {
-                        throw new AnnotatedException(
-                            "CRL issuer information from distribution point cannot be decoded.", e);
-                    }
-                }
-            }
-            if (matchIssuer && !isIndirect)
-            {
-                throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
-            }
-            if (!matchIssuer)
-            {
-                throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
-            }
-        }
-        else
-        {
-            if (CertPathValidatorUtilities.getIssuerPrincipal(crl).equals(
-                CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)))
-            {
-                matchIssuer = true;
-            }
-        }
-        if (!matchIssuer)
-        {
-            throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
-        }
-    }
-
-    protected static ReasonsMask processCRLD(
-        X509CRL crl,
-        DistributionPoint dp)
-        throws AnnotatedException
-    {
-        IssuingDistributionPoint idp = null;
-        try
-        {
-            idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
-                RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
-        }
-        // (d) (1)
-        if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null)
-        {
-            return new ReasonsMask(dp.getReasons().intValue()).intersect(new ReasonsMask(idp.getOnlySomeReasons()
-                .intValue()));
-        }
-        // (d) (4)
-        if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null)
-        {
-            return ReasonsMask.allReasons;
-        }
-        // (d) (2) and (d)(3)
-        return (dp.getReasons() == null
-            ? ReasonsMask.allReasons
-            : new ReasonsMask(dp.getReasons().intValue())).intersect(idp == null
-            ? ReasonsMask.allReasons
-            : new ReasonsMask(idp.getOnlySomeReasons().intValue()));
-
-    }
-
-    protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
-
-    protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
-
-    protected static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId();
-
-    protected static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId();
-
-    protected static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId();
-
-    protected static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId();
-
-    protected static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId();
-
-    protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
-
-    protected static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId();
-
-    protected static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId();
-
-    protected static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId();
-
-    protected static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId();
-
-    protected static final String KEY_USAGE = X509Extensions.KeyUsage.getId();
-
-    protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId();
-
-    protected static final String ANY_POLICY = "2.5.29.32.0";
-
-    /*
-     * key usage bits
-     */
-    protected static final int KEY_CERT_SIGN = 5;
-
-    protected static final int CRL_SIGN = 6;
-
-    /**
-     * Obtain and validate the certification path for the complete CRL issuer.
-     * If a key usage extension is present in the CRL issuer's certificate,
-     * verify that the cRLSign bit is set.
-     *
-     * @param crl                CRL which contains revocation information for the certificate
-     *                           cert.
-     * @param cert               The attribute certificate or certificate to check if it is
-     *                           revoked.
-     * @param defaultCRLSignCert The issuer certificate of the certificate cert.
-     * @param defaultCRLSignKey  The public key of the issuer certificate
-     *                           defaultCRLSignCert.
-     * @param paramsPKIX         paramsPKIX PKIX parameters.
-     * @param certPathCerts      The certificates on the certification path.
-     * @return A Set with all keys of possible CRL issuer
-     *         certificates.
-     * @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
-     *                            some error occurs.
-     */
-    protected static Set processCRLF(
-        X509CRL crl,
-        Object cert,
-        X509Certificate defaultCRLSignCert,
-        PublicKey defaultCRLSignKey,
-        ExtendedPKIXParameters paramsPKIX,
-        List certPathCerts)
-        throws AnnotatedException
-    {
-        // (f)
-
-        // get issuer from CRL
-        X509CertStoreSelector selector = new X509CertStoreSelector();
-        try
-        {
-            byte[] issuerPrincipal = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
-            selector.setSubject(issuerPrincipal);
-        }
-        catch (IOException e)
-        {
-            throw new AnnotatedException(
-                "Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e);
-        }
-
-        // get CRL signing certs
-        Collection coll;
-        try
-        {
-            coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getStores());
-            coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getAdditionalStores()));
-            coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e);
-        }
-
-        coll.add(defaultCRLSignCert);
-
-        Iterator cert_it = coll.iterator();
-
-        List validCerts = new ArrayList();
-        List validKeys = new ArrayList();
-
-        while (cert_it.hasNext())
-        {
-            X509Certificate signingCert = (X509Certificate)cert_it.next();
-
-            /*
-             * CA of the certificate, for which this CRL is checked, has also
-             * signed CRL, so skip the path validation, because is already done
-             */
-            if (signingCert.equals(defaultCRLSignCert))
-            {
-                validCerts.add(signingCert);
-                validKeys.add(defaultCRLSignKey);
-                continue;
-            }
-            try
-            {
-                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
-                selector = new X509CertStoreSelector();
-                selector.setCertificate(signingCert);
-                ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
-                temp.setTargetCertConstraints(selector);
-                ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters
-                    .getInstance(temp);
-                /*
-                 * if signingCert is placed not higher on the cert path a
-                 * dependency loop results. CRL for cert is checked, but
-                 * signingCert is needed for checking the CRL which is dependent
-                 * on checking cert because it is higher in the cert path and so
-                 * signing signingCert transitively. so, revocation is disabled,
-                 * forgery attacks of the CRL are detected in this outer loop
-                 * for all other it must be enabled to prevent forgery attacks
-                 */
-                if (certPathCerts.contains(signingCert))
-                {
-                    params.setRevocationEnabled(false);
-                }
-                else
-                {
-                    params.setRevocationEnabled(true);
-                }
-                List certs = builder.build(params).getCertPath().getCertificates();
-                validCerts.add(signingCert);
-                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
-            }
-            catch (CertPathBuilderException e)
-            {
-                throw new AnnotatedException("Internal error.", e);
-            }
-            catch (CertPathValidatorException e)
-            {
-                throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e);
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-        }
-
-        Set checkKeys = new HashSet();
-
-        AnnotatedException lastException = null;
-        for (int i = 0; i < validCerts.size(); i++)
-        {
-            X509Certificate signCert = (X509Certificate)validCerts.get(i);
-            boolean[] keyusage = signCert.getKeyUsage();
-
-            if (keyusage != null && (keyusage.length < 7 || !keyusage[CRL_SIGN]))
-            {
-                lastException = new AnnotatedException(
-                    "Issuer certificate key usage extension does not permit CRL signing.");
-            }
-            else
-            {
-                checkKeys.add(validKeys.get(i));
-            }
-        }
-
-        if (checkKeys.isEmpty() && lastException == null)
-        {
-            throw new AnnotatedException("Cannot find a valid issuer certificate.");
-        }
-        if (checkKeys.isEmpty() && lastException != null)
-        {
-            throw lastException;
-        }
-
-        return checkKeys;
-    }
-
-    protected static PublicKey processCRLG(
-        X509CRL crl,
-        Set keys)
-        throws AnnotatedException
-    {
-        Exception lastException = null;
-        for (Iterator it = keys.iterator(); it.hasNext();)
-        {
-            PublicKey key = (PublicKey)it.next();
-            try
-            {
-                crl.verify(key);
-                return key;
-            }
-            catch (Exception e)
-            {
-                lastException = e;
-            }
-        }
-        throw new AnnotatedException("Cannot verify CRL.", lastException);
-    }
-
-    protected static X509CRL processCRLH(
-        Set deltacrls,
-        PublicKey key)
-        throws AnnotatedException
-    {
-        Exception lastException = null;
-
-        for (Iterator it = deltacrls.iterator(); it.hasNext();)
-        {
-            X509CRL crl = (X509CRL)it.next();
-            try
-            {
-                crl.verify(key);
-                return crl;
-            }
-            catch (Exception e)
-            {
-                lastException = e;
-            }
-        }
-
-        if (lastException != null)
-        {
-            throw new AnnotatedException("Cannot verify delta CRL.", lastException);
-        }
-        return null;
-    }
-
-    protected static Set processCRLA1i(
-        Date currentDate,
-        ExtendedPKIXParameters paramsPKIX,
-        X509Certificate cert,
-        X509CRL crl)
-        throws AnnotatedException
-    {
-        Set set = new HashSet();
-        if (paramsPKIX.isUseDeltasEnabled())
-        {
-            CRLDistPoint freshestCRL = null;
-            try
-            {
-                freshestCRL = CRLDistPoint
-                    .getInstance(CertPathValidatorUtilities.getExtensionValue(cert, FRESHEST_CRL));
-            }
-            catch (AnnotatedException e)
-            {
-                throw new AnnotatedException("Freshest CRL extension could not be decoded from certificate.", e);
-            }
-            if (freshestCRL == null)
-            {
-                try
-                {
-                    freshestCRL = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
-                        FRESHEST_CRL));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new AnnotatedException("Freshest CRL extension could not be decoded from CRL.", e);
-                }
-            }
-            if (freshestCRL != null)
-            {
-                try
-                {
-                    CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(freshestCRL, paramsPKIX);
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new AnnotatedException(
-                        "No new delta CRL locations could be added from Freshest CRL extension.", e);
-                }
-                // get delta CRL(s)
-                try
-                {
-                    set.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new AnnotatedException("Exception obtaining delta CRLs.", e);
-                }
-            }
-        }
-        return set;
-    }
-
-    protected static Set[] processCRLA1ii(
-        Date currentDate,
-        ExtendedPKIXParameters paramsPKIX,
-        X509Certificate cert,
-        X509CRL crl)
-        throws AnnotatedException
-    {
-        Set deltaSet = new HashSet();
-        X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
-        crlselect.setCertificateChecking(cert);
-
-        try
-        {
-            crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded());
-        }
-        catch (IOException e)
-        {
-            throw new AnnotatedException("Cannot extract issuer from CRL." + e, e);
-        }
-
-        crlselect.setCompleteCRLEnabled(true);
-        Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
-
-        if (paramsPKIX.isUseDeltasEnabled())
-        {
-            // get delta CRL(s)
-            try
-            {
-                deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl));
-            }
-            catch (AnnotatedException e)
-            {
-                throw new AnnotatedException("Exception obtaining delta CRLs.", e);
-            }
-        }
-        return new Set[]
-            {
-                completeSet,
-                deltaSet};
-    }
-
-
-
-    /**
-     * If use-deltas is set, verify the issuer and scope of the delta CRL.
-     *
-     * @param deltaCRL    The delta CRL.
-     * @param completeCRL The complete CRL.
-     * @param pkixParams  The PKIX paramaters.
-     * @throws AnnotatedException if an exception occurs.
-     */
-    protected static void processCRLC(
-        X509CRL deltaCRL,
-        X509CRL completeCRL,
-        ExtendedPKIXParameters pkixParams)
-        throws AnnotatedException
-    {
-        if (deltaCRL == null)
-        {
-            return;
-        }
-        IssuingDistributionPoint completeidp = null;
-        try
-        {
-            completeidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(
-                completeCRL, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
-        }
-
-        if (pkixParams.isUseDeltasEnabled())
-        {
-            // (c) (1)
-            if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal()))
-            {
-                throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");
-            }
-
-            // (c) (2)
-            IssuingDistributionPoint deltaidp = null;
-            try
-            {
-                deltaidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(
-                    deltaCRL, ISSUING_DISTRIBUTION_POINT));
-            }
-            catch (Exception e)
-            {
-                throw new AnnotatedException(
-                    "Issuing distribution point extension from delta CRL could not be decoded.", e);
-            }
-
-            boolean match = false;
-            if (completeidp == null)
-            {
-                if (deltaidp == null)
-                {
-                    match = true;
-                }
-            }
-            else
-            {
-                if (completeidp.equals(deltaidp))
-                {
-                    match = true;
-                }
-            }
-            if (!match)
-            {
-                throw new AnnotatedException(
-                    "Issuing distribution point extension from delta CRL and complete CRL does not match.");
-            }
-
-            // (c) (3)
-            DERObject completeKeyIdentifier = null;
-            try
-            {
-                completeKeyIdentifier = CertPathValidatorUtilities.getExtensionValue(
-                    completeCRL, AUTHORITY_KEY_IDENTIFIER);
-            }
-            catch (AnnotatedException e)
-            {
-                throw new AnnotatedException(
-                    "Authority key identifier extension could not be extracted from complete CRL.", e);
-            }
-
-            DERObject deltaKeyIdentifier = null;
-            try
-            {
-                deltaKeyIdentifier = CertPathValidatorUtilities.getExtensionValue(
-                    deltaCRL, AUTHORITY_KEY_IDENTIFIER);
-            }
-            catch (AnnotatedException e)
-            {
-                throw new AnnotatedException(
-                    "Authority key identifier extension could not be extracted from delta CRL.", e);
-            }
-
-            if (completeKeyIdentifier == null)
-            {
-                throw new AnnotatedException("CRL authority key identifier is null.");
-            }
-
-            if (deltaKeyIdentifier == null)
-            {
-                throw new AnnotatedException("Delta CRL authority key identifier is null.");
-            }
-
-            if (!completeKeyIdentifier.equals(deltaKeyIdentifier))
-            {
-                throw new AnnotatedException(
-                    "Delta CRL authority key identifier does not match complete CRL authority key identifier.");
-            }
-        }
-    }
-
-    protected static void processCRLI(
-        Date validDate,
-        X509CRL deltacrl,
-        Object cert,
-        CertStatus certStatus,
-        ExtendedPKIXParameters pkixParams)
-        throws AnnotatedException
-    {
-        if (pkixParams.isUseDeltasEnabled() && deltacrl != null)
-        {
-            CertPathValidatorUtilities.getCertStatus(validDate, deltacrl, cert, certStatus);
-        }
-    }
-
-    protected static void processCRLJ(
-        Date validDate,
-        X509CRL completecrl,
-        Object cert,
-        CertStatus certStatus)
-        throws AnnotatedException
-    {
-        if (certStatus.getCertStatus() == CertStatus.UNREVOKED)
-        {
-            CertPathValidatorUtilities.getCertStatus(validDate, completecrl, cert, certStatus);
-        }
-    }
-
-    protected static PKIXPolicyNode prepareCertB(
-        CertPath certPath,
-        int index,
-        List[] policyNodes,
-        PKIXPolicyNode validPolicyTree,
-        int policyMapping)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        int n = certs.size();
-        // i as defined in the algorithm description
-        int i = n - index;
-        // (b)
-        //
-        ASN1Sequence pm = null;
-        try
-        {
-            pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.POLICY_MAPPINGS));
-        }
-        catch (AnnotatedException ex)
-        {
-            throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath,
-                index);
-        }
-        PKIXPolicyNode _validPolicyTree = validPolicyTree;
-        if (pm != null)
-        {
-            ASN1Sequence mappings = (ASN1Sequence)pm;
-            Map m_idp = new HashMap();
-            Set s_idp = new HashSet();
-
-            for (int j = 0; j < mappings.size(); j++)
-            {
-                ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j);
-                String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId();
-                String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId();
-                Set tmp;
-
-                if (!m_idp.containsKey(id_p))
-                {
-                    tmp = new HashSet();
-                    tmp.add(sd_p);
-                    m_idp.put(id_p, tmp);
-                    s_idp.add(id_p);
-                }
-                else
-                {
-                    tmp = (Set)m_idp.get(id_p);
-                    tmp.add(sd_p);
-                }
-            }
-
-            Iterator it_idp = s_idp.iterator();
-            while (it_idp.hasNext())
-            {
-                String id_p = (String)it_idp.next();
-
-                //
-                // (1)
-                //
-                if (policyMapping > 0)
-                {
-                    boolean idp_found = false;
-                    Iterator nodes_i = policyNodes[i].iterator();
-                    while (nodes_i.hasNext())
-                    {
-                        PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
-                        if (node.getValidPolicy().equals(id_p))
-                        {
-                            idp_found = true;
-                            node.expectedPolicies = (Set)m_idp.get(id_p);
-                            break;
-                        }
-                    }
-
-                    if (!idp_found)
-                    {
-                        nodes_i = policyNodes[i].iterator();
-                        while (nodes_i.hasNext())
-                        {
-                            PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
-                            if (RFC3280CertPathUtilities.ANY_POLICY.equals(node.getValidPolicy()))
-                            {
-                                Set pq = null;
-                                ASN1Sequence policies = null;
-                                try
-                                {
-                                    policies = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert,
-                                        RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
-                                }
-                                catch (AnnotatedException e)
-                                {
-                                    throw new ExtCertPathValidatorException(
-                                        "Certificate policies extension could not be decoded.", e, certPath, index);
-                                }
-                                Enumeration e = policies.getObjects();
-                                while (e.hasMoreElements())
-                                {
-                                    PolicyInformation pinfo = null;
-                                    try
-                                    {
-                                        pinfo = PolicyInformation.getInstance(e.nextElement());
-                                    }
-                                    catch (Exception ex)
-                                    {
-                                        throw new CertPathValidatorException(
-                                            "Policy information could not be decoded.", ex, certPath, index);
-                                    }
-                                    if (RFC3280CertPathUtilities.ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId()))
-                                    {
-                                        try
-                                        {
-                                            pq = CertPathValidatorUtilities
-                                                .getQualifierSet(pinfo.getPolicyQualifiers());
-                                        }
-                                        catch (CertPathValidatorException ex)
-                                        {
-
-                                            throw new ExtCertPathValidatorException(
-                                                "Policy qualifier info set could not be decoded.", ex, certPath,
-                                                index);
-                                        }
-                                        break;
-                                    }
-                                }
-                                boolean ci = false;
-                                if (cert.getCriticalExtensionOIDs() != null)
-                                {
-                                    ci = cert.getCriticalExtensionOIDs().contains(
-                                        RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
-                                }
-
-                                PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
-                                if (RFC3280CertPathUtilities.ANY_POLICY.equals(p_node.getValidPolicy()))
-                                {
-                                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set)m_idp
-                                        .get(id_p), p_node, pq, id_p, ci);
-                                    p_node.addChild(c_node);
-                                    policyNodes[i].add(c_node);
-                                }
-                                break;
-                            }
-                        }
-                    }
-
-                    //
-                    // (2)
-                    //
-                }
-                else if (policyMapping <= 0)
-                {
-                    Iterator nodes_i = policyNodes[i].iterator();
-                    while (nodes_i.hasNext())
-                    {
-                        PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
-                        if (node.getValidPolicy().equals(id_p))
-                        {
-                            PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
-                            p_node.removeChild(node);
-                            nodes_i.remove();
-                            for (int k = (i - 1); k >= 0; k--)
-                            {
-                                List nodes = policyNodes[k];
-                                for (int l = 0; l < nodes.size(); l++)
-                                {
-                                    PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l);
-                                    if (!node2.hasChildren())
-                                    {
-                                        _validPolicyTree = CertPathValidatorUtilities.removePolicyNode(
-                                            _validPolicyTree, policyNodes, node2);
-                                        if (_validPolicyTree == null)
-                                        {
-                                            break;
-                                        }
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-        }
-        return _validPolicyTree;
-    }
-
-    protected static void prepareNextCertA(
-        CertPath certPath,
-        int index)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        //
-        // (a) check the policy mappings
-        //
-        ASN1Sequence pm = null;
-        try
-        {
-            pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.POLICY_MAPPINGS));
-        }
-        catch (AnnotatedException ex)
-        {
-            throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath,
-                index);
-        }
-        if (pm != null)
-        {
-            ASN1Sequence mappings = pm;
-
-            for (int j = 0; j < mappings.size(); j++)
-            {
-                DERObjectIdentifier issuerDomainPolicy = null;
-                DERObjectIdentifier subjectDomainPolicy = null;
-                try
-                {
-                    ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
-
-                    issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
-                    subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
-                }
-                catch (Exception e)
-                {
-                    throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.",
-                        e, certPath, index);
-                }
-
-                if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId()))
-                {
-
-                    throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
-                }
-
-                if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId()))
-                {
-
-                    throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
-                }
-            }
-        }
-    }
-
-    protected static void processCertF(
-        CertPath certPath,
-        int index,
-        PKIXPolicyNode validPolicyTree,
-        int explicitPolicy)
-        throws CertPathValidatorException
-    {
-        //
-        // (f)
-        //
-        if (explicitPolicy <= 0 && validPolicyTree == null)
-        {
-            throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath,
-                index);
-        }
-    }
-
-    protected static PKIXPolicyNode processCertE(
-        CertPath certPath,
-        int index,
-        PKIXPolicyNode validPolicyTree)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        // 
-        // (e)
-        //
-        ASN1Sequence certPolicies = null;
-        try
-        {
-            certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.",
-                e, certPath, index);
-        }
-        if (certPolicies == null)
-        {
-            validPolicyTree = null;
-        }
-        return validPolicyTree;
-    }
-
-    protected static void processCertBC(
-        CertPath certPath,
-        int index,
-        PKIXNameConstraintValidator nameConstraintValidator)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        int n = certs.size();
-        // i as defined in the algorithm description
-        int i = n - index;
-        //
-        // (b), (c) permitted and excluded subtree checking.
-        //
-        if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n)))
-        {
-            X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
-            ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
-            ASN1Sequence dns;
-
-            try
-            {
-                dns = DERSequence.getInstance(aIn.readObject());
-            }
-            catch (Exception e)
-            {
-                throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e,
-                    certPath, index);
-            }
-
-            try
-            {
-                nameConstraintValidator.checkPermittedDN(dns);
-                nameConstraintValidator.checkExcludedDN(dns);
-            }
-            catch (PKIXNameConstraintValidatorException e)
-            {
-                throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath,
-                    index);
-            }
-
-            GeneralNames altName = null;
-            try
-            {
-                altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                    RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
-            }
-            catch (Exception e)
-            {
-                throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e,
-                    certPath, index);
-            }
-            Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
-            for (Enumeration e = emails.elements(); e.hasMoreElements();)
-            {
-                String email = (String)e.nextElement();
-                GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
-                try
-                {
-                    nameConstraintValidator.checkPermitted(emailAsGeneralName);
-                    nameConstraintValidator.checkExcluded(emailAsGeneralName);
-                }
-                catch (PKIXNameConstraintValidatorException ex)
-                {
-                    throw new CertPathValidatorException(
-                        "Subtree check for certificate subject alternative email failed.", ex, certPath, index);
-                }
-            }
-            if (altName != null)
-            {
-                GeneralName[] genNames = null;
-                try
-                {
-                    genNames = altName.getNames();
-                }
-                catch (Exception e)
-                {
-                    throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e,
-                        certPath, index);
-                }
-                for (int j = 0; j < genNames.length; j++)
-                {
-
-                    try
-                    {
-                        nameConstraintValidator.checkPermitted(genNames[j]);
-                        nameConstraintValidator.checkExcluded(genNames[j]);
-                    }
-                    catch (PKIXNameConstraintValidatorException e)
-                    {
-                        throw new CertPathValidatorException(
-                            "Subtree check for certificate subject alternative name failed.", e, certPath, index);
-                    }
-                }
-            }
-        }
-    }
-
-    protected static PKIXPolicyNode processCertD(
-        CertPath certPath,
-        int index,
-        Set acceptablePolicies,
-        PKIXPolicyNode validPolicyTree,
-        List[] policyNodes,
-        int inhibitAnyPolicy)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        int n = certs.size();
-        // i as defined in the algorithm description
-        int i = n - index;
-        //
-        // (d) policy Information checking against initial policy and
-        // policy mapping
-        //
-        ASN1Sequence certPolicies = null;
-        try
-        {
-            certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.",
-                e, certPath, index);
-        }
-        if (certPolicies != null && validPolicyTree != null)
-        {
-            //
-            // (d) (1)
-            //
-            Enumeration e = certPolicies.getObjects();
-            Set pols = new HashSet();
-
-            while (e.hasMoreElements())
-            {
-                PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
-                DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
-
-                pols.add(pOid.getId());
-
-                if (!RFC3280CertPathUtilities.ANY_POLICY.equals(pOid.getId()))
-                {
-                    Set pq = null;
-                    try
-                    {
-                        pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
-                    }
-                    catch (CertPathValidatorException ex)
-                    {
-                        throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", ex,
-                            certPath, index);
-                    }
-
-                    boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq);
-
-                    if (!match)
-                    {
-                        CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq);
-                    }
-                }
-            }
-
-            if (acceptablePolicies.isEmpty() || acceptablePolicies.contains(RFC3280CertPathUtilities.ANY_POLICY))
-            {
-                acceptablePolicies.clear();
-                acceptablePolicies.addAll(pols);
-            }
-            else
-            {
-                Iterator it = acceptablePolicies.iterator();
-                Set t1 = new HashSet();
-
-                while (it.hasNext())
-                {
-                    Object o = it.next();
-
-                    if (pols.contains(o))
-                    {
-                        t1.add(o);
-                    }
-                }
-                acceptablePolicies.clear();
-                acceptablePolicies.addAll(t1);
-            }
-
-            //
-            // (d) (2)
-            //
-            if ((inhibitAnyPolicy > 0) || ((i < n) && CertPathValidatorUtilities.isSelfIssued(cert)))
-            {
-                e = certPolicies.getObjects();
-
-                while (e.hasMoreElements())
-                {
-                    PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
-
-                    if (RFC3280CertPathUtilities.ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId()))
-                    {
-                        Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
-                        List _nodes = policyNodes[i - 1];
-
-                        for (int k = 0; k < _nodes.size(); k++)
-                        {
-                            PKIXPolicyNode _node = (PKIXPolicyNode)_nodes.get(k);
-
-                            Iterator _policySetIter = _node.getExpectedPolicies().iterator();
-                            while (_policySetIter.hasNext())
-                            {
-                                Object _tmp = _policySetIter.next();
-
-                                String _policy;
-                                if (_tmp instanceof String)
-                                {
-                                    _policy = (String)_tmp;
-                                }
-                                else if (_tmp instanceof DERObjectIdentifier)
-                                {
-                                    _policy = ((DERObjectIdentifier)_tmp).getId();
-                                }
-                                else
-                                {
-                                    continue;
-                                }
-
-                                boolean _found = false;
-                                Iterator _childrenIter = _node.getChildren();
-
-                                while (_childrenIter.hasNext())
-                                {
-                                    PKIXPolicyNode _child = (PKIXPolicyNode)_childrenIter.next();
-
-                                    if (_policy.equals(_child.getValidPolicy()))
-                                    {
-                                        _found = true;
-                                    }
-                                }
-
-                                if (!_found)
-                                {
-                                    Set _newChildExpectedPolicies = new HashSet();
-                                    _newChildExpectedPolicies.add(_policy);
-
-                                    PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i,
-                                        _newChildExpectedPolicies, _node, _apq, _policy, false);
-                                    _node.addChild(_newChild);
-                                    policyNodes[i].add(_newChild);
-                                }
-                            }
-                        }
-                        break;
-                    }
-                }
-            }
-
-            PKIXPolicyNode _validPolicyTree = validPolicyTree;
-            //
-            // (d) (3)
-            //
-            for (int j = (i - 1); j >= 0; j--)
-            {
-                List nodes = policyNodes[j];
-
-                for (int k = 0; k < nodes.size(); k++)
-                {
-                    PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k);
-                    if (!node.hasChildren())
-                    {
-                        _validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes,
-                            node);
-                        if (_validPolicyTree == null)
-                        {
-                            break;
-                        }
-                    }
-                }
-            }
-
-            //
-            // d (4)
-            //
-            Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
-
-            if (criticalExtensionOids != null)
-            {
-                boolean critical = criticalExtensionOids.contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
-
-                List nodes = policyNodes[i];
-                for (int j = 0; j < nodes.size(); j++)
-                {
-                    PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(j);
-                    node.setCritical(critical);
-                }
-            }
-            return _validPolicyTree;
-        }
-        return null;
-    }
-
-    protected static void processCertA(
-        CertPath certPath,
-        ExtendedPKIXParameters paramsPKIX,
-        int index,
-        PublicKey workingPublicKey,
-        boolean verificationAlreadyPerformed,
-        X500Principal workingIssuerName,
-        X509Certificate sign)
-        throws ExtCertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (a) verify
-        //
-        if (!verificationAlreadyPerformed)
-        {
-            try
-            {
-                // (a) (1)
-                //
-                CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
-                    paramsPKIX.getSigProvider());
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index);
-            }
-        }
-
-        try
-        {
-            // (a) (2)
-            //
-            cert.checkValidity(CertPathValidatorUtilities
-                .getValidCertDateFromValidityModel(paramsPKIX, certPath, index));
-        }
-        catch (CertificateExpiredException e)
-        {
-            throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
-        }
-        catch (CertificateNotYetValidException e)
-        {
-            throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index);
-        }
-
-        //
-        // (a) (3)
-        //
-        if (paramsPKIX.isRevocationEnabled())
-        {
-            try
-            {
-                checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX,
-                    certPath, index), sign, workingPublicKey, certs);
-            }
-            catch (AnnotatedException e)
-            {
-                Throwable cause = e;
-                if (null != e.getCause())
-                {
-                    cause = e.getCause();
-                }
-                throw new ExtCertPathValidatorException(e.getMessage(), cause, certPath, index);
-            }
-        }
-
-        //
-        // (a) (4) name chaining
-        //
-        if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName))
-        {
-            throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)
-                + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null,
-                certPath, index);
-        }
-    }
-
-    protected static int prepareNextCertI1(
-        CertPath certPath,
-        int index,
-        int explicitPolicy)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (i)
-        //
-        ASN1Sequence pc = null;
-        try
-        {
-            pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath,
-                index);
-        }
-
-        int tmpInt;
-
-        if (pc != null)
-        {
-            Enumeration policyConstraints = pc.getObjects();
-
-            while (policyConstraints.hasMoreElements())
-            {
-                try
-                {
-
-                    ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
-                    if (constraint.getTagNo() == 0)
-                    {
-                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
-                        if (tmpInt < explicitPolicy)
-                        {
-                            return tmpInt;
-                        }
-                        break;
-                    }
-                }
-                catch (IllegalArgumentException e)
-                {
-                    throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.",
-                        e, certPath, index);
-                }
-            }
-        }
-        return explicitPolicy;
-    }
-
-    protected static int prepareNextCertI2(
-        CertPath certPath,
-        int index,
-        int policyMapping)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (i)
-        //
-        ASN1Sequence pc = null;
-        try
-        {
-            pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath,
-                index);
-        }
-
-        int tmpInt;
-
-        if (pc != null)
-        {
-            Enumeration policyConstraints = pc.getObjects();
-
-            while (policyConstraints.hasMoreElements())
-            {
-                try
-                {
-                    ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
-                    if (constraint.getTagNo() == 1)
-                    {
-                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
-                        if (tmpInt < policyMapping)
-                        {
-                            return tmpInt;
-                        }
-                        break;
-                    }
-                }
-                catch (IllegalArgumentException e)
-                {
-                    throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.",
-                        e, certPath, index);
-                }
-            }
-        }
-        return policyMapping;
-    }
-
-    protected static void prepareNextCertG(
-        CertPath certPath,
-        int index,
-        PKIXNameConstraintValidator nameConstraintValidator)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (g) handle the name constraints extension
-        //
-        NameConstraints nc = null;
-        try
-        {
-            ASN1Sequence ncSeq = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.NAME_CONSTRAINTS));
-            if (ncSeq != null)
-            {
-                nc = new NameConstraints(ncSeq);
-            }
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath,
-                index);
-        }
-        if (nc != null)
-        {
-
-            //
-            // (g) (1) permitted subtrees
-            //
-            ASN1Sequence permitted = nc.getPermittedSubtrees();
-            if (permitted != null)
-            {
-                try
-                {
-                    nameConstraintValidator.intersectPermittedSubtree(permitted);
-                }
-                catch (Exception ex)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index);
-                }
-            }
-
-            //
-            // (g) (2) excluded subtrees
-            //
-            ASN1Sequence excluded = nc.getExcludedSubtrees();
-            if (excluded != null)
-            {
-                Enumeration e = excluded.getObjects();
-                try
-                {
-                    while (e.hasMoreElements())
-                    {
-                        GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
-                        nameConstraintValidator.addExcludedSubtree(subtree);
-                    }
-                }
-                catch (Exception ex)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index);
-                }
-            }
-        }
-    }
-
-    /**
-     * Checks a distribution point for revocation information for the
-     * certificate cert.
-     *
-     * @param dp                 The distribution point to consider.
-     * @param paramsPKIX         PKIX parameters.
-     * @param cert               Certificate to check if it is revoked.
-     * @param validDate          The date when the certificate revocation status should be
-     *                           checked.
-     * @param defaultCRLSignCert The issuer certificate of the certificate cert.
-     * @param defaultCRLSignKey  The public key of the issuer certificate
-     *                           defaultCRLSignCert.
-     * @param certStatus         The current certificate revocation status.
-     * @param reasonMask         The reasons mask which is already checked.
-     * @param certPathCerts      The certificates of the certification path.
-     * @throws AnnotatedException if the certificate is revoked or the status cannot be checked
-     *                            or some error occurs.
-     */
-    private static void checkCRL(
-        DistributionPoint dp,
-        ExtendedPKIXParameters paramsPKIX,
-        X509Certificate cert,
-        Date validDate,
-        X509Certificate defaultCRLSignCert,
-        PublicKey defaultCRLSignKey,
-        CertStatus certStatus,
-        ReasonsMask reasonMask,
-        List certPathCerts)
-        throws AnnotatedException
-    {
-        Date currentDate = new Date(System.currentTimeMillis());
-        if (validDate.getTime() > currentDate.getTime())
-        {
-            throw new AnnotatedException("Validation time is in future.");
-        }
-
-        // (a)
-        /*
-         * We always get timely valid CRLs, so there is no step (a) (1).
-         * "locally cached" CRLs are assumed to be in getStore(), additional
-         * CRLs must be enabled in the ExtendedPKIXParameters and are in
-         * getAdditionalStore()
-         */
-
-        Set crls = CertPathValidatorUtilities.getCompleteCRLs(dp, cert, currentDate, paramsPKIX);
-        boolean validCrlFound = false;
-        AnnotatedException lastException = null;
-        Iterator crl_iter = crls.iterator();
-
-        while (crl_iter.hasNext() && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonMask.isAllReasons())
-        {
-            try
-            {
-                X509CRL crl = (X509CRL)crl_iter.next();
-
-                // (d)
-                ReasonsMask interimReasonsMask = RFC3280CertPathUtilities.processCRLD(crl, dp);
-
-                // (e)
-                /*
-                 * The reasons mask is updated at the end, so only valid CRLs
-                 * can update it. If this CRL does not contain new reasons it
-                 * must be ignored.
-                 */
-                if (!interimReasonsMask.hasNewReasons(reasonMask))
-                {
-                    continue;
-                }
-
-                // (f)
-                Set keys = RFC3280CertPathUtilities.processCRLF(crl, cert, defaultCRLSignCert, defaultCRLSignKey,
-                    paramsPKIX, certPathCerts);
-                // (g)
-                PublicKey key = RFC3280CertPathUtilities.processCRLG(crl, keys);
-
-                X509CRL deltaCRL = null;
-
-                if (paramsPKIX.isUseDeltasEnabled())
-                {
-                    // get delta CRLs
-                    Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl);
-                    // we only want one valid delta CRL
-                    // (h)
-                    deltaCRL = RFC3280CertPathUtilities.processCRLH(deltaCRLs, key);
-                }
-
-                /*
-                 * CRL must be be valid at the current time, not the validation
-                 * time. If a certificate is revoked with reason keyCompromise,
-                 * cACompromise, it can be used for forgery, also for the past.
-                 * This reason may not be contained in older CRLs.
-                 */
-
-                /*
-                 * in the chain model signatures stay valid also after the
-                 * certificate has been expired, so they do not have to be in
-                 * the CRL validity time
-                 */
-
-                if (paramsPKIX.getValidityModel() != ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
-                {
-                    /*
-                     * if a certificate has expired, but was revoked, it is not
-                     * more in the CRL, so it would be regarded as valid if the
-                     * first check is not done
-                     */
-                    if (cert.getNotAfter().getTime() < crl.getThisUpdate().getTime())
-                    {
-                        throw new AnnotatedException("No valid CRL for current time found.");
-                    }
-                }
-
-                RFC3280CertPathUtilities.processCRLB1(dp, cert, crl);
-
-                // (b) (2)
-                RFC3280CertPathUtilities.processCRLB2(dp, cert, crl);
-
-                // (c)
-                RFC3280CertPathUtilities.processCRLC(deltaCRL, crl, paramsPKIX);
-
-                // (i)
-                RFC3280CertPathUtilities.processCRLI(validDate, deltaCRL, cert, certStatus, paramsPKIX);
-
-                // (j)
-                RFC3280CertPathUtilities.processCRLJ(validDate, crl, cert, certStatus);
-
-                // (k)
-                if (certStatus.getCertStatus() == CRLReason.removeFromCRL)
-                {
-                    certStatus.setCertStatus(CertStatus.UNREVOKED);
-                }
-
-                // update reasons mask
-                reasonMask.addReasons(interimReasonsMask);
-
-                Set criticalExtensions = crl.getCriticalExtensionOIDs();
-                if (criticalExtensions != null)
-                {
-                    criticalExtensions = new HashSet(criticalExtensions);
-                    criticalExtensions.remove(X509Extensions.IssuingDistributionPoint.getId());
-                    criticalExtensions.remove(X509Extensions.DeltaCRLIndicator.getId());
-
-                    if (!criticalExtensions.isEmpty())
-                    {
-                        throw new AnnotatedException("CRL contains unsupported critical extensions.");
-                    }
-                }
-
-                if (deltaCRL != null)
-                {
-                    criticalExtensions = deltaCRL.getCriticalExtensionOIDs();
-                    if (criticalExtensions != null)
-                    {
-                        criticalExtensions = new HashSet(criticalExtensions);
-                        criticalExtensions.remove(X509Extensions.IssuingDistributionPoint.getId());
-                        criticalExtensions.remove(X509Extensions.DeltaCRLIndicator.getId());
-                        if (!criticalExtensions.isEmpty())
-                        {
-                            throw new AnnotatedException("Delta CRL contains unsupported critical extension.");
-                        }
-                    }
-                }
-
-                validCrlFound = true;
-            }
-            catch (AnnotatedException e)
-            {
-                lastException = e;
-            }
-        }
-        if (!validCrlFound)
-        {
-            throw lastException;
-        }
-    }
-
-    /**
-     * Checks a certificate if it is revoked.
-     *
-     * @param paramsPKIX       PKIX parameters.
-     * @param cert             Certificate to check if it is revoked.
-     * @param validDate        The date when the certificate revocation status should be
-     *                         checked.
-     * @param sign             The issuer certificate of the certificate cert.
-     * @param workingPublicKey The public key of the issuer certificate sign.
-     * @param certPathCerts    The certificates of the certification path.
-     * @throws AnnotatedException if the certificate is revoked or the status cannot be checked
-     *                            or some error occurs.
-     */
-    protected static void checkCRLs(
-        ExtendedPKIXParameters paramsPKIX,
-        X509Certificate cert,
-        Date validDate,
-        X509Certificate sign,
-        PublicKey workingPublicKey,
-        List certPathCerts)
-        throws AnnotatedException
-    {
-        AnnotatedException lastException = null;
-        CRLDistPoint crldp = null;
-        try
-        {
-            crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS));
-        }
-        catch (Exception e)
-        {
-            throw new AnnotatedException("CRL distribution point extension could not be read.", e);
-        }
-        try
-        {
-            CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException(
-                "No additional CRL locations could be decoded from CRL distribution point extension.", e);
-        }
-        CertStatus certStatus = new CertStatus();
-        ReasonsMask reasonsMask = new ReasonsMask();
-
-        boolean validCrlFound = false;
-        // for each distribution point
-        if (crldp != null)
-        {
-            DistributionPoint dps[] = null;
-            try
-            {
-                dps = crldp.getDistributionPoints();
-            }
-            catch (Exception e)
-            {
-                throw new AnnotatedException("Distribution points could not be read.", e);
-            }
-            if (dps != null)
-            {
-                for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++)
-                {
-                    ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters)paramsPKIX.clone();
-                    try
-                    {
-                        checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
-                        validCrlFound = true;
-                    }
-                    catch (AnnotatedException e)
-                    {
-                        lastException = e;
-                    }
-                }
-            }
-        }
-
-        /*
-         * If the revocation status has not been determined, repeat the process
-         * above with any available CRLs not specified in a distribution point
-         * but issued by the certificate issuer.
-         */
-
-        if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons())
-        {
-            try
-            {
-                /*
-                 * assume a DP with both the reasons and the cRLIssuer fields
-                 * omitted and a distribution point name of the certificate
-                 * issuer.
-                 */
-                DERObject issuer = null;
-                try
-                {
-                    issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded())
-                        .readObject();
-                }
-                catch (Exception e)
-                {
-                    throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
-                }
-                DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(
-                    new GeneralName(GeneralName.directoryName, issuer))), null, null);
-                ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters)paramsPKIX.clone();
-                checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask,
-                    certPathCerts);
-                validCrlFound = true;
-            }
-            catch (AnnotatedException e)
-            {
-                lastException = e;
-            }
-        }
-
-        if (!validCrlFound)
-        {
-            if (lastException instanceof AnnotatedException)
-            {
-                throw lastException;
-            }
-
-            throw new AnnotatedException("No valid CRL found.", lastException);
-        }
-        if (certStatus.getCertStatus() != CertStatus.UNREVOKED)
-        {
-            String message = "Certificate revocation after " + certStatus.getRevocationDate();
-            message += ", reason: " + crlReasons[certStatus.getCertStatus()];
-            throw new AnnotatedException(message);
-        }
-        if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED)
-        {
-            certStatus.setCertStatus(CertStatus.UNDETERMINED);
-        }
-        if (certStatus.getCertStatus() == CertStatus.UNDETERMINED)
-        {
-            throw new AnnotatedException("Certificate status could not be determined.");
-        }
-    }
-
-    protected static int prepareNextCertJ(
-        CertPath certPath,
-        int index,
-        int inhibitAnyPolicy)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (j)
-        //
-        DERInteger iap = null;
-        try
-        {
-            iap = DERInteger.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.INHIBIT_ANY_POLICY));
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath,
-                index);
-        }
-
-        if (iap != null)
-        {
-            int _inhibitAnyPolicy = iap.getValue().intValue();
-
-            if (_inhibitAnyPolicy < inhibitAnyPolicy)
-            {
-                return _inhibitAnyPolicy;
-            }
-        }
-        return inhibitAnyPolicy;
-    }
-
-    protected static void prepareNextCertK(
-        CertPath certPath,
-        int index)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (k)
-        //
-        BasicConstraints bc = null;
-        try
-        {
-            bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath,
-                index);
-        }
-        if (bc != null)
-        {
-            if (!(bc.isCA()))
-            {
-                throw new CertPathValidatorException("Not a CA certificate");
-            }
-        }
-        else
-        {
-            throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
-        }
-    }
-
-    protected static int prepareNextCertL(
-        CertPath certPath,
-        int index,
-        int maxPathLength)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (l)
-        //
-        if (!CertPathValidatorUtilities.isSelfIssued(cert))
-        {
-            if (maxPathLength <= 0)
-            {
-                throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index);
-            }
-
-            return maxPathLength - 1;
-        }
-        return maxPathLength;
-    }
-
-    protected static int prepareNextCertM(
-        CertPath certPath,
-        int index,
-        int maxPathLength)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-
-        //
-        // (m)
-        //
-        BasicConstraints bc = null;
-        try
-        {
-            bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
-        }
-        catch (Exception e)
-        {
-            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath,
-                index);
-        }
-        if (bc != null)
-        {
-            BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
-
-            if (_pathLengthConstraint != null)
-            {
-                int _plc = _pathLengthConstraint.intValue();
-
-                if (_plc < maxPathLength)
-                {
-                    return _plc;
-                }
-            }
-        }
-        return maxPathLength;
-    }
-
-    protected static void prepareNextCertN(
-        CertPath certPath,
-        int index)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-
-        //
-        // (n)
-        //
-        boolean[] _usage = cert.getKeyUsage();
-
-        if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
-        {
-            throw new ExtCertPathValidatorException(
-                "Issuer certificate keyusage extension is critical and does not permit key signing.", null,
-                certPath, index);
-        }
-    }
-
-    protected static void prepareNextCertO(
-        CertPath certPath,
-        int index,
-        Set criticalExtensions,
-        List pathCheckers)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (o)
-        //
-
-        Iterator tmpIter;
-        tmpIter = pathCheckers.iterator();
-        while (tmpIter.hasNext())
-        {
-            try
-            {
-                ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
-            }
-            catch (CertPathValidatorException e)
-            {
-                throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
-            }
-        }
-        if (!criticalExtensions.isEmpty())
-        {
-            throw new ExtCertPathValidatorException("Certificate has unsupported critical extension.", null, certPath,
-                index);
-        }
-    }
-
-    protected static int prepareNextCertH1(
-        CertPath certPath,
-        int index,
-        int explicitPolicy)
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (h)
-        //
-        if (!CertPathValidatorUtilities.isSelfIssued(cert))
-        {
-            //
-            // (1)
-            //
-            if (explicitPolicy != 0)
-            {
-                return explicitPolicy - 1;
-            }
-        }
-        return explicitPolicy;
-    }
-
-    protected static int prepareNextCertH2(
-        CertPath certPath,
-        int index,
-        int policyMapping)
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (h)
-        //
-        if (!CertPathValidatorUtilities.isSelfIssued(cert))
-        {
-            //
-            // (2)
-            //
-            if (policyMapping != 0)
-            {
-                return policyMapping - 1;
-            }
-        }
-        return policyMapping;
-    }
-
-    protected static int prepareNextCertH3(
-        CertPath certPath,
-        int index,
-        int inhibitAnyPolicy)
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (h)
-        //
-        if (!CertPathValidatorUtilities.isSelfIssued(cert))
-        {
-            //
-            // (3)
-            //
-            if (inhibitAnyPolicy != 0)
-            {
-                return inhibitAnyPolicy - 1;
-            }
-        }
-        return inhibitAnyPolicy;
-    }
-
-    protected static final String[] crlReasons = new String[]
-        {
-            "unspecified",
-            "keyCompromise",
-            "cACompromise",
-            "affiliationChanged",
-            "superseded",
-            "cessationOfOperation",
-            "certificateHold",
-            "unknown",
-            "removeFromCRL",
-            "privilegeWithdrawn",
-            "aACompromise"};
-
-    protected static int wrapupCertA(
-        int explicitPolicy,
-        X509Certificate cert)
-    {
-        //
-        // (a)
-        //
-        if (!CertPathValidatorUtilities.isSelfIssued(cert) && (explicitPolicy != 0))
-        {
-            explicitPolicy--;
-        }
-        return explicitPolicy;
-    }
-
-    protected static int wrapupCertB(
-        CertPath certPath,
-        int index,
-        int explicitPolicy)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        //
-        // (b)
-        //
-        int tmpInt;
-        ASN1Sequence pc = null;
-        try
-        {
-            pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
-                RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
-        }
-        if (pc != null)
-        {
-            Enumeration policyConstraints = pc.getObjects();
-
-            while (policyConstraints.hasMoreElements())
-            {
-                ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement();
-                switch (constraint.getTagNo())
-                {
-                    case 0:
-                        try
-                        {
-                            tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
-                        }
-                        catch (Exception e)
-                        {
-                            throw new ExtCertPathValidatorException(
-                                "Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath,
-                                index);
-                        }
-                        if (tmpInt == 0)
-                        {
-                            return 0;
-                        }
-                        break;
-                }
-            }
-        }
-        return explicitPolicy;
-    }
-
-    protected static void wrapupCertF(
-        CertPath certPath,
-        int index,
-        List pathCheckers,
-        Set criticalExtensions)
-        throws CertPathValidatorException
-    {
-        List certs = certPath.getCertificates();
-        X509Certificate cert = (X509Certificate)certs.get(index);
-        Iterator tmpIter;
-        tmpIter = pathCheckers.iterator();
-        while (tmpIter.hasNext())
-        {
-            try
-            {
-                ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
-            }
-            catch (CertPathValidatorException e)
-            {
-                throw new ExtCertPathValidatorException("Additional certificate path checker failed.", e, certPath,
-                    index);
-            }
-        }
-
-        if (!criticalExtensions.isEmpty())
-        {
-            throw new ExtCertPathValidatorException("Certificate has unsupported critical extension", null, certPath,
-                index);
-        }
-    }
-
-    protected static PKIXPolicyNode wrapupCertG(
-        CertPath certPath,
-        ExtendedPKIXParameters paramsPKIX,
-        Set userInitialPolicySet,
-        int index,
-        List[] policyNodes,
-        PKIXPolicyNode validPolicyTree,
-        Set acceptablePolicies)
-        throws CertPathValidatorException
-    {
-        int n = certPath.getCertificates().size();
-        //
-        // (g)
-        //
-        PKIXPolicyNode intersection;
-
-        //
-        // (g) (i)
-        //
-        if (validPolicyTree == null)
-        {
-            if (paramsPKIX.isExplicitPolicyRequired())
-            {
-                throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null,
-                    certPath, index);
-            }
-            intersection = null;
-        }
-        else if (CertPathValidatorUtilities.isAnyPolicy(userInitialPolicySet)) // (g)
-        // (ii)
-        {
-            if (paramsPKIX.isExplicitPolicyRequired())
-            {
-                if (acceptablePolicies.isEmpty())
-                {
-                    throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null,
-                        certPath, index);
-                }
-                else
-                {
-                    Set _validPolicyNodeSet = new HashSet();
-
-                    for (int j = 0; j < policyNodes.length; j++)
-                    {
-                        List _nodeDepth = policyNodes[j];
-
-                        for (int k = 0; k < _nodeDepth.size(); k++)
-                        {
-                            PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k);
-
-                            if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy()))
-                            {
-                                Iterator _iter = _node.getChildren();
-                                while (_iter.hasNext())
-                                {
-                                    _validPolicyNodeSet.add(_iter.next());
-                                }
-                            }
-                        }
-                    }
-
-                    Iterator _vpnsIter = _validPolicyNodeSet.iterator();
-                    while (_vpnsIter.hasNext())
-                    {
-                        PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next();
-                        String _validPolicy = _node.getValidPolicy();
-
-                        if (!acceptablePolicies.contains(_validPolicy))
-                        {
-                            // validPolicyTree =
-                            // removePolicyNode(validPolicyTree, policyNodes,
-                            // _node);
-                        }
-                    }
-                    if (validPolicyTree != null)
-                    {
-                        for (int j = (n - 1); j >= 0; j--)
-                        {
-                            List nodes = policyNodes[j];
-
-                            for (int k = 0; k < nodes.size(); k++)
-                            {
-                                PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k);
-                                if (!node.hasChildren())
-                                {
-                                    validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree,
-                                        policyNodes, node);
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-
-            intersection = validPolicyTree;
-        }
-        else
-        {
-            //
-            // (g) (iii)
-            //
-            // This implementation is not exactly same as the one described in
-            // RFC3280.
-            // However, as far as the validation result is concerned, both
-            // produce
-            // adequate result. The only difference is whether AnyPolicy is
-            // remain
-            // in the policy tree or not.
-            //
-            // (g) (iii) 1
-            //
-            Set _validPolicyNodeSet = new HashSet();
-
-            for (int j = 0; j < policyNodes.length; j++)
-            {
-                List _nodeDepth = policyNodes[j];
-
-                for (int k = 0; k < _nodeDepth.size(); k++)
-                {
-                    PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k);
-
-                    if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy()))
-                    {
-                        Iterator _iter = _node.getChildren();
-                        while (_iter.hasNext())
-                        {
-                            PKIXPolicyNode _c_node = (PKIXPolicyNode)_iter.next();
-                            if (!RFC3280CertPathUtilities.ANY_POLICY.equals(_c_node.getValidPolicy()))
-                            {
-                                _validPolicyNodeSet.add(_c_node);
-                            }
-                        }
-                    }
-                }
-            }
-
-            //
-            // (g) (iii) 2
-            //
-            Iterator _vpnsIter = _validPolicyNodeSet.iterator();
-            while (_vpnsIter.hasNext())
-            {
-                PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next();
-                String _validPolicy = _node.getValidPolicy();
-
-                if (!userInitialPolicySet.contains(_validPolicy))
-                {
-                    validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, _node);
-                }
-            }
-
-            //
-            // (g) (iii) 4
-            //
-            if (validPolicyTree != null)
-            {
-                for (int j = (n - 1); j >= 0; j--)
-                {
-                    List nodes = policyNodes[j];
-
-                    for (int k = 0; k < nodes.size(); k++)
-                    {
-                        PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k);
-                        if (!node.hasChildren())
-                        {
-                            validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes,
-                                node);
-                        }
-                    }
-                }
-            }
-
-            intersection = validPolicyTree;
-        }
-        return intersection;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java
deleted file mode 100644
index 7617f2cdc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java
+++ /dev/null
@@ -1,703 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilder;
-import java.security.cert.CertPathBuilderException;
-import java.security.cert.CertPathBuilderResult;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertPathValidatorResult;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.DistributionPoint;
-import org.bouncycastle.asn1.x509.DistributionPointName;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.PKIXAttrCertChecker;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CertStoreSelector;
-
-class RFC3281CertPathUtilities
-{
-
-    private static final String TARGET_INFORMATION = X509Extensions.TargetInformation
-        .getId();
-
-    private static final String NO_REV_AVAIL = X509Extensions.NoRevAvail
-        .getId();
-
-    private static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints
-        .getId();
-
-    private static final String AUTHORITY_INFO_ACCESS = X509Extensions.AuthorityInfoAccess
-        .getId();
-
-    protected static void processAttrCert7(X509AttributeCertificate attrCert,
-        CertPath certPath, CertPath holderCertPath,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
-    {
-        // TODO:
-        // AA Controls
-        // Attribute encryption
-        // Proxy
-        Set set = attrCert.getCriticalExtensionOIDs();
-        // 7.1
-        // process extensions
-
-        // target information checked in step 6 / X509AttributeCertStoreSelector
-        if (set.contains(TARGET_INFORMATION))
-        {
-            try
-            {
-                TargetInformation.getInstance(CertPathValidatorUtilities
-                    .getExtensionValue(attrCert, TARGET_INFORMATION));
-            }
-            catch (AnnotatedException e)
-            {
-                throw new ExtCertPathValidatorException(
-                    "Target information extension could not be read.", e);
-            }
-            catch (IllegalArgumentException e)
-            {
-                throw new ExtCertPathValidatorException(
-                    "Target information extension could not be read.", e);
-            }
-        }
-        set.remove(TARGET_INFORMATION);
-        for (Iterator it = pkixParams.getAttrCertCheckers().iterator(); it
-            .hasNext();)
-        {
-            ((PKIXAttrCertChecker) it.next()).check(attrCert, certPath,
-                holderCertPath, set);
-        }
-        if (!set.isEmpty())
-        {
-            throw new CertPathValidatorException(
-                "Attribute certificate contains unsupported critical extensions: "
-                    + set);
-        }
-    }
-
-    /**
-     * Checks if an attribute certificate is revoked.
-     * 
-     * @param attrCert Attribute certificate to check if it is revoked.
-     * @param paramsPKIX PKIX parameters.
-     * @param issuerCert The issuer certificate of the attribute certificate
-     *            attrCert.
-     * @param validDate The date when the certificate revocation status should
-     *            be checked.
-     * @param certPathCerts The certificates of the certification path to be
-     *            checked.
-     * 
-     * @throws CertPathValidatorException if the certificate is revoked or the
-     *             status cannot be checked or some error occurs.
-     */
-    protected static void checkCRLs(X509AttributeCertificate attrCert,
-        ExtendedPKIXParameters paramsPKIX, X509Certificate issuerCert,
-        Date validDate, List certPathCerts) throws CertPathValidatorException
-    {
-        if (paramsPKIX.isRevocationEnabled())
-        {
-            // check if revocation is available
-            if (attrCert.getExtensionValue(NO_REV_AVAIL) == null)
-            {
-                CRLDistPoint crldp = null;
-                try
-                {
-                    crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities
-                        .getExtensionValue(attrCert, CRL_DISTRIBUTION_POINTS));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new CertPathValidatorException(
-                        "CRL distribution point extension could not be read.",
-                        e);
-                }
-                try
-                {
-                    CertPathValidatorUtilities
-                        .addAdditionalStoresFromCRLDistributionPoint(crldp,
-                            paramsPKIX);
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new CertPathValidatorException(
-                        "No additional CRL locations could be decoded from CRL distribution point extension.",
-                        e);
-                }
-                CertStatus certStatus = new CertStatus();
-                ReasonsMask reasonsMask = new ReasonsMask();
-
-                AnnotatedException lastException = null;
-                boolean validCrlFound = false;
-                // for each distribution point
-                if (crldp != null)
-                {
-                    DistributionPoint dps[] = null;
-                    try
-                    {
-                        dps = crldp.getDistributionPoints();
-                    }
-                    catch (Exception e)
-                    {
-                        throw new ExtCertPathValidatorException(
-                            "Distribution points could not be read.", e);
-                    }
-                    try
-                    {
-                        for (int i = 0; i < dps.length
-                            && certStatus.getCertStatus() == CertStatus.UNREVOKED
-                            && !reasonsMask.isAllReasons(); i++)
-                        {
-                            ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX
-                                .clone();
-                            checkCRL(dps[i], attrCert, paramsPKIXClone,
-                                validDate, issuerCert, certStatus, reasonsMask,
-                                certPathCerts);
-                            validCrlFound = true;
-                        }
-                    }
-                    catch (AnnotatedException e)
-                    {
-                        lastException = new AnnotatedException(
-                            "No valid CRL for distribution point found.", e);
-                    }
-                }
-
-                /*
-                 * If the revocation status has not been determined, repeat the
-                 * process above with any available CRLs not specified in a
-                 * distribution point but issued by the certificate issuer.
-                 */
-
-                if (certStatus.getCertStatus() == CertStatus.UNREVOKED
-                    && !reasonsMask.isAllReasons())
-                {
-                    try
-                    {
-                        /*
-                         * assume a DP with both the reasons and the cRLIssuer
-                         * fields omitted and a distribution point name of the
-                         * certificate issuer.
-                         */
-                        DERObject issuer = null;
-                        try
-                        {
-
-                            issuer = new ASN1InputStream(
-                                ((X500Principal) attrCert.getIssuer()
-                                    .getPrincipals()[0]).getEncoded())
-                                .readObject();
-                        }
-                        catch (Exception e)
-                        {
-                            throw new AnnotatedException(
-                                "Issuer from certificate for CRL could not be reencoded.",
-                                e);
-                        }
-                        DistributionPoint dp = new DistributionPoint(
-                            new DistributionPointName(0, new GeneralNames(
-                                new GeneralName(GeneralName.directoryName,
-                                    issuer))), null, null);
-                        ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX
-                            .clone();
-                        checkCRL(dp, attrCert, paramsPKIXClone, validDate,
-                            issuerCert, certStatus, reasonsMask, certPathCerts);
-                        validCrlFound = true;
-                    }
-                    catch (AnnotatedException e)
-                    {
-                        lastException = new AnnotatedException(
-                            "No valid CRL for distribution point found.", e);
-                    }
-                }
-
-                if (!validCrlFound)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "No valid CRL found.", lastException);
-                }
-                if (certStatus.getCertStatus() != CertStatus.UNREVOKED)
-                {
-                    String message = "Attribute certificate revocation after "
-                        + certStatus.getRevocationDate();
-                    message += ", reason: "
-                        + RFC3280CertPathUtilities.crlReasons[certStatus
-                            .getCertStatus()];
-                    throw new CertPathValidatorException(message);
-                }
-                if (!reasonsMask.isAllReasons()
-                    && certStatus.getCertStatus() == CertStatus.UNREVOKED)
-                {
-                    certStatus.setCertStatus(CertStatus.UNDETERMINED);
-                }
-                if (certStatus.getCertStatus() == CertStatus.UNDETERMINED)
-                {
-                    throw new CertPathValidatorException(
-                        "Attribute certificate status could not be determined.");
-                }
-
-            }
-            else
-            {
-                if (attrCert.getExtensionValue(CRL_DISTRIBUTION_POINTS) != null
-                    || attrCert.getExtensionValue(AUTHORITY_INFO_ACCESS) != null)
-                {
-                    throw new CertPathValidatorException(
-                        "No rev avail extension is set, but also an AC revocation pointer.");
-                }
-            }
-        }
-    }
-
-    protected static void additionalChecks(X509AttributeCertificate attrCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
-    {
-        // 1
-        for (Iterator it = pkixParams.getProhibitedACAttributes().iterator(); it
-            .hasNext();)
-        {
-            String oid = (String) it.next();
-            if (attrCert.getAttributes(oid) != null)
-            {
-                throw new CertPathValidatorException(
-                    "Attribute certificate contains prohibited attribute: "
-                        + oid + ".");
-            }
-        }
-        for (Iterator it = pkixParams.getNecessaryACAttributes().iterator(); it
-            .hasNext();)
-        {
-            String oid = (String) it.next();
-            if (attrCert.getAttributes(oid) == null)
-            {
-                throw new CertPathValidatorException(
-                    "Attribute certificate does not contain necessary attribute: "
-                        + oid + ".");
-            }
-        }
-    }
-
-    protected static void processAttrCert5(X509AttributeCertificate attrCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
-    {
-        try
-        {
-            attrCert.checkValidity(CertPathValidatorUtilities
-                .getValidDate(pkixParams));
-        }
-        catch (CertificateExpiredException e)
-        {
-            throw new ExtCertPathValidatorException(
-                "Attribute certificate is not valid.", e);
-        }
-        catch (CertificateNotYetValidException e)
-        {
-            throw new ExtCertPathValidatorException(
-                "Attribute certificate is not valid.", e);
-        }
-    }
-
-    protected static void processAttrCert4(X509Certificate acIssuerCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
-    {
-        Set set = pkixParams.getTrustedACIssuers();
-        boolean trusted = false;
-        for (Iterator it = set.iterator(); it.hasNext();)
-        {
-            TrustAnchor anchor = (TrustAnchor) it.next();
-            if (acIssuerCert.getSubjectX500Principal().getName("RFC2253")
-                .equals(anchor.getCAName())
-                || acIssuerCert.equals(anchor.getTrustedCert()))
-            {
-                trusted = true;
-            }
-        }
-        if (!trusted)
-        {
-            throw new CertPathValidatorException(
-                "Attribute certificate issuer is not directly trusted.");
-        }
-    }
-
-    protected static void processAttrCert3(X509Certificate acIssuerCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
-    {
-        if (acIssuerCert.getKeyUsage() != null
-            && (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1]))
-        {
-            throw new CertPathValidatorException(
-                "Attribute certificate issuer public key cannot be used to validate digital signatures.");
-        }
-        if (acIssuerCert.getBasicConstraints() != -1)
-        {
-            throw new CertPathValidatorException(
-                "Attribute certificate issuer is also a public key certificate issuer.");
-        }
-    }
-
-    protected static CertPathValidatorResult processAttrCert2(
-        CertPath certPath, ExtendedPKIXParameters pkixParams)
-        throws CertPathValidatorException
-    {
-        CertPathValidator validator = null;
-        try
-        {
-            validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new ExtCertPathValidatorException(
-                "Support class could not be created.", e);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new ExtCertPathValidatorException(
-                "Support class could not be created.", e);
-        }
-        try
-        {
-            return validator.validate(certPath, pkixParams);
-        }
-        catch (CertPathValidatorException e)
-        {
-            throw new ExtCertPathValidatorException(
-                "Certification path for issuer certificate of attribute certificate could not be validated.",
-                e);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            // must be a programming error
-            throw new RuntimeException(e.getMessage());
-        }
-    }
-
-    /**
-     * Searches for a holder public key certificate and verifies its
-     * certification path.
-     * 
-     * @param attrCert the attribute certificate.
-     * @param pkixParams The PKIX parameters.
-     * @return The certificate path of the holder certificate.
-     * @throws AnnotatedException if
-     *             
      
-     *             
    • no public key certificate can be found although holder
-     *             information is given by an entity name or a base certificate
-     *             ID
-     *             
    • support classes cannot be created
-     *             
    • no certification path for the public key certificate can
-     *             be built
-     *             
    
-     */
-    protected static CertPath processAttrCert1(
-        X509AttributeCertificate attrCert, ExtendedPKIXParameters pkixParams)
-        throws CertPathValidatorException
-    {
-        CertPathBuilderResult result = null;
-        // find holder PKCs
-        Set holderPKCs = new HashSet();
-        if (attrCert.getHolder().getIssuer() != null)
-        {
-            X509CertStoreSelector selector = new X509CertStoreSelector();
-            selector.setSerialNumber(attrCert.getHolder().getSerialNumber());
-            Principal[] principals = attrCert.getHolder().getIssuer();
-            for (int i = 0; i < principals.length; i++)
-            {
-                try
-                {
-                    if (principals[i] instanceof X500Principal)
-                    {
-                        selector.setIssuer(((X500Principal)principals[i])
-                            .getEncoded());
-                    }
-                    holderPKCs.addAll(CertPathValidatorUtilities
-                        .findCertificates(selector, pkixParams.getStores()));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "Public key certificate for attribute certificate cannot be searched.",
-                        e);
-                }
-                catch (IOException e)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "Unable to encode X500 principal.", e);
-                }
-            }
-            if (holderPKCs.isEmpty())
-            {
-                throw new CertPathValidatorException(
-                    "Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
-            }
-        }
-        if (attrCert.getHolder().getEntityNames() != null)
-        {
-            X509CertStoreSelector selector = new X509CertStoreSelector();
-            Principal[] principals = attrCert.getHolder().getEntityNames();
-            for (int i = 0; i < principals.length; i++)
-            {
-                try
-                {
-                    if (principals[i] instanceof X500Principal)
-                    {
-                        selector.setIssuer(((X500Principal) principals[i])
-                            .getEncoded());
-                    }
-                    holderPKCs.addAll(CertPathValidatorUtilities
-                        .findCertificates(selector, pkixParams.getStores()));
-                }
-                catch (AnnotatedException e)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "Public key certificate for attribute certificate cannot be searched.",
-                        e);
-                }
-                catch (IOException e)
-                {
-                    throw new ExtCertPathValidatorException(
-                        "Unable to encode X500 principal.", e);
-                }
-            }
-            if (holderPKCs.isEmpty())
-            {
-                throw new CertPathValidatorException(
-                    "Public key certificate specified in entity name for attribute certificate cannot be found.");
-            }
-        }
-        // verify cert paths for PKCs
-        ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
-            .getInstance(pkixParams);
-        CertPathValidatorException lastException = null;
-        for (Iterator it = holderPKCs.iterator(); it.hasNext();)
-        {
-            X509CertStoreSelector selector = new X509CertStoreSelector();
-            selector.setCertificate((X509Certificate) it.next());
-            params.setTargetConstraints(selector);
-            CertPathBuilder builder = null;
-            try
-            {
-                builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
-            }
-            catch (NoSuchProviderException e)
-            {
-                throw new ExtCertPathValidatorException(
-                    "Support class could not be created.", e);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                throw new ExtCertPathValidatorException(
-                    "Support class could not be created.", e);
-            }
-            try
-            {
-                result = builder.build(ExtendedPKIXBuilderParameters
-                    .getInstance(params));
-            }
-            catch (CertPathBuilderException e)
-            {
-                lastException = new ExtCertPathValidatorException(
-                    "Certification path for public key certificate of attribute certificate could not be build.",
-                    e);
-            }
-            catch (InvalidAlgorithmParameterException e)
-            {
-                // must be a programming error
-                throw new RuntimeException(e.getMessage());
-            }
-        }
-        if (lastException != null)
-        {
-            throw lastException;
-        }
-        return result.getCertPath();
-    }
-
-    /**
-     * 
-     * Checks a distribution point for revocation information for the
-     * certificate attrCert.
-     * 
-     * @param dp The distribution point to consider.
-     * @param attrCert The attribute certificate which should be checked.
-     * @param paramsPKIX PKIX parameters.
-     * @param validDate The date when the certificate revocation status should
-     *            be checked.
-     * @param issuerCert Certificate to check if it is revoked.
-     * @param reasonMask The reasons mask which is already checked.
-     * @param certPathCerts The certificates of the certification path to be
-     *            checked.
-     * @throws AnnotatedException if the certificate is revoked or the status
-     *             cannot be checked or some error occurs.
-     */
-    private static void checkCRL(DistributionPoint dp,
-        X509AttributeCertificate attrCert, ExtendedPKIXParameters paramsPKIX,
-        Date validDate, X509Certificate issuerCert, CertStatus certStatus,
-        ReasonsMask reasonMask, List certPathCerts) throws AnnotatedException
-    {
-
-        /*
-         * 4.3.6 No Revocation Available
-         * 
-         * The noRevAvail extension, defined in [X.509-2000], allows an AC
-         * issuer to indicate that no revocation information will be made
-         * available for this AC.
-         */
-        if (attrCert.getExtensionValue(X509Extensions.NoRevAvail.getId()) != null)
-        {
-            return;
-        }
-        Date currentDate = new Date(System.currentTimeMillis());
-        if (validDate.getTime() > currentDate.getTime())
-        {
-            throw new AnnotatedException("Validation time is in future.");
-        }
-
-        // (a)
-        /*
-         * We always get timely valid CRLs, so there is no step (a) (1).
-         * "locally cached" CRLs are assumed to be in getStore(), additional
-         * CRLs must be enabled in the ExtendedPKIXParameters and are in
-         * getAdditionalStore()
-         */
-
-        Set crls = CertPathValidatorUtilities.getCompleteCRLs(dp, attrCert,
-            currentDate, paramsPKIX);
-        boolean validCrlFound = false;
-        AnnotatedException lastException = null;
-        Iterator crl_iter = crls.iterator();
-
-        while (crl_iter.hasNext()
-            && certStatus.getCertStatus() == CertStatus.UNREVOKED
-            && !reasonMask.isAllReasons())
-        {
-            try
-            {
-                X509CRL crl = (X509CRL) crl_iter.next();
-
-                // (d)
-                ReasonsMask interimReasonsMask = RFC3280CertPathUtilities
-                    .processCRLD(crl, dp);
-
-                // (e)
-                /*
-                 * The reasons mask is updated at the end, so only valid CRLs
-                 * can update it. If this CRL does not contain new reasons it
-                 * must be ignored.
-                 */
-                if (!interimReasonsMask.hasNewReasons(reasonMask))
-                {
-                    continue;
-                }
-
-                // (f)
-                Set keys = RFC3280CertPathUtilities.processCRLF(crl, attrCert,
-                    null, null, paramsPKIX, certPathCerts);
-                // (g)
-                PublicKey key = RFC3280CertPathUtilities.processCRLG(crl, keys);
-
-                X509CRL deltaCRL = null;
-
-                if (paramsPKIX.isUseDeltasEnabled())
-                {
-                    // get delta CRLs
-                    Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(
-                        currentDate, paramsPKIX, crl);
-                    // we only want one valid delta CRL
-                    // (h)
-                    deltaCRL = RFC3280CertPathUtilities.processCRLH(deltaCRLs,
-                        key);
-                }
-
-                /*
-                 * CRL must be be valid at the current time, not the validation
-                 * time. If a certificate is revoked with reason keyCompromise,
-                 * cACompromise, it can be used for forgery, also for the past.
-                 * This reason may not be contained in older CRLs.
-                 */
-
-                /*
-                 * in the chain model signatures stay valid also after the
-                 * certificate has been expired, so they do not have to be in
-                 * the CRL vality time
-                 */
-
-                if (paramsPKIX.getValidityModel() != ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
-                {
-                    /*
-                     * if a certificate has expired, but was revoked, it is not
-                     * more in the CRL, so it would be regarded as valid if the
-                     * first check is not done
-                     */
-                    if (attrCert.getNotAfter().getTime() < crl.getThisUpdate()
-                        .getTime())
-                    {
-                        throw new AnnotatedException(
-                            "No valid CRL for current time found.");
-                    }
-                }
-
-                RFC3280CertPathUtilities.processCRLB1(dp, attrCert, crl);
-
-                // (b) (2)
-                RFC3280CertPathUtilities.processCRLB2(dp, attrCert, crl);
-
-                // (c)
-                RFC3280CertPathUtilities.processCRLC(deltaCRL, crl, paramsPKIX);
-
-                // (i)
-                RFC3280CertPathUtilities.processCRLI(validDate, deltaCRL,
-                    attrCert, certStatus, paramsPKIX);
-
-                // (j)
-                RFC3280CertPathUtilities.processCRLJ(validDate, crl, attrCert,
-                    certStatus);
-
-                // (k)
-                if (certStatus.getCertStatus() == CRLReason.removeFromCRL)
-                {
-                    certStatus.setCertStatus(CertStatus.UNREVOKED);
-                }
-
-                // update reasons mask
-                reasonMask.addReasons(interimReasonsMask);
-                validCrlFound = true;
-            }
-            catch (AnnotatedException e)
-            {
-                lastException = e;
-            }
-        }
-        if (!validCrlFound)
-        {
-            throw lastException;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java
deleted file mode 100644
index 0d9911763..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-/**
- * utility class for converting java.security RSA objects into their
- * org.bouncycastle.crypto counterparts.
- */
-class RSAUtil
-{
-    static boolean isRsaOid(
-        DERObjectIdentifier algOid)
-    {
-        return algOid.equals(PKCSObjectIdentifiers.rsaEncryption)
-            || algOid.equals(X509ObjectIdentifiers.id_ea_rsa)
-            || algOid.equals(PKCSObjectIdentifiers.id_RSASSA_PSS)
-            || algOid.equals(PKCSObjectIdentifiers.id_RSAES_OAEP);
-    }
-    
-    static RSAKeyParameters generatePublicKeyParameter(
-        RSAPublicKey    key)
-    {
-        return new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent());
-
-    }
-
-    static RSAKeyParameters generatePrivateKeyParameter(
-        RSAPrivateKey    key)
-    {
-        if (key instanceof RSAPrivateCrtKey)
-        {
-            RSAPrivateCrtKey    k = (RSAPrivateCrtKey)key;
-
-            return new RSAPrivateCrtKeyParameters(k.getModulus(),
-                k.getPublicExponent(), k.getPrivateExponent(),
-                k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(),                            k.getPrimeExponentQ(), k.getCrtCoefficient());
-        }
-        else
-        {
-            RSAPrivateKey    k = key;
-
-            return new RSAKeyParameters(true, k.getModulus(), k.getPrivateExponent());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java
deleted file mode 100644
index aeb4892de..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.x509.ReasonFlags;
-
-/**
- * This class helps to handle CRL revocation reasons mask. Each CRL handles a
- * certain set of revocation reasons.
- */
-class ReasonsMask
-{
-    private int _reasons;
-
-    /**
-     * Constructs are reason mask with the reasons.
-     * 
-     * @param reasons The reasons.
-     */
-    ReasonsMask(int reasons)
-    {
-        _reasons = reasons;
-    }
-
-    /**
-     * A reason mask with no reason.
-     * 
-     */
-    ReasonsMask()
-    {
-        this(0);
-    }
-
-    /**
-     * A mask with all revocation reasons.
-     */
-    static final ReasonsMask allReasons = new ReasonsMask(ReasonFlags.aACompromise
-            | ReasonFlags.affiliationChanged | ReasonFlags.cACompromise
-            | ReasonFlags.certificateHold | ReasonFlags.cessationOfOperation
-            | ReasonFlags.keyCompromise | ReasonFlags.privilegeWithdrawn
-            | ReasonFlags.unused | ReasonFlags.superseded);
-
-    /**
-     * Adds all reasons from the reasons mask to this mask.
-     * 
-     * @param mask The reasons mask to add.
-     */
-    void addReasons(ReasonsMask mask)
-    {
-        _reasons = _reasons | mask.getReasons();
-    }
-
-    /**
-     * Returns true if this reasons mask contains all possible
-     * reasons.
-     * 
-     * @return true if this reasons mask contains all possible
-     *         reasons.
-     */
-    boolean isAllReasons()
-    {
-        return _reasons == allReasons._reasons ? true : false;
-    }
-
-    /**
-     * Intersects this mask with the given reasons mask.
-     * 
-     * @param mask The mask to intersect with.
-     * @return The intersection of this and teh given mask.
-     */
-    ReasonsMask intersect(ReasonsMask mask)
-    {
-        ReasonsMask _mask = new ReasonsMask();
-        _mask.addReasons(new ReasonsMask(_reasons & mask.getReasons()));
-        return _mask;
-    }
-
-    /**
-     * Returns true if the passed reasons mask has new reasons.
-     * 
-     * @param mask The reasons mask which should be tested for new reasons.
-     * @return true if the passed reasons mask has new reasons.
-     */
-    boolean hasNewReasons(ReasonsMask mask)
-    {
-        return ((_reasons | mask.getReasons() ^ _reasons) != 0);
-    }
-
-    /**
-     * Returns the reasons in this mask.
-     * 
-     * @return Returns the reasons.
-     */
-    int getReasons()
-    {
-        return _reasons;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
deleted file mode 100644
index 0ee9f11e1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
+++ /dev/null
@@ -1,431 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.CipherSpi;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.engines.RC2WrapEngine;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-
-public abstract class WrapCipherSpi extends CipherSpi
-    implements PBE
-{
-    //
-    // specs we can handle.
-    //
-    private Class[]                 availableSpecs =
-                                    {
-                                        IvParameterSpec.class,
-                                        PBEParameterSpec.class,
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class
-                                    };
-
-    protected int                     pbeType = PKCS12;
-    protected int                     pbeHash = SHA1;
-    protected int                     pbeKeySize;
-    protected int                     pbeIvSize;
-
-    protected AlgorithmParameters     engineParams = null;
-
-    protected Wrapper                 wrapEngine = null;
-
-    private int                       ivSize;
-    private byte[]                    iv;
-
-    protected WrapCipherSpi()
-    {
-    }
-
-    protected WrapCipherSpi(
-        Wrapper wrapEngine)
-    {
-        this(wrapEngine, 0);
-    }
-
-    protected WrapCipherSpi(
-        Wrapper wrapEngine,
-        int     ivSize)
-    {
-        this.wrapEngine = wrapEngine;
-        this.ivSize = ivSize;
-    }
-
-    protected int engineGetBlockSize()
-    {
-        return 0;
-    }
-
-    protected byte[] engineGetIV()
-    {
-        return (byte[])iv.clone();
-    }
-
-    protected int engineGetKeySize(
-        Key     key)
-    {
-        return key.getEncoded().length;
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen)
-    {
-        return -1;
-    }
-
-    protected AlgorithmParameters engineGetParameters()
-    {
-        return null;
-    }
-
-    protected void engineSetMode(
-        String  mode)
-        throws NoSuchAlgorithmException
-    {
-        throw new NoSuchAlgorithmException("can't support mode " + mode);
-    }
-
-    protected void engineSetPadding(
-        String  padding)
-    throws NoSuchPaddingException
-    {
-        throw new NoSuchPaddingException("Padding " + padding + " unknown.");
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random)
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        CipherParameters        param;
-
-        if (key instanceof JCEPBEKey)
-        {
-            JCEPBEKey   k = (JCEPBEKey)key;
-            
-            if (params instanceof PBEParameterSpec)
-            {
-                param = PBE.Util.makePBEParameters(k, params, wrapEngine.getAlgorithmName());
-            }
-            else if (k.getParam() != null)
-            {
-                param = k.getParam();
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
-            }
-        }
-        else
-        {
-            param = new KeyParameter(key.getEncoded());
-        }
-
-        if (params instanceof javax.crypto.spec.IvParameterSpec)
-        {
-            IvParameterSpec iv = (IvParameterSpec) params;
-            param = new ParametersWithIV(param, iv.getIV());
-        }
-
-        if (param instanceof KeyParameter && ivSize != 0)
-        {
-            iv = new byte[ivSize];
-            random.nextBytes(iv);
-            param = new ParametersWithIV(param, iv);
-        }
-
-        switch (opmode)
-        {
-        case Cipher.WRAP_MODE:
-            wrapEngine.init(true, param);
-            break;
-        case Cipher.UNWRAP_MODE:
-            wrapEngine.init(false, param);
-            break;
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.DECRYPT_MODE:
-            throw new IllegalArgumentException("engine only valid for wrapping");
-        default:
-            System.out.println("eeek!");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random)
-    throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        AlgorithmParameterSpec  paramSpec = null;
-
-        if (params != null)
-        {
-            for (int i = 0; i != availableSpecs.length; i++)
-            {
-                try
-                {
-                    paramSpec = params.getParameterSpec(availableSpecs[i]);
-                    break;
-                }
-                catch (Exception e)
-                {
-                    // try next spec
-                }
-            }
-
-            if (paramSpec == null)
-            {
-                throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString());
-            }
-        }
-
-        engineParams = params;
-        engineInit(opmode, key, paramSpec, random);
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random)
-        throws InvalidKeyException
-    {
-        try
-        {
-            engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new IllegalArgumentException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen)
-    {
-        throw new RuntimeException("not supported for wrapping");
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset)
-        throws ShortBufferException
-    {
-        throw new RuntimeException("not supported for wrapping");
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen)
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        return null;
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset)
-        throws IllegalBlockSizeException, BadPaddingException
-    {
-        return 0;
-    }
-
-    protected byte[] engineWrap(
-        Key     key)
-    throws IllegalBlockSizeException, java.security.InvalidKeyException
-    {
-        byte[] encoded = key.getEncoded();
-        if (encoded == null)
-        {
-            throw new InvalidKeyException("Cannot wrap key, null encoding.");
-        }
-
-        try
-        {
-            if (wrapEngine == null)
-            {
-                return engineDoFinal(encoded, 0, encoded.length);
-            }
-            else
-            {
-                return wrapEngine.wrap(encoded, 0, encoded.length);
-            }
-        }
-        catch (BadPaddingException e)
-        {
-            throw new IllegalBlockSizeException(e.getMessage());
-        }
-    }
-
-    protected Key engineUnwrap(
-        byte[]  wrappedKey,
-        String  wrappedKeyAlgorithm,
-        int     wrappedKeyType)
-    throws InvalidKeyException
-    {
-        byte[] encoded;
-        try
-        {
-            if (wrapEngine == null)
-            {
-                encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length);
-            }
-            else
-            {
-                encoded = wrapEngine.unwrap(wrappedKey, 0, wrappedKey.length);
-            }
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-        catch (BadPaddingException e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-        catch (IllegalBlockSizeException e2)
-        {
-            throw new InvalidKeyException(e2.getMessage());
-        }
-
-        if (wrappedKeyType == Cipher.SECRET_KEY)
-        {
-            return new SecretKeySpec(encoded, wrappedKeyAlgorithm);
-        }
-        else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY)
-        {
-            /*
-             * The caller doesnt know the algorithm as it is part of
-             * the encrypted data.
-             */
-            ASN1InputStream bIn = new ASN1InputStream(encoded);
-            PrivateKey      privKey;
-
-            try
-            {
-                ASN1Sequence         s = (ASN1Sequence)bIn.readObject();
-                PrivateKeyInfo       in = new PrivateKeyInfo(s);
-
-                DERObjectIdentifier  oid = in.getAlgorithmId().getObjectId();
-
-                if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-                {
-                    privKey = new JCEECPrivateKey(in);
-                }
-                else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
-                {
-                    privKey = new JDKGOST3410PrivateKey(in);
-                }
-                else if (oid.equals(X9ObjectIdentifiers.id_dsa))
-                {
-                    privKey = new JDKDSAPrivateKey(in);
-                }
-                else if (oid.equals(PKCSObjectIdentifiers.dhKeyAgreement))
-                {
-                    privKey = new JCEDHPrivateKey(in);
-                }
-                else if (oid.equals(X9ObjectIdentifiers.dhpublicnumber))
-                {
-                    privKey = new JCEDHPrivateKey(in);
-                }
-                else    // the old standby!
-                {
-                    privKey = new JCERSAPrivateCrtKey(in);
-                }
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeyException("Invalid key encoding.");
-            }
-
-            return privKey;
-        }
-        else
-        {
-            try
-            {
-                KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
-
-                if (wrappedKeyType == Cipher.PUBLIC_KEY)
-                {
-                    return kf.generatePublic(new X509EncodedKeySpec(encoded));
-                }
-                else if (wrappedKeyType == Cipher.PRIVATE_KEY)
-                {
-                    return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
-                }
-            }
-            catch (NoSuchProviderException e)
-            {
-                throw new InvalidKeyException("Unknown key type " + e.getMessage());
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                throw new InvalidKeyException("Unknown key type " + e.getMessage());
-            }
-            catch (InvalidKeySpecException e2)
-            {
-                throw new InvalidKeyException("Unknown key type " + e2.getMessage());
-            }
-
-            throw new InvalidKeyException("Unknown key type " + wrappedKeyType);
-        }
-    }
-
-    //
-    // classes that inherit directly from us
-    //
-
-    public static class RC2Wrap
-        extends WrapCipherSpi
-    {
-        public RC2Wrap()
-        {
-            super(new RC2WrapEngine());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java
deleted file mode 100644
index a59fdcf33..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java
+++ /dev/null
@@ -1,156 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509StreamParserSpi;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-import org.bouncycastle.x509.util.StreamParsingException;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-public class X509AttrCertParser
-    extends X509StreamParserSpi
-{
-    private static final PEMUtil PEM_PARSER = new PEMUtil("ATTRIBUTE CERTIFICATE");
-
-    private ASN1Set     sData = null;
-    private int         sDataObjectCount = 0;
-    private InputStream currentStream = null;
-
-    private X509AttributeCertificate readDERCertificate(
-        InputStream in)
-        throws IOException
-    {
-        ASN1InputStream dIn = new ASN1InputStream(in, ProviderUtil.getReadLimit(in));
-        ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
-
-        if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
-        {
-            if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
-            {
-                sData = new SignedData(ASN1Sequence.getInstance(
-                                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();
-
-                return getCertificate();
-            }
-        }
-
-        return new X509V2AttributeCertificate(seq.getEncoded());
-    }
-
-    private X509AttributeCertificate getCertificate()
-        throws IOException
-    {
-        if (sData != null)
-        {
-            while (sDataObjectCount < sData.size())
-            {
-                Object obj = sData.getObjectAt(sDataObjectCount++);
-
-                if (obj instanceof ASN1TaggedObject && ((ASN1TaggedObject)obj).getTagNo() == 2)
-                {
-                   return new X509V2AttributeCertificate(
-                          ASN1Sequence.getInstance((ASN1TaggedObject)obj, false).getEncoded());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    private X509AttributeCertificate readPEMCertificate(
-        InputStream  in)
-        throws IOException
-    {
-        ASN1Sequence seq = PEM_PARSER.readPEMObject(in);
-
-        if (seq != null)
-        {
-            return new X509V2AttributeCertificate(seq.getEncoded());
-        }
-
-        return null;
-    }
-
-    public void engineInit(InputStream in)
-    {
-        currentStream = in;
-        sData = null;
-        sDataObjectCount = 0;
-
-        if (!currentStream.markSupported())
-        {
-            currentStream = new BufferedInputStream(currentStream);
-        }
-    }
-
-    public Object engineRead()
-        throws StreamParsingException
-    {
-        try
-        {
-            if (sData != null)
-            {
-                if (sDataObjectCount != sData.size())
-                {
-                    return getCertificate();
-                }
-                else
-                {
-                    sData = null;
-                    sDataObjectCount = 0;
-                    return null;
-                }
-            }
-
-            currentStream.mark(10);
-            int    tag = currentStream.read();
-
-            if (tag == -1)
-            {
-                return null;
-            }
-
-            if (tag != 0x30)  // assume ascii PEM encoded.
-            {
-                currentStream.reset();
-                return readPEMCertificate(currentStream);
-            }
-            else
-            {
-                currentStream.reset();
-                return readDERCertificate(currentStream);
-            }
-        }
-        catch (Exception e)
-        {
-            throw new StreamParsingException(e.toString(), e);
-        }
-    }
-
-    public Collection engineReadAll()
-        throws StreamParsingException
-    {
-        X509AttributeCertificate cert;
-        List certs = new ArrayList();
-
-        while ((cert = (X509AttributeCertificate)engineRead()) != null)
-        {
-            certs.add(cert);
-        }
-
-        return certs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
deleted file mode 100644
index 1a073e0fc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
+++ /dev/null
@@ -1,289 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CRLException;
-import java.security.cert.X509CRLEntry;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-/**
- * The following extensions are listed in RFC 2459 as relevant to CRL Entries
- * 
- * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer
- * (critical)
- */
-public class X509CRLEntryObject extends X509CRLEntry
-{
-    private TBSCertList.CRLEntry c;
-
-    private boolean isIndirect;
-
-    private X500Principal previousCertificateIssuer;
-    private X500Principal certificateIssuer;
-    private int           hashValue;
-    private boolean       isHashValueSet;
-
-    public X509CRLEntryObject(TBSCertList.CRLEntry c)
-    {
-        this.c = c;
-        this.certificateIssuer = loadCertificateIssuer();
-    }
-
-    /**
-     * Constructor for CRLEntries of indirect CRLs. If isIndirect
-     * is false {@link #getCertificateIssuer()} will always
-     * return null, previousCertificateIssuer is
-     * ignored. If this isIndirect is specified and this CRLEntry
-     * has no certificate issuer CRL entry extension
-     * previousCertificateIssuer is returned by
-     * {@link #getCertificateIssuer()}.
-     * 
-     * @param c
-     *            TBSCertList.CRLEntry object.
-     * @param isIndirect
-     *            true if the corresponding CRL is a indirect
-     *            CRL.
-     * @param previousCertificateIssuer
-     *            Certificate issuer of the previous CRLEntry.
-     */
-    public X509CRLEntryObject(
-        TBSCertList.CRLEntry c,
-        boolean isIndirect,
-        X500Principal previousCertificateIssuer)
-    {
-        this.c = c;
-        this.isIndirect = isIndirect;
-        this.previousCertificateIssuer = previousCertificateIssuer;
-        this.certificateIssuer = loadCertificateIssuer();
-    }
-
-    /**
-     * Will return true if any extensions are present and marked as critical as
-     * we currently dont handle any extensions!
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-
-        return extns != null && !extns.isEmpty();
-    }
-
-    private X500Principal loadCertificateIssuer()
-    {
-        if (!isIndirect)
-        {
-            return null;
-        }
-
-        byte[] ext = getExtensionValue(X509Extensions.CertificateIssuer.getId());
-        if (ext == null)
-        {
-            return previousCertificateIssuer;
-        }
-
-        try
-        {
-            GeneralName[] names = GeneralNames.getInstance(
-                    X509ExtensionUtil.fromExtensionValue(ext)).getNames();
-            for (int i = 0; i < names.length; i++)
-            {
-                if (names[i].getTagNo() == GeneralName.directoryName)
-                {
-                    return new X500Principal(names[i].getName().getDERObject().getDEREncoded());
-                }
-            }
-            return null;
-        }
-        catch (IOException e)
-        {
-            return null;
-        }
-    }
-
-    public X500Principal getCertificateIssuer()
-    {
-        return certificateIssuer;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        X509Extensions extensions = c.getExtensions();
-
-        if (extensions != null)
-        {
-            Set set = new HashSet();
-            Enumeration e = extensions.oids();
-
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
-                X509Extension ext = extensions.getExtension(oid);
-
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-
-            return set;
-        }
-
-        return null;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = c.getExtensions();
-
-        if (exts != null)
-        {
-            X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded();
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    /**
-     * Cache the hashCode value - calculating it with the standard method.
-     * @return  calculated hashCode.
-     */
-    public int hashCode()
-    {
-        if (!isHashValueSet)
-        {
-            hashValue = super.hashCode();
-            isHashValueSet = true;
-        }
-
-        return hashValue;
-    }
-
-    public byte[] getEncoded()
-        throws CRLException
-    {
-        try
-        {
-            return c.getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new CRLException(e.toString());
-        }
-    }
-
-    public BigInteger getSerialNumber()
-    {
-        return c.getUserCertificate().getValue();
-    }
-
-    public Date getRevocationDate()
-    {
-        return c.getRevocationDate().getDate();
-    }
-
-    public boolean hasExtensions()
-    {
-        return c.getExtensions() != null;
-    }
-
-    public String toString()
-    {
-        StringBuffer buf = new StringBuffer();
-        String nl = System.getProperty("line.separator");
-
-        buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
-        buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
-        buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
-
-        X509Extensions extensions = c.getExtensions();
-
-        if (extensions != null)
-        {
-            Enumeration e = extensions.oids();
-            if (e.hasMoreElements())
-            {
-                buf.append("   crlEntryExtensions:").append(nl);
-
-                while (e.hasMoreElements())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                    X509Extension ext = extensions.getExtension(oid);
-                    if (ext.getValue() != null)
-                    {
-                        byte[]                  octs = ext.getValue().getOctets();
-                        ASN1InputStream dIn = new ASN1InputStream(octs);
-                        buf.append("                       critical(").append(ext.isCritical()).append(") ");
-                        try
-                        {
-                            if (oid.equals(X509Extensions.ReasonCode))
-                            {
-                                buf.append(new CRLReason(DEREnumerated.getInstance(dIn.readObject()))).append(nl);
-                            }
-                            else if (oid.equals(X509Extensions.CertificateIssuer))
-                            {
-                                buf.append("Certificate issuer: ").append(new GeneralNames((ASN1Sequence)dIn.readObject())).append(nl);
-                            }
-                            else 
-                            {
-                                buf.append(oid.getId());
-                                buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
-                            }
-                        }
-                        catch (Exception ex)
-                        {
-                            buf.append(oid.getId());
-                            buf.append(" value = ").append("*****").append(nl);
-                        }
-                    }
-                    else
-                    {
-                        buf.append(nl);
-                    }
-                }
-            }
-        }
-
-        return buf.toString();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
deleted file mode 100644
index 956c58b91..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
+++ /dev/null
@@ -1,530 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CRLException;
-import java.security.cert.Certificate;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.CRLNumber;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-/**
- * The following extensions are listed in RFC 2459 as relevant to CRLs
- *
- * Authority Key Identifier
- * Issuer Alternative Name
- * CRL Number
- * Delta CRL Indicator (critical)
- * Issuing Distribution Point (critical)
- */
-public class X509CRLObject
-    extends X509CRL
-{
-    private CertificateList c;
-    private String sigAlgName;
-    private byte[] sigAlgParams;
-    private boolean isIndirect;
-
-    public X509CRLObject(
-        CertificateList c)
-        throws CRLException
-    {
-        this.c = c;
-        
-        try
-        {
-            this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
-            
-            if (c.getSignatureAlgorithm().getParameters() != null)
-            {
-                this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).getDEREncoded();
-            }
-            else
-            {
-                this.sigAlgParams = null;
-            }
-
-            this.isIndirect = isIndirectCRL();
-        }
-        catch (Exception e)
-        {
-            throw new CRLException("CRL contents invalid: " + e);
-        }
-    }
-
-    /**
-     * Will return true if any extensions are present and marked
-     * as critical as we currently dont handle any extensions!
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-
-        if (extns == null)
-        {
-            return false;
-        }
-
-        extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
-        extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
-
-        return !extns.isEmpty();
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        if (this.getVersion() == 2)
-        {
-            X509Extensions extensions = c.getTBSCertList().getExtensions();
-
-            if (extensions != null)
-            {
-                Set set = new HashSet();
-                Enumeration e = extensions.oids();
-
-                while (e.hasMoreElements())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                    X509Extension ext = extensions.getExtension(oid);
-
-                    if (critical == ext.isCritical())
-                    {
-                        set.add(oid.getId());
-                    }
-                }
-
-                return set;
-            }
-        }
-
-        return null;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = c.getTBSCertList().getExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded();
-                }
-                catch (Exception e)
-                {
-                    throw new IllegalStateException("error parsing " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    public byte[] getEncoded()
-        throws CRLException
-    {
-        try
-        {
-            return c.getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new CRLException(e.toString());
-        }
-    }
-
-    public void verify(PublicKey key)
-        throws CRLException,  NoSuchAlgorithmException,
-            InvalidKeyException, NoSuchProviderException, SignatureException
-    {
-        verify(key, BouncyCastleProvider.PROVIDER_NAME);
-    }
-
-    public void verify(PublicKey key, String sigProvider)
-        throws CRLException, NoSuchAlgorithmException,
-            InvalidKeyException, NoSuchProviderException, SignatureException
-    {
-        if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()))
-        {
-            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
-        }
-
-        Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);
-
-        sig.initVerify(key);
-        sig.update(this.getTBSCertList());
-        if (!sig.verify(this.getSignature()))
-        {
-            throw new SignatureException("CRL does not verify with supplied public key.");
-        }
-    }
-
-    public int getVersion()
-    {
-        return c.getVersion();
-    }
-
-    public Principal getIssuerDN()
-    {
-        return new X509Principal(c.getIssuer());
-    }
-
-    public X500Principal getIssuerX500Principal()
-    {
-        try
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-            aOut.writeObject(c.getIssuer());
-
-            return new X500Principal(bOut.toByteArray());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("can't encode issuer DN");
-        }
-    }
-
-    public Date getThisUpdate()
-    {
-        return c.getThisUpdate().getDate();
-    }
-
-    public Date getNextUpdate()
-    {
-        if (c.getNextUpdate() != null)
-        {
-            return c.getNextUpdate().getDate();
-        }
-
-        return null;
-    }
- 
-    private Set loadCRLEntries()
-    {
-        Set entrySet = new HashSet();
-        Enumeration certs = c.getRevokedCertificateEnumeration();
-
-        X500Principal previousCertificateIssuer = getIssuerX500Principal();
-        while (certs.hasMoreElements())
-        {
-            TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement();
-            X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
-            entrySet.add(crlEntry);
-            previousCertificateIssuer = crlEntry.getCertificateIssuer();
-        }
-
-        return entrySet;
-    }
-
-    public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
-    {
-        Enumeration certs = c.getRevokedCertificateEnumeration();
-
-        X500Principal previousCertificateIssuer = getIssuerX500Principal();
-        while (certs.hasMoreElements())
-        {
-            TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement();
-            X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
-
-            if (serialNumber.equals(entry.getUserCertificate().getValue()))
-            {
-                return crlEntry;
-            }
-
-            previousCertificateIssuer = crlEntry.getCertificateIssuer();
-        }
-
-        return null;
-    }
-
-    public Set getRevokedCertificates()
-    {
-        Set entrySet = loadCRLEntries();
-
-        if (!entrySet.isEmpty())
-        {
-            return Collections.unmodifiableSet(entrySet);
-        }
-
-        return null;
-    }
-
-    public byte[] getTBSCertList()
-        throws CRLException
-    {
-        try
-        {
-            return c.getTBSCertList().getEncoded("DER");
-        }
-        catch (IOException e)
-        {
-            throw new CRLException(e.toString());
-        }
-    }
-
-    public byte[] getSignature()
-    {
-        return c.getSignature().getBytes();
-    }
-
-    public String getSigAlgName()
-    {
-        return sigAlgName;
-    }
-
-    public String getSigAlgOID()
-    {
-        return c.getSignatureAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getSigAlgParams()
-    {
-        if (sigAlgParams != null)
-        {
-            byte[] tmp = new byte[sigAlgParams.length];
-            
-            System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length);
-            
-            return tmp;
-        }
-        
-        return null;
-    }
-
-    /**
-     * Returns a string representation of this CRL.
-     *
-     * @return a string representation of this CRL.
-     */
-    public String toString()
-    {
-        StringBuffer buf = new StringBuffer();
-        String nl = System.getProperty("line.separator");
-
-        buf.append("              Version: ").append(this.getVersion()).append(
-            nl);
-        buf.append("             IssuerDN: ").append(this.getIssuerDN())
-            .append(nl);
-        buf.append("          This update: ").append(this.getThisUpdate())
-            .append(nl);
-        buf.append("          Next update: ").append(this.getNextUpdate())
-            .append(nl);
-        buf.append("  Signature Algorithm: ").append(this.getSigAlgName())
-            .append(nl);
-
-        byte[] sig = this.getSignature();
-
-        buf.append("            Signature: ").append(
-            new String(Hex.encode(sig, 0, 20))).append(nl);
-        for (int i = 20; i < sig.length; i += 20)
-        {
-            if (i < sig.length - 20)
-            {
-                buf.append("                       ").append(
-                    new String(Hex.encode(sig, i, 20))).append(nl);
-            }
-            else
-            {
-                buf.append("                       ").append(
-                    new String(Hex.encode(sig, i, sig.length - i))).append(nl);
-            }
-        }
-
-        X509Extensions extensions = c.getTBSCertList().getExtensions();
-
-        if (extensions != null)
-        {
-            Enumeration e = extensions.oids();
-
-            if (e.hasMoreElements())
-            {
-                buf.append("           Extensions: ").append(nl);
-            }
-
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
-                X509Extension ext = extensions.getExtension(oid);
-
-                if (ext.getValue() != null)
-                {
-                    byte[] octs = ext.getValue().getOctets();
-                    ASN1InputStream dIn = new ASN1InputStream(octs);
-                    buf.append("                       critical(").append(
-                        ext.isCritical()).append(") ");
-                    try
-                    {
-                        if (oid.equals(X509Extensions.CRLNumber))
-                        {
-                            buf.append(
-                                new CRLNumber(DERInteger.getInstance(
-                                    dIn.readObject()).getPositiveValue()))
-                                .append(nl);
-                        }
-                        else if (oid.equals(X509Extensions.DeltaCRLIndicator))
-                        {
-                            buf.append(
-                                "Base CRL: "
-                                    + new CRLNumber(DERInteger.getInstance(
-                                        dIn.readObject()).getPositiveValue()))
-                                .append(nl);
-                        }
-                        else if (oid
-                            .equals(X509Extensions.IssuingDistributionPoint))
-                        {
-                            buf.append(
-                                new IssuingDistributionPoint((ASN1Sequence) dIn
-                                    .readObject())).append(nl);
-                        }
-                        else if (oid
-                            .equals(X509Extensions.CRLDistributionPoints))
-                        {
-                            buf.append(
-                                new CRLDistPoint((ASN1Sequence) dIn
-                                    .readObject())).append(nl);
-                        }
-                        else if (oid.equals(X509Extensions.FreshestCRL))
-                        {
-                            buf.append(
-                                new CRLDistPoint((ASN1Sequence) dIn
-                                    .readObject())).append(nl);
-                        }
-                        else
-                        {
-                            buf.append(oid.getId());
-                            buf.append(" value = ").append(
-                                ASN1Dump.dumpAsString(dIn.readObject()))
-                                .append(nl);
-                        }
-                    }
-                    catch (Exception ex)
-                    {
-                        buf.append(oid.getId());
-                        buf.append(" value = ").append("*****").append(nl);
-                    }
-                }
-                else
-                {
-                    buf.append(nl);
-                }
-            }
-        }
-        Set set = getRevokedCertificates();
-        if (set != null)
-        {
-            Iterator it = set.iterator();
-            while (it.hasNext())
-            {
-                buf.append(it.next());
-                buf.append(nl);
-            }
-        }
-        return buf.toString();
-    }
-
-    /**
-     * Checks whether the given certificate is on this CRL.
-     *
-     * @param cert the certificate to check for.
-     * @return true if the given certificate is on this CRL,
-     * false otherwise.
-     */
-    public boolean isRevoked(Certificate cert)
-    {
-        if (!cert.getType().equals("X.509"))
-        {
-            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
-        }
-
-        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
-
-        if (certs != null)
-        {
-            BigInteger serial = ((X509Certificate)cert).getSerialNumber();
-
-            for (int i = 0; i < certs.length; i++)
-            {
-                if (certs[i].getUserCertificate().getValue().equals(serial))
-                {
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
-
-    private boolean isIndirectCRL()
-        throws CRLException
-    {
-        byte[] idp = getExtensionValue(X509Extensions.IssuingDistributionPoint.getId());
-        boolean isIndirect = false;
-        try
-        {
-            if (idp != null)
-            {
-                isIndirect = IssuingDistributionPoint.getInstance(
-                        X509ExtensionUtil.fromExtensionValue(idp))
-                        .isIndirectCRL();
-            }
-        }
-        catch (Exception e)
-        {
-            throw new ExtCRLException(
-                    "Exception reading IssuingDistributionPoint", e);
-        }
-
-        return isIndirect;
-    }
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java
deleted file mode 100644
index f0ddf89e8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java
+++ /dev/null
@@ -1,150 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.x509.X509StreamParserSpi;
-import org.bouncycastle.x509.util.StreamParsingException;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.cert.CRL;
-import java.security.cert.CRLException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-public class X509CRLParser
-    extends X509StreamParserSpi
-{
-    private static final PEMUtil PEM_PARSER = new PEMUtil("CRL");
-
-    private ASN1Set     sData = null;
-    private int         sDataObjectCount = 0;
-    private InputStream currentStream = null;
-
-    private CRL readDERCRL(
-        InputStream in)
-        throws IOException, CRLException
-    {
-        ASN1InputStream dIn = new ASN1InputStream(in, ProviderUtil.getReadLimit(in));
-        ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
-
-        if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
-        {
-            if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
-            {
-                sData = new SignedData(ASN1Sequence.getInstance(
-                                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
-
-                return getCRL();
-            }
-        }
-
-        return new X509CRLObject(CertificateList.getInstance(seq));
-    }
-
-    private CRL getCRL()
-        throws CRLException
-    {
-        if (sData == null || sDataObjectCount >= sData.size())
-        {
-            return null;
-        }
-
-        return new X509CRLObject(
-                        CertificateList.getInstance(
-                                sData.getObjectAt(sDataObjectCount++)));
-    }
-
-    private CRL readPEMCRL(
-        InputStream  in)
-        throws IOException, CRLException
-    {
-        ASN1Sequence seq = PEM_PARSER.readPEMObject(in);
-
-        if (seq != null)
-        {
-            return new X509CRLObject(CertificateList.getInstance(seq));
-        }
-
-        return null;
-    }
-
-    public void engineInit(InputStream in)
-    {
-        currentStream = in;
-        sData = null;
-        sDataObjectCount = 0;
-
-        if (!currentStream.markSupported())
-        {
-            currentStream = new BufferedInputStream(currentStream);
-        }
-    }
-
-    public Object engineRead()
-        throws StreamParsingException
-    {
-        try
-        {
-            if (sData != null)
-            {
-                if (sDataObjectCount != sData.size())
-                {
-                    return getCRL();
-                }
-                else
-                {
-                    sData = null;
-                    sDataObjectCount = 0;
-                    return null;
-                }
-            }
-
-            currentStream.mark(10);
-            int    tag = currentStream.read();
-
-            if (tag == -1)
-            {
-                return null;
-            }
-
-            if (tag != 0x30)  // assume ascii PEM encoded.
-            {
-                currentStream.reset();
-                return readPEMCRL(currentStream);
-            }
-            else
-            {
-                currentStream.reset();
-                return readDERCRL(currentStream);
-            }
-        }
-        catch (Exception e)
-        {
-            throw new StreamParsingException(e.toString(), e);
-        }
-    }
-
-    public Collection engineReadAll()
-        throws StreamParsingException
-    {
-        CRL     crl;
-        List certs = new ArrayList();
-
-        while ((crl = (CRL)engineRead()) != null)
-        {
-            certs.add(crl);
-        }
-
-        return certs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java
deleted file mode 100644
index 0f8967b4a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.CertificatePair;
-import org.bouncycastle.x509.X509CertificatePair;
-import org.bouncycastle.x509.X509StreamParserSpi;
-import org.bouncycastle.x509.util.StreamParsingException;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.cert.CertificateParsingException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-public class X509CertPairParser
-    extends X509StreamParserSpi
-{
-    private InputStream currentStream = null;
-
-    private X509CertificatePair readDERCrossCertificatePair(
-        InputStream in)
-        throws IOException, CertificateParsingException
-    {
-        ASN1InputStream dIn = new ASN1InputStream(in, ProviderUtil.getReadLimit(in));
-        ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
-        CertificatePair pair = CertificatePair.getInstance(seq);
-        return new X509CertificatePair(pair);
-    }
-
-    public void engineInit(InputStream in)
-    {
-        currentStream = in;
-
-        if (!currentStream.markSupported())
-        {
-            currentStream = new BufferedInputStream(currentStream);
-        }
-    }
-
-    public Object engineRead() throws StreamParsingException
-    {
-        try
-        {
-
-            currentStream.mark(10);
-            int tag = currentStream.read();
-
-            if (tag == -1)
-            {
-                return null;
-            }
-
-            currentStream.reset();
-            return readDERCrossCertificatePair(currentStream);
-        }
-        catch (Exception e)
-        {
-            throw new StreamParsingException(e.toString(), e);
-        }
-    }
-
-    public Collection engineReadAll() throws StreamParsingException
-    {
-        X509CertificatePair pair;
-        List certs = new ArrayList();
-
-        while ((pair = (X509CertificatePair)engineRead()) != null)
-        {
-            certs.add(pair);
-        }
-
-        return certs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java
deleted file mode 100644
index f8d32ebb2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java
+++ /dev/null
@@ -1,159 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.x509.X509StreamParserSpi;
-import org.bouncycastle.x509.util.StreamParsingException;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateParsingException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-public class X509CertParser
-    extends X509StreamParserSpi
-{
-    private static final PEMUtil PEM_PARSER = new PEMUtil("CERTIFICATE");
-
-    private ASN1Set     sData = null;
-    private int         sDataObjectCount = 0;
-    private InputStream currentStream = null;
-
-    private Certificate readDERCertificate(
-        InputStream in)
-        throws IOException, CertificateParsingException
-    {
-        ASN1InputStream dIn = new ASN1InputStream(in, ProviderUtil.getReadLimit(in));
-        ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
-
-        if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
-        {
-            if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
-            {
-                sData = new SignedData(ASN1Sequence.getInstance(
-                                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();
-
-                return getCertificate();
-            }
-        }
-
-        return new X509CertificateObject(
-                            X509CertificateStructure.getInstance(seq));
-    }
-
-    private Certificate getCertificate()
-        throws CertificateParsingException
-    {
-        if (sData != null)
-        {
-            while (sDataObjectCount < sData.size())
-            {
-                Object obj = sData.getObjectAt(sDataObjectCount++);
-
-                if (obj instanceof ASN1Sequence)
-                {
-                   return new X509CertificateObject(
-                                    X509CertificateStructure.getInstance(obj));
-                }
-            }
-        }
-
-        return null;
-    }
-
-    private Certificate readPEMCertificate(
-        InputStream  in)
-        throws IOException, CertificateParsingException
-    {
-        ASN1Sequence seq = PEM_PARSER.readPEMObject(in);
-
-        if (seq != null)
-        {
-            return new X509CertificateObject(
-                            X509CertificateStructure.getInstance(seq));
-        }
-
-        return null;
-    }
-
-    public void engineInit(InputStream in)
-    {
-        currentStream = in;
-        sData = null;
-        sDataObjectCount = 0;
-
-        if (!currentStream.markSupported())
-        {
-            currentStream = new BufferedInputStream(currentStream);
-        }
-    }
-
-    public Object engineRead()
-        throws StreamParsingException
-    {
-        try
-        {
-            if (sData != null)
-            {
-                if (sDataObjectCount != sData.size())
-                {
-                    return getCertificate();
-                }
-                else
-                {
-                    sData = null;
-                    sDataObjectCount = 0;
-                    return null;
-                }
-            }
-
-            currentStream.mark(10);
-            int    tag = currentStream.read();
-
-            if (tag == -1)
-            {
-                return null;
-            }
-
-            if (tag != 0x30)  // assume ascii PEM encoded.
-            {
-                currentStream.reset();
-                return readPEMCertificate(currentStream);
-            }
-            else
-            {
-                currentStream.reset();
-                return readDERCertificate(currentStream);
-            }
-        }
-        catch (Exception e)
-        {
-            throw new StreamParsingException(e.toString(), e);
-        }
-    }
-
-    public Collection engineReadAll()
-        throws StreamParsingException
-    {
-        Certificate     cert;
-        List certs = new ArrayList();
-
-        while ((cert = (Certificate)engineRead()) != null)
-        {
-            certs.add(cert);
-        }
-
-        return certs;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
deleted file mode 100644
index d06de84a9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
+++ /dev/null
@@ -1,794 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Principal;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
-import org.bouncycastle.asn1.misc.NetscapeCertType;
-import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
-import org.bouncycastle.asn1.misc.VerisignCzagExtension;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Hex;
-
-public class X509CertificateObject
-    extends X509Certificate
-    implements PKCS12BagAttributeCarrier
-{
-    private X509CertificateStructure    c;
-    private BasicConstraints            basicConstraints;
-    private boolean[]                   keyUsage;
-    private boolean                     hashValueSet;
-    private int                         hashValue;
-
-    private PKCS12BagAttributeCarrier   attrCarrier = new PKCS12BagAttributeCarrierImpl();
-
-    public X509CertificateObject(
-        X509CertificateStructure    c)
-        throws CertificateParsingException
-    {
-        this.c = c;
-
-        try
-        {
-            byte[]  bytes = this.getExtensionBytes("2.5.29.19");
-
-            if (bytes != null)
-            {
-                basicConstraints = BasicConstraints.getInstance(ASN1Object.fromByteArray(bytes));
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertificateParsingException("cannot construct BasicConstraints: " + e);
-        }
-
-        try
-        {
-            byte[] bytes = this.getExtensionBytes("2.5.29.15");
-            if (bytes != null)
-            {
-                DERBitString    bits = DERBitString.getInstance(ASN1Object.fromByteArray(bytes));
-
-                bytes = bits.getBytes();
-                int length = (bytes.length * 8) - bits.getPadBits();
-
-                keyUsage = new boolean[(length < 9) ? 9 : length];
-
-                for (int i = 0; i != length; i++)
-                {
-                    keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
-                }
-            }
-            else
-            {
-                keyUsage = null;
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertificateParsingException("cannot construct KeyUsage: " + e);
-        }
-    }
-
-    public void checkValidity()
-        throws CertificateExpiredException, CertificateNotYetValidException
-    {
-        this.checkValidity(new Date());
-    }
-
-    public void checkValidity(
-        Date    date)
-        throws CertificateExpiredException, CertificateNotYetValidException
-    {
-        if (date.getTime() > this.getNotAfter().getTime())  // for other VM compatibility
-        {
-            throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
-        }
-
-        if (date.getTime() < this.getNotBefore().getTime())
-        {
-            throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
-        }
-    }
-
-    public int getVersion()
-    {
-        return c.getVersion();
-    }
-
-    public BigInteger getSerialNumber()
-    {
-        return c.getSerialNumber().getValue();
-    }
-
-    public Principal getIssuerDN()
-    {
-        return new X509Principal(c.getIssuer());
-    }
-
-    public X500Principal getIssuerX500Principal()
-    {
-        try
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-            aOut.writeObject(c.getIssuer());
-
-            return new X500Principal(bOut.toByteArray());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("can't encode issuer DN");
-        }
-    }
-
-    public Principal getSubjectDN()
-    {
-        return new X509Principal(c.getSubject());
-    }
-
-    public X500Principal getSubjectX500Principal()
-    {
-        try
-        {
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-            aOut.writeObject(c.getSubject());
-
-            return new X500Principal(bOut.toByteArray());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("can't encode issuer DN");
-        }
-    }
-
-    public Date getNotBefore()
-    {
-        return c.getStartDate().getDate();
-    }
-
-    public Date getNotAfter()
-    {
-        return c.getEndDate().getDate();
-    }
-
-    public byte[] getTBSCertificate()
-        throws CertificateEncodingException
-    {
-        try
-        {
-            return c.getTBSCertificate().getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new CertificateEncodingException(e.toString());
-        }
-    }
-
-    public byte[] getSignature()
-    {
-        return c.getSignature().getBytes();
-    }
-
-    /**
-     * return a more "meaningful" representation for the signature algorithm used in
-     * the certficate.
-     */
-    public String getSigAlgName()
-    {
-        Provider    prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
-
-        if (prov != null)
-        {
-            String      algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
-
-            if (algName != null)
-            {
-                return algName;
-            }
-        }
-
-        Provider[] provs = Security.getProviders();
-
-        //
-        // search every provider looking for a real algorithm
-        //
-        for (int i = 0; i != provs.length; i++)
-        {
-            String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
-            if (algName != null)
-            {
-                return algName;
-            }
-        }
-
-        return this.getSigAlgOID();
-    }
-
-    /**
-     * return the object identifier for the signature.
-     */
-    public String getSigAlgOID()
-    {
-        return c.getSignatureAlgorithm().getObjectId().getId();
-    }
-
-    /**
-     * return the signature parameters, or null if there aren't any.
-     */
-    public byte[] getSigAlgParams()
-    {
-        if (c.getSignatureAlgorithm().getParameters() != null)
-        {
-            return c.getSignatureAlgorithm().getParameters().getDERObject().getDEREncoded();
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-    public boolean[] getIssuerUniqueID()
-    {
-        DERBitString    id = c.getTBSCertificate().getIssuerUniqueId();
-
-        if (id != null)
-        {
-            byte[]          bytes = id.getBytes();
-            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
-
-            for (int i = 0; i != boolId.length; i++)
-            {
-                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
-            }
-
-            return boolId;
-        }
-            
-        return null;
-    }
-
-    public boolean[] getSubjectUniqueID()
-    {
-        DERBitString    id = c.getTBSCertificate().getSubjectUniqueId();
-
-        if (id != null)
-        {
-            byte[]          bytes = id.getBytes();
-            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
-
-            for (int i = 0; i != boolId.length; i++)
-            {
-                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
-            }
-
-            return boolId;
-        }
-            
-        return null;
-    }
-
-    public boolean[] getKeyUsage()
-    {
-        return keyUsage;
-    }
-
-    public List getExtendedKeyUsage() 
-        throws CertificateParsingException
-    {
-        byte[]  bytes = this.getExtensionBytes("2.5.29.37");
-
-        if (bytes != null)
-        {
-            try
-            {
-                ASN1InputStream dIn = new ASN1InputStream(bytes);
-                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
-                List            list = new ArrayList();
-
-                for (int i = 0; i != seq.size(); i++)
-                {
-                    list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId());
-                }
-                
-                return Collections.unmodifiableList(list);
-            }
-            catch (Exception e)
-            {
-                throw new CertificateParsingException("error processing extended key usage extension");
-            }
-        }
-
-        return null;
-    }
-    
-    public int getBasicConstraints()
-    {
-        if (basicConstraints != null)
-        {
-            if (basicConstraints.isCA())
-            {
-                if (basicConstraints.getPathLenConstraint() == null)
-                {
-                    return Integer.MAX_VALUE;
-                }
-                else
-                {
-                    return basicConstraints.getPathLenConstraint().intValue();
-                }
-            }
-            else
-            {
-                return -1;
-            }
-        }
-
-        return -1;
-    }
-
-    public Set getCriticalExtensionOIDs() 
-    {
-        if (this.getVersion() == 3)
-        {
-            Set             set = new HashSet();
-            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
-
-            if (extensions != null)
-            {
-                Enumeration     e = extensions.oids();
-
-                while (e.hasMoreElements())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                    X509Extension       ext = extensions.getExtension(oid);
-
-                    if (ext.isCritical())
-                    {
-                        set.add(oid.getId());
-                    }
-                }
-
-                return set;
-            }
-        }
-
-        return null;
-    }
-
-    private byte[] getExtensionBytes(String oid)
-    {
-        X509Extensions exts = c.getTBSCertificate().getExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-            if (ext != null)
-            {
-                return ext.getValue().getOctets();
-            }
-        }
-
-        return null;
-    }
-
-    public byte[] getExtensionValue(String oid) 
-    {
-        X509Extensions exts = c.getTBSCertificate().getExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded();
-                }
-                catch (Exception e)
-                {
-                    throw new IllegalStateException("error parsing " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    public Set getNonCriticalExtensionOIDs() 
-    {
-        if (this.getVersion() == 3)
-        {
-            Set             set = new HashSet();
-            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
-
-            if (extensions != null)
-            {
-                Enumeration     e = extensions.oids();
-
-                while (e.hasMoreElements())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                    X509Extension       ext = extensions.getExtension(oid);
-
-                    if (!ext.isCritical())
-                    {
-                        set.add(oid.getId());
-                    }
-                }
-
-                return set;
-            }
-        }
-
-        return null;
-    }
-
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        if (this.getVersion() == 3)
-        {
-            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
-
-            if (extensions != null)
-            {
-                Enumeration     e = extensions.oids();
-
-                while (e.hasMoreElements())
-                {
-                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                    String              oidId = oid.getId();
-
-                    if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE)
-                     || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES)
-                     || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS)
-                     || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY)
-                     || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS)
-                     || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)
-                     || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR)
-                     || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS)
-                     || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS)
-                     || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME)
-                     || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS))
-                    {
-                        continue;
-                    }
-
-                    X509Extension       ext = extensions.getExtension(oid);
-
-                    if (ext.isCritical())
-                    {
-                        return true;
-                    }
-                }
-            }
-        }
-
-        return false;
-    }
-
-    public PublicKey getPublicKey()
-    {
-        return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
-    }
-
-    public byte[] getEncoded()
-        throws CertificateEncodingException
-    {
-        try
-        {
-            return c.getEncoded(ASN1Encodable.DER);
-        }
-        catch (IOException e)
-        {
-            throw new CertificateEncodingException(e.toString());
-        }
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof Certificate))
-        {
-            return false;
-        }
-
-        Certificate other = (Certificate)o;
-
-        try
-        {
-            byte[] b1 = this.getEncoded();
-            byte[] b2 = other.getEncoded();
-
-            return Arrays.areEqual(b1, b2);
-        }
-        catch (CertificateEncodingException e)
-        {
-            return false;
-        }
-    }
-    
-    public synchronized int hashCode()
-    {
-        if (!hashValueSet)
-        {
-            hashValue = calculateHashCode();
-            hashValueSet = true;
-        }
-
-        return hashValue;
-    }
-    
-    private int calculateHashCode()
-    {
-        try
-        {
-            int hashCode = 0;
-            byte[] certData = this.getEncoded();
-            for (int i = 1; i < certData.length; i++)
-            {
-                 hashCode += certData[i] * i;
-            }
-            return hashCode;
-        }
-        catch (CertificateEncodingException e)
-        {
-            return 0;
-        }
-    }
-
-    public void setBagAttribute(
-        DERObjectIdentifier oid,
-        DEREncodable        attribute)
-    {
-        attrCarrier.setBagAttribute(oid, attribute);
-    }
-
-    public DEREncodable getBagAttribute(
-        DERObjectIdentifier oid)
-    {
-        return attrCarrier.getBagAttribute(oid);
-    }
-
-    public Enumeration getBagAttributeKeys()
-    {
-        return attrCarrier.getBagAttributeKeys();
-    }
-
-    public String toString()
-    {
-        StringBuffer    buf = new StringBuffer();
-        String          nl = System.getProperty("line.separator");
-
-        buf.append("  [0]         Version: ").append(this.getVersion()).append(nl);
-        buf.append("         SerialNumber: ").append(this.getSerialNumber()).append(nl);
-        buf.append("             IssuerDN: ").append(this.getIssuerDN()).append(nl);
-        buf.append("           Start Date: ").append(this.getNotBefore()).append(nl);
-        buf.append("           Final Date: ").append(this.getNotAfter()).append(nl);
-        buf.append("            SubjectDN: ").append(this.getSubjectDN()).append(nl);
-        buf.append("           Public Key: ").append(this.getPublicKey()).append(nl);
-        buf.append("  Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
-
-        byte[]  sig = this.getSignature();
-
-        buf.append("            Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
-        for (int i = 20; i < sig.length; i += 20)
-        {
-            if (i < sig.length - 20)
-            {
-                buf.append("                       ").append(new String(Hex.encode(sig, i, 20))).append(nl);
-            }
-            else
-            {
-                buf.append("                       ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl);
-            }
-        }
-
-        X509Extensions  extensions = c.getTBSCertificate().getExtensions();
-
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-
-            if (e.hasMoreElements())
-            {
-                buf.append("       Extensions: \n");
-            }
-
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension           ext = extensions.getExtension(oid);
-
-                if (ext.getValue() != null)
-                {
-                    byte[]                  octs = ext.getValue().getOctets();
-                    ASN1InputStream         dIn = new ASN1InputStream(octs);
-                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
-                    try
-                    {
-                        if (oid.equals(X509Extensions.BasicConstraints))
-                        {
-                            buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject())).append(nl);
-                        }
-                        else if (oid.equals(X509Extensions.KeyUsage))
-                        {
-                            buf.append(new KeyUsage((DERBitString)dIn.readObject())).append(nl);
-                        }
-                        else if (oid.equals(MiscObjectIdentifiers.netscapeCertType))
-                        {
-                            buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl);
-                        }
-                        else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL))
-                        {
-                            buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl);
-                        }
-                        else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension))
-                        {
-                            buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl);
-                        }
-                        else 
-                        {
-                            buf.append(oid.getId());
-                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
-                            //buf.append(" value = ").append("*****").append(nl);
-                        }
-                    }
-                    catch (Exception ex)
-                    {
-                        buf.append(oid.getId());
-                   //     buf.append(" value = ").append(new String(Hex.encode(ext.getValue().getOctets()))).append(nl);
-                        buf.append(" value = ").append("*****").append(nl);
-                    }
-                }
-                else
-                {
-                    buf.append(nl);
-                }
-            }
-        }
-
-        return buf.toString();
-    }
-
-    public final void verify(
-        PublicKey   key)
-        throws CertificateException, NoSuchAlgorithmException,
-        InvalidKeyException, NoSuchProviderException, SignatureException
-    {
-        Signature   signature;
-        String      sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
-        
-        try
-        {
-            signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
-        }
-        catch (Exception e)
-        {
-            signature = Signature.getInstance(sigName);
-        }
-        
-        checkSignature(key, signature);
-    }
-    
-    public final void verify(
-        PublicKey   key,
-        String      sigProvider)
-        throws CertificateException, NoSuchAlgorithmException,
-        InvalidKeyException, NoSuchProviderException, SignatureException
-    {
-        String    sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
-        Signature signature = Signature.getInstance(sigName, sigProvider);
-        
-        checkSignature(key, signature);
-    }
-
-    private void checkSignature(
-        PublicKey key, 
-        Signature signature) 
-        throws CertificateException, NoSuchAlgorithmException, 
-            SignatureException, InvalidKeyException
-    {
-        if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature()))
-        {
-            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
-        }
-
-        DEREncodable params = c.getSignatureAlgorithm().getParameters();
-
-        // TODO This should go after the initVerify?
-        X509SignatureUtil.setSignatureParameters(signature, params);
-
-        signature.initVerify(key);
-
-        signature.update(this.getTBSCertificate());
-
-        if (!signature.verify(this.getSignature()))
-        {
-            throw new InvalidKeyException("Public key presented not for certificate signature");
-        }
-    }
-
-    private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
-    {
-        if (!id1.getObjectId().equals(id2.getObjectId()))
-        {
-            return false;
-        }
-
-        if (id1.getParameters() == null)
-        {
-            if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE))
-            {
-                return false;
-            }
-
-            return true;
-        }
-
-        if (id2.getParameters() == null)
-        {
-            if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE))
-            {
-                return false;
-            }
-
-            return true;
-        }
-        
-        return id1.getParameters().equals(id2.getParameters());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
deleted file mode 100644
index 3797607c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
+++ /dev/null
@@ -1,477 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CRL;
-import java.security.cert.CRLSelector;
-import java.security.cert.CertSelector;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertStoreSpi;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRLSelector;
-import java.security.cert.X509CertSelector;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.x509.CertificatePair;
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-
-/**
- * 
- * This is a general purpose implementation to get X.509 certificates and CRLs
- * from a LDAP location.
- * 
    
- * At first a search is performed in the ldap*AttributeNames of the
- * {@link org.bouncycastle.jce.X509LDAPCertStoreParameters} with the given
- * information of the subject (for all kind of certificates) or issuer (for
- * CRLs), respectively, if a X509CertSelector is given with that details. For
- * CRLs, CA certificates and cross certificates a coarse search is made only for
- * entries with that content to get more possibly matchign results.
- */
-public class X509LDAPCertStoreSpi
-    extends CertStoreSpi
-{
-    private X509LDAPCertStoreParameters params;
-
-    public X509LDAPCertStoreSpi(CertStoreParameters params)
-        throws InvalidAlgorithmParameterException
-    {
-        super(params);
-
-        if (!(params instanceof X509LDAPCertStoreParameters))
-        {
-            throw new InvalidAlgorithmParameterException(
-                X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n"
-                    + params.toString());
-        }
-
-        this.params = (X509LDAPCertStoreParameters)params;
-    }
-
-    /**
-     * Initial Context Factory.
-     */
-    private static String LDAP_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";
-
-    /**
-     * Processing referrals..
-     */
-    private static String REFERRALS_IGNORE = "ignore";
-
-    /**
-     * Security level to be used for LDAP connections.
-     */
-    private static final String SEARCH_SECURITY_LEVEL = "none";
-
-    /**
-     * Package Prefix for loading URL context factories.
-     */
-    private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url";
-
-    private DirContext connectLDAP() throws NamingException
-    {
-        Properties props = new Properties();
-        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
-        props.setProperty(Context.BATCHSIZE, "0");
-
-        props.setProperty(Context.PROVIDER_URL, params.getLdapURL());
-        props.setProperty(Context.URL_PKG_PREFIXES, URL_CONTEXT_PREFIX);
-        props.setProperty(Context.REFERRAL, REFERRALS_IGNORE);
-        props.setProperty(Context.SECURITY_AUTHENTICATION,
-            SEARCH_SECURITY_LEVEL);
-
-        DirContext ctx = new InitialDirContext(props);
-        return ctx;
-    }
-
-    private String parseDN(String subject, String subjectAttributeName)
-    {
-        String temp = subject;
-        int begin = temp.toLowerCase().indexOf(
-            subjectAttributeName.toLowerCase());
-        temp = temp.substring(begin + subjectAttributeName.length());
-        int end = temp.indexOf(',');
-        if (end == -1)
-        {
-            end = temp.length();
-        }
-        while (temp.charAt(end - 1) == '\\')
-        {
-            end = temp.indexOf(',', end + 1);
-            if (end == -1)
-            {
-                end = temp.length();
-            }
-        }
-        temp = temp.substring(0, end);
-        begin = temp.indexOf('=');
-        temp = temp.substring(begin + 1);
-        if (temp.charAt(0) == ' ')
-        {
-            temp = temp.substring(1);
-        }
-        if (temp.startsWith("\""))
-        {
-            temp = temp.substring(1);
-        }
-        if (temp.endsWith("\""))
-        {
-            temp = temp.substring(0, temp.length() - 1);
-        }
-        return temp;
-    }
-
-    public Collection engineGetCertificates(CertSelector selector)
-        throws CertStoreException
-    {
-        if (!(selector instanceof X509CertSelector))
-        {
-            throw new CertStoreException("selector is not a X509CertSelector");
-        }
-        X509CertSelector xselector = (X509CertSelector)selector;
-
-        Set certSet = new HashSet();
-
-        Set set = getEndCertificates(xselector);
-        set.addAll(getCACertificates(xselector));
-        set.addAll(getCrossCertificates(xselector));
-
-        Iterator it = set.iterator();
-
-        try
-        {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509",
-                BouncyCastleProvider.PROVIDER_NAME);
-            while (it.hasNext())
-            {
-                byte[] bytes = (byte[])it.next();
-                if (bytes == null || bytes.length == 0)
-                {
-                    continue;
-                }
-
-                List bytesList = new ArrayList();
-                bytesList.add(bytes);
-
-                try
-                {
-                    CertificatePair pair = CertificatePair
-                        .getInstance(new ASN1InputStream(bytes)
-                            .readObject());
-                    bytesList.clear();
-                    if (pair.getForward() != null)
-                    {
-                        bytesList.add(pair.getForward().getEncoded());
-                    }
-                    if (pair.getReverse() != null)
-                    {
-                        bytesList.add(pair.getReverse().getEncoded());
-                    }
-                }
-                catch (IOException e)
-                {
-
-                }
-                catch (IllegalArgumentException e)
-                {
-
-                }
-                for (Iterator it2 = bytesList.iterator(); it2.hasNext();)
-                {
-                    ByteArrayInputStream bIn = new ByteArrayInputStream(
-                        (byte[])it2.next());
-                    try
-                    {
-                        Certificate cert = cf.generateCertificate(bIn);
-                        // System.out.println(((X509Certificate)
-                        // cert).getSubjectX500Principal());
-                        if (xselector.match(cert))
-                        {
-                            certSet.add(cert);
-                        }
-                    }
-                    catch (Exception e)
-                    {
-
-                    }
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertStoreException(
-                "certificate cannot be constructed from LDAP result: " + e);
-        }
-
-        return certSet;
-    }
-
-    private Set certSubjectSerialSearch(X509CertSelector xselector,
-                                        String[] attrs, String attrName, String subjectAttributeName)
-        throws CertStoreException
-    {
-        Set set = new HashSet();
-        try
-        {
-            if (xselector.getSubjectAsBytes() != null
-                || xselector.getSubjectAsString() != null
-                || xselector.getCertificate() != null)
-            {
-                String subject = null;
-                String serial = null;
-                if (xselector.getCertificate() != null)
-                {
-                    subject = xselector.getCertificate()
-                        .getSubjectX500Principal().getName("RFC1779");
-                    serial = xselector.getCertificate().getSerialNumber()
-                        .toString();
-                }
-                else
-                {
-                    if (xselector.getSubjectAsBytes() != null)
-                    {
-                        subject = new X500Principal(xselector
-                            .getSubjectAsBytes()).getName("RFC1779");
-                    }
-                    else
-                    {
-                        subject = xselector.getSubjectAsString();
-                    }
-                }
-                String attrValue = parseDN(subject, subjectAttributeName);
-                set.addAll(search(attrName, "*" + attrValue + "*", attrs));
-                if (serial != null
-                    && params.getSearchForSerialNumberIn() != null)
-                {
-                    attrValue = serial;
-                    attrName = params.getSearchForSerialNumberIn();
-                    set.addAll(search(attrName, "*" + attrValue + "*", attrs));
-                }
-            }
-            else
-            {
-                set.addAll(search(attrName, "*", attrs));
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CertStoreException("exception processing selector: " + e);
-        }
-
-        return set;
-    }
-
-    private Set getEndCertificates(X509CertSelector xselector)
-        throws CertStoreException
-    {
-        String[] attrs = {params.getUserCertificateAttribute()};
-        String attrName = params.getLdapUserCertificateAttributeName();
-        String subjectAttributeName = params.getUserCertificateSubjectAttributeName();
-
-        Set set = certSubjectSerialSearch(xselector, attrs, attrName,
-            subjectAttributeName);
-        return set;
-    }
-
-    private Set getCACertificates(X509CertSelector xselector)
-        throws CertStoreException
-    {
-        String[] attrs = {params.getCACertificateAttribute()};
-        String attrName = params.getLdapCACertificateAttributeName();
-        String subjectAttributeName = params
-            .getCACertificateSubjectAttributeName();
-        Set set = certSubjectSerialSearch(xselector, attrs, attrName,
-            subjectAttributeName);
-
-        if (set.isEmpty())
-        {
-            set.addAll(search(null, "*", attrs));
-        }
-
-        return set;
-    }
-
-    private Set getCrossCertificates(X509CertSelector xselector)
-        throws CertStoreException
-    {
-        String[] attrs = {params.getCrossCertificateAttribute()};
-        String attrName = params.getLdapCrossCertificateAttributeName();
-        String subjectAttributeName = params
-            .getCrossCertificateSubjectAttributeName();
-        Set set = certSubjectSerialSearch(xselector, attrs, attrName,
-            subjectAttributeName);
-
-        if (set.isEmpty())
-        {
-            set.addAll(search(null, "*", attrs));
-        }
-
-        return set;
-    }
-
-    public Collection engineGetCRLs(CRLSelector selector)
-        throws CertStoreException
-    {
-        String[] attrs = {params.getCertificateRevocationListAttribute()};
-        if (!(selector instanceof X509CRLSelector))
-        {
-            throw new CertStoreException("selector is not a X509CRLSelector");
-        }
-        X509CRLSelector xselector = (X509CRLSelector)selector;
-
-        Set crlSet = new HashSet();
-
-        String attrName = params.getLdapCertificateRevocationListAttributeName();
-        Set set = new HashSet();
-
-        if (xselector.getIssuerNames() != null)
-        {
-            for (Iterator it = xselector.getIssuerNames().iterator(); it
-                .hasNext();)
-            {
-                Object o = it.next();
-                String attrValue = null;
-                if (o instanceof String)
-                {
-                    String issuerAttributeName = params
-                        .getCertificateRevocationListIssuerAttributeName();
-                    attrValue = parseDN((String)o, issuerAttributeName);
-                }
-                else
-                {
-                    String issuerAttributeName = params
-                        .getCertificateRevocationListIssuerAttributeName();
-                    attrValue = parseDN(new X500Principal((byte[])o)
-                        .getName("RFC1779"), issuerAttributeName);
-                }
-                set.addAll(search(attrName, "*" + attrValue + "*", attrs));
-            }
-        }
-        else
-        {
-            set.addAll(search(attrName, "*", attrs));
-        }
-        set.addAll(search(null, "*", attrs));
-        Iterator it = set.iterator();
-
-        try
-        {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509",
-                BouncyCastleProvider.PROVIDER_NAME);
-            while (it.hasNext())
-            {
-                CRL crl = cf.generateCRL(new ByteArrayInputStream((byte[])it
-                    .next()));
-                if (xselector.match(crl))
-                {
-                    crlSet.add(crl);
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertStoreException(
-                "CRL cannot be constructed from LDAP result " + e);
-        }
-
-        return crlSet;
-    }
-
-    /**
-     * Returns a Set of byte arrays with the certificate or CRL encodings.
-     *
-     * @param attributeName  The attribute name to look for in the LDAP.
-     * @param attributeValue The value the attribute name must have.
-     * @param attrs          The attributes in the LDAP which hold the certificate,
-     *                       certificate pair or CRL in a found entry.
-     * @return Set of byte arrays with the certificate encodings.
-     */
-    private Set search(String attributeName, String attributeValue,
-                       String[] attrs) throws CertStoreException
-    {
-        String filter = attributeName + "=" + attributeValue;
-        if (attributeName == null)
-        {
-            filter = null;
-        }
-        DirContext ctx = null;
-        Set set = new HashSet();
-        try
-        {
-
-            ctx = connectLDAP();
-
-            SearchControls constraints = new SearchControls();
-            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
-            constraints.setCountLimit(0);
-            for (int i = 0; i < attrs.length; i++)
-            {
-                String temp[] = new String[1];
-                temp[0] = attrs[i];
-                constraints.setReturningAttributes(temp);
-
-                String filter2 = "(&(" + filter + ")(" + temp[0] + "=*))";
-                if (filter == null)
-                {
-                    filter2 = "(" + temp[0] + "=*)";
-                }
-                NamingEnumeration results = ctx.search(params.getBaseDN(),
-                    filter2, constraints);
-                while (results.hasMoreElements())
-                {
-                    SearchResult sr = (SearchResult)results.next();
-                    // should only be one attribute in the attribute set with
-                    // one
-                    // attribute value as byte array
-                    NamingEnumeration enumeration = ((Attribute)(sr
-                        .getAttributes().getAll().next())).getAll();
-                    while (enumeration.hasMore())
-                    {
-                        Object o = enumeration.next();
-                        set.add(o);
-                    }
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertStoreException(
-                "Error getting results from LDAP directory " + e);
-
-        }
-        finally
-        {
-            try
-            {
-                if (null != ctx)
-                {
-                    ctx.close();
-                }
-            }
-            catch (Exception e)
-            {
-            }
-        }
-        return set;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
deleted file mode 100644
index 0ed44bee6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Signature;
-import java.security.SignatureException;
-
-import org.bouncycastle.asn1.ASN1Null;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-class X509SignatureUtil
-{
-    private static final ASN1Null       derNull = new DERNull();
-    
-    static void setSignatureParameters(
-        Signature signature,
-        DEREncodable params) 
-        throws NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        if (params != null && !derNull.equals(params))
-        {
-            /*
-            AlgorithmParameters  sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider());
-            
-            try
-            {
-                sigParams.init(params.getDERObject().getDEREncoded());
-            }
-            catch (IOException e)
-            {
-                throw new SignatureException("IOException decoding parameters: " + e.getMessage());
-            }
-
-            try
-            {
-                signature.setParameters(sigParams.getParameterSpec(PSSParameterSpec.class));
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new SignatureException("Exception extracting parameters: " + e.getMessage());
-            }
-            */
-        }
-    }
-    
-    static String getSignatureName(
-        AlgorithmIdentifier sigAlgId) 
-    {
-        DEREncodable params = sigAlgId.getParameters();
-        
-        if (params != null && !derNull.equals(params))
-        {
-            if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            {
-                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-                
-                return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
-            }
-        }
-
-        return sigAlgId.getObjectId().getId();
-    }
-    
-    /**
-     * Return the digest algorithm using one of the standard JCA string
-     * representations rather the the algorithm identifier (if possible).
-     */
-    private static String getDigestAlgName(
-        DERObjectIdentifier digestAlgOID)
-    {
-        if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
-        {
-            return "MD5";
-        }
-        else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID))
-        {
-            return "SHA1";
-        }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
-        else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
-        {
-            return "SHA256";
-        }
-        else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID))
-        {
-            return "SHA384";
-        }
-        else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID))
-        {
-            return "SHA512";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
-        else
-        {
-            return digestAlgOID.getId();            
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java
deleted file mode 100644
index fdb8ea778..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-
-import java.util.Collection;
-
-public class X509StoreAttrCertCollection
-    extends X509StoreSpi
-{
-    private CollectionStore _store;
-
-    public X509StoreAttrCertCollection()
-    {
-    }
-
-    public void engineInit(X509StoreParameters params)
-    {
-        if (!(params instanceof X509CollectionStoreParameters))
-        {
-            throw new IllegalArgumentException(params.toString());
-        }
-
-        _store = new CollectionStore(((X509CollectionStoreParameters)params).getCollection());
-    }
-
-    public Collection engineGetMatches(Selector selector)
-    {
-        return _store.getMatches(selector);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java
deleted file mode 100644
index 3343d8907..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-
-import java.util.Collection;
-
-public class X509StoreCRLCollection
-    extends X509StoreSpi
-{
-    private CollectionStore _store;
-
-    public X509StoreCRLCollection()
-    {
-    }
-
-    public void engineInit(X509StoreParameters params)
-    {
-        if (!(params instanceof X509CollectionStoreParameters))
-        {
-            throw new IllegalArgumentException(params.toString());
-        }
-
-        _store = new CollectionStore(((X509CollectionStoreParameters)params).getCollection());
-    }
-
-    public Collection engineGetMatches(Selector selector)
-    {
-        return _store.getMatches(selector);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java
deleted file mode 100644
index b5b0f69f5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-
-import java.util.Collection;
-
-public class X509StoreCertCollection
-    extends X509StoreSpi
-{
-    private CollectionStore _store;
-
-    public X509StoreCertCollection()
-    {
-    }
-
-    public void engineInit(X509StoreParameters params)
-    {
-        if (!(params instanceof X509CollectionStoreParameters))
-        {
-            throw new IllegalArgumentException(params.toString());
-        }
-
-        _store = new CollectionStore(((X509CollectionStoreParameters)params).getCollection());
-    }
-
-    public Collection engineGetMatches(Selector selector)
-    {
-        return _store.getMatches(selector);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java
deleted file mode 100644
index f1c1f61c4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-
-import java.util.Collection;
-
-/**
- * This class is a collection based Bouncy Castle
- * {@link org.bouncycastle.x509.X509Store} SPI implementation for certificate
- * pairs.
- *
- * @see org.bouncycastle.x509.X509Store
- * @see org.bouncycastle.x509.X509CertificatePair
- */
-public class X509StoreCertPairCollection extends X509StoreSpi
-{
-
-    private CollectionStore _store;
-
-    public X509StoreCertPairCollection()
-    {
-    }
-
-    /**
-     * Initializes this store.
-     *
-     * @param params The {@link X509CollectionStoreParameters}s for this store.
-     * @throws IllegalArgumentException if params is no instance of
-     *                                  X509CollectionStoreParameters.
-     */
-    public void engineInit(X509StoreParameters params)
-    {
-        if (!(params instanceof X509CollectionStoreParameters))
-        {
-            throw new IllegalArgumentException(
-                "Initialization parameters must be an instance of "
-                    + X509CollectionStoreParameters.class.getName()
-                    + ".");
-        }
-
-        _store = new CollectionStore(((X509CollectionStoreParameters)params)
-            .getCollection());
-    }
-
-    /**
-     * Returns a colelction of certificate pairs which match the given
-     * selector.
-     * 
    
-     * The returned collection contains
-     * {@link org.bouncycastle.x509.X509CertificatePair}s. The selector must be
-     * a {@link org.bouncycastle.x509.X509CertPairStoreSelector} to select
-     * certificate pairs.
-     *
-     * @return A collection with matching certificate pairs.
-     */
-    public Collection engineGetMatches(Selector selector)
-    {
-        return _store.getMatches(selector);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java
deleted file mode 100644
index 4c435ab5e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-import org.bouncycastle.x509.util.LDAPStoreHelper;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * A SPI implementation of Bouncy Castle X509Store for getting
- * attribute certificates from an LDAP directory.
- *
- * @see org.bouncycastle.x509.X509Store
- */
-public class X509StoreLDAPAttrCerts extends X509StoreSpi
-{
-
-    private LDAPStoreHelper helper;
-
-    public X509StoreLDAPAttrCerts()
-    {
-    }
-
-    /**
-     * Initializes this LDAP attribute cert store implementation.
-     *
-     * @param parameters X509LDAPCertStoreParameters.
-     * @throws IllegalArgumentException if params is not an instance of
-     *                                  X509LDAPCertStoreParameters.
-     */
-    public void engineInit(X509StoreParameters parameters)
-    {
-        if (!(parameters instanceof X509LDAPCertStoreParameters))
-        {
-            throw new IllegalArgumentException(
-                "Initialization parameters must be an instance of "
-                    + X509LDAPCertStoreParameters.class.getName() + ".");
-        }
-        helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)parameters);
-    }
-
-    /**
-     * Returns a collection of matching attribute certificates from the LDAP
-     * location.
-     * 
    
-     * The selector must be a of type
-     * X509AttributeCertStoreSelector. If it is not an empty
-     * collection is returned.
-     * 
    
-     * 
    
-     * The subject and the serial number should be reasonable criterias for a
-     * selector.
-     *
-     * @param selector The selector to use for finding.
-     * @return A collection with the matches.
-     * @throws StoreException if an exception occurs while searching.
-     */
-    public Collection engineGetMatches(Selector selector) throws StoreException
-    {
-        if (!(selector instanceof X509AttributeCertStoreSelector))
-        {
-            return Collections.EMPTY_SET;
-        }
-        X509AttributeCertStoreSelector xselector = (X509AttributeCertStoreSelector)selector;
-        Set set = new HashSet();
-        set.addAll(helper.getAACertificates(xselector));
-        set.addAll(helper.getAttributeCertificateAttributes(xselector));
-        set.addAll(helper.getAttributeDescriptorCertificates(xselector));
-        return set;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java
deleted file mode 100644
index 398890d84..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-import org.bouncycastle.x509.util.LDAPStoreHelper;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * A SPI implementation of Bouncy Castle X509Store for getting
- * certificate revocation lists from an LDAP directory.
- *
- * @see org.bouncycastle.x509.X509Store
- */
-public class X509StoreLDAPCRLs extends X509StoreSpi
-{
-
-    private LDAPStoreHelper helper;
-
-    public X509StoreLDAPCRLs()
-    {
-    }
-
-    /**
-     * Initializes this LDAP CRL store implementation.
-     *
-     * @param params X509LDAPCertStoreParameters.
-     * @throws IllegalArgumentException if params is not an instance of
-     *                                  X509LDAPCertStoreParameters.
-     */
-    public void engineInit(X509StoreParameters params)
-    {
-        if (!(params instanceof X509LDAPCertStoreParameters))
-        {
-            throw new IllegalArgumentException(
-                "Initialization parameters must be an instance of "
-                    + X509LDAPCertStoreParameters.class.getName() + ".");
-        }
-        helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params);
-    }
-
-    /**
-     * Returns a collection of matching CRLs from the LDAP location.
-     * 
    
-     * The selector must be a of type X509CRLStoreSelector. If
-     * it is not an empty collection is returned.
-     * 
    
-     * The issuer should be a reasonable criteria for a selector.
-     *
-     * @param selector The selector to use for finding.
-     * @return A collection with the matches.
-     * @throws StoreException if an exception occurs while searching.
-     */
-    public Collection engineGetMatches(Selector selector) throws StoreException
-    {
-        if (!(selector instanceof X509CRLStoreSelector))
-        {
-            return Collections.EMPTY_SET;
-        }
-        X509CRLStoreSelector xselector = (X509CRLStoreSelector)selector;
-        Set set = new HashSet();
-        // test only delta CRLs should be selected
-        if (xselector.isDeltaCRLIndicatorEnabled())
-        {
-            set.addAll(helper.getDeltaCertificateRevocationLists(xselector));
-        }
-        // nothing specified
-        else
-        {
-            set.addAll(helper.getDeltaCertificateRevocationLists(xselector));
-            set.addAll(helper.getAttributeAuthorityRevocationLists(xselector));
-            set
-                .addAll(helper
-                    .getAttributeCertificateRevocationLists(xselector));
-            set.addAll(helper.getAuthorityRevocationLists(xselector));
-            set.addAll(helper.getCertificateRevocationLists(xselector));
-        }
-        return set;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java
deleted file mode 100644
index d5157a440..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.X509CertPairStoreSelector;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-import org.bouncycastle.x509.util.LDAPStoreHelper;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * A SPI implementation of Bouncy Castle X509Store for getting
- * cross certificates pairs from an LDAP directory.
- *
- * @see org.bouncycastle.x509.X509Store
- */
-public class X509StoreLDAPCertPairs extends X509StoreSpi
-{
-
-    private LDAPStoreHelper helper;
-
-    public X509StoreLDAPCertPairs()
-    {
-    }
-
-    /**
-     * Initializes this LDAP cross certificate pair store implementation.
-     *
-     * @param parameters X509LDAPCertStoreParameters.
-     * @throws IllegalArgumentException if params is not an instance of
-     *                                  X509LDAPCertStoreParameters.
-     */
-    public void engineInit(X509StoreParameters parameters)
-    {
-        if (!(parameters instanceof X509LDAPCertStoreParameters))
-        {
-            throw new IllegalArgumentException(
-                "Initialization parameters must be an instance of "
-                    + X509LDAPCertStoreParameters.class.getName() + ".");
-        }
-        helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)parameters);
-    }
-
-    /**
-     * Returns a collection of matching cross certificate pairs from the LDAP
-     * location.
-     * 
    
-     * The selector must be a of type X509CertPairStoreSelector.
-     * If it is not an empty collection is returned.
-     * 
    
-     * 
    
-     * The subject should be a reasonable criteria for a selector.
-     *
-     * @param selector The selector to use for finding.
-     * @return A collection with the matches.
-     * @throws StoreException if an exception occurs while searching.
-     */
-    public Collection engineGetMatches(Selector selector) throws StoreException
-    {
-        if (!(selector instanceof X509CertPairStoreSelector))
-        {
-            return Collections.EMPTY_SET;
-        }
-        X509CertPairStoreSelector xselector = (X509CertPairStoreSelector)selector;
-        Set set = new HashSet();
-        set.addAll(helper.getCrossCertificatePairs(xselector));
-        return set;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java
deleted file mode 100644
index be3bebbdb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.X509CertPairStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
-import org.bouncycastle.x509.X509CertificatePair;
-import org.bouncycastle.x509.X509StoreParameters;
-import org.bouncycastle.x509.X509StoreSpi;
-import org.bouncycastle.x509.util.LDAPStoreHelper;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-/**
- * A SPI implementation of Bouncy Castle X509Store for getting
- * certificates form a LDAP directory.
- *
- * @see org.bouncycastle.x509.X509Store
- */
-public class X509StoreLDAPCerts
-    extends X509StoreSpi
-{
-
-    private LDAPStoreHelper helper;
-
-    public X509StoreLDAPCerts()
-    {
-    }
-
-    /**
-     * Initializes this LDAP cert store implementation.
-     *
-     * @param params X509LDAPCertStoreParameters.
-     * @throws IllegalArgumentException if params is not an instance of
-     *                                  X509LDAPCertStoreParameters.
-     */
-    public void engineInit(X509StoreParameters params)
-    {
-        if (!(params instanceof X509LDAPCertStoreParameters))
-        {
-            throw new IllegalArgumentException(
-                "Initialization parameters must be an instance of "
-                    + X509LDAPCertStoreParameters.class.getName() + ".");
-        }
-        helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params);
-    }
-
-    /**
-     * Returns a collection of matching certificates from the LDAP location.
-     * 
    
-     * The selector must be a of type X509CertStoreSelector. If
-     * it is not an empty collection is returned.
-     * 
    
-     * The implementation searches only for CA certificates, if the method
-     * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is
-     * greater or equal to 0. If it is -2 only end certificates are searched.
-     * 
    
-     * The subject and the serial number for end certificates should be
-     * reasonable criterias for a selector.
-     *
-     * @param selector The selector to use for finding.
-     * @return A collection with the matches.
-     * @throws StoreException if an exception occurs while searching.
-     */
-    public Collection engineGetMatches(Selector selector) throws StoreException
-    {
-        if (!(selector instanceof X509CertStoreSelector))
-        {
-            return Collections.EMPTY_SET;
-        }
-        X509CertStoreSelector xselector = (X509CertStoreSelector)selector;
-        Set set = new HashSet();
-        // test if only CA certificates should be selected
-        if (xselector.getBasicConstraints() > 0)
-        {
-            set.addAll(helper.getCACertificates(xselector));
-            set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
-        }
-        // only end certificates should be selected
-        else if (xselector.getBasicConstraints() == -2)
-        {
-            set.addAll(helper.getUserCertificates(xselector));
-        }
-        // nothing specified
-        else
-        {
-            set.addAll(helper.getUserCertificates(xselector));
-            set.addAll(helper.getCACertificates(xselector));
-            set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
-        }
-        return set;
-    }
-
-    private Collection getCertificatesFromCrossCertificatePairs(
-        X509CertStoreSelector xselector) throws StoreException
-    {
-        Set set = new HashSet();
-        X509CertPairStoreSelector ps = new X509CertPairStoreSelector();
-
-        ps.setForwardSelector(xselector);
-        ps.setReverseSelector(new X509CertStoreSelector());
-        
-        Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps));
-        Set forward = new HashSet();
-        Set reverse = new HashSet();
-        Iterator it = crossCerts.iterator();
-        while (it.hasNext())
-        {
-            X509CertificatePair pair = (X509CertificatePair)it.next();
-            if (pair.getForward() != null)
-            {
-                forward.add(pair.getForward());
-            }
-            if (pair.getReverse() != null)
-            {
-                reverse.add(pair.getReverse());
-            }
-        }
-        set.addAll(forward);
-        set.addAll(reverse);
-        return set;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java
deleted file mode 100644
index d35cd712b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java
+++ /dev/null
@@ -1,101 +0,0 @@
-package org.bouncycastle.jce.provider.asymmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-
-public class EC
-{
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH");
-            put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
-            put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
-            put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
-            put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
-
-            put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC");
-            put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
-            put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
-            put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
-            put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
-            put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC");
-            // TODO Should this be an alias for ECDH?
-            put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
-
-            put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
-            put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
-            put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
-            put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
-
-            put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC");
-            put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
-            put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
-            put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
-            put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
-            put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
-            // TODO Should this be an alias for ECDH?
-            put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
-
-            put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
-            put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
-            put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
-
-            put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA");
-            put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone");
-
-            put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA");
-            put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA");
-            put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA");
-            put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA");
-            put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
-            put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
-            put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
-            put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-
-            addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
-            addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
-            addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
-            addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
-            addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-
-            put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
-            put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
-            put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
-            put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
-            put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
-
-            addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-            addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-            addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-        }
-
-        private void addSignatureAlgorithm(
-            String digest,
-            String algorithm,
-            String className,
-            DERObjectIdentifier oid)
-        {
-            String mainName = digest + "WITH" + algorithm;
-            String jdk11Variation1 = digest + "with" + algorithm;
-            String jdk11Variation2 = digest + "With" + algorithm;
-            String alias = digest + "/" + algorithm;
-
-            put("Signature." + mainName, className);
-            put("Alg.Alias.Signature." + jdk11Variation1, mainName);
-            put("Alg.Alias.Signature." + jdk11Variation2, mainName);
-            put("Alg.Alias.Signature." + alias, mainName);
-            put("Alg.Alias.Signature." + oid, mainName);
-            put("Alg.Alias.Signature.OID." + oid, mainName);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
deleted file mode 100644
index 04279cd3d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
+++ /dev/null
@@ -1,216 +0,0 @@
-package org.bouncycastle.jce.provider.asymmetric.ec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-import org.bouncycastle.asn1.x9.X962NamedCurves;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.provider.ProviderUtil;
-import org.bouncycastle.jce.provider.JCEECPublicKey;
-
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-/**
- * utility class for converting jce/jca ECDSA, ECDH, and ECDHC
- * objects into their org.bouncycastle.crypto counterparts.
- */
-public class ECUtil
-{
-    /**
-     * Returns a sorted array of middle terms of the reduction polynomial.
-     * @param k The unsorted array of middle terms of the reduction polynomial
-     * of length 1 or 3.
-     * @return the sorted array of middle terms of the reduction polynomial.
-     * This array always has length 3.
-     */
-    static int[] convertMidTerms(
-        int[] k)
-    {
-        int[] res = new int[3];
-        
-        if (k.length == 1)
-        {
-            res[0] = k[0];
-        }
-        else
-        {
-            if (k.length != 3)
-            {
-                throw new IllegalArgumentException("Only Trinomials and pentanomials supported");
-            }
-
-            if (k[0] < k[1] && k[0] < k[2])
-            {
-                res[0] = k[0];
-                if (k[1] < k[2])
-                {
-                    res[1] = k[1];
-                    res[2] = k[2];
-                }
-                else
-                {
-                    res[1] = k[2];
-                    res[2] = k[1];
-                }
-            }
-            else if (k[1] < k[2])
-            {
-                res[0] = k[1];
-                if (k[0] < k[2])
-                {
-                    res[1] = k[0];
-                    res[2] = k[2];
-                }
-                else
-                {
-                    res[1] = k[2];
-                    res[2] = k[0];
-                }
-            }
-            else
-            {
-                res[0] = k[2];
-                if (k[0] < k[1])
-                {
-                    res[1] = k[0];
-                    res[2] = k[1];
-                }
-                else
-                {
-                    res[1] = k[1];
-                    res[2] = k[0];
-                }
-            }
-        }
-
-        return res;
-    }
-
-    public static AsymmetricKeyParameter generatePublicKeyParameter(
-        PublicKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof ECPublicKey)
-        {
-            ECPublicKey    k = (ECPublicKey)key;
-            ECParameterSpec s = k.getParameters();
-
-            if (s == null)
-            {
-                s = ProviderUtil.getEcImplicitlyCa();
-
-                return new ECPublicKeyParameters(
-                            ((JCEECPublicKey)k).engineGetQ(),
-                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
-            }
-            else
-            {
-                return new ECPublicKeyParameters(
-                            k.getQ(),
-                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
-            }
-        }
-
-        throw new InvalidKeyException("cannot identify EC public key.");
-    }
-
-    public static AsymmetricKeyParameter generatePrivateKeyParameter(
-        PrivateKey    key)
-        throws InvalidKeyException
-    {
-        if (key instanceof ECPrivateKey)
-        {
-            ECPrivateKey  k = (ECPrivateKey)key;
-            ECParameterSpec s = k.getParameters();
-
-            if (s == null)
-            {
-                s = ProviderUtil.getEcImplicitlyCa();
-            }
-
-            return new ECPrivateKeyParameters(
-                            k.getD(),
-                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
-        }
-                        
-        throw new InvalidKeyException("can't identify EC private key.");
-    }
-
-    public static DERObjectIdentifier getNamedCurveOid(
-        String name)
-    {
-        DERObjectIdentifier oid = X962NamedCurves.getOID(name);
-        
-        if (oid == null)
-        {
-            oid = SECNamedCurves.getOID(name);
-            if (oid == null)
-            {
-                oid = NISTNamedCurves.getOID(name);
-            }
-            if (oid == null)
-            {
-                oid = TeleTrusTNamedCurves.getOID(name);
-            }
-            if (oid == null)
-            {
-                oid = ECGOST3410NamedCurves.getOID(name);
-            }
-        }
-
-        return oid;
-    }
-    
-    public static X9ECParameters getNamedCurveByOid(
-        DERObjectIdentifier oid)
-    {
-        X9ECParameters params = X962NamedCurves.getByOID(oid);
-        
-        if (params == null)
-        {
-            params = SECNamedCurves.getByOID(oid);
-            if (params == null)
-            {
-                params = NISTNamedCurves.getByOID(oid);
-            }
-            if (params == null)
-            {
-                params = TeleTrusTNamedCurves.getByOID(oid);
-            }
-        }
-
-        return params;
-    }
-
-    public static String getCurveName(
-        DERObjectIdentifier oid)
-    {
-        String name = X962NamedCurves.getName(oid);
-        
-        if (name == null)
-        {
-            name = SECNamedCurves.getName(oid);
-            if (name == null)
-            {
-                name = NISTNamedCurves.getName(oid);
-            }
-            if (name == null)
-            {
-                name = TeleTrusTNamedCurves.getName(oid);
-            }
-        }
-
-        return name;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
deleted file mode 100644
index b610312eb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
+++ /dev/null
@@ -1,316 +0,0 @@
-package org.bouncycastle.jce.provider.asymmetric.ec;
-
-import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Hashtable;
-
-import javax.crypto.KeyAgreementSpi;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x9.X9IntegerConverter;
-import org.bouncycastle.crypto.BasicAgreement;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DerivationFunction;
-import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.MQVPrivateParameters;
-import org.bouncycastle.crypto.params.MQVPublicParameters;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.interfaces.MQVPrivateKey;
-import org.bouncycastle.jce.interfaces.MQVPublicKey;
-
-/**
- * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
- * both the simple one, and the simple one with cofactors are supported.
- *
- * Also, MQV key agreement per SEC-1
- */
-public class KeyAgreement
-    extends KeyAgreementSpi
-{
-    private static final X9IntegerConverter converter = new X9IntegerConverter();
-    private static final Hashtable algorithms = new Hashtable();
-
-    static
-    {
-        Integer i128 = new Integer(128);
-        Integer i192 = new Integer(192);
-        Integer i256 = new Integer(256);
-
-        algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128);
-        algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192);
-        algorithms.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), i256);
-        algorithms.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), i128);
-        algorithms.put(NISTObjectIdentifiers.id_aes192_wrap.getId(), i192);
-        algorithms.put(NISTObjectIdentifiers.id_aes256_wrap.getId(), i256);
-        algorithms.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), i192);
-    }
-
-    private String                 kaAlgorithm;
-    private BigInteger             result;
-    private ECDomainParameters     parameters;
-    private BasicAgreement         agreement;
-    private DerivationFunction     kdf;
-
-    private byte[] bigIntToBytes(
-        BigInteger    r)
-    {
-        return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getX()));
-    }
-
-    protected KeyAgreement(
-        String              kaAlgorithm,
-        BasicAgreement      agreement,
-        DerivationFunction  kdf)
-    {
-        this.kaAlgorithm = kaAlgorithm;
-        this.agreement = agreement;
-        this.kdf = kdf;
-    }
-
-    protected Key engineDoPhase(
-        Key     key,
-        boolean lastPhase) 
-        throws InvalidKeyException, IllegalStateException
-    {
-        if (parameters == null)
-        {
-            throw new IllegalStateException(kaAlgorithm + " not initialised.");
-        }
-
-        if (!lastPhase)
-        {
-            throw new IllegalStateException(kaAlgorithm + " can only be between two parties.");
-        }
-
-        CipherParameters pubKey;        
-        if (agreement instanceof ECMQVBasicAgreement)
-        {
-            if (!(key instanceof MQVPublicKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(MQVPublicKey.class) + " for doPhase");
-            }
-
-            MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-            ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-                ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-            ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-                ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-
-            pubKey = new MQVPublicParameters(staticKey, ephemKey);
-
-            // TODO Validate that all the keys are using the same parameters?
-        }
-        else
-        {
-            if (!(key instanceof ECPublicKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(ECPublicKey.class) + " for doPhase");
-            }
-
-            pubKey = ECUtil.generatePublicKeyParameter((PublicKey)key);
-
-            // TODO Validate that all the keys are using the same parameters?
-        }
-
-        result = agreement.calculateAgreement(pubKey);
-
-        return null;
-    }
-
-    protected byte[] engineGenerateSecret()
-        throws IllegalStateException
-    {
-        if (kdf != null)
-        {
-            throw new UnsupportedOperationException(
-                "KDF can only be used when algorithm is known");
-        }
-
-        return bigIntToBytes(result);
-    }
-
-    protected int engineGenerateSecret(
-        byte[]  sharedSecret,
-        int     offset) 
-        throws IllegalStateException, ShortBufferException
-    {
-        byte[] secret = engineGenerateSecret();
-
-        if (sharedSecret.length - offset < secret.length)
-        {
-            throw new ShortBufferException(kaAlgorithm + " key agreement: need " + secret.length + " bytes");
-        }
-
-        System.arraycopy(secret, 0, sharedSecret, offset, secret.length);
-        
-        return secret.length;
-    }
-
-    protected SecretKey engineGenerateSecret(
-        String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        byte[] secret = bigIntToBytes(result);
-
-        if (kdf != null)
-        {
-            if (!algorithms.containsKey(algorithm))
-            {
-                throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
-            }
-            
-            int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
-
-            DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
-
-            byte[] keyBytes = new byte[keySize / 8];
-            kdf.init(params);
-            kdf.generateBytes(keyBytes, 0, keyBytes.length);
-            secret = keyBytes;
-        }
-        else
-        {
-            // TODO Should we be ensuring the key is the right length?
-        }
-
-        return new SecretKeySpec(secret, algorithm);
-    }
-
-    protected void engineInit(
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        initFromKey(key);
-    }
-
-    protected void engineInit(
-        Key             key,
-        SecureRandom    random) 
-        throws InvalidKeyException
-    {
-        initFromKey(key);
-    }
-
-    private void initFromKey(Key key)
-        throws InvalidKeyException
-    {
-        if (agreement instanceof ECMQVBasicAgreement)
-        {
-            if (!(key instanceof MQVPrivateKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(MQVPrivateKey.class) + " for initialisation");
-            }
-
-            MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-            ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-            ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-
-            ECPublicKeyParameters ephemPubKey = null;
-            if (mqvPrivKey.getEphemeralPublicKey() != null)
-            {
-                ephemPubKey = (ECPublicKeyParameters)
-                    ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-            }
-
-            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-            this.parameters = staticPrivKey.getParameters();
-
-            // TODO Validate that all the keys are using the same parameters?
-
-            agreement.init(localParams);
-        }
-        else
-        {
-            if (!(key instanceof ECPrivateKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(ECPrivateKey.class) + " for initialisation");
-            }
-
-            ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)ECUtil.generatePrivateKeyParameter((PrivateKey)key);
-            this.parameters = privKey.getParameters();
-
-            agreement.init(privKey);
-        }
-    }
-
-    private static String getSimpleName(Class clazz)
-    {
-        String fullName = clazz.getName();
-
-        return fullName.substring(fullName.lastIndexOf('.') + 1);
-    }
-
-    public static class DH
-        extends KeyAgreement
-    {
-        public DH()
-        {
-            super("ECDH", new ECDHBasicAgreement(), null);
-        }
-    }
-
-    public static class DHC
-        extends KeyAgreement
-    {
-        public DHC()
-        {
-            super("ECDHC", new ECDHCBasicAgreement(), null);
-        }
-    }
-
-    public static class MQV
-        extends KeyAgreement
-    {
-        public MQV()
-        {
-            super("ECMQV", new ECMQVBasicAgreement(), null);
-        }
-    }
-
-    public static class DHwithSHA1KDF
-        extends KeyAgreement
-    {
-        public DHwithSHA1KDF()
-        {
-            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-        }
-    }
-
-    public static class MQVwithSHA1KDF
-        extends KeyAgreement
-    {
-        public MQVwithSHA1KDF()
-        {
-            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java
deleted file mode 100644
index 571efa5d8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.bouncycastle.jce.provider.asymmetric.ec;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-
-import org.bouncycastle.jce.provider.JCEECPrivateKey;
-import org.bouncycastle.jce.provider.JCEECPublicKey;
-import org.bouncycastle.jce.provider.JDKKeyFactory;
-import org.bouncycastle.jce.spec.ECPrivateKeySpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-
-public class KeyFactory
-    extends JDKKeyFactory
-{
-    String algorithm;
-
-    KeyFactory(
-        String algorithm)
-    {
-        this.algorithm = algorithm;
-    }
-
-    protected PrivateKey engineGeneratePrivate(
-        KeySpec keySpec)
-        throws InvalidKeySpecException
-    {
-        if (keySpec instanceof PKCS8EncodedKeySpec)
-        {
-            try
-            {
-                JCEECPrivateKey key = (JCEECPrivateKey)JDKKeyFactory.createPrivateKeyFromDERStream(
-                    ((PKCS8EncodedKeySpec)keySpec).getEncoded());
-
-                return new JCEECPrivateKey(algorithm, key);
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeySpecException(e.toString());
-            }
-        }
-        else if (keySpec instanceof ECPrivateKeySpec)
-        {
-            return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec);
-        }
-
-        throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
-    }
-
-    protected PublicKey engineGeneratePublic(
-        KeySpec keySpec)
-        throws InvalidKeySpecException
-    {
-        if (keySpec instanceof X509EncodedKeySpec)
-        {
-            try
-            {
-                JCEECPublicKey key = (JCEECPublicKey)JDKKeyFactory.createPublicKeyFromDERStream(
-                    ((X509EncodedKeySpec)keySpec).getEncoded());
-
-                return new JCEECPublicKey(algorithm, key);
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeySpecException(e.toString());
-            }
-        }
-        else if (keySpec instanceof ECPublicKeySpec)
-        {
-            return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec);
-        }
-
-        throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
-    }
-
-    public static class EC
-        extends KeyFactory
-    {
-        public EC()
-        {
-            super("EC");
-        }
-    }
-
-    public static class ECDSA
-        extends KeyFactory
-    {
-        public ECDSA()
-        {
-            super("ECDSA");
-        }
-    }
-
-    public static class ECGOST3410
-        extends KeyFactory
-    {
-        public ECGOST3410()
-        {
-            super("ECGOST3410");
-        }
-    }
-
-    public static class ECDH
-        extends KeyFactory
-    {
-        public ECDH()
-        {
-            super("ECDH");
-        }
-    }
-
-    public static class ECDHC
-        extends KeyFactory
-    {
-        public ECDHC()
-        {
-            super("ECDHC");
-        }
-    }
-
-    public static class ECMQV
-        extends KeyFactory
-    {
-        public ECMQV()
-        {
-            super("ECMQV");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
deleted file mode 100644
index f9cd2bbb0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
+++ /dev/null
@@ -1,195 +0,0 @@
-package org.bouncycastle.jce.provider.asymmetric.ec;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.KeyPair;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Hashtable;
-
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
-import org.bouncycastle.crypto.params.ECDomainParameters;
-import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.provider.JCEECPrivateKey;
-import org.bouncycastle.jce.provider.JCEECPublicKey;
-import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
-import org.bouncycastle.jce.provider.ProviderUtil;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-
-public abstract class KeyPairGenerator
-    extends JDKKeyPairGenerator
-{
-    public KeyPairGenerator(String algorithmName)
-    {
-        super(algorithmName);
-    }
-
-    public static class EC
-        extends KeyPairGenerator
-    {
-        ECKeyGenerationParameters   param;
-        ECKeyPairGenerator          engine = new ECKeyPairGenerator();
-        ECParameterSpec             ecParams = null;
-        int                         strength = 239;
-        int                         certainty = 50;
-        SecureRandom                random = new SecureRandom();
-        boolean                     initialised = false;
-        String                      algorithm;
-
-        static private Hashtable    ecParameters;
-
-        static {
-            ecParameters = new Hashtable();
-
-            ecParameters.put(new Integer(192),
-                    ECNamedCurveTable.getParameterSpec("prime192v1"));
-            ecParameters.put(new Integer(239),
-                    ECNamedCurveTable.getParameterSpec("prime239v1"));
-            ecParameters.put(new Integer(256),
-                    ECNamedCurveTable.getParameterSpec("prime256v1"));
-        }
-
-        public EC()
-        {
-            super("EC");
-            this.algorithm = "EC";
-        }
-
-        public EC(
-            String  algorithm)
-        {
-            super(algorithm);
-            this.algorithm = algorithm;
-        }
-
-        public void initialize(
-            int             strength,
-            SecureRandom    random)
-        {
-            this.strength = strength;
-            this.random = random;
-            this.ecParams = (ECParameterSpec)ecParameters.get(new Integer(strength));
-
-            if (ecParams != null)
-            {
-                param = new ECKeyGenerationParameters(new ECDomainParameters(ecParams.getCurve(), ecParams.getG(), ecParams.getN()), random);
-
-                engine.init(param);
-                initialised = true;
-            }
-            else
-            {
-                throw new InvalidParameterException("unknown key size.");
-            }
-        }
-
-        public void initialize(
-            AlgorithmParameterSpec  params,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (params instanceof ECParameterSpec)
-            {
-                ECParameterSpec p = (ECParameterSpec)params;
-                this.ecParams = (ECParameterSpec)params;
-
-                param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
-
-                engine.init(param);
-                initialised = true;
-            }
-            else if (params == null && ProviderUtil.getEcImplicitlyCa() != null)
-            {
-                ECParameterSpec p = ProviderUtil.getEcImplicitlyCa();
-                this.ecParams = (ECParameterSpec)params;
-
-                param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
-
-                engine.init(param);
-                initialised = true;
-            }
-            else if (params == null && ProviderUtil.getEcImplicitlyCa() == null)
-            {
-                throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec");
-            }
-        }
-
-        public KeyPair generateKeyPair()
-        {
-            if (!initialised)
-            {
-                throw new IllegalStateException("EC Key Pair Generator not initialised");
-            }
-
-            AsymmetricCipherKeyPair     pair = engine.generateKeyPair();
-            ECPublicKeyParameters       pub = (ECPublicKeyParameters)pair.getPublic();
-            ECPrivateKeyParameters      priv = (ECPrivateKeyParameters)pair.getPrivate();
-
-            if (ecParams == null)
-            {
-               return new KeyPair(new JCEECPublicKey(algorithm, pub),
-                                   new JCEECPrivateKey(algorithm, priv));
-            }
-            else
-            {
-                ECParameterSpec p = (ECParameterSpec)ecParams;
-                JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p);
-                
-                return new KeyPair(pubKey, new JCEECPrivateKey(algorithm, priv, pubKey, p));
-            }
-        }
-    }
-
-    public static class ECDSA
-        extends EC
-    {
-        public ECDSA()
-        {
-            super("ECDSA");
-        }
-    }
-
-    public static class ECGOST3410
-        extends EC
-    {
-        public ECGOST3410()
-        {
-            super("ECGOST3410");
-        }
-    }
-
-    public static class ECDH
-        extends EC
-    {
-        public ECDH()
-        {
-            super("ECDH");
-        }
-    }
-
-    public static class ECDHC
-        extends EC
-    {
-        public ECDHC()
-        {
-            super("ECDHC");
-        }
-    }
-
-    public static class ECMQV
-        extends EC
-    {
-        public ECMQV()
-        {
-            super("ECMQV");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
deleted file mode 100644
index d6c794d65..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
+++ /dev/null
@@ -1,378 +0,0 @@
-package org.bouncycastle.jce.provider.asymmetric.ec;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.signers.ECDSASigner;
-import org.bouncycastle.crypto.signers.ECNRSigner;
-import org.bouncycastle.jce.interfaces.ECKey;
-import org.bouncycastle.jce.provider.DSABase;
-import org.bouncycastle.jce.provider.DSAEncoder;
-import org.bouncycastle.jce.provider.JDKKeyFactory;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-
-public class Signature
-    extends DSABase
-{
-    Signature(String name, Digest digest, DSA signer, DSAEncoder encoder)
-    {
-        super(name, digest, signer, encoder);
-    }
-
-    protected void engineInitVerify(PublicKey publicKey)
-        throws InvalidKeyException
-    {
-        CipherParameters param;
-
-        if (publicKey instanceof ECPublicKey)
-        {
-            param = ECUtil.generatePublicKeyParameter(publicKey);
-        }
-        else
-        {
-            try
-            {
-                byte[] bytes = publicKey.getEncoded();
-
-                publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes);
-
-                if (publicKey instanceof ECPublicKey)
-                {
-                    param = ECUtil.generatePublicKeyParameter(publicKey);
-                }
-                else
-                {
-                    throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
-                }
-            }
-            catch (Exception e)
-            {
-                throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
-            }
-        }
-
-        digest.reset();
-        signer.init(false, param);
-    }
-
-    protected void doEngineInitSign(PrivateKey privateKey, SecureRandom random)
-        throws InvalidKeyException
-    {
-        CipherParameters param;
-
-        if (privateKey instanceof ECKey)
-        {
-            param = ECUtil.generatePrivateKeyParameter(privateKey);
-        }
-        else
-        {
-            throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
-        }
-
-        digest.reset();
-
-        if (random != null)
-        {
-            signer.init(true, new ParametersWithRandom(param, random));
-        }
-        else
-        {
-            signer.init(true, param);
-        }
-    }
-
-    static public class ecDSA
-        extends Signature
-    {
-        public ecDSA()
-        {
-            super("ECDSA", new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSAnone
-        extends Signature
-    {
-        public ecDSAnone()
-        {
-            super("NONEwithECDSA", new NullDigest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSA224
-        extends Signature
-    {
-        public ecDSA224()
-        {
-            super("ECDSAwithSHA224", new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSA256
-        extends Signature
-    {
-        public ecDSA256()
-        {
-            super("ECDSAwithSHA256", new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSA384
-        extends Signature
-    {
-        public ecDSA384()
-        {
-            super("ECDSAwithSHA384", new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSA512
-        extends Signature
-    {
-        public ecDSA512()
-        {
-            super("ECDSAwithSHA512", new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSARipeMD160
-        extends Signature
-    {
-        public ecDSARipeMD160()
-        {
-            super("ECDSAwithRIPEMD160", new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR
-        extends Signature
-    {
-        public ecNR()
-        {
-            super("ECNR", new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR224
-        extends Signature
-    {
-        public ecNR224()
-        {
-            super("ECNRwithSHA224", new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR256
-        extends Signature
-    {
-        public ecNR256()
-        {
-            super("ECNRwithSHA256", new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR384
-        extends Signature
-    {
-        public ecNR384()
-        {
-            super("ECNRwithSHA384", new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR512
-        extends Signature
-    {
-        public ecNR512()
-        {
-            super("ECNRwithSHA512", new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA
-        extends Signature
-    {
-        public ecCVCDSA()
-        {
-            super("CVC-ECDSA", new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA224
-        extends Signature
-    {
-        public ecCVCDSA224()
-        {
-            super("CVC-ECDSAwithSHA224", new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA256
-        extends Signature
-    {
-        public ecCVCDSA256()
-        {
-            super("CVC-ECDSAwithSHA256", new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    private static class StdDSAEncoder
-        implements DSAEncoder
-    {
-        public byte[] encode(
-            BigInteger r,
-            BigInteger s)
-            throws IOException
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            DEROutputStream dOut = new DEROutputStream(bOut);
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            v.add(new DERInteger(r));
-            v.add(new DERInteger(s));
-
-            dOut.writeObject(new DERSequence(v));
-
-            return bOut.toByteArray();
-        }
-
-        public BigInteger[] decode(
-            byte[] encoding)
-            throws IOException
-        {
-            ASN1InputStream aIn = new ASN1InputStream(encoding);
-            ASN1Sequence s = (ASN1Sequence)aIn.readObject();
-
-            BigInteger[] sig = new BigInteger[2];
-
-            sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
-            sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
-
-            return sig;
-        }
-    }
-
-    private static class CVCDSAEncoder
-        implements DSAEncoder
-    {
-        public byte[] encode(
-            BigInteger r,
-            BigInteger s)
-            throws IOException
-        {
-            byte[] first = makeUnsigned(r);
-            byte[] second = makeUnsigned(s);
-            byte[] res;
-
-            if (first.length > second.length)
-            {
-                res = new byte[first.length * 2];
-            }
-            else
-            {
-                res = new byte[second.length * 2];
-            }
-
-            System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
-            System.arraycopy(second, 0, res, res.length - second.length, second.length);
-
-            return res;
-        }
-
-
-        private byte[] makeUnsigned(BigInteger val)
-        {
-            byte[] res = val.toByteArray();
-
-            if (res[0] == 0)
-            {
-                byte[] tmp = new byte[res.length - 1];
-
-                System.arraycopy(res, 1, tmp, 0, tmp.length);
-
-                return tmp;
-            }
-
-            return res;
-        }
-
-        public BigInteger[] decode(
-            byte[] encoding)
-            throws IOException
-        {
-            BigInteger[] sig = new BigInteger[2];
-
-            byte[] first = new byte[encoding.length / 2];
-            byte[] second = new byte[encoding.length / 2];
-
-            System.arraycopy(encoding, 0, first, 0, first.length);
-            System.arraycopy(encoding, first.length, second, 0, second.length);
-
-            sig[0] = new BigInteger(1, first);
-            sig[1] = new BigInteger(1, second);
-
-            return sig;
-        }
-    }
-
-    private static class NullDigest
-        implements Digest
-    {
-        private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-        public String getAlgorithmName()
-        {
-            return "NULL";
-        }
-
-        public int getDigestSize()
-        {
-            return bOut.size();
-        }
-
-        public void update(byte in)
-        {
-            bOut.write(in);
-        }
-
-        public void update(byte[] in, int inOff, int len)
-        {
-            bOut.write(in, inOff, len);
-        }
-
-        public int doFinal(byte[] out, int outOff)
-        {
-            byte[] res = bOut.toByteArray();
-
-            System.arraycopy(res, 0, out, outOff, res.length);
-
-            return res.length;
-        }
-
-        public void reset()
-        {
-            bOut.reset();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
deleted file mode 100644
index b636a69c7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
+++ /dev/null
@@ -1,262 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.AESWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEMac;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-import org.bouncycastle.jce.provider.WrapCipherSpi;
-
-public final class AES
-{
-    private AES()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new AESFastEngine());
-        }
-    }
-
-    public static class CBC
-       extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new AESFastEngine()), 128);
-        }
-    }
-
-    static public class CFB
-        extends JCEBlockCipher
-    {
-        public CFB()
-        {
-            super(new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 128)), 128);
-        }
-    }
-
-    static public class OFB
-        extends JCEBlockCipher
-    {
-        public OFB()
-        {
-            super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
-        }
-    }
-
-    public static class AESCMAC
-        extends JCEMac
-    {
-        public AESCMAC()
-        {
-            super(new CMac(new AESFastEngine()));
-        }
-    }
-
-    static public class Wrap
-        extends WrapCipherSpi
-    {
-        public Wrap()
-        {
-            super(new AESWrapEngine());
-        }
-    }
-
-    public static class RFC3211Wrap
-        extends WrapCipherSpi
-    {
-        public RFC3211Wrap()
-        {
-            super(new RFC3211WrapEngine(new AESFastEngine()), 16);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            this(192);
-        }
-
-        public KeyGen(int keySize)
-        {
-            super("AES", keySize, new CipherKeyGenerator());
-        }
-    }
-
-    public static class KeyGen128
-        extends KeyGen
-    {
-        public KeyGen128()
-        {
-            super(128);
-        }
-    }
-
-    public static class KeyGen192
-        extends KeyGen
-    {
-        public KeyGen192()
-        {
-            super(192);
-        }
-    }
-
-    public static class KeyGen256
-        extends KeyGen
-    {
-        public KeyGen256()
-        {
-            super(256);
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "AES IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        /**
-         * These three got introduced in some messages as a result of a typo in an
-         * early document. We don't produce anything using these OID values, but we'll
-         * read them.
-         */
-        private static final String wrongAES128 = "2.16.840.1.101.3.4.2";
-        private static final String wrongAES192 = "2.16.840.1.101.3.4.22";
-        private static final String wrongAES256 = "2.16.840.1.101.3.4.42";
-
-        public Mappings()
-        {
-            put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParams");
-            put("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES");
-            put("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES");
-            put("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES");
-            put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-            put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-            put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-
-            put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
-            put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-            put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-            put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-            put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-            put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-            put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-
-            put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-            put("Alg.Alias.Cipher." + wrongAES128, "AES");
-            put("Alg.Alias.Cipher." + wrongAES192, "AES");
-            put("Alg.Alias.Cipher." + wrongAES256, "AES");
-            put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
-            put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
-            put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
-            put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-            put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-            put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
-            put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
-            put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
-            put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
-            put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
-
-            put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-            put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-            put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-            put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-            put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-
-            put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java
deleted file mode 100644
index 5a8a5c0de..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.RC4Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class ARC4
-{
-    private ARC4()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new RC4Engine(), 0);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("RC4", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$Base");
-            put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
-            put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
-            put("Alg.Alias.Cipher.RC4", "ARC4");
-            put("KeyGenerator.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$KeyGen");
-            put("Alg.Alias.KeyGenerator.RC4", "ARC4");
-            put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java
deleted file mode 100644
index 4a1260b66..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class Blowfish
-{
-    private Blowfish()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new BlowfishEngine());
-        }
-    }
-
-    public static class CBC
-        extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new BlowfishEngine()), 64);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Blowfish", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Blowfish IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB");
-            put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
-            put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen");
-            put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-            put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
-            put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST5.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST5.java
deleted file mode 100644
index e0cc48e22..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST5.java
+++ /dev/null
@@ -1,212 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.misc.CAST5CBCParameters;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.CAST5Engine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class CAST5
-{
-    private CAST5()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new CAST5Engine());
-        }
-    }
-
-    public static class CBC
-       extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new CAST5Engine()), 64);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("CAST5", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec  genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for CAST5 parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("CAST5", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters
-    {
-        private byte[]  iv;
-        private int     keyLength = 128;
-
-        protected byte[] engineGetEncoded()
-        {
-            byte[]  tmp = new byte[iv.length];
-
-            System.arraycopy(iv, 0, tmp, 0, iv.length);
-            return tmp;
-        }
-
-        protected byte[] engineGetEncoded(
-            String format)
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                return new CAST5CBCParameters(engineGetEncoded(), keyLength).getEncoded();
-            }
-
-            if (format.equals("RAW"))
-            {
-                return engineGetEncoded();
-            }
-
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to CAST5 parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec instanceof IvParameterSpec)
-            {
-                this.iv = ((IvParameterSpec)paramSpec).getIV();
-            }
-            else
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec required to initialise a CAST5 parameters algorithm parameters object");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params)
-            throws IOException
-        {
-            this.iv = new byte[params.length];
-
-            System.arraycopy(params, 0, iv, 0, iv.length);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format)
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                ASN1InputStream aIn = new ASN1InputStream(params);
-                CAST5CBCParameters      p = CAST5CBCParameters.getInstance(aIn.readObject());
-
-                keyLength = p.getKeyLength();
-
-                iv = p.getIV();
-
-                return;
-            }
-
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString()
-        {
-            return "CAST5 Parameters";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("AlgorithmParameters.CAST5", "org.bouncycastle.jce.provider.symmetric.CAST5$AlgParams");
-            put("Alg.Alias.AlgorithmParameters.1.2.840.113533.7.66.10", "CAST5");
-
-            put("AlgorithmParameterGenerator.CAST5", "org.bouncycastle.jce.provider.symmetric.CAST5$AlgParamGen");
-            put("Alg.Alias.AlgorithmParameterGenerator.1.2.840.113533.7.66.10", "CAST5");
-
-            put("Cipher.CAST5", "org.bouncycastle.jce.provider.symmetric.CAST5$ECB");
-            put("Cipher.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.symmetric.CAST5$CBC");
-
-            put("KeyGenerator.CAST5", "org.bouncycastle.jce.provider.symmetric.CAST5$KeyGen");
-            put("Alg.Alias.KeyGenerator.1.2.840.113533.7.66.10", "CAST5");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST6.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST6.java
deleted file mode 100644
index 13a5a8f5a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/CAST6.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.CAST6Engine;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-
-public final class CAST6
-{
-    private CAST6()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new CAST6Engine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("CAST6", 256, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.CAST6", "org.bouncycastle.jce.provider.symmetric.CAST6$ECB");
-            put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.symmetric.CAST6$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Camellia.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Camellia.java
deleted file mode 100644
index d8bc519e1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Camellia.java
+++ /dev/null
@@ -1,189 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.CamelliaEngine;
-import org.bouncycastle.crypto.engines.CamelliaWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-import org.bouncycastle.jce.provider.WrapCipherSpi;
-
-public final class Camellia
-{
-    private Camellia()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new CamelliaEngine());
-        }
-    }
-
-    public static class CBC
-       extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new CamelliaEngine()), 128);
-        }
-    }
-
-    public static class Wrap
-        extends WrapCipherSpi
-    {
-        public Wrap()
-        {
-            super(new CamelliaWrapEngine());
-        }
-    }
-
-    public static class RFC3211Wrap
-        extends WrapCipherSpi
-    {
-        public RFC3211Wrap()
-        {
-            super(new RFC3211WrapEngine(new CamelliaEngine()), 16);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            this(256);
-        }
-
-        public KeyGen(int keySize)
-        {
-            super("Camellia", keySize, new CipherKeyGenerator());
-        }
-    }
-
-    public static class KeyGen128
-        extends KeyGen
-    {
-        public KeyGen128()
-        {
-            super(128);
-        }
-    }
-
-    public static class KeyGen192
-        extends KeyGen
-    {
-        public KeyGen192()
-        {
-            super(192);
-        }
-    }
-
-    public static class KeyGen256
-        extends KeyGen
-    {
-        public KeyGen256()
-        {
-            super(256);
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for Camellia parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[] iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("Camellia", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Camellia IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("AlgorithmParameters.CAMELLIA", "org.bouncycastle.jce.provider.symmetric.Camellia$AlgParams");
-            put("Alg.Alias.AlgorithmParameters." + NTTObjectIdentifiers.id_camellia128_cbc, "CAMELLIA");
-            put("Alg.Alias.AlgorithmParameters." + NTTObjectIdentifiers.id_camellia192_cbc, "CAMELLIA");
-            put("Alg.Alias.AlgorithmParameters." + NTTObjectIdentifiers.id_camellia256_cbc, "CAMELLIA");
-
-            put("AlgorithmParameterGenerator.CAMELLIA", "org.bouncycastle.jce.provider.symmetric.Camellia$AlgParamGen");
-            put("Alg.Alias.AlgorithmParameterGenerator." + NTTObjectIdentifiers.id_camellia128_cbc, "CAMELLIA");
-            put("Alg.Alias.AlgorithmParameterGenerator." + NTTObjectIdentifiers.id_camellia192_cbc, "CAMELLIA");
-            put("Alg.Alias.AlgorithmParameterGenerator." + NTTObjectIdentifiers.id_camellia256_cbc, "CAMELLIA");
-
-            put("Cipher.CAMELLIA", "org.bouncycastle.jce.provider.symmetric.Camellia$ECB");
-            put("Cipher." + NTTObjectIdentifiers.id_camellia128_cbc, "org.bouncycastle.jce.provider.symmetric.Camellia$CBC");
-            put("Cipher." + NTTObjectIdentifiers.id_camellia192_cbc, "org.bouncycastle.jce.provider.symmetric.Camellia$CBC");
-            put("Cipher." + NTTObjectIdentifiers.id_camellia256_cbc, "org.bouncycastle.jce.provider.symmetric.Camellia$CBC");
-
-            put("Cipher.CAMELLIARFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.Camellia$RFC3211Wrap");
-            put("Cipher.CAMELLIAWRAP", "org.bouncycastle.jce.provider.symmetric.Camellia$Wrap");
-            put("Alg.Alias.Cipher." + NTTObjectIdentifiers.id_camellia128_wrap, "CAMELLIAWRAP");
-            put("Alg.Alias.Cipher." + NTTObjectIdentifiers.id_camellia192_wrap, "CAMELLIAWRAP");
-            put("Alg.Alias.Cipher." + NTTObjectIdentifiers.id_camellia256_wrap, "CAMELLIAWRAP");
-
-            put("KeyGenerator.CAMELLIA", "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen");
-            put("KeyGenerator." + NTTObjectIdentifiers.id_camellia128_wrap, "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen128");
-            put("KeyGenerator." + NTTObjectIdentifiers.id_camellia192_wrap, "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen192");
-            put("KeyGenerator." + NTTObjectIdentifiers.id_camellia256_wrap, "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen256");
-            put("KeyGenerator." + NTTObjectIdentifiers.id_camellia128_cbc, "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen128");
-            put("KeyGenerator." + NTTObjectIdentifiers.id_camellia192_cbc, "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen192");
-            put("KeyGenerator." + NTTObjectIdentifiers.id_camellia256_cbc, "org.bouncycastle.jce.provider.symmetric.Camellia$KeyGen256");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java
deleted file mode 100644
index d7fbab026..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java
+++ /dev/null
@@ -1,293 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.SecureRandom;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.util.HashMap;
-
-import javax.crypto.SecretKey;
-import javax.crypto.spec.DESedeKeySpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEMac;
-import org.bouncycastle.jce.provider.JCESecretKeyFactory;
-import org.bouncycastle.jce.provider.WrapCipherSpi;
-
-public final class DESede
-{
-    private DESede()
-    {
-    }
-
-    static public class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new DESedeEngine());
-        }
-    }
-
-    static public class CBC
-        extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new DESedeEngine()), 64);
-        }
-    }
-
-    /**
-     * DESede   CFB8
-     */
-    public static class DESedeCFB8
-        extends JCEMac
-    {
-        public DESedeCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESedeEngine()));
-        }
-    }
-
-    /**
-     * DESede64
-     */
-    public static class DESede64
-        extends JCEMac
-    {
-        public DESede64()
-        {
-            super(new CBCBlockCipherMac(new DESedeEngine(), 64));
-        }
-    }
-
-    /**
-     * DESede64with7816-4Padding
-     */
-    public static class DESede64with7816d4
-        extends JCEMac
-    {
-        public DESede64with7816d4()
-        {
-            super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
-        }
-    }
-    
-    public static class CBCMAC
-        extends JCEMac
-    {
-        public CBCMAC()
-        {
-            super(new CBCBlockCipherMac(new DESedeEngine()));
-        }
-    }
-
-    static public class CMAC
-        extends JCEMac
-    {
-        public CMAC()
-        {
-            super(new CMac(new DESedeEngine()));
-        }
-    }
-
-    public static class Wrap
-        extends WrapCipherSpi
-    {
-        public Wrap()
-        {
-            super(new DESedeWrapEngine());
-        }
-    }
-
-    public static class RFC3211
-        extends WrapCipherSpi
-    {
-        public RFC3211()
-        {
-            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-        }
-    }
-
-  /**
-     * DESede - the default for this is to generate a key in
-     * a-b-a format that's 24 bytes long but has 16 bytes of
-     * key material (the first 8 bytes is repeated as the last
-     * 8 bytes). If you give it a size, you'll get just what you
-     * asked for.
-     */
-    public static class KeyGenerator
-        extends JCEKeyGenerator
-    {
-        private boolean     keySizeSet = false;
-
-        public KeyGenerator()
-        {
-            super("DESede", 192, new DESedeKeyGenerator());
-        }
-
-        protected void engineInit(
-            int             keySize,
-            SecureRandom random)
-        {
-            super.engineInit(keySize, random);
-            keySizeSet = true;
-        }
-
-        protected SecretKey engineGenerateKey()
-        {
-            if (uninitialised)
-            {
-                engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
-                uninitialised = false;
-            }
-
-            //
-            // if no key size has been defined generate a 24 byte key in
-            // the a-b-a format
-            //
-            if (!keySizeSet)
-            {
-                byte[]     k = engine.generateKey();
-
-                System.arraycopy(k, 0, k, 16, 8);
-
-                return new SecretKeySpec(k, algName);
-            }
-            else
-            {
-                return new SecretKeySpec(engine.generateKey(), algName);
-            }
-        }
-    }
-
-    /**
-     * generate a desEDE key in the a-b-c format.
-     */
-    public static class KeyGenerator3
-        extends JCEKeyGenerator
-    {
-        public KeyGenerator3()
-        {
-            super("DESede3", 192, new DESedeKeyGenerator());
-        }
-    }
-
-    static public class KeyFactory
-        extends JCESecretKeyFactory
-    {
-        public KeyFactory()
-        {
-            super("DESede", null);
-        }
-
-        protected KeySpec engineGetKeySpec(
-            SecretKey key,
-            Class keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec == null)
-            {
-                throw new InvalidKeySpecException("keySpec parameter is null");
-            }
-            if (key == null)
-            {
-                throw new InvalidKeySpecException("key parameter is null");
-            }
-
-            if (SecretKeySpec.class.isAssignableFrom(keySpec))
-            {
-                return new SecretKeySpec(key.getEncoded(), algName);
-            }
-            else if (DESedeKeySpec.class.isAssignableFrom(keySpec))
-            {
-                byte[]  bytes = key.getEncoded();
-
-                try
-                {
-                    if (bytes.length == 16)
-                    {
-                        byte[]  longKey = new byte[24];
-
-                        System.arraycopy(bytes, 0, longKey, 0, 16);
-                        System.arraycopy(bytes, 0, longKey, 16, 8);
-
-                        return new DESedeKeySpec(longKey);
-                    }
-                    else
-                    {
-                        return new DESedeKeySpec(bytes);
-                    }
-                }
-                catch (Exception e)
-                {
-                    throw new InvalidKeySpecException(e.toString());
-                }
-            }
-
-            throw new InvalidKeySpecException("Invalid KeySpec");
-        }
-
-        protected SecretKey engineGenerateSecret(
-            KeySpec keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DESedeKeySpec)
-            {
-                DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec;
-                return new SecretKeySpec(desKeySpec.getKey(), "DESede");
-            }
-
-            return super.engineGenerateSecret(keySpec);
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB");
-            put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
-            put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
-            put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
-            put("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
-            put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
-
-            put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
-            put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
-            put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
-
-            put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory");
-
-            put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
-            put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
-            put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-
-            put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
-            put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-
-            put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
-            put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-
-            put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
-            put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grain128.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grain128.java
deleted file mode 100644
index 729f5dcd7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grain128.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.Grain128Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class Grain128
-{
-    private Grain128()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new Grain128Engine(), 12);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Grain128", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.Grain128", "org.bouncycastle.jce.provider.symmetric.Grain128$Base");
-            put("KeyGenerator.Grain128", "org.bouncycastle.jce.provider.symmetric.Grain128$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grainv1.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grainv1.java
deleted file mode 100644
index d521825ff..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Grainv1.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.Grainv1Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class Grainv1
-{
-    private Grainv1()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new Grainv1Engine(), 8);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Grainv1", 80, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.Grainv1", "org.bouncycastle.jce.provider.symmetric.Grainv1$Base");
-            put("KeyGenerator.Grainv1", "org.bouncycastle.jce.provider.symmetric.Grainv1$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC128.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC128.java
deleted file mode 100644
index fc6dc188b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC128.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.HC128Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class HC128
-{
-    private HC128()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new HC128Engine(), 16);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("HC128", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.HC128", "org.bouncycastle.jce.provider.symmetric.HC128$Base");
-            put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.symmetric.HC128$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC256.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC256.java
deleted file mode 100644
index c75999d3b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/HC256.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.HC256Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class HC256
-{
-    private HC256()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new HC256Engine(), 32);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("HC256", 256, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.HC256", "org.bouncycastle.jce.provider.symmetric.HC256$Base");
-            put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.symmetric.HC256$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/IDEA.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/IDEA.java
deleted file mode 100644
index 3d9dfed54..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/IDEA.java
+++ /dev/null
@@ -1,252 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.misc.IDEACBCPar;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.IDEAEngine;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEMac;
-import org.bouncycastle.jce.provider.JCESecretKeyFactory;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class IDEA
-{
-    private IDEA()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new IDEAEngine());
-        }
-    }
-
-    public static class CBC
-       extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new IDEAEngine()), 64);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("IDEA", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class PBEWithSHAAndIDEAKeyGen
-       extends JCESecretKeyFactory.PBEKeyFactory
-    {
-       public PBEWithSHAAndIDEAKeyGen()
-       {
-           super("PBEwithSHAandIDEA-CBC", null, true, PKCS12, SHA1, 128, 64);
-       }
-    }
-
-    static public class PBEWithSHAAndIDEA
-        extends JCEBlockCipher
-    {
-        public PBEWithSHAAndIDEA()
-        {
-            super(new CBCBlockCipher(new IDEAEngine()));
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for IDEA parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[] iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("IDEA", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters
-    {
-        private byte[]  iv;
-
-        protected byte[] engineGetEncoded()
-            throws IOException
-        {
-            return engineGetEncoded("ASN.1");
-        }
-
-        protected byte[] engineGetEncoded(
-            String format)
-            throws IOException
-        {
-            if (isASN1FormatString(format))
-            {
-                return new IDEACBCPar(engineGetEncoded("RAW")).getEncoded();
-            }
-
-            if (format.equals("RAW"))
-            {
-                byte[]  tmp = new byte[iv.length];
-
-                System.arraycopy(iv, 0, tmp, 0, iv.length);
-                return tmp;
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof IvParameterSpec))
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object");
-            }
-
-            this.iv = ((IvParameterSpec)paramSpec).getIV();
-        }
-
-        protected void engineInit(
-            byte[] params)
-            throws IOException
-        {
-            this.iv = new byte[params.length];
-
-            System.arraycopy(params, 0, iv, 0, iv.length);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format)
-            throws IOException
-        {
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-            if (format.equals("ASN.1"))
-            {
-                ASN1InputStream aIn = new ASN1InputStream(params);
-                IDEACBCPar      oct = new IDEACBCPar((ASN1Sequence)aIn.readObject());
-
-                engineInit(oct.getIV());
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString()
-        {
-            return "IDEA Parameters";
-        }
-    }
-    
-    public static class Mac
-        extends JCEMac
-    {
-        public Mac()
-        {
-            super(new CBCBlockCipherMac(new IDEAEngine()));
-        }
-    }
-
-    public static class CFB8Mac
-        extends JCEMac
-    {
-        public CFB8Mac()
-        {
-            super(new CFBBlockCipherMac(new IDEAEngine()));
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("AlgorithmParameterGenerator.IDEA", "org.bouncycastle.jce.provider.symmetric.IDEA$AlgParamGen");
-            put("AlgorithmParameterGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.symmetric.IDEA$AlgParamGen");
-            put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.symmetric.IDEA$AlgParams");
-            put("AlgorithmParameters.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.symmetric.IDEA$AlgParams");
-            put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA", "PKCS12PBE");
-            put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA", "PKCS12PBE");
-            put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA-CBC", "PKCS12PBE");
-            put("Cipher.IDEA", "org.bouncycastle.jce.provider.symmetric.IDEA$ECB");
-            put("Cipher.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.symmetric.IDEA$CBC");
-            put("Cipher.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.symmetric.IDEA$PBEWithSHAAndIDEA");
-            put("KeyGenerator.IDEA", "org.bouncycastle.jce.provider.symmetric.IDEA$KeyGen");
-            put("KeyGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.symmetric.IDEA$KeyGen");
-            put("SecretKeyFactory.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.symmetric.IDEA$PBEWithSHAAndIDEAKeyGen");
-            put("Mac.IDEAMAC", "org.bouncycastle.jce.provider.symmetric.IDEA$Mac");
-            put("Alg.Alias.Mac.IDEA", "IDEAMAC");
-            put("Mac.IDEAMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.IDEA$CFB8Mac");
-            put("Alg.Alias.Mac.IDEA/CFB8", "IDEAMAC/CFB8");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Noekeon.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Noekeon.java
deleted file mode 100644
index 870c5e171..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Noekeon.java
+++ /dev/null
@@ -1,104 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.NoekeonEngine;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class Noekeon
-{
-    private Noekeon()
-    {
-    }
-
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new NoekeonEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Noekeon", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for Noekeon parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[] iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("Noekeon", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Noekeon IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("AlgorithmParameters.NOEKEON", "org.bouncycastle.jce.provider.symmetric.Noekeon$AlgParams");
-
-            put("AlgorithmParameterGenerator.NOEKEON", "org.bouncycastle.jce.provider.symmetric.Noekeon$AlgParamGen");
-
-            put("Cipher.NOEKEON", "org.bouncycastle.jce.provider.symmetric.Noekeon$ECB");
-
-            put("KeyGenerator.NOEKEON", "org.bouncycastle.jce.provider.symmetric.Noekeon$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC5.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC5.java
deleted file mode 100644
index 3299a0bee..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC5.java
+++ /dev/null
@@ -1,168 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.RC532Engine;
-import org.bouncycastle.crypto.engines.RC564Engine;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEMac;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class RC5
-{
-    private RC5()
-    {
-    }
-
-    /**
-     * RC5
-     */
-    public static class ECB32
-        extends JCEBlockCipher
-    {
-        public ECB32()
-        {
-            super(new RC532Engine());
-        }
-    }
-
-    /**
-     * RC564
-     */
-    public static class ECB64
-        extends JCEBlockCipher
-    {
-        public ECB64()
-        {
-            super(new RC564Engine());
-        }
-    }
-
-    public static class CBC32
-       extends JCEBlockCipher
-    {
-        public CBC32()
-        {
-            super(new CBCBlockCipher(new RC532Engine()), 64);
-        }
-    }
-
-    public static class KeyGen32
-        extends JCEKeyGenerator
-    {
-        public KeyGen32()
-        {
-            super("RC5", 128, new CipherKeyGenerator());
-        }
-    }
-
-    /**
-     * RC5
-     */
-    public static class KeyGen64
-        extends JCEKeyGenerator
-    {
-        public KeyGen64()
-        {
-            super("RC5-64", 256, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC5 parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[] iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("RC5", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class Mac32
-        extends JCEMac
-    {
-        public Mac32()
-        {
-            super(new CBCBlockCipherMac(new RC532Engine()));
-        }
-    }
-
-    public static class CFB8Mac32
-        extends JCEMac
-    {
-        public CFB8Mac32()
-        {
-            super(new CFBBlockCipherMac(new RC532Engine()));
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "RC5 IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.RC5", "org.bouncycastle.jce.provider.symmetric.RC5$ECB32");
-            put("Alg.Alias.Cipher.RC5-32", "RC5");
-            put("Cipher.RC5-64", "org.bouncycastle.jce.provider.symmetric.RC5$ECB64");
-            put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.symmetric.RC5$KeyGen32");
-            put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
-            put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.symmetric.RC5$KeyGen64");
-            put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.symmetric.RC5$AlgParams");
-            put("AlgorithmParameters.RC5-64", "org.bouncycastle.jce.provider.symmetric.RC5$AlgParams");
-            put("Mac.RC5MAC", "org.bouncycastle.jce.provider.symmetric.RC5$Mac32");
-            put("Alg.Alias.Mac.RC5", "RC5MAC");
-            put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.symmetric.RC5$CFB8Mac32");
-            put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC6.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC6.java
deleted file mode 100644
index 743faa2f0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/RC6.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.RC6Engine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class RC6
-{
-    private RC6()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new RC6Engine());
-        }
-    }
-
-    public static class CBC
-       extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new RC6Engine()), 128);
-        }
-    }
-
-    static public class CFB
-        extends JCEBlockCipher
-    {
-        public CFB()
-        {
-            super(new BufferedBlockCipher(new CFBBlockCipher(new RC6Engine(), 128)), 128);
-        }
-    }
-
-    static public class OFB
-        extends JCEBlockCipher
-    {
-        public OFB()
-        {
-            super(new BufferedBlockCipher(new OFBBlockCipher(new RC6Engine(), 128)), 128);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("RC6", 256, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC6 parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("RC6", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "RC6 IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.RC6", "org.bouncycastle.jce.provider.symmetric.RC6$ECB");
-            put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.symmetric.RC6$KeyGen");
-            put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.symmetric.RC6$AlgParams");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Rijndael.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Rijndael.java
deleted file mode 100644
index 92624a19f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Rijndael.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.RijndaelEngine;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class Rijndael
-{
-    private Rijndael()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new RijndaelEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Rijndael", 192, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Rijndael IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.symmetric.Rijndael$ECB");
-            put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.symmetric.Rijndael$KeyGen");
-            put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.symmetric.Rijndael$AlgParams");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/SEED.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/SEED.java
deleted file mode 100644
index e714a865c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/SEED.java
+++ /dev/null
@@ -1,134 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.SEEDEngine;
-import org.bouncycastle.crypto.engines.SEEDWrapEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-import org.bouncycastle.jce.provider.WrapCipherSpi;
-
-public final class SEED
-{
-    private SEED()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new SEEDEngine());
-        }
-    }
-
-    public static class CBC
-       extends JCEBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new SEEDEngine()), 128);
-        }
-    }
-
-    public static class Wrap
-        extends WrapCipherSpi
-    {
-        public Wrap()
-        {
-            super(new SEEDWrapEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("SEED", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParamGen
-        extends JDKAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for SEED parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[] iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("SEED", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "SEED IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("AlgorithmParameters.SEED", "org.bouncycastle.jce.provider.symmetric.SEED$AlgParams");
-            put("Alg.Alias.AlgorithmParameters." + KISAObjectIdentifiers.id_seedCBC, "SEED");
-
-            put("AlgorithmParameterGenerator.SEED", "org.bouncycastle.jce.provider.symmetric.SEED$AlgParamGen");
-            put("Alg.Alias.AlgorithmParameterGenerator." + KISAObjectIdentifiers.id_seedCBC, "SEED");
-
-            put("Cipher.SEED", "org.bouncycastle.jce.provider.symmetric.SEED$ECB");
-            put("Cipher." + KISAObjectIdentifiers.id_seedCBC, "org.bouncycastle.jce.provider.symmetric.SEED$CBC");
-
-            put("Cipher.SEEDWRAP", "org.bouncycastle.jce.provider.symmetric.SEED$Wrap");
-            put("Alg.Alias.Cipher." + KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "SEEDWRAP");
-
-            put("KeyGenerator.SEED", "org.bouncycastle.jce.provider.symmetric.SEED$KeyGen");
-            put("KeyGenerator." + KISAObjectIdentifiers.id_seedCBC, "org.bouncycastle.jce.provider.symmetric.SEED$KeyGen");
-            put("KeyGenerator." + KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "org.bouncycastle.jce.provider.symmetric.SEED$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Salsa20.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Salsa20.java
deleted file mode 100644
index 58e6b7320..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Salsa20.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.Salsa20Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class Salsa20
-{
-    private Salsa20()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new Salsa20Engine(), 8);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Salsa20", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.SALSA20", "org.bouncycastle.jce.provider.symmetric.Salsa20$Base");
-            put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.symmetric.Salsa20$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Serpent.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Serpent.java
deleted file mode 100644
index 516cc49e7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Serpent.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.SerpentEngine;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class Serpent
-{
-    private Serpent()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new SerpentEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Serpent", 192, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Serpent IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.Serpent", "org.bouncycastle.jce.provider.symmetric.Serpent$ECB");
-            put("KeyGenerator.Serpent", "org.bouncycastle.jce.provider.symmetric.Serpent$KeyGen");
-            put("AlgorithmParameters.Serpent", "org.bouncycastle.jce.provider.symmetric.Serpent$AlgParams");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Skipjack.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Skipjack.java
deleted file mode 100644
index 5b1e8b1d7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Skipjack.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.SkipjackEngine;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEMac;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class Skipjack
-{
-    private Skipjack()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new SkipjackEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Skipjack", 80, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Skipjack IV";
-        }
-    }
-
-    public static class Mac
-        extends JCEMac
-    {
-        public Mac()
-        {
-            super(new CBCBlockCipherMac(new SkipjackEngine()));
-        }
-    }
-
-    public static class MacCFB8
-        extends JCEMac
-    {
-        public MacCFB8()
-        {
-            super(new CFBBlockCipherMac(new SkipjackEngine()));
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.symmetric.Skipjack$ECB");
-            put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.symmetric.Skipjack$KeyGen");
-            put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.symmetric.Skipjack$AlgParams");
-            put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.symmetric.Skipjack$Mac");
-            put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
-            put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.Skipjack$MacCFB8");
-            put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/TEA.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/TEA.java
deleted file mode 100644
index 6ab878290..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/TEA.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.TEAEngine;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class TEA
-{
-    private TEA()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new TEAEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("TEA", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "TEA IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.TEA", "org.bouncycastle.jce.provider.symmetric.TEA$ECB");
-            put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.symmetric.TEA$KeyGen");
-            put("AlgorithmParameters.TEA", "org.bouncycastle.jce.provider.symmetric.TEA$AlgParams");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Twofish.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Twofish.java
deleted file mode 100644
index abbab6f37..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/Twofish.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.TwofishEngine;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class Twofish
-{
-    private Twofish()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new TwofishEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Twofish", 256, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Twofish IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.Twofish", "org.bouncycastle.jce.provider.symmetric.Twofish$ECB");
-            put("KeyGenerator.Twofish", "org.bouncycastle.jce.provider.symmetric.Twofish$KeyGen");
-            put("AlgorithmParameters.Twofish", "org.bouncycastle.jce.provider.symmetric.Twofish$AlgParams");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPC.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPC.java
deleted file mode 100644
index 7975c6e1a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPC.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.VMPCEngine;
-import org.bouncycastle.crypto.macs.VMPCMac;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEMac;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class VMPC
-{
-    private VMPC()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new VMPCEngine(), 16);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("VMPC", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mac
-        extends JCEMac
-    {
-        public Mac()
-        {
-            super(new VMPCMac());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.VMPC", "org.bouncycastle.jce.provider.symmetric.VMPC$Base");
-            put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.symmetric.VMPC$KeyGen");
-            put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.symmetric.VMPC$Mac");
-            put("Alg.Alias.Mac.VMPC", "VMPCMAC");
-            put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java
deleted file mode 100644
index 6268cd4e7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JCEStreamCipher;
-
-public final class VMPCKSA3
-{
-    private VMPCKSA3()
-    {
-    }
-    
-    public static class Base
-        extends JCEStreamCipher
-    {
-        public Base()
-        {
-            super(new VMPCKSA3Engine(), 16);
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("VMPC-KSA3", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.symmetric.VMPCKSA3$Base");
-            put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.symmetric.VMPCKSA3$KeyGen");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/XTEA.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/XTEA.java
deleted file mode 100644
index 86621dd4a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/provider/symmetric/XTEA.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import java.util.HashMap;
-
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.XTEAEngine;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-
-public final class XTEA
-{
-    private XTEA()
-    {
-    }
-    
-    public static class ECB
-        extends JCEBlockCipher
-    {
-        public ECB()
-        {
-            super(new XTEAEngine());
-        }
-    }
-
-    public static class KeyGen
-        extends JCEKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("XTEA", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends JDKAlgorithmParameters.IVAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "XTEA IV";
-        }
-    }
-
-    public static class Mappings
-        extends HashMap
-    {
-        public Mappings()
-        {
-            put("Cipher.XTEA", "org.bouncycastle.jce.provider.symmetric.XTEA$ECB");
-            put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.symmetric.XTEA$KeyGen");
-            put("AlgorithmParameters.XTEA", "org.bouncycastle.jce.provider.symmetric.XTEA$AlgParams");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java
deleted file mode 100644
index 12157844c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.spec.KeySpec;
-
-/**
- * base class for an Elliptic Curve Key Spec
- */
-public class ECKeySpec
-    implements KeySpec
-{
-    private ECParameterSpec     spec;
-
-    protected ECKeySpec(
-        ECParameterSpec spec)
-    {
-        this.spec = spec;
-    }
-
-    /**
-     * return the domain parameters for the curve
-     */
-    public ECParameterSpec getParams()
-    {
-        return spec;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
deleted file mode 100644
index 47416a224..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-
-/**
- * specification signifying that the curve parameters can also be
- * refered to by name.
- * 
    
- * If you are using JDK 1.5 you should be looking at ECNamedCurveSpec.
- */
-public class ECNamedCurveParameterSpec
-    extends ECParameterSpec
-{
-    private String  name;
-
-    public ECNamedCurveParameterSpec(
-        String      name,
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n)
-    {
-        super(curve, G, n);
-
-        this.name = name;
-    }
-
-    public ECNamedCurveParameterSpec(
-        String      name,
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n,
-        BigInteger  h)
-    {
-        super(curve, G, n, h);
-
-        this.name = name;
-    }
-
-    public ECNamedCurveParameterSpec(
-        String      name,
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n,
-        BigInteger  h,
-        byte[]      seed)
-    {
-        super(curve, G, n, h, seed);
-
-        this.name = name;
-    }
-
-    /**
-     * return the name of the curve the EC domain parameters belong to.
-     */
-    public String getName()
-    {
-        return name;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java
deleted file mode 100644
index e774a11e7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java
+++ /dev/null
@@ -1,121 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
-
-import java.math.BigInteger;
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * basic domain parameters for an Elliptic Curve public or private key.
- */
-public class ECParameterSpec
-    implements AlgorithmParameterSpec
-{
-    private ECCurve     curve;
-    private byte[]      seed;
-    private ECPoint     G;
-    private BigInteger  n;
-    private BigInteger  h;
-
-    public ECParameterSpec(
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n)
-    {
-        this.curve = curve;
-        this.G = G;
-        this.n = n;
-        this.h = BigInteger.valueOf(1);
-        this.seed = null;
-    }
-
-    public ECParameterSpec(
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n,
-        BigInteger  h)
-    {
-        this.curve = curve;
-        this.G = G;
-        this.n = n;
-        this.h = h;
-        this.seed = null;
-    }
-
-    public ECParameterSpec(
-        ECCurve     curve,
-        ECPoint     G,
-        BigInteger  n,
-        BigInteger  h,
-        byte[]      seed)
-    {
-        this.curve = curve;
-        this.G = G;
-        this.n = n;
-        this.h = h;
-        this.seed = seed;
-    }
-
-    /**
-     * return the curve along which the base point lies.
-     * @return the curve
-     */
-    public ECCurve getCurve()
-    {
-        return curve;
-    }
-
-    /**
-     * return the base point we are using for these domain parameters.
-     * @return the base point.
-     */
-    public ECPoint getG()
-    {
-        return G;
-    }
-
-    /**
-     * return the order N of G
-     * @return the order
-     */
-    public BigInteger getN()
-    {
-        return n;
-    }
-
-    /**
-     * return the cofactor H to the order of G.
-     * @return the cofactor
-     */
-    public BigInteger getH()
-    {
-        return h;
-    }
-
-    /**
-     * return the seed used to generate this curve (if available).
-     * @return the random seed
-     */
-    public byte[] getSeed()
-    {
-        return seed;
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof ECParameterSpec))
-        {
-            return false;
-        }
-
-        ECParameterSpec other = (ECParameterSpec)o;
-
-        return this.getCurve().equals(other.getCurve()) && this.getG().equals(other.getG());
-    }
-
-    public int hashCode()
-    {
-        return this.getCurve().hashCode() ^ this.getG().hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java
deleted file mode 100644
index 27885c40f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-
-/**
- * Elliptic Curve private key specification.
- */
-public class ECPrivateKeySpec
-    extends ECKeySpec
-{
-    private BigInteger    d;
-
-    /**
-     * base constructor
-     *
-     * @param d the private number for the key.
-     * @param spec the domain parameters for the curve being used.
-     */
-    public ECPrivateKeySpec(
-        BigInteger      d,
-        ECParameterSpec spec)
-    {
-        super(spec);
-
-        this.d = d;
-    }
-
-    /**
-     * return the private number D
-     */
-    public BigInteger getD()
-    {
-        return d;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java
deleted file mode 100644
index debab004f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import org.bouncycastle.math.ec.ECPoint;
-
-/**
- * Elliptic Curve public key specification
- */
-public class ECPublicKeySpec
-    extends ECKeySpec
-{
-    private ECPoint    q;
-
-    /**
-     * base constructor
-     *
-     * @param q the public point on the curve.
-     * @param spec the domain parameters for the curve.
-     */
-    public ECPublicKeySpec(
-        ECPoint         q,
-        ECParameterSpec spec)
-    {
-        super(spec);
-
-        this.q = q;
-    }
-
-    /**
-     * return the public point q
-     */
-    public ECPoint getQ()
-    {
-        return q;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java
deleted file mode 100644
index 200d2b4d8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-public class ElGamalGenParameterSpec
-    implements AlgorithmParameterSpec
-{
-    private int primeSize;
-
-    /*
-     * @param primeSize the size (in bits) of the prime modulus.
-     */
-    public ElGamalGenParameterSpec(
-        int     primeSize)
-    {
-        this.primeSize = primeSize;
-    }
-
-    /**
-     * Returns the size in bits of the prime modulus.
-     *
-     * @return the size in bits of the prime modulus
-     */
-    public int getPrimeSize()
-    {
-        return primeSize;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java
deleted file mode 100644
index 5e3eb6638..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.spec.KeySpec;
-
-public class ElGamalKeySpec
-    implements KeySpec
-{
-    private ElGamalParameterSpec  spec;
-
-    public ElGamalKeySpec(
-        ElGamalParameterSpec  spec)
-    {
-        this.spec = spec;
-    }
-
-    public ElGamalParameterSpec getParams()
-    {
-        return spec;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java
deleted file mode 100644
index 10ed1c5d5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-import java.security.spec.AlgorithmParameterSpec;
-
-public class ElGamalParameterSpec
-    implements AlgorithmParameterSpec
-{
-    private BigInteger  p;
-    private BigInteger  g;
-
-    /**
-     * Constructs a parameter set for Diffie-Hellman, using a prime modulus
-     * p and a base generator g.
-     * 
-     * @param p the prime modulus
-     * @param g the base generator
-     */
-    public ElGamalParameterSpec(
-        BigInteger  p,
-        BigInteger  g)
-    {
-        this.p = p;
-        this.g = g;
-    }
-
-    /**
-     * Returns the prime modulus p.
-     *
-     * @return the prime modulus p
-     */
-    public BigInteger getP()
-    {
-        return p;
-    }
-
-    /**
-     * Returns the base generator g.
-     *
-     * @return the base generator g
-     */
-    public BigInteger getG()
-    {
-        return g;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java
deleted file mode 100644
index 3a3c6e481..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-
-/**
- * This class specifies an ElGamal private key with its associated parameters.
- *
- * @see ElGamalPublicKeySpec
- */
-public class ElGamalPrivateKeySpec
-    extends ElGamalKeySpec
-{
-    private BigInteger  x;
-
-    public ElGamalPrivateKeySpec(
-        BigInteger              x,
-        ElGamalParameterSpec    spec)
-    {
-        super(spec);
-
-        this.x = x;
-    }
-
-    /**
-     * Returns the private value x.
-     *
-     * @return the private value x
-     */
-    public BigInteger getX()
-    {
-        return x;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java
deleted file mode 100644
index c0e6dba1f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-
-/**
- * This class specifies an ElGamal public key with its associated parameters.
- *
- * @see ElGamalPrivateKeySpec
- */
-public class ElGamalPublicKeySpec
-    extends ElGamalKeySpec
-{
-    private BigInteger  y;
-
-    public ElGamalPublicKeySpec(
-        BigInteger              y,
-        ElGamalParameterSpec    spec)
-    {
-        super(spec);
-
-        this.y = y;
-    }
-
-    /**
-     * Returns the public value y.
-     *
-     * @return the public value y
-     */
-    public BigInteger getY()
-    {
-        return y;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java
deleted file mode 100644
index 384d871c1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package org.bouncycastle.jce.spec; 
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.bouncycastle.crypto.engines.GOST28147Engine;
-
-/**
- * A parameter spec for the GOST-28147 cipher.
- */
-public class GOST28147ParameterSpec
-    implements AlgorithmParameterSpec
-{
-    private byte[] iv = null;
-    private byte[] sBox = null;
-
-    public GOST28147ParameterSpec(
-        byte[] sBox)
-    {
-        this.sBox = new byte[sBox.length];
-        
-        System.arraycopy(sBox, 0, this.sBox, 0, sBox.length);
-    }
-
-    public GOST28147ParameterSpec(
-        byte[] sBox,
-        byte[] iv)
-    {
-        this(sBox);
-        this.iv = new byte[iv.length];
-        
-        System.arraycopy(iv, 0, this.iv, 0, iv.length);
-    }
-    
-    public GOST28147ParameterSpec(
-        String  sBoxName)
-    {
-        this.sBox = GOST28147Engine.getSBox(sBoxName);
-    }
-
-    public GOST28147ParameterSpec(
-        String  sBoxName,
-        byte[]  iv)
-    {
-        this(sBoxName);
-        this.iv = new byte[iv.length];
-        
-        System.arraycopy(iv, 0, this.iv, 0, iv.length);
-    }
-
-    public byte[] getSbox()
-    {
-        return sBox;
-    }
-
-    /**
-     * Returns the IV or null if this parameter set does not contain an IV.
-     *
-     * @return the IV or null if this parameter set does not contain an IV.
-     */
-    public byte[] getIV()
-    {
-        if (iv == null)
-        {
-            return null;
-        }
-
-        byte[]  tmp = new byte[iv.length];
-
-        System.arraycopy(iv, 0, tmp, 0, tmp.length);
-
-        return tmp;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java
deleted file mode 100644
index a5ae98f85..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java
+++ /dev/null
@@ -1,133 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.GOST3410NamedParameters;
-import org.bouncycastle.asn1.cryptopro.GOST3410ParamSetParameters;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-import org.bouncycastle.jce.interfaces.GOST3410Params;
-
-/**
- * ParameterSpec for a GOST 3410-94 key.
- */
-public class GOST3410ParameterSpec
-    implements AlgorithmParameterSpec, GOST3410Params
-{
-    private GOST3410PublicKeyParameterSetSpec keyParameters;
-    private String                            keyParamSetOID;
-    private String                            digestParamSetOID;
-    private String                            encryptionParamSetOID;
-    
-    public GOST3410ParameterSpec(
-        String  keyParamSetID,
-        String  digestParamSetOID,
-        String  encryptionParamSetOID)
-    {
-        GOST3410ParamSetParameters  ecP = null;
-        
-        try
-        {
-            ecP = GOST3410NamedParameters.getByOID(new DERObjectIdentifier(keyParamSetID));
-        }
-        catch (IllegalArgumentException e)
-        {
-            DERObjectIdentifier oid = GOST3410NamedParameters.getOID(keyParamSetID);
-            if (oid != null)
-            {
-                keyParamSetID = oid.getId();
-                ecP = GOST3410NamedParameters.getByOID(oid);
-            }
-        }
-        
-        if (ecP == null)
-        {
-            throw new IllegalArgumentException("no key parameter set for passed in name/OID.");
-        }
-
-        this.keyParameters = new GOST3410PublicKeyParameterSetSpec(
-                                        ecP.getP(),
-                                        ecP.getQ(),
-                                        ecP.getA());
-        
-        this.keyParamSetOID = keyParamSetID;
-        this.digestParamSetOID = digestParamSetOID;
-        this.encryptionParamSetOID = encryptionParamSetOID;
-    }
-    
-    public GOST3410ParameterSpec(
-        String  keyParamSetID,
-        String  digestParamSetOID)
-    {
-        this(keyParamSetID, digestParamSetOID, null);
-    }
-    
-    public GOST3410ParameterSpec(
-        String  keyParamSetID)
-    {
-        this(keyParamSetID, CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet.getId(), null);
-    }
-    
-    public GOST3410ParameterSpec(
-        GOST3410PublicKeyParameterSetSpec spec)
-    {
-        this.keyParameters = spec;
-        this.digestParamSetOID = CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet.getId();
-        this.encryptionParamSetOID = null;
-    }
-    
-    public String getPublicKeyParamSetOID()
-    {
-        return this.keyParamSetOID;
-    }
-
-    public GOST3410PublicKeyParameterSetSpec getPublicKeyParameters()
-    {
-        return keyParameters;
-    }
-    
-    public String getDigestParamSetOID()
-    {
-        return this.digestParamSetOID;
-    }
-
-    public String getEncryptionParamSetOID()
-    {
-        return this.encryptionParamSetOID;
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o instanceof GOST3410ParameterSpec)
-        {
-            GOST3410ParameterSpec other = (GOST3410ParameterSpec)o;
-            
-            return this.keyParameters.equals(other.keyParameters) 
-                && this.digestParamSetOID.equals(other.digestParamSetOID)
-                && (this.encryptionParamSetOID == other.encryptionParamSetOID
-                    || (this.encryptionParamSetOID != null && this.encryptionParamSetOID.equals(other.encryptionParamSetOID)));
-        }
-        
-        return false;
-    }
-    
-    public int hashCode()
-    {
-        return this.keyParameters.hashCode() ^ this.digestParamSetOID.hashCode() 
-                       ^ (this.encryptionParamSetOID != null ? this.encryptionParamSetOID.hashCode() : 0);
-    }
-
-    public static GOST3410ParameterSpec fromPublicKeyAlg(
-        GOST3410PublicKeyAlgParameters params)
-    {
-        if (params.getEncryptionParamSet() != null)
-        {
-            return new GOST3410ParameterSpec(params.getPublicKeyParamSet().getId(), params.getDigestParamSet().getId(), params.getEncryptionParamSet().getId());
-        }
-        else
-        {
-            return new GOST3410ParameterSpec(params.getPublicKeyParamSet().getId(), params.getDigestParamSet().getId());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java
deleted file mode 100644
index 5ea138561..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-import java.security.spec.KeySpec;
-
-/**
- * This class specifies a GOST3410-94 private key with its associated parameters.
- */
-
-public class GOST3410PrivateKeySpec
-    implements KeySpec
-{
-    private BigInteger x;
-    private BigInteger p;
-    private BigInteger q;
-    private BigInteger a;
-
-    /**
-     * Creates a new GOST3410PrivateKeySpec with the specified parameter values.
-     *
-     * @param x the private key.
-     * @param p the prime.
-     * @param q the sub-prime.
-     * @param a the base.
-     */
-    public GOST3410PrivateKeySpec(BigInteger x, BigInteger p, BigInteger q,
-         BigInteger a)
-    {
-        this.x = x;
-        this.p = p;
-        this.q = q;
-        this.a = a;
-    }
-
-    /**
-     * Returns the private key x.
-     * @return the private key x.
-     */
-    public BigInteger getX()
-    {
-        return this.x;
-    }
-
-    /**
-     * Returns the prime p.
-     * @return the prime p.
-     */
-    public BigInteger getP()
-    {
-        return this.p;
-    }
-
-    /**
-     * Returns the sub-prime q.
-     * @return the sub-prime q.
-     */
-    public BigInteger getQ()
-    {
-        return this.q;
-    }
-
-    /**
-     * Returns the base a.
-     * @return the base a.
-     */
-    public BigInteger getA()
-    {
-        return this.a;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java
deleted file mode 100644
index 9e4e650a0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-
-/**
- * ParameterSpec for a GOST 3410-94 key parameters.
- */
-public class GOST3410PublicKeyParameterSetSpec
-{
-    private BigInteger p;
-    private BigInteger q;
-    private BigInteger a;
-    
-    /**
-     * Creates a new GOST3410ParameterSpec with the specified parameter values.
-     * 
-     * @param p the prime.
-     * @param q the sub-prime.
-     * @param a the base.
-     */
-    public GOST3410PublicKeyParameterSetSpec(
-        BigInteger p,
-        BigInteger q,
-        BigInteger a)
-    {
-        this.p = p;
-        this.q = q;
-        this.a = a;
-    }
-    
-    /**
-     * Returns the prime p.
-     *
-     * @return the prime p.
-     */
-    public BigInteger getP() 
-    {
-        return this.p;
-    }
-    
-    /**
-     * Returns the sub-prime q.
-     *
-     * @return the sub-prime q.
-     */
-    public BigInteger getQ() 
-    {
-        return this.q;
-    }
-    
-    /**
-     * Returns the base a.
-     *
-     * @return the base a.
-     */
-    public BigInteger getA() 
-    {
-        return this.a;
-    }
-    
-    public boolean equals(
-        Object o)
-    {
-        if (o instanceof GOST3410PublicKeyParameterSetSpec)
-        {
-            GOST3410PublicKeyParameterSetSpec other = (GOST3410PublicKeyParameterSetSpec)o;
-            
-            return this.a.equals(other.a) && this.p.equals(other.p) && this.q.equals(other.q);
-        }
-        
-        return false;
-    }
-    
-    public int hashCode()
-    {
-        return a.hashCode() ^ p.hashCode() ^ q.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java
deleted file mode 100644
index 7b65c064d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.math.BigInteger;
-import java.security.spec.KeySpec;
-
-/**
- * This class specifies a GOST3410-94 public key with its associated parameters.
- */
-
-public class GOST3410PublicKeySpec
-    implements KeySpec
-{
-
-    private BigInteger y;
-    private BigInteger p;
-    private BigInteger q;
-    private BigInteger a;
-
-    /**
-     * Creates a new GOST3410PublicKeySpec with the specified parameter values.
-     *
-     * @param y the public key.
-     * @param p the prime.
-     * @param q the sub-prime.
-     * @param a the base.
-     */
-    public GOST3410PublicKeySpec(
-        BigInteger y,
-        BigInteger p,
-        BigInteger q,
-        BigInteger a)
-    {
-        this.y = y;
-        this.p = p;
-        this.q = q;
-        this.a = a;
-    }
-
-    /**
-     * Returns the public key y.
-     *
-     * @return the public key y.
-     */
-    public BigInteger getY()
-    {
-        return this.y;
-    }
-
-    /**
-     * Returns the prime p.
-     *
-     * @return the prime p.
-     */
-    public BigInteger getP()
-    {
-        return this.p;
-    }
-
-    /**
-     * Returns the sub-prime q.
-     *
-     * @return the sub-prime q.
-     */
-    public BigInteger getQ()
-    {
-        return this.q;
-    }
-
-    /**
-     * Returns the base g.
-     *
-     * @return the base g.
-     */
-    public BigInteger getA()
-    {
-        return this.a;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java
deleted file mode 100644
index 9859a22bb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.spec.KeySpec;
-
-import org.bouncycastle.jce.interfaces.IESKey;
-
-/**
- * key pair for use with an integrated encryptor - together
- * they provide what's required to generate the message.
- */
-public class IEKeySpec
-    implements KeySpec, IESKey
-{
-    private PublicKey   pubKey;
-    private PrivateKey  privKey;
-
-    /**
-     * @param privKey our private key.
-     * @param pubKey the public key of the sender/recipient.
-     */
-    public IEKeySpec(
-        PrivateKey  privKey,
-        PublicKey   pubKey)
-    {
-        this.privKey = privKey;
-        this.pubKey = pubKey;
-    }
-
-    /**
-     * return the intended recipient's/sender's public key.
-     */
-    public PublicKey getPublic()
-    {
-        return pubKey;
-    }
-
-    /**
-     * return the local private key.
-     */
-    public PrivateKey getPrivate()
-    {
-        return privKey;
-    }
-
-    /**
-     * return "IES"
-     */
-    public String getAlgorithm()
-    {
-        return "IES";
-    }
-
-    /**
-     * return null
-     */
-    public String getFormat()
-    {
-        return null;
-    }
-
-    /**
-     * returns null
-     */
-    public byte[] getEncoded()
-    {
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java
deleted file mode 100644
index 97c7d3a8e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * Parameter spec for an integrated encryptor, as in IEEE P1363a
- */
-public class IESParameterSpec
-    implements AlgorithmParameterSpec
-{
-    private byte[]  derivation;
-    private byte[]  encoding;
-    private int     macKeySize;
-
-    public IESParameterSpec(
-        byte[]  derivation,
-        byte[]  encoding,
-        int     macKeySize)
-    {
-        this.derivation = new byte[derivation.length];
-        System.arraycopy(derivation, 0, this.derivation, 0, derivation.length);
-
-        this.encoding = new byte[encoding.length];
-        System.arraycopy(encoding, 0, this.encoding, 0, encoding.length);
-
-        this.macKeySize = macKeySize;           
-    }
-
-    /**
-     * return the derivation vector.
-     */
-    public byte[] getDerivationV()
-    {
-        return derivation;
-    }
-
-    /**
-     * return the encoding vector.
-     */
-    public byte[] getEncodingV()
-    {
-        return encoding;
-    }
-
-    /**
-     * return the key size in bits for the MAC used with the message
-     */
-    public int getMacKeySize()
-    {
-        return macKeySize;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java
deleted file mode 100644
index bdd988d08..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.spec.KeySpec;
-
-import org.bouncycastle.jce.interfaces.MQVPrivateKey;
-
-/**
- * Static/ephemeral private key (pair) for use with ECMQV key agreement
- * (Optionally provides the ephemeral public key)
- */
-public class MQVPrivateKeySpec
-    implements KeySpec, MQVPrivateKey
-{
-    private PrivateKey staticPrivateKey;
-    private PrivateKey ephemeralPrivateKey;
-    private PublicKey ephemeralPublicKey;
-
-    /**
-     * @param staticPrivateKey the static private key.
-     * @param ephemeralPrivateKey the ephemeral private key.
-     */
-    public MQVPrivateKeySpec(
-            PrivateKey  staticPrivateKey,
-            PrivateKey  ephemeralPrivateKey)
-    {
-        this(staticPrivateKey, ephemeralPrivateKey, null);
-    }
-
-    /**
-     * @param staticPrivateKey the static private key.
-     * @param ephemeralPrivateKey the ephemeral private key.
-     * @param ephemeralPublicKey the ephemeral public key (may be null).
-     */
-    public MQVPrivateKeySpec(
-        PrivateKey  staticPrivateKey,
-        PrivateKey  ephemeralPrivateKey,
-        PublicKey   ephemeralPublicKey)
-    {
-        this.staticPrivateKey = staticPrivateKey;
-        this.ephemeralPrivateKey = ephemeralPrivateKey;
-        this.ephemeralPublicKey = ephemeralPublicKey;
-    }
-
-    /**
-     * return the static private key
-     */
-    public PrivateKey getStaticPrivateKey()
-    {
-        return staticPrivateKey;
-    }
-
-    /**
-     * return the ephemeral private key
-     */
-    public PrivateKey getEphemeralPrivateKey()
-    {
-        return ephemeralPrivateKey;
-    }
-
-    /**
-     * return the ephemeral public key (may be null)
-     */
-    public PublicKey getEphemeralPublicKey()
-    {
-        return ephemeralPublicKey;
-    }
-
-    /**
-     * return "ECMQV"
-     */
-    public String getAlgorithm()
-    {
-        return "ECMQV";
-    }
-
-    /**
-     * return null
-     */
-    public String getFormat()
-    {
-        return null;
-    }
-
-    /**
-     * returns null
-     */
-    public byte[] getEncoded()
-    {
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java
deleted file mode 100644
index 8b50d05f6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package org.bouncycastle.jce.spec;
-
-import java.security.PublicKey;
-import java.security.spec.KeySpec;
-
-import org.bouncycastle.jce.interfaces.MQVPublicKey;
-
-/**
- * Static/ephemeral public key pair for use with ECMQV key agreement
- */
-public class MQVPublicKeySpec
-    implements KeySpec, MQVPublicKey
-{
-    private PublicKey staticKey;
-    private PublicKey ephemeralKey;
-
-    /**
-     * @param staticKey the static public key.
-     * @param ephemeralKey the ephemeral public key.
-     */
-    public MQVPublicKeySpec(
-        PublicKey staticKey,
-        PublicKey ephemeralKey)
-    {
-        this.staticKey = staticKey;
-        this.ephemeralKey = ephemeralKey;
-    }
-
-    /**
-     * return the static public key
-     */
-    public PublicKey getStaticKey()
-    {
-        return staticKey;
-    }
-    
-    /**
-     * return the ephemeral public key
-     */
-    public PublicKey getEphemeralKey()
-    {
-        return ephemeralKey;
-    }
-
-    /**
-     * return "ECMQV"
-     */
-    public String getAlgorithm()
-    {
-        return "ECMQV";
-    }
-
-    /**
-     * return null
-     */
-    public String getFormat()
-    {
-        return null;
-    }
-
-    /**
-     * returns null
-     */
-    public byte[] getEncoded()
-    {
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/package.html
deleted file mode 100644
index 6f370577d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/jce/spec/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Parameter specifications for supporting El Gamal, and Elliptic Curve.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPart.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPart.java
deleted file mode 100644
index 040def416..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPart.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.mail.BodyPart;
-import javax.mail.MessagingException;
-
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-
-/**
- * a holding class for a BodyPart to be processed.
- */
-public class CMSProcessableBodyPart
-    implements CMSProcessable
-{
-    private BodyPart   bodyPart;
-
-    public CMSProcessableBodyPart(
-        BodyPart    bodyPart)
-    {
-        this.bodyPart = bodyPart;
-    }
-
-    public void write(
-        OutputStream out)
-        throws IOException, CMSException
-    {
-        try
-        {
-            bodyPart.writeTo(out);
-        }
-        catch (MessagingException e)
-        {
-            throw new CMSException("can't write BodyPart to stream.", e);
-        }
-    }
-
-    public Object getContent()
-    {
-        return bodyPart;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartInbound.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartInbound.java
deleted file mode 100644
index 1497590d7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartInbound.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.mail.BodyPart;
-import javax.mail.MessagingException;
-
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-
-/**
- * a holding class for a BodyPart to be processed which does CRLF canonicalisation if
- * dealing with non-binary data.
- */
-public class CMSProcessableBodyPartInbound
-    implements CMSProcessable
-{
-    private final BodyPart    bodyPart;
-    private final String      defaultContentTransferEncoding;
-
-    /**
-     * Create a processable with the default transfer encoding of 7bit 
-     * 
-     * @param bodyPart body part to be processed
-     */
-    public CMSProcessableBodyPartInbound(
-        BodyPart    bodyPart)
-    {
-        this(bodyPart, "7bit");
-    }
-
-    /**
-     * Create a processable with the a default transfer encoding of
-     * the passed in value. 
-     * 
-     * @param bodyPart body part to be processed
-     * @param defaultContentTransferEncoding the new default to use.
-     */
-    public CMSProcessableBodyPartInbound(
-        BodyPart    bodyPart,
-        String      defaultContentTransferEncoding)
-    {
-        this.bodyPart = bodyPart;
-        this.defaultContentTransferEncoding = defaultContentTransferEncoding;
-    }
-
-    public void write(
-        OutputStream out)
-        throws IOException, CMSException
-    {
-        try
-        {
-            SMIMEUtil.outputBodyPart(out, bodyPart, defaultContentTransferEncoding);
-        }
-        catch (MessagingException e)
-        {
-            throw new CMSException("can't write BodyPart to stream: " + e, e);
-        }
-    }
-
-    public Object getContent()
-    {
-        return bodyPart;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartOutbound.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartOutbound.java
deleted file mode 100644
index 4c4b3b110..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/CMSProcessableBodyPartOutbound.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.mail.BodyPart;
-import javax.mail.MessagingException;
-import javax.mail.internet.MimeBodyPart;
-
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.mail.smime.util.CRLFOutputStream;
-
-/**
- * a holding class for a BodyPart to be processed which does CRLF canocicalisation if 
- * dealing with non-binary data.
- */
-public class CMSProcessableBodyPartOutbound
-    implements CMSProcessable
-{
-    private BodyPart   bodyPart;
-    private String     defaultContentTransferEncoding;
-
-    /**
-     * Create a processable with the default transfer encoding of 7bit 
-     * 
-     * @param bodyPart body part to be processed
-     */
-    public CMSProcessableBodyPartOutbound(
-        BodyPart    bodyPart)
-    {
-        this.bodyPart = bodyPart;
-    }
-
-    /**
-     * Create a processable with the a default transfer encoding of
-     * the passed in value. 
-     * 
-     * @param bodyPart body part to be processed
-     * @param defaultContentTransferEncoding the new default to use.
-     */
-    public CMSProcessableBodyPartOutbound(
-        BodyPart    bodyPart,
-        String      defaultContentTransferEncoding)
-    {
-        this.bodyPart = bodyPart;
-        this.defaultContentTransferEncoding = defaultContentTransferEncoding;
-    }
-
-    public void write(
-        OutputStream out)
-        throws IOException, CMSException
-    {
-        try
-        {
-            if (SMIMEUtil.isCanonicalisationRequired((MimeBodyPart)bodyPart, defaultContentTransferEncoding))
-            {
-                out = new CRLFOutputStream(out);
-            }
-            
-            bodyPart.writeTo(out);
-        }
-        catch (MessagingException e)
-        {
-            throw new CMSException("can't write BodyPart to stream.", e);
-        }
-    }
-
-    public Object getContent()
-    {
-        return bodyPart;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressed.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressed.java
deleted file mode 100644
index 2fca93660..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressed.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.mail.MessagingException;
-import javax.mail.Part;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimePart;
-
-import org.bouncycastle.cms.CMSCompressedData;
-import org.bouncycastle.cms.CMSException;
-
-/**
- * containing class for an S/MIME pkcs7-mime MimePart.
- */
-public class SMIMECompressed
-    extends CMSCompressedData
-{
-    MimePart                message;
-
-    private static InputStream getInputStream(
-        Part    bodyPart)
-        throws MessagingException
-    {
-        try
-        {
-            return bodyPart.getInputStream();
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    public SMIMECompressed(
-        MimeBodyPart    message) 
-        throws MessagingException, CMSException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-    }
-
-    public SMIMECompressed(
-        MimeMessage    message) 
-        throws MessagingException, CMSException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-    }
-
-    public MimePart getCompressedContent()
-    {
-        return message;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedGenerator.java
deleted file mode 100644
index 38a2a0986..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedGenerator.java
+++ /dev/null
@@ -1,141 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.mail.MessagingException;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.cms.CMSCompressedDataGenerator;
-import org.bouncycastle.cms.CMSCompressedDataStreamGenerator;
-
-/**
- * General class for generating a pkcs7-mime compressed message.
- *
- * A simple example of usage.
- *
- * 
    - *      SMIMECompressedGenerator  fact = new SMIMECompressedGenerator();
- *
- *      MimeBodyPart           smime = fact.generate(content, algorithm);
- * 
    
- *
- * Note: Most clients expect the MimeBodyPart to be in a MimeMultipart
- * when it's sent.
- */
-public class SMIMECompressedGenerator
-    extends SMIMEGenerator
-{
-    public static final String  ZLIB    = CMSCompressedDataGenerator.ZLIB;
-
-    private static final String COMPRESSED_CONTENT_TYPE = "application/pkcs7-mime; name=\"smime.p7z\"; smime-type=compressed-data";
-
-    static
-    {
-        MailcapCommandMap mc = (MailcapCommandMap)CommandMap.getDefaultCommandMap();
-
-        mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
-        mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
-
-        CommandMap.setDefaultCommandMap(mc);
-    }
-
-    /**
-     * generate an compressed object that contains an SMIME Compressed
-     * object using the given compression algorithm.
-     */
-    private MimeBodyPart make(
-        MimeBodyPart    content,
-        String          compressionOID)
-        throws SMIMEException
-    {
-        try
-        {  
-            MimeBodyPart data = new MimeBodyPart();
-        
-            data.setContent(new ContentCompressor(content, compressionOID), COMPRESSED_CONTENT_TYPE);
-            data.addHeader("Content-Type", COMPRESSED_CONTENT_TYPE);
-            data.addHeader("Content-Disposition", "attachment; filename=\"smime.p7z\"");
-            data.addHeader("Content-Description", "S/MIME Compressed Message");
-            data.addHeader("Content-Transfer-Encoding", encoding);
-
-            return data;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting multi-part together.", e);
-        }
-    }
-
-    /**
-     * generate an compressed object that contains an SMIME Compressed
-     * object using the given provider from the contents of the passed in
-     * message
-     */
-    public MimeBodyPart generate(
-        MimeBodyPart    content,
-        String          compressionOID)
-        throws SMIMEException
-    {
-        return make(makeContentBodyPart(content), compressionOID);
-    }
-
-    /**
-     * generate an compressed object that contains an SMIME Compressed
-     * object using the given provider from the contents of the passed in
-     * message
-     */
-    public MimeBodyPart generate(
-        MimeMessage     message,
-        String          compressionOID)
-        throws SMIMEException
-    {
-        try
-        {
-            message.saveChanges();      // make sure we're up to date.
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("unable to save message", e);
-        }
-                        
-        return make(makeContentBodyPart(message), compressionOID);
-    }
-    
-    private class ContentCompressor
-        implements SMIMEStreamingProcessor
-    {
-        private final MimeBodyPart _content;
-        private final String _compressionOid;
-        
-        ContentCompressor(
-            MimeBodyPart content,
-            String       compressionOid)
-        {
-            _content = content;
-            _compressionOid = compressionOid;
-        }
-
-        public void write(OutputStream out)
-            throws IOException
-        {
-            CMSCompressedDataStreamGenerator cGen = new CMSCompressedDataStreamGenerator();
-            
-            OutputStream compressed = cGen.open(out, _compressionOid);
-            
-            try
-            {
-                _content.writeTo(compressed);
-                
-                compressed.close();
-            }
-            catch (MessagingException e)
-            {
-                throw new IOException(e.toString());
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedParser.java
deleted file mode 100644
index 23214a4d8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMECompressedParser.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.mail.MessagingException;
-import javax.mail.Part;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimePart;
-
-import org.bouncycastle.cms.CMSCompressedDataParser;
-import org.bouncycastle.cms.CMSException;
-
-/**
- * Stream based containing class for an S/MIME pkcs7-mime compressed MimePart.
- */
-public class SMIMECompressedParser
-    extends CMSCompressedDataParser
-{
-    private final MimePart message;
-
-    private static InputStream getInputStream(
-        Part    bodyPart,
-        int     bufferSize)
-        throws MessagingException
-    {
-        try
-        {
-            InputStream in = bodyPart.getInputStream();
-            
-            if (bufferSize == 0)
-            {
-                return new BufferedInputStream(in);
-            }
-            else
-            {
-                return new BufferedInputStream(in, bufferSize);
-            }
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    public SMIMECompressedParser(
-        MimeBodyPart    message) 
-        throws MessagingException, CMSException
-    {
-        this(message, 0);
-    }
-
-    public SMIMECompressedParser(
-        MimeMessage    message) 
-        throws MessagingException, CMSException
-    {
-        this(message, 0);
-    }
-    
-    /**
-     * Create a parser from a MimeBodyPart using the passed in buffer size
-     * for reading it.
-     * 
-     * @param message body part to be parsed.
-     * @param bufferSize bufferSoze to be used.
-     */
-    public SMIMECompressedParser(
-        MimeBodyPart    message,
-        int             bufferSize) 
-        throws MessagingException, CMSException
-    {
-        super(getInputStream(message, bufferSize));
-
-        this.message = message;
-    }
-
-    /**
-     * Create a parser from a MimeMessage using the passed in buffer size
-     * for reading it.
-     * 
-     * @param message message to be parsed.
-     * @param bufferSize bufferSoze to be used.
-     */
-    public SMIMECompressedParser(
-        MimeMessage    message,
-        int            bufferSize) 
-        throws MessagingException, CMSException
-    {
-        super(getInputStream(message, bufferSize));
-
-        this.message = message;
-    }
-
-    public MimePart getCompressedContent()
-    {
-        return message;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnveloped.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnveloped.java
deleted file mode 100644
index bf7a7ff4a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnveloped.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.mail.MessagingException;
-import javax.mail.Part;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimePart;
-
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSException;
-
-/**
- * containing class for an S/MIME pkcs7-mime encrypted MimePart.
- */
-public class SMIMEEnveloped
-    extends CMSEnvelopedData
-{
-    MimePart                message;
-
-    private static InputStream getInputStream(
-        Part    bodyPart)
-        throws MessagingException
-    {
-        try
-        {
-            return bodyPart.getInputStream();
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    public SMIMEEnveloped(
-        MimeBodyPart    message) 
-        throws MessagingException, CMSException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-    }
-
-    public SMIMEEnveloped(
-        MimeMessage    message) 
-        throws MessagingException, CMSException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-    }
-
-    public MimePart getEncryptedContent()
-    {
-        return message;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedGenerator.java
deleted file mode 100644
index aca6d6106..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedGenerator.java
+++ /dev/null
@@ -1,624 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.crypto.SecretKey;
-import javax.mail.MessagingException;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.RecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.OutputEncryptor;
-
-/**
- * General class for generating a pkcs7-mime message.
- *
- * A simple example of usage.
- *
- * 
    - *      SMIMEEnvelopedGenerator  fact = new SMIMEEnvelopedGenerator();
- *
- *      fact.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC"));
- *
- *      MimeBodyPart mp = fact.generate(content, new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 40).setProvider("BC").build());
- * 
    
- *
- * Note: Most clients expect the MimeBodyPart to be in a MimeMultipart
- * when it's sent.
- */
-public class SMIMEEnvelopedGenerator
-    extends SMIMEGenerator
-{
-    public static final String  DES_EDE3_CBC    = CMSEnvelopedDataGenerator.DES_EDE3_CBC;
-    public static final String  RC2_CBC         = CMSEnvelopedDataGenerator.RC2_CBC;
-    public static final String  IDEA_CBC        = CMSEnvelopedDataGenerator.IDEA_CBC;
-    public static final String  CAST5_CBC       = CMSEnvelopedDataGenerator.CAST5_CBC;
-
-    public static final String  AES128_CBC      = CMSEnvelopedDataGenerator.AES128_CBC;
-    public static final String  AES192_CBC      = CMSEnvelopedDataGenerator.AES192_CBC;
-    public static final String  AES256_CBC      = CMSEnvelopedDataGenerator.AES256_CBC;
-
-    public static final String  CAMELLIA128_CBC = CMSEnvelopedDataGenerator.CAMELLIA128_CBC;
-    public static final String  CAMELLIA192_CBC = CMSEnvelopedDataGenerator.CAMELLIA192_CBC;
-    public static final String  CAMELLIA256_CBC = CMSEnvelopedDataGenerator.CAMELLIA256_CBC;
-
-    public static final String  SEED_CBC        = CMSEnvelopedDataGenerator.SEED_CBC;
-
-    public static final String  DES_EDE3_WRAP   = CMSEnvelopedDataGenerator.DES_EDE3_WRAP;
-    public static final String  AES128_WRAP     = CMSEnvelopedDataGenerator.AES128_WRAP;
-    public static final String  AES256_WRAP     = CMSEnvelopedDataGenerator.AES256_WRAP;
-    public static final String  CAMELLIA128_WRAP = CMSEnvelopedDataGenerator.CAMELLIA128_WRAP;
-    public static final String  CAMELLIA192_WRAP = CMSEnvelopedDataGenerator.CAMELLIA192_WRAP;
-    public static final String  CAMELLIA256_WRAP = CMSEnvelopedDataGenerator.CAMELLIA256_WRAP;
-    public static final String  SEED_WRAP       = CMSEnvelopedDataGenerator.SEED_WRAP;
-    
-    public static final String  ECDH_SHA1KDF    = CMSEnvelopedDataGenerator.ECDH_SHA1KDF;
-
-    private static final String ENCRYPTED_CONTENT_TYPE = "application/pkcs7-mime; name=\"smime.p7m\"; smime-type=enveloped-data";
-    
-    private EnvelopedGenerator fact;
-    private List               recipients = new ArrayList();
-
-    static
-    {
-        CommandMap.setDefaultCommandMap(addCommands(CommandMap.getDefaultCommandMap()));
-    }
-
-    private static MailcapCommandMap addCommands(CommandMap cm)
-    {
-        MailcapCommandMap mc = (MailcapCommandMap)cm;
-
-        mc.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
-        mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
-        mc.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
-        mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
-        mc.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
-
-        return mc;
-    }
-
-    /**
-     * base constructor
-     */
-    public SMIMEEnvelopedGenerator()
-    {
-        fact = new EnvelopedGenerator();
-    }
-
-    /**
-     * add a recipientInfoGenerator.
-     */
-    public void addRecipientInfoGenerator(
-        RecipientInfoGenerator recipientInfoGen)
-        throws IllegalArgumentException
-    {
-        fact.addRecipientInfoGenerator(recipientInfoGen);
-    }
-
-    /**
-     * add a recipient.
-     * @deprecated use addRecipientInfoGenerator()
-     */
-    public void addKeyTransRecipient(
-        X509Certificate cert)
-        throws IllegalArgumentException
-    {
-        try
-        {
-            JceKeyTransRecipientInfoGenerator infoGenerator = new JceKeyTransRecipientInfoGenerator(cert);
-            recipients.add(infoGenerator);
-            fact.addRecipientInfoGenerator(infoGenerator);
-        }
-        catch (CertificateEncodingException e)
-        {
-            throw new IllegalArgumentException(e.toString());
-        }
-    }
-
-    /**
-     * add a recipient - note: this will only work on V3 and later clients.
-     *
-     * @param key the recipient's public key
-     * @param subKeyId the subject key id for the recipient's public key
-     * @deprecated use addRecipientInfoGenerator()
-     */
-    public void addKeyTransRecipient(
-        PublicKey   key,
-        byte[]      subKeyId)
-        throws IllegalArgumentException
-    {
-        JceKeyTransRecipientInfoGenerator infoGenerator = new JceKeyTransRecipientInfoGenerator(subKeyId, key);
-        recipients.add(infoGenerator);
-        fact.addRecipientInfoGenerator(infoGenerator);
-    }
-
-    /**
-     * add a KEK recipient.
-     * @deprecated use addRecipientInfoGenerator()
-     */
-    public void addKEKRecipient(
-        SecretKey   key,
-        byte[]      keyIdentifier)
-        throws IllegalArgumentException
-    {
-        JceKEKRecipientInfoGenerator infoGenerator = new JceKEKRecipientInfoGenerator(keyIdentifier, key);
-        recipients.add(infoGenerator);
-        fact.addRecipientInfoGenerator(infoGenerator);
-    }
-
-    /**
-     * Add a key agreement based recipient.
-     *
-     * @param senderPrivateKey private key to initialise sender side of agreement with.
-     * @param senderPublicKey sender public key to include with message.
-     * @param recipientCert recipient's public key certificate.
-     * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
-     * @param provider provider to use for the agreement calculation.
-     * @deprecated use addRecipientInfoGenerator()
-     */
-    public void addKeyAgreementRecipient(
-        String           agreementAlgorithm,
-        PrivateKey       senderPrivateKey,
-        PublicKey        senderPublicKey,
-        X509Certificate  recipientCert,
-        String           cekWrapAlgorithm,
-        String           provider)
-        throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException
-    {
-        this.addKeyAgreementRecipient(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCert, cekWrapAlgorithm, provider);
-    }
-
-    /**
-     * Add a key agreement based recipient.
-     *
-     * @param senderPrivateKey private key to initialise sender side of agreement with.
-     * @param senderPublicKey sender public key to include with message.
-     * @param recipientCert recipient's public key certificate.
-     * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
-     * @param provider provider to use for the agreement calculation.
-     * @deprecated use addRecipientInfoGenerator()
-     */
-    public void addKeyAgreementRecipient(
-        String           agreementAlgorithm,
-        PrivateKey       senderPrivateKey,
-        PublicKey        senderPublicKey,
-        X509Certificate  recipientCert,
-        String           cekWrapAlgorithm,
-        Provider         provider)
-        throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException
-    {
-        try
-        {
-            JceKeyAgreeRecipientInfoGenerator infoGenerator = new JceKeyAgreeRecipientInfoGenerator(new ASN1ObjectIdentifier(agreementAlgorithm), senderPrivateKey, senderPublicKey, new ASN1ObjectIdentifier(cekWrapAlgorithm));
-
-            infoGenerator.addRecipient(recipientCert);
-
-            if (provider != null)
-            {
-                infoGenerator.setProvider(provider);
-            }
-
-            fact.addRecipientInfoGenerator(infoGenerator);
-        }
-        catch (CertificateEncodingException e)
-        {
-            throw new NoSuchAlgorithmException("cannot set up generator: " + e);
-        }
-        catch (CMSException e)
-        {
-            throw new NoSuchAlgorithmException("cannot set up generator: " + e);
-        }
-    }
-
-    /**
-     * Use a BER Set to store the recipient information
-     */
-    public void setBerEncodeRecipients(
-        boolean berEncodeRecipientSet)
-    {
-        fact.setBEREncodeRecipients(berEncodeRecipientSet);
-    }
-    
-    /**
-     * if we get here we expect the Mime body part to be well defined.
-     */
-    private MimeBodyPart make(
-        MimeBodyPart    content,
-        ASN1ObjectIdentifier encryptionOID,
-        int             keySize,
-        Provider        provider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        //
-        // check the base algorithm and provider is available
-        //
-        createSymmetricKeyGenerator(encryptionOID.getId(), provider);
-                
-        try
-        {  
-            MimeBodyPart data = new MimeBodyPart();
-        
-            data.setContent(new ContentEncryptor(content, encryptionOID, keySize, provider), ENCRYPTED_CONTENT_TYPE);
-            data.addHeader("Content-Type", ENCRYPTED_CONTENT_TYPE);
-            data.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\"");
-            data.addHeader("Content-Description", "S/MIME Encrypted Message");
-            data.addHeader("Content-Transfer-Encoding", encoding);
-    
-            return data;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting S/MIME message together.", e);
-        }
-        catch (CMSException e)
-        {
-            throw new SMIMEException("exception putting envelope together.", e);
-        }
-    }
-
-     /**
-     * if we get here we expect the Mime body part to be well defined.
-     */
-    private MimeBodyPart make(
-        MimeBodyPart    content,
-        OutputEncryptor encryptor)
-        throws SMIMEException
-    {
-        try
-        {
-            MimeBodyPart data = new MimeBodyPart();
-
-            data.setContent(new ContentEncryptor(content, encryptor), ENCRYPTED_CONTENT_TYPE);
-            data.addHeader("Content-Type", ENCRYPTED_CONTENT_TYPE);
-            data.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\"");
-            data.addHeader("Content-Description", "S/MIME Encrypted Message");
-            data.addHeader("Content-Transfer-Encoding", encoding);
-
-            return data;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting multi-part together.", e);
-        }
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given content encryptor
-     */
-    public MimeBodyPart generate(
-        MimeBodyPart     content,
-        OutputEncryptor  encryptor)
-        throws SMIMEException
-    {
-        return make(makeContentBodyPart(content), encryptor);
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider from the contents of the passed in
-     * message
-     */
-    public MimeBodyPart generate(
-        MimeMessage     message,
-        OutputEncryptor  encryptor)
-        throws SMIMEException
-    {
-        try
-        {
-            message.saveChanges();      // make sure we're up to date.
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("unable to save message", e);
-        }
-
-        return make(makeContentBodyPart(message), encryptor);
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider.
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeBodyPart    content,
-        String          encryptionOID,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return make(makeContentBodyPart(content), new ASN1ObjectIdentifier(encryptionOID), 0, SMIMEUtil.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider.
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeBodyPart    content,
-        String          encryptionOID,
-        Provider        provider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        return make(makeContentBodyPart(content), new ASN1ObjectIdentifier(encryptionOID), 0, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider from the contents of the passed in
-     * message
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeMessage     message,
-        String          encryptionOID,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return generate(message, encryptionOID, SMIMEUtil.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider from the contents of the passed in
-     * message
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeMessage     message,
-        String          encryptionOID,
-        Provider        provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        try
-        {
-            message.saveChanges();      // make sure we're up to date.
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("unable to save message", e);
-        }
-                        
-        return make(makeContentBodyPart(message),new ASN1ObjectIdentifier(encryptionOID), 0, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider. The size of the encryption key
-     * is determined by keysize.
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeBodyPart    content,
-        String          encryptionOID,
-        int             keySize,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return generate(content, encryptionOID, keySize, SMIMEUtil.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider. The size of the encryption key
-     * is determined by keysize.
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeBodyPart    content,
-        String          encryptionOID,
-        int             keySize,
-        Provider        provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return make(makeContentBodyPart(content), new ASN1ObjectIdentifier(encryptionOID), keySize, provider);
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider from the contents of the passed in
-     * message. The size of the encryption key used to protect the message
-     * is determined by keysize.
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeMessage     message,
-        String          encryptionOID,
-        int             keySize,
-        String          provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return generate(message, encryptionOID, keySize, SMIMEUtil.getProvider(provider));
-    }
-
-    /**
-     * generate an enveloped object that contains an SMIME Enveloped
-     * object using the given provider from the contents of the passed in
-     * message. The size of the encryption key used to protect the message
-     * is determined by keysize.
-     * @deprecated
-     */
-    public MimeBodyPart generate(
-        MimeMessage     message,
-        String          encryptionOID,
-        int             keySize,
-        Provider        provider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        try
-        {
-            message.saveChanges();      // make sure we're up to date.
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("unable to save message", e);
-        }
-                        
-        return make(makeContentBodyPart(message), new ASN1ObjectIdentifier(encryptionOID), keySize, provider);
-    }
-    
-    private class ContentEncryptor
-        implements SMIMEStreamingProcessor
-    {
-        private final MimeBodyPart _content;
-        private OutputEncryptor _encryptor;
-
-        private boolean _firstTime = true;
-        
-        ContentEncryptor(
-            MimeBodyPart content,
-            ASN1ObjectIdentifier       encryptionOid,
-            int          keySize,
-            Provider     provider)
-            throws CMSException
-        {
-            _content = content;
-
-            if (keySize == 0)  // use the default
-            {
-                _encryptor = new JceCMSContentEncryptorBuilder(encryptionOid).setProvider(provider).build();
-            }
-            else
-            {
-                _encryptor = new JceCMSContentEncryptorBuilder(encryptionOid, keySize).setProvider(provider).build();
-            }
-
-            if (provider != null)
-            {
-                for (Iterator it = recipients.iterator(); it.hasNext();)
-                {
-                    RecipientInfoGenerator rd = (RecipientInfoGenerator)it.next();
-
-                    try
-                    {
-                        if (rd instanceof JceKeyTransRecipientInfoGenerator)
-                        {
-                            ((JceKeyTransRecipientInfoGenerator)rd).setProvider(provider);
-                        }
-                        else if (rd instanceof JceKEKRecipientInfoGenerator)
-                        {
-                            ((JceKEKRecipientInfoGenerator)rd).setProvider(provider);
-                        }
-                    }
-                    catch (OperatorCreationException e)
-                    {
-                        throw new CMSException("cannot create recipient: " + e.getMessage(), e);
-                    }
-                }
-            }
-        }
-
-        ContentEncryptor(
-            MimeBodyPart content,
-            OutputEncryptor encryptor)
-        {
-            _content = content;
-            _encryptor = encryptor;
-        }
-
-        public void write(OutputStream out)
-            throws IOException
-        {
-            OutputStream encrypted;
-            
-            try
-            {
-                if (_firstTime)
-                {
-                    encrypted = fact.open(out, _encryptor);
-                    
-                    _firstTime = false;
-                }
-                else
-                {
-                    encrypted = fact.regenerate(out, _encryptor);
-                }
-
-                _content.getDataHandler().setCommandMap(addCommands(CommandMap.getDefaultCommandMap()));
-                
-                _content.writeTo(encrypted);
-                
-                encrypted.close();
-            }
-            catch (MessagingException e)
-            {
-                throw new WrappingIOException(e.toString(), e);
-            }
-            catch (CMSException e)
-            {
-                throw new WrappingIOException(e.toString(), e);
-            }
-        }
-    }
-    
-    private class EnvelopedGenerator
-        extends CMSEnvelopedDataStreamGenerator
-    {
-        private ASN1ObjectIdentifier dataType;
-        private ASN1EncodableVector  recipientInfos;
-
-        protected OutputStream open(
-            ASN1ObjectIdentifier dataType,
-            OutputStream         out,
-            ASN1EncodableVector  recipientInfos,
-            OutputEncryptor      encryptor)
-            throws IOException
-        {
-            this.dataType = dataType;
-            this.recipientInfos = recipientInfos;
-
-            return super.open(dataType, out, recipientInfos, encryptor);
-        }
-
-        OutputStream regenerate(
-            OutputStream out,
-            OutputEncryptor     encryptor)
-            throws IOException
-        {
-            return super.open(dataType, out, recipientInfos, encryptor);
-        }
-    }
-
-    private static class WrappingIOException
-        extends IOException
-    {
-        private Throwable cause;
-
-        WrappingIOException(String msg, Throwable cause)
-        {
-            super(msg);
-
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedParser.java
deleted file mode 100644
index 95849472f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEEnvelopedParser.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.mail.MessagingException;
-import javax.mail.Part;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimePart;
-
-import org.bouncycastle.cms.CMSEnvelopedDataParser;
-import org.bouncycastle.cms.CMSException;
-
-/**
- * Stream based containing class for an S/MIME pkcs7-mime encrypted MimePart.
- */
-public class SMIMEEnvelopedParser
-    extends CMSEnvelopedDataParser
-{
-    private final MimePart message;
-
-    private static InputStream getInputStream(
-        Part    bodyPart,
-        int     bufferSize)
-        throws MessagingException
-    {
-        try
-        {
-            InputStream in = bodyPart.getInputStream();
-            
-            if (bufferSize == 0)
-            {
-                return new BufferedInputStream(in);
-            }
-            else
-            {
-                return new BufferedInputStream(in, bufferSize);
-            }
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    public SMIMEEnvelopedParser(
-        MimeBodyPart    message) 
-        throws IOException, MessagingException, CMSException
-    {
-        this(message, 0);
-    }
-
-    public SMIMEEnvelopedParser(
-        MimeMessage    message) 
-        throws IOException, MessagingException, CMSException
-    {
-        this(message, 0);
-    }
-    
-    /**
-     * Create a parser from a MimeBodyPart using the passed in buffer size
-     * for reading it.
-     * 
-     * @param message body part to be parsed.
-     * @param bufferSize bufferSoze to be used.
-     */
-    public SMIMEEnvelopedParser(
-        MimeBodyPart    message,
-        int             bufferSize) 
-        throws IOException, MessagingException, CMSException
-    {
-        super(getInputStream(message, bufferSize));
-
-        this.message = message;
-    }
-
-    /**
-     * Create a parser from a MimeMessage using the passed in buffer size
-     * for reading it.
-     * 
-     * @param message message to be parsed.
-     * @param bufferSize bufferSoze to be used.
-     */
-    public SMIMEEnvelopedParser(
-        MimeMessage    message,
-        int            bufferSize) 
-        throws IOException, MessagingException, CMSException
-    {
-        super(getInputStream(message, bufferSize));
-
-        this.message = message;
-    }
-
-    public MimePart getEncryptedContent()
-    {
-        return message;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEException.java
deleted file mode 100644
index fe7499cfb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-public class SMIMEException 
-    extends Exception 
-{
-    Exception   e;
-
-    public SMIMEException(
-        String name)
-    {
-        super(name);
-    }
-
-    public SMIMEException(
-        String name,
-        Exception e)
-    {
-        super(name);
-
-        this.e = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return e;
-    }
-     
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEGenerator.java
deleted file mode 100644
index 38232f175..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEGenerator.java
+++ /dev/null
@@ -1,221 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.KeyGenerator;
-import javax.mail.Header;
-import javax.mail.MessagingException;
-import javax.mail.Multipart;
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.cms.CMSEnvelopedGenerator;
-import org.bouncycastle.util.Strings;
-
-/**
- * super class of the various generators.
- */
-public class SMIMEGenerator
-{
-    private static Map BASE_CIPHER_NAMES = new HashMap();
-    
-    static
-    {
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC,  "DESEDE");
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES128_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES192_CBC,  "AES");
-        BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES256_CBC,  "AES");
-    }
-
-    protected boolean                     useBase64 = true;
-    protected String                      encoding = "base64";  // default sets base64
-
-    /**
-     * base constructor
-     */
-    protected SMIMEGenerator()
-    {
-    }
-
-    /**
-     * set the content-transfer-encoding for the signature.
-     */
-    public void setContentTransferEncoding(
-        String  encoding)
-    {
-        this.encoding = encoding;
-        this.useBase64 = Strings.toLowerCase(encoding).equals("base64");
-    }
-
-    /**
-     * Make sure we have a valid content body part - setting the headers
-     * with defaults if neccessary.
-     */
-    protected MimeBodyPart makeContentBodyPart(
-        MimeBodyPart    content)
-        throws SMIMEException
-    {
-        //
-        // add the headers to the body part - if they are missing, in
-        // the event they have already been set the content settings override
-        // any defaults that might be set.
-        //
-        try
-        {
-            MimeMessage     msg = new MimeMessage((Session)null);
-
-            Enumeration     e = content.getAllHeaders();
-
-            msg.setDataHandler(content.getDataHandler());
-
-            while (e.hasMoreElements())
-            {
-                Header  hdr =(Header)e.nextElement();
-
-                msg.setHeader(hdr.getName(), hdr.getValue());
-            }
-
-            msg.saveChanges();
-
-            //
-            // we do this to make sure at least the default headers are
-            // set in the body part.
-            //
-            e = msg.getAllHeaders();
-
-            while (e.hasMoreElements())
-            {
-                Header  hdr =(Header)e.nextElement();
-
-                if (Strings.toLowerCase(hdr.getName()).startsWith("content-"))
-                {
-                    content.setHeader(hdr.getName(), hdr.getValue());
-                }
-            }
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception saving message state.", e);
-        }
-
-        return content;
-    }
-
-    /**
-     * extract an appropriate body part from the passed in MimeMessage
-     */
-    protected MimeBodyPart makeContentBodyPart(
-        MimeMessage     message)
-        throws SMIMEException
-    {
-        MimeBodyPart    content = new MimeBodyPart();
-
-        //
-        // add the headers to the body part.
-        //
-        try
-        {
-            message.removeHeader("Message-Id");
-            message.removeHeader("Mime-Version");
-
-            // JavaMail has a habit of reparsing some content types, if the bodypart is
-            // a multipart it might be signed, we rebuild the body part using the raw input stream for the message.
-            try
-            {
-                if (message.getContent() instanceof Multipart)
-                {
-                    content.setContent(message.getRawInputStream(), message.getContentType());
-
-                    extractHeaders(content, message);
-                    
-                    return content;
-                }
-            }
-            catch (MessagingException e)
-            {
-                // fall back to usual method below
-            }
-       
-            content.setContent(message.getContent(), message.getContentType());
-
-            content.setDataHandler(message.getDataHandler());
-
-            extractHeaders(content, message);
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception saving message state.", e);
-        }
-        catch (IOException e)
-        {
-            throw new SMIMEException("exception getting message content.", e);
-        }
-
-        return content;
-    }
-
-    private void extractHeaders(MimeBodyPart content, MimeMessage message)
-        throws MessagingException
-    {
-        Enumeration e = message.getAllHeaders();
-        
-        while (e.hasMoreElements())
-        {
-            Header hdr =(Header)e.nextElement();
-
-            content.addHeader(hdr.getName(), hdr.getValue());
-        }
-    }
-
-    protected KeyGenerator createSymmetricKeyGenerator(
-        String encryptionOID,
-        Provider provider)
-    throws NoSuchAlgorithmException
-    {
-        try
-        {
-            return createKeyGenerator(encryptionOID, provider);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            try
-            {
-                String algName = (String)BASE_CIPHER_NAMES.get(encryptionOID);
-                if (algName != null)
-                {
-                    return createKeyGenerator(algName, provider);
-                }
-            }
-            catch (NoSuchAlgorithmException ex)
-            {
-                // ignore
-            }
-            if (provider != null)
-            {
-                return createSymmetricKeyGenerator(encryptionOID, null);
-            }
-            throw e;
-        }
-    }
-
-    private KeyGenerator createKeyGenerator(
-        String algName,
-        Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return KeyGenerator.getInstance(algName, provider);
-        }
-        else
-        {
-            return KeyGenerator.getInstance(algName);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESigned.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESigned.java
deleted file mode 100644
index 01d7d2ada..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESigned.java
+++ /dev/null
@@ -1,230 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.cms.CMSSignedData;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.mail.MessagingException;
-import javax.mail.Part;
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-import javax.mail.internet.MimePart;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * general class for handling a pkcs7-signature message.
- * 
    
- * A simple example of usage - note, in the example below the validity of
- * the certificate isn't verified, just the fact that one of the certs 
- * matches the given signer...
- * 
    
- * 
    - *  CertStore               certs = s.getCertificates("Collection", "BC");
- *  SignerInformationStore  signers = s.getSignerInfos();
- *  Collection              c = signers.getSigners();
- *  Iterator                it = c.iterator();
- *  
- *  while (it.hasNext())
- *  {
- *      SignerInformation   signer = (SignerInformation)it.next();
- *      Collection          certCollection = certs.getCertificates(signer.getSID());
- *  
- *      Iterator        certIt = certCollection.iterator();
- *      X509Certificate cert = (X509Certificate)certIt.next();
- *  
- *      if (signer.verify(cert.getPublicKey()))
- *      {
- *          verified++;
- *      }   
- *  }
- * 
    
- * 
    
- * Note: if you are using this class with AS2 or some other protocol
- * that does not use 7bit as the default content transfer encoding you
- * will need to use the constructor that allows you to specify the default
- * content transfer encoding, such as "binary".
- * 
    
- */
-public class SMIMESigned
-    extends CMSSignedData
-{
-    Object                  message;
-    MimeBodyPart            content;
-
-    private static InputStream getInputStream(
-        Part    bodyPart)
-        throws MessagingException
-    {
-        try
-        {
-            if (bodyPart.isMimeType("multipart/signed"))
-            {
-                throw new MessagingException("attempt to create signed data object from multipart content - use MimeMultipart constructor.");
-            }
-            
-            return bodyPart.getInputStream();
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    static
-    {
-        MailcapCommandMap mc = (MailcapCommandMap)CommandMap.getDefaultCommandMap();
-
-        mc.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
-        mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
-        mc.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
-        mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
-        mc.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
-        
-        CommandMap.setDefaultCommandMap(mc);
-    }
-    
-    /**
-     * base constructor using a defaultContentTransferEncoding of 7bit
-     *
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESigned(
-        MimeMultipart message) 
-        throws MessagingException, CMSException
-    {
-        super(new CMSProcessableBodyPartInbound(message.getBodyPart(0)), getInputStream(message.getBodyPart(1)));
-
-        this.message = message;
-        this.content = (MimeBodyPart)message.getBodyPart(0);
-    }
-
-    /**
-     * base constructor with settable contentTransferEncoding
-     *
-     * @param message the signed message
-     * @param defaultContentTransferEncoding new default to use
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESigned(
-        MimeMultipart message,
-        String        defaultContentTransferEncoding) 
-        throws MessagingException, CMSException
-    {
-        super(new CMSProcessableBodyPartInbound(message.getBodyPart(0), defaultContentTransferEncoding), getInputStream(message.getBodyPart(1)));
-
-        this.message = message;
-        this.content = (MimeBodyPart)message.getBodyPart(0);
-    }
-    
-    /**
-     * base constructor for a signed message with encapsulated content.
-     *
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception SMIMEException if the body part encapsulated in the message cannot be extracted.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESigned(
-        Part message) 
-        throws MessagingException, CMSException, SMIMEException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-
-        CMSProcessable  cont = this.getSignedContent();
-
-        if (cont != null)
-        {
-            byte[]  contBytes = (byte[])cont.getContent();
-    
-            this.content = SMIMEUtil.toMimeBodyPart(contBytes);
-        }
-    }
-
-    /**
-     * return the content that was signed.
-     */
-    public MimeBodyPart getContent()
-    {
-        return content;
-    }
-
-    /**
-     * Return the content that was signed as a mime message.
-     *
-     * @param session
-     * @return a MimeMessage holding the content.
-     * @throws MessagingException
-     */
-    public MimeMessage getContentAsMimeMessage(Session session)
-        throws MessagingException, IOException
-    {
-        Object content = getSignedContent().getContent();
-        byte[] contentBytes = null;
-
-        if (content instanceof byte[])
-        {
-            contentBytes = (byte[])content;
-        }
-        else if (content instanceof MimePart)
-        {
-            MimePart part = (MimePart)content;
-            ByteArrayOutputStream out;
-            
-            if (part.getSize() > 0)
-            {
-                out = new ByteArrayOutputStream(part.getSize());
-            }
-            else
-            {
-                out = new ByteArrayOutputStream();
-            }
-            
-            part.writeTo(out);
-            contentBytes = out.toByteArray();
-        }
-        else
-        {
-            String type = "";
-            if (content != null)
-            {
-                type = content.getClass().getName();
-            }
-
-            throw new MessagingException(
-                "Could not transfrom content of type "
-                    + type
-                    + " into MimeMessage.");
-        }
-
-        if (contentBytes != null)
-        {
-            ByteArrayInputStream in = new ByteArrayInputStream(contentBytes);
-
-            return new MimeMessage(session, in);
-        }
-
-        return null;
-    }
-
-    /**
-     * return the content that was signed - depending on whether this was
-     * unencapsulated or not it will return a MimeMultipart or a MimeBodyPart
-     */
-    public Object getContentWithSignature()
-    {
-        return message;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedGenerator.java
deleted file mode 100644
index 32c4b992c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedGenerator.java
+++ /dev/null
@@ -1,1020 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.mail.MessagingException;
-import javax.mail.Multipart;
-import javax.mail.internet.ContentType;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
-import org.bouncycastle.cms.SignerInfoGenerator;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.mail.smime.util.CRLFOutputStream;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.X509Store;
-
-/**
- * general class for generating a pkcs7-signature message.
- * 
    
- * A simple example of usage.
- *
- * 
    - *      X509Certificate signCert = ...
- *      KeyPair         signKP = ...
- *
- *      List certList = new ArrayList();
- *
- *      certList.add(signCert);
- *
- *      Store certs = new JcaCertStore(certList);
- *
- *      SMIMESignedGenerator gen = new SMIMESignedGenerator();
- *
- *      gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").build("SHA1withRSA", signKP.getPrivate(), signCert));
- *
- *      gen.addCertificates(certs);
- *
- *      MimeMultipart       smime = fact.generate(content);
- * 
    
- * 
    
- * Note: if you are using this class with AS2 or some other protocol
- * that does not use "7bit" as the default content transfer encoding you
- * will need to use the constructor that allows you to specify the default
- * content transfer encoding, such as "binary".
- * 
    
- */
-public class SMIMESignedGenerator
-    extends SMIMEGenerator
-{
-    public static final String  DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId();
-    public static final String  DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId();
-    public static final String  DIGEST_SHA224 = NISTObjectIdentifiers.id_sha224.getId();
-    public static final String  DIGEST_SHA256 = NISTObjectIdentifiers.id_sha256.getId();
-    public static final String  DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId();
-    public static final String  DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId();
-    public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
-    public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
-    public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
-    public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-
-    public static final String  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId();
-    public static final String  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId();
-    public static final String  ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
-    public static final String  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId();
-    public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
-    public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-
-    private static final String CERTIFICATE_MANAGEMENT_CONTENT = "application/pkcs7-mime; name=smime.p7c; smime-type=certs-only";
-    private static final String DETACHED_SIGNATURE_TYPE = "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data";
-    private static final String ENCAPSULATED_SIGNED_CONTENT_TYPE = "application/pkcs7-mime; name=smime.p7m; smime-type=signed-data";
-
-    private final String        _defaultContentTransferEncoding;
-
-    private List                _certStores = new ArrayList();
-    private List                certStores = new ArrayList();
-    private List                crlStores = new ArrayList();
-    private List                attrCertStores = new ArrayList();
-    private List                signerInfoGens = new ArrayList();
-    private List                _signers = new ArrayList();
-    private List                _oldSigners = new ArrayList();
-    private List                _attributeCerts = new ArrayList();
-    private Map                 _digests = new HashMap();
-    
-    static
-    {
-        CommandMap.setDefaultCommandMap(addCommands(CommandMap.getDefaultCommandMap()));
-    }
-
-    private static MailcapCommandMap addCommands(CommandMap cm)
-    {
-        MailcapCommandMap mc = (MailcapCommandMap)cm;
-
-        mc.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
-        mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
-        mc.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
-        mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
-        mc.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
-
-        return mc;
-    }
-
-    /**
-     * base constructor - default content transfer encoding 7bit
-     */
-    public SMIMESignedGenerator()
-    {
-        _defaultContentTransferEncoding = "7bit";
-    }
-
-    /**
-     * base constructor - default content transfer encoding explicitly set
-     * 
-     * @param defaultContentTransferEncoding new default to use.
-     */
-    public SMIMESignedGenerator(
-        String defaultContentTransferEncoding)
-    {
-        _defaultContentTransferEncoding = defaultContentTransferEncoding;
-    }
-    
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     *
-     * @param key key to use to generate the signature
-     * @param cert the public key certificate associated with the signer's key.
-     * @param digestOID object ID of the digest algorithm to use.
-     * @exception IllegalArgumentException any of the arguments are inappropriate
-     * @deprecated use addSignerInfoGenerator()
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID)
-        throws IllegalArgumentException
-    {
-        _signers.add(new Signer(key, cert, digestOID, null, null));
-    }
-
-    /**
-     * add a signer - no attributes other than the default ones will be
-     * provided here.
-     *
-     * @param key key to use to generate the signature
-     * @param cert the public key certificate associated with the signer's key.
-     * @param encryptionOID object ID of the digest ecnryption algorithm to use.
-     * @param digestOID object ID of the digest algorithm to use.
-     * @exception IllegalArgumentException any of the arguments are inappropriate
-     * @deprecated use addSignerInfoGenerator()
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID)
-        throws IllegalArgumentException
-    {
-        _signers.add(new Signer(key, cert, encryptionOID, digestOID, null, null));
-    }
-
-    /**
-     * Add a signer with extra signed/unsigned attributes or overrides
-     * for the standard attributes. For example this method can be used to
-     * explictly set default attributes such as the signing time.
-     *
-     * @param key key to use to generate the signature
-     * @param cert the public key certificate associated with the signer's key.
-     * @param digestOID object ID of the digest algorithm to use.
-     * @param signedAttr signed attributes to be included in the signature.
-     * @param unsignedAttr unsigned attribitues to be included.
-     * @exception IllegalArgumentException any of the arguments are inappropriate
-     * @deprecated use addSignerInfoGenerator()
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException
-    {
-        _signers.add(new Signer(key, cert, digestOID, signedAttr, unsignedAttr));
-    }
-
-    /**
-     * Add a signer with extra signed/unsigned attributes or overrides
-     * for the standard attributes and a digest encryption algorithm. For
-     * example this method can be used to explictly set default attributes
-     * such as the signing time.
-     *
-     * @param key key to use to generate the signature
-     * @param cert the public key certificate associated with the signer's key.
-     * @param encryptionOID the digest encryption algorithm OID.
-     * @param digestOID object ID of the digest algorithm to use.
-     * @param signedAttr signed attributes to be included in the signature.
-     * @param unsignedAttr unsigned attribitues to be included.
-     * @exception IllegalArgumentException any of the arguments are inappropriate
-     * @deprecated use addSignerInfoGenerator()
-     */
-    public void addSigner(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          encryptionOID,
-        String          digestOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException
-    {
-        _signers.add(new Signer(key, cert, encryptionOID, digestOID, signedAttr, unsignedAttr));
-    }
-
-    /**
-     * Add a store of precalculated signers to the generator.
-     *
-     * @param signerStore store of signers
-     */
-    public void addSigners(
-        SignerInformationStore signerStore)
-    {
-        Iterator    it = signerStore.getSigners().iterator();
-
-        while (it.hasNext())
-        {
-            _oldSigners.add(it.next());
-        }
-    }
-
-    public void addSignerInfoGenerator(SignerInfoGenerator sigInfoGen)
-    {
-        signerInfoGens.add(sigInfoGen);
-    }
-
-    /**
-     * add the certificates and CRLs contained in the given CertStore
-     * to the pool that will be included in the encoded signature block.
-     * 
    
-     * Note: this assumes the CertStore will support null in the get
-     * methods.
-     * 
    
-     * @param certStore CertStore containing the certificates and CRLs to be added.
-     * @deprecated use addCertificates(Store) and addCRLs(Store)
-     */
-    public void addCertificatesAndCRLs(
-        CertStore               certStore)
-        throws CertStoreException, SMIMEException
-    {
-        _certStores.add(certStore);
-    }
-
-    public void addCertificates(
-        Store certStore)
-    {
-        certStores.add(certStore);
-    }
-
-    public void addCRLs(
-        Store crlStore)
-    {
-        crlStores.add(crlStore);
-    }
-
-    public void addAttributeCertificates(
-        Store certStore)
-    {
-        attrCertStores.add(certStore);
-    }
-
-    /**
-     * Add the attribute certificates contained in the passed in store to the
-     * generator.
-     *
-     * @param store a store of Version 2 attribute certificates
-     * @throws CMSException if an error occurse processing the store.
-     * @deprecated use addAttributeCertificates(Store)
-     */
-    public void addAttributeCertificates(
-        X509Store store)
-        throws CMSException
-    {
-        _attributeCerts.add(store);
-    }
-
-    private void addHashHeader(
-        StringBuffer header,
-        List         signers)
-    {
-        int                 count = 0;
-        
-        //
-        // build the hash header
-        //
-        Iterator   it = signers.iterator();
-        Set        micAlgs = new HashSet();
-        
-        while (it.hasNext())
-        {
-            Object       signer = it.next();
-            String       digestOID;
-
-            if (signer instanceof Signer)
-            {
-                digestOID = ((Signer)signer).getDigestOID();
-            }
-            else if (signer instanceof SignerInformation)
-            {
-                digestOID = ((SignerInformation)signer).getDigestAlgOID();
-            }
-            else
-            {
-                digestOID = ((SignerInfoGenerator)signer).getDigestAlgorithm().getAlgorithm().getId();
-            }
-
-            if (digestOID.equals(DIGEST_SHA1))
-            {
-                micAlgs.add("sha1");
-            }
-            else if (digestOID.equals(DIGEST_MD5))
-            {
-                micAlgs.add("md5");
-            }
-            else if (digestOID.equals(DIGEST_SHA224))
-            {
-                micAlgs.add("sha224");
-            }
-            else if (digestOID.equals(DIGEST_SHA256))
-            {
-                micAlgs.add("sha256");
-            }
-            else if (digestOID.equals(DIGEST_SHA384))
-            {
-                micAlgs.add("sha384");
-            }
-            else if (digestOID.equals(DIGEST_SHA512))
-            {
-                micAlgs.add("sha512");
-            }
-            else if (digestOID.equals(DIGEST_GOST3411))
-            {
-                micAlgs.add("gostr3411-94");
-            }
-            else
-            {
-                micAlgs.add("unknown");
-            }
-        }
-        
-        it = micAlgs.iterator();
-        
-        while (it.hasNext())
-        {
-            String    alg = (String)it.next();
-
-            if (count == 0)
-            {
-                if (micAlgs.size() != 1)
-                {
-                    header.append("; micalg=\"");
-                }
-                else
-                {
-                    header.append("; micalg=");
-                }
-            }
-            else
-            {
-                header.append(',');
-            }
-
-            header.append(alg);
-
-            count++;
-        }
-
-        if (count != 0)
-        {
-            if (micAlgs.size() != 1)
-            {
-                header.append('\"');
-            }
-        }
-    }
-    
-    /*
-     * at this point we expect our body part to be well defined.
-     */
-    private MimeMultipart make(
-        MimeBodyPart    content,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        try
-        {
-            MimeBodyPart sig = new MimeBodyPart();
-
-            sig.setContent(new ContentSigner(content, false, sigProvider), DETACHED_SIGNATURE_TYPE);
-            sig.addHeader("Content-Type", DETACHED_SIGNATURE_TYPE);
-            sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
-            sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
-            sig.addHeader("Content-Transfer-Encoding", encoding);
-
-            //
-            // build the multipart header
-            //
-            StringBuffer        header = new StringBuffer(
-                    "signed; protocol=\"application/pkcs7-signature\"");
-
-            List allSigners = new ArrayList(_signers);
-
-            allSigners.addAll(_oldSigners);
-
-            allSigners.addAll(signerInfoGens);
-
-            addHashHeader(header, allSigners);
-
-            MimeMultipart   mm = new MimeMultipart(header.toString());
-
-            mm.addBodyPart(content);
-            mm.addBodyPart(sig);
-
-            return mm;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting multi-part together.", e);
-        }
-    }
-
-    private MimeMultipart make(
-        MimeBodyPart    content)
-    throws SMIMEException
-    {
-        try
-        {
-            MimeBodyPart sig = new MimeBodyPart();
-
-            sig.setContent(new ContentSigner(content, false), DETACHED_SIGNATURE_TYPE);
-            sig.addHeader("Content-Type", DETACHED_SIGNATURE_TYPE);
-            sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
-            sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
-            sig.addHeader("Content-Transfer-Encoding", encoding);
-
-            //
-            // build the multipart header
-            //
-            StringBuffer        header = new StringBuffer(
-                    "signed; protocol=\"application/pkcs7-signature\"");
-
-            List allSigners = new ArrayList(_signers);
-
-            allSigners.addAll(_oldSigners);
-
-            allSigners.addAll(signerInfoGens);
-
-            addHashHeader(header, allSigners);
-
-            MimeMultipart   mm = new MimeMultipart(header.toString());
-
-            mm.addBodyPart(content);
-            mm.addBodyPart(sig);
-
-            return mm;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting multi-part together.", e);
-        }
-    }
-
-    /*
-     * at this point we expect our body part to be well defined - generate with data in the signature
-     */
-    private MimeBodyPart makeEncapsulated(
-        MimeBodyPart    content,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        try
-        {
-            MimeBodyPart sig = new MimeBodyPart();
-            
-            sig.setContent(new ContentSigner(content, true, sigProvider), ENCAPSULATED_SIGNED_CONTENT_TYPE);
-            sig.addHeader("Content-Type", ENCAPSULATED_SIGNED_CONTENT_TYPE);
-            sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\"");
-            sig.addHeader("Content-Description", "S/MIME Cryptographic Signed Data");
-            sig.addHeader("Content-Transfer-Encoding", encoding);
-            
-            return sig;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting body part together.", e);
-        }
-    }
-
-    /*
-     * at this point we expect our body part to be well defined - generate with data in the signature
-     */
-    private MimeBodyPart makeEncapsulated(
-        MimeBodyPart    content)
-        throws SMIMEException
-    {
-        try
-        {
-            MimeBodyPart sig = new MimeBodyPart();
-
-            sig.setContent(new ContentSigner(content, true), ENCAPSULATED_SIGNED_CONTENT_TYPE);
-            sig.addHeader("Content-Type", ENCAPSULATED_SIGNED_CONTENT_TYPE);
-            sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\"");
-            sig.addHeader("Content-Description", "S/MIME Cryptographic Signed Data");
-            sig.addHeader("Content-Transfer-Encoding", encoding);
-
-            return sig;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting body part together.", e);
-        }
-    }
-
-    /**
-     * Return a map of oids and byte arrays representing the digests calculated on the content during
-     * the last generate.
-     *
-     * @return a map of oids (as String objects) and byte[] representing digests.
-     */
-    public Map getGeneratedDigests()
-    {
-        return new HashMap(_digests);
-    }
-
-    /**
-     * generate a signed object that contains an SMIME Signed Multipart
-     * object using the given provider.
-     * @param content the MimeBodyPart to be signed.
-     * @param sigProvider the provider to be used for the signature.
-     * @return a Multipart containing the content and signature.
-     * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
-     * @throws NoSuchProviderException if no provider can be found.
-     * @throws SMIMEException if an exception occurs in processing the signature.
-     * @deprecated use generate(MimeBodyPart)
-     */
-    public MimeMultipart generate(
-        MimeBodyPart    content,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return make(makeContentBodyPart(content), SMIMEUtil.getProvider(sigProvider));
-    }
-
-    /**
-     * generate a signed object that contains an SMIME Signed Multipart
-     * object using the given provider.
-     * @param content the MimeBodyPart to be signed.
-     * @param sigProvider the provider to be used for the signature.
-     * @return a Multipart containing the content and signature.
-     * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
-     * @throws SMIMEException if an exception occurs in processing the signature.
-     */
-    public MimeMultipart generate(
-        MimeBodyPart    content,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        return make(makeContentBodyPart(content), sigProvider);
-    }
-
-    /**
-     * generate a signed object that contains an SMIME Signed Multipart
-     * object using the given provider from the given MimeMessage
-     *
-     * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
-     * @throws NoSuchProviderException if no provider can be found.
-     * @throws SMIMEException if an exception occurs in processing the signature.
-     */
-    public MimeMultipart generate(
-        MimeMessage     message,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return generate(message, SMIMEUtil.getProvider(sigProvider));
-    }
-
-    /**
-     * generate a signed object that contains an SMIME Signed Multipart
-     * object using the given provider from the given MimeMessage
-     *
-     * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found.
-     * @throws NoSuchProviderException if no provider can be found.
-     * @throws SMIMEException if an exception occurs in processing the signature.
-     */
-    public MimeMultipart generate(
-        MimeMessage     message,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        try
-        {
-            message.saveChanges();      // make sure we're up to date.
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("unable to save message", e);
-        }
-
-        return make(makeContentBodyPart(message), sigProvider);
-    }
-
-    public MimeMultipart generate(
-        MimeBodyPart    content)
-        throws SMIMEException
-    {
-        return make(makeContentBodyPart(content));
-    }
-
-    /**
-     * generate a signed message with encapsulated content
-     * 
    
-     * Note: doing this is strongly not recommended as it means a
-     * recipient of the message will have to be able to read the signature to read the
-     * message.
-     */
-    public MimeBodyPart generateEncapsulated(
-        MimeBodyPart    content)
-        throws SMIMEException
-    {
-        return makeEncapsulated(makeContentBodyPart(content));
-    }
-
-    /**
-     * generate a signed message with encapsulated content
-     * 
    
-     * Note: doing this is strongly not recommended as it means a
-     * recipient of the message will have to be able to read the signature to read the 
-     * message.
-     * @deprecated use generateEncapsulated(content)
-     */
-    public MimeBodyPart generateEncapsulated(
-        MimeBodyPart    content,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return makeEncapsulated(makeContentBodyPart(content), SMIMEUtil.getProvider(sigProvider));
-    }
-
-    /**
-     * generate a signed message with encapsulated content
-     * 
    
-     * Note: doing this is strongly not recommended as it means a
-     * recipient of the message will have to be able to read the signature to read the
-     * message.
-     * @deprecated use generateEncapsulated(content)
-     */
-    public MimeBodyPart generateEncapsulated(
-        MimeBodyPart    content,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return makeEncapsulated(makeContentBodyPart(content), sigProvider);
-    }
-
-    /**
-     * generate a signed object that contains an SMIME Signed Multipart
-     * object using the given provider from the given MimeMessage.
-     * 
    
-     * Note: doing this is strongly not recommended as it means a
-     * recipient of the message will have to be able to read the signature to read the
-     * message.
-     * @deprecated use generateEncapsulated(content)
-     */
-    public MimeBodyPart generateEncapsulated(
-        MimeMessage     message,
-        String          sigProvider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException
-    {
-        return generateEncapsulated(message, SMIMEUtil.getProvider(sigProvider));
-    }
-
-    /**
-     * generate a signed object that contains an SMIME Signed Multipart
-     * object using the given provider from the given MimeMessage.
-     * 
    
-     * Note: doing this is strongly not recommended as it means a
-     * recipient of the message will have to be able to read the signature to read the 
-     * message.
-     * @deprecated use generateEncapsulated(content)
-     */
-    public MimeBodyPart generateEncapsulated(
-        MimeMessage     message,
-        Provider        sigProvider)
-        throws NoSuchAlgorithmException, SMIMEException
-    {
-        try
-        {
-            message.saveChanges();      // make sure we're up to date.
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("unable to save message", e);
-        }
-
-        return makeEncapsulated(makeContentBodyPart(message), sigProvider);
-    }
-
-    /**
-     * Creates a certificate management message which is like a signed message with no content
-     * or signers but that still carries certificates and CRLs.
-     *
-     * @return a MimeBodyPart containing the certs and CRLs.
-     */
-    public MimeBodyPart generateCertificateManagement(
-       String provider)
-       throws SMIMEException, NoSuchProviderException
-    {
-        return generateCertificateManagement(SMIMEUtil.getProvider(provider));
-    }
-
-    /**
-     * Creates a certificate management message which is like a signed message with no content
-     * or signers but that still carries certificates and CRLs.
-     * 
-     * @return a MimeBodyPart containing the certs and CRLs.
-     */
-    public MimeBodyPart generateCertificateManagement(
-       Provider provider)
-       throws SMIMEException
-    {
-        try
-        {
-            MimeBodyPart sig = new MimeBodyPart();
-            
-            sig.setContent(new ContentSigner(null, true, provider), CERTIFICATE_MANAGEMENT_CONTENT);
-            sig.addHeader("Content-Type", CERTIFICATE_MANAGEMENT_CONTENT);
-            sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7c\"");
-            sig.addHeader("Content-Description", "S/MIME Certificate Management Message");
-            sig.addHeader("Content-Transfer-Encoding", encoding);
-
-            return sig;
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception putting body part together.", e);
-        }
-    }
-    
-    private class Signer
-    {
-        final PrivateKey      key;
-        final X509Certificate cert;
-        final String          encryptionOID;
-        final String          digestOID;
-        final AttributeTable  signedAttr;
-        final AttributeTable  unsignedAttr;
-        
-        Signer(
-            PrivateKey      key,
-            X509Certificate cert,
-            String          digestOID,
-            AttributeTable  signedAttr,
-            AttributeTable  unsignedAttr)
-        {
-            this(key, cert, null, digestOID, signedAttr, unsignedAttr);
-        }
-
-        Signer(
-            PrivateKey      key,
-            X509Certificate cert,
-            String          encryptionOID,
-            String          digestOID,
-            AttributeTable  signedAttr,
-            AttributeTable  unsignedAttr)
-        {
-            this.key = key;
-            this.cert = cert;
-            this.encryptionOID = encryptionOID;
-            this.digestOID = digestOID;
-            this.signedAttr = signedAttr;
-            this.unsignedAttr = unsignedAttr;
-        }
-
-        public X509Certificate getCert()
-        {
-            return cert;
-        }
-
-        public String getEncryptionOID()
-        {
-            return encryptionOID;
-        }
-
-        public String getDigestOID()
-        {
-            return digestOID;
-        }
-
-        public PrivateKey getKey()
-        {
-            return key;
-        }
-
-        public AttributeTable getSignedAttr()
-        {
-            return signedAttr;
-        }
-
-        public AttributeTable getUnsignedAttr()
-        {
-            return unsignedAttr;
-        }
-    }
-
-    private class ContentSigner
-        implements SMIMEStreamingProcessor
-    {
-        private final MimeBodyPart content;
-        private final boolean encapsulate;
-        private final Provider provider;
-        private final boolean  noProvider;
-
-        ContentSigner(
-            MimeBodyPart content,
-            boolean      encapsulate,
-            Provider     provider)
-        {
-            this.content = content;
-            this.encapsulate = encapsulate;
-            this.provider = provider;
-            this.noProvider = false;
-        }
-
-        ContentSigner(
-            MimeBodyPart content,
-            boolean      encapsulate)
-        {
-            this.content = content;
-            this.encapsulate = encapsulate;
-            this.provider = null;
-            this.noProvider = true;
-        }
-
-        protected CMSSignedDataStreamGenerator getGenerator()
-            throws CMSException, CertStoreException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException
-        {
-            CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-            
-            for (Iterator it = _certStores.iterator(); it.hasNext();)
-            {
-                gen.addCertificatesAndCRLs((CertStore)it.next());
-            }
-
-            for (Iterator it = certStores.iterator(); it.hasNext();)
-            {
-                gen.addCertificates((Store)it.next());
-            }
-
-            for (Iterator it = crlStores.iterator(); it.hasNext();)
-            {
-                gen.addCRLs((Store)it.next());
-            }
-
-            for (Iterator it = attrCertStores.iterator(); it.hasNext();)
-            {
-                gen.addAttributeCertificates((Store)it.next());
-            }
-
-            for (Iterator it = _attributeCerts.iterator(); it.hasNext();)
-            {
-                gen.addAttributeCertificates((X509Store)it.next());
-            }
-
-            for (Iterator it = _signers.iterator(); it.hasNext();)
-            {
-                Signer signer = (Signer)it.next();
-
-                if (signer.getEncryptionOID() != null)
-                {
-                    gen.addSigner(signer.getKey(), signer.getCert(), signer.getEncryptionOID(), signer.getDigestOID(), signer.getSignedAttr(), signer.getUnsignedAttr(), provider);
-                }
-                else
-                {
-                    gen.addSigner(signer.getKey(), signer.getCert(), signer.getDigestOID(), signer.getSignedAttr(), signer.getUnsignedAttr(), provider);
-                }
-            }
-
-            for (Iterator it = signerInfoGens.iterator(); it.hasNext();)
-            {
-                gen.addSignerInfoGenerator((SignerInfoGenerator)it.next());
-            }
-
-            gen.addSigners(new SignerInformationStore(_oldSigners));
-            
-            return gen;
-        }
-
-        private void writeBodyPart(
-            OutputStream out,
-            MimeBodyPart bodyPart)
-            throws IOException, MessagingException
-        {
-            if (bodyPart.getContent() instanceof Multipart)
-            {
-                Multipart mp = (Multipart)bodyPart.getContent();
-                ContentType contentType = new ContentType(mp.getContentType());
-                String boundary = "--" + contentType.getParameter("boundary");
-
-                SMIMEUtil.LineOutputStream lOut = new SMIMEUtil.LineOutputStream(out);
-
-                Enumeration headers = bodyPart.getAllHeaderLines();
-                while (headers.hasMoreElements())
-                {
-                    lOut.writeln((String)headers.nextElement());
-                }
-
-                lOut.writeln();      // CRLF separator
-
-                SMIMEUtil.outputPreamble(lOut, bodyPart, boundary);
-
-                for (int i = 0; i < mp.getCount(); i++)
-                {
-                    lOut.writeln(boundary);
-                    writeBodyPart(out, (MimeBodyPart)mp.getBodyPart(i));
-                    lOut.writeln();       // CRLF terminator
-                }
-                
-                lOut.writeln(boundary + "--");
-            }
-            else
-            {
-                if (SMIMEUtil.isCanonicalisationRequired(bodyPart, _defaultContentTransferEncoding))
-                {
-                    out = new CRLFOutputStream(out);
-                }
-
-                bodyPart.writeTo(out);
-            }
-        }
-
-        public void write(OutputStream out)
-            throws IOException
-        {
-            try
-            {
-                CMSSignedDataStreamGenerator gen = getGenerator();
-                
-                OutputStream signingStream = gen.open(out, encapsulate);
-                
-                if (content != null)
-                {
-                    if (!encapsulate)
-                    {
-                        writeBodyPart(signingStream, content);
-                    }
-                    else
-                    {
-                        content.getDataHandler().setCommandMap(addCommands(CommandMap.getDefaultCommandMap()));
-
-                        content.writeTo(signingStream);
-                    }
-                }
-                
-                signingStream.close();
-
-                _digests = gen.getGeneratedDigests();
-            }
-            catch (MessagingException e)
-            {
-                throw new IOException(e.toString());
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                throw new IOException(e.toString());
-            }
-            catch (NoSuchProviderException e)
-            {
-                throw new IOException(e.toString());
-            }
-            catch (CMSException e)
-            {
-                throw new IOException(e.toString());
-            }
-            catch (InvalidKeyException e)
-            {
-                throw new IOException(e.toString());
-            }
-            catch (CertStoreException e)
-            {
-                throw new IOException(e.toString());
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedParser.java
deleted file mode 100644
index ac82d92a3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMESignedParser.java
+++ /dev/null
@@ -1,345 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.mail.BodyPart;
-import javax.mail.MessagingException;
-import javax.mail.Part;
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSTypedStream;
-
-/**
- * general class for handling a pkcs7-signature message.
- * 
    
- * A simple example of usage - note, in the example below the validity of
- * the certificate isn't verified, just the fact that one of the certs 
- * matches the given signer...
- * 
    
- * 
    - *  CertStore               certs = s.getCertificates("Collection", "BC");
- *  SignerInformationStore  signers = s.getSignerInfos();
- *  Collection              c = signers.getSigners();
- *  Iterator                it = c.iterator();
- *  
- *  while (it.hasNext())
- *  {
- *      SignerInformation   signer = (SignerInformation)it.next();
- *      Collection          certCollection = certs.getCertificates(signer.getSID());
- *  
- *      Iterator        certIt = certCollection.iterator();
- *      X509Certificate cert = (X509Certificate)certIt.next();
- *  
- *      if (signer.verify(cert.getPublicKey()))
- *      {
- *          verified++;
- *      }   
- *  }
- * 
    
- * 
    
- * Note: if you are using this class with AS2 or some other protocol
- * that does not use 7bit as the default content transfer encoding you
- * will need to use the constructor that allows you to specify the default
- * content transfer encoding, such as "binary".
- * 
    
- */
-public class SMIMESignedParser
-    extends CMSSignedDataParser
-{
-    Object                  message;
-    MimeBodyPart            content;
-
-    private static InputStream getInputStream(
-        Part    bodyPart)
-        throws MessagingException
-    {
-        try
-        {
-            if (bodyPart.isMimeType("multipart/signed"))
-            {
-                throw new MessagingException("attempt to create signed data object from multipart content - use MimeMultipart constructor.");
-            }
-            
-            return bodyPart.getInputStream();
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    private static File getTmpFile()
-        throws MessagingException
-    {
-        try
-        {
-            return File.createTempFile("bcMail", ".mime");
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-
-    private static CMSTypedStream getSignedInputStream(
-        BodyPart    bodyPart,
-        String      defaultContentTransferEncoding,
-        File        backingFile)
-        throws MessagingException
-    {
-        try
-        {
-            OutputStream   out = new BufferedOutputStream(new FileOutputStream(backingFile));
-
-            SMIMEUtil.outputBodyPart(out, bodyPart, defaultContentTransferEncoding);
-
-            out.close();
-
-            InputStream in = new TemporaryFileInputStream(backingFile);
-
-            return new CMSTypedStream(in);
-        }
-        catch (IOException e)
-        {
-            throw new MessagingException("can't extract input stream: " + e);
-        }
-    }
-    
-    static
-    {
-        MailcapCommandMap mc = (MailcapCommandMap)CommandMap.getDefaultCommandMap();
-
-        mc.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
-        mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
-        mc.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
-        mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
-        mc.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
-        
-        CommandMap.setDefaultCommandMap(mc);
-    }
-    
-    /**
-     * base constructor using a defaultContentTransferEncoding of 7bit. A temporary backing file
-     * will be created for the signed data.
-     *
-     * @param message signed message with signature.
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESignedParser(
-        MimeMultipart message) 
-        throws MessagingException, CMSException
-    {
-        this(message, getTmpFile());
-    }
-
-    /**
-     * base constructor using a defaultContentTransferEncoding of 7bit and a specified backing file.
-     *
-     * @param message signed message with signature.
-     * @param backingFile the temporary file to use to back the signed data.
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESignedParser(
-        MimeMultipart message,
-        File          backingFile)
-        throws MessagingException, CMSException
-    {
-        this(message, "7bit", backingFile);
-    }
-
-    /**
-     * base constructor with settable contentTransferEncoding. A temporary backing file will be created
-     * to contain the signed data.
-     *
-     * @param message the signed message with signature.
-     * @param defaultContentTransferEncoding new default to use.
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESignedParser(
-        MimeMultipart message,
-        String        defaultContentTransferEncoding) 
-        throws MessagingException, CMSException
-    {
-        this(message, defaultContentTransferEncoding, getTmpFile());
-    }
-
-    /**
-     * base constructor with settable contentTransferEncoding and a specified backing file.
-     *
-     * @param message the signed message with signature.
-     * @param defaultContentTransferEncoding new default to use.
-     * @param backingFile the temporary file to use to back the signed data.
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESignedParser(
-        MimeMultipart message,
-        String        defaultContentTransferEncoding,
-        File          backingFile)
-        throws MessagingException, CMSException
-    {
-        super(getSignedInputStream(message.getBodyPart(0), defaultContentTransferEncoding, backingFile), getInputStream(message.getBodyPart(1)));
-
-        this.message = message;
-        this.content = (MimeBodyPart)message.getBodyPart(0);
-
-        drainContent();
-    }
-
-    /**
-     * base constructor for a signed message with encapsulated content.
-     * 
    
-     * Note: in this case the encapsulated MimeBody part will only be suitable for a single
-     * writeTo - once writeTo has been called the file containing the body part will be deleted. If writeTo is not
-     * called the file will be left in the temp directory.
-     * 
    
-     * @param message the message containing the encapsulated signed data.
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception SMIMEException if the body part encapsulated in the message cannot be extracted.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESignedParser(
-        Part message) 
-        throws MessagingException, CMSException, SMIMEException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-
-        CMSTypedStream  cont = this.getSignedContent();
-
-        if (cont != null)
-        {
-            this.content = SMIMEUtil.toWriteOnceBodyPart(cont);
-        }
-    }
-    
-    /**
-     * Constructor for a signed message with encapsulated content. The encapsulated
-     * content, if it exists, is written to the file represented by the File object 
-     * passed in.
-     *
-     * @param message the Part containing the signed content.
-     * @param file the file the encapsulated part is to be written to after it has been decoded.
-     * 
-     * @exception MessagingException on an error extracting the signature or
-     * otherwise processing the message.
-     * @exception SMIMEException if the body part encapsulated in the message cannot be extracted.
-     * @exception CMSException if some other problem occurs.
-     */
-    public SMIMESignedParser(
-        Part message,
-        File file) 
-        throws MessagingException, CMSException, SMIMEException
-    {
-        super(getInputStream(message));
-
-        this.message = message;
-
-        CMSTypedStream  cont = this.getSignedContent();
-
-        if (cont != null)
-        {
-            this.content = SMIMEUtil.toMimeBodyPart(cont, file);
-        }
-    }
-
-    /**
-     * return the content that was signed.
-     * @return the signed body part in this message.
-     */
-    public MimeBodyPart getContent()
-    {
-        return content;
-    }
-
-    /**
-     * Return the content that was signed as a mime message.
-     *
-     * @param session the session to base the MimeMessage around.
-     * @return a MimeMessage holding the content.
-     * @throws MessagingException if there is an issue creating the MimeMessage.
-     * @throws IOException if there is an issue reading the content.
-     */
-    public MimeMessage getContentAsMimeMessage(Session session)
-        throws MessagingException, IOException
-    {
-        if (message instanceof MimeMultipart)
-        {
-            BodyPart    bp = ((MimeMultipart)message).getBodyPart(0);
-            return new MimeMessage(session, bp.getInputStream());
-        }
-        else
-        {
-            return new MimeMessage(session, getSignedContent().getContentStream());
-        }
-    }
-
-    /**
-     * return the content that was signed with its signature attached.
-     * @return depending on whether this was unencapsulated or not it will return a MimeMultipart
-     * or a MimeBodyPart
-     */
-    public Object getContentWithSignature()
-    {
-        return message;
-    }
-    
-    private void drainContent() 
-        throws CMSException
-    {
-        try
-        {
-            this.getSignedContent().drain();
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("unable to read content for verification: " + e, e);
-        }
-    }
-    
-    private static class TemporaryFileInputStream
-        extends BufferedInputStream
-    {
-        private final File _file;
-        
-        TemporaryFileInputStream(File file) 
-            throws FileNotFoundException
-        {
-            super(new FileInputStream(file));
-            
-            _file = file;
-        }
-        
-        public void close() 
-            throws IOException
-        {
-            super.close();
-
-            _file.delete();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEStreamingProcessor.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEStreamingProcessor.java
deleted file mode 100644
index e773232d9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEStreamingProcessor.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-public interface SMIMEStreamingProcessor
-{
-    public void write(OutputStream out) 
-        throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEUtil.java
deleted file mode 100644
index b2f36e6f0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/SMIMEUtil.java
+++ /dev/null
@@ -1,623 +0,0 @@
-package org.bouncycastle.mail.smime;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-
-import javax.mail.BodyPart;
-import javax.mail.MessagingException;
-import javax.mail.internet.ContentType;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.mail.smime.util.CRLFOutputStream;
-import org.bouncycastle.mail.smime.util.FileBackedMimeBodyPart;
-
-public class SMIMEUtil
-{
-    private static final int BUF_SIZE = 32760;
-    
-    static boolean isCanonicalisationRequired(
-        MimeBodyPart   bodyPart,
-        String defaultContentTransferEncoding) 
-        throws MessagingException
-    {
-        String[]        cte = bodyPart.getHeader("Content-Transfer-Encoding");
-        String          contentTransferEncoding;
-
-        if (cte == null)
-        {
-            contentTransferEncoding = defaultContentTransferEncoding;
-        }
-        else
-        {
-            contentTransferEncoding = cte[0];
-        }
-
-        return !contentTransferEncoding.equalsIgnoreCase("binary");
-    }
-
-    public static Provider getProvider(String providerName)
-        throws NoSuchProviderException
-    {
-        if (providerName != null)
-        {
-            Provider prov = Security.getProvider(providerName);
-
-            if (prov != null)
-            {
-                return prov;
-            }
-
-            throw new NoSuchProviderException("provider " + providerName + " not found.");
-        }
-
-        return null;
-    }
-
-    static class LineOutputStream extends FilterOutputStream
-    {
-        private static byte newline[];
-
-        public LineOutputStream(OutputStream outputstream)
-        {
-            super(outputstream);
-        }
-
-        public void writeln(String s)
-            throws MessagingException
-        {
-            try
-            {
-                byte abyte0[] = getBytes(s);
-                super.out.write(abyte0);
-                super.out.write(newline);
-            }
-            catch(Exception exception)
-            {
-                throw new MessagingException("IOException", exception);
-            }
-        }
-
-        public void writeln()
-            throws MessagingException
-        {
-            try
-            {
-                super.out.write(newline);
-            }
-            catch(Exception exception)
-            {
-                throw new MessagingException("IOException", exception);
-            }
-        }
-
-        static 
-        {
-            newline = new byte[2];
-            newline[0] = 13;
-            newline[1] = 10;
-        }
-        
-        private static byte[] getBytes(String s)
-        {
-            char ac[] = s.toCharArray();
-            int i = ac.length;
-            byte abyte0[] = new byte[i];
-            int j = 0;
-
-            while (j < i)
-            {
-                abyte0[j] = (byte)ac[j++];
-            }
-
-            return abyte0;
-        }
-    }
-
-    /**
-     * internal preamble is generally included in signatures, while this is technically wrong,
-     * if we find internal preamble we include it by default.
-     */
-    static void outputPreamble(LineOutputStream lOut, MimeBodyPart part, String boundary)
-        throws MessagingException, IOException
-    {
-        InputStream in;
-
-        try
-        {
-            in = part.getRawInputStream();
-        }
-        catch (MessagingException e)
-        {
-            return;   // no underlying content rely on default generation
-        }
-
-        String line;
-
-        while ((line = readLine(in)) != null)
-        {
-            if (line.equals(boundary))
-            {
-                break;
-            }
-
-            lOut.writeln(line);
-        }
-
-        in.close();
-
-        if (line == null)
-        {
-            throw new MessagingException("no boundary found");
-        }
-    }
-
-    /**
-     * internal postamble is generally included in signatures, while this is technically wrong,
-     * if we find internal postamble we include it by default.
-     */
-    static void outputPostamble(LineOutputStream lOut, MimeBodyPart part, int count, String boundary)
-        throws MessagingException, IOException
-    {
-        InputStream in;
-
-        try
-        {
-            in = part.getRawInputStream();
-        }
-        catch (MessagingException e)
-        {
-            return;   // no underlying content rely on default generation
-        }
-
-        String line;
-        int boundaries = count + 1;
-
-        while ((line = readLine(in)) != null)
-        {
-            if (line.startsWith(boundary))
-            {
-                boundaries--;
-  
-                if (boundaries == 0)
-                {
-                    break;
-                }
-            }
-        }
-
-        while ((line = readLine(in)) != null)
-        {
-            lOut.writeln(line);
-        }
-        
-        in.close();
-
-        if (boundaries != 0)
-        {
-            throw new MessagingException("all boundaries not found for: " + boundary);
-        }
-    }
-
-    static void outputPostamble(LineOutputStream lOut, BodyPart parent, String parentBoundary, BodyPart part)
-        throws MessagingException, IOException
-    {
-        InputStream in;
-
-        try
-        {
-            in = ((MimeBodyPart)parent).getRawInputStream();
-        }
-        catch (MessagingException e)
-        {
-            return;   // no underlying content rely on default generation
-        }
-
-
-        MimeMultipart multipart = (MimeMultipart)part.getContent();
-        ContentType contentType = new ContentType(multipart.getContentType());
-        String boundary = "--" + contentType.getParameter("boundary");
-        int count = multipart.getCount() + 1;
-        String line;
-        while (count != 0 && (line = readLine(in)) != null)
-        {
-            if (line.startsWith(boundary))
-            {
-                count--;
-            }
-        }
-
-        while ((line = readLine(in)) != null)
-        {
-            if (line.startsWith(parentBoundary))
-            {
-                break;
-            }
-            lOut.writeln(line);
-        }
-
-        in.close();
-    }
-
-    /*
-     * read a line of input stripping of the tailing \r\n
-     */
-    private static String readLine(InputStream in)
-        throws IOException
-    {
-        StringBuffer b = new StringBuffer();
-
-        int ch;
-        while ((ch = in.read()) >= 0 && ch != '\n')
-        {
-            if (ch != '\r')
-            {
-                b.append((char)ch);
-            }
-        }
-
-        if (ch < 0 && b.length() == 0)
-        {
-            return null;
-        }
-        
-        return b.toString();
-    }
-
-    static void outputBodyPart(
-        OutputStream out,
-        BodyPart     bodyPart,
-        String       defaultContentTransferEncoding) 
-        throws MessagingException, IOException
-    {
-        if (bodyPart instanceof MimeBodyPart)
-        {
-            MimeBodyPart    mimePart = (MimeBodyPart)bodyPart;
-            String[]        cte = mimePart.getHeader("Content-Transfer-Encoding");
-            String          contentTransferEncoding;
-
-            if (mimePart.getContent() instanceof MimeMultipart)
-            {
-                MimeMultipart mp = (MimeMultipart)bodyPart.getContent();
-                ContentType contentType = new ContentType(mp.getContentType());
-                String boundary = "--" + contentType.getParameter("boundary");
-
-                SMIMEUtil.LineOutputStream lOut = new SMIMEUtil.LineOutputStream(out);
-
-                Enumeration headers = mimePart.getAllHeaderLines();
-                while (headers.hasMoreElements())
-                {
-                    String header = (String)headers.nextElement();
-                    lOut.writeln(header);
-                }
-
-                lOut.writeln();      // CRLF separator
-
-                outputPreamble(lOut, mimePart, boundary);
-
-                for (int i = 0; i < mp.getCount(); i++)
-                {
-                    lOut.writeln(boundary);
-                    BodyPart part = mp.getBodyPart(i);
-                    outputBodyPart(out, part, defaultContentTransferEncoding);
-                    if (!(part.getContent() instanceof MimeMultipart))
-                    {
-                        lOut.writeln();       // CRLF terminator needed
-                    }
-                    else
-                    {
-                        outputPostamble(lOut, mimePart, boundary, part);
-                    }
-                }
-
-                lOut.writeln(boundary + "--");
-     
-                outputPostamble(lOut, mimePart, mp.getCount(), boundary);
-
-                return;
-            }
-
-            if (cte == null)
-            {
-                contentTransferEncoding = defaultContentTransferEncoding;
-            }
-            else
-            {
-                contentTransferEncoding = cte[0];
-            }
-
-            if (!contentTransferEncoding.equalsIgnoreCase("base64")
-                   && !contentTransferEncoding.equalsIgnoreCase("quoted-printable"))
-            {
-                if (!contentTransferEncoding.equalsIgnoreCase("binary"))
-                {
-                    out = new CRLFOutputStream(out);
-                }
-                bodyPart.writeTo(out);
-                out.flush();
-                return;
-            }
-
-            boolean base64 = contentTransferEncoding.equalsIgnoreCase("base64");
-
-            //
-            // Write raw content, performing canonicalization
-            //
-            InputStream inRaw;
-
-            try
-            {
-                inRaw = mimePart.getRawInputStream();
-            }
-            catch (MessagingException e)
-            {
-                // this is less than ideal, but if the raw output stream is unavailable it's the
-                // best option we've got.
-                out = new CRLFOutputStream(out);
-                bodyPart.writeTo(out);
-                out.flush();
-                return;
-            }
-
-            //
-            // Write headers
-            //
-            LineOutputStream outLine = new LineOutputStream(out);
-            for (Enumeration e = mimePart.getAllHeaderLines(); e.hasMoreElements();) 
-            {
-                String header = (String)e.nextElement();
-  
-                outLine.writeln(header);
-            }
-
-            outLine.writeln();
-            outLine.flush();
-
-
-            OutputStream outCRLF;
-              
-            if (base64)
-            {
-                outCRLF = new Base64CRLFOutputStream(out);
-            }
-            else
-            {
-                outCRLF = new CRLFOutputStream(out);
-            }
-
-            byte[]      buf = new byte[BUF_SIZE];
-
-            int len;
-            while ((len = inRaw.read(buf, 0, buf.length)) > 0)
-            {
-
-                outCRLF.write(buf, 0, len);
-            }
-
-            outCRLF.flush();
-        }
-        else
-        {
-            if (!defaultContentTransferEncoding.equalsIgnoreCase("binary"))
-            {
-                out = new CRLFOutputStream(out);
-            }
-
-            bodyPart.writeTo(out);
-
-            out.flush();
-        }
-    }
-
-    /**
-     * return the MimeBodyPart described in the raw bytes provided in content
-     */
-    public static MimeBodyPart toMimeBodyPart(
-        byte[]    content)
-        throws SMIMEException
-    {
-        return toMimeBodyPart(new ByteArrayInputStream(content));
-    }
-    
-    /**
-     * return the MimeBodyPart described in the input stream content
-     */
-    public static MimeBodyPart toMimeBodyPart(
-        InputStream    content)
-        throws SMIMEException
-    {
-        try
-        {
-            return new MimeBodyPart(content);
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("exception creating body part.", e);
-        }
-    }
-
-    static FileBackedMimeBodyPart toWriteOnceBodyPart(
-        CMSTypedStream    content)
-        throws SMIMEException
-    {
-        try
-        {
-            return new WriteOnceFileBackedMimeBodyPart(content.getContentStream(), File.createTempFile("bcMail", ".mime"));
-        }
-        catch (IOException e)
-        {
-            throw new SMIMEException("IOException creating tmp file:" + e.getMessage(), e);
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("can't create part: " + e, e);
-        }
-    }
-
-    /**
-     * return a file backed MimeBodyPart described in {@link CMSTypedStream} content. 
-     * 
    
-     */
-    public static FileBackedMimeBodyPart toMimeBodyPart(
-        CMSTypedStream    content)
-        throws SMIMEException
-    {
-        try
-        {
-            return toMimeBodyPart(content, File.createTempFile("bcMail", ".mime"));
-        }
-        catch (IOException e)
-        {
-            throw new SMIMEException("IOException creating tmp file:" + e.getMessage(), e);
-        }
-    }
-    
-    /**
-     * Return a file based MimeBodyPart represented by content and backed
-     * by the file represented by file.
-     * 
-     * @param content content stream containing body part.
-     * @param file file to store the decoded body part in.
-     * @return the decoded body part.
-     * @throws SMIMEException
-     */
-    public static FileBackedMimeBodyPart toMimeBodyPart(
-        CMSTypedStream    content,
-        File              file)
-        throws SMIMEException
-    {
-        try
-        {
-            return new FileBackedMimeBodyPart(content.getContentStream(), file);
-        }
-        catch (IOException e)
-        {
-            throw new SMIMEException("can't save content to file: " + e, e);
-        }
-        catch (MessagingException e)
-        {
-            throw new SMIMEException("can't create part: " + e, e);
-        }
-    }
-    
-    /**
-     * Return a CMS IssuerAndSerialNumber structure for the passed in X.509 certificate.
-     * 
-     * @param cert the X.509 certificate to get the issuer and serial number for.
-     * @return an IssuerAndSerialNumber structure representing the certificate.
-     */
-    public static IssuerAndSerialNumber createIssuerAndSerialNumberFor(
-        X509Certificate cert)
-        throws CertificateParsingException
-    {
-        try
-        {
-            return new IssuerAndSerialNumber(PrincipalUtil.getIssuerX509Principal(cert), cert.getSerialNumber());        
-        }
-        catch (Exception e)
-        {
-            throw new CertificateParsingException("exception extracting issuer and serial number: " + e);
-        }
-    }
-
-    private static class WriteOnceFileBackedMimeBodyPart
-        extends FileBackedMimeBodyPart
-    {
-        public WriteOnceFileBackedMimeBodyPart(InputStream content, File file)
-            throws MessagingException, IOException
-        {
-            super(content, file);
-        }
-
-        public void writeTo(OutputStream out)
-            throws MessagingException, IOException
-        {
-            super.writeTo(out);
-
-            this.dispose();
-        }
-    }
-
-    static class Base64CRLFOutputStream extends FilterOutputStream
-    {
-        protected int lastb;
-        protected static byte newline[];
-        private boolean isCrlfStream;
-
-        public Base64CRLFOutputStream(OutputStream outputstream)
-        {
-            super(outputstream);
-            lastb = -1;
-        }
-
-        public void write(int i)
-            throws IOException
-        {
-            if (i == '\r')
-            {
-                out.write(newline);
-            }
-            else if (i == '\n')
-            {
-                if (lastb != '\r')
-                {                                 // imagine my joy...
-                    if (!(isCrlfStream && lastb == '\n'))
-                    {
-                        out.write(newline);
-                    }
-                }
-                else
-                {
-                    isCrlfStream = true;
-                }
-            }
-            else
-            {
-                out.write(i);
-            }
-
-            lastb = i;
-        }
-
-        public void write(byte[] buf)
-            throws IOException
-        {
-            this.write(buf, 0, buf.length);
-        }
-
-        public void write(byte buf[], int off, int len)
-            throws IOException
-        {
-            for (int i = off; i != off + len; i++)
-            {
-                this.write(buf[i]);
-            }
-        }
-
-        public void writeln()
-            throws IOException
-        {
-            super.out.write(newline);
-        }
-
-        static
-        {
-            newline = new byte[2];
-            newline[0] = '\r';
-            newline[1] = '\n';
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateCompressedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateCompressedMail.java
deleted file mode 100644
index b561c70e7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateCompressedMail.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.FileOutputStream;
-import java.util.Properties;
-
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.mail.smime.SMIMECompressedGenerator;
-
-/**
- * a simple example that creates a single compressed mail message.
- */
-public class CreateCompressedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // create the generator for creating an smime/compressed message
-        //
-        SMIMECompressedGenerator  gen = new SMIMECompressedGenerator();
-          
-        //
-        // create the base for our message
-        //
-        MimeBodyPart    msg = new MimeBodyPart();
-
-        msg.setText("Hello world!");
-
-        MimeBodyPart mp = gen.generate(msg, SMIMECompressedGenerator.ZLIB);
-
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example compressed message");
-        body.setContent(mp.getContent(), mp.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("compressed.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateEncryptedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateEncryptedMail.java
deleted file mode 100644
index 362cbe4ce..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateEncryptedMail.java
+++ /dev/null
@@ -1,118 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Properties;
-
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
-
-/**
- * a simple example that creates a single encrypted mail message.
- * 
    
- * The key store can be created using the class in
- * org.bouncycastle.jce.examples.PKCS12Example - the program expects only one
- * key to be present in the key file.
- * 
    
- * Note: while this means that both the private key is available to
- * the program, the private key is retrieved from the keystore only for
- * the purposes of locating the corresponding public key, in normal circumstances
- * you would only be doing this with a certificate available.
- */
-public class CreateEncryptedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        if (args.length != 2)
-        {
-            System.err.println("usage: CreateEncryptedMail pkcs12Keystore password");
-            System.exit(0);
-        }
-
-        //
-        // Open the key store
-        //
-        KeyStore    ks = KeyStore.getInstance("PKCS12", "BC");
-
-        ks.load(new FileInputStream(args[0]), args[1].toCharArray());
-
-        Enumeration e = ks.aliases();
-        String      keyAlias = null;
-
-        while (e.hasMoreElements())
-        {
-            String  alias = (String)e.nextElement();
-
-            if (ks.isKeyEntry(alias))
-            {
-                keyAlias = alias;
-            }
-        }
-
-        if (keyAlias == null)
-        {
-            System.err.println("can't find a private key!");
-            System.exit(0);
-        }
-
-        Certificate[]   chain = ks.getCertificateChain(keyAlias);
-
-        //
-        // create the generator for creating an smime/encrypted message
-        //
-        SMIMEEnvelopedGenerator  gen = new SMIMEEnvelopedGenerator();
-          
-        gen.addKeyTransRecipient((X509Certificate)chain[0]);
-
-        //
-        // create a subject key id - this has to be done the same way as
-        // it is done in the certificate associated with the private key
-        // version 3 only.
-        //
-        /*
-        MessageDigest           dig = MessageDigest.getInstance("SHA1", "BC");
-
-        dig.update(cert.getPublicKey().getEncoded());
-              
-        gen.addKeyTransRecipient(cert.getPublicKey(), dig.digest());
-        */
-         
-        //
-        // create the base for our message
-        //
-        MimeBodyPart    msg = new MimeBodyPart();
-
-        msg.setText("Hello world!");
-
-        MimeBodyPart mp = gen.generate(msg, SMIMEEnvelopedGenerator.RC2_CBC, "BC");
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example encrypted message");
-        body.setContent(mp.getContent(), mp.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("encrypted.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeCompressedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeCompressedMail.java
deleted file mode 100644
index 9a8d4496a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeCompressedMail.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.util.Properties;
-
-import javax.activation.DataHandler;
-import javax.activation.FileDataSource;
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.mail.smime.SMIMECompressedGenerator;
-
-/**
- * a simple example that creates a single compressed mail message using the large
- * file model.
- */
-public class CreateLargeCompressedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // create the generator for creating an smime/compressed message
-        //
-        SMIMECompressedGenerator  gen = new SMIMECompressedGenerator();
-          
-        //
-        // create the base for our message
-        //
-        MimeBodyPart msg = new MimeBodyPart();
-
-        msg.setDataHandler(new DataHandler(new FileDataSource(new File(args[0]))));
-        msg.setHeader("Content-Type", "application/octet-stream");
-        msg.setHeader("Content-Transfer-Encoding", "binary");
-
-        MimeBodyPart mp = gen.generate(msg, SMIMECompressedGenerator.ZLIB);
-
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example compressed message");
-        body.setContent(mp.getContent(), mp.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("compressed.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeEncryptedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeEncryptedMail.java
deleted file mode 100644
index 98b7bb995..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeEncryptedMail.java
+++ /dev/null
@@ -1,102 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Properties;
-
-import javax.activation.DataHandler;
-import javax.activation.FileDataSource;
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
-
-/**
- * a simple example that creates a single encrypted mail message.
- * 
    
- * The key store can be created using the class in
- * org.bouncycastle.jce.examples.PKCS12Example - the program expects only one
- * key to be present in the key file.
- * 
    
- * Note: while this means that both the private key is available to
- * the program, the private key is retrieved from the keystore only for
- * the purposes of locating the corresponding public key, in normal circumstances
- * you would only be doing this with a certificate available.
- */
-public class CreateLargeEncryptedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        if (args.length != 3)
-        {
-            System.err.println("usage: CreateLargeEncryptedMail pkcs12Keystore password inputFile");
-            System.exit(0);
-        }
-
-        //
-        // Open the key store
-        //
-        KeyStore    ks = KeyStore.getInstance("PKCS12", "BC");
-        String      keyAlias = ExampleUtils.findKeyAlias(ks, args[0], args[1].toCharArray());
-
-        Certificate[]   chain = ks.getCertificateChain(keyAlias);
-
-        //
-        // create the generator for creating an smime/encrypted message
-        //
-        SMIMEEnvelopedGenerator  gen = new SMIMEEnvelopedGenerator();
-          
-        gen.addKeyTransRecipient((X509Certificate)chain[0]);
-
-        //
-        // create a subject key id - this has to be done the same way as
-        // it is done in the certificate associated with the private key
-        // version 3 only.
-        //
-        /*
-        MessageDigest           dig = MessageDigest.getInstance("SHA1", "BC");
-
-        dig.update(cert.getPublicKey().getEncoded());
-              
-        gen.addKeyTransRecipient(cert.getPublicKey(), dig.digest());
-        */
-         
-        //
-        // create the base for our message
-        //
-        MimeBodyPart    msg = new MimeBodyPart();
-
-        msg.setDataHandler(new DataHandler(new FileDataSource(new File(args[2]))));
-        msg.setHeader("Content-Type", "application/octet-stream");
-        msg.setHeader("Content-Transfer-Encoding", "binary");
-
-        MimeBodyPart mp = gen.generate(msg, SMIMEEnvelopedGenerator.RC2_CBC, "BC");
-        
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example encrypted message");
-        body.setContent(mp.getContent(), mp.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("encrypted.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeSignedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeSignedMail.java
deleted file mode 100644
index ceb227e42..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateLargeSignedMail.java
+++ /dev/null
@@ -1,225 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Properties;
-
-import javax.activation.DataHandler;
-import javax.activation.FileDataSource;
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
-import org.bouncycastle.asn1.smime.SMIMECapability;
-import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
-import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.mail.smime.SMIMESignedGenerator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.util.Store;
-
-/**
- * a simple example that creates a single signed mail message.
- */
-public class CreateLargeSignedMail
-{
-    //
-    // certificate serial number seed.
-    //
-    static int  serialNo = 1;
-
-    static AuthorityKeyIdentifier createAuthorityKeyId(
-        PublicKey pub) 
-        throws IOException
-    {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
-        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-            (ASN1Sequence)new ASN1InputStream(bIn).readObject());
-
-        return new AuthorityKeyIdentifier(info);
-    }
-
-    static SubjectKeyIdentifier createSubjectKeyId(
-        PublicKey pub) 
-        throws IOException
-    {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
-
-        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-            (ASN1Sequence)new ASN1InputStream(bIn).readObject());
-
-        return new SubjectKeyIdentifier(info);
-    }
-
-    /**
-     * create a basic X509 certificate from the given keys
-     */
-    static X509Certificate makeCertificate(
-        KeyPair subKP,
-        String  subDN,
-        KeyPair issKP,
-        String  issDN)
-        throws GeneralSecurityException, IOException, OperatorCreationException
-    {
-        PublicKey  subPub  = subKP.getPublic();
-        PrivateKey issPriv = issKP.getPrivate();
-        PublicKey  issPub  = issKP.getPublic();
-
-        X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name(issDN), BigInteger.valueOf(serialNo++), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(subDN), subPub);
-
-        v3CertGen.addExtension(
-            X509Extension.subjectKeyIdentifier,
-            false,
-            createSubjectKeyId(subPub));
-
-        v3CertGen.addExtension(
-            X509Extension.authorityKeyIdentifier,
-            false,
-            createAuthorityKeyId(issPub));
-
-        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(issPriv)));
-    }
-
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // set up our certs
-        //
-        KeyPairGenerator    kpg  = KeyPairGenerator.getInstance("RSA", "BC");
-
-        kpg.initialize(1024, new SecureRandom());
-
-        //
-        // cert that issued the signing certificate
-        //
-        String              signDN = "O=Bouncy Castle, C=AU";
-        KeyPair             signKP = kpg.generateKeyPair();
-        X509Certificate     signCert = makeCertificate(
-                                        signKP, signDN, signKP, signDN);
-
-        //
-        // cert we sign against
-        //
-        String              origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
-        KeyPair             origKP = kpg.generateKeyPair();
-        X509Certificate     origCert = makeCertificate(
-                                        origKP, origDN, signKP, signDN);
-
-        List                certList = new ArrayList();
-
-        certList.add(origCert);
-        certList.add(signCert);
-
-        //
-        // create a CertStore containing the certificates we want carried
-        // in the signature
-        //
-        Store certs = new JcaCertStore(certList);
-
-        //
-        // create some smime capabilities in case someone wants to respond
-        //
-        ASN1EncodableVector         signedAttrs = new ASN1EncodableVector();
-        SMIMECapabilityVector       caps = new SMIMECapabilityVector();
-
-        caps.addCapability(SMIMECapability.dES_EDE3_CBC);
-        caps.addCapability(SMIMECapability.rC2_CBC, 128);
-        caps.addCapability(SMIMECapability.dES_CBC);
-
-        signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
-
-        //
-        // add an encryption key preference for encrypted responses -
-        // normally this would be different from the signing certificate...
-        //
-        IssuerAndSerialNumber   issAndSer = new IssuerAndSerialNumber(
-                new X500Name(signDN), origCert.getSerialNumber());
-
-        signedAttrs.add(new SMIMEEncryptionKeyPreferenceAttribute(issAndSer));
-
-        //
-        // create the generator for creating an smime/signed message
-        //
-        SMIMESignedGenerator gen = new SMIMESignedGenerator();
-
-        //
-        // add a signer to the generator - this specifies we are using SHA1 and
-        // adding the smime attributes above to the signed attributes that
-        // will be generated as part of the signature. The encryption algorithm
-        // used is taken from the key - in this RSA with PKCS1Padding
-        //
-        gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setSignedAttributeGenerator(new AttributeTable(signedAttrs)).build("SHA1withRSA", origKP.getPrivate(), origCert));
-
-        //
-        // add our pool of certs and cerls (if any) to go with the signature
-        //
-        gen.addCertificates(certs);
-
-        //
-        // create the base for our message
-        //
-        MimeBodyPart    msg = new MimeBodyPart();
-
-        msg.setDataHandler(new DataHandler(new FileDataSource(new File(args[0]))));
-        msg.setHeader("Content-Type", "application/octet-stream");
-        msg.setHeader("Content-Transfer-Encoding", "base64");
-
-        //
-        // extract the multipart object from the SMIMESigned object.
-        //
-        MimeMultipart mm = gen.generate(msg);
-
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example signed message");
-        body.setContent(mm, mm.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("signed.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMail.java
deleted file mode 100644
index 03c6a0676..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMail.java
+++ /dev/null
@@ -1,220 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Properties;
-
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
-import org.bouncycastle.asn1.smime.SMIMECapability;
-import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
-import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.mail.smime.SMIMESignedGenerator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.util.Store;
-
-/**
- * a simple example that creates a single signed mail message.
- */
-public class CreateSignedMail
-{
-    //
-    // certificate serial number seed.
-    //
-    static int  serialNo = 1;
-
-    static AuthorityKeyIdentifier createAuthorityKeyId(
-        PublicKey pub) 
-        throws IOException
-    {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
-        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-            (ASN1Sequence)new ASN1InputStream(bIn).readObject());
-
-        return new AuthorityKeyIdentifier(info);
-    }
-
-    static SubjectKeyIdentifier createSubjectKeyId(
-        PublicKey pub) 
-        throws IOException
-    {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
-
-        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-            (ASN1Sequence)new ASN1InputStream(bIn).readObject());
-
-        return new SubjectKeyIdentifier(info);
-    }
-
-    /**
-     * create a basic X509 certificate from the given keys
-     */
-    static X509Certificate makeCertificate(
-        KeyPair subKP,
-        String  subDN,
-        KeyPair issKP,
-        String  issDN)
-        throws GeneralSecurityException, IOException, OperatorCreationException
-    {
-        PublicKey  subPub  = subKP.getPublic();
-        PrivateKey issPriv = issKP.getPrivate();
-        PublicKey  issPub  = issKP.getPublic();
-        
-        X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name(issDN), BigInteger.valueOf(serialNo++), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(subDN), subPub);
-
-        v3CertGen.addExtension(
-            X509Extension.subjectKeyIdentifier,
-            false,
-            createSubjectKeyId(subPub));
-
-        v3CertGen.addExtension(
-            X509Extension.authorityKeyIdentifier,
-            false,
-            createAuthorityKeyId(issPub));
-
-        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(issPriv)));
-    }
-
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // set up our certs
-        //
-        KeyPairGenerator    kpg  = KeyPairGenerator.getInstance("RSA", "BC");
-
-        kpg.initialize(1024, new SecureRandom());
-
-        //
-        // cert that issued the signing certificate
-        //
-        String              signDN = "O=Bouncy Castle, C=AU";
-        KeyPair             signKP = kpg.generateKeyPair();
-        X509Certificate     signCert = makeCertificate(
-                                        signKP, signDN, signKP, signDN);
-
-        //
-        // cert we sign against
-        //
-        String              origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
-        KeyPair             origKP = kpg.generateKeyPair();
-        X509Certificate     origCert = makeCertificate(
-                                        origKP, origDN, signKP, signDN);
-
-        List                certList = new ArrayList();
-
-        certList.add(origCert);
-        certList.add(signCert);
-
-        //
-        // create a CertStore containing the certificates we want carried
-        // in the signature
-        //
-        Store certs = new JcaCertStore(certList);
-
-        //
-        // create some smime capabilities in case someone wants to respond
-        //
-        ASN1EncodableVector         signedAttrs = new ASN1EncodableVector();
-        SMIMECapabilityVector       caps = new SMIMECapabilityVector();
-
-        caps.addCapability(SMIMECapability.dES_EDE3_CBC);
-        caps.addCapability(SMIMECapability.rC2_CBC, 128);
-        caps.addCapability(SMIMECapability.dES_CBC);
-
-        signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
-
-        //
-        // add an encryption key preference for encrypted responses -
-        // normally this would be different from the signing certificate...
-        //
-        IssuerAndSerialNumber   issAndSer = new IssuerAndSerialNumber(
-                new X500Name(signDN), origCert.getSerialNumber());
-
-        signedAttrs.add(new SMIMEEncryptionKeyPreferenceAttribute(issAndSer));
-
-        //
-        // create the generator for creating an smime/signed message
-        //
-        SMIMESignedGenerator gen = new SMIMESignedGenerator();
-
-        //
-        // add a signer to the generator - this specifies we are using SHA1 and
-        // adding the smime attributes above to the signed attributes that
-        // will be generated as part of the signature. The encryption algorithm
-        // used is taken from the key - in this RSA with PKCS1Padding
-        //
-        gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setSignedAttributeGenerator(new AttributeTable(signedAttrs)).build("SHA1withRSA", origKP.getPrivate(), origCert));
-
-        //
-        // add our pool of certs and cerls (if any) to go with the signature
-        //
-        gen.addCertificates(certs);
-
-        //
-        // create the base for our message
-        //
-        MimeBodyPart    msg = new MimeBodyPart();
-
-        msg.setText("Hello world!");
-
-        //
-        // extract the multipart object from the SMIMESigned object.
-        //
-        MimeMultipart mm = gen.generate(msg);
-
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example signed message");
-        body.setContent(mm, mm.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("signed.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMultipartMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMultipartMail.java
deleted file mode 100644
index 337f45a5c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/CreateSignedMultipartMail.java
+++ /dev/null
@@ -1,240 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Properties;
-
-import javax.mail.Address;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
-import org.bouncycastle.asn1.smime.SMIMECapability;
-import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
-import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.mail.smime.SMIMESignedGenerator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.util.Store;
-
-/**
- * a simple example that creates a single signed multipart mail message.
- */
-public class CreateSignedMultipartMail
-{
-    //
-    // certificate serial number seed.
-    //
-    static int  serialNo = 1;
-
-    static AuthorityKeyIdentifier createAuthorityKeyId(
-        PublicKey pub) 
-        throws IOException
-    {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
-        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-            (ASN1Sequence)new ASN1InputStream(bIn).readObject());
-
-        return new AuthorityKeyIdentifier(info);
-    }
-
-    static SubjectKeyIdentifier createSubjectKeyId(
-        PublicKey pub) 
-        throws IOException
-    {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
-
-        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-            (ASN1Sequence)new ASN1InputStream(bIn).readObject());
-
-        return new SubjectKeyIdentifier(info);
-    }
-
-    /**
-     * create a basic X509 certificate from the given keys
-     */
-    static X509Certificate makeCertificate(
-        KeyPair subKP,
-        String  subDN,
-        KeyPair issKP,
-        String  issDN)
-        throws GeneralSecurityException, IOException, OperatorCreationException
-    {
-        PublicKey  subPub  = subKP.getPublic();
-        PrivateKey issPriv = issKP.getPrivate();
-        PublicKey  issPub  = issKP.getPublic();
-
-        X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name(issDN), BigInteger.valueOf(serialNo++), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(subDN), subPub);
-
-        v3CertGen.addExtension(
-            X509Extension.subjectKeyIdentifier,
-            false,
-            createSubjectKeyId(subPub));
-
-        v3CertGen.addExtension(
-            X509Extension.authorityKeyIdentifier,
-            false,
-            createAuthorityKeyId(issPub));
-
-        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(issPriv)));
-    }
-
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // set up our certs
-        //
-        KeyPairGenerator    kpg  = KeyPairGenerator.getInstance("RSA", "BC");
-
-        kpg.initialize(1024, new SecureRandom());
-
-        //
-        // cert that issued the signing certificate
-        //
-        String              signDN = "O=Bouncy Castle, C=AU";
-        KeyPair             signKP = kpg.generateKeyPair();
-        X509Certificate     signCert = makeCertificate(
-                                        signKP, signDN, signKP, signDN);
-
-        //
-        // cert we sign against
-        //
-        String              origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
-        KeyPair             origKP = kpg.generateKeyPair();
-        X509Certificate     origCert = makeCertificate(
-                                        origKP, origDN, signKP, signDN);
-
-        List                certList = new ArrayList();
-
-        certList.add(origCert);
-        certList.add(signCert);
-
-        //
-        // create a CertStore containing the certificates we want carried
-        // in the signature
-        //
-        Store certs = new JcaCertStore(certList);
-
-        //
-        // create some smime capabilities in case someone wants to respond
-        //
-        ASN1EncodableVector         signedAttrs = new ASN1EncodableVector();
-        SMIMECapabilityVector       caps = new SMIMECapabilityVector();
-
-        caps.addCapability(SMIMECapability.dES_EDE3_CBC);
-        caps.addCapability(SMIMECapability.rC2_CBC, 128);
-        caps.addCapability(SMIMECapability.dES_CBC);
-
-        signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
-
-        //
-        // add an encryption key preference for encrypted responses -
-        // normally this would be different from the signing certificate...
-        //
-        IssuerAndSerialNumber   issAndSer = new IssuerAndSerialNumber(
-                new X500Name(signDN), origCert.getSerialNumber());
-
-        signedAttrs.add(new SMIMEEncryptionKeyPreferenceAttribute(issAndSer));
-
-        //
-        // create the generator for creating an smime/signed message
-        //
-        SMIMESignedGenerator gen = new SMIMESignedGenerator();
-
-        //
-        // add a signer to the generator - this specifies we are using SHA1 and
-        // adding the smime attributes above to the signed attributes that
-        // will be generated as part of the signature. The encryption algorithm
-        // used is taken from the key - in this RSA with PKCS1Padding
-        //
-        gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setSignedAttributeGenerator(new AttributeTable(signedAttrs)).build("SHA1withRSA", origKP.getPrivate(), origCert));
-
-        //
-        // add our pool of certs and cerls (if any) to go with the signature
-        //
-        gen.addCertificates(certs);
-
-        //
-        // create the base for our message
-        //
-        MimeBodyPart    msg1 = new MimeBodyPart();
-
-        msg1.setText("Hello part 1!");
-
-        MimeBodyPart    msg2 = new MimeBodyPart();
-
-        msg2.setText("Hello part 2!");
-
-        MimeMultipart mp = new MimeMultipart();
-
-        mp.addBodyPart(msg1);
-        mp.addBodyPart(msg2);
-
-        MimeBodyPart m = new MimeBodyPart();
-
-        //
-        // be careful about setting extra headers here. Some mail clients
-        // ignore the To and From fields (for example) in the body part
-        // that contains the multipart. The result of this will be that the
-        // signature fails to verify... Outlook Express is an example of
-        // a client that exhibits this behaviour.
-        //
-        m.setContent(mp);
-
-        //
-        // extract the multipart object from the SMIMESigned object.
-        //
-        MimeMultipart mm = gen.generate(m);
-
-        //
-        // Get a Session object and create the mail message
-        //
-        Properties props = System.getProperties();
-        Session session = Session.getDefaultInstance(props, null);
-
-        Address fromUser = new InternetAddress("\"Eric H. Echidna\"");
-        Address toUser = new InternetAddress("example@bouncycastle.org");
-
-        MimeMessage body = new MimeMessage(session);
-        body.setFrom(fromUser);
-        body.setRecipient(Message.RecipientType.TO, toUser);
-        body.setSubject("example signed message");
-        body.setContent(mm, mm.getContentType());
-        body.saveChanges();
-
-        body.writeTo(new FileOutputStream("signed.message"));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ExampleUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ExampleUtils.java
deleted file mode 100644
index 10c0f06c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ExampleUtils.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.KeyStore;
-import java.util.Enumeration;
-
-import javax.mail.MessagingException;
-import javax.mail.internet.MimeBodyPart;
-
-public class ExampleUtils
-{
-    /**
-     * Dump the content of the passed in BodyPart to the file fileName.
-     *
-     * @throws MessagingException
-     * @throws IOException
-     */
-    public static void dumpContent(
-        MimeBodyPart bodyPart, 
-        String fileName) 
-        throws MessagingException, IOException
-    {
-        //
-        // print mime type of compressed content
-        //
-        System.out.println("content type: " + bodyPart.getContentType());
-        
-        //
-        // recover the compressed content
-        //
-        OutputStream out = new FileOutputStream(fileName);
-        InputStream in = bodyPart.getInputStream();
-        
-        byte[] buf = new byte[10000];
-        int    len;
-        
-        while ((len = in.read(buf, 0, buf.length)) > 0)
-        {
-            out.write(buf, 0, len);
-        }
-        
-        out.close();
-    }
-    
-    public static String findKeyAlias(
-        KeyStore store, 
-        String storeName, 
-        char[] password) 
-        throws Exception
-    {
-        store.load(new FileInputStream(storeName), password);
-    
-        Enumeration e = store.aliases();
-        String      keyAlias = null;
-    
-        while (e.hasMoreElements())
-        {
-            String  alias = (String)e.nextElement();
-    
-            if (store.isKeyEntry(alias))
-            {
-                keyAlias = alias;
-            }
-        }
-    
-        if (keyAlias == null)
-        {
-            throw new IllegalArgumentException("can't find a private key in keyStore: " + storeName);
-        }
-        
-        return keyAlias;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadCompressedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadCompressedMail.java
deleted file mode 100644
index 8e90bfd52..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadCompressedMail.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.FileInputStream;
-import java.util.Properties;
-
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.mail.smime.SMIMECompressed;
-import org.bouncycastle.mail.smime.SMIMEUtil;
-
-/**
- * a simple example that reads a compressed email.
- * 
    
- */
-public class ReadCompressedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // Get a Session object with the default properties.
-        //         
-        Properties props = System.getProperties();
-
-        Session session = Session.getDefaultInstance(props, null);
-
-        MimeMessage msg = new MimeMessage(session, new FileInputStream("compressed.message"));
-
-        SMIMECompressed     m = new SMIMECompressed(msg);
-
-        MimeBodyPart        res = SMIMEUtil.toMimeBodyPart(m.getContent());
-
-        System.out.println("Message Contents");
-        System.out.println("----------------");
-        System.out.println(res.getContent());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadEncryptedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadEncryptedMail.java
deleted file mode 100644
index a180994f9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadEncryptedMail.java
+++ /dev/null
@@ -1,94 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-import java.util.Properties;
-
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.mail.smime.SMIMEEnveloped;
-import org.bouncycastle.mail.smime.SMIMEUtil;
-
-/**
- * a simple example that reads an encrypted email.
- * 
    
- * The key store can be created using the class in
- * org.bouncycastle.jce.examples.PKCS12Example - the program expects only one
- * key to be present.
- */
-public class ReadEncryptedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        if (args.length != 2)
-        {
-            System.err.println("usage: ReadEncryptedMail pkcs12Keystore password");
-            System.exit(0);
-        }
-
-        //
-        // Open the key store
-        //
-        KeyStore    ks = KeyStore.getInstance("PKCS12", "BC");
-
-        ks.load(new FileInputStream(args[0]), args[1].toCharArray());
-
-        Enumeration e = ks.aliases();
-        String      keyAlias = null;
-
-        while (e.hasMoreElements())
-        {
-            String  alias = (String)e.nextElement();
-
-            if (ks.isKeyEntry(alias))
-            {
-                keyAlias = alias;
-            }
-        }
-
-        if (keyAlias == null)
-        {
-            System.err.println("can't find a private key!");
-            System.exit(0);
-        }
-
-        //
-        // find the certificate for the private key and generate a 
-        // suitable recipient identifier.
-        //
-        X509Certificate cert = (X509Certificate)ks.getCertificate(keyAlias);
-        RecipientId     recId = new JceKeyTransRecipientId(cert);
-
-        //
-        // Get a Session object with the default properties.
-        //         
-        Properties props = System.getProperties();
-
-        Session session = Session.getDefaultInstance(props, null);
-
-        MimeMessage msg = new MimeMessage(session, new FileInputStream("encrypted.message"));
-
-        SMIMEEnveloped       m = new SMIMEEnveloped(msg);
-
-        RecipientInformationStore   recipients = m.getRecipientInfos();
-        RecipientInformation        recipient = recipients.get(recId);
-
-        MimeBodyPart        res = SMIMEUtil.toMimeBodyPart(recipient.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey)ks.getKey(keyAlias, null)).setProvider("BC")));
-
-        System.out.println("Message Contents");
-        System.out.println("----------------");
-        System.out.println(res.getContent());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeCompressedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeCompressedMail.java
deleted file mode 100644
index 582a6a5a2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeCompressedMail.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.util.Properties;
-
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.mail.smime.SMIMECompressedParser;
-import org.bouncycastle.mail.smime.SMIMEUtil;
-import org.bouncycastle.mail.smime.util.SharedFileInputStream;
-
-/**
- * a simple example that reads an oversize compressed email and writes data contained
- * in the compressed part into a file.
- */
-public class ReadLargeCompressedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        //
-        // Get a Session object with the default properties.
-        //         
-        Properties props = System.getProperties();
-
-        Session session = Session.getDefaultInstance(props, null);
-
-        MimeMessage msg = new MimeMessage(session, new SharedFileInputStream("compressed.message"));
-
-        SMIMECompressedParser     m = new SMIMECompressedParser(msg);
-        MimeBodyPart              res = SMIMEUtil.toMimeBodyPart(m.getContent());
-
-        ExampleUtils.dumpContent(res, args[0]);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeEncryptedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeEncryptedMail.java
deleted file mode 100644
index 8389b443b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeEncryptedMail.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.Properties;
-
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.mail.smime.SMIMEEnvelopedParser;
-import org.bouncycastle.mail.smime.SMIMEUtil;
-import org.bouncycastle.mail.smime.util.SharedFileInputStream;
-
-/**
- * a simple example that reads an encrypted email using the large file model.
- * 
    
- * The key store can be created using the class in
- * org.bouncycastle.jce.examples.PKCS12Example - the program expects only one
- * key to be present.
- */
-public class ReadLargeEncryptedMail
-{
-    public static void main(
-        String args[])
-        throws Exception
-    {
-        if (args.length != 3)
-        {
-            System.err.println("usage: ReadLargeEncryptedMail pkcs12Keystore password outputFile");
-            System.exit(0);
-        }
-
-        //
-        // Open the key store
-        //
-        KeyStore    ks = KeyStore.getInstance("PKCS12", "BC");
-        String      keyAlias = ExampleUtils.findKeyAlias(ks, args[0], args[1].toCharArray());
-
-        //
-        // find the certificate for the private key and generate a 
-        // suitable recipient identifier.
-        //
-        X509Certificate cert = (X509Certificate)ks.getCertificate(keyAlias);
-        RecipientId     recId = new JceKeyTransRecipientId(cert);
-
-        //
-        // Get a Session object with the default properties.
-        //         
-        Properties props = System.getProperties();
-
-        Session session = Session.getDefaultInstance(props, null);
-
-        MimeMessage msg = new MimeMessage(session, new SharedFileInputStream("encrypted.message"));
-
-        SMIMEEnvelopedParser       m = new SMIMEEnvelopedParser(msg);
-
-        RecipientInformationStore   recipients = m.getRecipientInfos();
-        RecipientInformation        recipient = recipients.get(recId);
-
-        MimeBodyPart        res = SMIMEUtil.toMimeBodyPart(recipient.getContentStream(new JceKeyTransEnvelopedRecipient((PrivateKey)ks.getKey(keyAlias, null)).setProvider("BC")));
-
-        ExampleUtils.dumpContent(res, args[2]);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeSignedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeSignedMail.java
deleted file mode 100644
index 4ca20b7f8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadLargeSignedMail.java
+++ /dev/null
@@ -1,124 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.Properties;
-
-import javax.mail.Session;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.mail.smime.SMIMESignedParser;
-import org.bouncycastle.mail.smime.util.SharedFileInputStream;
-import org.bouncycastle.util.Store;
-
-/**
- * a simple example that reads a basic SMIME signed mail file.
- */
-public class ReadLargeSignedMail
-{
-    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
-    /**
-     * verify the signature (assuming the cert is contained in the message)
-     */
-    private static void verify(
-        SMIMESignedParser s)
-        throws Exception
-    {
-        //
-        // extract the information to verify the signatures.
-        //
-
-        //
-        // certificates and crls passed in the signature - this must happen before
-        // s.getSignerInfos()
-        //
-        Store certs = s.getCertificates();
-
-        //
-        // SignerInfo blocks which contain the signatures
-        //
-        SignerInformationStore  signers = s.getSignerInfos();
-
-        Collection              c = signers.getSigners();
-        Iterator                it = c.iterator();
-
-        //
-        // check each signer
-        //
-        while (it.hasNext())
-        {
-            SignerInformation   signer = (SignerInformation)it.next();
-            Collection          certCollection = certs.getMatches(signer.getSID());
-
-            Iterator        certIt = certCollection.iterator();
-            X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate((X509CertificateHolder)certIt.next());
-
-
-            //
-            // verify that the sig is correct and that it was generated
-            // when the certificate was current
-            //
-            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)))
-            {
-                System.out.println("signature verified");
-            }
-            else
-            {
-                System.out.println("signature failed!");
-            }
-        }
-    }
-
-    public static void main(
-        String[]    args)
-        throws Exception
-    {
-        //
-        // Get a Session object with the default properties.
-        //         
-        Properties props = System.getProperties();
-
-        Session session = Session.getDefaultInstance(props, null);
-
-        MimeMessage msg = new MimeMessage(session, new SharedFileInputStream("signed.message"));
-
-        //
-        // make sure this was a multipart/signed message - there should be
-        // two parts as we have one part for the content that was signed and
-        // one part for the actual signature.
-        //
-        if (msg.isMimeType("multipart/signed"))
-        {
-            SMIMESignedParser             s = new SMIMESignedParser(
-                                            (MimeMultipart)msg.getContent());
-
-            System.out.println("Status:");
-
-            verify(s);
-        }
-        else if (msg.isMimeType("application/pkcs7-mime"))
-        {
-            //
-            // in this case the content is wrapped in the signature block.
-            //
-            SMIMESignedParser       s = new SMIMESignedParser(msg);
-
-            System.out.println("Status:");
-
-            verify(s);
-        }
-        else
-        {
-            System.err.println("Not a signed message!");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadSignedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadSignedMail.java
deleted file mode 100644
index 370106d96..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/ReadSignedMail.java
+++ /dev/null
@@ -1,176 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.FileInputStream;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.Properties;
-
-import javax.mail.BodyPart;
-import javax.mail.Multipart;
-import javax.mail.Session;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.mail.smime.SMIMESigned;
-import org.bouncycastle.util.Store;
-
-/**
- * a simple example that reads a basic SMIME signed mail file.
- */
-public class ReadSignedMail
-{
-    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
-    /**
-     * verify the signature (assuming the cert is contained in the message)
-     */
-    private static void verify(
-        SMIMESigned s)
-        throws Exception
-    {
-        //
-        // extract the information to verify the signatures.
-        //
-
-        //
-        // certificates and crls passed in the signature
-        //
-        Store certs = s.getCertificates();
-
-        //
-        // SignerInfo blocks which contain the signatures
-        //
-        SignerInformationStore  signers = s.getSignerInfos();
-
-        Collection              c = signers.getSigners();
-        Iterator                it = c.iterator();
-
-        //
-        // check each signer
-        //
-        while (it.hasNext())
-        {
-            SignerInformation   signer = (SignerInformation)it.next();
-            Collection          certCollection = certs.getMatches(signer.getSID());
-
-            Iterator        certIt = certCollection.iterator();
-            X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate((X509CertificateHolder)certIt.next());
-
-            //
-            // verify that the sig is correct and that it was generated
-            // when the certificate was current
-            //
-            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)))
-            {
-                System.out.println("signature verified");
-            }
-            else
-            {
-                System.out.println("signature failed!");
-            }
-        }
-    }
-
-    public static void main(
-        String[]    args)
-        throws Exception
-    {
-        //
-        // Get a Session object with the default properties.
-        //         
-        Properties props = System.getProperties();
-
-        Session session = Session.getDefaultInstance(props, null);
-
-        MimeMessage msg = new MimeMessage(session, new FileInputStream("signed.message"));
-
-        //
-        // make sure this was a multipart/signed message - there should be
-        // two parts as we have one part for the content that was signed and
-        // one part for the actual signature.
-        //
-        if (msg.isMimeType("multipart/signed"))
-        {
-            SMIMESigned             s = new SMIMESigned(
-                                            (MimeMultipart)msg.getContent());
-
-            //
-            // extract the content
-            //
-            MimeBodyPart            content = s.getContent();
-
-            System.out.println("Content:");
-
-            Object  cont = content.getContent();
-
-            if (cont instanceof String)
-            {
-                System.out.println((String)cont);
-            }
-            else if (cont instanceof Multipart)
-            {
-                Multipart   mp = (Multipart)cont;
-                int count = mp.getCount();
-                for (int i = 0; i < count; i++)
-                {
-                    BodyPart    m = mp.getBodyPart(i);
-                    Object      part = m.getContent();
-
-                    System.out.println("Part " + i);
-                    System.out.println("---------------------------");
-
-                    if (part instanceof String)
-                    {
-                        System.out.println((String)part);
-                    }
-                    else
-                    {
-                        System.out.println("can't print...");
-                    }
-                }
-            }
-
-            System.out.println("Status:");
-
-            verify(s);
-        }
-        else if (msg.isMimeType("application/pkcs7-mime")
-                || msg.isMimeType("application/x-pkcs7-mime"))
-        {
-            //
-            // in this case the content is wrapped in the signature block.
-            //
-            SMIMESigned             s = new SMIMESigned(msg);
-
-            //
-            // extract the content
-            //
-            MimeBodyPart            content = s.getContent();
-
-            System.out.println("Content:");
-
-            Object  cont = content.getContent();
-
-            if (cont instanceof String)
-            {
-                System.out.println((String)cont);
-            }
-
-            System.out.println("Status:");
-
-            verify(s);
-        }
-        else
-        {
-            System.err.println("Not a signed message!");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/SendSignedAndEncryptedMail.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/SendSignedAndEncryptedMail.java
deleted file mode 100644
index 8822bafc1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/SendSignedAndEncryptedMail.java
+++ /dev/null
@@ -1,192 +0,0 @@
-package org.bouncycastle.mail.smime.examples;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Properties;
-
-import javax.activation.CommandMap;
-import javax.activation.MailcapCommandMap;
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.Transport;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
-import org.bouncycastle.asn1.smime.SMIMECapability;
-import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
-import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
-import org.bouncycastle.mail.smime.SMIMEException;
-import org.bouncycastle.mail.smime.SMIMESignedGenerator;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.Strings;
-
-/**
- * Example that sends a signed and encrypted mail message.
- */
-public class SendSignedAndEncryptedMail
-{
-    public static void main(String args[])
-    {
-        if (args.length != 5)
-        {
-            System.err
-                    .println("usage: SendSignedAndEncryptedMail     ");
-            System.exit(0);
-        }
-
-        try
-        {
-            MailcapCommandMap mailcap = (MailcapCommandMap)CommandMap
-                    .getDefaultCommandMap();
-
-            mailcap
-                    .addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
-            mailcap
-                    .addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
-            mailcap
-                    .addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
-            mailcap
-                    .addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
-            mailcap
-                    .addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
-
-            CommandMap.setDefaultCommandMap(mailcap);
-
-            /* Add BC */
-            Security.addProvider(new BouncyCastleProvider());
-
-            /* Open the keystore */
-            KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
-            keystore.load(new FileInputStream(args[0]), args[1].toCharArray());
-            Certificate[] chain = keystore.getCertificateChain(args[2]);
-
-            /* Get the private key to sign the message with */
-            PrivateKey privateKey = (PrivateKey)keystore.getKey(args[2],
-                    args[1].toCharArray());
-            if (privateKey == null)
-            {
-                throw new Exception("cannot find private key for alias: "
-                        + args[2]);
-            }
-
-            /* Create the message to sign and encrypt */
-            Properties props = System.getProperties();
-            props.put("mail.smtp.host", args[3]);
-            Session session = Session.getDefaultInstance(props, null);
-
-            MimeMessage body = new MimeMessage(session);
-            body.setFrom(new InternetAddress(args[4]));
-            body.setRecipient(Message.RecipientType.TO, new InternetAddress(
-                    args[4]));
-            body.setSubject("example encrypted message");
-            body.setContent("example encrypted message", "text/plain");
-            body.saveChanges();
-
-            /* Create the SMIMESignedGenerator */
-            SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
-            capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
-            capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
-            capabilities.addCapability(SMIMECapability.dES_CBC);
-
-            ASN1EncodableVector attributes = new ASN1EncodableVector();
-            attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(
-                    new IssuerAndSerialNumber(
-                            new X500Name(((X509Certificate)chain[0])
-                                    .getIssuerDN().getName()),
-                            ((X509Certificate)chain[0]).getSerialNumber())));
-            attributes.add(new SMIMECapabilitiesAttribute(capabilities));
-
-            SMIMESignedGenerator signer = new SMIMESignedGenerator();
-            signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setSignedAttributeGenerator(new AttributeTable(attributes)).build("DSA".equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withDSA", privateKey, (X509Certificate)chain[0]));
-
-
-            /* Add the list of certs to the generator */
-            List certList = new ArrayList();
-            certList.add(chain[0]);
-            Store certs = new JcaCertStore(certList);
-            signer.addCertificates(certs);
-
-            /* Sign the message */
-            MimeMultipart mm = signer.generate(body, "BC");
-            MimeMessage signedMessage = new MimeMessage(session);
-
-            /* Set all original MIME headers in the signed message */
-            Enumeration headers = body.getAllHeaderLines();
-            while (headers.hasMoreElements())
-            {
-                signedMessage.addHeaderLine((String)headers.nextElement());
-            }
-
-            /* Set the content of the signed message */
-            signedMessage.setContent(mm);
-            signedMessage.saveChanges();
-
-            /* Create the encrypter */
-            SMIMEEnvelopedGenerator encrypter = new SMIMEEnvelopedGenerator();
-            encrypter.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator((X509Certificate)chain[0]).setProvider("BC"));
-
-            /* Encrypt the message */
-            MimeBodyPart encryptedPart = encrypter.generate(signedMessage,
-                    new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC).setProvider("BC").build());
-
-            /*
-             * Create a new MimeMessage that contains the encrypted and signed
-             * content
-             */
-            ByteArrayOutputStream out = new ByteArrayOutputStream();
-            encryptedPart.writeTo(out);
-
-            MimeMessage encryptedMessage = new MimeMessage(session,
-                    new ByteArrayInputStream(out.toByteArray()));
-
-            /* Set all original MIME headers in the encrypted message */
-            headers = body.getAllHeaderLines();
-            while (headers.hasMoreElements())
-            {
-                String headerLine = (String)headers.nextElement();
-                /*
-                 * Make sure not to override any content-* headers from the
-                 * original message
-                 */
-                if (!Strings.toLowerCase(headerLine).startsWith("content-"))
-                {
-                    encryptedMessage.addHeaderLine(headerLine);
-                }
-            }
-
-            Transport.send(encryptedMessage);
-        }
-        catch (SMIMEException ex)
-        {
-            ex.getUnderlyingException().printStackTrace(System.err);
-            ex.printStackTrace(System.err);
-        }
-        catch (Exception ex)
-        {
-            ex.printStackTrace(System.err);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/package.html
deleted file mode 100644
index 72cc96d60..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/examples/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Example code demonstrating the use of the S/MIME package for a variety of uses.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/PKCS7ContentHandler.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/PKCS7ContentHandler.java
deleted file mode 100644
index d3db7fd6e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/PKCS7ContentHandler.java
+++ /dev/null
@@ -1,110 +0,0 @@
-package org.bouncycastle.mail.smime.handlers;
-
-import java.awt.datatransfer.DataFlavor;
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import javax.activation.ActivationDataFlavor;
-import javax.activation.DataContentHandler;
-import javax.activation.DataSource;
-import javax.mail.MessagingException;
-import javax.mail.internet.MimeBodyPart;
-
-import org.bouncycastle.mail.smime.SMIMEStreamingProcessor;
-
-public class PKCS7ContentHandler 
-    implements DataContentHandler 
-{
-    private final ActivationDataFlavor _adf;
-    private final DataFlavor[]         _dfs;
-    
-    PKCS7ContentHandler(
-        ActivationDataFlavor adf,
-        DataFlavor[]         dfs)
-    {
-        _adf = adf;
-        _dfs = dfs;
-    }
-
-    public Object getContent(
-        DataSource ds)
-        throws IOException
-    {
-        return ds.getInputStream();
-    }
-    
-    public Object getTransferData(
-        DataFlavor df, 
-        DataSource ds) 
-        throws IOException 
-    { 
-        if (_adf.equals(df))
-        {
-            return getContent(ds);
-        }
-        else 
-        {
-            return null;
-        }
-    }
-    
-    public DataFlavor[] getTransferDataFlavors() 
-    {
-        return _dfs;
-    }
-    
-    public void writeTo(
-        Object obj, 
-        String mimeType,
-        OutputStream os) 
-        throws IOException 
-    {
-        if (obj instanceof MimeBodyPart) 
-        {
-            try 
-            {
-                ((MimeBodyPart)obj).writeTo(os);
-            }
-            catch (MessagingException ex)
-            {
-                throw new IOException(ex.getMessage());
-            }
-        }
-        else if (obj instanceof byte[]) 
-        {
-            os.write((byte[])obj);
-        }
-        else if (obj instanceof InputStream)
-        {
-            int         b;
-            InputStream in = (InputStream)obj;
-            
-            if (!(in instanceof BufferedInputStream))
-            {
-                in = new BufferedInputStream(in);
-            }
-
-            while ((b = in.read()) >= 0)
-            {
-                os.write(b);
-            }
-        }
-        else if (obj instanceof SMIMEStreamingProcessor)
-        {
-            SMIMEStreamingProcessor processor = (SMIMEStreamingProcessor)obj;
-
-            processor.write(os);
-        }
-        else
-        {
-            // TODO it would be even nicer if we could attach the object to the exception
-            //     as well since in deeply nested messages, it is not always clear which
-            //     part caused the problem. Thus I guess we would have to subclass the
-            //     IOException
-
-            throw new IOException("unknown object in writeTo " + obj);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/multipart_signed.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/multipart_signed.java
deleted file mode 100644
index dd5ef193a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/multipart_signed.java
+++ /dev/null
@@ -1,280 +0,0 @@
-package org.bouncycastle.mail.smime.handlers;
-
-import org.bouncycastle.mail.smime.SMIMEStreamingProcessor;
-
-import javax.activation.ActivationDataFlavor;
-import javax.activation.DataContentHandler;
-import javax.activation.DataSource;
-import javax.mail.MessagingException;
-import javax.mail.Multipart;
-import javax.mail.internet.ContentType;
-import javax.mail.internet.MimeBodyPart;
-import javax.mail.internet.MimeMultipart;
-import java.awt.datatransfer.DataFlavor;
-import java.io.BufferedInputStream;
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Enumeration;
-
-public class multipart_signed 
-    implements DataContentHandler 
-{
-    private static final ActivationDataFlavor ADF = new ActivationDataFlavor(MimeMultipart.class, "multipart/signed", "Multipart Signed");
-    private static final DataFlavor[]         DFS = new DataFlavor[] { ADF };
-    
-    public Object getContent(DataSource ds) 
-        throws IOException 
-    {
-        try
-        {
-            return new MimeMultipart(ds);
-        }
-        catch (MessagingException ex)
-        {
-            return null;
-        }
-    }
-    
-    public Object getTransferData(DataFlavor df, DataSource ds) 
-        throws IOException 
-    {    
-        if (ADF.equals(df))
-        {
-            return getContent(ds);
-        }
-        else
-        {
-            return null;
-        }
-    }
-    
-    public DataFlavor[] getTransferDataFlavors() 
-    {
-        return DFS;
-    }
-    
-    public void writeTo(Object obj, String _mimeType, OutputStream os) 
-        throws IOException
-    {
-        
-        if (obj instanceof MimeMultipart)
-        {
-            try
-            {
-                outputBodyPart(os, obj);
-            }
-            catch (MessagingException ex)
-            {
-                throw new IOException(ex.getMessage());
-            }
-        }
-        else if(obj instanceof byte[])
-        {
-            os.write((byte[])obj);
-        }
-        else if (obj instanceof InputStream)
-        {
-            int         b;
-            InputStream in = (InputStream)obj;
-            
-            if (!(in instanceof BufferedInputStream))
-            {
-                in = new BufferedInputStream(in);
-            }
-
-            while ((b = in.read()) >= 0)
-            {
-                os.write(b);
-            }
-        }
-        else if (obj instanceof SMIMEStreamingProcessor)
-        {
-            SMIMEStreamingProcessor processor = (SMIMEStreamingProcessor)obj;
-
-            processor.write(os);
-        }
-        else
-        {
-            throw new IOException("unknown object in writeTo " + obj);
-        }
-    }
-
-    /*
-     * Output the mulitpart as a collection of leaves to make sure preamble text is not included.
-     */
-    private void outputBodyPart(
-        OutputStream out,
-        Object bodyPart)
-        throws MessagingException, IOException
-    {
-        if (bodyPart instanceof Multipart)
-        {
-            Multipart mp = (Multipart)bodyPart;
-            ContentType contentType = new ContentType(mp.getContentType());
-            String boundary = "--" + contentType.getParameter("boundary");
-
-            LineOutputStream lOut = new LineOutputStream(out);
-
-            for (int i = 0; i < mp.getCount(); i++)
-            {
-                lOut.writeln(boundary);
-                outputBodyPart(out, mp.getBodyPart(i));
-                lOut.writeln();       // CRLF terminator
-            }
-
-            lOut.writeln(boundary + "--");
-            return;
-        }
-
-        MimeBodyPart    mimePart = (MimeBodyPart)bodyPart;
-
-        if (mimePart.getContent() instanceof Multipart)
-        {
-            Multipart mp = (Multipart)mimePart.getContent();
-            ContentType contentType = new ContentType(mp.getContentType());
-            String boundary = "--" + contentType.getParameter("boundary");
-
-            LineOutputStream lOut = new LineOutputStream(out);
-
-            Enumeration headers = mimePart.getAllHeaderLines();
-            while (headers.hasMoreElements())
-            {
-                lOut.writeln((String)headers.nextElement());
-            }
-
-            lOut.writeln();      // CRLF separator
-
-            outputPreamble(lOut, mimePart, boundary);
-
-            outputBodyPart(out, mp);
-            return;
-        }
-
-        mimePart.writeTo(out);
-    }
-
-    /**
-     * internal preamble is generally included in signatures, while this is technically wrong,
-     * if we find internal preamble we include it by default.
-     */
-    static void outputPreamble(LineOutputStream lOut, MimeBodyPart part, String boundary)
-        throws MessagingException, IOException
-    {
-        InputStream in;
-
-        try
-        {
-            in = part.getRawInputStream();
-        }
-        catch (MessagingException e)
-        {
-            return;            // no underlying content, rely on default generation
-        }
-
-        String line;
-
-        while ((line = readLine(in)) != null)
-        {
-            if (line.equals(boundary))
-            {
-                break;
-            }
-
-            lOut.writeln(line);
-        }
-
-        in.close();
-
-        if (line == null)
-        {
-            throw new MessagingException("no boundary found");
-        }
-    }
-
-    /*
-     * read a line of input stripping of the tailing \r\n
-     */
-    private static String readLine(InputStream in)
-        throws IOException
-    {
-        StringBuffer b = new StringBuffer();
-
-        int ch;
-        while ((ch = in.read()) >= 0 && ch != '\n')
-        {
-            if (ch != '\r')
-            {
-                b.append((char)ch);
-            }
-        }
-
-        if (ch < 0)
-        {
-            return null;
-        }
-
-        return b.toString();
-    }
-
-    private static class LineOutputStream extends FilterOutputStream
-    {
-        private static byte newline[];
-
-        public LineOutputStream(OutputStream outputstream)
-        {
-            super(outputstream);
-        }
-
-        public void writeln(String s)
-            throws MessagingException
-        {
-            try
-            {
-                byte abyte0[] = getBytes(s);
-                super.out.write(abyte0);
-                super.out.write(newline);
-            }
-            catch(Exception exception)
-            {
-                throw new MessagingException("IOException", exception);
-            }
-        }
-
-        public void writeln()
-            throws MessagingException
-        {
-            try
-            {
-                super.out.write(newline);
-            }
-            catch(Exception exception)
-            {
-                throw new MessagingException("IOException", exception);
-            }
-        }
-
-        static
-        {
-            newline = new byte[2];
-            newline[0] = 13;
-            newline[1] = 10;
-        }
-
-        private static byte[] getBytes(String s)
-        {
-            char ac[] = s.toCharArray();
-            int i = ac.length;
-            byte abyte0[] = new byte[i];
-            int j = 0;
-
-            while (j < i)
-            {
-                abyte0[j] = (byte)ac[j++];
-            }
-
-            return abyte0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/package.html
deleted file mode 100644
index 3d9f9829e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-S/MIME handlers for the JavaMail API.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_mime.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_mime.java
deleted file mode 100644
index abdf1251e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_mime.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.mail.smime.handlers;
-
-import java.awt.datatransfer.DataFlavor;
-
-import javax.activation.ActivationDataFlavor;
-import javax.mail.internet.MimeBodyPart;
-
-public class pkcs7_mime 
-    extends PKCS7ContentHandler
-{
-    private static final ActivationDataFlavor ADF = new ActivationDataFlavor(MimeBodyPart.class, "application/pkcs7-mime", "Encrypted Data");
-    private static final DataFlavor[]         DFS = new DataFlavor[] { ADF };
-    
-    public pkcs7_mime()
-    {
-        super(ADF, DFS);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_signature.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_signature.java
deleted file mode 100644
index 0c669508f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/pkcs7_signature.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.mail.smime.handlers;
-
-import java.awt.datatransfer.DataFlavor;
-
-import javax.activation.ActivationDataFlavor;
-import javax.mail.internet.MimeBodyPart;
-
-public class pkcs7_signature
-    extends PKCS7ContentHandler
-{
-    private static final ActivationDataFlavor ADF = new ActivationDataFlavor(MimeBodyPart.class, "application/pkcs7-signature", "Signature");
-    private static final DataFlavor[]         DFS = new DataFlavor[] { ADF };
-    
-    public pkcs7_signature()
-    {
-        super(ADF, DFS);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_mime.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_mime.java
deleted file mode 100644
index 7e28f281d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_mime.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.mail.smime.handlers;
-
-import java.awt.datatransfer.DataFlavor;
-
-import javax.activation.ActivationDataFlavor;
-import javax.mail.internet.MimeBodyPart;
-
-public class x_pkcs7_mime 
-    extends PKCS7ContentHandler
-{
-    private static final ActivationDataFlavor ADF = new ActivationDataFlavor(MimeBodyPart.class, "application/x-pkcs7-mime", "Encrypted Data");
-    private static final DataFlavor[]         DFS = new DataFlavor[] { ADF };
-    
-    public x_pkcs7_mime()
-    {
-        super(ADF, DFS);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_signature.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_signature.java
deleted file mode 100644
index a58fd5310..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/handlers/x_pkcs7_signature.java
+++ /dev/null
@@ -1,90 +0,0 @@
-package org.bouncycastle.mail.smime.handlers;
-
-import java.awt.datatransfer.DataFlavor;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import javax.activation.ActivationDataFlavor;
-import javax.activation.DataContentHandler;
-import javax.activation.DataSource;
-import javax.mail.MessagingException;
-import javax.mail.internet.MimeBodyPart;
-
-public class x_pkcs7_signature 
-    implements DataContentHandler 
-{
-    
-    /*  
-     *  
-     *  VARIABLES
-     *  
-     */ 
-    
-    private static final ActivationDataFlavor ADF;
-    private static final DataFlavor[]         ADFs;
-    
-    static 
-    {
-        ADF  = new ActivationDataFlavor(MimeBodyPart.class, "application/x-pkcs7-signature", "Signature");
-        ADFs = new DataFlavor[] { ADF };
-    }
-    
-    public Object getContent(DataSource _ds) 
-        throws IOException 
-    {
-        return _ds.getInputStream();
-    }
-    
-    public Object getTransferData(DataFlavor _df, DataSource _ds) 
-        throws IOException 
-    {    
-        if (ADF.equals(_df)) 
-        {
-            return getContent(_ds);
-        }
-        else 
-        {
-            return null;
-        }
-    }
-    
-    public DataFlavor[] getTransferDataFlavors() 
-    {
-        return ADFs;
-    }
-    
-    public void writeTo(Object _obj, String _mimeType, OutputStream _os) 
-        throws IOException 
-    {
-        if (_obj instanceof MimeBodyPart) 
-        {
-            try 
-            {
-                ((MimeBodyPart)_obj).writeTo(_os);
-            } 
-            catch (MessagingException ex) 
-            {
-                throw new IOException(ex.getMessage());
-            }
-        }
-        else if (_obj instanceof byte[]) 
-        {
-            _os.write((byte[])_obj);
-        }
-        else if (_obj instanceof InputStream)
-        {
-            int            b;
-            InputStream    in = (InputStream)_obj;
-
-            while ((b = in.read()) >= 0)
-            {
-                _os.write(b);
-            }
-        }
-        else
-        {
-            throw new IOException("unknown object in writeTo " + _obj);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/package.html
deleted file mode 100644
index deb20339f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/package.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-High level classes for dealing with S/MIME objects (RFC 3851).
-
    
-There is one thing that is worth commenting about with these. If you're using
-AS2 on some other standard which specifies a different default content transfer encoding from RFC 2405, make
-sure you use the constructors on SMIMESigned and SMIMESignedGenerator that allow you to
-set the default ("binary" in the case of AS2 as opposed to "bit7" which is the default).
-
    
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/CRLFOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/CRLFOutputStream.java
deleted file mode 100644
index b11583d0d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/CRLFOutputStream.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.bouncycastle.mail.smime.util;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class CRLFOutputStream extends FilterOutputStream
-{
-    protected int lastb;
-    protected static byte newline[];
-
-    public CRLFOutputStream(OutputStream outputstream)
-    {
-        super(outputstream);
-        lastb = -1;
-    }
-
-    public void write(int i)
-        throws IOException
-    {
-        if (i == '\r')
-        {
-            out.write(newline);
-        }
-        else if (i == '\n')
-        {
-            if (lastb != '\r')
-            {
-                out.write(newline);
-            }
-        }
-        else
-        {
-           out.write(i);
-        }
-        
-        lastb = i;
-    }
-
-    public void write(byte[] buf)
-        throws IOException
-    {
-        this.write(buf, 0, buf.length);
-    }
-
-    public void write(byte buf[], int off, int len)
-        throws IOException
-    {
-        for (int i = off; i != off + len; i++)
-        {
-            this.write(buf[i]);
-        }
-    }
-
-    public void writeln()
-        throws IOException
-    {
-        super.out.write(newline);
-    }
-
-    static 
-    {
-        newline = new byte[2];
-        newline[0] = '\r';
-        newline[1] = '\n';
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/FileBackedMimeBodyPart.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/FileBackedMimeBodyPart.java
deleted file mode 100644
index 6bae91c9e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/FileBackedMimeBodyPart.java
+++ /dev/null
@@ -1,162 +0,0 @@
-package org.bouncycastle.mail.smime.util;
-
-import javax.mail.MessagingException;
-import javax.mail.internet.InternetHeaders;
-import javax.mail.internet.MimeBodyPart;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Enumeration;
-
-public class FileBackedMimeBodyPart 
-    extends MimeBodyPart
-{
-    private static final int BUF_SIZE = 32760;
-
-    private final File _file;
-
-    /**
-     * Create a MimeBodyPart backed by the data in file.
-     *
-     * @param file file containing the body part.
-     * @throws MessagingException an exception occurs parsing file.
-     * @throws IOException an exception occurs accessing file.
-     */
-    public FileBackedMimeBodyPart(
-        File file)
-        throws MessagingException, IOException
-    {
-        super(new SharedFileInputStream(file));
-
-        _file = file;
-    }
-
-    /**
-     * Create a MimeBodyPart backed by file based on the headers and
-     * content data in content.
-     *
-     * @param content an inputstream containing the body part.
-     * @param file a handle to the backing file to use for storage.
-     * @throws MessagingException an exception occurs parsing the resulting body part in file.
-     * @throws IOException an exception occurs accessing file or content.
-     */
-    public FileBackedMimeBodyPart(
-        InputStream content,
-        File file)
-        throws MessagingException, IOException
-    {
-        this(saveStreamToFile(content, file));
-    }
-
-    /**
-     * Create a MimeBodyPart backed by file, with the headers
-     * given in headers and body content taken from the stream body.
-     *
-     * @param headers headers for the body part.
-     * @param body internal content for the body part.
-     * @param file backing file to use.
-     *
-     * @throws MessagingException if the body part can't be produced.
-     * @throws IOException if there is an issue reading stream or writing to file.
-     */
-    public FileBackedMimeBodyPart(
-        InternetHeaders headers,
-        InputStream body,
-        File file)
-        throws MessagingException, IOException
-    {
-        this(saveStreamToFile(headers, body, file));
-    }
-
-    public void writeTo(
-        OutputStream out)
-        throws IOException, MessagingException
-    {
-        if (!_file.exists())
-        {
-            throw new IOException("file " + _file.getCanonicalPath() + " no longer exists.");
-        }
-
-        super.writeTo(out);
-    }
-
-    /**
-     * Close off the underlying shared streams and remove the backing file.
-     *
-     * @throws IOException if streams cannot be closed or the file cannot be deleted.
-     */
-    public void dispose() 
-        throws IOException
-    {
-        ((SharedFileInputStream)contentStream).getRoot().dispose();
-        
-        if (_file.exists() && !_file.delete())
-        {
-            throw new IOException("deletion of underlying file <" + _file.getCanonicalPath() + "> failed.");
-        }
-    }
-
-    private static File saveStreamToFile(InputStream content, File tempFile)
-        throws IOException
-    {
-        saveContentToStream(new FileOutputStream(tempFile), content);
-
-        return tempFile;
-    }
-
-    private static File saveStreamToFile(InternetHeaders headers, InputStream content, File tempFile)
-        throws IOException
-    {
-        OutputStream out = new FileOutputStream(tempFile);
-        Enumeration en = headers.getAllHeaderLines();
-
-        while (en.hasMoreElements())
-        {
-            writeHeader(out, (String)en.nextElement());
-        }
-
-        writeSeperator(out);
-
-        saveContentToStream(out, content);
-
-        return tempFile;
-    }
-
-
-    private static void writeHeader(OutputStream out, String header)
-        throws IOException
-    {
-        for (int i = 0; i != header.length(); i++)
-        {
-            out.write(header.charAt(i));
-        }
-
-        writeSeperator(out);
-    }
-
-     private static void writeSeperator(OutputStream out)
-         throws IOException
-     {
-         out.write('\r');
-         out.write('\n');
-     }
-
-     private static void saveContentToStream(
-        OutputStream out,
-        InputStream content)
-        throws IOException
-    {
-        byte[] buf = new byte[BUF_SIZE];
-        int    len;
-
-        while ((len = content.read(buf, 0, buf.length)) > 0)
-        {
-            out.write(buf, 0, len);
-        }
-
-        out.close();
-        content.close();
-    }
- }
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/SharedFileInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/SharedFileInputStream.java
deleted file mode 100644
index 97cfd9c03..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/util/SharedFileInputStream.java
+++ /dev/null
@@ -1,241 +0,0 @@
-package org.bouncycastle.mail.smime.util;
-
-import javax.mail.internet.SharedInputStream;
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-public class SharedFileInputStream 
-    extends FilterInputStream
-    implements SharedInputStream
-{
-    private final SharedFileInputStream _parent;
-    private final File                  _file;
-    private final long                  _start;
-    private final long                  _length;
-    
-    private long _position;
-    private long _markedPosition;
-
-    private List _subStreams = new LinkedList();
-    
-    public SharedFileInputStream(
-        String fileName) 
-        throws IOException
-    {
-        this(new File(fileName));
-    }
-    
-    public SharedFileInputStream(
-        File file) 
-        throws IOException
-    {
-        this(file, 0, file.length());
-    }
-    
-    private SharedFileInputStream(
-        File file,
-        long start,
-        long length)
-        throws IOException
-    {
-        super(new BufferedInputStream(new FileInputStream(file)));
-
-        _parent = null;
-        _file = file;
-        _start = start;
-        _length = length;
-        
-        in.skip(start);
-    }
-
-    private SharedFileInputStream(
-        SharedFileInputStream parent,
-        long start,
-        long length)
-        throws IOException
-    {
-        super(new BufferedInputStream(new FileInputStream(parent._file)));
-
-        _parent = parent;
-        _file = parent._file;
-        _start = start;
-        _length = length;
-
-        in.skip(start);
-    }
-
-    public long getPosition()
-    {
-        return _position;
-    }
-
-    public InputStream newStream(long start, long finish)
-    {
-        try
-        {
-            SharedFileInputStream stream;
-            
-            if (finish < 0)
-            {
-                if (_length > 0)
-                {
-                    stream = new SharedFileInputStream(this, _start + start, _length - start);
-                }
-                else if (_length == 0)
-                {
-                    stream = new SharedFileInputStream(this, _start + start, 0);
-                }
-                else
-                {
-                    stream = new SharedFileInputStream(this, _start + start, -1);
-                }
-            }
-            else
-            {
-                stream = new SharedFileInputStream(this, _start + start, finish - start);
-            }
-            
-            _subStreams.add(stream);
-            
-            return stream;
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("unable to create shared stream: " + e);
-        }
-    }
-    
-    public int read(
-        byte[] buf) 
-        throws IOException
-    {
-        return this.read(buf, 0, buf.length);
-    }
-    
-    public int read(
-        byte[] buf, 
-        int off, 
-        int len) 
-        throws IOException
-    {
-        int count = 0;
-        
-        if (len == 0)
-        {
-            return 0;
-        }
-        
-        while (count < len)
-        {
-            int ch = this.read();
-            
-            if (ch < 0)
-            {
-                break;
-            }
-            
-            buf[off + count] = (byte)ch;
-            count++;
-        }
-        
-        if (count == 0)
-        {
-            return -1;  // EOF
-        }
-        
-        return count;
-    }
-    
-    public int read() 
-        throws IOException
-    {
-        if (_position == _length)
-        {
-            return -1;
-        }
-
-        _position++;
-        return in.read();
-    }
-    
-    public boolean markSupported()
-    {
-        return true;
-    }
-
-    public long skip(long n)
-        throws IOException
-    {
-        long count;
-
-        for (count = 0; count != n; count++)
-        {
-            if (this.read() < 0)
-            {
-                break;
-            }
-        }
-
-        return count;
-    }
-
-    public void mark(
-        int readLimit)
-    {
-        _markedPosition = _position;
-        in.mark(readLimit);
-    }
-    
-    public void reset() 
-        throws IOException
-    {
-        _position = _markedPosition;
-        in.reset();
-    }
-
-    /**
-     * Return the shared stream that represents the top most stream that
-     * this stream inherits from.
-     * @return  the base of the shared stream tree.
-     */
-    public SharedFileInputStream getRoot()
-    {
-        if (_parent != null)
-        {
-            return _parent.getRoot();
-        }
-
-        return this;
-    }
-
-    /**
-     * Close of this stream and any substreams that have been created from it.
-     * @throws IOException on problem closing the main stream.
-     */
-    public void dispose() 
-        throws IOException 
-    {
-        Iterator it = _subStreams.iterator();
-        
-        while (it.hasNext())
-        {
-            try
-            {
-                ((SharedFileInputStream)it.next()).dispose();
-            }
-            catch (IOException e)
-            {
-                // ignore
-            }
-        }
-
-        in.close();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java
deleted file mode 100644
index b2282a498..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java
+++ /dev/null
@@ -1,953 +0,0 @@
-package org.bouncycastle.mail.smime.validator;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.PublicKey;
-import java.security.cert.CertPath;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.PKIXParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.mail.Address;
-import javax.mail.MessagingException;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeMessage;
-import javax.mail.internet.MimeMultipart;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.Time;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.i18n.ErrorBundle;
-import org.bouncycastle.i18n.filter.TrustedInput;
-import org.bouncycastle.i18n.filter.UntrustedInput;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.mail.smime.SMIMESigned;
-import org.bouncycastle.x509.CertPathReviewerException;
-import org.bouncycastle.x509.PKIXCertPathReviewer;
-
-public class SignedMailValidator
-{
-    private static final String RESOURCE_NAME = "org.bouncycastle.mail.smime.validator.SignedMailValidatorMessages";
-    
-    private static final Class DEFAULT_CERT_PATH_REVIEWER = PKIXCertPathReviewer.class;
-
-    private static final String EXT_KEY_USAGE = X509Extensions.ExtendedKeyUsage
-            .getId();
-
-    private static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName
-            .getId();
-
-    private static final int shortKeyLength = 512;
-    
-    // (365.25*30)*24*3600*1000
-    private static final long THIRTY_YEARS_IN_MILLI_SEC = 21915l*12l*3600l*1000l;
-
-    private CertStore certs;
-
-    private SignerInformationStore signers;
-
-    private Map results;
-
-    private String[] fromAddresses;
-    
-    private Class certPathReviewerClass;
-
-    /**
-     * Validates the signed {@link MimeMessage} message. The
-     * {@link PKIXParameters} from param are used for the certificate path
-     * validation. The actual PKIXParameters used for the certificate path
-     * validation is a copy of param with the followin changes: 
     - The
-     * validation date is changed to the signature time 
     - A CertStore with
-     * certificates and crls from the mail message is added to the CertStores.
    
-     * 
    
-     * In param it's also possible to add additional CertStores
-     * with intermediate Certificates and/or CRLs which then are also used for
-     * the validation.
-     * 
-     * @param message
-     *            the signed MimeMessage
-     * @param param
-     *            the parameters for the certificate path validation 
-     * @throws SignedMailValidatorException
-     *             if the message is no signed message or if an exception occurs
-     *             reading the message
-     */
-    public SignedMailValidator(MimeMessage message, PKIXParameters param)
-        throws SignedMailValidatorException
-    {
-        this(message, param, DEFAULT_CERT_PATH_REVIEWER);
-    }
-    
-    /**
-     * Validates the signed {@link MimeMessage} message. The
-     * {@link PKIXParameters} from param are used for the certificate path
-     * validation. The actual PKIXParameters used for the certificate path
-     * validation is a copy of param with the followin changes: 
     - The
-     * validation date is changed to the signature time 
     - A CertStore with
-     * certificates and crls from the mail message is added to the CertStores.
    
-     * 
    
-     * In param it's also possible to add additional CertStores
-     * with intermediate Certificates and/or CRLs which then are also used for
-     * the validation.
-     * 
-     * @param message
-     *            the signed MimeMessage
-     * @param param
-     *            the parameters for the certificate path validation
-     * @param certPathReviewerClass
-     *            a subclass of {@link PKIXCertPathReviewer}. The SignedMailValidator
-     *            uses objects of this type for the cert path vailidation. The class must
-     *            have an empty constructor.
-     * @throws SignedMailValidatorException
-     *             if the message is no signed message or if an exception occurs
-     *             reading the message
-     * @throws IllegalArgumentException if the certPathReviewerClass is not a 
-     *             subclass of {@link PKIXCertPathReviewer} or objects of 
-     *             certPathReviewerClass can not be instantiated
-     */
-    public SignedMailValidator(MimeMessage message, PKIXParameters param, Class certPathReviewerClass)
-            throws SignedMailValidatorException
-    {
-        this.certPathReviewerClass = certPathReviewerClass;
-        boolean isSubclass = DEFAULT_CERT_PATH_REVIEWER.isAssignableFrom(certPathReviewerClass);
-        if(!isSubclass)
-        {
-            throw new IllegalArgumentException("certPathReviewerClass is not a subclass of " + DEFAULT_CERT_PATH_REVIEWER.getName());
-        }
-
-        SMIMESigned s;
-
-        try
-        {
-            // check if message is multipart signed
-            if (message.isMimeType("multipart/signed"))
-            {
-                MimeMultipart mimemp = (MimeMultipart) message.getContent();
-                s = new SMIMESigned(mimemp);
-            }
-            else if (message.isMimeType("application/pkcs7-mime")
-                    || message.isMimeType("application/x-pkcs7-mime"))
-            {
-                s = new SMIMESigned(message);
-            }
-            else
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "SignedMailValidator.noSignedMessage");
-                throw new SignedMailValidatorException(msg);
-            }
-
-            // save certstore and signerInformationStore
-            certs = s.getCertificatesAndCRLs("Collection", "BC");
-            signers = s.getSignerInfos();
-
-            // save "from" addresses from message
-            Address[] froms = message.getFrom();
-        InternetAddress sender = null;
-        try
-        {
-            if(message.getHeader("Sender") != null)
-            {
-                sender = new InternetAddress(message.getHeader("Sender")[0]);
-            }
-        }
-        catch (MessagingException ex)
-        {
-            //ignore garbage in Sender: header
-        }
-        fromAddresses = new String[froms.length + (sender!=null?1:0)];
-        for (int i = 0; i < froms.length; i++)
-        {
-            InternetAddress inetAddr = (InternetAddress) froms[i];
-            fromAddresses[i] = inetAddr.getAddress();
-        }
-        if(sender!=null)
-        {
-            fromAddresses[froms.length] = sender.getAddress();
-        }
-
-            // initialize results
-            results = new HashMap();
-        }
-        catch (Exception e)
-        {
-            if (e instanceof SignedMailValidatorException)
-            {
-                throw (SignedMailValidatorException) e;
-            }
-            // exception reading message
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.exceptionReadingMessage",
-                    new Object[] { e.getMessage(), e , e.getClass().getName()});
-            throw new SignedMailValidatorException(msg, e);
-        }
-
-        // validate signatues
-        validateSignatures(param);
-    }
-
-    protected void validateSignatures(PKIXParameters pkixParam)
-    {
-        PKIXParameters usedParameters = (PKIXParameters) pkixParam.clone();
-
-        // add crls and certs from mail
-        usedParameters.addCertStore(certs);
-
-        Collection c = signers.getSigners();
-        Iterator it = c.iterator();
-
-        // check each signer
-        while (it.hasNext())
-        {
-            List errors = new ArrayList();
-            List notifications = new ArrayList();
-
-            SignerInformation signer = (SignerInformation) it.next();
-            // signer certificate
-            X509Certificate cert = null;
-
-            try
-            {
-                Collection certCollection = findCerts(usedParameters
-                        .getCertStores(), signer.getSID());
-
-                Iterator certIt = certCollection.iterator();
-                if (certIt.hasNext())
-                {
-                    cert = (X509Certificate) certIt.next();
-                }
-            }
-            catch (CertStoreException cse)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "SignedMailValidator.exceptionRetrievingSignerCert",
-                        new Object[] { cse.getMessage(), cse , cse.getClass().getName()});
-                errors.add(msg);
-            }
-
-            if (cert != null)
-            {
-                // check signature
-                boolean validSignature = false;
-                try
-                {
-                    validSignature = signer.verify(cert.getPublicKey(), "BC");
-                    if (!validSignature)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                "SignedMailValidator.signatureNotVerified");
-                        errors.add(msg);
-                    }
-                }
-                catch (Exception e)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                            "SignedMailValidator.exceptionVerifyingSignature",
-                            new Object[] { e.getMessage(), e, e.getClass().getName() });
-                    errors.add(msg);
-                }
-
-                // check signer certificate (mail address, key usage, etc)
-                checkSignerCert(cert, errors, notifications);
-
-                // notify if a signed receip request is in the message
-                AttributeTable atab = signer.getSignedAttributes();
-                if (atab != null)
-                {
-                    Attribute attr = atab.get(PKCSObjectIdentifiers.id_aa_receiptRequest);
-                    if (attr != null)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                "SignedMailValidator.signedReceiptRequest");
-                        notifications.add(msg);
-                    }
-                }
-
-                // check certificate path
-
-                // get signing time if possible, otherwise use current time as
-                // signing time
-                Date signTime = getSignatureTime(signer);
-                if (signTime == null) // no signing time was found
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                            "SignedMailValidator.noSigningTime");
-                    errors.add(msg);
-                    signTime = new Date();
-                }
-                else
-                {
-                    // check if certificate was valid at signing time
-                    try
-                    {
-                        cert.checkValidity(signTime);
-                    }
-                    catch (CertificateExpiredException e)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                "SignedMailValidator.certExpired",
-                                new Object[] { new TrustedInput(signTime), new TrustedInput(cert.getNotAfter()) });
-                        errors.add(msg);
-                    }
-                    catch (CertificateNotYetValidException e)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                "SignedMailValidator.certNotYetValid",
-                                new Object[] { new TrustedInput(signTime), new TrustedInput(cert.getNotBefore()) });
-                        errors.add(msg);
-                    }
-                }
-                usedParameters.setDate(signTime);
-
-                try
-                {
-                    // construct cert chain
-                    CertPath certPath;
-                    List userProvidedList;
-                    
-                    List userCertStores = new ArrayList();
-                    userCertStores.add(certs);
-                    Object[] cpres = createCertPath(cert, usedParameters.getTrustAnchors(), pkixParam.getCertStores(), userCertStores);
-                    certPath = (CertPath) cpres[0];
-                    userProvidedList = (List) cpres[1];
-
-                    // validate cert chain
-                    PKIXCertPathReviewer review;
-                    try
-                    {
-                        review = (PKIXCertPathReviewer)certPathReviewerClass.newInstance();
-                    }
-                    catch (IllegalAccessException e)
-                    {
-                        throw new IllegalArgumentException("Cannot instantiate object of type " +
-                                certPathReviewerClass.getName() + ": " + e.getMessage());
-                    }
-                    catch (InstantiationException e)
-                    {
-                        throw new IllegalArgumentException("Cannot instantiate object of type " +
-                                certPathReviewerClass.getName() + ": " + e.getMessage());
-                    }
-                    review.init(certPath, usedParameters);
-                    if (!review.isValidCertPath())
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                "SignedMailValidator.certPathInvalid");
-                        errors.add(msg);
-                    }
-                    results.put(signer, new ValidationResult(review,
-                            validSignature, errors, notifications, userProvidedList));
-                }
-                catch (GeneralSecurityException gse)
-                {
-                    // cannot create cert path
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                            "SignedMailValidator.exceptionCreateCertPath",
-                            new Object[] { gse.getMessage(), gse, gse.getClass().getName() });
-                    errors.add(msg);
-                    results.put(signer, new ValidationResult(null,
-                            validSignature, errors, notifications, null));
-                }
-                catch (CertPathReviewerException cpre)
-                {
-                    // cannot initialize certpathreviewer - wrong parameters
-                    errors.add(cpre.getErrorMessage());
-                    results.put(signer, new ValidationResult(null,
-                            validSignature, errors, notifications, null));
-                }
-            }
-            else
-            // no signer certificate found
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "SignedMailValidator.noSignerCert");
-                errors.add(msg);
-                results.put(signer, new ValidationResult(null, false, errors,
-                        notifications, null));
-            }
-        }
-    }
-
-    public static Set getEmailAddresses(X509Certificate cert) throws IOException, CertificateEncodingException
-    {
-        Set addresses = new HashSet();
-
-        X509Principal name = PrincipalUtil.getSubjectX509Principal(cert);
-        Vector oids = name.getOIDs();
-        Vector names = name.getValues();
-        for (int i = 0; i < oids.size(); i++)
-        {
-            if (oids.get(i).equals(X509Principal.EmailAddress))
-            {
-                String email = ((String) names.get(i)).toLowerCase();
-                addresses.add(email);
-                break;
-            }
-        }
-
-        byte[] ext = cert.getExtensionValue(SUBJECT_ALTERNATIVE_NAME);
-        if (ext != null)
-        {
-            DERSequence altNames = (DERSequence) getObject(ext);
-            for (int j = 0; j < altNames.size(); j++)
-            {
-                ASN1TaggedObject o = (ASN1TaggedObject) altNames
-                        .getObjectAt(j);
-
-                if (o.getTagNo() == 1)
-                {
-                    String email = DERIA5String.getInstance(o, true)
-                            .getString().toLowerCase();
-                    addresses.add(email);
-                }
-            }
-        }
-
-        return addresses;
-    }
-
-    private static DERObject getObject(byte[] ext) throws IOException
-    {
-        ASN1InputStream aIn = new ASN1InputStream(ext);
-        ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
-
-        aIn = new ASN1InputStream(octs.getOctets());
-        return aIn.readObject();
-    }
-
-    protected void checkSignerCert(X509Certificate cert, List errors,
-            List notifications)
-    {
-        // get key length
-        PublicKey key = cert.getPublicKey();
-        int keyLenght = -1;
-        if (key instanceof RSAPublicKey)
-        {
-            keyLenght = ((RSAPublicKey) key).getModulus().bitLength();
-        }
-        else if (key instanceof DSAPublicKey)
-        {
-            keyLenght = ((DSAPublicKey) key).getParams().getP().bitLength();
-        }
-        if (keyLenght != -1 && keyLenght <= shortKeyLength)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.shortSigningKey",
-                    new Object[] { new Integer(keyLenght) });
-            notifications.add(msg);
-        }
-        
-        // warn if certificate has very long validity period
-        long validityPeriod = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();
-        if (validityPeriod > THIRTY_YEARS_IN_MILLI_SEC)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.longValidity",
-                    new Object[] {new TrustedInput(cert.getNotBefore()), new TrustedInput(cert.getNotAfter())});
-            notifications.add(msg);
-        }
-
-        // check key usage if digitalSignature or nonRepudiation is set
-        boolean[] keyUsage = cert.getKeyUsage();
-        if (keyUsage != null && !keyUsage[0] && !keyUsage[1])
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.signingNotPermitted");
-            errors.add(msg);
-        }
-
-        // check extended key usage
-        try
-        {
-            byte[] ext = cert.getExtensionValue(EXT_KEY_USAGE);
-            if (ext != null)
-            {
-                ExtendedKeyUsage extKeyUsage = ExtendedKeyUsage
-                        .getInstance(getObject(ext));
-                if (!extKeyUsage
-                        .hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage)
-                        && !extKeyUsage
-                                .hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection))
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                            "SignedMailValidator.extKeyUsageNotPermitted");
-                    errors.add(msg);
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.extKeyUsageError", new Object[] {
-                            e.getMessage(), e, e.getClass().getName() });
-            errors.add(msg);
-        }
-
-        // cert has an email address
-        try
-        {
-            Set certEmails = getEmailAddresses(cert);
-            if (certEmails.isEmpty())
-            {
-                // error no email address in signing certificate
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "SignedMailValidator.noEmailInCert");
-                errors.add(msg);
-            }
-            else
-            {
-                // check if email in cert is equal to the from address in the
-                // message
-                boolean equalsFrom = false;
-                for (int i = 0; i < fromAddresses.length; i++)
-                {
-                    if (certEmails.contains(fromAddresses[i].toLowerCase()))
-                    {
-                        equalsFrom = true;
-                        break;
-                    }
-                }
-                if (!equalsFrom)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                            "SignedMailValidator.emailFromCertMismatch",
-                            new Object[] {
-                                    new UntrustedInput(
-                                            addressesToString(fromAddresses)),
-                                    new UntrustedInput(certEmails) });
-                    errors.add(msg);
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.certGetEmailError", new Object[] {
-                            e.getMessage(), e, e.getClass().getName() });
-            errors.add(msg);
-        }
-    }
-
-    static String addressesToString(Object[] a)
-    {
-        if (a == null)
-        {
-            return "null";
-        }
-
-        StringBuffer b = new StringBuffer();
-        b.append('[');
-
-        for (int i = 0; i != a.length; i++)
-        {
-            if (i > 0)
-            {
-                b.append(", ");
-            }
-            b.append(String.valueOf(a[i]));
-        }
-
-        return b.append(']').toString();
-    }
-
-    public static Date getSignatureTime(SignerInformation signer)
-    {
-        AttributeTable atab = signer.getSignedAttributes();
-        Date result = null;
-        if (atab != null)
-        {
-            Attribute attr = atab.get(CMSAttributes.signingTime);
-            if (attr != null)
-            {
-                Time t = Time.getInstance(attr.getAttrValues().getObjectAt(0)
-                        .getDERObject());
-                result = t.getDate();
-            }
-        }
-        return result;
-    }
-
-    private static List findCerts(List certStores, X509CertSelector selector)
-            throws CertStoreException
-    {
-        List result = new ArrayList();
-        Iterator it = certStores.iterator();
-        while (it.hasNext())
-        {
-            CertStore store = (CertStore) it.next();
-            Collection coll = store.getCertificates(selector);
-            result.addAll(coll);
-        }
-        return result;
-    }
-    
-    private static X509Certificate findNextCert(List certStores, X509CertSelector selector, Set certSet)
-        throws CertStoreException
-    {
-        Iterator certIt = findCerts(certStores, selector).iterator();
-
-        boolean certFound = false;
-        X509Certificate nextCert = null;
-        while (certIt.hasNext())
-        {
-            nextCert = (X509Certificate) certIt.next();
-            if (!certSet.contains(nextCert))
-            {
-                certFound = true;
-                break;
-            }
-        }
-        
-        return certFound ? nextCert : null;
-    }
-
-    /**
-     * 
-     * @param signerCert the end of the path
-     * @param trustanchors trust anchors for the path
-     * @param certStores
-     * @return the resulting certificate path.
-     * @throws GeneralSecurityException
-     */
-    public static CertPath createCertPath(X509Certificate signerCert,
-            Set trustanchors, List certStores) throws GeneralSecurityException
-    {
-        Object[] results = createCertPath(signerCert, trustanchors, certStores, null);
-        return (CertPath) results[0];
-    }
-    
-    /**
-     * Returns an Object array containing a CertPath and a List of Booleans. The list contains the value true
-     * if the corresponding certificate in the CertPath was taken from the user provided CertStores.
-     * @param signerCert the end of the path
-     * @param trustanchors trust anchors for the path
-     * @param systemCertStores list of {@link CertStore} provided by the system
-     * @param userCertStores list of {@link CertStore} provided by the user
-     * @return a CertPath and a List of booleans.
-     * @throws GeneralSecurityException
-     */
-    public static Object[] createCertPath(X509Certificate signerCert,
-            Set trustanchors, List systemCertStores, List userCertStores) throws GeneralSecurityException
-    {
-        Set  certSet = new LinkedHashSet();
-        List userProvidedList = new ArrayList();
-
-        // add signer certificate
-
-        X509Certificate cert = signerCert;
-        certSet.add(cert);
-        userProvidedList.add(new Boolean(true));
-
-        boolean trustAnchorFound = false;
-        
-        X509Certificate taCert = null;
-
-        // add other certs to the cert path
-        while (cert != null && !trustAnchorFound)
-        {
-            // check if cert Issuer is Trustanchor
-            Iterator trustIt = trustanchors.iterator();
-            while (trustIt.hasNext())
-            {
-                TrustAnchor anchor = (TrustAnchor) trustIt.next();
-                X509Certificate anchorCert = anchor.getTrustedCert();
-                if (anchorCert != null)
-                {
-                    if (anchorCert.getSubjectX500Principal().equals(
-                            cert.getIssuerX500Principal()))
-                    {
-                        try
-                        {
-                            cert.verify(anchorCert.getPublicKey(), "BC");
-                            trustAnchorFound = true;
-                            taCert = anchorCert;
-                            break;
-                        }
-                        catch (Exception e)
-                        {
-                            // trustanchor not found
-                        }
-                    }
-                }
-                else
-                {
-                    if (anchor.getCAName().equals(
-                            cert.getIssuerX500Principal().getName()))
-                    {
-                        try
-                        {
-                            cert.verify(anchor.getCAPublicKey(), "BC");
-                            trustAnchorFound = true;
-                            break;
-                        }
-                        catch (Exception e)
-                        {
-                            // trustanchor not found
-                        }
-                    }
-                }
-            }
-
-            if (!trustAnchorFound)
-            {
-                // add next cert to path
-                X509CertSelector select = new X509CertSelector();
-                try
-                {
-                    select.setSubject(cert.getIssuerX500Principal().getEncoded());
-                }
-                catch (IOException e)
-                {
-                    throw new IllegalStateException(e.toString());
-                }
-                byte[] authKeyIdentBytes = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-                if (authKeyIdentBytes != null)
-                {
-                    try
-                    {
-                        AuthorityKeyIdentifier kid = AuthorityKeyIdentifier.getInstance(getObject(authKeyIdentBytes));
-                        if (kid.getKeyIdentifier() != null)
-                        {
-                            select.setSubjectKeyIdentifier(new DEROctetString(kid.getKeyIdentifier()).getDEREncoded());
-                        }
-                    }
-                    catch (IOException ioe)
-                    {
-                        // ignore
-                    }
-                }
-                boolean userProvided = false;
-                
-                cert = findNextCert(systemCertStores, select, certSet);
-                if (cert == null && userCertStores != null)
-                {
-                    userProvided = true;
-                    cert = findNextCert(userCertStores, select, certSet);
-                }
-                
-                if (cert != null)
-                {
-                    // cert found
-                    certSet.add(cert);
-                    userProvidedList.add(new Boolean(userProvided));
-                }
-            }
-        }
-
-        // if a trustanchor was found - try to find a selfsigned certificate of
-        // the trustanchor
-        if (trustAnchorFound)
-        {
-            if (taCert != null && taCert.getSubjectX500Principal().equals(taCert.getIssuerX500Principal()))
-            {
-                certSet.add(taCert);
-                userProvidedList.add(new Boolean(false));
-            }
-            else
-            {
-                X509CertSelector select = new X509CertSelector();
-
-                try
-                {
-                    select.setSubject(cert.getIssuerX500Principal().getEncoded());
-                    select.setIssuer(cert.getIssuerX500Principal().getEncoded());
-                }
-                catch (IOException e)
-                {
-                    throw new IllegalStateException(e.toString());
-                }
-    
-                boolean userProvided = false;
-                
-                taCert = findNextCert(systemCertStores, select, certSet);
-                if (taCert == null && userCertStores != null)
-                {
-                    userProvided = true;
-                    taCert = findNextCert(userCertStores, select, certSet);
-                }
-                if (taCert != null)
-                {
-                    try
-                    {
-                        cert.verify(taCert.getPublicKey(), "BC");
-                        certSet.add(taCert);
-                        userProvidedList.add(new Boolean(userProvided));
-                    }
-                    catch (GeneralSecurityException gse)
-                    {
-                        // wrong cert
-                    }
-                }
-            }
-        }
-        
-        CertPath certPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(new ArrayList(certSet));
-        return new Object[] {certPath, userProvidedList};
-    }
-
-    public CertStore getCertsAndCRLs()
-    {
-        return certs;
-    }
-
-    public SignerInformationStore getSignerInformationStore()
-    {
-        return signers;
-    }
-
-    public ValidationResult getValidationResult(SignerInformation signer)
-            throws SignedMailValidatorException
-    {
-        if (signers.getSigners(signer.getSID()).isEmpty())
-        {
-            // the signer is not part of the SignerInformationStore
-            // he has not signed the message
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "SignedMailValidator.wrongSigner");
-            throw new SignedMailValidatorException(msg);
-        }
-        else
-        {
-            return (ValidationResult) results.get(signer);
-        }
-    }
-
-    public class ValidationResult
-    {
-
-        private PKIXCertPathReviewer review;
-
-        private List errors;
-
-        private List notifications;
-        
-        private List userProvidedCerts;
-
-        private boolean signVerified;
-
-        ValidationResult(PKIXCertPathReviewer review, boolean verified,
-                List errors, List notifications, List userProvidedCerts)
-        {
-            this.review = review;
-            this.errors = errors;
-            this.notifications = notifications;
-            signVerified = verified;
-            this.userProvidedCerts = userProvidedCerts;
-        }
-
-        /**
-         * Returns a list of error messages of type {@link ErrorBundle}.
-         * 
-         * @return List of error messages
-         */
-        public List getErrors()
-        {
-            return errors;
-        }
-
-        /**
-         * Returns a list of notification messages of type {@link ErrorBundle}.
-         * 
-         * @return List of notification messages
-         */
-        public List getNotifications()
-        {
-            return notifications;
-        }
-
-        /**
-         * 
-         * @return the PKIXCertPathReviewer for the CertPath of this signature
-         *         or null if an Exception occured.
-         */
-        public PKIXCertPathReviewer getCertPathReview()
-        {
-            return review;
-        }
-        
-        /**
-         * 
-         * @return the CertPath for this signature
-         *         or null if an Exception occured.
-         */
-        public CertPath getCertPath()
-        {
-            return review != null ? review.getCertPath() : null;
-        }
-        
-        /**
-         * 
-         * @return a List of Booleans that are true if the corresponding certificate in the CertPath was taken from
-         * the CertStore of the SMIME message
-         */
-        public List getUserProvidedCerts()
-        {
-            return userProvidedCerts;
-        }
-
-        /**
-         * 
-         * @return true if the signature corresponds to the public key of the
-         *         signer
-         */
-        public boolean isVerifiedSignature()
-        {
-            return signVerified;
-        }
-
-        /**
-         * 
-         * @return true if the signature is valid (ie. if it corresponds to the
-         *         public key of the signer and the cert path for the signers
-         *         certificate is also valid)
-         */
-        public boolean isValidSignature()
-        {
-            if (review != null)
-            {
-                return signVerified && review.isValidCertPath()
-                        && errors.isEmpty();
-            }
-            else
-            {
-                return false;
-            }
-        }
-
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorException.java
deleted file mode 100644
index 06f146182..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorException.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.mail.smime.validator;
-
-import org.bouncycastle.i18n.ErrorBundle;
-import org.bouncycastle.i18n.LocalizedException;
-
-public class SignedMailValidatorException extends LocalizedException
-{
-
-    public SignedMailValidatorException(ErrorBundle errorMessage, Throwable throwable)
-    {
-        super(errorMessage, throwable);
-    }
-
-    public SignedMailValidatorException(ErrorBundle errorMessage)
-    {
-        super(errorMessage);
-    }
-    
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages.properties b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages.properties
deleted file mode 100644
index aad4bd604..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages.properties
+++ /dev/null
@@ -1,172 +0,0 @@
-## constructor exception messages
-
-# Signature valid
-SignedMailValidator.sigValid.title = Signature valid
-SignedMailValidator.sigValid.text = Signature valid
-SignedMailValidator.sigValid.summary = Signature valid
-SignedMailValidator.sigValid.details = Signature valid
-
-# Signature invalid
-SignedMailValidator.sigInvalid.title = Signature invalid
-SignedMailValidator.sigInvalid.text = Signature invalid
-SignedMailValidator.sigInvalid.summary = Signature invalid
-SignedMailValidator.sigInvalid.details = Signature invalid
-
-# message is not signed
-SignedMailValidator.noSignedMessage.title = Message is not signed
-SignedMailValidator.noSignedMessage.text = SignedMailValidator: MimeMessage message is not a signed message.
-SignedMailValidator.noSignedMessage.summary = SignedMailValidator: MimeMessage message is not a signed message.
-SignedMailValidator.noSignedMessage.details = SignedMailValidator: MimeMessage message is not a signed message.
-
-# exception reading the Mime message
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.exceptionReadingMessage.title = Exception reading the MimeMessage
-SignedMailValidator.exceptionReadingMessage.text = SignedMailValidator: there was a {2} reading the MimeMessage: {0}.
-SignedMailValidator.exceptionReadingMessage.summary = SignedMailValidator: there was a {2} reading the MimeMessage: {0}.
-SignedMailValidator.exceptionReadingMessage.details = SignedMailValidator: there was a {2} reading the MimeMessage: {0}.
-
-## exception messages
-
-# signer has not signed the mail message
-SignedMailValidator.wrongSigner.title = Signer has not signed the message
-SignedMailValidator.wrongSigner.text = The given signer did not sign the mail message.
-SignedMailValidator.wrongSigner.summary = The given signer did not sign the mail message.
-SignedMailValidator.wrongSigner.details = The given signer did not sign the mail message.
-
-## notifications messages
-
-# short signing key
-# {0} the key lenght as Integer
-SignedMailValidator.shortSigningKey.title = Careless short signing key
-SignedMailValidator.shortSigningKey.text = Warning: The signing key is only {0} bits long.
-SignedMailValidator.shortSigningKey.summary = Warning: The signing key is only {0} bits long.
-SignedMailValidator.shortSigningKey.details = Warning: The signing key is only {0} bits long.
-
-# signing certificate has very long validity period
-# {0} notBefore date
-# {1} notAfter date
-SignedMailValidator.longValidity.title = Very long validity period
-SignedMailValidator.longValidity.text = Warning: The signing certificate has a very long validity period: from {0,date} {0,time,full} until {1,date} {1,time,full}.
-SignedMailValidator.longValidity.summary = Warning: The signing certificate has a very long validity period: from {0,date} {0,time,full} until {1,date} {1,time,full}.
-SignedMailValidator.longValidity.details = Warning: The signing certificate has a very long validity period: from {0,date} {0,time,full} until {1,date} {1,time,full}.
-
-# signed receipt requested
-SignedMailValidator.signedReceiptRequest.title = Signed Receipt Request
-SignedMailValidator.signedReceiptRequest.text = The signature contains a signed receipt request.
-SignedMailValidator.signedReceiptRequest.summary = The signature contains a signed receipt request.
-SignedMailValidator.signedReceiptRequest.details = The signature contains a signed receipt request as per RFC 2634.
-
-## error messages
-
-# no signer certificate found
-SignedMailValidator.noSignerCert.title = No signer certificate found
-SignedMailValidator.noSignerCert.text = Signature Validation failed: No signer certificate found.
-SignedMailValidator.noSignerCert.summary = Signature Validation failed: No signer certificate found.
-SignedMailValidator.noSignerCert.details = Signature Validation failed: No signer certificate found.
-
-# certificate contains no email address
-SignedMailValidator.noEmailInCert.title = Certificate not usable for email signatures
-SignedMailValidator.noEmailInCert.text = The signer certificate is not usable for email signatures: it contains no email address.
-SignedMailValidator.noEmailInCert.summary = The signer certificate is not usable for email signatures: it contains no email address.
-SignedMailValidator.noEmailInCert.details = The signer certificate is not usable for email signatures: it contains no email address.
-
-# certificate email address does not match from email address
-# {0} from email addresses in the message 
-# {1} email addresses in the certificate
-SignedMailValidator.emailFromCertMismatch.title = Email address mismatch
-SignedMailValidator.emailFromCertMismatch.text = Email address in singer certificate does not match the sender address. Signer email: {1}. Sender email: {0}.
-SignedMailValidator.emailFromCertMismatch.summary = Email address in singer certificate does not match the sender address. Signer email: {1}. Sender email: {0}.
-SignedMailValidator.emailFromCertMismatch.details = Email address in singer certificate does not match the sender address. Signer email: {1}. Sender email: {0}.
-
-# exception extracting email addresses from certificate
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.certGetEmailError.title = Exception extracting email addresses from certificate
-SignedMailValidator.certGetEmailError.text = There was a {2} extracting the email addresses from the certificate. Cause: {0}.
-SignedMailValidator.certGetEmailError.summary = There was a {2} extracting the email addresses from the certificate.
-SignedMailValidator.certGetEmailError.details = There was a {2} extracting the email addresses from the certificate. Cause: {0}.
-
-# no signing time found
-SignedMailValidator.noSigningTime.title = No signing time
-SignedMailValidator.noSigningTime.text = The signature contains no signing time. Using the current time for validating the certificate path.
-SignedMailValidator.noSigningTime.summary = The signature contains no signing time.
-SignedMailValidator.noSigningTime.details = The signature contains no signing time. Using the current time for validating the certificate path.
-
-# expired at signing time
-# {0} signing time
-# {1} not after date
-SignedMailValidator.certExpired.title = Certificate expired at signing time
-SignedMailValidator.certExpired.text = The message was signed at {0,date} {0,time,full}. But the certificate expired at {1,date} {1,time,full}.
-SignedMailValidator.certExpired.summary = The message was signed at {0,date} {0,time,full}. But the certificate expired at {1,date} {1,time,full}.
-SignedMailValidator.certExpired.details = The message was signed at {0,date} {0,time,full}. But the certificate expired at {1,date} {1,time,full}.
-
-# not yet valid at signing time
-# {0} signing time
-# {1} notBefore date
-SignedMailValidator.certNotYetValid.title = Certificate not yet valid at signing time
-SignedMailValidator.certNotYetValid.text = The message was signed at {0,date} {0,time,full}. But the certificate is not valid before {1,date} {1,time,full}.
-SignedMailValidator.certNotYetValid.summary = The message was signed at {0,date} {0,time,full}. But the certificate is not valid before {1,date} {1,time,full}.
-SignedMailValidator.certNotYetValid.details = The message was signed at {0,date} {0,time,full}. But the certificate is not valid before {1,date} {1,time,full}.
-
-# exception retrieving the signer certificate
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.exceptionRetrievingSignerCert.title = Exception retrieving the signer certificate
-SignedMailValidator.exceptionRetrievingSignerCert.text = Signature Validation failed. There was a {2} retrieving the signer certificate: {0}. 
-SignedMailValidator.exceptionRetrievingSignerCert.summary = Signature Validation failed. There was a {2} retrieving the signer certificate.
-SignedMailValidator.exceptionRetrievingSignerCert.details = Signature Validation failed  There was a {2} retrieving the signer certificate: {0}.
-
-# exception verifying the signature
-# {0} message of the underlying exception
-# {1} the underlying exception 
-# {2} the name of the exception
-SignedMailValidator.exceptionVerifyingSignature.title = Signature not verified
-SignedMailValidator.exceptionVerifyingSignature.text = Signature not verified. There was a {2}. Cause: {0}.
-SignedMailValidator.exceptionVerifyingSignature.summary = Signature not verified. There was a {2}.
-SignedMailValidator.exceptionVerifyingSignature.details = Signature not verified. There was a {2}. Cause: {0}.
-
-# signature not verified
-SignedMailValidator.signatureNotVerified.title = Signature not verified
-SignedMailValidator.signatureNotVerified.text = Signature not verified. The public key of the signer does not correspond to the signature.
-SignedMailValidator.signatureNotVerified.summary = Signature not verified. The public key of the signer does not correspond to the signature.
-SignedMailValidator.signatureNotVerified.details = Signature not verified. The public key of the signer does not correspond to the signature.
-
-# certificate key usage does not permit digitalSignature or nonRepudiation
-SignedMailValidator.signingNotPermitted.title = Key not usable for email signatures
-SignedMailValidator.signingNotPermitted.text = The key usage extension of signer certificate does not permit using the key for email signatures.
-SignedMailValidator.signingNotPermitted.summary = The signer key is not usable for email signatures.
-SignedMailValidator.signingNotPermitted.details = The key usage extension of signer certificate does not permit using the key for email signatures.
-
-# certificate extended key usage does not permit emailProtection or anyExtendedKeyUsage
-SignedMailValidator.extKeyUsageNotPermitted.title = Key not usable for email signatures
-SignedMailValidator.extKeyUsageNotPermitted.text = The extended key usage extension of the signer certificate does not permit using the key for email signatures.
-SignedMailValidator.extKeyUsageNotPermitted.summary = The signer key is not usable for email signatures.
-SignedMailValidator.extKeyUsageNotPermitted.details = The extended key usage extension of the signer certificate does not permit using the key for email signatures.
-
-# exception processing the extended key usage extension
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.extKeyUsageError.title = Exception processing the extended key usage extension 
-SignedMailValidator.extKeyUsageError.text = There was a {2} processing the extended key usage extension. Cause: {0}.
-SignedMailValidator.extKeyUsageError.summary = There was a {2} processing the extended key usage extension.
-SignedMailValidator.extKeyUsageError.details = There was a {2} processing the extended key usage extension. Cause: {0}.
-
-# cannot create certificate path (exception)
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.exceptionCreateCertPath.title = Certificate path validation failed
-SignedMailValidator.exceptionCreateCertPath.text = Certificate path validation failed. There was a {2} creating the CertPath: {0}.
-SignedMailValidator.exceptionCreateCertPath.summary = Certificate path validation failed. There was a {2} creating the CertPath: {0}.
-SignedMailValidator.exceptionCreateCertPath.details = Certificate path validation failed. There was a {2} creating the CertPath: {0}.
-
-# certificate path is invalid
-SignedMailValidator.certPathInvalid.title = Certificate path invalid
-SignedMailValidator.certPathInvalid.text = The certificate path is invalid.
-SignedMailValidator.certPathInvalid.summary = The certificate path is invalid.
-SignedMailValidator.certPathInvalid.details = The certificate path is invalid.
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages_de.properties b/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages_de.properties
deleted file mode 100644
index 6946f291a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidatorMessages_de.properties
+++ /dev/null
@@ -1,172 +0,0 @@
-## constructor exception messages
-
-# Signatur gültig
-SignedMailValidator.sigValid.title = Signatur gültig
-SignedMailValidator.sigValid.text = Signatur gültig
-SignedMailValidator.sigValid.summary = Signatur gültig
-SignedMailValidator.sigValid.details = Signatur gültig
-
-# Signatur ungültig
-SignedMailValidator.sigInvalid.title = Signatur ungültig
-SignedMailValidator.sigInvalid.text = Signatur ungültig
-SignedMailValidator.sigInvalid.summary = Signatur ungültig
-SignedMailValidator.sigInvalid.details = Signatur ungültig
-
-# message is not signed
-SignedMailValidator.noSignedMessage.title = Die Nachricht ist nicht signiert
-SignedMailValidator.noSignedMessage.text = SignedMailValidator: Die MimeMessage message ist nicht signiert.
-SignedMailValidator.noSignedMessage.summary = SignedMailValidator: Die MimeMessage message ist nicht signiert.
-SignedMailValidator.noSignedMessage.details = SignedMailValidator: Die MimeMessage message ist nicht signiert.
-
-# exception reading the Mime message
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.exceptionReadingMessage.title = Fehler beim lesen der MimeMessage
-SignedMailValidator.exceptionReadingMessage.text = SignedMailValidator: Es gab eine {2} beim lesen der MimeMessage: {0}.
-SignedMailValidator.exceptionReadingMessage.summary = SignedMailValidator: Es gab eine {2} beim lesen der MimeMessage.
-SignedMailValidator.exceptionReadingMessage.details = SignedMailValidator: Es gab eine {2} beim lesen der MimeMessage: {0}.
-
-## exception messages
-
-# signer has not signed the mail message
-SignedMailValidator.wrongSigner.title = Falscher Unterzeichner
-SignedMailValidator.wrongSigner.text = Die Email enhält keine Signatur vom gegebenen Unterzeichner.
-SignedMailValidator.wrongSigner.summary = Die Email enhält keine Signatur vom gegebenen Unterzeichner.
-SignedMailValidator.wrongSigner.details = Die Email enhält keine Signatur vom gegebenen Unterzeichner.
-
-## notifications messages
-
-# short signing key
-# {0} the key lenght as Integer
-SignedMailValidator.shortSigningKey.title = Fahrlässig kurzer Signaturschlüssel
-SignedMailValidator.shortSigningKey.text = Warnung: Der Signaturschlüssel ist nur {0} bit lang.
-SignedMailValidator.shortSigningKey.summary = Warnung: Der Signaturschlüssel ist nur {0} bit lang.
-SignedMailValidator.shortSigningKey.details = Warnung: Der Signaturschlüssel ist nur {0} bit lang.
-
-# signing certificate has very long validity period
-# {0} notBefore date
-# {1} notAfter date
-SignedMailValidator.longValidity.title = Sehr lange Gültigkeitsdauer
-SignedMailValidator.longValidity.text = Warnung: Das Signierzertifikat hat eine sehr lange Gültigkeitsdauer: von  {0,date} {0,time,full} bis {1,date} {1,time,full}.
-SignedMailValidator.longValidity.summary = Warnung: Das Signierzertifikat hat eine sehr lange Gültigkeitsdauer: von  {0,date} {0,time,full} bis {1,date} {1,time,full}.
-SignedMailValidator.longValidity.details = Warnung: Das Signierzertifikat hat eine sehr lange Gültigkeitsdauer: von  {0,date} {0,time,full} bis {1,date} {1,time,full}.
-
-# signed receipt requested
-SignedMailValidator.signedReceiptRequest.title = Signed Receipt Request
-SignedMailValidator.signedReceiptRequest.text = Die Signatur enthält einen signed receipt request.
-SignedMailValidator.signedReceiptRequest.summary = Die Signatur enthält einen signed receipt request.
-SignedMailValidator.signedReceiptRequest.details = Die Signatur enthält einen signed receipt request gemäss RFC 2634.
-
-## error messages
-
-# no signer certificate found
-SignedMailValidator.noSignerCert.title = Kein Unterzeichner Zertifikat gefunden
-SignedMailValidator.noSignerCert.text = Signatur Validierung fehlgeschlagen: Es wurde kein Unterzeichner Zertifikat gefunden.
-SignedMailValidator.noSignerCert.summary = Signatur Validierung fehlgeschlagen: Es wurde kein Unterzeichner Zertifikat gefunden.
-SignedMailValidator.noSignerCert.details = Signatur Validierung fehlgeschlagen: Es wurde kein Unterzeichner Zertifikat gefunden.
-
-# certificate contains no email address
-SignedMailValidator.noEmailInCert.title = Zertifikat nicht für Email Signaturen verwendbar
-SignedMailValidator.noEmailInCert.text = Das Unterzeichner Zertifikat kann nicht für Email Signaturen verwendet werden: Es enthält keine Email Addresse.
-SignedMailValidator.noEmailInCert.summary = Das Unterzeichner Zertifikat kann nicht für Email Signaturen verwendet werden: Es enthält keine Email Addresse.
-SignedMailValidator.noEmailInCert.details = Das Unterzeichner Zertifikat kann nicht für Email Signaturen verwendet werden: Es enthält keine Email Addresse.
-
-# certificate email address does not match from email address
-# {0} from email addresses in the message 
-# {1} email addresses in the certificate
-SignedMailValidator.emailFromCertMismatch.title = Email Addressen stimmen nicht überein
-SignedMailValidator.emailFromCertMismatch.text = Die Email Addresse im Unterzeichner Zertifikat stimmt nicht mit der Sender Addresse überein. Unterzeichner: {1}. Sender: {0}.
-SignedMailValidator.emailFromCertMismatch.summary = Die Email Addresse im Unterzeichner Zertifikat stimmt nicht mit der Sender Addresse überein. Unterzeichner: {1}. Sender: {0}.
-SignedMailValidator.emailFromCertMismatch.details = Die Email Addresse im Unterzeichner Zertifikat stimmt nicht mit der Sender Addresse überein. Unterzeichner: {1}. Sender: {0}.
-
-# exception extracting email addresses from certificate
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.certGetEmailError.title = Fehler bei extrahieren der Email Addresse vom Zertifikat
-SignedMailValidator.certGetEmailError.text = Es gab eine {2} beim Extrahieren der Email Addresse vom Zertifikat. Grund: {0}.
-SignedMailValidator.certGetEmailError.summary = Es gab eine {2} beim Extrahieren der Email Addresse vom Zertifikat.
-SignedMailValidator.certGetEmailError.details = Es gab eine {2} beim Extrahieren der Email Addresse vom Zertifikat. Grund: {0}.
-
-# no signing time found
-SignedMailValidator.noSigningTime.title = Keine Signierzeit
-SignedMailValidator.noSigningTime.text = Die Signatur enthält keine Signier Zeit. Benutze die aktuelle Zeit zur Zertifikationpfad Validierung.
-SignedMailValidator.noSigningTime.summary = Die Signatur enthält keine Signier Zeit.
-SignedMailValidator.noSigningTime.details = Die Signatur enthält keine Signier Zeit. Benutze die aktuelle Zeit zur Zertifikationpfad Validierung.
-
-# expired at signing time
-# {0} signing time
-# {1} not after date
-SignedMailValidator.certExpired.title = Zertifikat zur Signierzeit abgelaufen
-SignedMailValidator.certExpired.text = Die Nachricht wurde am {0,date} {0,time,full} signiert. Aber das Zertifikat ist am {1,date} {1,time,full} abgelaufen.
-SignedMailValidator.certExpired.summary = Die Nachricht wurde am {0,date} {0,time,full} signiert. Aber das Zertifikat ist am {1,date} {1,time,full} abgelaufen.
-SignedMailValidator.certExpired.details = Die Nachricht wurde am {0,date} {0,time,full} signiert. Aber das Zertifikat ist am {1,date} {1,time,full} abgelaufen.
-
-# not yet valid at signing time
-# {0} signing time
-# {1} notBefore date
-SignedMailValidator.certNotYetValid.title = Zertifikat noch nicht gültig zur Signierzeit
-SignedMailValidator.certNotYetValid.text = Die Nachricht wurde am {0,date} {0,time,full} signiert. Aber das Zertifikat ist erst gültig ab {1,date} {1,time,full}.
-SignedMailValidator.certNotYetValid.summary = Die Nachricht wurde am {0,date} {0,time,full} signiert. Aber das Zertifikat ist erst gültig ab {1,date} {1,time,full}.
-SignedMailValidator.certNotYetValid.details = Die Nachricht wurde am {0,date} {0,time,full} signiert. Aber das Zertifikat ist erst gültig ab {1,date} {1,time,full}.
-
-# exception retrieving the signer certificate
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.exceptionRetrievingSignerCert.title = Fehler beim Lesen des Signaturzertifikats
-SignedMailValidator.exceptionRetrievingSignerCert.text = Signatur Validierung fehlgeschlagen. Es gab eine {2} beim Lesen des Signaturzertifikats: {0}. 
-SignedMailValidator.exceptionRetrievingSignerCert.summary = Signatur Validierung fehlgeschlagen. Es gab eine {2} beim Lesen des Signaturzertifikats.
-SignedMailValidator.exceptionRetrievingSignerCert.details = Signatur Validierung fehlgeschlagen. Es gab eine {2} beim Lesen des Signaturzertifikats: {0}.
-
-# exception verifying the signature
-# {0} message of the underlying exception
-# {1} the underlying exception 
-# {2} the name of the exception
-SignedMailValidator.exceptionVerifyingSignature.title = Signatur nicht verifiziert
-SignedMailValidator.exceptionVerifyingSignature.text = Signatur nicht verifiziert. Es gab eine {2}. Grund: {0}.
-SignedMailValidator.exceptionVerifyingSignature.summary = Signatur nicht verifiziert. Es gab eine {2}.
-SignedMailValidator.exceptionVerifyingSignature.details = Signatur nicht verifiziert. Es gab eine {2}. Grund: {0}.
-
-# signature not verified
-SignedMailValidator.signatureNotVerified.title = Signatur nicht verifiziert
-SignedMailValidator.signatureNotVerified.text = Signatur nicht verifiziert. Der öffentliche Schlüssel des Unterzeichners passt nicht zur Signatur.
-SignedMailValidator.signatureNotVerified.summary = Signatur nicht verifiziert. Der öffentliche Schlüssel des Unterzeichners passt nicht zur Signatur.
-SignedMailValidator.signatureNotVerified.details = Signatur nicht verifiziert. Der öffentliche Schlüssel des Unterzeichners passt nicht zur Signatur.
-
-# certificate key usage does not permit digitalSignature or nonRepudiation
-SignedMailValidator.signingNotPermitted.title = Schlüssel nicht verwendbar für Email Signaturen
-SignedMailValidator.signingNotPermitted.text = Der Schlüssel des Unterzeichners darf nicht für Email Signaturen verwendet werden.
-SignedMailValidator.signingNotPermitted.summary = Der Schlüssel des Unterzeichners darf nicht für Email Signaturen verwendet werden.
-SignedMailValidator.signingNotPermitted.details = Die Schlüsselverwendung des Unterzeichner Zertifikats erlaubt keine Verwendung für Email Signaturen.
-
-# certificate extended key usage does not permit emailProtection or anyExtendedKeyUsage
-SignedMailValidator.extKeyUsageNotPermitted.title = Schlüssel nicht verwendbar für Email Signaturen
-SignedMailValidator.extKeyUsageNotPermitted.text = Der Schlüssel des Unterzeichners darf nicht für Email Signaturen verwendet werden.
-SignedMailValidator.extKeyUsageNotPermitted.summary = Der Schlüssel des Unterzeichners darf nicht für Email Signaturen verwendet werden.
-SignedMailValidator.extKeyUsageNotPermitted.details = Die erweiterte Schlüsselverwendung des Unterzeichner Zertifikats erlaubt keine Verwendung für Email Signaturen.
-
-# exception processing the extended key usage extension
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.extKeyUsageError.title = Fehler bei der Verarbeitung der Extended key usage Erweiterung 
-SignedMailValidator.extKeyUsageError.text = Es gab eine {2} bei der Verarbeitung der Extended key usage Erweiterung. Grund: {0}.
-SignedMailValidator.extKeyUsageError.summary = Es gab eine {2} bei der Verarbeitung der Extended key usage Erweiterung.
-SignedMailValidator.extKeyUsageError.details = Es gab eine {2} bei der Verarbeitung der Extended key usage Erweiterung. Grund: {0}.
-
-# cannot create certificate path (exception)
-# {0} message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-SignedMailValidator.exceptionCreateCertPath.title = Zertifizierungspfad Validierung fehlgeschlagen
-SignedMailValidator.exceptionCreateCertPath.text = Die Zertifizierungspfad Validierung ist fehlgeschlagen. Es gab eine {2} beim erstellen des Zertifizierungspfad: {0}.
-SignedMailValidator.exceptionCreateCertPath.summary = Die Zertifizierungspfad Validierung ist fehlgeschlagen. Es gab eine {2} beim erstellen des Zertifizierungspfad: {0}.
-SignedMailValidator.exceptionCreateCertPath.details = Die Zertifizierungspfad Validierung ist fehlgeschlagen. Es gab eine {2} beim erstellen des Zertifizierungspfad: {0}.
-
-# certificate path is invalid
-SignedMailValidator.certPathInvalid.title = Zertifikats-Pfad ungültig
-SignedMailValidator.certPathInvalid.text = Der Zertifikats-Pfad ist ungültig.
-SignedMailValidator.certPathInvalid.summary = Der Zertifikats-Pfad ist ungültig.
-SignedMailValidator.certPathInvalid.details = Der Zertifikats-Pfad ist ungültig.
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
deleted file mode 100644
index 78a7a8f9c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-public class ECAlgorithms
-{
-    public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a,
-        ECPoint Q, BigInteger b)
-    {
-        ECCurve c = P.getCurve();
-        if (!c.equals(Q.getCurve()))
-        {
-            throw new IllegalArgumentException("P and Q must be on same curve");
-        }
-
-        // Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick
-        if (c instanceof ECCurve.F2m)
-        {
-            ECCurve.F2m f2mCurve = (ECCurve.F2m)c;
-            if (f2mCurve.isKoblitz())
-            {
-                return P.multiply(a).add(Q.multiply(b));
-            }
-        }
-
-        return implShamirsTrick(P, a, Q, b);
-    }
-
-    /*
-     * "Shamir's Trick", originally due to E. G. Straus
-     * (Addition chains of vectors. American Mathematical Monthly,
-     * 71(7):806-808, Aug./Sept. 1964)
-     * 
    -     * Input: The points P, Q, scalar k = (km?, ... , k1, k0)
-     * and scalar l = (lm?, ... , l1, l0).
-     * Output: R = k * P + l * Q.
-     * 1: Z <- P + Q
-     * 2: R <- O
-     * 3: for i from m-1 down to 0 do
-     * 4:        R <- R + R        {point doubling}
-     * 5:        if (ki = 1) and (li = 0) then R <- R + P end if
-     * 6:        if (ki = 0) and (li = 1) then R <- R + Q end if
-     * 7:        if (ki = 1) and (li = 1) then R <- R + Z end if
-     * 8: end for
-     * 9: return R
-     * 
    
-     */
-    public static ECPoint shamirsTrick(ECPoint P, BigInteger k,
-        ECPoint Q, BigInteger l)
-    {
-        if (!P.getCurve().equals(Q.getCurve()))
-        {
-            throw new IllegalArgumentException("P and Q must be on same curve");
-        }
-
-        return implShamirsTrick(P, k, Q, l);
-    }
-
-    private static ECPoint implShamirsTrick(ECPoint P, BigInteger k,
-        ECPoint Q, BigInteger l)
-    {
-        int m = Math.max(k.bitLength(), l.bitLength());
-        ECPoint Z = P.add(Q);
-        ECPoint R = P.getCurve().getInfinity();
-
-        for (int i = m - 1; i >= 0; --i)
-        {
-            R = R.twice();
-
-            if (k.testBit(i))
-            {
-                if (l.testBit(i))
-                {
-                    R = R.add(Z);
-                }
-                else
-                {
-                    R = R.add(P);
-                }
-            }
-            else
-            {
-                if (l.testBit(i))
-                {
-                    R = R.add(Q);
-                }
-            }
-        }
-
-        return R;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECConstants.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECConstants.java
deleted file mode 100644
index 864f746da..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECConstants.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-public interface ECConstants
-{
-    public static final BigInteger ZERO = BigInteger.valueOf(0);
-    public static final BigInteger ONE = BigInteger.valueOf(1);
-    public static final BigInteger TWO = BigInteger.valueOf(2);
-    public static final BigInteger THREE = BigInteger.valueOf(3);
-    public static final BigInteger FOUR = BigInteger.valueOf(4);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECCurve.java
deleted file mode 100644
index c98410487..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECCurve.java
+++ /dev/null
@@ -1,668 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-import java.util.Random;
-
-/**
- * base class for an elliptic curve
- */
-public abstract class ECCurve
-{
-    ECFieldElement a, b;
-
-    public abstract int getFieldSize();
-
-    public abstract ECFieldElement fromBigInteger(BigInteger x);
-
-    public abstract ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression);
-
-    public abstract ECPoint decodePoint(byte[] encoded);
-
-    public abstract ECPoint getInfinity();
-
-    public ECFieldElement getA()
-    {
-        return a;
-    }
-
-    public ECFieldElement getB()
-    {
-        return b;
-    }
-
-    /**
-     * Elliptic curve over Fp
-     */
-    public static class Fp extends ECCurve
-    {
-        BigInteger q;
-        ECPoint.Fp infinity;
-
-        public Fp(BigInteger q, BigInteger a, BigInteger b)
-        {
-            this.q = q;
-            this.a = fromBigInteger(a);
-            this.b = fromBigInteger(b);
-            this.infinity = new ECPoint.Fp(this, null, null);
-        }
-
-        public BigInteger getQ()
-        {
-            return q;
-        }
-
-        public int getFieldSize()
-        {
-            return q.bitLength();
-        }
-
-        public ECFieldElement fromBigInteger(BigInteger x)
-        {
-            return new ECFieldElement.Fp(this.q, x);
-        }
-
-        public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
-        {
-            return new ECPoint.Fp(this, fromBigInteger(x), fromBigInteger(y), withCompression);
-        }
-
-        /**
-         * Decode a point on this curve from its ASN.1 encoding. The different
-         * encodings are taken account of, including point compression for
-         * Fp (X9.62 s 4.2.1 pg 17).
-         * @return The decoded point.
-         */
-        public ECPoint decodePoint(byte[] encoded)
-        {
-            ECPoint p = null;
-
-            switch (encoded[0])
-            {
-                // infinity
-            case 0x00:
-                if (encoded.length > 1)
-                {
-                    throw new RuntimeException("Invalid point encoding");
-                }
-                p = getInfinity();
-                break;
-                // compressed
-            case 0x02:
-            case 0x03:
-                int ytilde = encoded[0] & 1;
-                byte[]  i = new byte[encoded.length - 1];
-
-                System.arraycopy(encoded, 1, i, 0, i.length);
-
-                ECFieldElement x = new ECFieldElement.Fp(this.q, new BigInteger(1, i));
-                ECFieldElement alpha = x.multiply(x.square().add(a)).add(b);
-                ECFieldElement beta = alpha.sqrt();
-
-                //
-                // if we can't find a sqrt we haven't got a point on the
-                // curve - run!
-                //
-                if (beta == null)
-                {
-                    throw new RuntimeException("Invalid point compression");
-                }
-
-                int bit0 = (beta.toBigInteger().testBit(0) ? 1 : 0);
-
-                if (bit0 == ytilde)
-                {
-                    p = new ECPoint.Fp(this, x, beta, true);
-                }
-                else
-                {
-                    p = new ECPoint.Fp(this, x,
-                        new ECFieldElement.Fp(this.q, q.subtract(beta.toBigInteger())), true);
-                }
-                break;
-                // uncompressed
-            case 0x04:
-                // hybrid
-            case 0x06:
-            case 0x07:
-                byte[]  xEnc = new byte[(encoded.length - 1) / 2];
-                byte[]  yEnc = new byte[(encoded.length - 1) / 2];
-
-                System.arraycopy(encoded, 1, xEnc, 0, xEnc.length);
-                System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length);
-
-                p = new ECPoint.Fp(this,
-                        new ECFieldElement.Fp(this.q, new BigInteger(1, xEnc)),
-                        new ECFieldElement.Fp(this.q, new BigInteger(1, yEnc)));
-                break;
-            default:
-                throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
-            }
-
-            return p;
-        }
-
-        public ECPoint getInfinity()
-        {
-            return infinity;
-        }
-
-        public boolean equals(
-            Object anObject) 
-        {
-            if (anObject == this) 
-            {
-                return true;
-            }
-
-            if (!(anObject instanceof ECCurve.Fp)) 
-            {
-                return false;
-            }
-
-            ECCurve.Fp other = (ECCurve.Fp) anObject;
-
-            return this.q.equals(other.q) 
-                    && a.equals(other.a) && b.equals(other.b);
-        }
-
-        public int hashCode() 
-        {
-            return a.hashCode() ^ b.hashCode() ^ q.hashCode();
-        }
-    }
-
-    /**
-     * Elliptic curves over F2m. The Weierstrass equation is given by
-     * y2 + xy = x3 + ax2 + b.
-     */
-    public static class F2m extends ECCurve
-    {
-        /**
-         * The exponent m of F2m.
-         */
-        private int m;  // can't be final - JDK 1.1
-
-        /**
-         * TPB: The integer k where xm +
-         * xk + 1 represents the reduction polynomial
-         * f(z).
    
-         * PPB: The integer k1 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        private int k1;  // can't be final - JDK 1.1
-
-        /**
-         * TPB: Always set to 0
    
-         * PPB: The integer k2 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        private int k2;  // can't be final - JDK 1.1
-
-        /**
-         * TPB: Always set to 0
    
-         * PPB: The integer k3 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        private int k3;  // can't be final - JDK 1.1
-
-        /**
-         * The order of the base point of the curve.
-         */
-        private BigInteger n;  // can't be final - JDK 1.1
-
-        /**
-         * The cofactor of the curve.
-         */
-        private BigInteger h;  // can't be final - JDK 1.1
-        
-         /**
-         * The point at infinity on this curve.
-         */
-        private ECPoint.F2m infinity;  // can't be final - JDK 1.1
-
-        /**
-         * The parameter μ of the elliptic curve if this is
-         * a Koblitz curve.
-         */
-        private byte mu = 0;
-
-        /**
-         * The auxiliary values s0 and
-         * s1 used for partial modular reduction for
-         * Koblitz curves.
-         */
-        private BigInteger[] si = null;
-
-        /**
-         * Constructor for Trinomial Polynomial Basis (TPB).
-         * @param m  The exponent m of
-         * F2m.
-         * @param k The integer k where xm +
-         * xk + 1 represents the reduction
-         * polynomial f(z).
-         * @param a The coefficient a in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         * @param b The coefficient b in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         */
-        public F2m(
-            int m,
-            int k,
-            BigInteger a,
-            BigInteger b)
-        {
-            this(m, k, 0, 0, a, b, null, null);
-        }
-
-        /**
-         * Constructor for Trinomial Polynomial Basis (TPB).
-         * @param m  The exponent m of
-         * F2m.
-         * @param k The integer k where xm +
-         * xk + 1 represents the reduction
-         * polynomial f(z).
-         * @param a The coefficient a in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         * @param b The coefficient b in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         * @param n The order of the main subgroup of the elliptic curve.
-         * @param h The cofactor of the elliptic curve, i.e.
-         * #Ea(F2m) = h * n.
-         */
-        public F2m(
-            int m, 
-            int k, 
-            BigInteger a, 
-            BigInteger b,
-            BigInteger n,
-            BigInteger h)
-        {
-            this(m, k, 0, 0, a, b, n, h);
-        }
-
-        /**
-         * Constructor for Pentanomial Polynomial Basis (PPB).
-         * @param m  The exponent m of
-         * F2m.
-         * @param k1 The integer k1 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param k2 The integer k2 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param k3 The integer k3 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param a The coefficient a in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         * @param b The coefficient b in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         */
-        public F2m(
-            int m,
-            int k1,
-            int k2,
-            int k3,
-            BigInteger a,
-            BigInteger b)
-        {
-            this(m, k1, k2, k3, a, b, null, null);
-        }
-
-        /**
-         * Constructor for Pentanomial Polynomial Basis (PPB).
-         * @param m  The exponent m of
-         * F2m.
-         * @param k1 The integer k1 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param k2 The integer k2 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param k3 The integer k3 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param a The coefficient a in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         * @param b The coefficient b in the Weierstrass equation
-         * for non-supersingular elliptic curves over
-         * F2m.
-         * @param n The order of the main subgroup of the elliptic curve.
-         * @param h The cofactor of the elliptic curve, i.e.
-         * #Ea(F2m) = h * n.
-         */
-        public F2m(
-            int m, 
-            int k1, 
-            int k2, 
-            int k3,
-            BigInteger a, 
-            BigInteger b,
-            BigInteger n,
-            BigInteger h)
-        {
-            this.m = m;
-            this.k1 = k1;
-            this.k2 = k2;
-            this.k3 = k3;
-            this.n = n;
-            this.h = h;
-
-            if (k1 == 0)
-            {
-                throw new IllegalArgumentException("k1 must be > 0");
-            }
-
-            if (k2 == 0)
-            {
-                if (k3 != 0)
-                {
-                    throw new IllegalArgumentException("k3 must be 0 if k2 == 0");
-                }
-            }
-            else
-            {
-                if (k2 <= k1)
-                {
-                    throw new IllegalArgumentException("k2 must be > k1");
-                }
-
-                if (k3 <= k2)
-                {
-                    throw new IllegalArgumentException("k3 must be > k2");
-                }
-            }
-
-            this.a = fromBigInteger(a);
-            this.b = fromBigInteger(b);
-            this.infinity = new ECPoint.F2m(this, null, null);
-        }
-
-        public int getFieldSize()
-        {
-            return m;
-        }
-
-        public ECFieldElement fromBigInteger(BigInteger x)
-        {
-            return new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, x);
-        }
-
-        public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
-        {
-            return new ECPoint.F2m(this, fromBigInteger(x), fromBigInteger(y), withCompression);
-        }
-
-        /* (non-Javadoc)
-         * @see org.bouncycastle.math.ec.ECCurve#decodePoint(byte[])
-         */
-        public ECPoint decodePoint(byte[] encoded)
-        {
-            ECPoint p = null;
-
-            switch (encoded[0])
-            {
-                // infinity
-            case 0x00:
-                if (encoded.length > 1)
-                {
-                    throw new RuntimeException("Invalid point encoding");
-                }
-                p = getInfinity();
-                break;
-                // compressed
-            case 0x02:
-            case 0x03:
-                byte[] enc = new byte[encoded.length - 1];
-                System.arraycopy(encoded, 1, enc, 0, enc.length);
-                if (encoded[0] == 0x02) 
-                {
-                        p = decompressPoint(enc, 0);
-                }
-                else 
-                {
-                        p = decompressPoint(enc, 1);
-                }
-                break;
-                // uncompressed
-            case 0x04:
-                // hybrid
-            case 0x06:
-            case 0x07:
-                byte[] xEnc = new byte[(encoded.length - 1) / 2];
-                byte[] yEnc = new byte[(encoded.length - 1) / 2];
-
-                System.arraycopy(encoded, 1, xEnc, 0, xEnc.length);
-                System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length);
-
-                p = new ECPoint.F2m(this,
-                    new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3,
-                        new BigInteger(1, xEnc)),
-                    new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3,
-                        new BigInteger(1, yEnc)), false);
-                break;
-
-            default:
-                throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
-            }
-
-            return p;
-        }
-
-        public ECPoint getInfinity()
-        {
-            return infinity;
-        }
-
-        /**
-         * Returns true if this is a Koblitz curve (ABC curve).
-         * @return true if this is a Koblitz curve (ABC curve), false otherwise
-         */
-        public boolean isKoblitz()
-        {
-            return ((n != null) && (h != null) &&
-                    ((a.toBigInteger().equals(ECConstants.ZERO)) ||
-                    (a.toBigInteger().equals(ECConstants.ONE))) &&
-                    (b.toBigInteger().equals(ECConstants.ONE)));
-        }
-
-        /**
-         * Returns the parameter μ of the elliptic curve.
-         * @return μ of the elliptic curve.
-         * @throws IllegalArgumentException if the given ECCurve is not a
-         * Koblitz curve.
-         */
-        synchronized byte getMu()
-        {
-            if (mu == 0)
-            {
-                mu = Tnaf.getMu(this);
-            }
-            return mu;
-        }
-
-        /**
-         * @return the auxiliary values s0 and
-         * s1 used for partial modular reduction for
-         * Koblitz curves.
-         */
-        synchronized BigInteger[] getSi()
-        {
-            if (si == null)
-            {
-                si = Tnaf.getSi(this);
-            }
-            return si;
-        }
-
-        /**
-         * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2).
-         * 
-         * @param xEnc
-         *            The encoding of field element xp.
-         * @param ypBit
-         *            ~yp, an indication bit for the decompression of yp.
-         * @return the decompressed point.
-         */
-        private ECPoint decompressPoint(
-            byte[] xEnc, 
-            int ypBit)
-        {
-            ECFieldElement xp = new ECFieldElement.F2m(
-                    this.m, this.k1, this.k2, this.k3, new BigInteger(1, xEnc));
-            ECFieldElement yp = null;
-            if (xp.toBigInteger().equals(ECConstants.ZERO))
-            {
-                yp = (ECFieldElement.F2m)b;
-                for (int i = 0; i < m - 1; i++)
-                {
-                    yp = yp.square();
-                }
-            }
-            else
-            {
-                ECFieldElement beta = xp.add(a).add(
-                        b.multiply(xp.square().invert()));
-                ECFieldElement z = solveQuadradicEquation(beta);
-                if (z == null)
-                {
-                    throw new RuntimeException("Invalid point compression");
-                }
-                int zBit = 0;
-                if (z.toBigInteger().testBit(0))
-                {
-                    zBit = 1;
-                }
-                if (zBit != ypBit)
-                {
-                    z = z.add(new ECFieldElement.F2m(this.m, this.k1, this.k2,
-                            this.k3, ECConstants.ONE));
-                }
-                yp = xp.multiply(z);
-            }
-            
-            return new ECPoint.F2m(this, xp, yp);
-        }
-        
-        /**
-         * Solves a quadratic equation z2 + z = beta(X9.62
-         * D.1.6) The other solution is z + 1.
-         * 
-         * @param beta
-         *            The value to solve the qradratic equation for.
-         * @return the solution for z2 + z = beta or
-         *         null if no solution exists.
-         */
-        private ECFieldElement solveQuadradicEquation(ECFieldElement beta)
-        {
-            ECFieldElement zeroElement = new ECFieldElement.F2m(
-                    this.m, this.k1, this.k2, this.k3, ECConstants.ZERO);
-
-            if (beta.toBigInteger().equals(ECConstants.ZERO))
-            {
-                return zeroElement;
-            }
-
-            ECFieldElement z = null;
-            ECFieldElement gamma = zeroElement;
-
-            Random rand = new Random();
-            do
-            {
-                ECFieldElement t = new ECFieldElement.F2m(this.m, this.k1,
-                        this.k2, this.k3, new BigInteger(m, rand));
-                z = zeroElement;
-                ECFieldElement w = beta;
-                for (int i = 1; i <= m - 1; i++)
-                {
-                    ECFieldElement w2 = w.square();
-                    z = z.square().add(w2.multiply(t));
-                    w = w2.add(beta);
-                }
-                if (!w.toBigInteger().equals(ECConstants.ZERO))
-                {
-                    return null;
-                }
-                gamma = z.square().add(z);
-            }
-            while (gamma.toBigInteger().equals(ECConstants.ZERO));
-
-            return z;
-        }
-        
-        public boolean equals(
-            Object anObject)
-        {
-            if (anObject == this) 
-            {
-                return true;
-            }
-
-            if (!(anObject instanceof ECCurve.F2m)) 
-            {
-                return false;
-            }
-
-            ECCurve.F2m other = (ECCurve.F2m)anObject;
-            
-            return (this.m == other.m) && (this.k1 == other.k1)
-                && (this.k2 == other.k2) && (this.k3 == other.k3)
-                && a.equals(other.a) && b.equals(other.b);
-        }
-
-        public int hashCode()
-        {
-            return this.a.hashCode() ^ this.b.hashCode() ^ m ^ k1 ^ k2 ^ k3;
-        }
-
-        public int getM()
-        {
-            return m;
-        }
-
-        /**
-         * Return true if curve uses a Trinomial basis.
-         * 
-         * @return true if curve Trinomial, false otherwise.
-         */
-        public boolean isTrinomial()
-        {
-            return k2 == 0 && k3 == 0;
-        }
-        
-        public int getK1()
-        {
-            return k1;
-        }
-
-        public int getK2()
-        {
-            return k2;
-        }
-
-        public int getK3()
-        {
-            return k3;
-        }
-
-        public BigInteger getN()
-        {
-            return n;
-        }
-
-        public BigInteger getH()
-        {
-            return h;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
deleted file mode 100644
index b5e9aa55a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
+++ /dev/null
@@ -1,1196 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-import java.util.Random;
-
-public abstract class ECFieldElement
-    implements ECConstants
-{
-
-    public abstract BigInteger     toBigInteger();
-    public abstract String         getFieldName();
-    public abstract int            getFieldSize();
-    public abstract ECFieldElement add(ECFieldElement b);
-    public abstract ECFieldElement subtract(ECFieldElement b);
-    public abstract ECFieldElement multiply(ECFieldElement b);
-    public abstract ECFieldElement divide(ECFieldElement b);
-    public abstract ECFieldElement negate();
-    public abstract ECFieldElement square();
-    public abstract ECFieldElement invert();
-    public abstract ECFieldElement sqrt();
-
-    public String toString()
-    {
-        return this.toBigInteger().toString(2);
-    }
-
-    public static class Fp extends ECFieldElement
-    {
-        BigInteger x;
-
-        BigInteger q;
-        
-        public Fp(BigInteger q, BigInteger x)
-        {
-            this.x = x;
-            
-            if (x.compareTo(q) >= 0)
-            {
-                throw new IllegalArgumentException("x value too large in field element");
-            }
-
-            this.q = q;
-        }
-
-        public BigInteger toBigInteger()
-        {
-            return x;
-        }
-
-        /**
-         * return the field name for this field.
-         *
-         * @return the string "Fp".
-         */
-        public String getFieldName()
-        {
-            return "Fp";
-        }
-
-        public int getFieldSize()
-        {
-            return q.bitLength();
-        }
-
-        public BigInteger getQ()
-        {
-            return q;
-        }
-        
-        public ECFieldElement add(ECFieldElement b)
-        {
-            return new Fp(q, x.add(b.toBigInteger()).mod(q));
-        }
-
-        public ECFieldElement subtract(ECFieldElement b)
-        {
-            return new Fp(q, x.subtract(b.toBigInteger()).mod(q));
-        }
-
-        public ECFieldElement multiply(ECFieldElement b)
-        {
-            return new Fp(q, x.multiply(b.toBigInteger()).mod(q));
-        }
-
-        public ECFieldElement divide(ECFieldElement b)
-        {
-            return new Fp(q, x.multiply(b.toBigInteger().modInverse(q)).mod(q));
-        }
-
-        public ECFieldElement negate()
-        {
-            return new Fp(q, x.negate().mod(q));
-        }
-
-        public ECFieldElement square()
-        {
-            return new Fp(q, x.multiply(x).mod(q));
-        }
-
-        public ECFieldElement invert()
-        {
-            return new Fp(q, x.modInverse(q));
-        }
-
-        // D.1.4 91
-        /**
-         * return a sqrt root - the routine verifies that the calculation
-         * returns the right value - if none exists it returns null.
-         */
-        public ECFieldElement sqrt()
-        {
-            if (!q.testBit(0))
-            {
-                throw new RuntimeException("not done yet");
-            }
-
-            // note: even though this class implements ECConstants don't be tempted to
-            // remove the explicit declaration, some J2ME environments don't cope.
-            // p mod 4 == 3
-            if (q.testBit(1))
-            {
-                // z = g^(u+1) + p, p = 4u + 3
-                ECFieldElement z = new Fp(q, x.modPow(q.shiftRight(2).add(ECConstants.ONE), q));
-
-                return z.square().equals(this) ? z : null;
-            }
-
-            // p mod 4 == 1
-            BigInteger qMinusOne = q.subtract(ECConstants.ONE);
-
-            BigInteger legendreExponent = qMinusOne.shiftRight(1);
-            if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
-            {
-                return null;
-            }
-
-            BigInteger u = qMinusOne.shiftRight(2);
-            BigInteger k = u.shiftLeft(1).add(ECConstants.ONE);
-
-            BigInteger Q = this.x;
-            BigInteger fourQ = Q.shiftLeft(2).mod(q);
-
-            BigInteger U, V;
-            Random rand = new Random();
-            do
-            {
-                BigInteger P;
-                do
-                {
-                    P = new BigInteger(q.bitLength(), rand);
-                }
-                while (P.compareTo(q) >= 0
-                    || !(P.multiply(P).subtract(fourQ).modPow(legendreExponent, q).equals(qMinusOne)));
-
-                BigInteger[] result = lucasSequence(q, P, Q, k);
-                U = result[0];
-                V = result[1];
-
-                if (V.multiply(V).mod(q).equals(fourQ))
-                {
-                    // Integer division by 2, mod q
-                    if (V.testBit(0))
-                    {
-                        V = V.add(q);
-                    }
-
-                    V = V.shiftRight(1);
-
-                    //assert V.multiply(V).mod(q).equals(x);
-
-                    return new ECFieldElement.Fp(q, V);
-                }
-            }
-            while (U.equals(ECConstants.ONE) || U.equals(qMinusOne));
-
-            return null;
-
-//            BigInteger qMinusOne = q.subtract(ECConstants.ONE);
-//            BigInteger legendreExponent = qMinusOne.shiftRight(1); //divide(ECConstants.TWO);
-//            if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
-//            {
-//                return null;
-//            }
-//
-//            Random rand = new Random();
-//            BigInteger fourX = x.shiftLeft(2);
-//
-//            BigInteger r;
-//            do
-//            {
-//                r = new BigInteger(q.bitLength(), rand);
-//            }
-//            while (r.compareTo(q) >= 0
-//                || !(r.multiply(r).subtract(fourX).modPow(legendreExponent, q).equals(qMinusOne)));
-//
-//            BigInteger n1 = qMinusOne.shiftRight(2); //.divide(ECConstants.FOUR);
-//            BigInteger n2 = n1.add(ECConstants.ONE); //q.add(ECConstants.THREE).divide(ECConstants.FOUR);
-//
-//            BigInteger wOne = WOne(r, x, q);
-//            BigInteger wSum = W(n1, wOne, q).add(W(n2, wOne, q)).mod(q);
-//            BigInteger twoR = r.shiftLeft(1); //ECConstants.TWO.multiply(r);
-//
-//            BigInteger root = twoR.modPow(q.subtract(ECConstants.TWO), q)
-//                .multiply(x).mod(q)
-//                .multiply(wSum).mod(q);
-//
-//            return new Fp(q, root);
-        }
-
-//        private static BigInteger W(BigInteger n, BigInteger wOne, BigInteger p)
-//        {
-//            if (n.equals(ECConstants.ONE))
-//            {
-//                return wOne;
-//            }
-//            boolean isEven = !n.testBit(0);
-//            n = n.shiftRight(1);//divide(ECConstants.TWO);
-//            if (isEven)
-//            {
-//                BigInteger w = W(n, wOne, p);
-//                return w.multiply(w).subtract(ECConstants.TWO).mod(p);
-//            }
-//            BigInteger w1 = W(n.add(ECConstants.ONE), wOne, p);
-//            BigInteger w2 = W(n, wOne, p);
-//            return w1.multiply(w2).subtract(wOne).mod(p);
-//        }
-//
-//        private BigInteger WOne(BigInteger r, BigInteger x, BigInteger p)
-//        {
-//            return r.multiply(r).multiply(x.modPow(q.subtract(ECConstants.TWO), q)).subtract(ECConstants.TWO).mod(p);
-//        }
-
-        private static BigInteger[] lucasSequence(
-            BigInteger  p,
-            BigInteger  P,
-            BigInteger  Q,
-            BigInteger  k)
-        {
-            int n = k.bitLength();
-            int s = k.getLowestSetBit();
-
-            BigInteger Uh = ECConstants.ONE;
-            BigInteger Vl = ECConstants.TWO;
-            BigInteger Vh = P;
-            BigInteger Ql = ECConstants.ONE;
-            BigInteger Qh = ECConstants.ONE;
-
-            for (int j = n - 1; j >= s + 1; --j)
-            {
-                Ql = Ql.multiply(Qh).mod(p);
-
-                if (k.testBit(j))
-                {
-                    Qh = Ql.multiply(Q).mod(p);
-                    Uh = Uh.multiply(Vh).mod(p);
-                    Vl = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
-                    Vh = Vh.multiply(Vh).subtract(Qh.shiftLeft(1)).mod(p);
-                }
-                else
-                {
-                    Qh = Ql;
-                    Uh = Uh.multiply(Vl).subtract(Ql).mod(p);
-                    Vh = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
-                    Vl = Vl.multiply(Vl).subtract(Ql.shiftLeft(1)).mod(p);
-                }
-            }
-
-            Ql = Ql.multiply(Qh).mod(p);
-            Qh = Ql.multiply(Q).mod(p);
-            Uh = Uh.multiply(Vl).subtract(Ql).mod(p);
-            Vl = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
-            Ql = Ql.multiply(Qh).mod(p);
-
-            for (int j = 1; j <= s; ++j)
-            {
-                Uh = Uh.multiply(Vl).mod(p);
-                Vl = Vl.multiply(Vl).subtract(Ql.shiftLeft(1)).mod(p);
-                Ql = Ql.multiply(Ql).mod(p);
-            }
-
-            return new BigInteger[]{ Uh, Vl };
-        }
-        
-        public boolean equals(Object other)
-        {
-            if (other == this)
-            {
-                return true;
-            }
-
-            if (!(other instanceof ECFieldElement.Fp))
-            {
-                return false;
-            }
-            
-            ECFieldElement.Fp o = (ECFieldElement.Fp)other;
-            return q.equals(o.q) && x.equals(o.x);
-        }
-
-        public int hashCode()
-        {
-            return q.hashCode() ^ x.hashCode();
-        }
-    }
-
-//    /**
-//     * Class representing the Elements of the finite field
-//     * F2m in polynomial basis (PB)
-//     * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
-//     * basis representations are supported. Gaussian normal basis (GNB)
-//     * representation is not supported.
-//     */
-//    public static class F2m extends ECFieldElement
-//    {
-//        BigInteger x;
-//
-//        /**
-//         * Indicates gaussian normal basis representation (GNB). Number chosen
-//         * according to X9.62. GNB is not implemented at present.
-//         */
-//        public static final int GNB = 1;
-//
-//        /**
-//         * Indicates trinomial basis representation (TPB). Number chosen
-//         * according to X9.62.
-//         */
-//        public static final int TPB = 2;
-//
-//        /**
-//         * Indicates pentanomial basis representation (PPB). Number chosen
-//         * according to X9.62.
-//         */
-//        public static final int PPB = 3;
-//
-//        /**
-//         * TPB or PPB.
-//         */
-//        private int representation;
-//
-//        /**
-//         * The exponent m of F2m.
-//         */
-//        private int m;
-//
-//        /**
-//         * TPB: The integer k where xm +
-//         * xk + 1 represents the reduction polynomial
-//         * f(z).
    
-//         * PPB: The integer k1 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
    
-//         */
-//        private int k1;
-//
-//        /**
-//         * TPB: Always set to 0
    
-//         * PPB: The integer k2 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
    
-//         */
-//        private int k2;
-//
-//        /**
-//         * TPB: Always set to 0
    
-//         * PPB: The integer k3 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
    
-//         */
-//        private int k3;
-//        
-//        /**
-//         * Constructor for PPB.
-//         * @param m  The exponent m of
-//         * F2m.
-//         * @param k1 The integer k1 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
-//         * @param k2 The integer k2 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
-//         * @param k3 The integer k3 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
-//         * @param x The BigInteger representing the value of the field element.
-//         */
-//        public F2m(
-//            int m, 
-//            int k1, 
-//            int k2, 
-//            int k3,
-//            BigInteger x)
-//        {
-////            super(x);
-//            this.x = x;
-//
-//            if ((k2 == 0) && (k3 == 0))
-//            {
-//                this.representation = TPB;
-//            }
-//            else
-//            {
-//                if (k2 >= k3)
-//                {
-//                    throw new IllegalArgumentException(
-//                            "k2 must be smaller than k3");
-//                }
-//                if (k2 <= 0)
-//                {
-//                    throw new IllegalArgumentException(
-//                            "k2 must be larger than 0");
-//                }
-//                this.representation = PPB;
-//            }
-//
-//            if (x.signum() < 0)
-//            {
-//                throw new IllegalArgumentException("x value cannot be negative");
-//            }
-//
-//            this.m = m;
-//            this.k1 = k1;
-//            this.k2 = k2;
-//            this.k3 = k3;
-//        }
-//
-//        /**
-//         * Constructor for TPB.
-//         * @param m  The exponent m of
-//         * F2m.
-//         * @param k The integer k where xm +
-//         * xk + 1 represents the reduction
-//         * polynomial f(z).
-//         * @param x The BigInteger representing the value of the field element.
-//         */
-//        public F2m(int m, int k, BigInteger x)
-//        {
-//            // Set k1 to k, and set k2 and k3 to 0
-//            this(m, k, 0, 0, x);
-//        }
-//
-//        public BigInteger toBigInteger()
-//        {
-//            return x;
-//        }
-//
-//        public String getFieldName()
-//        {
-//            return "F2m";
-//        }
-//
-//        public int getFieldSize()
-//        {
-//            return m;
-//        }
-//
-//        /**
-//         * Checks, if the ECFieldElements a and b
-//         * are elements of the same field F2m
-//         * (having the same representation).
-//         * @param a field element.
-//         * @param b field element to be compared.
-//         * @throws IllegalArgumentException if a and b
-//         * are not elements of the same field
-//         * F2m (having the same
-//         * representation). 
-//         */
-//        public static void checkFieldElements(
-//            ECFieldElement a,
-//            ECFieldElement b)
-//        {
-//            if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
-//            {
-//                throw new IllegalArgumentException("Field elements are not "
-//                        + "both instances of ECFieldElement.F2m");
-//            }
-//
-//            if ((a.toBigInteger().signum() < 0) || (b.toBigInteger().signum() < 0))
-//            {
-//                throw new IllegalArgumentException(
-//                        "x value may not be negative");
-//            }
-//
-//            ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
-//            ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
-//
-//            if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
-//                    || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
-//            {
-//                throw new IllegalArgumentException("Field elements are not "
-//                        + "elements of the same field F2m");
-//            }
-//
-//            if (aF2m.representation != bF2m.representation)
-//            {
-//                // Should never occur
-//                throw new IllegalArgumentException(
-//                        "One of the field "
-//                                + "elements are not elements has incorrect representation");
-//            }
-//        }
-//
-//        /**
-//         * Computes z * a(z) mod f(z), where f(z) is
-//         * the reduction polynomial of this.
-//         * @param a The polynomial a(z) to be multiplied by
-//         * z mod f(z).
-//         * @return z * a(z) mod f(z)
-//         */
-//        private BigInteger multZModF(final BigInteger a)
-//        {
-//            // Left-shift of a(z)
-//            BigInteger az = a.shiftLeft(1);
-//            if (az.testBit(this.m)) 
-//            {
-//                // If the coefficient of z^m in a(z) equals 1, reduction
-//                // modulo f(z) is performed: Add f(z) to to a(z):
-//                // Step 1: Unset mth coeffient of a(z)
-//                az = az.clearBit(this.m);
-//
-//                // Step 2: Add r(z) to a(z), where r(z) is defined as
-//                // f(z) = z^m + r(z), and k1, k2, k3 are the positions of
-//                // the non-zero coefficients in r(z)
-//                az = az.flipBit(0);
-//                az = az.flipBit(this.k1);
-//                if (this.representation == PPB) 
-//                {
-//                    az = az.flipBit(this.k2);
-//                    az = az.flipBit(this.k3);
-//                }
-//            }
-//            return az;
-//        }
-//
-//        public ECFieldElement add(final ECFieldElement b)
-//        {
-//            // No check performed here for performance reasons. Instead the
-//            // elements involved are checked in ECPoint.F2m
-//            // checkFieldElements(this, b);
-//            if (b.toBigInteger().signum() == 0)
-//            {
-//                return this;
-//            }
-//
-//            return new F2m(this.m, this.k1, this.k2, this.k3, this.x.xor(b.toBigInteger()));
-//        }
-//
-//        public ECFieldElement subtract(final ECFieldElement b)
-//        {
-//            // Addition and subtraction are the same in F2m
-//            return add(b);
-//        }
-//
-//
-//        public ECFieldElement multiply(final ECFieldElement b)
-//        {
-//            // Left-to-right shift-and-add field multiplication in F2m
-//            // Input: Binary polynomials a(z) and b(z) of degree at most m-1
-//            // Output: c(z) = a(z) * b(z) mod f(z)
-//
-//            // No check performed here for performance reasons. Instead the
-//            // elements involved are checked in ECPoint.F2m
-//            // checkFieldElements(this, b);
-//            final BigInteger az = this.x;
-//            BigInteger bz = b.toBigInteger();
-//            BigInteger cz;
-//
-//            // Compute c(z) = a(z) * b(z) mod f(z)
-//            if (az.testBit(0)) 
-//            {
-//                cz = bz;
-//            } 
-//            else 
-//            {
-//                cz = ECConstants.ZERO;
-//            }
-//
-//            for (int i = 1; i < this.m; i++) 
-//            {
-//                // b(z) := z * b(z) mod f(z)
-//                bz = multZModF(bz);
-//
-//                if (az.testBit(i)) 
-//                {
-//                    // If the coefficient of x^i in a(z) equals 1, b(z) is added
-//                    // to c(z)
-//                    cz = cz.xor(bz);
-//                }
-//            }
-//            return new ECFieldElement.F2m(m, this.k1, this.k2, this.k3, cz);
-//        }
-//
-//
-//        public ECFieldElement divide(final ECFieldElement b)
-//        {
-//            // There may be more efficient implementations
-//            ECFieldElement bInv = b.invert();
-//            return multiply(bInv);
-//        }
-//
-//        public ECFieldElement negate()
-//        {
-//            // -x == x holds for all x in F2m
-//            return this;
-//        }
-//
-//        public ECFieldElement square()
-//        {
-//            // Naive implementation, can probably be speeded up using modular
-//            // reduction
-//            return multiply(this);
-//        }
-//
-//        public ECFieldElement invert()
-//        {
-//            // Inversion in F2m using the extended Euclidean algorithm
-//            // Input: A nonzero polynomial a(z) of degree at most m-1
-//            // Output: a(z)^(-1) mod f(z)
-//
-//            // u(z) := a(z)
-//            BigInteger uz = this.x;
-//            if (uz.signum() <= 0) 
-//            {
-//                throw new ArithmeticException("x is zero or negative, " +
-//                        "inversion is impossible");
-//            }
-//
-//            // v(z) := f(z)
-//            BigInteger vz = ECConstants.ZERO.setBit(m);
-//            vz = vz.setBit(0);
-//            vz = vz.setBit(this.k1);
-//            if (this.representation == PPB) 
-//            {
-//                vz = vz.setBit(this.k2);
-//                vz = vz.setBit(this.k3);
-//            }
-//
-//            // g1(z) := 1, g2(z) := 0
-//            BigInteger g1z = ECConstants.ONE;
-//            BigInteger g2z = ECConstants.ZERO;
-//
-//            // while u != 1
-//            while (!(uz.equals(ECConstants.ZERO))) 
-//            {
-//                // j := deg(u(z)) - deg(v(z))
-//                int j = uz.bitLength() - vz.bitLength();
-//
-//                // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
-//                if (j < 0) 
-//                {
-//                    final BigInteger uzCopy = uz;
-//                    uz = vz;
-//                    vz = uzCopy;
-//
-//                    final BigInteger g1zCopy = g1z;
-//                    g1z = g2z;
-//                    g2z = g1zCopy;
-//
-//                    j = -j;
-//                }
-//
-//                // u(z) := u(z) + z^j * v(z)
-//                // Note, that no reduction modulo f(z) is required, because
-//                // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
-//                // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
-//                // = deg(u(z))
-//                uz = uz.xor(vz.shiftLeft(j));
-//
-//                // g1(z) := g1(z) + z^j * g2(z)
-//                g1z = g1z.xor(g2z.shiftLeft(j));
-////                if (g1z.bitLength() > this.m) {
-////                    throw new ArithmeticException(
-////                            "deg(g1z) >= m, g1z = " + g1z.toString(2));
-////                }
-//            }
-//            return new ECFieldElement.F2m(
-//                    this.m, this.k1, this.k2, this.k3, g2z);
-//        }
-//
-//        public ECFieldElement sqrt()
-//        {
-//            throw new RuntimeException("Not implemented");
-//        }
-//
-//        /**
-//         * @return the representation of the field
-//         * F2m, either of
-//         * TPB (trinomial
-//         * basis representation) or
-//         * PPB (pentanomial
-//         * basis representation).
-//         */
-//        public int getRepresentation()
-//        {
-//            return this.representation;
-//        }
-//
-//        /**
-//         * @return the degree m of the reduction polynomial
-//         * f(z).
-//         */
-//        public int getM()
-//        {
-//            return this.m;
-//        }
-//
-//        /**
-//         * @return TPB: The integer k where xm +
-//         * xk + 1 represents the reduction polynomial
-//         * f(z).
    
-//         * PPB: The integer k1 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
    
-//         */
-//        public int getK1()
-//        {
-//            return this.k1;
-//        }
-//
-//        /**
-//         * @return TPB: Always returns 0
    
-//         * PPB: The integer k2 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
    
-//         */
-//        public int getK2()
-//        {
-//            return this.k2;
-//        }
-//
-//        /**
-//         * @return TPB: Always set to 0
    
-//         * PPB: The integer k3 where xm +
-//         * xk3 + xk2 + xk1 + 1
-//         * represents the reduction polynomial f(z).
    
-//         */
-//        public int getK3()
-//        {
-//            return this.k3;
-//        }
-//
-//        public boolean equals(Object anObject)
-//        {
-//            if (anObject == this) 
-//            {
-//                return true;
-//            }
-//
-//            if (!(anObject instanceof ECFieldElement.F2m)) 
-//            {
-//                return false;
-//            }
-//
-//            ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
-//            
-//            return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
-//                && (this.k3 == b.k3)
-//                && (this.representation == b.representation)
-//                && (this.x.equals(b.x)));
-//        }
-//
-//        public int hashCode()
-//        {
-//            return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
-//        }
-//    }
-
-    /**
-     * Class representing the Elements of the finite field
-     * F2m in polynomial basis (PB)
-     * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
-     * basis representations are supported. Gaussian normal basis (GNB)
-     * representation is not supported.
-     */
-    public static class F2m extends ECFieldElement
-    {
-        /**
-         * Indicates gaussian normal basis representation (GNB). Number chosen
-         * according to X9.62. GNB is not implemented at present.
-         */
-        public static final int GNB = 1;
-
-        /**
-         * Indicates trinomial basis representation (TPB). Number chosen
-         * according to X9.62.
-         */
-        public static final int TPB = 2;
-
-        /**
-         * Indicates pentanomial basis representation (PPB). Number chosen
-         * according to X9.62.
-         */
-        public static final int PPB = 3;
-
-        /**
-         * TPB or PPB.
-         */
-        private int representation;
-
-        /**
-         * The exponent m of F2m.
-         */
-        private int m;
-
-        /**
-         * TPB: The integer k where xm +
-         * xk + 1 represents the reduction polynomial
-         * f(z).
    
-         * PPB: The integer k1 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        private int k1;
-
-        /**
-         * TPB: Always set to 0
    
-         * PPB: The integer k2 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        private int k2;
-
-        /**
-         * TPB: Always set to 0
    
-         * PPB: The integer k3 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        private int k3;
-
-        /**
-         * The IntArray holding the bits.
-         */
-        private IntArray x;
-
-        /**
-         * The number of ints required to hold m bits.
-         */
-        private int t;
-
-        /**
-         * Constructor for PPB.
-         * @param m  The exponent m of
-         * F2m.
-         * @param k1 The integer k1 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param k2 The integer k2 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param k3 The integer k3 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
-         * @param x The BigInteger representing the value of the field element.
-         */
-        public F2m(
-            int m, 
-            int k1, 
-            int k2, 
-            int k3,
-            BigInteger x)
-        {
-            // t = m / 32 rounded up to the next integer
-            t = (m + 31) >> 5;
-            this.x = new IntArray(x, t);
-
-            if ((k2 == 0) && (k3 == 0))
-            {
-                this.representation = TPB;
-            }
-            else
-            {
-                if (k2 >= k3)
-                {
-                    throw new IllegalArgumentException(
-                            "k2 must be smaller than k3");
-                }
-                if (k2 <= 0)
-                {
-                    throw new IllegalArgumentException(
-                            "k2 must be larger than 0");
-                }
-                this.representation = PPB;
-            }
-
-            if (x.signum() < 0)
-            {
-                throw new IllegalArgumentException("x value cannot be negative");
-            }
-
-            this.m = m;
-            this.k1 = k1;
-            this.k2 = k2;
-            this.k3 = k3;
-        }
-
-        /**
-         * Constructor for TPB.
-         * @param m  The exponent m of
-         * F2m.
-         * @param k The integer k where xm +
-         * xk + 1 represents the reduction
-         * polynomial f(z).
-         * @param x The BigInteger representing the value of the field element.
-         */
-        public F2m(int m, int k, BigInteger x)
-        {
-            // Set k1 to k, and set k2 and k3 to 0
-            this(m, k, 0, 0, x);
-        }
-
-        private F2m(int m, int k1, int k2, int k3, IntArray x)
-        {
-            t = (m + 31) >> 5;
-            this.x = x;
-            this.m = m;
-            this.k1 = k1;
-            this.k2 = k2;
-            this.k3 = k3;
-
-            if ((k2 == 0) && (k3 == 0))
-            {
-                this.representation = TPB;
-            }
-            else
-            {
-                this.representation = PPB;
-            }
-
-        }
-
-        public BigInteger toBigInteger()
-        {
-            return x.toBigInteger();
-        }
-
-        public String getFieldName()
-        {
-            return "F2m";
-        }
-
-        public int getFieldSize()
-        {
-            return m;
-        }
-
-        /**
-         * Checks, if the ECFieldElements a and b
-         * are elements of the same field F2m
-         * (having the same representation).
-         * @param a field element.
-         * @param b field element to be compared.
-         * @throws IllegalArgumentException if a and b
-         * are not elements of the same field
-         * F2m (having the same
-         * representation). 
-         */
-        public static void checkFieldElements(
-            ECFieldElement a,
-            ECFieldElement b)
-        {
-            if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
-            {
-                throw new IllegalArgumentException("Field elements are not "
-                        + "both instances of ECFieldElement.F2m");
-            }
-
-            ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
-            ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
-
-            if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
-                    || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
-            {
-                throw new IllegalArgumentException("Field elements are not "
-                        + "elements of the same field F2m");
-            }
-
-            if (aF2m.representation != bF2m.representation)
-            {
-                // Should never occur
-                throw new IllegalArgumentException(
-                        "One of the field "
-                                + "elements are not elements has incorrect representation");
-            }
-        }
-
-        public ECFieldElement add(final ECFieldElement b)
-        {
-            // No check performed here for performance reasons. Instead the
-            // elements involved are checked in ECPoint.F2m
-            // checkFieldElements(this, b);
-            IntArray iarrClone = (IntArray)this.x.clone();
-            F2m bF2m = (F2m)b;
-            iarrClone.addShifted(bF2m.x, 0);
-            return new F2m(m, k1, k2, k3, iarrClone);
-        }
-
-        public ECFieldElement subtract(final ECFieldElement b)
-        {
-            // Addition and subtraction are the same in F2m
-            return add(b);
-        }
-
-        public ECFieldElement multiply(final ECFieldElement b)
-        {
-            // Right-to-left comb multiplication in the IntArray
-            // Input: Binary polynomials a(z) and b(z) of degree at most m-1
-            // Output: c(z) = a(z) * b(z) mod f(z)
-
-            // No check performed here for performance reasons. Instead the
-            // elements involved are checked in ECPoint.F2m
-            // checkFieldElements(this, b);
-            F2m bF2m = (F2m)b;
-            IntArray mult = x.multiply(bF2m.x, m);
-            mult.reduce(m, new int[]{k1, k2, k3});
-            return new F2m(m, k1, k2, k3, mult);
-        }
-
-        public ECFieldElement divide(final ECFieldElement b)
-        {
-            // There may be more efficient implementations
-            ECFieldElement bInv = b.invert();
-            return multiply(bInv);
-        }
-
-        public ECFieldElement negate()
-        {
-            // -x == x holds for all x in F2m
-            return this;
-        }
-
-        public ECFieldElement square()
-        {
-            IntArray squared = x.square(m);
-            squared.reduce(m, new int[]{k1, k2, k3});
-            return new F2m(m, k1, k2, k3, squared);
-        }
-
-
-        public ECFieldElement invert()
-        {
-            // Inversion in F2m using the extended Euclidean algorithm
-            // Input: A nonzero polynomial a(z) of degree at most m-1
-            // Output: a(z)^(-1) mod f(z)
-
-            // u(z) := a(z)
-            IntArray uz = (IntArray)this.x.clone();
-
-            // v(z) := f(z)
-            IntArray vz = new IntArray(t);
-            vz.setBit(m);
-            vz.setBit(0);
-            vz.setBit(this.k1);
-            if (this.representation == PPB) 
-            {
-                vz.setBit(this.k2);
-                vz.setBit(this.k3);
-            }
-
-            // g1(z) := 1, g2(z) := 0
-            IntArray g1z = new IntArray(t);
-            g1z.setBit(0);
-            IntArray g2z = new IntArray(t);
-
-            // while u != 0
-            while (!uz.isZero())
-//            while (uz.getUsedLength() > 0)
-//            while (uz.bitLength() > 1)
-            {
-                // j := deg(u(z)) - deg(v(z))
-                int j = uz.bitLength() - vz.bitLength();
-
-                // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
-                if (j < 0) 
-                {
-                    final IntArray uzCopy = uz;
-                    uz = vz;
-                    vz = uzCopy;
-
-                    final IntArray g1zCopy = g1z;
-                    g1z = g2z;
-                    g2z = g1zCopy;
-
-                    j = -j;
-                }
-
-                // u(z) := u(z) + z^j * v(z)
-                // Note, that no reduction modulo f(z) is required, because
-                // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
-                // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
-                // = deg(u(z))
-                // uz = uz.xor(vz.shiftLeft(j));
-                // jInt = n / 32
-                int jInt = j >> 5;
-                // jInt = n % 32
-                int jBit = j & 0x1F;
-                IntArray vzShift = vz.shiftLeft(jBit);
-                uz.addShifted(vzShift, jInt);
-
-                // g1(z) := g1(z) + z^j * g2(z)
-//                g1z = g1z.xor(g2z.shiftLeft(j));
-                IntArray g2zShift = g2z.shiftLeft(jBit);
-                g1z.addShifted(g2zShift, jInt);
-                
-            }
-            return new ECFieldElement.F2m(
-                    this.m, this.k1, this.k2, this.k3, g2z);
-        }
-
-        public ECFieldElement sqrt()
-        {
-            throw new RuntimeException("Not implemented");
-        }
-
-        /**
-         * @return the representation of the field
-         * F2m, either of
-         * TPB (trinomial
-         * basis representation) or
-         * PPB (pentanomial
-         * basis representation).
-         */
-        public int getRepresentation()
-        {
-            return this.representation;
-        }
-
-        /**
-         * @return the degree m of the reduction polynomial
-         * f(z).
-         */
-        public int getM()
-        {
-            return this.m;
-        }
-
-        /**
-         * @return TPB: The integer k where xm +
-         * xk + 1 represents the reduction polynomial
-         * f(z).
    
-         * PPB: The integer k1 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        public int getK1()
-        {
-            return this.k1;
-        }
-
-        /**
-         * @return TPB: Always returns 0
    
-         * PPB: The integer k2 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        public int getK2()
-        {
-            return this.k2;
-        }
-
-        /**
-         * @return TPB: Always set to 0
    
-         * PPB: The integer k3 where xm +
-         * xk3 + xk2 + xk1 + 1
-         * represents the reduction polynomial f(z).
    
-         */
-        public int getK3()
-        {
-            return this.k3;
-        }
-
-        public boolean equals(Object anObject)
-        {
-            if (anObject == this) 
-            {
-                return true;
-            }
-
-            if (!(anObject instanceof ECFieldElement.F2m)) 
-            {
-                return false;
-            }
-
-            ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
-            
-            return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
-                && (this.k3 == b.k3)
-                && (this.representation == b.representation)
-                && (this.x.equals(b.x)));
-        }
-
-        public int hashCode()
-        {
-            return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java
deleted file mode 100644
index 4d72e33cf..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Interface for classes encapsulating a point multiplication algorithm
- * for ECPoints.
- */
-interface ECMultiplier
-{
-    /**
-     * Multiplies the ECPoint p by k, i.e.
-     * p is added k times to itself.
-     * @param p The ECPoint to be multiplied.
-     * @param k The factor by which p i multiplied.
-     * @return p multiplied by k.
-     */
-    ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECPoint.java
deleted file mode 100644
index b14e4c154..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ECPoint.java
+++ /dev/null
@@ -1,588 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-import org.bouncycastle.asn1.x9.X9IntegerConverter;
-
-/**
- * base class for points on elliptic curves.
- */
-public abstract class ECPoint
-{
-    ECCurve        curve;
-    ECFieldElement x;
-    ECFieldElement y;
-
-    protected boolean withCompression;
-
-    protected ECMultiplier multiplier = null;
-
-    protected PreCompInfo preCompInfo = null;
-
-    private static X9IntegerConverter converter = new X9IntegerConverter();
-
-    protected ECPoint(ECCurve curve, ECFieldElement x, ECFieldElement y)
-    {
-        this.curve = curve;
-        this.x = x;
-        this.y = y;
-    }
-    
-    public ECCurve getCurve()
-    {
-        return curve;
-    }
-    
-    public ECFieldElement getX()
-    {
-        return x;
-    }
-
-    public ECFieldElement getY()
-    {
-        return y;
-    }
-
-    public boolean isInfinity()
-    {
-        return x == null && y == null;
-    }
-
-    public boolean isCompressed()
-    {
-        return withCompression;
-    }
-
-    public boolean equals(
-        Object  other)
-    {
-        if (other == this)
-        {
-            return true;
-        }
-
-        if (!(other instanceof ECPoint))
-        {
-            return false;
-        }
-
-        ECPoint o = (ECPoint)other;
-
-        if (this.isInfinity())
-        {
-            return o.isInfinity();
-        }
-
-        return x.equals(o.x) && y.equals(o.y);
-    }
-
-    public int hashCode()
-    {
-        if (this.isInfinity())
-        {
-            return 0;
-        }
-        
-        return x.hashCode() ^ y.hashCode();
-    }
-
-//    /**
-//     * Mainly for testing. Explicitly set the ECMultiplier.
-//     * @param multiplier The ECMultiplier to be used to multiply
-//     * this ECPoint.
-//     */
-//    public void setECMultiplier(ECMultiplier multiplier)
-//    {
-//        this.multiplier = multiplier;
-//    }
-
-    /**
-     * Sets the PreCompInfo. Used by ECMultipliers
-     * to save the precomputation for this ECPoint to store the
-     * precomputation result for use by subsequent multiplication.
-     * @param preCompInfo The values precomputed by the
-     * ECMultiplier.
-     */
-    void setPreCompInfo(PreCompInfo preCompInfo)
-    {
-        this.preCompInfo = preCompInfo;
-    }
-
-    public abstract byte[] getEncoded();
-
-    public abstract ECPoint add(ECPoint b);
-    public abstract ECPoint subtract(ECPoint b);
-    public abstract ECPoint negate();
-    public abstract ECPoint twice();
-
-    /**
-     * Sets the default ECMultiplier, unless already set. 
-     */
-    synchronized void assertECMultiplier()
-    {
-        if (this.multiplier == null)
-        {
-            this.multiplier = new FpNafMultiplier();
-        }
-    }
-
-    /**
-     * Multiplies this ECPoint by the given number.
-     * @param k The multiplicator.
-     * @return k * this.
-     */
-    public ECPoint multiply(BigInteger k)
-    {
-        if (k.signum() < 0)
-        {
-            throw new IllegalArgumentException("The multiplicator cannot be negative");
-        }
-
-        if (this.isInfinity())
-        {
-            return this;
-        }
-
-        if (k.signum() == 0)
-        {
-            return this.curve.getInfinity();
-        }
-
-        assertECMultiplier();
-        return this.multiplier.multiply(this, k, preCompInfo);
-    }
-
-    /**
-     * Elliptic curve points over Fp
-     */
-    public static class Fp extends ECPoint
-    {
-        
-        /**
-         * Create a point which encodes with point compression.
-         * 
-         * @param curve the curve to use
-         * @param x affine x co-ordinate
-         * @param y affine y co-ordinate
-         */
-        public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y)
-        {
-            this(curve, x, y, false);
-        }
-
-        /**
-         * Create a point that encodes with or without point compresion.
-         * 
-         * @param curve the curve to use
-         * @param x affine x co-ordinate
-         * @param y affine y co-ordinate
-         * @param withCompression if true encode with point compression
-         */
-        public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
-        {
-            super(curve, x, y);
-
-            if ((x != null && y == null) || (x == null && y != null))
-            {
-                throw new IllegalArgumentException("Exactly one of the field elements is null");
-            }
-
-            this.withCompression = withCompression;
-        }
-         
-        /**
-         * return the field element encoded with point compression. (S 4.3.6)
-         */
-        public byte[] getEncoded()
-        {
-            if (this.isInfinity()) 
-            {
-                return new byte[1];
-            }
-
-            int qLength = converter.getByteLength(x);
-            
-            if (withCompression)
-            {
-                byte    PC;
-    
-                if (this.getY().toBigInteger().testBit(0))
-                {
-                    PC = 0x03;
-                }
-                else
-                {
-                    PC = 0x02;
-                }
-    
-                byte[]  X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
-                byte[]  PO = new byte[X.length + 1];
-    
-                PO[0] = PC;
-                System.arraycopy(X, 0, PO, 1, X.length);
-    
-                return PO;
-            }
-            else
-            {
-                byte[]  X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
-                byte[]  Y = converter.integerToBytes(this.getY().toBigInteger(), qLength);
-                byte[]  PO = new byte[X.length + Y.length + 1];
-                
-                PO[0] = 0x04;
-                System.arraycopy(X, 0, PO, 1, X.length);
-                System.arraycopy(Y, 0, PO, X.length + 1, Y.length);
-
-                return PO;
-            }
-        }
-
-        // B.3 pg 62
-        public ECPoint add(ECPoint b)
-        {
-            if (this.isInfinity())
-            {
-                return b;
-            }
-
-            if (b.isInfinity())
-            {
-                return this;
-            }
-
-            // Check if b = this or b = -this
-            if (this.x.equals(b.x))
-            {
-                if (this.y.equals(b.y))
-                {
-                    // this = b, i.e. this must be doubled
-                    return this.twice();
-                }
-
-                // this = -b, i.e. the result is the point at infinity
-                return this.curve.getInfinity();
-            }
-
-            ECFieldElement gamma = b.y.subtract(this.y).divide(b.x.subtract(this.x));
-
-            ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x);
-            ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
-
-            return new ECPoint.Fp(curve, x3, y3);
-        }
-
-        // B.3 pg 62
-        public ECPoint twice()
-        {
-            if (this.isInfinity())
-            {
-                // Twice identity element (point at infinity) is identity
-                return this;
-            }
-
-            if (this.y.toBigInteger().signum() == 0) 
-            {
-                // if y1 == 0, then (x1, y1) == (x1, -y1)
-                // and hence this = -this and thus 2(x1, y1) == infinity
-                return this.curve.getInfinity();
-            }
-
-            ECFieldElement TWO = this.curve.fromBigInteger(BigInteger.valueOf(2));
-            ECFieldElement THREE = this.curve.fromBigInteger(BigInteger.valueOf(3));
-            ECFieldElement gamma = this.x.square().multiply(THREE).add(curve.a).divide(y.multiply(TWO));
-
-            ECFieldElement x3 = gamma.square().subtract(this.x.multiply(TWO));
-            ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
-                
-            return new ECPoint.Fp(curve, x3, y3, this.withCompression);
-        }
-
-        // D.3.2 pg 102 (see Note:)
-        public ECPoint subtract(ECPoint b)
-        {
-            if (b.isInfinity())
-            {
-                return this;
-            }
-
-            // Add -b
-            return add(b.negate());
-        }
-
-        public ECPoint negate()
-        {
-            return new ECPoint.Fp(curve, this.x, this.y.negate(), this.withCompression);
-        }
-
-        /**
-         * Sets the default ECMultiplier, unless already set. 
-         */
-        synchronized void assertECMultiplier()
-        {
-            if (this.multiplier == null)
-            {
-                this.multiplier = new WNafMultiplier();
-            }
-        }
-    }
-
-    /**
-     * Elliptic curve points over F2m
-     */
-    public static class F2m extends ECPoint
-    {
-        /**
-         * @param curve base curve
-         * @param x x point
-         * @param y y point
-         */
-        public F2m(ECCurve curve, ECFieldElement x, ECFieldElement y)
-        {
-            this(curve, x, y, false);
-        }
-        
-        /**
-         * @param curve base curve
-         * @param x x point
-         * @param y y point
-         * @param withCompression true if encode with point compression.
-         */
-        public F2m(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
-        {
-            super(curve, x, y);
-
-            if ((x != null && y == null) || (x == null && y != null))
-            {
-                throw new IllegalArgumentException("Exactly one of the field elements is null");
-            }
-            
-            if (x != null)
-            {
-                // Check if x and y are elements of the same field
-                ECFieldElement.F2m.checkFieldElements(this.x, this.y);
-    
-                // Check if x and a are elements of the same field
-                if (curve != null)
-                {
-                    ECFieldElement.F2m.checkFieldElements(this.x, this.curve.getA());
-                }
-            }
-            
-            this.withCompression = withCompression;
-        }
-
-        /* (non-Javadoc)
-         * @see org.bouncycastle.math.ec.ECPoint#getEncoded()
-         */
-        public byte[] getEncoded()
-        {
-            if (this.isInfinity()) 
-            {
-                return new byte[1];
-            }
-
-            int byteCount = converter.getByteLength(this.x);
-            byte[] X = converter.integerToBytes(this.getX().toBigInteger(), byteCount);
-            byte[] PO;
-
-            if (withCompression)
-            {
-                // See X9.62 4.3.6 and 4.2.2
-                PO = new byte[byteCount + 1];
-
-                PO[0] = 0x02;
-                // X9.62 4.2.2 and 4.3.6:
-                // if x = 0 then ypTilde := 0, else ypTilde is the rightmost
-                // bit of y * x^(-1)
-                // if ypTilde = 0, then PC := 02, else PC := 03
-                // Note: PC === PO[0]
-                if (!(this.getX().toBigInteger().equals(ECConstants.ZERO)))
-                {
-                    if (this.getY().multiply(this.getX().invert())
-                            .toBigInteger().testBit(0))
-                    {
-                        // ypTilde = 1, hence PC = 03
-                        PO[0] = 0x03;
-                    }
-                }
-
-                System.arraycopy(X, 0, PO, 1, byteCount);
-            }
-            else
-            {
-                byte[] Y = converter.integerToBytes(this.getY().toBigInteger(), byteCount);
-    
-                PO = new byte[byteCount + byteCount + 1];
-    
-                PO[0] = 0x04;
-                System.arraycopy(X, 0, PO, 1, byteCount);
-                System.arraycopy(Y, 0, PO, byteCount + 1, byteCount);    
-            }
-
-            return PO;
-        }
-
-        /**
-         * Check, if two ECPoints can be added or subtracted.
-         * @param a The first ECPoint to check.
-         * @param b The second ECPoint to check.
-         * @throws IllegalArgumentException if a and b
-         * cannot be added.
-         */
-        private static void checkPoints(ECPoint a, ECPoint b)
-        {
-            // Check, if points are on the same curve
-            if (!(a.curve.equals(b.curve)))
-            {
-                throw new IllegalArgumentException("Only points on the same "
-                        + "curve can be added or subtracted");
-            }
-
-//            ECFieldElement.F2m.checkFieldElements(a.x, b.x);
-        }
-
-        /* (non-Javadoc)
-         * @see org.bouncycastle.math.ec.ECPoint#add(org.bouncycastle.math.ec.ECPoint)
-         */
-        public ECPoint add(ECPoint b)
-        {
-            checkPoints(this, b);
-            return addSimple((ECPoint.F2m)b);
-        }
-
-        /**
-         * Adds another ECPoints.F2m to this without
-         * checking if both points are on the same curve. Used by multiplication
-         * algorithms, because there all points are a multiple of the same point
-         * and hence the checks can be omitted.
-         * @param b The other ECPoints.F2m to add to
-         * this.
-         * @return this + b
-         */
-        public ECPoint.F2m addSimple(ECPoint.F2m b)
-        {
-            ECPoint.F2m other = b;
-            if (this.isInfinity())
-            {
-                return other;
-            }
-
-            if (other.isInfinity())
-            {
-                return this;
-            }
-
-            ECFieldElement.F2m x2 = (ECFieldElement.F2m)other.getX();
-            ECFieldElement.F2m y2 = (ECFieldElement.F2m)other.getY();
-
-            // Check if other = this or other = -this
-            if (this.x.equals(x2))
-            {
-                if (this.y.equals(y2))
-                {
-                    // this = other, i.e. this must be doubled
-                    return (ECPoint.F2m)this.twice();
-                }
-
-                // this = -other, i.e. the result is the point at infinity
-                return (ECPoint.F2m)this.curve.getInfinity();
-            }
-
-            ECFieldElement.F2m lambda
-                = (ECFieldElement.F2m)(this.y.add(y2)).divide(this.x.add(x2));
-
-            ECFieldElement.F2m x3
-                = (ECFieldElement.F2m)lambda.square().add(lambda).add(this.x).add(x2).add(this.curve.getA());
-
-            ECFieldElement.F2m y3
-                = (ECFieldElement.F2m)lambda.multiply(this.x.add(x3)).add(x3).add(this.y);
-
-            return new ECPoint.F2m(curve, x3, y3, withCompression);
-        }
-
-        /* (non-Javadoc)
-         * @see org.bouncycastle.math.ec.ECPoint#subtract(org.bouncycastle.math.ec.ECPoint)
-         */
-        public ECPoint subtract(ECPoint b)
-        {
-            checkPoints(this, b);
-            return subtractSimple((ECPoint.F2m)b);
-        }
-
-        /**
-         * Subtracts another ECPoints.F2m from this
-         * without checking if both points are on the same curve. Used by
-         * multiplication algorithms, because there all points are a multiple
-         * of the same point and hence the checks can be omitted.
-         * @param b The other ECPoints.F2m to subtract from
-         * this.
-         * @return this - b
-         */
-        public ECPoint.F2m subtractSimple(ECPoint.F2m b)
-        {
-            if (b.isInfinity())
-            {
-                return this;
-            }
-
-            // Add -b
-            return addSimple((ECPoint.F2m)b.negate());
-        }
-
-        /* (non-Javadoc)
-         * @see org.bouncycastle.math.ec.ECPoint#twice()
-         */
-        public ECPoint twice()
-        {
-            if (this.isInfinity()) 
-            {
-                // Twice identity element (point at infinity) is identity
-                return this;
-            }
-
-            if (this.x.toBigInteger().signum() == 0) 
-            {
-                // if x1 == 0, then (x1, y1) == (x1, x1 + y1)
-                // and hence this = -this and thus 2(x1, y1) == infinity
-                return this.curve.getInfinity();
-            }
-
-            ECFieldElement.F2m lambda
-                = (ECFieldElement.F2m)this.x.add(this.y.divide(this.x));
-
-            ECFieldElement.F2m x3
-                = (ECFieldElement.F2m)lambda.square().add(lambda).
-                    add(this.curve.getA());
-
-            ECFieldElement ONE = this.curve.fromBigInteger(ECConstants.ONE);
-            ECFieldElement.F2m y3
-                = (ECFieldElement.F2m)this.x.square().add(
-                    x3.multiply(lambda.add(ONE)));
-
-            return new ECPoint.F2m(this.curve, x3, y3, withCompression);
-        }
-
-        public ECPoint negate()
-        {
-            return new ECPoint.F2m(curve, this.getX(), this.getY().add(this.getX()), withCompression);
-        }
-
-        /**
-         * Sets the appropriate ECMultiplier, unless already set. 
-         */
-        synchronized void assertECMultiplier()
-        {
-            if (this.multiplier == null)
-            {
-                if (((ECCurve.F2m)this.curve).isKoblitz())
-                {
-                    this.multiplier = new WTauNafMultiplier();
-                }
-                else
-                {
-                    this.multiplier = new WNafMultiplier();
-                }
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java
deleted file mode 100644
index 35e601d5a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Class implementing the NAF (Non-Adjacent Form) multiplication algorithm.
- */
-class FpNafMultiplier implements ECMultiplier
-{
-    /**
-     * D.3.2 pg 101
-     * @see org.bouncycastle.math.ec.ECMultiplier#multiply(org.bouncycastle.math.ec.ECPoint, java.math.BigInteger)
-     */
-    public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
-    {
-        // TODO Probably should try to add this
-        // BigInteger e = k.mod(n); // n == order of p
-        BigInteger e = k;
-        BigInteger h = e.multiply(BigInteger.valueOf(3));
-
-        ECPoint neg = p.negate();
-        ECPoint R = p;
-
-        for (int i = h.bitLength() - 2; i > 0; --i)
-        {             
-            R = R.twice();
-
-            boolean hBit = h.testBit(i);
-            boolean eBit = e.testBit(i);
-
-            if (hBit != eBit)
-            {
-                R = R.add(hBit ? p : neg);
-            }
-        }
-
-        return R;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/IntArray.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/IntArray.java
deleted file mode 100644
index ead38c480..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/IntArray.java
+++ /dev/null
@@ -1,518 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import org.bouncycastle.util.Arrays;
-
-import java.math.BigInteger;
-
-class IntArray
-{
-    // TODO make m fixed for the IntArray, and hence compute T once and for all
-
-    private int[] m_ints;
-
-    public IntArray(int intLen)
-    {
-        m_ints = new int[intLen];
-    }
-
-    public IntArray(int[] ints)
-    {
-        m_ints = ints;
-    }
-
-    public IntArray(BigInteger bigInt)
-    {
-        this(bigInt, 0);
-    }
-
-    public IntArray(BigInteger bigInt, int minIntLen)
-    {
-        if (bigInt.signum() == -1)
-        {
-            throw new IllegalArgumentException("Only positive Integers allowed");
-        }
-        if (bigInt.equals(ECConstants.ZERO))
-        {
-            m_ints = new int[] { 0 };
-            return;
-        }
-
-        byte[] barr = bigInt.toByteArray();
-        int barrLen = barr.length;
-        int barrStart = 0;
-        if (barr[0] == 0)
-        {
-            // First byte is 0 to enforce highest (=sign) bit is zero.
-            // In this case ignore barr[0].
-            barrLen--;
-            barrStart = 1;
-        }
-        int intLen = (barrLen + 3) / 4;
-        if (intLen < minIntLen)
-        {
-            m_ints = new int[minIntLen];
-        }
-        else
-        {
-            m_ints = new int[intLen];
-        }
-
-        int iarrJ = intLen - 1;
-        int rem = barrLen % 4 + barrStart;
-        int temp = 0;
-        int barrI = barrStart;
-        if (barrStart < rem)
-        {
-            for (; barrI < rem; barrI++)
-            {
-                temp <<= 8;
-                int barrBarrI = barr[barrI];
-                if (barrBarrI < 0)
-                {
-                    barrBarrI += 256;
-                }
-                temp |= barrBarrI;
-            }
-            m_ints[iarrJ--] = temp;
-        }
-
-        for (; iarrJ >= 0; iarrJ--)
-        {
-            temp = 0;
-            for (int i = 0; i < 4; i++)
-            {
-                temp <<= 8;
-                int barrBarrI = barr[barrI++];
-                if (barrBarrI < 0)
-                {
-                    barrBarrI += 256;
-                }
-                temp |= barrBarrI;
-            }
-            m_ints[iarrJ] = temp;
-        }
-    }
-
-    public boolean isZero()
-    {
-        return m_ints.length == 0
-            || (m_ints[0] == 0 && getUsedLength() == 0);
-    }
-
-    public int getUsedLength()
-    {
-        int highestIntPos = m_ints.length;
-
-        if (highestIntPos < 1)
-        {
-            return 0;
-        }
-
-        // Check if first element will act as sentinel
-        if (m_ints[0] != 0)
-        {
-            while (m_ints[--highestIntPos] == 0)
-            {
-            }
-            return highestIntPos + 1;
-        }
-
-        do
-        {
-            if (m_ints[--highestIntPos] != 0)
-            {
-                return highestIntPos + 1;
-            }
-        }
-        while (highestIntPos > 0);
-
-        return 0;
-    }
-
-    public int bitLength()
-    {
-        // JDK 1.5: see Integer.numberOfLeadingZeros()
-        int intLen = getUsedLength();
-        if (intLen == 0)
-        {
-            return 0;
-        }
-
-        int last = intLen - 1;
-        int highest = m_ints[last];
-        int bits = (last << 5) + 1;
-
-        // A couple of binary search steps
-        if ((highest & 0xffff0000) != 0)
-        {
-            if ((highest & 0xff000000) != 0)
-            {
-                bits += 24;
-                highest >>>= 24;
-            }
-            else
-            {
-                bits += 16;
-                highest >>>= 16;
-            }
-        }
-        else if (highest > 0x000000ff)
-        {
-            bits += 8;
-            highest >>>= 8;
-        }
-
-        while (highest != 1)
-        {
-            ++bits;
-            highest >>>= 1;
-        }
-
-        return bits;
-    }
-
-    private int[] resizedInts(int newLen)
-    {
-        int[] newInts = new int[newLen];
-        int oldLen = m_ints.length;
-        int copyLen = oldLen < newLen ? oldLen : newLen;
-        System.arraycopy(m_ints, 0, newInts, 0, copyLen);
-        return newInts;
-    }
-
-    public BigInteger toBigInteger()
-    {
-        int usedLen = getUsedLength();
-        if (usedLen == 0)
-        {
-            return ECConstants.ZERO;
-        }
-
-        int highestInt = m_ints[usedLen - 1];
-        byte[] temp = new byte[4];
-        int barrI = 0;
-        boolean trailingZeroBytesDone = false;
-        for (int j = 3; j >= 0; j--)
-        {
-            byte thisByte = (byte) (highestInt >>> (8 * j));
-            if (trailingZeroBytesDone || (thisByte != 0))
-            {
-                trailingZeroBytesDone = true;
-                temp[barrI++] = thisByte;
-            }
-        }
-
-        int barrLen = 4 * (usedLen - 1) + barrI;
-        byte[] barr = new byte[barrLen];
-        for (int j = 0; j < barrI; j++)
-        {
-            barr[j] = temp[j];
-        }
-        // Highest value int is done now
-
-        for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
-        {
-            for (int j = 3; j >= 0; j--)
-            {
-                barr[barrI++] = (byte) (m_ints[iarrJ] >>> (8 * j));
-            }
-        }
-        return new BigInteger(1, barr);
-    }
-
-    public void shiftLeft()
-    {
-        int usedLen = getUsedLength();
-        if (usedLen == 0)
-        {
-            return;
-        }
-        if (m_ints[usedLen - 1] < 0)
-        {
-            // highest bit of highest used byte is set, so shifting left will
-            // make the IntArray one byte longer
-            usedLen++;
-            if (usedLen > m_ints.length)
-            {
-                // make the m_ints one byte longer, because we need one more
-                // byte which is not available in m_ints
-                m_ints = resizedInts(m_ints.length + 1);
-            }
-        }
-
-        boolean carry = false;
-        for (int i = 0; i < usedLen; i++)
-        {
-            // nextCarry is true if highest bit is set
-            boolean nextCarry = m_ints[i] < 0;
-            m_ints[i] <<= 1;
-            if (carry)
-            {
-                // set lowest bit
-                m_ints[i] |= 1;
-            }
-            carry = nextCarry;
-        }
-    }
-
-    public IntArray shiftLeft(int n)
-    {
-        int usedLen = getUsedLength();
-        if (usedLen == 0)
-        {
-            return this;
-        }
-
-        if (n == 0)
-        {
-            return this;
-        }
-
-        if (n > 31)
-        {
-            throw new IllegalArgumentException("shiftLeft() for max 31 bits "
-                + ", " + n + "bit shift is not possible");
-        }
-
-        int[] newInts = new int[usedLen + 1];
-
-        int nm32 = 32 - n;
-        newInts[0] = m_ints[0] << n;
-        for (int i = 1; i < usedLen; i++)
-        {
-            newInts[i] = (m_ints[i] << n) | (m_ints[i - 1] >>> nm32);
-        }
-        newInts[usedLen] = m_ints[usedLen - 1] >>> nm32;
-
-        return new IntArray(newInts);
-    }
-
-    public void addShifted(IntArray other, int shift)
-    {
-        int usedLenOther = other.getUsedLength();
-        int newMinUsedLen = usedLenOther + shift;
-        if (newMinUsedLen > m_ints.length)
-        {
-            m_ints = resizedInts(newMinUsedLen);
-            //System.out.println("Resize required");
-        }
-
-        for (int i = 0; i < usedLenOther; i++)
-        {
-            m_ints[i + shift] ^= other.m_ints[i];
-        }
-    }
-
-    public int getLength()
-    {
-        return m_ints.length;
-    }
-
-    public boolean testBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int tester = 1 << theBit;
-        return ((m_ints[theInt] & tester) != 0);
-    }
-
-    public void flipBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int flipper = 1 << theBit;
-        m_ints[theInt] ^= flipper;
-    }
-
-    public void setBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int setter = 1 << theBit;
-        m_ints[theInt] |= setter;
-    }
-
-    public IntArray multiply(IntArray other, int m)
-    {
-        // Lenght of c is 2m bits rounded up to the next int (32 bit)
-        int t = (m + 31) >> 5;
-        if (m_ints.length < t)
-        {
-            m_ints = resizedInts(t);
-        }
-
-        IntArray b = new IntArray(other.resizedInts(other.getLength() + 1));
-        IntArray c = new IntArray((m + m + 31) >> 5);
-        // IntArray c = new IntArray(t + t);
-        int testBit = 1;
-        for (int k = 0; k < 32; k++)
-        {
-            for (int j = 0; j < t; j++)
-            {
-                if ((m_ints[j] & testBit) != 0)
-                {
-                    // The kth bit of m_ints[j] is set
-                    c.addShifted(b, j);
-                }
-            }
-            testBit <<= 1;
-            b.shiftLeft();
-        }
-        return c;
-    }
-
-    // public IntArray multiplyLeftToRight(IntArray other, int m) {
-    // // Lenght of c is 2m bits rounded up to the next int (32 bit)
-    // int t = (m + 31) / 32;
-    // if (m_ints.length < t) {
-    // m_ints = resizedInts(t);
-    // }
-    //
-    // IntArray b = new IntArray(other.resizedInts(other.getLength() + 1));
-    // IntArray c = new IntArray((m + m + 31) / 32);
-    // // IntArray c = new IntArray(t + t);
-    // int testBit = 1 << 31;
-    // for (int k = 31; k >= 0; k--) {
-    // for (int j = 0; j < t; j++) {
-    // if ((m_ints[j] & testBit) != 0) {
-    // // The kth bit of m_ints[j] is set
-    // c.addShifted(b, j);
-    // }
-    // }
-    // testBit >>>= 1;
-    // if (k > 0) {
-    // c.shiftLeft();
-    // }
-    // }
-    // return c;
-    // }
-
-    // TODO note, redPol.length must be 3 for TPB and 5 for PPB
-    public void reduce(int m, int[] redPol)
-    {
-        for (int i = m + m - 2; i >= m; i--)
-        {
-            if (testBit(i))
-            {
-                int bit = i - m;
-                flipBit(bit);
-                flipBit(i);
-                int l = redPol.length;
-                while (--l >= 0)
-                {
-                    flipBit(redPol[l] + bit);
-                }
-            }
-        }
-        m_ints = resizedInts((m + 31) >> 5);
-    }
-
-    public IntArray square(int m)
-    {
-        // TODO make the table static final
-        final int[] table = { 0x0, 0x1, 0x4, 0x5, 0x10, 0x11, 0x14, 0x15, 0x40,
-            0x41, 0x44, 0x45, 0x50, 0x51, 0x54, 0x55 };
-
-        int t = (m + 31) >> 5;
-        if (m_ints.length < t)
-        {
-            m_ints = resizedInts(t);
-        }
-
-        IntArray c = new IntArray(t + t);
-
-        // TODO twice the same code, put in separate private method
-        for (int i = 0; i < t; i++)
-        {
-            int v0 = 0;
-            for (int j = 0; j < 4; j++)
-            {
-                v0 = v0 >>> 8;
-                int u = (m_ints[i] >>> (j * 4)) & 0xF;
-                int w = table[u] << 24;
-                v0 |= w;
-            }
-            c.m_ints[i + i] = v0;
-
-            v0 = 0;
-            int upper = m_ints[i] >>> 16;
-            for (int j = 0; j < 4; j++)
-            {
-                v0 = v0 >>> 8;
-                int u = (upper >>> (j * 4)) & 0xF;
-                int w = table[u] << 24;
-                v0 |= w;
-            }
-            c.m_ints[i + i + 1] = v0;
-        }
-        return c;
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof IntArray))
-        {
-            return false;
-        }
-        IntArray other = (IntArray) o;
-        int usedLen = getUsedLength();
-        if (other.getUsedLength() != usedLen)
-        {
-            return false;
-        }
-        for (int i = 0; i < usedLen; i++)
-        {
-            if (m_ints[i] != other.m_ints[i])
-            {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    public int hashCode()
-    {
-        int usedLen = getUsedLength();
-        int hash = 1;
-        for (int i = 0; i < usedLen; i++)
-        {
-            hash = hash * 31 + m_ints[i];
-        }
-        return hash;
-    }
-
-    public Object clone()
-    {
-        return new IntArray(Arrays.clone(m_ints));
-    }
-
-    public String toString()
-    {
-        int usedLen = getUsedLength();
-        if (usedLen == 0)
-        {
-            return "0";
-        }
-
-        StringBuffer sb = new StringBuffer(Integer
-            .toBinaryString(m_ints[usedLen - 1]));
-        for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
-        {
-            String hexString = Integer.toBinaryString(m_ints[iarrJ]);
-
-            // Add leading zeroes, except for highest significant int
-            for (int i = hexString.length(); i < 8; i++)
-            {
-                hexString = "0" + hexString;
-            }
-            sb.append(hexString);
-        }
-        return sb.toString();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java
deleted file mode 100644
index 804dcf749..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.math.ec;
-
-/**
- * Interface for classes storing precomputation data for multiplication
- * algorithms. Used as a Memento (see GOF patterns) for
- * WNafMultiplier.
- */
-interface PreCompInfo
-{
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java
deleted file mode 100644
index c1dd54831..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-class ReferenceMultiplier implements ECMultiplier
-{
-    /**
-     * Simple shift-and-add multiplication. Serves as reference implementation
-     * to verify (possibly faster) implementations in
-     * {@link org.bouncycastle.math.ec.ECPoint ECPoint}.
-     * 
-     * @param p The point to multiply.
-     * @param k The factor by which to multiply.
-     * @return The result of the point multiplication k * p.
-     */
-    public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
-    {
-        ECPoint q = p.getCurve().getInfinity();
-        int t = k.bitLength();
-        for (int i = 0; i < t; i++)
-        {
-            if (k.testBit(i))
-            {
-                q = q.add(p);
-            }
-            p = p.twice();
-        }
-        return q;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
deleted file mode 100644
index 96e666d1b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
+++ /dev/null
@@ -1,253 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Class representing a simple version of a big decimal. A
- * SimpleBigDecimal is basically a
- * {@link java.math.BigInteger BigInteger} with a few digits on the right of
- * the decimal point. The number of (binary) digits on the right of the decimal
- * point is called the scale of the SimpleBigDecimal.
- * Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted
- * automatically, but must be set manually. All SimpleBigDecimals
- * taking part in the same arithmetic operation must have equal scale. The
- * result of a multiplication of two SimpleBigDecimals returns a
- * SimpleBigDecimal with double scale.
- */
-class SimpleBigDecimal
-    //extends Number   // not in J2ME - add compatibility class?
-{
-    private static final long serialVersionUID = 1L;
-
-    private final BigInteger bigInt;
-    private final int scale;
-
-    /**
-     * Returns a SimpleBigDecimal representing the same numerical
-     * value as value.
-     * @param value The value of the SimpleBigDecimal to be
-     * created. 
-     * @param scale The scale of the SimpleBigDecimal to be
-     * created. 
-     * @return The such created SimpleBigDecimal.
-     */
-    public static SimpleBigDecimal getInstance(BigInteger value, int scale)
-    {
-        return new SimpleBigDecimal(value.shiftLeft(scale), scale);
-    }
-
-    /**
-     * Constructor for SimpleBigDecimal. The value of the
-     * constructed SimpleBigDecimal equals bigInt / 
-     * 2scale.
-     * @param bigInt The bigInt value parameter.
-     * @param scale The scale of the constructed SimpleBigDecimal.
-     */
-    public SimpleBigDecimal(BigInteger bigInt, int scale)
-    {
-        if (scale < 0)
-        {
-            throw new IllegalArgumentException("scale may not be negative");
-        }
-
-        this.bigInt = bigInt;
-        this.scale = scale;
-    }
-
-    private SimpleBigDecimal(SimpleBigDecimal limBigDec)
-    {
-        bigInt = limBigDec.bigInt;
-        scale = limBigDec.scale;
-    }
-
-    private void checkScale(SimpleBigDecimal b)
-    {
-        if (scale != b.scale)
-        {
-            throw new IllegalArgumentException("Only SimpleBigDecimal of " +
-                "same scale allowed in arithmetic operations");
-        }
-    }
-
-    public SimpleBigDecimal adjustScale(int newScale)
-    {
-        if (newScale < 0)
-        {
-            throw new IllegalArgumentException("scale may not be negative");
-        }
-
-        if (newScale == scale)
-        {
-            return new SimpleBigDecimal(this);
-        }
-
-        return new SimpleBigDecimal(bigInt.shiftLeft(newScale - scale),
-                newScale);
-    }
-
-    public SimpleBigDecimal add(SimpleBigDecimal b)
-    {
-        checkScale(b);
-        return new SimpleBigDecimal(bigInt.add(b.bigInt), scale);
-    }
-
-    public SimpleBigDecimal add(BigInteger b)
-    {
-        return new SimpleBigDecimal(bigInt.add(b.shiftLeft(scale)), scale);
-    }
-
-    public SimpleBigDecimal negate()
-    {
-        return new SimpleBigDecimal(bigInt.negate(), scale);
-    }
-
-    public SimpleBigDecimal subtract(SimpleBigDecimal b)
-    {
-        return add(b.negate());
-    }
-
-    public SimpleBigDecimal subtract(BigInteger b)
-    {
-        return new SimpleBigDecimal(bigInt.subtract(b.shiftLeft(scale)),
-                scale);
-    }
-
-    public SimpleBigDecimal multiply(SimpleBigDecimal b)
-    {
-        checkScale(b);
-        return new SimpleBigDecimal(bigInt.multiply(b.bigInt), scale + scale);
-    }
-
-    public SimpleBigDecimal multiply(BigInteger b)
-    {
-        return new SimpleBigDecimal(bigInt.multiply(b), scale);
-    }
-
-    public SimpleBigDecimal divide(SimpleBigDecimal b)
-    {
-        checkScale(b);
-        BigInteger dividend = bigInt.shiftLeft(scale);
-        return new SimpleBigDecimal(dividend.divide(b.bigInt), scale);
-    }
-
-    public SimpleBigDecimal divide(BigInteger b)
-    {
-        return new SimpleBigDecimal(bigInt.divide(b), scale);
-    }
-
-    public SimpleBigDecimal shiftLeft(int n)
-    {
-        return new SimpleBigDecimal(bigInt.shiftLeft(n), scale);
-    }
-
-    public int compareTo(SimpleBigDecimal val)
-    {
-        checkScale(val);
-        return bigInt.compareTo(val.bigInt);
-    }
-
-    public int compareTo(BigInteger val)
-    {
-        return bigInt.compareTo(val.shiftLeft(scale));
-    }
-
-    public BigInteger floor()
-    {
-        return bigInt.shiftRight(scale);
-    }
-
-    public BigInteger round()
-    {
-        SimpleBigDecimal oneHalf = new SimpleBigDecimal(ECConstants.ONE, 1);
-        return add(oneHalf.adjustScale(scale)).floor();
-    }
-
-    public int intValue()
-    {
-        return floor().intValue();
-    }
-    
-    public long longValue()
-    {
-        return floor().longValue();
-    }
-          /* NON-J2ME compliant.
-    public double doubleValue()
-    {
-        return Double.valueOf(toString()).doubleValue();
-    }
-
-    public float floatValue()
-    {
-        return Float.valueOf(toString()).floatValue();
-    }
-       */
-    public int getScale()
-    {
-        return scale;
-    }
-
-    public String toString()
-    {
-        if (scale == 0)
-        {
-            return bigInt.toString();
-        }
-
-        BigInteger floorBigInt = floor();
-        
-        BigInteger fract = bigInt.subtract(floorBigInt.shiftLeft(scale));
-        if (bigInt.signum() == -1)
-        {
-            fract = ECConstants.ONE.shiftLeft(scale).subtract(fract);
-        }
-
-        if ((floorBigInt.signum() == -1) && (!(fract.equals(ECConstants.ZERO))))
-        {
-            floorBigInt = floorBigInt.add(ECConstants.ONE);
-        }
-        String leftOfPoint = floorBigInt.toString();
-
-        char[] fractCharArr = new char[scale];
-        String fractStr = fract.toString(2);
-        int fractLen = fractStr.length();
-        int zeroes = scale - fractLen;
-        for (int i = 0; i < zeroes; i++)
-        {
-            fractCharArr[i] = '0';
-        }
-        for (int j = 0; j < fractLen; j++)
-        {
-            fractCharArr[zeroes + j] = fractStr.charAt(j);
-        }
-        String rightOfPoint = new String(fractCharArr);
-
-        StringBuffer sb = new StringBuffer(leftOfPoint);
-        sb.append(".");
-        sb.append(rightOfPoint);
-
-        return sb.toString();
-    }
-
-    public boolean equals(Object o)
-    {
-        if (this == o)
-        {
-            return true;
-        }
-
-        if (!(o instanceof SimpleBigDecimal))
-        {
-            return false;
-        }
-
-        SimpleBigDecimal other = (SimpleBigDecimal)o;
-        return ((bigInt.equals(other.bigInt)) && (scale == other.scale));
-    }
-
-    public int hashCode()
-    {
-        return bigInt.hashCode() ^ scale;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/Tnaf.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/Tnaf.java
deleted file mode 100644
index af4355f3d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/Tnaf.java
+++ /dev/null
@@ -1,844 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Class holding methods for point multiplication based on the window
- * τ-adic nonadjacent form (WTNAF). The algorithms are based on the
- * paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves"
- * by Jerome A. Solinas. The paper first appeared in the Proceedings of
- * Crypto 1997.
- */
-class Tnaf
-{
-    private static final BigInteger MINUS_ONE = ECConstants.ONE.negate();
-    private static final BigInteger MINUS_TWO = ECConstants.TWO.negate();
-    private static final BigInteger MINUS_THREE = ECConstants.THREE.negate();
-
-    /**
-     * The window width of WTNAF. The standard value of 4 is slightly less
-     * than optimal for running time, but keeps space requirements for
-     * precomputation low. For typical curves, a value of 5 or 6 results in
-     * a better running time. When changing this value, the
-     * αu's must be computed differently, see
-     * e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson,
-     * Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004,
-     * p. 121-122
-     */
-    public static final byte WIDTH = 4;
-
-    /**
-     * 24
-     */
-    public static final byte POW_2_WIDTH = 16;
-
-    /**
-     * The αu's for a=0 as an array
-     * of ZTauElements.
-     */
-    public static final ZTauElement[] alpha0 = {
-        null,
-        new ZTauElement(ECConstants.ONE, ECConstants.ZERO), null,
-        new ZTauElement(MINUS_THREE, MINUS_ONE), null,
-        new ZTauElement(MINUS_ONE, MINUS_ONE), null,
-        new ZTauElement(ECConstants.ONE, MINUS_ONE), null
-    };
-
-    /**
-     * The αu's for a=0 as an array
-     * of TNAFs.
-     */
-    public static final byte[][] alpha0Tnaf = {
-        null, {1}, null, {-1, 0, 1}, null, {1, 0, 1}, null, {-1, 0, 0, 1}
-    };
-
-    /**
-     * The αu's for a=1 as an array
-     * of ZTauElements.
-     */
-    public static final ZTauElement[] alpha1 = {null,
-        new ZTauElement(ECConstants.ONE, ECConstants.ZERO), null,
-        new ZTauElement(MINUS_THREE, ECConstants.ONE), null,
-        new ZTauElement(MINUS_ONE, ECConstants.ONE), null,
-        new ZTauElement(ECConstants.ONE, ECConstants.ONE), null
-    };
-
-    /**
-     * The αu's for a=1 as an array
-     * of TNAFs.
-     */
-    public static final byte[][] alpha1Tnaf = {
-        null, {1}, null, {-1, 0, 1}, null, {1, 0, 1}, null, {-1, 0, 0, -1}
-    };
-
-    /**
-     * Computes the norm of an element λ of
-     * Z[τ].
-     * @param mu The parameter μ of the elliptic curve.
-     * @param lambda The element λ of
-     * Z[τ].
-     * @return The norm of λ.
-     */
-    public static BigInteger norm(final byte mu, ZTauElement lambda)
-    {
-        BigInteger norm;
-
-        // s1 = u^2
-        BigInteger s1 = lambda.u.multiply(lambda.u);
-
-        // s2 = u * v
-        BigInteger s2 = lambda.u.multiply(lambda.v);
-
-        // s3 = 2 * v^2
-        BigInteger s3 = lambda.v.multiply(lambda.v).shiftLeft(1);
-
-        if (mu == 1)
-        {
-            norm = s1.add(s2).add(s3);
-        }
-        else if (mu == -1)
-        {
-            norm = s1.subtract(s2).add(s3);
-        }
-        else
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-
-        return norm;
-    }
-
-    /**
-     * Computes the norm of an element λ of
-     * R[τ], where λ = u + vτ
-     * and u and u are real numbers (elements of
-     * R). 
-     * @param mu The parameter μ of the elliptic curve.
-     * @param u The real part of the element λ of
-     * R[τ].
-     * @param v The τ-adic part of the element
-     * λ of R[τ].
-     * @return The norm of λ.
-     */
-    public static SimpleBigDecimal norm(final byte mu, SimpleBigDecimal u,
-            SimpleBigDecimal v)
-    {
-        SimpleBigDecimal norm;
-
-        // s1 = u^2
-        SimpleBigDecimal s1 = u.multiply(u);
-
-        // s2 = u * v
-        SimpleBigDecimal s2 = u.multiply(v);
-
-        // s3 = 2 * v^2
-        SimpleBigDecimal s3 = v.multiply(v).shiftLeft(1);
-
-        if (mu == 1)
-        {
-            norm = s1.add(s2).add(s3);
-        }
-        else if (mu == -1)
-        {
-            norm = s1.subtract(s2).add(s3);
-        }
-        else
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-
-        return norm;
-    }
-
-    /**
-     * Rounds an element λ of R[τ]
-     * to an element of Z[τ], such that their difference
-     * has minimal norm. λ is given as
-     * λ = λ0 + λ1τ.
-     * @param lambda0 The component λ0.
-     * @param lambda1 The component λ1.
-     * @param mu The parameter μ of the elliptic curve. Must
-     * equal 1 or -1.
-     * @return The rounded element of Z[τ].
-     * @throws IllegalArgumentException if lambda0 and
-     * lambda1 do not have same scale.
-     */
-    public static ZTauElement round(SimpleBigDecimal lambda0,
-            SimpleBigDecimal lambda1, byte mu)
-    {
-        int scale = lambda0.getScale();
-        if (lambda1.getScale() != scale)
-        {
-            throw new IllegalArgumentException("lambda0 and lambda1 do not " +
-                    "have same scale");
-        }
-
-        if (!((mu == 1) || (mu == -1)))
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-
-        BigInteger f0 = lambda0.round();
-        BigInteger f1 = lambda1.round();
-
-        SimpleBigDecimal eta0 = lambda0.subtract(f0);
-        SimpleBigDecimal eta1 = lambda1.subtract(f1);
-
-        // eta = 2*eta0 + mu*eta1
-        SimpleBigDecimal eta = eta0.add(eta0);
-        if (mu == 1)
-        {
-            eta = eta.add(eta1);
-        }
-        else
-        {
-            // mu == -1
-            eta = eta.subtract(eta1);
-        }
-
-        // check1 = eta0 - 3*mu*eta1
-        // check2 = eta0 + 4*mu*eta1
-        SimpleBigDecimal threeEta1 = eta1.add(eta1).add(eta1);
-        SimpleBigDecimal fourEta1 = threeEta1.add(eta1);
-        SimpleBigDecimal check1;
-        SimpleBigDecimal check2;
-        if (mu == 1)
-        {
-            check1 = eta0.subtract(threeEta1);
-            check2 = eta0.add(fourEta1);
-        }
-        else
-        {
-            // mu == -1
-            check1 = eta0.add(threeEta1);
-            check2 = eta0.subtract(fourEta1);
-        }
-
-        byte h0 = 0;
-        byte h1 = 0;
-
-        // if eta >= 1
-        if (eta.compareTo(ECConstants.ONE) >= 0)
-        {
-            if (check1.compareTo(MINUS_ONE) < 0)
-            {
-                h1 = mu;
-            }
-            else
-            {
-                h0 = 1;
-            }
-        }
-        else
-        {
-            // eta < 1
-            if (check2.compareTo(ECConstants.TWO) >= 0)
-            {
-                h1 = mu;
-            }
-        }
-
-        // if eta < -1
-        if (eta.compareTo(MINUS_ONE) < 0)
-        {
-            if (check1.compareTo(ECConstants.ONE) >= 0)
-            {
-                h1 = (byte)-mu;
-            }
-            else
-            {
-                h0 = -1;
-            }
-        }
-        else
-        {
-            // eta >= -1
-            if (check2.compareTo(MINUS_TWO) < 0)
-            {
-                h1 = (byte)-mu;
-            }
-        }
-
-        BigInteger q0 = f0.add(BigInteger.valueOf(h0));
-        BigInteger q1 = f1.add(BigInteger.valueOf(h1));
-        return new ZTauElement(q0, q1);
-    }
-
-    /**
-     * Approximate division by n. For an integer
-     * k, the value λ = s k / n is
-     * computed to c bits of accuracy.
-     * @param k The parameter k.
-     * @param s The curve parameter s0 or
-     * s1.
-     * @param vm The Lucas Sequence element Vm.
-     * @param a The parameter a of the elliptic curve.
-     * @param m The bit length of the finite field
-     * Fm.
-     * @param c The number of bits of accuracy, i.e. the scale of the returned
-     * SimpleBigDecimal.
-     * @return The value λ = s k / n computed to
-     * c bits of accuracy.
-     */
-    public static SimpleBigDecimal approximateDivisionByN(BigInteger k,
-            BigInteger s, BigInteger vm, byte a, int m, int c)
-    {
-        int _k = (m + 5)/2 + c;
-        BigInteger ns = k.shiftRight(m - _k - 2 + a);
-
-        BigInteger gs = s.multiply(ns);
-
-        BigInteger hs = gs.shiftRight(m);
-
-        BigInteger js = vm.multiply(hs);
-
-        BigInteger gsPlusJs = gs.add(js);
-        BigInteger ls = gsPlusJs.shiftRight(_k-c);
-        if (gsPlusJs.testBit(_k-c-1))
-        {
-            // round up
-            ls = ls.add(ECConstants.ONE);
-        }
-
-        return new SimpleBigDecimal(ls, c);
-    }
-
-    /**
-     * Computes the τ-adic NAF (non-adjacent form) of an
-     * element λ of Z[τ].
-     * @param mu The parameter μ of the elliptic curve.
-     * @param lambda The element λ of
-     * Z[τ].
-     * @return The τ-adic NAF of λ.
-     */
-    public static byte[] tauAdicNaf(byte mu, ZTauElement lambda)
-    {
-        if (!((mu == 1) || (mu == -1)))
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-        
-        BigInteger norm = norm(mu, lambda);
-
-        // Ceiling of log2 of the norm 
-        int log2Norm = norm.bitLength();
-
-        // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
-        int maxLength = log2Norm > 30 ? log2Norm + 4 : 34;
-
-        // The array holding the TNAF
-        byte[] u = new byte[maxLength];
-        int i = 0;
-
-        // The actual length of the TNAF
-        int length = 0;
-
-        BigInteger r0 = lambda.u;
-        BigInteger r1 = lambda.v;
-
-        while(!((r0.equals(ECConstants.ZERO)) && (r1.equals(ECConstants.ZERO))))
-        {
-            // If r0 is odd
-            if (r0.testBit(0))
-            {
-                u[i] = (byte) ECConstants.TWO.subtract((r0.subtract(r1.shiftLeft(1))).mod(ECConstants.FOUR)).intValue();
-
-                // r0 = r0 - u[i]
-                if (u[i] == 1)
-                {
-                    r0 = r0.clearBit(0);
-                }
-                else
-                {
-                    // u[i] == -1
-                    r0 = r0.add(ECConstants.ONE);
-                }
-                length = i;
-            }
-            else
-            {
-                u[i] = 0;
-            }
-
-            BigInteger t = r0;
-            BigInteger s = r0.shiftRight(1);
-            if (mu == 1)
-            {
-                r0 = r1.add(s);
-            }
-            else
-            {
-                // mu == -1
-                r0 = r1.subtract(s);
-            }
-
-            r1 = t.shiftRight(1).negate();
-            i++;
-        }
-
-        length++;
-
-        // Reduce the TNAF array to its actual length
-        byte[] tnaf = new byte[length];
-        System.arraycopy(u, 0, tnaf, 0, length);
-        return tnaf;
-    }
-
-    /**
-     * Applies the operation τ() to an
-     * ECPoint.F2m. 
-     * @param p The ECPoint.F2m to which τ() is applied.
-     * @return τ(p)
-     */
-    public static ECPoint.F2m tau(ECPoint.F2m p)
-    {
-        if (p.isInfinity())
-        {
-            return p;
-        }
-
-        ECFieldElement x = p.getX();
-        ECFieldElement y = p.getY();
-
-        return new ECPoint.F2m(p.getCurve(), x.square(), y.square(), p.isCompressed());
-    }
-
-    /**
-     * Returns the parameter μ of the elliptic curve.
-     * @param curve The elliptic curve from which to obtain μ.
-     * The curve must be a Koblitz curve, i.e. a equals
-     * 0 or 1 and b equals
-     * 1. 
-     * @return μ of the elliptic curve.
-     * @throws IllegalArgumentException if the given ECCurve is not a Koblitz
-     * curve.
-     */
-    public static byte getMu(ECCurve.F2m curve)
-    {
-        BigInteger a = curve.getA().toBigInteger();
-        byte mu;
-
-        if (a.equals(ECConstants.ZERO))
-        {
-            mu = -1;
-        }
-        else if (a.equals(ECConstants.ONE))
-        {
-            mu = 1;
-        }
-        else
-        {
-            throw new IllegalArgumentException("No Koblitz curve (ABC), " +
-                    "TNAF multiplication not possible");
-        }
-        return mu;
-    }
-
-    /**
-     * Calculates the Lucas Sequence elements Uk-1 and
-     * Uk or Vk-1 and
-     * Vk.
-     * @param mu The parameter μ of the elliptic curve.
-     * @param k The index of the second element of the Lucas Sequence to be
-     * returned.
-     * @param doV If set to true, computes Vk-1 and
-     * Vk, otherwise Uk-1 and
-     * Uk.
-     * @return An array with 2 elements, containing Uk-1
-     * and Uk or Vk-1
-     * and Vk.
-     */
-    public static BigInteger[] getLucas(byte mu, int k, boolean doV)
-    {
-        if (!((mu == 1) || (mu == -1)))
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-
-        BigInteger u0;
-        BigInteger u1;
-        BigInteger u2;
-
-        if (doV)
-        {
-            u0 = ECConstants.TWO;
-            u1 = BigInteger.valueOf(mu);
-        }
-        else
-        {
-            u0 = ECConstants.ZERO;
-            u1 = ECConstants.ONE;
-        }
-
-        for (int i = 1; i < k; i++)
-        {
-            // u2 = mu*u1 - 2*u0;
-            BigInteger s = null;
-            if (mu == 1)
-            {
-                s = u1;
-            }
-            else
-            {
-                // mu == -1
-                s = u1.negate();
-            }
-            
-            u2 = s.subtract(u0.shiftLeft(1));
-            u0 = u1;
-            u1 = u2;
-//            System.out.println(i + ": " + u2);
-//            System.out.println();
-        }
-
-        BigInteger[] retVal = {u0, u1};
-        return retVal;
-    }
-
-    /**
-     * Computes the auxiliary value tw. If the width is
-     * 4, then for mu = 1, tw = 6 and for
-     * mu = -1, tw = 10 
-     * @param mu The parameter μ of the elliptic curve.
-     * @param w The window width of the WTNAF.
-     * @return the auxiliary value tw
-     */
-    public static BigInteger getTw(byte mu, int w)
-    {
-        if (w == 4)
-        {
-            if (mu == 1)
-            {
-                return BigInteger.valueOf(6);
-            }
-            else
-            {
-                // mu == -1
-                return BigInteger.valueOf(10);
-            }
-        }
-        else
-        {
-            // For w <> 4, the values must be computed
-            BigInteger[] us = getLucas(mu, w, false);
-            BigInteger twoToW = ECConstants.ZERO.setBit(w);
-            BigInteger u1invert = us[1].modInverse(twoToW);
-            BigInteger tw;
-            tw = ECConstants.TWO.multiply(us[0]).multiply(u1invert).mod(twoToW);
-//            System.out.println("mu = " + mu);
-//            System.out.println("tw = " + tw);
-            return tw;
-        }
-    }
-
-    /**
-     * Computes the auxiliary values s0 and
-     * s1 used for partial modular reduction. 
-     * @param curve The elliptic curve for which to compute
-     * s0 and s1.
-     * @throws IllegalArgumentException if curve is not a
-     * Koblitz curve (Anomalous Binary Curve, ABC).
-     */
-    public static BigInteger[] getSi(ECCurve.F2m curve)
-    {
-        if (!curve.isKoblitz())
-        {
-            throw new IllegalArgumentException("si is defined for Koblitz curves only");
-        }
-
-        int m = curve.getM();
-        int a = curve.getA().toBigInteger().intValue();
-        byte mu = curve.getMu();
-        int h = curve.getH().intValue();
-        int index = m + 3 - a;
-        BigInteger[] ui = getLucas(mu, index, false);
-
-        BigInteger dividend0;
-        BigInteger dividend1;
-        if (mu == 1)
-        {
-            dividend0 = ECConstants.ONE.subtract(ui[1]);
-            dividend1 = ECConstants.ONE.subtract(ui[0]);
-        }
-        else if (mu == -1)
-        {
-            dividend0 = ECConstants.ONE.add(ui[1]);
-            dividend1 = ECConstants.ONE.add(ui[0]);
-        }
-        else
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-
-        BigInteger[] si = new BigInteger[2];
-
-        if (h == 2)
-        {
-            si[0] = dividend0.shiftRight(1);
-            si[1] = dividend1.shiftRight(1).negate();
-        }
-        else if (h == 4)
-        {
-            si[0] = dividend0.shiftRight(2);
-            si[1] = dividend1.shiftRight(2).negate();
-        }
-        else
-        {
-            throw new IllegalArgumentException("h (Cofactor) must be 2 or 4");
-        }
-
-        return si;
-    }
-
-    /**
-     * Partial modular reduction modulo
-     * m - 1)/(τ - 1).
-     * @param k The integer to be reduced.
-     * @param m The bitlength of the underlying finite field.
-     * @param a The parameter a of the elliptic curve.
-     * @param s The auxiliary values s0 and
-     * s1.
-     * @param mu The parameter μ of the elliptic curve.
-     * @param c The precision (number of bits of accuracy) of the partial
-     * modular reduction.
-     * @return ρ := k partmod (τm - 1)/(τ - 1)
-     */
-    public static ZTauElement partModReduction(BigInteger k, int m, byte a,
-            BigInteger[] s, byte mu, byte c)
-    {
-        // d0 = s[0] + mu*s[1]; mu is either 1 or -1
-        BigInteger d0;
-        if (mu == 1)
-        {
-            d0 = s[0].add(s[1]);
-        }
-        else
-        {
-            d0 = s[0].subtract(s[1]);
-        }
-
-        BigInteger[] v = getLucas(mu, m, true);
-        BigInteger vm = v[1];
-
-        SimpleBigDecimal lambda0 = approximateDivisionByN(
-                k, s[0], vm, a, m, c);
-        
-        SimpleBigDecimal lambda1 = approximateDivisionByN(
-                k, s[1], vm, a, m, c);
-
-        ZTauElement q = round(lambda0, lambda1, mu);
-
-        // r0 = n - d0*q0 - 2*s1*q1
-        BigInteger r0 = k.subtract(d0.multiply(q.u)).subtract(
-                BigInteger.valueOf(2).multiply(s[1]).multiply(q.v));
-
-        // r1 = s1*q0 - s0*q1
-        BigInteger r1 = s[1].multiply(q.u).subtract(s[0].multiply(q.v));
-        
-        return new ZTauElement(r0, r1);
-    }
-
-    /**
-     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
-     * by a BigInteger using the reduced τ-adic
-     * NAF (RTNAF) method.
-     * @param p The ECPoint.F2m to multiply.
-     * @param k The BigInteger by which to multiply p.
-     * @return k * p
-     */
-    public static ECPoint.F2m multiplyRTnaf(ECPoint.F2m p, BigInteger k)
-    {
-        ECCurve.F2m curve = (ECCurve.F2m) p.getCurve();
-        int m = curve.getM();
-        byte a = (byte) curve.getA().toBigInteger().intValue();
-        byte mu = curve.getMu();
-        BigInteger[] s = curve.getSi();
-        ZTauElement rho = partModReduction(k, m, a, s, mu, (byte)10);
-
-        return multiplyTnaf(p, rho);
-    }
-
-    /**
-     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
-     * by an element λ of Z[τ]
-     * using the τ-adic NAF (TNAF) method.
-     * @param p The ECPoint.F2m to multiply.
-     * @param lambda The element λ of
-     * Z[τ].
-     * @return λ * p
-     */
-    public static ECPoint.F2m multiplyTnaf(ECPoint.F2m p, ZTauElement lambda)
-    {
-        ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
-        byte mu = curve.getMu();
-        byte[] u = tauAdicNaf(mu, lambda);
-
-        ECPoint.F2m q = multiplyFromTnaf(p, u);
-
-        return q;
-    }
-
-    /**
-    * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
-    * by an element λ of Z[τ]
-    * using the τ-adic NAF (TNAF) method, given the TNAF
-    * of λ.
-    * @param p The ECPoint.F2m to multiply.
-    * @param u The the TNAF of λ..
-    * @return λ * p
-    */
-    public static ECPoint.F2m multiplyFromTnaf(ECPoint.F2m p, byte[] u)
-    {
-        ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
-        ECPoint.F2m q = (ECPoint.F2m) curve.getInfinity();
-        for (int i = u.length - 1; i >= 0; i--)
-        {
-            q = tau(q);
-            if (u[i] == 1)
-            {
-                q = (ECPoint.F2m)q.addSimple(p);
-            }
-            else if (u[i] == -1)
-            {
-                q = (ECPoint.F2m)q.subtractSimple(p);
-            }
-        }
-        return q;
-    }
-
-    /**
-     * Computes the [τ]-adic window NAF of an element
-     * λ of Z[τ].
-     * @param mu The parameter μ of the elliptic curve.
-     * @param lambda The element λ of
-     * Z[τ] of which to compute the
-     * [τ]-adic NAF.
-     * @param width The window width of the resulting WNAF.
-     * @param pow2w 2width.
-     * @param tw The auxiliary value tw.
-     * @param alpha The αu's for the window width.
-     * @return The [τ]-adic window NAF of
-     * λ.
-     */
-    public static byte[] tauAdicWNaf(byte mu, ZTauElement lambda,
-            byte width, BigInteger pow2w, BigInteger tw, ZTauElement[] alpha)
-    {
-        if (!((mu == 1) || (mu == -1)))
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
-        }
-
-        BigInteger norm = norm(mu, lambda);
-
-        // Ceiling of log2 of the norm 
-        int log2Norm = norm.bitLength();
-
-        // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
-        int maxLength = log2Norm > 30 ? log2Norm + 4 + width : 34 + width;
-
-        // The array holding the TNAF
-        byte[] u = new byte[maxLength];
-
-        // 2^(width - 1)
-        BigInteger pow2wMin1 = pow2w.shiftRight(1);
-
-        // Split lambda into two BigIntegers to simplify calculations
-        BigInteger r0 = lambda.u;
-        BigInteger r1 = lambda.v;
-        int i = 0;
-
-        // while lambda <> (0, 0)
-        while (!((r0.equals(ECConstants.ZERO))&&(r1.equals(ECConstants.ZERO))))
-        {
-            // if r0 is odd
-            if (r0.testBit(0))
-            {
-                // uUnMod = r0 + r1*tw mod 2^width
-                BigInteger uUnMod
-                    = r0.add(r1.multiply(tw)).mod(pow2w);
-                
-                byte uLocal;
-                // if uUnMod >= 2^(width - 1)
-                if (uUnMod.compareTo(pow2wMin1) >= 0)
-                {
-                    uLocal = (byte) uUnMod.subtract(pow2w).intValue();
-                }
-                else
-                {
-                    uLocal = (byte) uUnMod.intValue();
-                }
-                // uLocal is now in [-2^(width-1), 2^(width-1)-1]
-
-                u[i] = uLocal;
-                boolean s = true;
-                if (uLocal < 0)
-                {
-                    s = false;
-                    uLocal = (byte)-uLocal;
-                }
-                // uLocal is now >= 0
-
-                if (s)
-                {
-                    r0 = r0.subtract(alpha[uLocal].u);
-                    r1 = r1.subtract(alpha[uLocal].v);
-                }
-                else
-                {
-                    r0 = r0.add(alpha[uLocal].u);
-                    r1 = r1.add(alpha[uLocal].v);
-                }
-            }
-            else
-            {
-                u[i] = 0;
-            }
-
-            BigInteger t = r0;
-
-            if (mu == 1)
-            {
-                r0 = r1.add(r0.shiftRight(1));
-            }
-            else
-            {
-                // mu == -1
-                r0 = r1.subtract(r0.shiftRight(1));
-            }
-            r1 = t.shiftRight(1).negate();
-            i++;
-        }
-        return u;
-    }
-
-    /**
-     * Does the precomputation for WTNAF multiplication.
-     * @param p The ECPoint for which to do the precomputation.
-     * @param a The parameter a of the elliptic curve.
-     * @return The precomputation array for p. 
-     */
-    public static ECPoint.F2m[] getPreComp(ECPoint.F2m p, byte a)
-    {
-        ECPoint.F2m[] pu;
-        pu = new ECPoint.F2m[16];
-        pu[1] = p;
-        byte[][] alphaTnaf;
-        if (a == 0)
-        {
-            alphaTnaf = Tnaf.alpha0Tnaf;
-        }
-        else
-        {
-            // a == 1
-            alphaTnaf = Tnaf.alpha1Tnaf;
-        }
-
-        int precompLen = alphaTnaf.length;
-        for (int i = 3; i < precompLen; i = i + 2)
-        {
-            pu[i] = Tnaf.multiplyFromTnaf(p, alphaTnaf[i]);
-        }
-        
-        return pu;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java
deleted file mode 100644
index 10c8ed24f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java
+++ /dev/null
@@ -1,240 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Class implementing the WNAF (Window Non-Adjacent Form) multiplication
- * algorithm.
- */
-class WNafMultiplier implements ECMultiplier
-{
-    /**
-     * Computes the Window NAF (non-adjacent Form) of an integer.
-     * @param width The width w of the Window NAF. The width is
-     * defined as the minimal number w, such that for any
-     * w consecutive digits in the resulting representation, at
-     * most one is non-zero.
-     * @param k The integer of which the Window NAF is computed.
-     * @return The Window NAF of the given width, such that the following holds:
-     * k = ∑i=0l-1 ki2i
-     * , where the ki denote the elements of the
-     * returned byte[].
-     */
-    public byte[] windowNaf(byte width, BigInteger k)
-    {
-        // The window NAF is at most 1 element longer than the binary
-        // representation of the integer k. byte can be used instead of short or
-        // int unless the window width is larger than 8. For larger width use
-        // short or int. However, a width of more than 8 is not efficient for
-        // m = log2(q) smaller than 2305 Bits. Note: Values for m larger than
-        // 1000 Bits are currently not used in practice.
-        byte[] wnaf = new byte[k.bitLength() + 1];
-
-        // 2^width as short and BigInteger
-        short pow2wB = (short)(1 << width);
-        BigInteger pow2wBI = BigInteger.valueOf(pow2wB);
-
-        int i = 0;
-
-        // The actual length of the WNAF
-        int length = 0;
-
-        // while k >= 1
-        while (k.signum() > 0)
-        {
-            // if k is odd
-            if (k.testBit(0))
-            {
-                // k mod 2^width
-                BigInteger remainder = k.mod(pow2wBI);
-
-                // if remainder > 2^(width - 1) - 1
-                if (remainder.testBit(width - 1))
-                {
-                    wnaf[i] = (byte)(remainder.intValue() - pow2wB);
-                }
-                else
-                {
-                    wnaf[i] = (byte)remainder.intValue();
-                }
-                // wnaf[i] is now in [-2^(width-1), 2^(width-1)-1]
-
-                k = k.subtract(BigInteger.valueOf(wnaf[i]));
-                length = i;
-            }
-            else
-            {
-                wnaf[i] = 0;
-            }
-
-            // k = k/2
-            k = k.shiftRight(1);
-            i++;
-        }
-
-        length++;
-
-        // Reduce the WNAF array to its actual length
-        byte[] wnafShort = new byte[length];
-        System.arraycopy(wnaf, 0, wnafShort, 0, length);
-        return wnafShort;
-    }
-
-    /**
-     * Multiplies this by an integer k using the
-     * Window NAF method.
-     * @param k The integer by which this is multiplied.
-     * @return A new ECPoint which equals this
-     * multiplied by k.
-     */
-    public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
-    {
-        WNafPreCompInfo wnafPreCompInfo;
-
-        if ((preCompInfo != null) && (preCompInfo instanceof WNafPreCompInfo))
-        {
-            wnafPreCompInfo = (WNafPreCompInfo)preCompInfo;
-        }
-        else
-        {
-            // Ignore empty PreCompInfo or PreCompInfo of incorrect type
-            wnafPreCompInfo = new WNafPreCompInfo();
-        }
-
-        // floor(log2(k))
-        int m = k.bitLength();
-
-        // width of the Window NAF
-        byte width;
-
-        // Required length of precomputation array
-        int reqPreCompLen;
-
-        // Determine optimal width and corresponding length of precomputation
-        // array based on literature values
-        if (m < 13)
-        {
-            width = 2;
-            reqPreCompLen = 1;
-        }
-        else
-        {
-            if (m < 41)
-            {
-                width = 3;
-                reqPreCompLen = 2;
-            }
-            else
-            {
-                if (m < 121)
-                {
-                    width = 4;
-                    reqPreCompLen = 4;
-                }
-                else
-                {
-                    if (m < 337)
-                    {
-                        width = 5;
-                        reqPreCompLen = 8;
-                    }
-                    else
-                    {
-                        if (m < 897)
-                        {
-                            width = 6;
-                            reqPreCompLen = 16;
-                        }
-                        else
-                        {
-                            if (m < 2305)
-                            {
-                                width = 7;
-                                reqPreCompLen = 32;
-                            }
-                            else
-                            {
-                                width = 8;
-                                reqPreCompLen = 127;
-                            }
-                        }
-                    }
-                }
-            }
-        }
-
-        // The length of the precomputation array
-        int preCompLen = 1;
-
-        ECPoint[] preComp = wnafPreCompInfo.getPreComp();
-        ECPoint twiceP = wnafPreCompInfo.getTwiceP();
-
-        // Check if the precomputed ECPoints already exist
-        if (preComp == null)
-        {
-            // Precomputation must be performed from scratch, create an empty
-            // precomputation array of desired length
-            preComp = new ECPoint[]{ p };
-        }
-        else
-        {
-            // Take the already precomputed ECPoints to start with
-            preCompLen = preComp.length;
-        }
-
-        if (twiceP == null)
-        {
-            // Compute twice(p)
-            twiceP = p.twice();
-        }
-
-        if (preCompLen < reqPreCompLen)
-        {
-            // Precomputation array must be made bigger, copy existing preComp
-            // array into the larger new preComp array
-            ECPoint[] oldPreComp = preComp;
-            preComp = new ECPoint[reqPreCompLen];
-            System.arraycopy(oldPreComp, 0, preComp, 0, preCompLen);
-
-            for (int i = preCompLen; i < reqPreCompLen; i++)
-            {
-                // Compute the new ECPoints for the precomputation array.
-                // The values 1, 3, 5, ..., 2^(width-1)-1 times p are
-                // computed
-                preComp[i] = twiceP.add(preComp[i - 1]);
-            }            
-        }
-
-        // Compute the Window NAF of the desired width
-        byte[] wnaf = windowNaf(width, k);
-        int l = wnaf.length;
-
-        // Apply the Window NAF to p using the precomputed ECPoint values.
-        ECPoint q = p.getCurve().getInfinity();
-        for (int i = l - 1; i >= 0; i--)
-        {
-            q = q.twice();
-
-            if (wnaf[i] != 0)
-            {
-                if (wnaf[i] > 0)
-                {
-                    q = q.add(preComp[(wnaf[i] - 1)/2]);
-                }
-                else
-                {
-                    // wnaf[i] < 0
-                    q = q.subtract(preComp[(-wnaf[i] - 1)/2]);
-                }
-            }
-        }
-
-        // Set PreCompInfo in ECPoint, such that it is available for next
-        // multiplication.
-        wnafPreCompInfo.setPreComp(preComp);
-        wnafPreCompInfo.setTwiceP(twiceP);
-        p.setPreCompInfo(wnafPreCompInfo);
-        return q;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
deleted file mode 100644
index fc0d5fe91..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.math.ec;
-
-/**
- * Class holding precomputation data for the WNAF (Window Non-Adjacent Form)
- * algorithm.
- */
-class WNafPreCompInfo implements PreCompInfo
-{
-    /**
-     * Array holding the precomputed ECPoints used for the Window
-     * NAF multiplication in 
-     * {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
-     * WNafMultiplier.multiply()}.
-     */
-    private ECPoint[] preComp = null;
-
-    /**
-     * Holds an ECPoint representing twice(this). Used for the
-     * Window NAF multiplication in 
-     * {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
-     * WNafMultiplier.multiply()}.
-     */
-    private ECPoint twiceP = null;
-
-    protected ECPoint[] getPreComp()
-    {
-        return preComp;
-    }
-
-    protected void setPreComp(ECPoint[] preComp)
-    {
-        this.preComp = preComp;
-    }
-
-    protected ECPoint getTwiceP()
-    {
-        return twiceP;
-    }
-
-    protected void setTwiceP(ECPoint twiceThis)
-    {
-        this.twiceP = twiceThis;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
deleted file mode 100644
index 2353979eb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Class implementing the WTNAF (Window
- * τ-adic Non-Adjacent Form) algorithm.
- */
-class WTauNafMultiplier implements ECMultiplier
-{
-    /**
-     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
-     * by k using the reduced τ-adic NAF (RTNAF)
-     * method.
-     * @param p The ECPoint.F2m to multiply.
-     * @param k The integer by which to multiply k.
-     * @return p multiplied by k.
-     */
-    public ECPoint multiply(ECPoint point, BigInteger k, PreCompInfo preCompInfo)
-    {
-        if (!(point instanceof ECPoint.F2m))
-        {
-            throw new IllegalArgumentException("Only ECPoint.F2m can be " +
-                    "used in WTauNafMultiplier");
-        }
-
-        ECPoint.F2m p = (ECPoint.F2m)point;
-
-        ECCurve.F2m curve = (ECCurve.F2m) p.getCurve();
-        int m = curve.getM();
-        byte a = curve.getA().toBigInteger().byteValue();
-        byte mu = curve.getMu();
-        BigInteger[] s = curve.getSi();
-
-        ZTauElement rho = Tnaf.partModReduction(k, m, a, s, mu, (byte)10);
-
-        return multiplyWTnaf(p, rho, preCompInfo, a, mu);
-    }
-
-    /**
-     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
-     * by an element λ of Z[τ] using
-     * the τ-adic NAF (TNAF) method.
-     * @param p The ECPoint.F2m to multiply.
-     * @param lambda The element λ of
-     * Z[τ] of which to compute the
-     * [τ]-adic NAF.
-     * @return p multiplied by λ.
-     */
-    private ECPoint.F2m multiplyWTnaf(ECPoint.F2m p, ZTauElement lambda,
-            PreCompInfo preCompInfo, byte a, byte mu)
-    {
-        ZTauElement[] alpha;
-        if (a == 0)
-        {
-            alpha = Tnaf.alpha0;
-        }
-        else
-        {
-            // a == 1
-            alpha = Tnaf.alpha1;
-        }
-
-        BigInteger tw = Tnaf.getTw(mu, Tnaf.WIDTH);
-
-        byte[]u = Tnaf.tauAdicWNaf(mu, lambda, Tnaf.WIDTH,
-                BigInteger.valueOf(Tnaf.POW_2_WIDTH), tw, alpha);
-
-        return multiplyFromWTnaf(p, u, preCompInfo);
-    }
-
-    /**
-     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
-     * by an element λ of Z[τ]
-     * using the window τ-adic NAF (TNAF) method, given the
-     * WTNAF of λ.
-     * @param p The ECPoint.F2m to multiply.
-     * @param u The the WTNAF of λ..
-     * @return λ * p
-     */
-    private static ECPoint.F2m multiplyFromWTnaf(ECPoint.F2m p, byte[] u,
-            PreCompInfo preCompInfo)
-    {
-        ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
-        byte a = curve.getA().toBigInteger().byteValue();
-
-        ECPoint.F2m[] pu;
-        if ((preCompInfo == null) || !(preCompInfo instanceof WTauNafPreCompInfo))
-        {
-            pu = Tnaf.getPreComp(p, a);
-            p.setPreCompInfo(new WTauNafPreCompInfo(pu));
-        }
-        else
-        {
-            pu = ((WTauNafPreCompInfo)preCompInfo).getPreComp();
-        }
-
-        // q = infinity
-        ECPoint.F2m q = (ECPoint.F2m) p.getCurve().getInfinity();
-        for (int i = u.length - 1; i >= 0; i--)
-        {
-            q = Tnaf.tau(q);
-            if (u[i] != 0)
-            {
-                if (u[i] > 0)
-                {
-                    q = q.addSimple(pu[u[i]]);
-                }
-                else
-                {
-                    // u[i] < 0
-                    q = q.subtractSimple(pu[-u[i]]);
-                }
-            }
-        }
-
-        return q;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
deleted file mode 100644
index d7c583f1d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.math.ec;
-
-/**
- * Class holding precomputation data for the WTNAF (Window
- * τ-adic Non-Adjacent Form) algorithm.
- */
-class WTauNafPreCompInfo implements PreCompInfo
-{
-    /**
-     * Array holding the precomputed ECPoint.F2ms used for the
-     * WTNAF multiplication in 
-     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
-     * WTauNafMultiplier.multiply()}.
-     */
-    private ECPoint.F2m[] preComp = null;
-
-    /**
-     * Constructor for WTauNafPreCompInfo
-     * @param preComp Array holding the precomputed ECPoint.F2ms
-     * used for the WTNAF multiplication in 
-     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
-     * WTauNafMultiplier.multiply()}.
-     */
-    WTauNafPreCompInfo(ECPoint.F2m[] preComp)
-    {
-        this.preComp = preComp;
-    }
-
-    /**
-     * @return the array holding the precomputed ECPoint.F2ms
-     * used for the WTNAF multiplication in 
-     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
-     * WTauNafMultiplier.multiply()}.
-     */
-    protected ECPoint.F2m[] getPreComp()
-    {
-        return preComp;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ZTauElement.java b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ZTauElement.java
deleted file mode 100644
index 7402f222f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/ZTauElement.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import java.math.BigInteger;
-
-/**
- * Class representing an element of Z[τ]. Let
- * λ be an element of Z[τ]. Then
- * λ is given as λ = u + vτ. The
- * components u and v may be used directly, there
- * are no accessor methods.
- * Immutable class.
- */
-class ZTauElement
-{
-    /**
-     * The "real" part of λ.
-     */
-    public final BigInteger u;
-
-    /**
-     * The "τ-adic" part of λ.
-     */
-    public final BigInteger v;
-
-    /**
-     * Constructor for an element λ of
-     * Z[τ].
-     * @param u The "real" part of λ.
-     * @param v The "τ-adic" part of
-     * λ.
-     */
-    public ZTauElement(BigInteger u, BigInteger v)
-    {
-        this.u = u;
-        this.v = v;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/package.html
deleted file mode 100644
index a02605ba3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/math/ec/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Math support for Elliptic Curve.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java b/fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java
deleted file mode 100644
index ecf851be4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java
+++ /dev/null
@@ -1,134 +0,0 @@
-package org.bouncycastle.mozilla;
-
-import java.io.ByteArrayInputStream;
-
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.NoSuchAlgorithmException;
-import java.security.KeyFactory;
-import java.security.InvalidKeyException;
-import java.security.NoSuchProviderException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.mozilla.PublicKeyAndChallenge;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * This is designed to parse the SignedPublicKeyAndChallenge created by the
- * KEYGEN tag included by Mozilla based browsers.
- *  
    - *  PublicKeyAndChallenge ::= SEQUENCE {
- *    spki SubjectPublicKeyInfo,
- *    challenge IA5STRING
- *  }
- *
- *  SignedPublicKeyAndChallenge ::= SEQUENCE {
- *    publicKeyAndChallenge PublicKeyAndChallenge,
- *    signatureAlgorithm AlgorithmIdentifier,
- *    signature BIT STRING
- *  }
- *  
    
- */
-public class SignedPublicKeyAndChallenge
-    extends ASN1Encodable
-{
-    private static ASN1Sequence toDERSequence(byte[]  bytes)
-    {
-        try
-        {
-            ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
-            ASN1InputStream         aIn = new ASN1InputStream(bIn);
-
-            return (ASN1Sequence)aIn.readObject();
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("badly encoded request");
-        }
-    }
-
-    private ASN1Sequence          spkacSeq;
-    private PublicKeyAndChallenge pkac;
-    private AlgorithmIdentifier   signatureAlgorithm;
-    private DERBitString          signature;
-
-    public SignedPublicKeyAndChallenge(byte[] bytes)
-    {
-        spkacSeq = toDERSequence(bytes);
-        pkac = PublicKeyAndChallenge.getInstance(spkacSeq.getObjectAt(0));
-        signatureAlgorithm = 
-            AlgorithmIdentifier.getInstance(spkacSeq.getObjectAt(1));
-        signature = (DERBitString)spkacSeq.getObjectAt(2);
-    }
-
-    public DERObject toASN1Object()
-    {
-        return spkacSeq;
-    }
-
-    public PublicKeyAndChallenge getPublicKeyAndChallenge()
-    {
-        return pkac;
-    }
-
-    public boolean verify()
-        throws NoSuchAlgorithmException, SignatureException, 
-               NoSuchProviderException, InvalidKeyException
-    {
-        return verify(null);
-    }
-
-    public boolean verify(String provider)
-        throws NoSuchAlgorithmException, SignatureException, 
-               NoSuchProviderException, InvalidKeyException
-    {
-        Signature sig = null;
-        if (provider == null)
-        {
-            sig = Signature.getInstance(signatureAlgorithm.getObjectId().getId());
-        }
-        else
-        {
-            sig = Signature.getInstance(signatureAlgorithm.getObjectId().getId(), provider);
-        }
-        PublicKey pubKey = this.getPublicKey(provider);
-        sig.initVerify(pubKey);
-        DERBitString pkBytes = new DERBitString(pkac);
-        sig.update(pkBytes.getBytes());
-
-        return sig.verify(signature.getBytes());
-    }
-
-    public PublicKey getPublicKey(String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, 
-               InvalidKeyException
-    {
-        SubjectPublicKeyInfo subjectPKInfo = pkac.getSubjectPublicKeyInfo();
-        try
-        {
-            DERBitString bStr = new DERBitString(subjectPKInfo);
-            X509EncodedKeySpec xspec = new X509EncodedKeySpec(bStr.getBytes());
-            
-
-            AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId ();
-
-            KeyFactory factory =
-                KeyFactory.getInstance(keyAlg.getObjectId().getId(),provider);
-
-            return factory.generatePublic(xspec);
-                           
-        }
-        catch (InvalidKeySpecException e)
-        {
-            throw new InvalidKeyException("error encoding public key");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/package.html
deleted file mode 100644
index dd2203e40..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/mozilla/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Support class for mozilla signed public key and challenge.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java
deleted file mode 100644
index 1a9cfcf21..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java
+++ /dev/null
@@ -1,363 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.X509Certificate;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-/**
- * 
    - * BasicOCSPResponse       ::= SEQUENCE {
- *    tbsResponseData      ResponseData,
- *    signatureAlgorithm   AlgorithmIdentifier,
- *    signature            BIT STRING,
- *    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- * 
    
- */
-public class BasicOCSPResp
-    implements java.security.cert.X509Extension
-{
-    BasicOCSPResponse   resp;
-    ResponseData        data;
-    X509Certificate[]   chain = null;
-
-    public BasicOCSPResp(
-        BasicOCSPResponse   resp)
-    {
-        this.resp = resp;
-        this.data = resp.getTbsResponseData();
-    }
-
-    /**
-     * Return the DER encoding of the tbsResponseData field.
-     * @return DER encoding of tbsResponseData
-     * @throws OCSPException in the event of an encoding error.
-     */
-    public byte[] getTBSResponseData()
-        throws OCSPException
-    {
-        try
-        {
-            return resp.getTbsResponseData().getEncoded();
-        }
-        catch (IOException e)
-        {
-            throw new OCSPException("problem encoding tbsResponseData", e);
-        }
-    }
-    
-    public int getVersion()
-    {
-        return data.getVersion().getValue().intValue() + 1;
-    }
-
-    public RespID getResponderId()
-    {
-        return new RespID(data.getResponderID());
-    }
-
-    public Date getProducedAt()
-    {
-        try
-        {
-            return data.getProducedAt().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException:" + e.getMessage());
-        }
-    }
-
-    public SingleResp[] getResponses()
-    {
-        ASN1Sequence    s = data.getResponses();
-        SingleResp[]    rs = new SingleResp[s.size()];
-
-        for (int i = 0; i != rs.length; i++)
-        {
-            rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i)));
-        }
-
-        return rs;
-    }
-
-    public X509Extensions getResponseExtensions()
-    {
-        return data.getResponseExtensions();
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getResponseExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getResponseExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encodable.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    public String getSignatureAlgName()
-    {
-        return OCSPUtil.getAlgorithmName(resp.getSignatureAlgorithm().getObjectId());
-    }
-
-    public String getSignatureAlgOID()
-    {
-        return resp.getSignatureAlgorithm().getObjectId().getId();
-    }
-
-    /**
-     * @deprecated RespData class is no longer required as all functionality is
-     * available on this class.
-     * @return the RespData object
-     */
-    public RespData getResponseData()
-    {
-        return new RespData(resp.getTbsResponseData());
-    }
-
-    public byte[] getSignature()
-    {
-        return resp.getSignature().getBytes();
-    }
-
-    private List getCertList(
-        String provider) 
-        throws OCSPException, NoSuchProviderException
-    {
-        List                    certs = new ArrayList();
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-        CertificateFactory      cf;
-
-        try
-        {
-            cf = OCSPUtil.createX509CertificateFactory(provider);
-        }
-        catch (CertificateException ex)
-        {
-            throw new OCSPException("can't get certificate factory.", ex);
-        }
-
-        //
-        // load the certificates and revocation lists if we have any
-        //
-        ASN1Sequence s = resp.getCerts();
-
-        if (s != null)
-        {
-            Enumeration e = s.getObjects();
-
-            while (e.hasMoreElements())
-            {
-                try
-                {
-                    aOut.writeObject(e.nextElement());
-
-                    certs.add(cf.generateCertificate(
-                        new ByteArrayInputStream(bOut.toByteArray())));
-                }
-                catch (IOException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-                catch (CertificateException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-
-                bOut.reset();
-            }
-        }
-        
-        return certs;
-    }
-    
-    public X509Certificate[] getCerts(
-        String  provider)
-        throws OCSPException, NoSuchProviderException
-    {
-        List                    certs = getCertList(provider);
-            
-        return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]);
-    }
-
-    /**
-     * Return the certificates, if any associated with the response.
-     * @param type type of CertStore to create
-     * @param provider provider to use
-     * @return a CertStore, possibly empty
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     * @throws OCSPException
-     */
-    public CertStore getCertificates(
-        String type,
-        String provider) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
-    {
-        try
-        {
-            CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
-            return OCSPUtil.createCertStoreInstance(type, params, provider);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new OCSPException("can't setup the CertStore", e);
-        }
-    }
-    
-    /**
-     * verify the signature against the tbsResponseData object we contain.
-     */
-    public boolean verify(
-        PublicKey   key,
-        String      sigProvider)
-        throws OCSPException, NoSuchProviderException
-    {
-        try
-        {
-            Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgName(), sigProvider);
-
-            signature.initVerify(key);
-
-            signature.update(resp.getTbsResponseData().getEncoded(ASN1Encodable.DER));
-
-            return signature.verify(this.getSignature());
-        }
-        catch (NoSuchProviderException e)
-        {
-            // TODO Why this special case?
-            throw e;
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing sig: " + e, e);
-        }
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-    	return resp.getEncoded();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-        
-        if (!(o instanceof BasicOCSPResp))
-        {
-            return false;
-        }
-        
-        BasicOCSPResp r = (BasicOCSPResp)o;
-        
-        return resp.equals(r.resp);
-    }
-    
-    public int hashCode()
-    {
-        return resp.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java
deleted file mode 100644
index eadcd0a76..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java
+++ /dev/null
@@ -1,341 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.CertStatus;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * Generator for basic OCSP response objects.
- */
-public class BasicOCSPRespGenerator
-{
-    private List            list = new ArrayList();
-    private X509Extensions  responseExtensions = null;
-    private RespID          responderID;
-
-    private class ResponseObject
-    {
-        CertificateID         certId;
-        CertStatus            certStatus;
-        DERGeneralizedTime    thisUpdate;
-        DERGeneralizedTime    nextUpdate;
-        X509Extensions        extensions;
-
-        public ResponseObject(
-            CertificateID     certId,
-            CertificateStatus certStatus,
-            Date              thisUpdate,
-            Date              nextUpdate,
-            X509Extensions    extensions)
-        {
-            this.certId = certId;
-
-            if (certStatus == null)
-            {
-                this.certStatus = new CertStatus();
-            }
-            else if (certStatus instanceof UnknownStatus)
-            {
-                this.certStatus = new CertStatus(2, new DERNull());
-            }
-            else 
-            {
-                RevokedStatus rs = (RevokedStatus)certStatus;
-                
-                if (rs.hasRevocationReason())
-                {
-                    this.certStatus = new CertStatus(
-                                            new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), new CRLReason(rs.getRevocationReason())));
-                }
-                else
-                {
-                    this.certStatus = new CertStatus(
-                                            new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), null));
-                }
-            }
-
-            this.thisUpdate = new DERGeneralizedTime(thisUpdate);
-            
-            if (nextUpdate != null)
-            {
-                this.nextUpdate = new DERGeneralizedTime(nextUpdate);
-            }
-            else
-            {
-                this.nextUpdate = null;
-            }
-
-            this.extensions = extensions;
-        }
-
-        public SingleResponse toResponse()
-            throws Exception
-        {
-            return new SingleResponse(certId.toASN1Object(), certStatus, thisUpdate, nextUpdate, extensions);
-        }
-    }
-
-    /**
-     * basic constructor
-     */
-    public BasicOCSPRespGenerator(
-        RespID  responderID)
-    {
-        this.responderID = responderID;
-    }
-
-    /**
-     * construct with the responderID to be the SHA-1 keyHash of the passed in public key.
-     */
-    public BasicOCSPRespGenerator(
-        PublicKey       key)
-        throws OCSPException
-    {
-        this.responderID = new RespID(key);
-    }
-
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param certStatus status of the certificate - null if okay
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), null, null));
-    }
-
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions));
-    }
-    
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param nextUpdate date when next update should be requested
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        Date                nextUpdate,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions));
-    }
-    
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param thisUpdate date this response was valid on
-     * @param nextUpdate date when next update should be requested
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        Date                thisUpdate,
-        Date                nextUpdate,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions));
-    }
-    
-    /**
-     * Set the extensions for the response.
-     * 
-     * @param responseExtensions the extension object to carry.
-     */
-    public void setResponseExtensions(
-        X509Extensions  responseExtensions)
-    {
-        this.responseExtensions = responseExtensions;
-    }
-
-    private BasicOCSPResp generateResponse(
-        String              signatureName,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        Date                producedAt,
-        String              provider,
-        SecureRandom        random)
-        throws OCSPException, NoSuchProviderException
-    {
-        Iterator    it = list.iterator();
-        DERObjectIdentifier signingAlgorithm;
-
-        try
-        {
-            signingAlgorithm = OCSPUtil.getAlgorithmOID(signatureName);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("unknown signing algorithm specified");
-        }
-
-        ASN1EncodableVector responses = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            try
-            {
-                responses.add(((ResponseObject)it.next()).toResponse());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception creating Request", e);
-            }
-        }
-
-        ResponseData  tbsResp = new ResponseData(responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
-
-        Signature sig = null;
-
-        try
-        {
-            sig = OCSPUtil.createSignatureInstance(signatureName, provider);
-            if (random != null)
-            {
-                sig.initSign(key, random);
-            }
-            else
-            {
-                sig.initSign(key);
-            }
-        }
-        catch (NoSuchProviderException e)
-        {
-            // TODO Why this special case?
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OCSPException("exception creating signature: " + e, e);
-        }
-
-        DERBitString    bitSig = null;
-
-        try
-        {
-            sig.update(tbsResp.getEncoded(ASN1Encodable.DER));
-
-            bitSig = new DERBitString(sig.sign());
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing TBSRequest: " + e, e);
-        }
-
-        AlgorithmIdentifier sigAlgId = OCSPUtil.getSigAlgID(signingAlgorithm);
-
-        DERSequence chainSeq = null;
-        if (chain != null && chain.length > 0)
-        {
-            ASN1EncodableVector v = new ASN1EncodableVector();
-            try
-            {
-                for (int i = 0; i != chain.length; i++)
-                {
-                    v.add(new X509CertificateStructure(
-                        (ASN1Sequence)ASN1Object.fromByteArray(chain[i].getEncoded())));
-                }
-            }
-            catch (IOException e)
-            {
-                throw new OCSPException("error processing certs", e);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new OCSPException("error encoding certs", e);
-            }
-
-            chainSeq = new DERSequence(v);
-        }
-
-        return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
-    }
-    
-    public BasicOCSPResp generate(
-        String             signingAlgorithm,
-        PrivateKey         key,
-        X509Certificate[]  chain,
-        Date               thisUpdate,
-        String             provider)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        return generate(signingAlgorithm, key, chain, thisUpdate, provider, null);
-    }
-
-    public BasicOCSPResp generate(
-        String             signingAlgorithm,
-        PrivateKey         key,
-        X509Certificate[]  chain,
-        Date               producedAt,
-        String             provider,
-        SecureRandom       random)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        if (signingAlgorithm == null)
-        {
-            throw new IllegalArgumentException("no signing algorithm specified");
-        }
-
-        return generateResponse(signingAlgorithm, key, chain, producedAt, provider, random);
-    }
-    
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return OCSPUtil.getAlgNames();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateID.java
deleted file mode 100644
index 31bb85297..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateID.java
+++ /dev/null
@@ -1,170 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.CertID;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-
-public class CertificateID
-{
-    public static final String HASH_SHA1 = "1.3.14.3.2.26";
-
-    private final CertID id;
-
-    public CertificateID(
-        CertID id)
-    {
-        if (id == null)
-        {
-            throw new IllegalArgumentException("'id' cannot be null");
-        }
-        this.id = id;
-    }
-
-    /**
-     * create from an issuer certificate and the serial number of the
-     * certificate it signed.
-     *
-     * @param hashAlgorithm hash algorithm to use
-     * @param issuerCert issuing certificate
-     * @param number serial number
-     * @param provider provider to use for hashAlgorithm, null if the default one should be used.
-     *
-     * @exception OCSPException if any problems occur creating the id fields.
-     */
-    public CertificateID(
-        String          hashAlgorithm,
-        X509Certificate issuerCert,
-        BigInteger      number,
-        String          provider)
-        throws OCSPException
-    {
-        AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
-            new DERObjectIdentifier(hashAlgorithm), DERNull.INSTANCE);
-
-        this.id = createCertID(hashAlg, issuerCert, new DERInteger(number), provider);
-    }
-
-    /**
-     * create using the BC provider
-     */
-    public CertificateID(
-        String          hashAlgorithm,
-        X509Certificate issuerCert,
-        BigInteger      number)
-        throws OCSPException
-    {
-        this(hashAlgorithm, issuerCert, number, "BC");
-    }
-
-    public String getHashAlgOID()
-    {
-        return id.getHashAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getIssuerNameHash()
-    {
-        return id.getIssuerNameHash().getOctets();
-    }
-
-    public byte[] getIssuerKeyHash()
-    {
-        return id.getIssuerKeyHash().getOctets();
-    }
-
-    /**
-     * return the serial number for the certificate associated
-     * with this request.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return id.getSerialNumber().getValue();
-    }
-
-    public boolean matchesIssuer(X509Certificate issuerCert, String provider)
-        throws OCSPException
-    {
-        return createCertID(id.getHashAlgorithm(), issuerCert, id.getSerialNumber(), provider)
-            .equals(id);
-    }
-
-    public CertID toASN1Object()
-    {
-        return id;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof CertificateID))
-        {
-            return false;
-        }
-
-        CertificateID   obj = (CertificateID)o;
-
-        return id.getDERObject().equals(obj.id.getDERObject());
-    }
-
-    public int hashCode()
-    {
-        return id.getDERObject().hashCode();
-    }
-
-    /**
-     * Create a new CertificateID for a new serial number derived from a previous one
-     * calculated for the same CA certificate.
-     *
-     * @param original the previously calculated CertificateID for the CA.
-     * @param newSerialNumber the serial number for the new certificate of interest.
-     *
-     * @return a new CertificateID for newSerialNumber
-     */
-    public static CertificateID deriveCertificateID(CertificateID original, BigInteger newSerialNumber)
-    {
-        return new CertificateID(new CertID(original.id.getHashAlgorithm(), original.id.getIssuerNameHash(), original.id.getIssuerKeyHash(), new DERInteger(newSerialNumber)));
-    }
-
-    private static CertID createCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert,
-        DERInteger serialNumber, String provider)
-        throws OCSPException
-    {
-        try
-        {
-            MessageDigest digest = OCSPUtil.createDigestInstance(hashAlg.getAlgorithm() .getId(),
-                provider);
-
-            X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(issuerCert);
-
-            digest.update(issuerName.getEncoded());
-
-            ASN1OctetString issuerNameHash = new DEROctetString(digest.digest());
-            PublicKey issuerKey = issuerCert.getPublicKey();
-
-            ASN1InputStream aIn = new ASN1InputStream(issuerKey.getEncoded());
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
-
-            digest.update(info.getPublicKeyData().getBytes());
-
-            ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest());
-
-            return new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("problem creating ID: " + e, e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java
deleted file mode 100644
index 992ca55fd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java
+++ /dev/null
@@ -1,6 +0,0 @@
-package org.bouncycastle.ocsp;
-
-public interface CertificateStatus
-{
-    public static final CertificateStatus GOOD = null;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPException.java
deleted file mode 100644
index d354a310f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.ocsp;
-
-public class OCSPException
-    extends Exception
-{
-    Exception   e;
-
-    public OCSPException(
-        String name)
-    {
-        super(name);
-    }
-
-    public OCSPException(
-        String name,
-        Exception e)
-    {
-        super(name);
-
-        this.e = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return e;
-    }
-
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReq.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReq.java
deleted file mode 100644
index 99de6073f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReq.java
+++ /dev/null
@@ -1,414 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ocsp.OCSPRequest;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * 
    - * OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- *
- *   TBSRequest      ::=     SEQUENCE {
- *       version             [0]     EXPLICIT Version DEFAULT v1,
- *       requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
- *       requestList                 SEQUENCE OF Request,
- *       requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
- *
- *   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm      AlgorithmIdentifier,
- *       signature               BIT STRING,
- *       certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
- *
- *   Version         ::=             INTEGER  {  v1(0) }
- *
- *   Request         ::=     SEQUENCE {
- *       reqCert                     CertID,
- *       singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
- *
- *   CertID          ::=     SEQUENCE {
- *       hashAlgorithm       AlgorithmIdentifier,
- *       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
- *       serialNumber        CertificateSerialNumber }
- * 
    
- */
-public class OCSPReq
-    implements java.security.cert.X509Extension
-{
-    private OCSPRequest       req;
-
-    public OCSPReq(
-        OCSPRequest req)
-    {
-        this.req = req;
-    }
-    
-    public OCSPReq(
-        byte[]          req)
-        throws IOException
-    {
-        this(new ASN1InputStream(req));
-    }
-
-    public OCSPReq(
-        InputStream     in)
-        throws IOException
-    {
-        this(new ASN1InputStream(in));
-    }
-
-    private OCSPReq(
-        ASN1InputStream aIn) 
-        throws IOException
-    {
-        try
-        {
-            this.req = OCSPRequest.getInstance(aIn.readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("malformed request: " + e.getMessage());
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("malformed request: " + e.getMessage());
-        }
-    }
-
-    /**
-     * Return the DER encoding of the tbsRequest field.
-     * @return DER encoding of tbsRequest
-     * @throws OCSPException in the event of an encoding error.
-     */
-    public byte[] getTBSRequest()
-        throws OCSPException
-    {
-        try
-        {
-            return req.getTbsRequest().getEncoded();
-        }
-        catch (IOException e)
-        {
-            throw new OCSPException("problem encoding tbsRequest", e);
-        }
-    }
-    
-    public int getVersion()
-    {
-        return req.getTbsRequest().getVersion().getValue().intValue() + 1;
-    }
-    
-    public GeneralName getRequestorName()
-    {
-        return GeneralName.getInstance(req.getTbsRequest().getRequestorName());
-    }
-
-    public Req[] getRequestList()
-    {
-        ASN1Sequence    seq = req.getTbsRequest().getRequestList();
-        Req[]           requests = new Req[seq.size()];
-
-        for (int i = 0; i != requests.length; i++)
-        {
-            requests[i] = new Req(Request.getInstance(seq.getObjectAt(i)));
-        }
-
-        return requests;
-    }
-
-    public X509Extensions getRequestExtensions()
-    {
-        return X509Extensions.getInstance(req.getTbsRequest().getRequestExtensions());
-    }
-
-    /**
-     * return the object identifier representing the signature algorithm
-     */
-    public String getSignatureAlgOID()
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-
-        return req.getOptionalSignature().getSignatureAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getSignature()
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-
-        return req.getOptionalSignature().getSignature().getBytes();
-    }
-    
-    private List getCertList(
-        String provider) 
-        throws OCSPException, NoSuchProviderException
-    {
-        List                  certs = new ArrayList();
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        ASN1OutputStream      aOut = new ASN1OutputStream(bOut);
-        CertificateFactory    cf;
-
-        try
-        {
-            cf = OCSPUtil.createX509CertificateFactory(provider);
-        }
-        catch (CertificateException ex)
-        {
-            throw new OCSPException("can't get certificate factory.", ex);
-        }
-
-        //
-        // load the certificates if we have any
-        //
-        ASN1Sequence s = req.getOptionalSignature().getCerts();
-
-        if (s != null)
-        {
-            Enumeration e = s.getObjects();
-
-            while (e.hasMoreElements())
-            {
-                try
-                {
-                    aOut.writeObject(e.nextElement());
-
-                    certs.add(cf.generateCertificate(
-                        new ByteArrayInputStream(bOut.toByteArray())));
-                }
-                catch (IOException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-                catch (CertificateException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-
-                bOut.reset();
-            }
-        }
-        
-        return certs;
-    }
-    
-    public X509Certificate[] getCerts(
-        String  provider)
-        throws OCSPException, NoSuchProviderException
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-    
-        List         certs = this.getCertList(provider);
-        
-        return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]);
-    }
-    
-    /**
-     * If the request is signed return a possibly empty CertStore containing the certificates in the
-     * request. If the request is not signed the method returns null.
-     * 
-     * @param type type of CertStore to return
-     * @param provider provider to use
-     * @return null if not signed, a CertStore otherwise
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     * @throws OCSPException
-     */
-    public CertStore getCertificates(
-        String type,
-        String provider) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-        
-        try
-        {
-            CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
-            return OCSPUtil.createCertStoreInstance(type, params, provider);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new OCSPException("can't setup the CertStore", e);
-        }
-    }
-    
-    /**
-     * Return whether or not this request is signed.
-     * 
-     * @return true if signed false otherwise.
-     */
-    public boolean isSigned()
-    {
-        return req.getOptionalSignature() != null;
-    }
-
-    /**
-     * verify the signature against the TBSRequest object we contain.
-     */
-    public boolean verify(
-        PublicKey   key,
-        String      sigProvider)
-        throws OCSPException, NoSuchProviderException
-    {
-        if (!this.isSigned())
-        {
-            throw new OCSPException("attempt to verify signature on unsigned object");
-        }
-
-        try
-        {
-            Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgOID(), sigProvider);
-
-            signature.initVerify(key);
-
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-            aOut.writeObject(req.getTbsRequest());
-
-            signature.update(bOut.toByteArray());
-
-            return signature.verify(this.getSignature());
-        }
-        catch (NoSuchProviderException e)
-        {
-            // TODO Why this special case?
-            throw e;
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing sig: " + e, e);
-        }
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-        aOut.writeObject(req);
-
-        return bOut.toByteArray();
-    }
-
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getRequestExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getRequestExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new ASN1ObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encodable.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java
deleted file mode 100644
index e8323e411..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java
+++ /dev/null
@@ -1,290 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.ocsp.OCSPRequest;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.ocsp.Signature;
-import org.bouncycastle.asn1.ocsp.TBSRequest;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-
-public class OCSPReqGenerator
-{
-    private List            list = new ArrayList();
-    private GeneralName     requestorName = null;
-    private X509Extensions  requestExtensions = null;
-
-    private class RequestObject
-    {
-        CertificateID   certId;
-        X509Extensions  extensions;
-
-        public RequestObject(
-            CertificateID   certId,
-            X509Extensions  extensions)
-        {
-            this.certId = certId;
-            this.extensions = extensions;
-        }
-
-        public Request toRequest()
-            throws Exception
-        {
-            return new Request(certId.toASN1Object(), extensions);
-        }
-    }
-
-    /**
-     * Add a request for the given CertificateID.
-     * 
-     * @param certId certificate ID of interest
-     */
-    public void addRequest(
-        CertificateID   certId)
-    {
-        list.add(new RequestObject(certId, null));
-    }
-
-    /**
-     * Add a request with extensions
-     * 
-     * @param certId certificate ID of interest
-     * @param singleRequestExtensions the extensions to attach to the request
-     */
-    public void addRequest(
-        CertificateID   certId,
-        X509Extensions  singleRequestExtensions)
-    {
-        list.add(new RequestObject(certId, singleRequestExtensions));
-    }
-
-    /**
-     * Set the requestor name to the passed in X500Principal
-     * 
-     * @param requestorName a X500Principal representing the requestor name.
-     */
-    public void setRequestorName(
-        X500Principal        requestorName)
-    {
-        try
-        {
-            this.requestorName = new GeneralName(GeneralName.directoryName, new X509Principal(requestorName.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("cannot encode principal: " + e);
-        }
-    }
-
-    public void setRequestorName(
-        GeneralName         requestorName)
-    {
-        this.requestorName = requestorName;
-    }
-    
-    public void setRequestExtensions(
-        X509Extensions      requestExtensions)
-    {
-        this.requestExtensions = requestExtensions;
-    }
-
-    private OCSPReq generateRequest(
-        DERObjectIdentifier signingAlgorithm,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        String              provider,
-        SecureRandom        random)
-        throws OCSPException, NoSuchProviderException
-    {
-        Iterator    it = list.iterator();
-
-        ASN1EncodableVector requests = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            try
-            {
-                requests.add(((RequestObject)it.next()).toRequest());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception creating Request", e);
-            }
-        }
-
-        TBSRequest  tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
-
-        java.security.Signature sig = null;
-        Signature               signature = null;
-
-        if (signingAlgorithm != null)
-        {
-            if (requestorName == null)
-            {
-                throw new OCSPException("requestorName must be specified if request is signed.");
-            }
-            
-            try
-            {
-                sig = OCSPUtil.createSignatureInstance(signingAlgorithm.getId(), provider);
-                if (random != null)
-                {
-                    sig.initSign(key, random);
-                }
-                else
-                {
-                    sig.initSign(key);
-                }
-            }
-            catch (NoSuchProviderException e)
-            {
-                // TODO Why this special case?
-                throw e;
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new OCSPException("exception creating signature: " + e, e);
-            }
-
-            DERBitString    bitSig = null;
-
-            try
-            {
-                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-                ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-                aOut.writeObject(tbsReq);
-
-                sig.update(bOut.toByteArray());
-
-                bitSig = new DERBitString(sig.sign());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception processing TBSRequest: " + e, e);
-            }
-
-            AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, new DERNull());
-
-            if (chain != null && chain.length > 0)
-            {
-                ASN1EncodableVector v = new ASN1EncodableVector();
-                try
-                {
-                    for (int i = 0; i != chain.length; i++)
-                    {
-                        v.add(new X509CertificateStructure(
-                            (ASN1Sequence)ASN1Object.fromByteArray(chain[i].getEncoded())));
-                    }
-                }
-                catch (IOException e)
-                {
-                    throw new OCSPException("error processing certs", e);
-                }
-                catch (CertificateEncodingException e)
-                {
-                    throw new OCSPException("error encoding certs", e);
-                }
-
-                signature = new Signature(sigAlgId, bitSig, new DERSequence(v));
-            }
-            else
-            {
-                signature = new Signature(sigAlgId, bitSig);
-            }
-        }
-
-        return new OCSPReq(new OCSPRequest(tbsReq, signature));
-    }
-    
-    /**
-     * Generate an unsigned request
-     * 
-     * @return the OCSPReq
-     * @throws OCSPException
-     */
-    public OCSPReq generate()
-        throws OCSPException
-    {
-        try
-        {
-            return generateRequest(null, null, null, null, null);
-        }
-        catch (NoSuchProviderException e)
-        {
-            //
-            // this shouldn't happen but...
-            //
-            throw new OCSPException("no provider! - " + e, e);
-        }
-    }
-
-    public OCSPReq generate(
-        String              signingAlgorithm,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        String              provider)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        return generate(signingAlgorithm, key, chain, provider, null);
-    }
-
-    public OCSPReq generate(
-        String              signingAlgorithm,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        String              provider,
-        SecureRandom        random)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        if (signingAlgorithm == null)
-        {
-            throw new IllegalArgumentException("no signing algorithm specified");
-        }
-
-        try
-        {
-            DERObjectIdentifier oid = OCSPUtil.getAlgorithmOID(signingAlgorithm);
-            
-            return generateRequest(oid, key, chain, provider, random);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IllegalArgumentException("unknown signing algorithm specified: " + signingAlgorithm);
-        }
-    }
-    
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return OCSPUtil.getAlgNames();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPResp.java
deleted file mode 100644
index 49410d88f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPResp.java
+++ /dev/null
@@ -1,116 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.asn1.ocsp.ResponseBytes;
-
-public class OCSPResp
-{
-    private OCSPResponse    resp;
-
-    public OCSPResp(
-        OCSPResponse    resp)
-    {
-        this.resp = resp;
-    }
-
-    public OCSPResp(
-        byte[]          resp)
-        throws IOException
-    {
-        this(new ASN1InputStream(resp));
-    }
-
-    public OCSPResp(
-        InputStream     in)
-        throws IOException
-    {
-        this(new ASN1InputStream(in));
-    }
-
-    private OCSPResp(
-        ASN1InputStream aIn)
-        throws IOException
-    {
-        try
-        {
-            this.resp = OCSPResponse.getInstance(aIn.readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("malformed response: " + e.getMessage());
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("malformed response: " + e.getMessage());
-        }
-    }
-
-    public int getStatus()
-    {
-        return this.resp.getResponseStatus().getValue().intValue();
-    }
-
-    public Object getResponseObject()
-        throws OCSPException
-    {
-        ResponseBytes   rb = this.resp.getResponseBytes();
-
-        if (rb == null)
-        {
-            return null;
-        }
-
-        if (rb.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic))
-        {
-            try
-            {
-                ASN1Object obj = ASN1Object.fromByteArray(rb.getResponse().getOctets());
-                return new BasicOCSPResp(BasicOCSPResponse.getInstance(obj));
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("problem decoding object: " + e, e);
-            }
-        }
-
-        return rb.getResponse();
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-    	return resp.getEncoded();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-        
-        if (!(o instanceof OCSPResp))
-        {
-            return false;
-        }
-        
-        OCSPResp r = (OCSPResp)o;
-        
-        return resp.equals(r.resp);
-    }
-    
-    public int hashCode()
-    {
-        return resp.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java
deleted file mode 100644
index 18a6b35df..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.*;
-
-import org.bouncycastle.asn1.*;
-import org.bouncycastle.asn1.ocsp.*;
-
-/**
- * base generator for an OCSP response - at the moment this only supports the
- * generation of responses containing BasicOCSP responses.
- */
-public class OCSPRespGenerator
-{
-    public static final int SUCCESSFUL            = 0;  // Response has valid confirmations
-    public static final int MALFORMED_REQUEST     = 1;  // Illegal confirmation request
-    public static final int INTERNAL_ERROR        = 2;  // Internal error in issuer
-    public static final int TRY_LATER             = 3;  // Try again later
-                                                        // (4) is not used
-    public static final int SIG_REQUIRED          = 5;  // Must sign the request
-    public static final int UNAUTHORIZED          = 6;  // Request unauthorized
-
-    public OCSPResp generate(
-        int     status,
-        Object  response)
-        throws OCSPException
-    {
-      if (response == null)
-      {
-              return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(status),null));
-      }
-        if (response instanceof BasicOCSPResp)
-        {
-            BasicOCSPResp   r = (BasicOCSPResp)response;
-            ASN1OctetString octs;
-            
-            try
-            {
-                octs = new DEROctetString(r.getEncoded());
-            }
-            catch (IOException e)
-            {
-                throw new OCSPException("can't encode object.", e);
-            }
-
-            ResponseBytes   rb = new ResponseBytes(
-                    OCSPObjectIdentifiers.id_pkix_ocsp_basic, octs);
-
-            return new OCSPResp(new OCSPResponse(
-                                    new OCSPResponseStatus(status), rb));
-        }
-
-        throw new OCSPException("unknown response object");
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java
deleted file mode 100644
index f58000d99..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.ocsp;
-
-public interface OCSPRespStatus
-{
-    /**
-     * note 4 is not used.
-     */
-    public static final int SUCCESSFUL = 0;         // --Response has valid confirmations
-    public static final int MALFORMED_REQUEST = 1;  // --Illegal confirmation request
-    public static final int INTERNAL_ERROR = 2;     // --Internal error in issuer
-    public static final int TRY_LATER = 3;          // --Try again later
-    public static final int SIGREQUIRED = 5;        // --Must sign the request
-    public static final int UNAUTHORIZED = 6;       //  --Request unauthorized
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java
deleted file mode 100644
index 3536a7eb1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java
+++ /dev/null
@@ -1,198 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.util.Strings;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-class OCSPUtil
-{
-    private static Hashtable algorithms = new Hashtable();
-    private static Hashtable oids = new Hashtable();
-    private static Set       noParams = new HashSet();
-    
-    static
-    {   
-        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-        algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
-        algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
-        algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-        algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-        algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-
-        oids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WITHRSA");
-        oids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, "RIPEMD160WITHRSA");
-        oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, "RIPEMD128WITHRSA");
-        oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, "RIPEMD256WITHRSA");
-        oids.put(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-
-        //
-        // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
-        // The parameters field SHALL be NULL for RSA based signature algorithms.
-        //
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
-        noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-    }
-     
-    static DERObjectIdentifier getAlgorithmOID(
-        String algorithmName)
-    {
-        algorithmName = Strings.toUpperCase(algorithmName);
-        
-        if (algorithms.containsKey(algorithmName))
-        {
-            return (DERObjectIdentifier)algorithms.get(algorithmName);
-        }
-        
-        return new DERObjectIdentifier(algorithmName);
-    }
-
-    static String getAlgorithmName(
-        DERObjectIdentifier oid)
-    {
-        if (oids.containsKey(oid))
-        {
-            return (String)oids.get(oid);
-        }
-        
-        return oid.getId();
-    }
-    
-    static AlgorithmIdentifier getSigAlgID(
-        DERObjectIdentifier sigOid)
-    {
-        if (noParams.contains(sigOid))
-        {
-            return new AlgorithmIdentifier(sigOid);
-        }
-        else
-        {
-            return new AlgorithmIdentifier(sigOid, new DERNull());
-        }
-    }
-    
-    static Iterator getAlgNames()
-    {
-        Enumeration e = algorithms.keys();
-        List        l = new ArrayList();
-        
-        while (e.hasMoreElements())
-        {
-            l.add(e.nextElement());
-        }
-        
-        return l.iterator();
-    }
-
-    static CertStore createCertStoreInstance(String type, CertStoreParameters params, String provider)
-        throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return CertStore.getInstance(type, params);
-        }
-
-        return CertStore.getInstance(type, params, provider);
-    }
-
-    static MessageDigest createDigestInstance(String digestName, String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return MessageDigest.getInstance(digestName);
-        }
-
-        return MessageDigest.getInstance(digestName, provider);
-    }
-
-    static Signature createSignatureInstance(String sigName, String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return Signature.getInstance(sigName);
-        }
-
-        return Signature.getInstance(sigName, provider);
-    }
-
-    static CertificateFactory createX509CertificateFactory(String provider)
-        throws CertificateException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return CertificateFactory.getInstance("X.509");
-        }
-
-        return CertificateFactory.getInstance("X.509", provider);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/Req.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/Req.java
deleted file mode 100644
index 61c404887..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/Req.java
+++ /dev/null
@@ -1,108 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class Req
-    implements java.security.cert.X509Extension
-{
-    private Request req;
-
-    public Req(
-        Request req)
-    {
-        this.req = req;
-    }
-
-    public CertificateID getCertID()
-    {
-        return new CertificateID(req.getReqCert());
-    }
-
-    public X509Extensions getSingleRequestExtensions()
-    {
-        return req.getSingleRequestExtensions();
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getSingleRequestExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getSingleRequestExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encodable.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespData.java
deleted file mode 100644
index 93b4752c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespData.java
+++ /dev/null
@@ -1,142 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-import java.text.ParseException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-public class RespData
-    implements java.security.cert.X509Extension
-{
-    ResponseData    data;
-
-    public RespData(
-        ResponseData    data)
-    {
-        this.data = data;
-    }
-
-    public int getVersion()
-    {
-        return data.getVersion().getValue().intValue() + 1;
-    }
-
-    public RespID getResponderId()
-    {
-        return new RespID(data.getResponderID());
-    }
-
-    public Date getProducedAt()
-    {
-        try
-        {
-            return data.getProducedAt().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException:" + e.getMessage());
-        }
-    }
-
-    public SingleResp[] getResponses()
-    {
-        ASN1Sequence    s = data.getResponses();
-        SingleResp[]    rs = new SingleResp[s.size()];
-
-        for (int i = 0; i != rs.length; i++)
-        {
-            rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i)));
-        }
-
-        return rs;
-    }
-
-    public X509Extensions getResponseExtensions()
-    {
-        return data.getResponseExtensions();
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getResponseExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getResponseExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encodable.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespID.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespID.java
deleted file mode 100644
index 631086c64..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RespID.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.security.MessageDigest;
-import java.security.PublicKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.ResponderID;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-/**
- * Carrier for a ResponderID.
- */
-public class RespID
-{
-    ResponderID id;
-
-    public RespID(
-        ResponderID id)
-    {
-        this.id = id;
-    }
-
-    public RespID(
-        X500Principal   name)
-    {
-        this.id = new ResponderID(X500Name.getInstance(name.getEncoded()));
-    }
-
-    public RespID(
-        PublicKey   key)
-        throws OCSPException
-    {
-        try
-        {
-            // TODO Allow specification of a particular provider
-            MessageDigest digest = OCSPUtil.createDigestInstance("SHA1", null);
-
-            ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
-
-            digest.update(info.getPublicKeyData().getBytes());
-
-            ASN1OctetString keyHash = new DEROctetString(digest.digest());
-
-            this.id = new ResponderID(keyHash);
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("problem creating ID: " + e, e);
-        }
-    }
-
-    public ResponderID toASN1Object()
-    {
-        return id;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof RespID))
-        {
-            return false;
-        }
-
-        RespID   obj = (RespID)o;
-
-        return id.equals(obj.id);
-    }
-
-    public int hashCode()
-    {
-        return id.hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java
deleted file mode 100644
index df49029c5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.x509.CRLReason;
-
-import java.text.ParseException;
-import java.util.Date;
-
-/**
- * wrapper for the RevokedInfo object
- */
-public class RevokedStatus
-    implements CertificateStatus
-{
-    RevokedInfo info;
-
-    public RevokedStatus(
-        RevokedInfo info)
-    {
-        this.info = info;
-    }
-    
-    public RevokedStatus(
-        Date        revocationDate,
-        int         reason)
-    {
-        this.info = new RevokedInfo(new DERGeneralizedTime(revocationDate), new CRLReason(reason));
-    }
-
-    public Date getRevocationTime()
-    {
-        try
-        {
-            return info.getRevocationTime().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException:" + e.getMessage());
-        }
-    }
-
-    public boolean hasRevocationReason()
-    {
-        return (info.getRevocationReason() != null);
-    }
-
-    /**
-     * return the revocation reason. Note: this field is optional, test for it
-     * with hasRevocationReason() first.
-     * @return the revocation reason value.
-     * @exception IllegalStateException if a reason is asked for and none is avaliable
-     */
-    public int getRevocationReason()
-    {
-        if (info.getRevocationReason() == null)
-        {
-            throw new IllegalStateException("attempt to get a reason where none is available");
-        }
-
-        return info.getRevocationReason().getValue().intValue();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/SingleResp.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/SingleResp.java
deleted file mode 100644
index 4010f0ca7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/SingleResp.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.CertStatus;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-import java.text.ParseException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-public class SingleResp
-    implements java.security.cert.X509Extension
-{
-    SingleResponse  resp;
-
-    public SingleResp(
-        SingleResponse  resp)
-    {
-        this.resp = resp;
-    }
-
-    public CertificateID getCertID()
-    {
-        return new CertificateID(resp.getCertID());
-    }
-
-    /**
-     * Return the status object for the response - null indicates good.
-     * 
-     * @return the status object for the response, null if it is good.
-     */
-    public Object getCertStatus()
-    {
-        CertStatus  s = resp.getCertStatus();
-
-        if (s.getTagNo() == 0)
-        {
-            return null;            // good
-        }
-        else if (s.getTagNo() == 1)
-        {
-            return new RevokedStatus(RevokedInfo.getInstance(s.getStatus()));
-        }
-
-        return new UnknownStatus();
-    }
-
-    public Date getThisUpdate()
-    {
-        try
-        {
-            return resp.getThisUpdate().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException: " + e.getMessage());
-        }
-    }
-
-    /**
-     * return the NextUpdate value - note: this is an optional field so may
-     * be returned as null.
-     *
-     * @return nextUpdate, or null if not present.
-     */
-    public Date getNextUpdate()
-    {
-        if (resp.getNextUpdate() == null)
-        {
-            return null;
-        }
-
-        try
-        {
-            return resp.getNextUpdate().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException: " + e.getMessage());
-        }
-    }
-
-    public X509Extensions getSingleExtensions()
-    {
-        return resp.getSingleExtensions();
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        
-        return extns != null && !extns.isEmpty();
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getSingleExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getSingleExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encodable.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java
deleted file mode 100644
index cd0414767..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.ocsp;
-
-/**
- * wrapper for the UnknownInfo object
- */
-public class UnknownStatus
-    implements CertificateStatus
-{
-    public UnknownStatus()
-    {
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/package.html
deleted file mode 100644
index ca4f53182..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/ocsp/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for dealing Online Certificate Status Protocol (OCSP) - RFC 2560.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/examples/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/examples/package.html
deleted file mode 100644
index e634dfc93..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/examples/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Examples of use of the org.bouncycastle.openpgp package.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/package.html
deleted file mode 100644
index 064527cdc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openpgp/package.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-High level classes for dealing with OpenPGP objects.
-
    
-Note: These are based on the org.bouncycastle.bcpg classes and use a streaming
-model, so for some objects which have an input stream associated it is necessary
-to read to the end of the input stream on the object before trying to read
-another object from the orginal input stream.
-
    
-A word on key ring files. For the purpose of this package a PGP key ring is a master key and
-a collection of sub-keys associated with it. These public and secret key rings are handled by
-the PGPPublicKey ring class and the PGPSecretKeyRing class respectively. In the case where
-you are trying to read an key file which has multiple key rings in it, use PGPSecretKeyRingCollection
-for the secret key file and PGPPublicKeyRingCollection for the public key file.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/EncryptionException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/EncryptionException.java
deleted file mode 100644
index b8395681a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/EncryptionException.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-
-public class EncryptionException
-    extends IOException
-{
-    private Throwable cause;
-
-    public EncryptionException(String msg)
-    {
-        super(msg);
-    }
-
-    public EncryptionException(String msg, Throwable ex)
-    {
-        super(msg);
-        this.cause = ex;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java
deleted file mode 100644
index 5793007c2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java
+++ /dev/null
@@ -1,335 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.io.pem.PemGenerationException;
-import org.bouncycastle.util.io.pem.PemHeader;
-import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.io.pem.PemObjectGenerator;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-
-/**
- * PEM generator for the original set of PEM objects used in Open SSL.
- */
-public class MiscPEMGenerator
-    implements PemObjectGenerator
-{
-    private Object obj;
-    private String algorithm;
-    private char[] password;
-    private SecureRandom random;
-    private Provider provider;
-
-    public MiscPEMGenerator(Object o)
-    {
-        this.obj = o;
-    }
-
-    public MiscPEMGenerator(
-        Object       obj,
-        String       algorithm,
-        char[]       password,
-        SecureRandom random,
-        Provider     provider)
-    {
-        this.obj = obj;
-        this.algorithm = algorithm;
-        this.password = password;
-        this.random = random;
-        this.provider = provider;
-    }
-
-    public MiscPEMGenerator(
-        Object       obj,
-        String       algorithm,
-        char[]       password,
-        SecureRandom random,
-        String       provider)
-        throws NoSuchProviderException
-    {
-        this.obj = obj;
-        this.algorithm = algorithm;
-        this.password = password;
-        this.random = random;
-
-        if (provider != null)
-        {
-            this.provider = Security.getProvider(provider);
-            if (this.provider == null)
-            {
-                throw new NoSuchProviderException("cannot find provider: " + provider);
-            }
-        }
-    }
-
-    private PemObject createPemObject(Object o)
-        throws IOException
-    {
-        String  type;
-        byte[]  encoding;
-
-        if (o instanceof PemObject)
-        {
-            return (PemObject)o;
-        }
-        if (o instanceof PemObjectGenerator)
-        {
-            return ((PemObjectGenerator)o).generate();
-        }
-        if (o instanceof X509Certificate)
-        {
-            type = "CERTIFICATE";
-            try
-            {
-                encoding = ((X509Certificate)o).getEncoded();
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new PemGenerationException("Cannot encode object: " + e.toString());
-            }
-        }
-        else if (o instanceof X509CRL)
-        {
-            type = "X509 CRL";
-            try
-            {
-                encoding = ((X509CRL)o).getEncoded();
-            }
-            catch (CRLException e)
-            {
-                throw new PemGenerationException("Cannot encode object: " + e.toString());
-            }
-        }
-        else if (o instanceof KeyPair)
-        {
-            return createPemObject(((KeyPair)o).getPrivate());
-        }
-        else if (o instanceof PrivateKey)
-        {
-            PrivateKeyInfo info = new PrivateKeyInfo(
-                (ASN1Sequence) ASN1Object.fromByteArray(((Key)o).getEncoded()));
-
-            if (o instanceof RSAPrivateKey)
-            {
-                type = "RSA PRIVATE KEY";
-
-                encoding = info.getPrivateKey().getEncoded();
-            }
-            else if (o instanceof DSAPrivateKey)
-            {
-                type = "DSA PRIVATE KEY";
-
-                DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
-                ASN1EncodableVector v = new ASN1EncodableVector();
-
-                v.add(new DERInteger(0));
-                v.add(new DERInteger(p.getP()));
-                v.add(new DERInteger(p.getQ()));
-                v.add(new DERInteger(p.getG()));
-
-                BigInteger x = ((DSAPrivateKey)o).getX();
-                BigInteger y = p.getG().modPow(x, p.getP());
-
-                v.add(new DERInteger(y));
-                v.add(new DERInteger(x));
-
-                encoding = new DERSequence(v).getEncoded();
-            }
-            else if (((PrivateKey)o).getAlgorithm().equals("ECDSA"))
-            {
-                type = "EC PRIVATE KEY";
-
-                encoding = info.getPrivateKey().getEncoded();
-            }
-            else
-            {
-                throw new IOException("Cannot identify private key");
-            }
-        }
-        else if (o instanceof PublicKey)
-        {
-            type = "PUBLIC KEY";
-
-            encoding = ((PublicKey)o).getEncoded();
-        }
-        else if (o instanceof X509AttributeCertificate)
-        {
-            type = "ATTRIBUTE CERTIFICATE";
-            encoding = ((X509V2AttributeCertificate)o).getEncoded();
-        }
-        else if (o instanceof PKCS10CertificationRequest)
-        {
-            type = "CERTIFICATE REQUEST";
-            encoding = ((PKCS10CertificationRequest)o).getEncoded();
-        }
-        else if (o instanceof ContentInfo)
-        {
-            type = "PKCS7";
-            encoding = ((ContentInfo)o).getEncoded();
-        }
-        else
-        {
-            throw new PemGenerationException("unknown object passed - can't encode.");
-        }
-
-        return new PemObject(type, encoding);
-    }
-
-    private String getHexEncoded(byte[] bytes)
-        throws IOException
-    {
-        bytes = Hex.encode(bytes);
-
-        char[] chars = new char[bytes.length];
-
-        for (int i = 0; i != bytes.length; i++)
-        {
-            chars[i] = (char)bytes[i];
-        }
-
-        return new String(chars);
-    }
-
-    private PemObject createPemObject(
-        Object       obj,
-        String       algorithm,
-        char[]       password,
-        SecureRandom random)
-        throws IOException
-    {
-        if (obj instanceof KeyPair)
-        {
-            return createPemObject(((KeyPair)obj).getPrivate(), algorithm, password, random);
-        }
-
-        String type = null;
-        byte[] keyData = null;
-
-        if (obj instanceof RSAPrivateCrtKey)
-        {
-            type = "RSA PRIVATE KEY";
-
-            RSAPrivateCrtKey k = (RSAPrivateCrtKey)obj;
-
-            RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(
-                k.getModulus(),
-                k.getPublicExponent(),
-                k.getPrivateExponent(),
-                k.getPrimeP(),
-                k.getPrimeQ(),
-                k.getPrimeExponentP(),
-                k.getPrimeExponentQ(),
-                k.getCrtCoefficient());
-
-            // convert to bytearray
-            keyData = keyStruct.getEncoded();
-        }
-        else if (obj instanceof DSAPrivateKey)
-        {
-            type = "DSA PRIVATE KEY";
-
-            DSAPrivateKey       k = (DSAPrivateKey)obj;
-            DSAParams p = k.getParams();
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            v.add(new DERInteger(0));
-            v.add(new DERInteger(p.getP()));
-            v.add(new DERInteger(p.getQ()));
-            v.add(new DERInteger(p.getG()));
-
-            BigInteger x = k.getX();
-            BigInteger y = p.getG().modPow(x, p.getP());
-
-            v.add(new DERInteger(y));
-            v.add(new DERInteger(x));
-
-            keyData = new DERSequence(v).getEncoded();
-        }
-        else if (obj instanceof PrivateKey && "ECDSA".equals(((PrivateKey)obj).getAlgorithm()))
-        {
-            type = "EC PRIVATE KEY";
-
-            PrivateKeyInfo      privInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(((PrivateKey)obj).getEncoded()));
-
-            keyData = privInfo.getPrivateKey().getEncoded();
-        }
-
-        if (type == null || keyData == null)
-        {
-            // TODO Support other types?
-            throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
-        }
-
-        String dekAlgName = Strings.toUpperCase(algorithm);
-
-        // Note: For backward compatibility
-        if (dekAlgName.equals("DESEDE"))
-        {
-            dekAlgName = "DES-EDE3-CBC";
-        }
-
-        int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
-
-        byte[] iv = new byte[ivLength];
-        random.nextBytes(iv);
-
-        byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
-
-        List headers = new ArrayList(2);
-
-        headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
-        headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
-
-        return new PemObject(type, headers, encData);
-    }
-
-    public PemObject generate()
-        throws PemGenerationException
-    {
-        try
-        {
-            if (algorithm != null)
-            {
-                return createPemObject(obj, algorithm, password, random);
-            }
-
-            return createPemObject(obj);
-        }
-        catch (IOException e)
-        {
-            throw new PemGenerationException("encoding exception: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMException.java
deleted file mode 100644
index 3753aece8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-
-public class PEMException
-    extends IOException
-{
-    Exception    underlying;
-
-    public PEMException(
-        String    message)
-    {
-        super(message);
-    }
-
-    public PEMException(
-        String        message,
-        Exception    underlying)
-    {
-        super(message);
-        this.underlying = underlying;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return underlying;
-    }
-
-
-    public Throwable getCause()
-    {
-        return underlying;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMReader.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMReader.java
deleted file mode 100644
index 92bf8f9d4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMReader.java
+++ /dev/null
@@ -1,804 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.Reader;
-import java.security.AlgorithmParameters;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.cert.CertificateFactory;
-import java.security.spec.DSAPrivateKeySpec;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.EncryptionScheme;
-import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
-import org.bouncycastle.asn1.pkcs.PBEParameter;
-import org.bouncycastle.asn1.pkcs.PBES2Parameters;
-import org.bouncycastle.asn1.pkcs.PBKDF2Params;
-import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.io.pem.PemHeader;
-import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.io.pem.PemObjectParser;
-import org.bouncycastle.util.io.pem.PemReader;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-
-/**
- * Class for reading OpenSSL PEM encoded streams containing
- * X509 certificates, PKCS8 encoded keys and PKCS7 objects.
- * 
    
- * In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and
- * Certificates will be returned using the appropriate java.security type (KeyPair, PublicKey, X509Certificate,
- * or X509CRL). In the case of a Certificate Request a PKCS10CertificationRequest will be returned.
- * 
    
- */
-public class PEMReader
-    extends PemReader
-{
-    private final Map parsers = new HashMap();
-
-    private PasswordFinder pFinder;
-
-
-    /**
-     * Create a new PEMReader
-     *
-     * @param reader the Reader
-     */
-    public PEMReader(
-        Reader reader)
-    {
-        this(reader, null, "BC");
-    }
-
-    /**
-     * Create a new PEMReader with a password finder
-     *
-     * @param reader  the Reader
-     * @param pFinder the password finder
-     */
-    public PEMReader(
-        Reader reader,
-        PasswordFinder pFinder)
-    {
-        this(reader, pFinder, "BC");
-    }
-
-    /**
-     * Create a new PEMReader with a password finder
-     *
-     * @param reader   the Reader
-     * @param pFinder  the password finder
-     * @param provider the cryptography provider to use
-     */
-    public PEMReader(
-        Reader reader,
-        PasswordFinder pFinder,
-        String provider)
-    {
-        this(reader, pFinder, provider, provider);
-    }
-
-    /**
-     * Create a new PEMReader with a password finder and differing providers for secret and public key
-     * operations.
-     *
-     * @param reader   the Reader
-     * @param pFinder  the password finder
-     * @param symProvider  provider to use for symmetric operations
-     * @param asymProvider provider to use for asymmetric (public/private key) operations
-     */
-    public PEMReader(
-        Reader reader,
-        PasswordFinder pFinder,
-        String symProvider,
-        String asymProvider)
-    {
-        super(reader);
-
-        this.pFinder = pFinder;
-
-        parsers.put("CERTIFICATE REQUEST", new PKCS10CertificationRequestParser());
-        parsers.put("NEW CERTIFICATE REQUEST", new PKCS10CertificationRequestParser());
-        parsers.put("CERTIFICATE", new X509CertificateParser(asymProvider));
-        parsers.put("X509 CERTIFICATE", new X509CertificateParser(asymProvider));
-        parsers.put("X509 CRL", new X509CRLParser(asymProvider));
-        parsers.put("PKCS7", new PKCS7Parser());
-        parsers.put("ATTRIBUTE CERTIFICATE", new X509AttributeCertificateParser());
-        parsers.put("EC PARAMETERS", new ECNamedCurveSpecParser());
-        parsers.put("PUBLIC KEY", new PublicKeyParser(asymProvider));
-        parsers.put("RSA PUBLIC KEY", new RSAPublicKeyParser(asymProvider));
-        parsers.put("RSA PRIVATE KEY", new RSAKeyPairParser(asymProvider));
-        parsers.put("DSA PRIVATE KEY", new DSAKeyPairParser(asymProvider));
-        parsers.put("EC PRIVATE KEY", new ECDSAKeyPairParser(asymProvider));
-        parsers.put("ENCRYPTED PRIVATE KEY", new EncryptedPrivateKeyParser(symProvider, asymProvider));
-        parsers.put("PRIVATE KEY", new PrivateKeyParser(asymProvider));
-    }
-
-    public Object readObject()
-        throws IOException
-    {
-        PemObject obj = readPemObject();
-
-        if (obj != null)
-        {
-            String type = obj.getType();
-            if (parsers.containsKey(type))
-            {
-                return ((PemObjectParser)parsers.get(type)).parseObject(obj);
-            }
-            else
-            {
-                throw new IOException("unrecognised object: " + type);
-            }
-        }
-
-        return null;
-    }
-
-    private abstract class KeyPairParser
-        implements PemObjectParser
-    {
-        protected String provider;
-
-        public KeyPairParser(String provider)
-        {
-            this.provider = provider;
-        }
-
-        /**
-         * Read a Key Pair
-         */
-        protected ASN1Sequence readKeyPair(
-            PemObject obj)
-            throws IOException
-        {
-            boolean isEncrypted = false;
-            String dekInfo = null;
-            List headers = obj.getHeaders();
-
-            for (Iterator it = headers.iterator(); it.hasNext();)
-            {
-                PemHeader hdr = (PemHeader)it.next();
-
-                if (hdr.getName().equals("Proc-Type") && hdr.getValue().equals("4,ENCRYPTED"))
-                {
-                    isEncrypted = true;
-                }
-                else if (hdr.getName().equals("DEK-Info"))
-                {
-                    dekInfo = hdr.getValue();
-                }
-            }
-
-            //
-            // extract the key
-            //
-            byte[] keyBytes = obj.getContent();
-
-            if (isEncrypted)
-            {
-                if (pFinder == null)
-                {
-                    throw new PasswordException("No password finder specified, but a password is required");
-                }
-
-                char[] password = pFinder.getPassword();
-
-                if (password == null)
-                {
-                    throw new PasswordException("Password is null, but a password is required");
-                }
-
-                StringTokenizer tknz = new StringTokenizer(dekInfo, ",");
-                String dekAlgName = tknz.nextToken();
-                byte[] iv = Hex.decode(tknz.nextToken());
-
-                keyBytes = PEMUtilities.crypt(false, provider, keyBytes, password, dekAlgName, iv);
-            }
-
-            try
-            {
-                return (ASN1Sequence)ASN1Object.fromByteArray(keyBytes);
-            }
-            catch (IOException e)
-            {
-                if (isEncrypted)
-                {
-                    throw new PEMException("exception decoding - please check password and data.", e);
-                }
-                else
-                {
-                    throw new PEMException(e.getMessage(), e);
-                }
-            }
-            catch (ClassCastException e)
-            {
-                if (isEncrypted)
-                {
-                    throw new PEMException("exception decoding - please check password and data.", e);
-                }
-                else
-                {
-                    throw new PEMException(e.getMessage(), e);
-                }
-            }
-        }
-    }
-
-    private class DSAKeyPairParser
-        extends KeyPairParser
-    {
-        public DSAKeyPairParser(String provider)
-        {
-            super(provider);
-        }
-
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                ASN1Sequence seq = readKeyPair(obj);
-
-                if (seq.size() != 6)
-                {
-                    throw new PEMException("malformed sequence in DSA private key");
-                }
-
-                //            DERInteger              v = (DERInteger)seq.getObjectAt(0);
-                DERInteger p = (DERInteger)seq.getObjectAt(1);
-                DERInteger q = (DERInteger)seq.getObjectAt(2);
-                DERInteger g = (DERInteger)seq.getObjectAt(3);
-                DERInteger y = (DERInteger)seq.getObjectAt(4);
-                DERInteger x = (DERInteger)seq.getObjectAt(5);
-
-                DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(
-                    x.getValue(), p.getValue(),
-                    q.getValue(), g.getValue());
-                DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(
-                    y.getValue(), p.getValue(),
-                    q.getValue(), g.getValue());
-
-                KeyFactory fact = KeyFactory.getInstance("DSA", provider);
-
-                return new KeyPair(
-                    fact.generatePublic(pubSpec),
-                    fact.generatePrivate(privSpec));
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (Exception e)
-            {
-                throw new PEMException(
-                    "problem creating DSA private key: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class ECDSAKeyPairParser
-        extends KeyPairParser
-    {
-        public ECDSAKeyPairParser(String provider)
-        {
-            super(provider);
-        }
-
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                ASN1Sequence seq = readKeyPair(obj);
-
-                ECPrivateKeyStructure pKey = new ECPrivateKeyStructure(seq);
-                AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
-                PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey.getDERObject());
-                SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes());
-
-                PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded());
-                X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
-
-
-                KeyFactory fact = KeyFactory.getInstance("ECDSA", provider);
-
-
-                return new KeyPair(
-                    fact.generatePublic(pubSpec),
-                    fact.generatePrivate(privSpec));
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (Exception e)
-            {
-                throw new PEMException(
-                    "problem creating EC private key: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class RSAKeyPairParser
-        extends KeyPairParser
-    {
-        public RSAKeyPairParser(String provider)
-        {
-            super(provider);
-        }
-
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                ASN1Sequence seq = readKeyPair(obj);
-
-                if (seq.size() != 9)
-                {
-                    throw new PEMException("malformed sequence in RSA private key");
-                }
-
-                //            DERInteger              v = (DERInteger)seq.getObjectAt(0);
-                DERInteger mod = (DERInteger)seq.getObjectAt(1);
-                DERInteger pubExp = (DERInteger)seq.getObjectAt(2);
-                DERInteger privExp = (DERInteger)seq.getObjectAt(3);
-                DERInteger p1 = (DERInteger)seq.getObjectAt(4);
-                DERInteger p2 = (DERInteger)seq.getObjectAt(5);
-                DERInteger exp1 = (DERInteger)seq.getObjectAt(6);
-                DERInteger exp2 = (DERInteger)seq.getObjectAt(7);
-                DERInteger crtCoef = (DERInteger)seq.getObjectAt(8);
-
-                RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(
-                    mod.getValue(), pubExp.getValue());
-                RSAPrivateCrtKeySpec privSpec = new RSAPrivateCrtKeySpec(
-                    mod.getValue(), pubExp.getValue(), privExp.getValue(),
-                    p1.getValue(), p2.getValue(),
-                    exp1.getValue(), exp2.getValue(),
-                    crtCoef.getValue());
-
-
-                KeyFactory fact = KeyFactory.getInstance("RSA", provider);
-
-
-                return new KeyPair(
-                    fact.generatePublic(pubSpec),
-                    fact.generatePrivate(privSpec));
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (Exception e)
-            {
-                throw new PEMException(
-                    "problem creating RSA private key: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class PublicKeyParser
-        implements PemObjectParser
-    {
-        private String provider;
-
-        public PublicKeyParser(String provider)
-        {
-            this.provider = provider;
-        }
-
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            KeySpec keySpec = new X509EncodedKeySpec(obj.getContent());
-            String[] algorithms = {"DSA", "RSA"};
-            for (int i = 0; i < algorithms.length; i++)
-            {
-                try
-                {
-                    KeyFactory keyFact = KeyFactory.getInstance(algorithms[i], provider);
-                    PublicKey pubKey = keyFact.generatePublic(keySpec);
-
-                    return pubKey;
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // ignore
-                }
-                catch (InvalidKeySpecException e)
-                {
-                    // ignore
-                }
-                catch (NoSuchProviderException e)
-                {
-                    throw new RuntimeException("can't find provider " + provider);
-                }
-            }
-
-            return null;
-        }
-    }
-
-    private class RSAPublicKeyParser
-        implements PemObjectParser
-    {
-        private String provider;
-
-        public RSAPublicKeyParser(String provider)
-        {
-            this.provider = provider;
-        }
-
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                ASN1InputStream ais = new ASN1InputStream(obj.getContent());
-                Object asnObject = ais.readObject();
-                ASN1Sequence sequence = (ASN1Sequence)asnObject;
-                RSAPublicKeyStructure rsaPubStructure = new RSAPublicKeyStructure(sequence);
-                RSAPublicKeySpec keySpec = new RSAPublicKeySpec(
-                    rsaPubStructure.getModulus(),
-                    rsaPubStructure.getPublicExponent());
-
-
-                    KeyFactory keyFact = KeyFactory.getInstance("RSA", provider);
-
-                    return keyFact.generatePublic(keySpec);
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (NoSuchProviderException e)
-            {
-                throw new IOException("can't find provider " + provider);
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem extracting key: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class X509CertificateParser
-        implements PemObjectParser
-    {
-        private String provider;
-
-        public X509CertificateParser(String provider)
-        {
-            this.provider = provider;
-        }
-
-        /**
-         * Reads in a X509Certificate.
-         *
-         * @return the X509Certificate
-         * @throws IOException if an I/O error occured
-         */
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent());
-
-            try
-            {
-                CertificateFactory certFact
-                    = CertificateFactory.getInstance("X.509", provider);
-
-                return certFact.generateCertificate(bIn);
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem parsing cert: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class X509CRLParser
-        implements PemObjectParser
-    {
-        private String provider;
-
-        public X509CRLParser(String provider)
-        {
-            this.provider = provider;
-        }
-
-        /**
-         * Reads in a X509CRL.
-         *
-         * @return the X509Certificate
-         * @throws IOException if an I/O error occured
-         */
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent());
-
-            try
-            {
-                CertificateFactory certFact
-                    = CertificateFactory.getInstance("X.509", provider);
-
-                return certFact.generateCRL(bIn);
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem parsing cert: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class PKCS10CertificationRequestParser
-        implements PemObjectParser
-    {
-        /**
-         * Reads in a PKCS10 certification request.
-         *
-         * @return the certificate request.
-         * @throws IOException if an I/O error occured
-         */
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                return new PKCS10CertificationRequest(obj.getContent());
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem parsing certrequest: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class PKCS7Parser
-        implements PemObjectParser
-    {
-        /**
-         * Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
-         * API.
-         *
-         * @return the X509Certificate
-         * @throws IOException if an I/O error occured
-         */
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                ASN1InputStream aIn = new ASN1InputStream(obj.getContent());
-
-                return ContentInfo.getInstance(aIn.readObject());
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem parsing PKCS7 object: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class X509AttributeCertificateParser
-        implements PemObjectParser
-    {
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            return new X509V2AttributeCertificate(obj.getContent());
-        }
-    }
-
-    private class ECNamedCurveSpecParser
-        implements PemObjectParser
-    {
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)ASN1Object.fromByteArray(obj.getContent());
-
-                Object params = ECNamedCurveTable.getParameterSpec(oid.getId());
-
-                if (params == null)
-                {
-                    throw new IOException("object ID not found in EC curve table");
-                }
-
-                return params;
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("exception extracting EC named curve: " + e.toString());
-            }
-        }
-    }
-
-    private class EncryptedPrivateKeyParser
-        implements PemObjectParser
-    {
-        private String symProvider;
-        private String asymProvider;
-
-        public EncryptedPrivateKeyParser(String symProvider, String asymProvider)
-        {
-            this.symProvider = symProvider;
-            this.asymProvider = asymProvider;
-        }
-
-        /**
-         * Reads in a X509CRL.
-         *
-         * @return the X509Certificate
-         * @throws IOException if an I/O error occured
-         */
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                EncryptedPrivateKeyInfo info = EncryptedPrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent()));
-                AlgorithmIdentifier algId = info.getEncryptionAlgorithm();
-
-                if (pFinder == null)
-                {
-                    throw new PEMException("no PasswordFinder specified");
-                }
-
-                if (PEMUtilities.isPKCS5Scheme2(algId.getAlgorithm()))
-                {
-                    PBES2Parameters params = PBES2Parameters.getInstance(algId.getParameters());
-                    KeyDerivationFunc func = params.getKeyDerivationFunc();
-                    EncryptionScheme scheme = params.getEncryptionScheme();
-                    PBKDF2Params defParams = (PBKDF2Params)func.getParameters();
-
-                    int iterationCount = defParams.getIterationCount().intValue();
-                    byte[] salt = defParams.getSalt();
-
-                    String algorithm = scheme.getAlgorithm().getId();
-
-                    SecretKey key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(algorithm, pFinder.getPassword(), salt, iterationCount);
-
-                    Cipher cipher = Cipher.getInstance(algorithm, symProvider);
-                    AlgorithmParameters algParams = AlgorithmParameters.getInstance(algorithm, symProvider);
-
-                    algParams.init(scheme.getParameters().getDERObject().getEncoded());
-
-                    cipher.init(Cipher.DECRYPT_MODE, key, algParams);
-
-                    PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
-                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
-
-                    KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
-
-                    return keyFact.generatePrivate(keySpec);
-                }
-                else if (PEMUtilities.isPKCS12(algId.getAlgorithm()))
-                {
-                    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());
-                    String algorithm = algId.getAlgorithm().getId();
-                    PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword());
-
-                    SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider);
-                    PBEParameterSpec defParams = new PBEParameterSpec(params.getIV(), params.getIterations().intValue());
-
-                    Cipher cipher = Cipher.getInstance(algorithm, symProvider);
-
-                    cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
-
-                    PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
-                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
-
-                    KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
-
-                    return keyFact.generatePrivate(keySpec);
-                }
-                else if (PEMUtilities.isPKCS5Scheme1(algId.getAlgorithm()))
-                {
-                    PBEParameter params = PBEParameter.getInstance(algId.getParameters());
-                    String algorithm = algId.getAlgorithm().getId();
-                    PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword());
-
-                    SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider);
-                    PBEParameterSpec defParams = new PBEParameterSpec(params.getSalt(), params.getIterationCount().intValue());
-
-                    Cipher cipher = Cipher.getInstance(algorithm, symProvider);
-
-                    cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
-
-                    PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
-                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
-
-                    KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
-
-                    return keyFact.generatePrivate(keySpec);
-                }
-                else
-                {
-                    throw new PEMException("Unknown algorithm: " + algId.getAlgorithm());
-                }
-            }
-            catch (IOException e)
-            {
-                throw e;
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem parsing ENCRYPTED PRIVATE KEY: " + e.toString(), e);
-            }
-        }
-    }
-
-    private class PrivateKeyParser
-        implements PemObjectParser
-    {
-        private String provider;
-
-        public PrivateKeyParser(String provider)
-        {
-            this.provider = provider;
-        }
-
-        public Object parseObject(PemObject obj)
-            throws IOException
-        {
-            try
-            {
-                PrivateKeyInfo info = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent()));
-                PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(obj.getContent());
-
-                KeyFactory keyFact = KeyFactory.getInstance(info.getAlgorithmId().getAlgorithm().getId(), provider);
-
-                return keyFact.generatePrivate(keySpec);
-            }
-            catch (Exception e)
-            {
-                throw new PEMException("problem parsing PRIVATE KEY: " + e.toString(), e);
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMUtilities.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
deleted file mode 100644
index bededbc74..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
+++ /dev/null
@@ -1,278 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-import java.security.Key;
-import java.security.Provider;
-import java.security.Security;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-final class PEMUtilities
-{
-    private static final Map KEYSIZES = new HashMap();
-    private static final Set PKCS5_SCHEME_1 = new HashSet();
-    private static final Set PKCS5_SCHEME_2 = new HashSet();
-
-    static
-    {
-        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC);
-        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC);
-        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC);
-        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC);
-        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC);
-        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC);
-
-        PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.id_PBES2);
-        PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.des_EDE3_CBC);
-        PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes128_CBC);
-        PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
-        PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
-
-        KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), new Integer(192));
-        KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), new Integer(128));
-        KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), new Integer(192));
-        KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), new Integer(256));
-    }
-
-    static int getKeySize(String algorithm)
-    {
-        if (!KEYSIZES.containsKey(algorithm))
-        {
-            throw new IllegalStateException("no key size for algorithm: " + algorithm);
-        }
-        
-        return ((Integer)KEYSIZES.get(algorithm)).intValue();
-    }
-
-    static boolean isPKCS5Scheme1(DERObjectIdentifier algOid)
-    {
-        return PKCS5_SCHEME_1.contains(algOid);
-    }
-
-    static boolean isPKCS5Scheme2(DERObjectIdentifier algOid)
-    {
-        return PKCS5_SCHEME_2.contains(algOid);
-    }
-
-    static boolean isPKCS12(DERObjectIdentifier algOid)
-    {
-        return algOid.getId().startsWith(PKCSObjectIdentifiers.pkcs_12PbeIds.getId());
-    }
-
-    static SecretKey generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount)
-    {
-        PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
-
-        generator.init(
-            PBEParametersGenerator.PKCS5PasswordToBytes(password),
-            salt,
-            iterationCount);
-
-        return new SecretKeySpec(((KeyParameter)generator.generateDerivedParameters(PEMUtilities.getKeySize(algorithm))).getKey(), algorithm);
-    }
-
-    static byte[] crypt(
-        boolean encrypt,
-        String provider,
-        byte[]  bytes,
-        char[]  password,
-        String  dekAlgName,
-        byte[]  iv)
-        throws IOException
-    {
-        Provider prov = null;
-        if (provider != null)
-        {
-            prov = Security.getProvider(provider);
-            if (prov == null)
-            {
-                throw new EncryptionException("cannot find provider: " + provider);
-            }
-        }
-
-        return crypt(encrypt, prov, bytes, password, dekAlgName, iv);
-    }
-
-    static byte[] crypt(
-        boolean encrypt,
-        Provider provider,
-        byte[]  bytes,
-        char[]  password,
-        String  dekAlgName,
-        byte[]  iv)
-        throws IOException
-    {
-        AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
-        String                 alg;
-        String                 blockMode = "CBC";
-        String                 padding = "PKCS5Padding";
-        Key                    sKey;
-
-        // Figure out block mode and padding.
-        if (dekAlgName.endsWith("-CFB"))
-        {
-            blockMode = "CFB";
-            padding = "NoPadding";
-        }
-        if (dekAlgName.endsWith("-ECB") ||
-            "DES-EDE".equals(dekAlgName) ||
-            "DES-EDE3".equals(dekAlgName))
-        {
-            // ECB is actually the default (though seldom used) when OpenSSL
-            // uses DES-EDE (des2) or DES-EDE3 (des3).
-            blockMode = "ECB";
-            paramSpec = null;
-        }
-        if (dekAlgName.endsWith("-OFB"))
-        {
-            blockMode = "OFB";
-            padding = "NoPadding";
-        }
-
-
-        // Figure out algorithm and key size.
-        if (dekAlgName.startsWith("DES-EDE"))
-        {
-            alg = "DESede";
-            // "DES-EDE" is actually des2 in OpenSSL-speak!
-            // "DES-EDE3" is des3.
-            boolean des2 = !dekAlgName.startsWith("DES-EDE3");
-            sKey = getKey(password, alg, 24, iv, des2);
-        }
-        else if (dekAlgName.startsWith("DES-"))
-        {
-            alg = "DES";
-            sKey = getKey(password, alg, 8, iv);
-        }
-        else if (dekAlgName.startsWith("BF-"))
-        {
-            alg = "Blowfish";
-            sKey = getKey(password, alg, 16, iv);
-        }
-        else if (dekAlgName.startsWith("RC2-"))
-        {
-            alg = "RC2";
-            int keyBits = 128;
-            if (dekAlgName.startsWith("RC2-40-"))
-            {
-                keyBits = 40;
-            }
-            else if (dekAlgName.startsWith("RC2-64-"))
-            {
-                keyBits = 64;
-            }
-            sKey = getKey(password, alg, keyBits / 8, iv);
-            if (paramSpec == null) // ECB block mode
-            {
-                paramSpec = new RC2ParameterSpec(keyBits);
-            }
-            else
-            {
-                paramSpec = new RC2ParameterSpec(keyBits, iv);
-            }
-        }
-        else if (dekAlgName.startsWith("AES-"))
-        {
-            alg = "AES";
-            byte[] salt = iv;
-            if (salt.length > 8)
-            {
-                salt = new byte[8];
-                System.arraycopy(iv, 0, salt, 0, 8);
-            }
-
-            int keyBits;
-            if (dekAlgName.startsWith("AES-128-"))
-            {
-                keyBits = 128;
-            }
-            else if (dekAlgName.startsWith("AES-192-"))
-            {
-                keyBits = 192;
-            }
-            else if (dekAlgName.startsWith("AES-256-"))
-            {
-                keyBits = 256;
-            }
-            else
-            {
-                throw new EncryptionException("unknown AES encryption with private key");
-            }
-            sKey = getKey(password, "AES", keyBits / 8, salt);
-        }
-        else
-        {
-            throw new EncryptionException("unknown encryption with private key");
-        }
-
-        String transformation = alg + "/" + blockMode + "/" + padding;
-
-        try
-        {
-            Cipher c = Cipher.getInstance(transformation, provider);
-            int    mode = encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
-
-            if (paramSpec == null) // ECB block mode
-            {
-                c.init(mode, sKey);
-            }
-            else
-            {
-                c.init(mode, sKey, paramSpec);
-            }
-            return c.doFinal(bytes);
-        }
-        catch (Exception e)
-        {
-            throw new EncryptionException("exception using cipher - please check password and data.", e);
-        }
-    }
-
-    private static SecretKey getKey(
-        char[]  password,
-        String  algorithm,
-        int     keyLength,
-        byte[]  salt)
-    {
-        return getKey(password, algorithm, keyLength, salt, false);
-    }
-
-    private static SecretKey getKey(
-        char[]  password,
-        String  algorithm,
-        int     keyLength,
-        byte[]  salt,
-        boolean des2)
-    {
-        OpenSSLPBEParametersGenerator   pGen = new OpenSSLPBEParametersGenerator();
-
-        pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);
-
-        KeyParameter keyParam;
-        keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8);
-        byte[] key = keyParam.getKey();
-        if (des2 && key.length >= 24)
-        {
-            // For DES2, we must copy first 8 bytes into the last 8 bytes.
-            System.arraycopy(key, 0, key, 16, 8);
-        }
-        return new javax.crypto.spec.SecretKeySpec(key, algorithm);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMWriter.java
deleted file mode 100644
index 834252f09..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PEMWriter.java
+++ /dev/null
@@ -1,81 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-import java.io.Writer;
-import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
-
-import org.bouncycastle.util.io.pem.PemGenerationException;
-import org.bouncycastle.util.io.pem.PemObjectGenerator;
-import org.bouncycastle.util.io.pem.PemWriter;
-
-/**
- * General purpose writer for OpenSSL PEM objects.
- */
-public class PEMWriter
-    extends PemWriter
-{
-    private String provider;
-
-    /**
-     * Base constructor.
-     * 
-     * @param out output stream to use.
-     */
-    public PEMWriter(Writer out)
-    {
-        this(out, "BC");
-    }
-
-    public PEMWriter(
-        Writer  out,
-        String  provider)
-    {
-        super(out);
-
-        this.provider = provider;
-    }
-
-    public void writeObject(
-        Object  obj)
-        throws IOException
-    {
-        try
-        {
-            super.writeObject(new MiscPEMGenerator(obj));
-        }
-        catch (PemGenerationException e)
-        {
-            if (e.getCause() instanceof IOException)
-            {
-                throw (IOException)e.getCause();
-            }
-
-            throw e;
-        }
-    }
-
-    public void writeObject(
-        PemObjectGenerator obj)
-        throws IOException
-    {
-        super.writeObject(obj);
-    }
-
-    public void writeObject(
-        Object       obj,
-        String       algorithm,
-        char[]       password,
-        SecureRandom random)
-        throws IOException
-    {
-        try
-        {
-            super.writeObject(new MiscPEMGenerator(obj, algorithm, password, random, provider));
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new EncryptionException(e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PKCS8Generator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PKCS8Generator.java
deleted file mode 100644
index c213cfe40..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PKCS8Generator.java
+++ /dev/null
@@ -1,252 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-import java.security.AlgorithmParameterGenerator;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Security;
-
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.EncryptionScheme;
-import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
-import org.bouncycastle.asn1.pkcs.PBES2Parameters;
-import org.bouncycastle.asn1.pkcs.PBKDF2Params;
-import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.util.io.pem.PemGenerationException;
-import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.io.pem.PemObjectGenerator;
-
-public class PKCS8Generator
-    implements PemObjectGenerator
-{
-    public static final String AES_128_CBC = NISTObjectIdentifiers.id_aes128_CBC.getId();
-    public static final String AES_192_CBC = NISTObjectIdentifiers.id_aes192_CBC.getId();
-    public static final String AES_256_CBC = NISTObjectIdentifiers.id_aes256_CBC.getId();
-
-    public static final String DES3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC.getId();
-
-    public static final String PBE_SHA1_RC4_128 = PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4.getId();
-    public static final String PBE_SHA1_RC4_40 = PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4.getId();
-    public static final String PBE_SHA1_3DES = PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC.getId();
-    public static final String PBE_SHA1_2DES = PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC.getId();
-    public static final String PBE_SHA1_RC2_128 = PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC.getId();
-    public static final String PBE_SHA1_RC2_40 = PKCSObjectIdentifiers.pbewithSHAAnd40BitRC2_CBC.getId();
-
-    private char[] password;
-    private String algorithm;
-    private int iterationCount;
-    private PrivateKey key;
-    private Cipher cipher;
-    private SecureRandom random;
-    private AlgorithmParameterGenerator paramGen;
-    private SecretKeyFactory secKeyFact;
-
-    /**
-     * Constructor for an unencrypted private key PEM object.
-     *
-     * @param key private key to be encoded.
-     */
-    public PKCS8Generator(PrivateKey key)
-    {
-        this.key = key;
-    }
-
-    /**
-     * Constructor for an encrypted private key PEM object.
-     *
-     * @param key       private key to be encoded
-     * @param algorithm encryption algorithm to use
-     * @param provider  name of provider to use
-     * @throws NoSuchProviderException  if provider cannot be found
-     * @throws NoSuchAlgorithmException if algorithm/mode cannot be found
-     */
-    public PKCS8Generator(PrivateKey key, String algorithm, String provider)
-        throws NoSuchProviderException, NoSuchAlgorithmException
-    {
-        Provider prov = Security.getProvider(provider);
-
-        if (prov == null)
-        {
-            throw new NoSuchProviderException("cannot find provider: " + provider);
-        }
-
-        init(key, algorithm, prov);
-    }
-
-    /**
-     * Constructor for an encrypted private key PEM object.
-     *
-     * @param key       private key to be encoded
-     * @param algorithm encryption algorithm to use
-     * @param provider  provider to use
-     * @throws NoSuchAlgorithmException if algorithm/mode cannot be found
-     */
-    public PKCS8Generator(PrivateKey key, String algorithm, Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        init(key, algorithm, provider);
-    }
-
-    private void init(PrivateKey key, String algorithm, Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        this.key = key;
-        this.algorithm = algorithm;
-        this.iterationCount = 2048;
-
-        try
-        {
-            this.cipher = Cipher.getInstance(algorithm, provider);
-        }
-        catch (NoSuchPaddingException e)
-        {
-            throw new NoSuchAlgorithmException(algorithm + " found, but padding not available: " + e.getMessage());
-        }
-        DERObjectIdentifier algOID = new DERObjectIdentifier(algorithm);
-
-        if (PEMUtilities.isPKCS5Scheme2(algOID))
-        {
-            this.paramGen = AlgorithmParameterGenerator.getInstance(algorithm, provider);
-        }
-        else
-        {
-            this.secKeyFact = SecretKeyFactory.getInstance(algorithm, provider);
-        }
-    }
-
-    public PKCS8Generator setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public PKCS8Generator setPassword(char[] password)
-    {
-        this.password = password;
-
-        return this;
-    }
-
-    public PKCS8Generator setIterationCount(int iterationCount)
-    {
-        this.iterationCount = iterationCount;
-
-        return this;
-    }
-
-    public PemObject generate()
-        throws PemGenerationException
-    {
-        byte[] keyData = key.getEncoded();
-
-        if (algorithm == null)
-        {
-            return new PemObject("PRIVATE KEY", keyData);
-        }
-
-        DERObjectIdentifier algOID = new DERObjectIdentifier(algorithm);
-
-        if (PEMUtilities.isPKCS5Scheme2(algOID))
-        {
-            byte[] salt = new byte[20];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(salt);
-
-            SecretKey key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(algorithm, password, salt, iterationCount);
-
-            AlgorithmParameters params = paramGen.generateParameters();
-
-            try
-            {
-                cipher.init(Cipher.ENCRYPT_MODE, key, params);
-
-                EncryptionScheme scheme = new EncryptionScheme(new DERObjectIdentifier(algorithm), ASN1Object.fromByteArray(params.getEncoded()));
-                KeyDerivationFunc func = new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));
-
-                ASN1EncodableVector v = new ASN1EncodableVector();
-
-                v.add(func);
-                v.add(scheme);
-
-                EncryptedPrivateKeyInfo info = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, new PBES2Parameters(new DERSequence(v))), cipher.doFinal(keyData));
-
-                return new PemObject("ENCRYPTED PRIVATE KEY", info.getEncoded());
-            }
-            catch (IOException e)
-            {
-                throw new PemGenerationException(e.getMessage(), e);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new PemGenerationException(e.getMessage(), e);
-            }
-        }
-        else if (PEMUtilities.isPKCS12(algOID))
-        {
-            byte[] salt = new byte[20];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(salt);
-
-            try
-            {
-                PBEKeySpec pbeSpec = new PBEKeySpec(password);
-                PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
-
-                cipher.init(Cipher.ENCRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
-
-                ASN1EncodableVector v = new ASN1EncodableVector();
-
-                v.add(new DEROctetString(salt));
-                v.add(new DERInteger(iterationCount));
-
-                EncryptedPrivateKeyInfo info = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(algOID, new PKCS12PBEParams(new DERSequence(v))), cipher.doFinal(keyData));
-
-                return new PemObject("ENCRYPTED PRIVATE KEY", info.getEncoded());
-            }
-            catch (IOException e)
-            {
-                throw new PemGenerationException(e.getMessage(), e);
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new PemGenerationException(e.getMessage(), e);
-            }
-        }
-        else
-        {
-            throw new PemGenerationException("unknown algorithm: " + algorithm);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordException.java
deleted file mode 100644
index c2b8ccd02..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordException.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.openssl;
-
-import java.io.IOException;
-
-public class PasswordException
-    extends IOException
-{
-    public PasswordException(String msg)
-    {
-        super(msg);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordFinder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordFinder.java
deleted file mode 100644
index fb89cf081..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/PasswordFinder.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.openssl;
-
-/**
- * call back to allow a password to be fetched when one is requested.
- */
-public interface PasswordFinder
-{
-    public char[] getPassword();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/package.html
deleted file mode 100644
index 7e60a79ea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/openssl/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for dealing with OpenSSL PEM files.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyUnwrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyUnwrapper.java
deleted file mode 100644
index 3c3aa2fb4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyUnwrapper.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public abstract class AsymmetricKeyUnwrapper
-    implements KeyUnwrapper
-{
-    private AlgorithmIdentifier algorithmId;
-
-    protected AsymmetricKeyUnwrapper(AlgorithmIdentifier algorithmId)
-    {
-        this.algorithmId = algorithmId;
-    }
-
-    public AlgorithmIdentifier getAlgorithmIdentifier()
-    {
-        return algorithmId;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyWrapper.java
deleted file mode 100644
index 27af71957..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/AsymmetricKeyWrapper.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public abstract class AsymmetricKeyWrapper
-    implements KeyWrapper
-{
-    private AlgorithmIdentifier algorithmId;
-
-    protected AsymmetricKeyWrapper(AlgorithmIdentifier algorithmId)
-    {
-        this.algorithmId = algorithmId;
-    }
-
-    public AlgorithmIdentifier getAlgorithmIdentifier()
-    {
-        return algorithmId;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentSigner.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentSigner.java
deleted file mode 100644
index fadef6031..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentSigner.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface ContentSigner
-{
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Returns a stream that will accept data for the purpose of calculating
-     * a signature. Use org.bouncycastle.util.io.TeeOutputStream if you want to accumulate
-     * the data on the fly as well.
-     *
-     * @return an OutputStream
-     */
-    OutputStream getOutputStream();
-
-    /**
-     * Returns a signature based on the current data written to the stream, since the
-     * start or the last call to getSignature().
-     *
-     * @return bytes representing the signature.
-     */
-    byte[] getSignature();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifier.java
deleted file mode 100644
index 54d9ef1d3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifier.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface ContentVerifier
-{
-    /**
-     * Return the algorithm identifier describing the signature
-     * algorithm and parameters this expander supports.
-     *
-     * @return algorithm oid and parameters.
-     */
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Returns a stream that will accept data for the purpose of calculating
-     * a signature for later verification. Use org.bouncycastle.util.io.TeeOutputStream if you want to accumulate
-     * the data on the fly as well.
-     *
-     * @return an OutputStream
-     */
-    OutputStream getOutputStream();
-
-    /**
-     * @param expected expected value of the signature on the data.
-     * @return true if the signature verifies, false otherwise
-     */
-    boolean verify(byte[] expected);
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifierProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifierProvider.java
deleted file mode 100644
index 9594382f8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/ContentVerifierProvider.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-
-/**
- * General interface for providers of ContentVerifier objects.
- */
-public interface ContentVerifierProvider
-{
-    /**
-     * Return whether or not this verifier has a certificate associated with it.
-     *
-     * @return true if there is an associated certificate, false otherwise.
-     */
-    boolean hasAssociatedCertificate();
-
-    /**
-     * Return the associated certificate if there is one.
-     *
-     * @return a holder containing the associated certificate if there is one, null if there is not.
-     */
-    X509CertificateHolder getAssociatedCertificate();
-
-    /**
-     * Return a ContentVerifier that matches the passed in algorithm identifier,
-     *
-     * @param verifierAlgorithmIdentifier the algorithm and parameters required.
-     * @return a matching ContentVerifier
-     * @throws OperatorCreationException if the required ContentVerifier cannot be created.
-     */
-    ContentVerifier get(AlgorithmIdentifier verifierAlgorithmIdentifier)
-        throws OperatorCreationException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
deleted file mode 100644
index bc58cf1d0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-
-public class DefaultDigestAlgorithmIdentifierFinder
-    implements DigestAlgorithmIdentifierFinder
-{
-    private static Map digestOids = new HashMap();
-
-    static
-    {
-        //
-        // digests
-        //
-        digestOids.put(OIWObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        digestOids.put(OIWObjectIdentifiers.md4WithRSA, PKCSObjectIdentifiers.md4);
-        digestOids.put(OIWObjectIdentifiers.sha1WithRSA, OIWObjectIdentifiers.idSHA1);
-
-        digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224);
-        digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
-        digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
-        digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
-        digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
-        digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
-
-        digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, OIWObjectIdentifiers.idSHA1);
-        digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, NISTObjectIdentifiers.id_sha224);
-        digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, NISTObjectIdentifiers.id_sha256);
-        digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, NISTObjectIdentifiers.id_sha384);
-        digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.id_sha512);
-        digestOids.put(X9ObjectIdentifiers.id_dsa_with_sha1, OIWObjectIdentifiers.idSHA1);
-
-        digestOids.put(NISTObjectIdentifiers.dsa_with_sha224, NISTObjectIdentifiers.id_sha224);
-        digestOids.put(NISTObjectIdentifiers.dsa_with_sha256, NISTObjectIdentifiers.id_sha256);
-        digestOids.put(NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.id_sha384);
-        digestOids.put(NISTObjectIdentifiers.dsa_with_sha512, NISTObjectIdentifiers.id_sha512);
-
-        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-
-        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-    }
-
-    public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)
-    {
-        AlgorithmIdentifier digAlgId;
-
-        if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-        {
-            digAlgId = ((RSASSAPSSparams)sigAlgId.getParameters()).getHashAlgorithm();
-        }
-        else
-        {
-            digAlgId = new AlgorithmIdentifier((DERObjectIdentifier)digestOids.get(sigAlgId.getAlgorithm()), new DERNull());
-        }
-
-        return digAlgId;
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
deleted file mode 100644
index a67738bb6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
+++ /dev/null
@@ -1,212 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.util.Strings;
-
-public class DefaultSignatureAlgorithmIdentifierFinder
-    implements SignatureAlgorithmIdentifierFinder
-{
-    private static Map algorithms = new HashMap();
-    private static Set noParams = new HashSet();
-    private static Map params = new HashMap();
-    private static Set pkcs15RsaEncryption = new HashSet();
-    private static Map digestOids = new HashMap();
-
-    private static final DERObjectIdentifier  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption;
-    private static final DERObjectIdentifier  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1;
-    private static final DERObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1;
-    private static final DERObjectIdentifier  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS;
-    private static final DERObjectIdentifier  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94;
-    private static final DERObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001;
-
-    static
-    {
-        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-        algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
-        algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
-        algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
-        algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
-        algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-        algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-        algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-               
-        //
-        // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
-        // The parameters field SHALL be NULL for RSA based signature algorithms.
-        //
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
-        noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
-
-        //
-        // RFC 4491
-        //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-
-        //
-        // PKCS 1.5 encrypted  algorithms
-        //
-        pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-
-        //
-        // explicit params
-        //
-        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
-        params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
-
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
-        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
-        params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
-
-        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull());
-        params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48));
-
-        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull());
-        params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
-
-        //
-        // digests
-        //
-        digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224);
-        digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
-        digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
-        digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
-        digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
-        digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
-        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-    }
-
-    private static AlgorithmIdentifier generate(String signatureAlgorithm)
-    {
-        AlgorithmIdentifier sigAlgId;
-        AlgorithmIdentifier encAlgId;
-        AlgorithmIdentifier digAlgId;
-
-        String algorithmName = Strings.toUpperCase(signatureAlgorithm);
-        DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(algorithmName);
-        if (sigOID == null)
-        {
-            throw new IllegalArgumentException("Unknown signature type requested: " + algorithmName);
-        }
-
-        if (noParams.contains(sigOID))
-        {
-            sigAlgId = new AlgorithmIdentifier(sigOID);
-        }
-        else if (params.containsKey(algorithmName))
-        {
-            sigAlgId = new AlgorithmIdentifier(sigOID, (DEREncodable)params.get(algorithmName));
-        }
-        else
-        {
-            sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE);
-        }
-
-        if (pkcs15RsaEncryption.contains(sigOID))
-        {
-            encAlgId = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
-        }
-        else
-        {
-            encAlgId = sigAlgId;
-        }
-
-        if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-        {
-            digAlgId = ((RSASSAPSSparams)sigAlgId.getParameters()).getHashAlgorithm();
-        }
-        else
-        {
-            digAlgId = new AlgorithmIdentifier((DERObjectIdentifier)digestOids.get(sigOID), new DERNull());
-        }
-
-        return sigAlgId;
-    }
-
-    private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize)
-    {
-        return new RSASSAPSSparams(
-            hashAlgId,
-            new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
-            new DERInteger(saltSize),
-            new DERInteger(1));
-    }
-
-    public AlgorithmIdentifier find(String sigAlgName)
-    {
-        return generate(sigAlgName);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestAlgorithmIdentifierFinder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestAlgorithmIdentifierFinder.java
deleted file mode 100644
index 35e234a08..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestAlgorithmIdentifierFinder.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface DigestAlgorithmIdentifierFinder
-{
-    /**
-     * Find the digest algorithm identifier that matches with
-     * the passed in signature algorithm identifier.
-     *
-     * @param sigAlgId the signature algorithm of interest.
-     * @return an algorithm identifier for the corresponding digest.
-     */
-    AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId);
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculator.java
deleted file mode 100644
index 203e876f3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculator.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * General interface for an operator that is able to calculate a digest from
- * a stream of output.
- */
-public interface DigestCalculator
-{
-    /**
-     * Return the algorithm identifier representing the digest implemented by
-     * this calculator.
-     *
-     * @return algorithm id and parameters.
-     */
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Returns a stream that will accept data for the purpose of calculating
-     * a digest. Use org.bouncycastle.util.io.TeeOutputStream if you want to accumulate
-     * the data on the fly as well.
-     *
-     * @return an OutputStream
-     */
-    OutputStream getOutputStream();
-
-    /**
-     * Return the digest calculated on what has been written to the calculator's output stream.
-     *
-     * @return a digest.
-     */
-    byte[] getDigest();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculatorProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculatorProvider.java
deleted file mode 100644
index 23652703a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/DigestCalculatorProvider.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface DigestCalculatorProvider
-{
-    DigestCalculator get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        throws OperatorCreationException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/GenericKey.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/GenericKey.java
deleted file mode 100644
index 09f9c48cb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/GenericKey.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.bouncycastle.operator;
-
-public class GenericKey
-{
-    private Object representation;
-
-    public GenericKey(Object representation)
-    {
-        this.representation = representation;
-    }
-
-    public Object getRepresentation()
-    {
-        return representation;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputDecryptor.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputDecryptor.java
deleted file mode 100644
index 80d7d82a5..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputDecryptor.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * General interface for an operator that is able to produce
- * an InputStream that will decrypt a stream of encrypted data.
- */
-public interface InputDecryptor
-{
-    /**
-     * Return the algorithm identifier describing the encryption
-     * algorithm and parameters this decryptor can process.
-     *
-     * @return algorithm oid and parameters.
-     */
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Wrap the passed in input stream encIn, returning an input stream
-     * that decrypts what it reads from encIn before returning it.
-     *
-     * @param encIn InputStream containing encrypted input.
-     * @return an decrypting InputStream
-     */
-    InputStream getInputStream(InputStream encIn);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpander.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpander.java
deleted file mode 100644
index 4767aed63..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpander.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * General interface for an operator that is able to produce
- * an InputStream that will produce uncompressed data.
- */
-public interface InputExpander
-{
-    /**
-     * Return the algorithm identifier describing the compression
-     * algorithm and parameters this expander supports.
-     *
-     * @return algorithm oid and parameters.
-     */
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Wrap the passed in input stream comIn, returning an input stream
-     * that expands anything read in from comIn.
-     *
-     * @param comIn the compressed input data stream..
-     * @return an expanding InputStream.
-     */
-    InputStream getInputStream(InputStream comIn);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpanderProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpanderProvider.java
deleted file mode 100644
index f560e04b9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/InputExpanderProvider.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface InputExpanderProvider
-{
-    InputExpander get(AlgorithmIdentifier algorithm);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyUnwrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyUnwrapper.java
deleted file mode 100644
index e34f6708c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyUnwrapper.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface KeyUnwrapper
-{
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptionKeyAlgorithm, byte[] encryptedKey)
-        throws OperatorException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyWrapper.java
deleted file mode 100644
index 29b76a848..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/KeyWrapper.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface KeyWrapper
-{
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    byte[] generateWrappedKey(GenericKey encryptionKey)
-        throws OperatorException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/MacCalculator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/MacCalculator.java
deleted file mode 100644
index 0572afcbb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/MacCalculator.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface MacCalculator
-{
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Returns a stream that will accept data for the purpose of calculating
-     * the MAC for later verification. Use org.bouncycastle.util.io.TeeOutputStream if you want to accumulate
-     * the data on the fly as well.
-     *
-     * @return an OutputStream
-     */
-    OutputStream getOutputStream();
-
-    /**
-     * Return the calculated MAC based on what has been written to the stream.
-     *
-     * @return calculated MAC.
-     */
-    byte[] getMac();
-
-
-    /**
-     * Return the key used for calculating the MAC.
-     *
-     * @return the MAC key.
-     */
-    GenericKey getKey();
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorCreationException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorCreationException.java
deleted file mode 100644
index 06d3fa02f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorCreationException.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.operator;
-
-public class OperatorCreationException
-    extends OperatorException
-{
-    public OperatorCreationException(String msg, Throwable cause)
-    {
-        super(msg, cause);
-    }
-
-    public OperatorCreationException(String msg)
-    {
-        super(msg);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorException.java
deleted file mode 100644
index a2146522b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorException.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.operator;
-
-public class OperatorException
-    extends Exception
-{
-    private Throwable cause;
-
-    public OperatorException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public OperatorException(String msg)
-    {
-        super(msg);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorStreamException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorStreamException.java
deleted file mode 100644
index a4534ebac..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OperatorStreamException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.IOException;
-
-public class OperatorStreamException
-    extends IOException
-{
-    private Throwable cause;
-
-    public OperatorStreamException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause; 
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputCompressor.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputCompressor.java
deleted file mode 100644
index 054966ece..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputCompressor.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * General interface for an operator that is able to produce
- * an OutputStream that will output compressed data.
- */
-public interface OutputCompressor
-{
-    /**
-     * Return the algorithm identifier describing the compression
-     * algorithm and parameters this compressor uses.
-     *
-     * @return algorithm oid and parameters.
-     */
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Wrap the passed in output stream comOut, returning an output stream
-     * that compresses anything passed in before sending on to comOut.
-     *
-     * @param comOut output stream for compressed output.
-     * @return a compressing OutputStream
-     */
-    OutputStream getOutputStream(OutputStream comOut);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputEncryptor.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputEncryptor.java
deleted file mode 100644
index 383e1fd82..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/OutputEncryptor.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.bouncycastle.operator;
-
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-/**
- * General interface for an operator that is able to produce
- * an OutputStream that will output encrypted data.
- */
-public interface OutputEncryptor
-{
-    /**
-     * Return the algorithm identifier describing the encryption
-     * algorithm and parameters this encryptor uses.
-     *
-     * @return algorithm oid and parameters.
-     */
-    AlgorithmIdentifier getAlgorithmIdentifier();
-
-    /**
-     * Wrap the passed in output stream encOut, returning an output stream
-     * that encrypts anything passed in before sending on to encOut.
-     *
-     * @param encOut output stream for encrypted output.
-     * @return an encrypting OutputStream
-     */
-    OutputStream getOutputStream(OutputStream encOut);
-
-    /**
-     * Return the key used for encrypting the output.
-     *
-     * @return the encryption key.
-     */
-    GenericKey getKey();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/RawContentVerifier.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/RawContentVerifier.java
deleted file mode 100644
index 447a27b0a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/RawContentVerifier.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.operator;
-
-/**
- * Interface for ContentVerifiers that also support raw signatures that can be
- * verified using the digest of the calculated data.
- */
-public interface RawContentVerifier
-{
-    /**
-     * Verify that the expected signature value was derived from the passed in digest.
-     *
-     * @param digest digest calculated from the content.
-     * @param expected expected value of the signature
-     * @return true if the expected signature is derived from the digest, false otherwise.
-     */
-    boolean verify(byte[] digest, byte[] expected);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java
deleted file mode 100644
index 2918b4dde..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/RuntimeOperatorException.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.operator;
-
-public class RuntimeOperatorException
-    extends RuntimeException
-{
-    private Throwable cause;
-
-    public RuntimeOperatorException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SignatureAlgorithmIdentifierFinder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SignatureAlgorithmIdentifierFinder.java
deleted file mode 100644
index 46b67d3f1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SignatureAlgorithmIdentifierFinder.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public interface SignatureAlgorithmIdentifierFinder
-{
-    /**
-     * Find the signature algorithm identifier that matches with
-     * the passed in signature algorithm identifier.
-     *
-     * @param sigAlgName the name of the signature algorithm of interest.
-     * @return an algorithm identifier for the corresponding signature.
-     */
-    AlgorithmIdentifier find(String sigAlgName);
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyUnwrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyUnwrapper.java
deleted file mode 100644
index 7c7245547..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyUnwrapper.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public abstract class SymmetricKeyUnwrapper
-    implements KeyUnwrapper
-{
-    private AlgorithmIdentifier algorithmId;
-
-    protected SymmetricKeyUnwrapper(AlgorithmIdentifier algorithmId)
-    {
-        this.algorithmId = algorithmId;
-    }
-
-    public AlgorithmIdentifier getAlgorithmIdentifier()
-    {
-        return algorithmId;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyWrapper.java
deleted file mode 100644
index b1864d234..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/SymmetricKeyWrapper.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.operator;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-public abstract class SymmetricKeyWrapper
-    implements KeyWrapper
-{
-    private AlgorithmIdentifier algorithmId;
-
-    protected SymmetricKeyWrapper(AlgorithmIdentifier algorithmId)
-    {
-        this.algorithmId = algorithmId;
-    }
-
-    public AlgorithmIdentifier getAlgorithmIdentifier()
-    {
-        return algorithmId;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcAsymmetricKeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcAsymmetricKeyWrapper.java
deleted file mode 100644
index f9c780879..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcAsymmetricKeyWrapper.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.security.SecureRandom;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.operator.AsymmetricKeyWrapper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-
-public abstract class BcAsymmetricKeyWrapper
-    extends AsymmetricKeyWrapper
-{
-    private AsymmetricKeyParameter publicKey;
-    private SecureRandom random;
-
-    public BcAsymmetricKeyWrapper(AlgorithmIdentifier encAlgId, AsymmetricKeyParameter publicKey)
-    {
-        super(encAlgId);
-
-        this.publicKey = publicKey;
-    }
-
-    public BcAsymmetricKeyWrapper setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public byte[] generateWrappedKey(GenericKey encryptionKey)
-        throws OperatorException
-    {
-        AsymmetricBlockCipher keyEncryptionCipher = createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm());
-        
-        CipherParameters params = publicKey;
-        if (random != null)
-        {
-            params = new ParametersWithRandom(params, random);
-        }
-
-        try
-        {
-            byte[] keyEnc = OperatorUtils.getKeyBytes(encryptionKey);
-            keyEncryptionCipher.init(true, publicKey);
-            return keyEncryptionCipher.processBlock(keyEnc, 0, keyEnc.length);
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new OperatorException("unable to encrypt contents key", e);
-        }
-    }
-
-    protected abstract AsymmetricBlockCipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentSignerBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentSignerBuilder.java
deleted file mode 100644
index e979c868c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentSignerBuilder.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.io.OutputStream;
-import java.security.SecureRandom;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.RuntimeOperatorException;
-
-public abstract class BcContentSignerBuilder
-{
-    private SecureRandom random;
-    private AlgorithmIdentifier sigAlgId;
-    private AlgorithmIdentifier digAlgId;
-
-    public BcContentSignerBuilder(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
-    {
-        this.sigAlgId = sigAlgId;
-        this.digAlgId = digAlgId;
-    }
-
-    public BcContentSignerBuilder setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public ContentSigner build(AsymmetricKeyParameter privateKey)
-        throws OperatorCreationException
-    {
-        final Signer sig = createSigner(sigAlgId, digAlgId);
-
-        if (random != null)
-        {
-            sig.init(true, new ParametersWithRandom(privateKey, random));
-        }
-        else
-        {
-            sig.init(true, privateKey);
-        }
-
-        return new ContentSigner()
-        {
-            private BcSignerOutputStream stream = new BcSignerOutputStream(sig);
-
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return sigAlgId;
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return stream;
-            }
-
-            public byte[] getSignature()
-            {
-                try
-                {
-                    return stream.getSignature();
-                }
-                catch (CryptoException e)
-                {
-                    throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
-                }
-            }
-        };
-    }
-
-    protected abstract Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier algorithmIdentifier)
-        throws OperatorCreationException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentVerifierProviderBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentVerifierProviderBuilder.java
deleted file mode 100644
index f47c91de3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcContentVerifierProviderBuilder.java
+++ /dev/null
@@ -1,141 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public abstract class BcContentVerifierProviderBuilder
-{
-    public BcContentVerifierProviderBuilder()
-    {
-    }
-
-    public ContentVerifierProvider build(final X509CertificateHolder certHolder)
-        throws OperatorCreationException
-    {
-        return new ContentVerifierProvider()
-        {
-            public boolean hasAssociatedCertificate()
-            {
-                return true;
-            }
-
-            public X509CertificateHolder getAssociatedCertificate()
-            {
-                return certHolder;
-            }
-
-            public ContentVerifier get(AlgorithmIdentifier algorithm)
-                throws OperatorCreationException
-            {
-                try
-                {
-                    AsymmetricKeyParameter publicKey = extractKeyParameters(certHolder.getSubjectPublicKeyInfo());
-                    BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey);
-
-                    return new SigVerifier(algorithm, stream);
-                }
-                catch (IOException e)
-                {
-                    throw new OperatorCreationException("exception on setup: " + e, e);
-                }
-            }
-        };
-    }
-
-    public ContentVerifierProvider build(final AsymmetricKeyParameter publicKey)
-        throws OperatorCreationException
-    {
-        return new ContentVerifierProvider()
-        {
-            public boolean hasAssociatedCertificate()
-            {
-                return false;
-            }
-
-            public X509CertificateHolder getAssociatedCertificate()
-            {
-                return null;
-            }
-
-            public ContentVerifier get(AlgorithmIdentifier algorithm)
-                throws OperatorCreationException
-            {
-                BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey);
-
-                return new SigVerifier(algorithm, stream);
-            }
-        };
-    }
-
-    private BcSignerOutputStream createSignatureStream(AlgorithmIdentifier algorithm, AsymmetricKeyParameter publicKey)
-        throws OperatorCreationException
-    {
-        Signer sig = createSigner(algorithm);
-
-        sig.init(false, publicKey);
-
-        return new BcSignerOutputStream(sig);
-    }
-
-    /**
-     * Extract an AsymmetricKeyParameter from the passed in SubjectPublicKeyInfo structure.
-     *
-     * @param publicKeyInfo a publicKeyInfo structure describing the public key required.
-     * @return an AsymmetricKeyParameter object containing the appropriate public key.
-     * @throws IOException if the publicKeyInfo data cannot be parsed,
-     */
-    protected abstract AsymmetricKeyParameter extractKeyParameters(SubjectPublicKeyInfo publicKeyInfo)
-        throws IOException;
-
-    /**
-     * Create the correct signer for the algorithm identifier sigAlgId.
-     *
-     * @param sigAlgId the algorithm details for the signature we want to verify.
-     * @return a Signer object.
-     * @throws OperatorCreationException if the Signer cannot be constructed.
-     */
-    protected abstract Signer createSigner(AlgorithmIdentifier sigAlgId)
-        throws OperatorCreationException;
-
-    private class SigVerifier
-        implements ContentVerifier
-    {
-        private BcSignerOutputStream stream;
-        private AlgorithmIdentifier algorithm;
-
-        SigVerifier(AlgorithmIdentifier algorithm, BcSignerOutputStream stream)
-        {
-            this.algorithm = algorithm;
-            this.stream = stream;
-        }
-
-        public AlgorithmIdentifier getAlgorithmIdentifier()
-        {
-            return algorithm;
-        }
-
-        public OutputStream getOutputStream()
-        {
-            if (stream == null)
-            {
-                throw new IllegalStateException("verifier not initialised");
-            }
-
-            return stream;
-        }
-
-        public boolean verify(byte[] expected)
-        {
-            return stream.verify(expected);
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java
deleted file mode 100644
index af236785e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class BcDigestCalculatorProvider
-    implements DigestCalculatorProvider
-{
-    private DigestOutputStream stream;
-
-    public DigestCalculator get(final AlgorithmIdentifier algorithm)
-        throws OperatorCreationException
-    {
-        Digest dig = BcUtil.createDigest(algorithm);
-
-        stream = new DigestOutputStream(dig);
-
-        return new DigestCalculator()
-        {
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return algorithm;
-            }
-
-            public OutputStream getOutputStream()
-            {
-                return stream;
-            }
-
-            public byte[] getDigest()
-            {
-                return stream.getDigest();
-            }
-        };
-    }
-
-    private class DigestOutputStream
-        extends OutputStream
-    {
-        private Digest dig;
-
-        DigestOutputStream(Digest dig)
-        {
-            this.dig = dig;
-        }
-
-        public void write(byte[] bytes, int off, int len)
-            throws IOException
-        {
-            dig.update(bytes, off, len);
-        }
-
-        public void write(byte[] bytes)
-            throws IOException
-        {
-            dig.update(bytes, 0, bytes.length);
-        }
-
-        public void write(int b)
-            throws IOException
-        {
-            dig.update((byte)b);
-        }
-
-        byte[] getDigest()
-        {
-            byte[] d = new byte[dig.getDigestSize()];
-
-            dig.doFinal(d, 0);
-
-            return d;
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAAsymmetricKeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAAsymmetricKeyWrapper.java
deleted file mode 100644
index 9375bd153..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAAsymmetricKeyWrapper.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSAEngine;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-
-public class BcRSAAsymmetricKeyWrapper
-    extends BcAsymmetricKeyWrapper
-{
-    public BcRSAAsymmetricKeyWrapper(AlgorithmIdentifier encAlgId, AsymmetricKeyParameter publicKey)
-    {
-        super(encAlgId, publicKey);
-    }
-
-    public BcRSAAsymmetricKeyWrapper(AlgorithmIdentifier encAlgId, SubjectPublicKeyInfo publicKeyInfo)
-        throws IOException
-    {
-        super(encAlgId, PublicKeyFactory.createKey(publicKeyInfo));
-    }
-
-    protected AsymmetricBlockCipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm)
-    {
-        return new PKCS1Encoding(new RSAEngine());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentSignerBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentSignerBuilder.java
deleted file mode 100644
index 435d5f92e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentSignerBuilder.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.signers.RSADigestSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class BcRSAContentSignerBuilder
-    extends BcContentSignerBuilder
-{
-    public BcRSAContentSignerBuilder(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
-    {
-        super(sigAlgId, digAlgId);
-    }
-
-    protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
-        throws OperatorCreationException
-    {
-        Digest dig = BcUtil.createDigest(digAlgId);
-
-        return new RSADigestSigner(dig);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentVerifierProviderBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentVerifierProviderBuilder.java
deleted file mode 100644
index 6e76d0a9a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcRSAContentVerifierProviderBuilder.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Signer;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.signers.RSADigestSigner;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class BcRSAContentVerifierProviderBuilder
-    extends BcContentVerifierProviderBuilder
-{
-    private DigestAlgorithmIdentifierFinder digestAlgorithmFinder;
-
-    public BcRSAContentVerifierProviderBuilder(DigestAlgorithmIdentifierFinder digestAlgorithmFinder)
-    {
-        this.digestAlgorithmFinder = digestAlgorithmFinder;
-    }
-
-    protected Signer createSigner(AlgorithmIdentifier sigAlgId)
-        throws OperatorCreationException
-    {
-        AlgorithmIdentifier digAlg = digestAlgorithmFinder.find(sigAlgId);
-        Digest dig = BcUtil.createDigest(digAlg);
-
-        return new RSADigestSigner(dig);
-    }
-
-    protected AsymmetricKeyParameter extractKeyParameters(SubjectPublicKeyInfo publicKeyInfo)
-        throws IOException
-    {
-        return PublicKeyFactory.createKey(publicKeyInfo);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcSignerOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcSignerOutputStream.java
deleted file mode 100644
index 0ef1656b0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcSignerOutputStream.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.crypto.CryptoException;
-import org.bouncycastle.crypto.Signer;
-
-public class BcSignerOutputStream
-    extends OutputStream
-{
-    private Signer sig;
-
-    BcSignerOutputStream(Signer sig)
-    {
-        this.sig = sig;
-    }
-
-    public void write(byte[] bytes, int off, int len)
-        throws IOException
-    {
-        sig.update(bytes, off, len);
-    }
-
-    public void write(byte[] bytes)
-        throws IOException
-    {
-        sig.update(bytes, 0, bytes.length);
-    }
-
-    public void write(int b)
-        throws IOException
-    {
-        sig.update((byte)b);
-    }
-
-    byte[] getSignature()
-        throws CryptoException
-    {
-        return sig.generateSignature();
-    }
-
-    boolean verify(byte[] expected)
-    {
-        return sig.verifySignature(expected);
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcUtil.java
deleted file mode 100644
index 7c8e2d214..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/BcUtil.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.operator.OperatorCreationException;
-
-class BcUtil
-{
-    static Digest createDigest(AlgorithmIdentifier digAlg)
-        throws OperatorCreationException
-    {
-        Digest dig;
-
-        if (digAlg.getAlgorithm().equals(OIWObjectIdentifiers.idSHA1))
-        {
-            dig = new SHA1Digest();
-        }
-        else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224))
-        {
-            dig = new SHA224Digest();
-        }
-        else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256))
-        {
-            dig = new SHA256Digest();
-        }
-        else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha384))
-        {
-            dig = new SHA384Digest();
-        }
-        else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha512))
-        {
-            dig = new SHA384Digest();
-        }
-        else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md5))
-        {
-            dig = new MD5Digest();
-        }
-        else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4))
-        {
-            dig = new MD4Digest();
-        }
-        else
-        {
-            throw new OperatorCreationException("cannot recognise digest");
-        }
-
-        return dig;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/OperatorUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/OperatorUtils.java
deleted file mode 100644
index bc8e7f6ea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/bc/OperatorUtils.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.operator.bc;
-
-import java.security.Key;
-
-import org.bouncycastle.operator.GenericKey;
-
-class OperatorUtils
-{
-    static byte[] getKeyBytes(GenericKey key)
-    {
-        if (key.getRepresentation() instanceof Key)
-        {
-            return ((Key)key.getRepresentation()).getEncoded();
-        }
-
-        if (key.getRepresentation() instanceof byte[])
-        {
-            return (byte[])key.getRepresentation();
-        }
-
-        throw new IllegalArgumentException("unknown generic key type");
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java
deleted file mode 100644
index 04885c0a1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java
+++ /dev/null
@@ -1,160 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.OperatorStreamException;
-import org.bouncycastle.operator.RuntimeOperatorException;
-
-public class JcaContentSignerBuilder
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-    private SecureRandom random;
-    private String signatureAlgorithm;
-    private AlgorithmIdentifier sigAlgId;
-
-    public JcaContentSignerBuilder(String signatureAlgorithm)
-    {
-        this.signatureAlgorithm = signatureAlgorithm;
-        this.sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm);
-    }
-
-    public JcaContentSignerBuilder setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JcaContentSignerBuilder setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JcaContentSignerBuilder setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public ContentSigner build(PrivateKey privateKey)
-        throws OperatorCreationException
-    {
-        try
-        {
-            final Signature sig = helper.createSignature(sigAlgId);
-
-            if (random != null)
-            {
-                sig.initSign(privateKey, random);
-            }
-            else
-            {
-                sig.initSign(privateKey);
-            }
-
-            return new ContentSigner()
-            {
-                private SignatureOutputStream stream = new SignatureOutputStream(sig);
-
-                public AlgorithmIdentifier getAlgorithmIdentifier()
-                {
-                    return sigAlgId;
-                }
-
-                public OutputStream getOutputStream()
-                {
-                    return stream;
-                }
-
-                public byte[] getSignature()
-                {
-                    try
-                    {
-                        return stream.getSignature();
-                    }
-                    catch (SignatureException e)
-                    {
-                        throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
-                    }
-                }
-            };
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e);
-        }
-    }
-
-    private class SignatureOutputStream
-        extends OutputStream
-    {
-        private Signature sig;
-
-        SignatureOutputStream(Signature sig)
-        {
-            this.sig = sig;
-        }
-
-        public void write(byte[] bytes, int off, int len)
-            throws IOException
-        {
-            try
-            {
-                sig.update(bytes, off, len);
-            }
-            catch (SignatureException e)
-            {
-                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
-            }
-        }
-
-        public void write(byte[] bytes)
-            throws IOException
-        {
-            try
-            {
-                sig.update(bytes);
-            }
-            catch (SignatureException e)
-            {
-                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
-            }
-        }
-
-        public void write(int b)
-            throws IOException
-        {
-            try
-            {
-                sig.update((byte)b);
-            }
-            catch (SignatureException e)
-            {
-                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
-            }
-        }
-
-        byte[] getSignature()
-            throws SignatureException
-        {
-            return sig.sign();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
deleted file mode 100644
index 70fad5f08..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
+++ /dev/null
@@ -1,302 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.OperatorStreamException;
-import org.bouncycastle.operator.RawContentVerifier;
-import org.bouncycastle.operator.RuntimeOperatorException;
-
-public class JcaContentVerifierProviderBuilder
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-
-    public JcaContentVerifierProviderBuilder()
-    {
-    }
-
-    public JcaContentVerifierProviderBuilder setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JcaContentVerifierProviderBuilder setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public ContentVerifierProvider build(X509CertificateHolder certHolder)
-        throws OperatorCreationException, CertificateException
-    {
-        return build(helper.convertCertificate(certHolder));
-    }
-
-    public ContentVerifierProvider build(final X509Certificate certificate)
-        throws OperatorCreationException
-    {
-        final X509CertificateHolder certHolder;
-
-        try
-        {
-            certHolder = new JcaX509CertificateHolder(certificate);
-        }
-        catch (CertificateEncodingException e)
-        {
-            throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
-        }
-
-        return new ContentVerifierProvider()
-        {
-            private SignatureOutputStream stream;
-
-            public boolean hasAssociatedCertificate()
-            {
-                return true;
-            }
-
-            public X509CertificateHolder getAssociatedCertificate()
-            {
-                return certHolder;
-            }
-
-            public ContentVerifier get(AlgorithmIdentifier algorithm)
-                throws OperatorCreationException
-            {
-                try
-                {
-                    Signature sig = helper.createSignature(algorithm);
-
-                    sig.initVerify(certificate.getPublicKey());
-
-                    stream = new SignatureOutputStream(sig);
-                }
-                catch (GeneralSecurityException e)
-                {
-                    throw new OperatorCreationException("exception on setup: " + e, e);
-                }
-
-                Signature rawSig = createRawSig(algorithm, certificate.getPublicKey());
-
-                if (rawSig != null)
-                {
-                    return new RawSigVerifier(algorithm, stream, rawSig);
-                }
-                else
-                {
-                    return new SigVerifier(algorithm, stream);
-                }
-            }
-        };
-    }
-
-    public ContentVerifierProvider build(final PublicKey publicKey)
-        throws OperatorCreationException
-    {
-        return new ContentVerifierProvider()
-        {
-            public boolean hasAssociatedCertificate()
-            {
-                return false;
-            }
-
-            public X509CertificateHolder getAssociatedCertificate()
-            {
-                return null;
-            }
-
-            public ContentVerifier get(AlgorithmIdentifier algorithm)
-                throws OperatorCreationException
-            {
-                SignatureOutputStream stream = createSignatureStream(algorithm, publicKey);
-
-                Signature rawSig = createRawSig(algorithm, publicKey);
-
-                if (rawSig != null)
-                {
-                    return new RawSigVerifier(algorithm, stream, rawSig);
-                }
-                else
-                {
-                    return new SigVerifier(algorithm, stream);
-                }
-            }
-        };
-    }
-
-    private SignatureOutputStream createSignatureStream(AlgorithmIdentifier algorithm, PublicKey publicKey)
-        throws OperatorCreationException
-    {
-        try
-        {
-            Signature sig = helper.createSignature(algorithm);
-
-            sig.initVerify(publicKey);
-
-            return new SignatureOutputStream(sig);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OperatorCreationException("exception on setup: " + e, e);
-        }
-    }
-
-    private Signature createRawSig(AlgorithmIdentifier algorithm, PublicKey publicKey)
-    {
-        Signature rawSig;
-        try
-        {
-            rawSig = helper.createRawSignature(algorithm);
-
-            rawSig.initVerify(publicKey);
-        }
-        catch (Exception e)
-        {
-            rawSig = null;
-        }
-        return rawSig;
-    }
-
-    private class SigVerifier
-        implements ContentVerifier
-    {
-        private SignatureOutputStream stream;
-        private AlgorithmIdentifier algorithm;
-
-        SigVerifier(AlgorithmIdentifier algorithm, SignatureOutputStream stream)
-        {
-            this.algorithm = algorithm;
-            this.stream = stream;
-        }
-
-        public AlgorithmIdentifier getAlgorithmIdentifier()
-        {
-            return algorithm;
-        }
-
-        public OutputStream getOutputStream()
-        {
-            if (stream == null)
-            {
-                throw new IllegalStateException("verifier not initialised");
-            }
-
-            return stream;
-        }
-
-        public boolean verify(byte[] expected)
-        {
-            try
-            {
-                return stream.verify(expected);
-            }
-            catch (SignatureException e)
-            {
-                throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
-            }
-        }
-    }
-
-    private class RawSigVerifier
-        extends SigVerifier
-        implements RawContentVerifier
-    {
-        private Signature rawSignature;
-
-        RawSigVerifier(AlgorithmIdentifier algorithm, SignatureOutputStream stream, Signature rawSignature)
-        {
-            super(algorithm, stream);
-            this.rawSignature = rawSignature;
-        }
-
-        public boolean verify(byte[] digest, byte[] expected)
-        {
-            try
-            {
-                rawSignature.update(digest);
-
-                return rawSignature.verify(expected);
-            }
-            catch (SignatureException e)
-            {
-                throw new RuntimeOperatorException("exception obtaining raw signature: " + e.getMessage(), e);
-            }
-        }
-    }
-
-    private class SignatureOutputStream
-        extends OutputStream
-    {
-        private Signature sig;
-
-        SignatureOutputStream(Signature sig)
-        {
-            this.sig = sig;
-        }
-
-        public void write(byte[] bytes, int off, int len)
-            throws IOException
-        {
-            try
-            {
-                sig.update(bytes, off, len);
-            }
-            catch (SignatureException e)
-            {
-                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
-            }
-        }
-
-        public void write(byte[] bytes)
-            throws IOException
-        {
-            try
-            {
-                sig.update(bytes);
-            }
-            catch (SignatureException e)
-            {
-                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
-            }
-        }
-
-        public void write(int b)
-            throws IOException
-        {
-            try
-            {
-                sig.update((byte)b);
-            }
-            catch (SignatureException e)
-            {
-                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
-            }
-        }
-
-        boolean verify(byte[] expected)
-            throws SignatureException
-        {
-            return sig.verify(expected);
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java
deleted file mode 100644
index 6f59cd08f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.Provider;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-public class JcaDigestCalculatorProviderBuilder
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-
-    public JcaDigestCalculatorProviderBuilder()
-    {
-    }
-
-    public JcaDigestCalculatorProviderBuilder setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JcaDigestCalculatorProviderBuilder setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public DigestCalculatorProvider build()
-        throws OperatorCreationException
-    {
-        return new DigestCalculatorProvider()
-        {
-            public DigestCalculator get(final AlgorithmIdentifier algorithm)
-                throws OperatorCreationException
-            {
-                final DigestOutputStream stream;
-
-                try
-                {
-                    MessageDigest dig = helper.createDigest(algorithm);
-
-                    stream = new DigestOutputStream(dig);
-                }
-                catch (GeneralSecurityException e)
-                {
-                    throw new OperatorCreationException("exception on setup: " + e, e);
-                }
-
-                return new DigestCalculator()
-                {
-                    public AlgorithmIdentifier getAlgorithmIdentifier()
-                    {
-                        return algorithm;
-                    }
-                    
-                    public OutputStream getOutputStream()
-                    {
-                        return stream;
-                    }
-
-                    public byte[] getDigest()
-                    {
-                        return stream.getDigest();
-                    }
-                };
-            }
-        };
-    }
-
-    private class DigestOutputStream
-        extends OutputStream
-    {
-        private MessageDigest dig;
-
-        DigestOutputStream(MessageDigest dig)
-        {
-            this.dig = dig;
-        }
-
-        public void write(byte[] bytes, int off, int len)
-            throws IOException
-        {
-            dig.update(bytes, off, len);
-        }
-
-        public void write(byte[] bytes)
-            throws IOException
-        {
-           dig.update(bytes);
-        }
-
-        public void write(int b)
-            throws IOException
-        {
-           dig.update((byte)b);
-        }
-
-        byte[] getDigest()
-        {
-            return dig.digest();
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java
deleted file mode 100644
index f81872f4f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java
+++ /dev/null
@@ -1,99 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.ProviderException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.AsymmetricKeyUnwrapper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-
-public class JceAsymmetricKeyUnwrapper
-    extends AsymmetricKeyUnwrapper
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-    private PrivateKey privKey;
-
-    public JceAsymmetricKeyUnwrapper(AlgorithmIdentifier algorithmIdentifier, PrivateKey privKey)
-    {
-        super(algorithmIdentifier);
-
-        this.privKey = privKey;
-    }
-
-    public JceAsymmetricKeyUnwrapper setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceAsymmetricKeyUnwrapper setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedKey)
-        throws OperatorException
-    {
-        try
-        {
-            Key sKey = null;
-
-            Cipher keyCipher = helper.createAsymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm());
-
-            try
-            {
-                keyCipher.init(Cipher.UNWRAP_MODE, privKey);
-                sKey = keyCipher.unwrap(encryptedKey, encryptedKeyAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY);
-            }
-            catch (GeneralSecurityException e)
-            {
-            }
-            catch (IllegalStateException e)
-            {
-            }
-            catch (UnsupportedOperationException e)
-            {
-            }
-            catch (ProviderException e)
-            {
-            }
-
-            // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms)
-            if (sKey == null)
-            {
-                keyCipher.init(Cipher.DECRYPT_MODE, privKey);
-                sKey = new SecretKeySpec(keyCipher.doFinal(encryptedKey), encryptedKeyAlgorithm.getAlgorithm().getId());
-            }
-
-            return new GenericKey(sKey);
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new OperatorException("key invalid: " + e.getMessage(), e);
-        }
-        catch (IllegalBlockSizeException e)
-        {
-            throw new OperatorException("illegal blocksize: " + e.getMessage(), e);
-        }
-        catch (BadPaddingException e)
-        {
-            throw new OperatorException("bad padding: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyWrapper.java
deleted file mode 100644
index 8b8d995dd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceAsymmetricKeyWrapper.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.Provider;
-import java.security.ProviderException;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-import javax.crypto.Cipher;
-
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.AsymmetricKeyWrapper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-
-public class JceAsymmetricKeyWrapper
-    extends AsymmetricKeyWrapper
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-    private PublicKey publicKey;
-    private SecureRandom random;
-
-    public JceAsymmetricKeyWrapper(PublicKey publicKey)
-    {
-        super(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()).getAlgorithmId());
-
-        this.publicKey = publicKey;
-    }
-
-    public JceAsymmetricKeyWrapper(X509Certificate certificate)
-    {
-        this(certificate.getPublicKey());
-    }
-
-    public JceAsymmetricKeyWrapper setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceAsymmetricKeyWrapper setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JceAsymmetricKeyWrapper setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public byte[] generateWrappedKey(GenericKey encryptionKey)
-        throws OperatorException
-    {
-        Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm());
-        byte[] encryptedKeyBytes = null;
-
-        try
-        {
-            keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
-            encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
-        }
-        catch (GeneralSecurityException e)
-        {
-        }
-        catch (IllegalStateException e)
-        {
-        }
-        catch (UnsupportedOperationException e)
-        {
-        }
-        catch (ProviderException e)
-        {
-        }
-
-        // some providers do not support WRAP (this appears to be only for asymmetric algorithms)
-        if (encryptedKeyBytes == null)
-        {
-            try
-            {
-                keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
-                encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new OperatorException("unable to encrypt contents key", e);
-            }
-        }
-
-        return encryptedKeyBytes;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyUnwrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyUnwrapper.java
deleted file mode 100644
index b2f0c6396..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyUnwrapper.java
+++ /dev/null
@@ -1,65 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-import org.bouncycastle.operator.SymmetricKeyUnwrapper;
-
-public class JceSymmetricKeyUnwrapper
-    extends SymmetricKeyUnwrapper
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-    private SecretKey secretKey;
-
-    public JceSymmetricKeyUnwrapper(AlgorithmIdentifier algorithmIdentifier, SecretKey secretKey)
-    {
-        super(algorithmIdentifier);
-
-        this.secretKey = secretKey;
-    }
-
-    public JceSymmetricKeyUnwrapper setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceSymmetricKeyUnwrapper setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedKey)
-        throws OperatorException
-    {
-        try
-        {
-            Cipher keyCipher = helper.createSymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm());
-
-            keyCipher.init(Cipher.UNWRAP_MODE, secretKey);
-
-            return new GenericKey(keyCipher.unwrap(encryptedKey, encryptedKeyAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY));
-        }
-        catch (InvalidKeyException e)
-        {
-            throw new OperatorException("key invalid in message.", e);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new OperatorException("can't find algorithm.", e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyWrapper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyWrapper.java
deleted file mode 100644
index 87e2170ca..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyWrapper.java
+++ /dev/null
@@ -1,154 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.Provider;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.operator.GenericKey;
-import org.bouncycastle.operator.OperatorException;
-import org.bouncycastle.operator.SymmetricKeyWrapper;
-
-public class JceSymmetricKeyWrapper
-    extends SymmetricKeyWrapper
-{
-    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
-    private SecureRandom random;
-    private SecretKey wrappingKey;
-
-    public JceSymmetricKeyWrapper(SecretKey wrappingKey)
-    {
-        super(determineKeyEncAlg(wrappingKey));
-
-        this.wrappingKey = wrappingKey;
-    }
-
-    public JceSymmetricKeyWrapper setProvider(Provider provider)
-    {
-        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
-
-        return this;
-    }
-
-    public JceSymmetricKeyWrapper setProvider(String providerName)
-    {
-        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
-
-        return this;
-    }
-
-    public JceSymmetricKeyWrapper setSecureRandom(SecureRandom random)
-    {
-        this.random = random;
-
-        return this;
-    }
-
-    public byte[] generateWrappedKey(GenericKey encryptionKey)
-        throws OperatorException
-    {
-        Key contentEncryptionKeySpec = OperatorUtils.getJceKey(encryptionKey);
-
-        Cipher keyEncryptionCipher = helper.createSymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm());
-
-        try
-        {
-            keyEncryptionCipher.init(Cipher.WRAP_MODE, wrappingKey, random);
-
-            return keyEncryptionCipher.wrap(contentEncryptionKeySpec);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OperatorException("cannot wrap key: " + e.getMessage(), e);
-        }
-    }
-
-    private static AlgorithmIdentifier determineKeyEncAlg(SecretKey key)
-    {
-        String algorithm = key.getAlgorithm();
-
-        if (algorithm.startsWith("DES"))
-        {
-            return new AlgorithmIdentifier(new DERObjectIdentifier(
-                    "1.2.840.113549.1.9.16.3.6"), new DERNull());
-        }
-        else if (algorithm.startsWith("RC2"))
-        {
-            return new AlgorithmIdentifier(new DERObjectIdentifier(
-                    "1.2.840.113549.1.9.16.3.7"), new DERInteger(58));
-        }
-        else if (algorithm.startsWith("AES"))
-        {
-            int length = key.getEncoded().length * 8;
-            DERObjectIdentifier wrapOid;
-
-            if (length == 128)
-            {
-                wrapOid = NISTObjectIdentifiers.id_aes128_wrap;
-            }
-            else if (length == 192)
-            {
-                wrapOid = NISTObjectIdentifiers.id_aes192_wrap;
-            }
-            else if (length == 256)
-            {
-                wrapOid = NISTObjectIdentifiers.id_aes256_wrap;
-            }
-            else
-            {
-                throw new IllegalArgumentException("illegal keysize in AES");
-            }
-
-            return new AlgorithmIdentifier(wrapOid); // parameters absent
-        }
-        else if (algorithm.startsWith("SEED"))
-        {
-            // parameters absent
-            return new AlgorithmIdentifier(
-                    KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
-        }
-        else if (algorithm.startsWith("Camellia"))
-        {
-            int length = key.getEncoded().length * 8;
-            DERObjectIdentifier wrapOid;
-
-            if (length == 128)
-            {
-                wrapOid = NTTObjectIdentifiers.id_camellia128_wrap;
-            }
-            else if (length == 192)
-            {
-                wrapOid = NTTObjectIdentifiers.id_camellia192_wrap;
-            }
-            else if (length == 256)
-            {
-                wrapOid = NTTObjectIdentifiers.id_camellia256_wrap;
-            }
-            else
-            {
-                throw new IllegalArgumentException(
-                        "illegal keysize in Camellia");
-            }
-
-            return new AlgorithmIdentifier(wrapOid); // parameters must be
-                                                     // absent
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown algorithm");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
deleted file mode 100644
index ea33f0d93..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
+++ /dev/null
@@ -1,332 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Signature;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.jcajce.JcaJceHelper;
-import org.bouncycastle.operator.OperatorCreationException;
-
-class OperatorHelper
-{
-    private static final Map oids = new HashMap();
-    private static final Map asymmetricWrapperAlgNames = new HashMap();
-    private static final Map symmetricWrapperAlgNames = new HashMap();
-
-    static
-    {
-        //
-        // reverse mappings
-        //
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
-        oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
-        oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
-
-        asymmetricWrapperAlgNames.put(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()), "RSA/ECB/PKCS1Padding");
-
-        symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWrap");
-        symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes128_wrap, "AESWrap");
-        symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes192_wrap, "AESWrap");
-        symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes256_wrap, "AESWrap");
-        symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia128_wrap, "CamilliaWrap");
-        symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia192_wrap, "CamilliaWrap");
-        symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia256_wrap, "CamilliaWrap");
-        symmetricWrapperAlgNames.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "SEEDWrap");
-    }
-
-    private JcaJceHelper helper;
-
-    OperatorHelper(JcaJceHelper helper)
-    {
-        this.helper = helper;
-    }
-
-    Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm)
-        throws OperatorCreationException
-    {
-        try
-        {
-            String cipherName = (String)asymmetricWrapperAlgNames.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createCipher(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createCipher(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-
-    Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm)
-        throws OperatorCreationException
-    {
-        try
-        {
-            String cipherName = (String)symmetricWrapperAlgNames.get(algorithm);
-
-            if (cipherName != null)
-            {
-                try
-                {
-                    // this is reversed as the Sun policy files now allow unlimited strength RSA
-                    return helper.createCipher(cipherName);
-                }
-                catch (NoSuchAlgorithmException e)
-                {
-                    // Ignore
-                }
-            }
-            return helper.createCipher(algorithm.getId());
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
-        }
-    }
-
-    MessageDigest createDigest(AlgorithmIdentifier digAlgId)
-        throws GeneralSecurityException
-    {
-        MessageDigest dig;
-
-        try
-        {
-            dig = helper.createDigest(getSignatureName(digAlgId));
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            //
-            // try an alternate
-            //
-            if (oids.get(digAlgId.getAlgorithm()) != null)
-            {
-                String  digestAlgorithm = (String)oids.get(digAlgId.getAlgorithm());
-
-                dig = helper.createDigest(digestAlgorithm);
-            }
-            else
-            {
-                throw e;
-            }
-        }
-
-        return dig;
-    }
-
-    Signature createSignature(AlgorithmIdentifier sigAlgId)
-        throws GeneralSecurityException
-    {
-        Signature   sig;
-
-        try
-        {
-            sig = helper.createSignature(getSignatureName(sigAlgId));
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            //
-            // try an alternate
-            //
-            if (oids.get(sigAlgId.getAlgorithm()) != null)
-            {
-                String  signatureAlgorithm = (String)oids.get(sigAlgId.getAlgorithm());
-
-                sig = helper.createSignature(signatureAlgorithm);
-            }
-            else
-            {
-                throw e;
-            }
-        }
-
-        return sig;
-    }
-
-    public Signature createRawSignature(AlgorithmIdentifier algorithm)
-    {
-        Signature   sig;
-
-        try
-        {
-            String algName = getSignatureName(algorithm);
-    
-            algName = "NONE" + algName.substring(algName.indexOf("WITH"));
-
-            sig = helper.createSignature(algName);
-        }
-        catch (Exception e)
-        {
-            return null;
-        }
-
-        return sig;
-    }
-
-    private static String getSignatureName(
-        AlgorithmIdentifier sigAlgId)
-    {
-        DEREncodable params = sigAlgId.getParameters();
-
-        if (params != null && !DERNull.INSTANCE.equals(params))
-        {
-            if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            {
-                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-                return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
-            }
-        }
-
-        if (oids.containsKey(sigAlgId.getAlgorithm()))
-        {
-            return (String)oids.get(sigAlgId.getAlgorithm());
-        }
-
-        return sigAlgId.getAlgorithm().getId();
-    }
-
-    private static String getDigestAlgName(
-        DERObjectIdentifier digestAlgOID)
-    {
-        if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
-        {
-            return "MD5";
-        }
-        else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID))
-        {
-            return "SHA1";
-        }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
-        else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
-        {
-            return "SHA256";
-        }
-        else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID))
-        {
-            return "SHA384";
-        }
-        else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID))
-        {
-            return "SHA512";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
-        else
-        {
-            return digestAlgOID.getId();
-        }
-    }
-
-    public X509Certificate convertCertificate(X509CertificateHolder certHolder)
-        throws CertificateException
-    {
-
-        try
-        {
-            CertificateFactory certFact = helper.createCertificateFactory("X.509");
-
-            return (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new OpCertificateException("cannot get encoded form of certificate: " + e.getMessage(), e);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new OpCertificateException("cannot create certificate factory: " + e.getMessage(), e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e);
-        }
-    }
-
-    // TODO: put somewhere public so cause easily accessed
-    private static class OpCertificateException
-        extends CertificateException
-    {
-        private Throwable cause;
-
-        public OpCertificateException(String msg, Throwable cause)
-        {
-            super(msg);
-
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorUtils.java b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorUtils.java
deleted file mode 100644
index 6c41d960a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/jcajce/OperatorUtils.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.operator.jcajce;
-
-import java.security.Key;
-
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.operator.GenericKey;
-
-class OperatorUtils
-{
-    static Key getJceKey(GenericKey key)
-    {
-        if (key.getRepresentation() instanceof Key)
-        {
-            return (Key)key.getRepresentation();
-        }
-
-        if (key.getRepresentation() instanceof byte[])
-        {
-            return new SecretKeySpec((byte[])key.getRepresentation(), "ENC");
-        }
-
-        throw new IllegalArgumentException("unknown generic key type");
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/operator/package.html
deleted file mode 100644
index b64343adc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/operator/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Basic operators for doing encryption, signing, and digest operations.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoBuilder.java
deleted file mode 100644
index 3f574f47b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoBuilder.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.bouncycastle.pkcs;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.operator.OutputEncryptor;
-
-/**
- * A class for creating EncryptedPrivateKeyInfo structures.
- * 
    - * EncryptedPrivateKeyInfo ::= SEQUENCE {
- *      encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
- *      encryptedData EncryptedData
- * }
- *
- * EncryptedData ::= OCTET STRING
- *
- * KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
- *          ... -- For local profiles
- * }
- * 
    
- */
-public class EncryptedPrivateKeyInfoBuilder
-{
-    private PrivateKeyInfo privateKeyInfo;
-
-    public EncryptedPrivateKeyInfoBuilder(PrivateKeyInfo privateKeyInfo)
-    {
-        this.privateKeyInfo = privateKeyInfo;
-    }
-
-    public EncryptedPrivateKeyInfoHolder build(
-        OutputEncryptor encryptor)
-    {
-        try
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            OutputStream cOut = encryptor.getOutputStream(bOut);
-
-            cOut.write(privateKeyInfo.getEncoded());
-
-            cOut.close();
-
-            return new EncryptedPrivateKeyInfoHolder(new EncryptedPrivateKeyInfo(encryptor.getAlgorithmIdentifier(), bOut.toByteArray()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("cannot encode privateKeyInfo");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoHolder.java
deleted file mode 100644
index 6fdf01bb3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/EncryptedPrivateKeyInfoHolder.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.pkcs;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
-
-/**
- * Holding class for a PKCS#8 EncryptedPrivateKeyInfo structure.
- */
-public class EncryptedPrivateKeyInfoHolder
-{
-    private EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
-
-    public EncryptedPrivateKeyInfoHolder(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo)
-    {
-        this.encryptedPrivateKeyInfo = encryptedPrivateKeyInfo;
-    }
-
-    public EncryptedPrivateKeyInfo toASN1Structure()
-    {
-         return encryptedPrivateKeyInfo;
-    }
-
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return encryptedPrivateKeyInfo.getEncoded();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java
deleted file mode 100644
index 0b056b315..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java
+++ /dev/null
@@ -1,133 +0,0 @@
-package org.bouncycastle.pkcs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.pkcs.Attribute;
-import org.bouncycastle.asn1.pkcs.CertificationRequest;
-import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.ContentSigner;
-
-/**
- * A class for creating PKCS#10 Certification requests.
- * 
    - * CertificationRequest ::= SEQUENCE {
- *   certificationRequestInfo  CertificationRequestInfo,
- *   signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
- *   signature                 BIT STRING
- * }
- *
- * CertificationRequestInfo ::= SEQUENCE {
- *   version             INTEGER { v1(0) } (v1,...),
- *   subject             Name,
- *   subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- *   attributes          [0] Attributes{{ CRIAttributes }}
- *  }
- *
- *  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
- *
- *  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
- *    type    ATTRIBUTE.&id({IOSet}),
- *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- *  }
- * 
    
- */
-public class PKCS10CertificationRequestBuilder
-{
-    private SubjectPublicKeyInfo publicKeyInfo;
-    private X500Name subject;
-    private List attributes = new ArrayList();
-
-    /**
-     * Basic constructor.
-     *
-     * @param subject the X.500 Name defining the certificate subject this request is for.
-     * @param publicKeyInfo the info structure for the public key to be associated with this subject.
-     */
-    public PKCS10CertificationRequestBuilder(X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
-    {
-        this.subject = subject;
-        this.publicKeyInfo = publicKeyInfo;
-    }
-
-    /**
-     * Add an attribute to the certification request we are building.
-     *
-     * @param attrType the OID giving the type of the attribute.
-     * @param attrValue the ASN.1 structure that forms the value of the attribute.
-     * @return this builder object.
-     */
-    public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue)
-    {
-        attributes.add(new Attribute(attrType, new DERSet(attrValue)));
-
-        return this;
-    }
-
-    /**
-     * Add an attribute with multiple values to the certification request we are building.
-     *
-     * @param attrType the OID giving the type of the attribute.
-     * @param attrValues an array of ASN.1 structures that form the value of the attribute.
-     * @return this builder object.
-     */
-    public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable[] attrValues)
-    {
-        attributes.add(new Attribute(attrType, new DERSet(attrValues)));
-
-        return this;
-    }
-
-    /**
-     * Generate an PKCS#10 request based on the past in signer.
-     *
-     * @param signer the content signer to be used to generate the signature validating the certificate.
-     * @return a holder containing the resulting PKCS#10 certification request.
-     */
-    public PKCS10CertificationRequestHolder build(
-        ContentSigner signer)
-    {
-        CertificationRequestInfo info;
-
-        if (attributes.isEmpty())
-        {
-            info = new CertificationRequestInfo(subject, publicKeyInfo, null);
-        }
-        else
-        {
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            for (Iterator it = attributes.iterator(); it.hasNext();)
-            {
-                v.add(Attribute.getInstance(it.next()));
-            }
-
-            info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet(v));
-        }
-
-        try
-        {
-            OutputStream sOut = signer.getOutputStream();
-
-            sOut.write(info.getDEREncoded());
-
-            sOut.close();
-
-            return new PKCS10CertificationRequestHolder(new CertificationRequest(info, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature())));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("cannot produce certification request signature");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestHolder.java
deleted file mode 100644
index 9dfe89256..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestHolder.java
+++ /dev/null
@@ -1,235 +0,0 @@
-package org.bouncycastle.pkcs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.pkcs.Attribute;
-import org.bouncycastle.asn1.pkcs.CertificationRequest;
-import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.operator.ContentVerifier;
-import org.bouncycastle.operator.ContentVerifierProvider;
-
-/**
- * Holding class for a PKCS#10 certification request.
- */
-public class PKCS10CertificationRequestHolder
-{
-    private static Attribute[] EMPTY_ARRAY = new Attribute[0];
-
-    private CertificationRequest certificationRequest;
-
-    private static CertificationRequest parseBytes(byte[] encoding)
-        throws IOException
-    {
-        try
-        {
-            return CertificationRequest.getInstance(ASN1Object.fromByteArray(encoding));
-        }
-        catch (ClassCastException e)
-        {
-            throw new PKCSIOException("malformed data: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new PKCSIOException("malformed data: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure.
-     *
-     * @param certificationRequest the underlying ASN.1 structure representing a request.
-     */
-    public PKCS10CertificationRequestHolder(CertificationRequest certificationRequest)
-    {
-         this.certificationRequest = certificationRequest;
-    }
-
-    /**
-     * Create a PKCS10CertificationRequestHolder from the passed in bytes.
-     *
-     * @param encoded BER/DER encoding of the CertificationRequest structure.
-     * @throws IOException in the event of corrupted data, or an incorrect structure.
-     */
-    public PKCS10CertificationRequestHolder(byte[] encoded)
-        throws IOException
-    {
-        this(parseBytes(encoded));
-    }
-
-    /**
-     * Return the underlying ASN.1 structure for this request.
-     *
-     * @return a CertificateRequest object.
-     */
-    public CertificationRequest toASN1Structure()
-    {
-         return certificationRequest;
-    }
-
-    /**
-     * Return the subject on this request.
-     *
-     * @return the X500Name representing the request's subject.
-     */
-    public X500Name getSubject()
-    {
-        return X500Name.getInstance(certificationRequest.getCertificationRequestInfo().getSubject());
-    }
-
-    /**
-     * Return the details of the signature algorithm used to create this request.
-     *
-     * @return the AlgorithmIdentifier describing the signature algorithm used to create this request.
-     */
-    public AlgorithmIdentifier getSignatureAlgorithm()
-    {
-        return certificationRequest.getSignatureAlgorithm();
-    }
-
-    /**
-     * Return the bytes making up the signature associated with this request.
-     *
-     * @return the request signature bytes.
-     */
-    public byte[] getSignature()
-    {
-        return certificationRequest.getSignature().getBytes();
-    }
-
-    /**
-     * Return the SubjectPublicKeyInfo describing the public key this request is carrying.
-     *
-     * @return the public key ASN.1 structure contained in the request.
-     */
-    public SubjectPublicKeyInfo getSubjectPublicKeyInfo()
-    {
-        return certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo();
-    }
-
-    /**
-     * Return the attributes, if any associated with this request.
-     *
-     * @return an array of Attribute, zero length if none present.
-     */
-    public Attribute[] getAttributes()
-    {
-        ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
-
-        if (attrSet == null)
-        {
-            return EMPTY_ARRAY;
-        }
-
-        Attribute[] attrs = new Attribute[attrSet.size()];
-
-        for (int i = 0; i != attrSet.size(); i++)
-        {
-            attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i));
-        }
-
-        return attrs;
-    }
-
-    /**
-     * Return an  array of attributes matching the passed in type OID.
-     *
-     * @param type the type of the attribute being looked for.
-     * @return an array of Attribute of the requested type, zero length if none present.
-     */
-    public Attribute[] getAttributes(ASN1ObjectIdentifier type)
-    {
-        ASN1Set    attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
-
-        if (attrSet == null)
-        {
-            return EMPTY_ARRAY;
-        }
-        
-        List list = new ArrayList();
-
-        for (int i = 0; i != attrSet.size(); i++)
-        {
-            Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i));
-            if (attr.getAttrType().equals(type))
-            {
-                list.add(attr);
-            }
-        }
-
-        if (list.size() == 0)
-        {
-            return EMPTY_ARRAY;
-        }
-
-        return (Attribute[])list.toArray(new Attribute[list.size()]);
-    }
-
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return certificationRequest.getEncoded();
-    }
-
-    /**
-     * Validate the signature on the PKCS10 certification request in this holder.
-     *
-     * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
-     * @return true if the signature is valid, false otherwise.
-     * @throws PKCSException if the signature cannot be processed or is inappropriate.
-     */
-    public boolean isSignatureValid(ContentVerifierProvider verifierProvider)
-        throws PKCSException
-    {
-        CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo();
-
-        ContentVerifier verifier;
-
-        try
-        {
-            verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm());
-
-            OutputStream sOut = verifier.getOutputStream();
-
-            sOut.write(requestInfo.getDEREncoded());
-
-            sOut.close();
-        }
-        catch (Exception e)
-        {
-            throw new PKCSException("unable to process signature: " + e.getMessage(), e);
-        }
-
-        return verifier.verify(certificationRequest.getSignature().getBytes());
-    }
-
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof PKCS10CertificationRequestHolder))
-        {
-            return false;
-        }
-
-        PKCS10CertificationRequestHolder other = (PKCS10CertificationRequestHolder)o;
-
-        return this.toASN1Structure().equals(other.toASN1Structure());
-    }
-
-    public int hashCode()
-    {
-        return this.toASN1Structure().hashCode();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSException.java
deleted file mode 100644
index 8ee6f6fca..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSException.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.bouncycastle.pkcs;
-
-/**
- * General checked Exception thrown in the cert package and its sub-packages.
- */
-public class PKCSException
-    extends Exception
-{
-    private Throwable cause;
-
-    public PKCSException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public PKCSException(String msg)
-    {
-        super(msg);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java
deleted file mode 100644
index c34f739a8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.bouncycastle.pkcs;
-
-import java.io.IOException;
-
-/**
- * General IOException thrown in the cert package and its sub-packages.
- */
-public class PKCSIOException
-    extends IOException
-{
-    private Throwable cause;
-
-    public PKCSIOException(String msg, Throwable cause)
-    {
-        super(msg);
-
-        this.cause = cause;
-    }
-
-    public PKCSIOException(String msg)
-    {
-        super(msg);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java
deleted file mode 100644
index 5466e5f7f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.bouncycastle.pkcs.jcajce;
-
-import java.security.PublicKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
-
-/**
- * Extension of the PKCS#10 builder to support PublicKey and X500Principal objects.
- */
-public class JcaPKCS10CertificationRequestBuilder
-    extends PKCS10CertificationRequestBuilder
-{
-    /**
-     * Create a PKCS#10 builder for the passed in subject and JCA public key.
-     *
-     * @param subject an X500Name containing the subject associated with the request we are building.
-     * @param publicKey a JCA public key that is to be associated with the request we are building.
-     */
-    public JcaPKCS10CertificationRequestBuilder(X500Name subject, PublicKey publicKey)
-    {
-        super(subject, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-    }
-
-    /**
-     * Create a PKCS#10 builder for the passed in subject and JCA public key.
-     *
-     * @param subject an X500Principal containing the subject associated with the request we are building.
-     * @param publicKey a JCA public key that is to be associated with the request we are building.
-     */
-    public JcaPKCS10CertificationRequestBuilder(X500Principal subject, PublicKey publicKey)
-    {
-        super(X500Name.getInstance(subject.getEncoded()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestHolder.java
deleted file mode 100644
index f06ecaa35..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestHolder.java
+++ /dev/null
@@ -1,115 +0,0 @@
-package org.bouncycastle.pkcs.jcajce;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.Hashtable;
-
-import org.bouncycastle.asn1.pkcs.CertificationRequest;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jcajce.DefaultJcaJceHelper;
-import org.bouncycastle.jcajce.JcaJceHelper;
-import org.bouncycastle.jcajce.NamedJcaJceHelper;
-import org.bouncycastle.jcajce.ProviderJcaJceHelper;
-import org.bouncycastle.pkcs.PKCS10CertificationRequestHolder;
-
-public class JcaPKCS10CertificationRequestHolder
-    extends PKCS10CertificationRequestHolder
-{
-    private static Hashtable keyAlgorithms = new Hashtable();
-
-    static
-    {
-        //
-        // key types
-        //
-        keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
-        keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA");
-    }
-
-    private JcaJceHelper helper = new DefaultJcaJceHelper();
-
-    public JcaPKCS10CertificationRequestHolder(CertificationRequest certificationRequest)
-    {
-        super(certificationRequest);
-    }
-
-    public JcaPKCS10CertificationRequestHolder(byte[] encoding)
-        throws IOException
-    {
-        super(encoding);
-    }
-
-    public JcaPKCS10CertificationRequestHolder(PKCS10CertificationRequestHolder requestHolder)
-    {
-        super(requestHolder.toASN1Structure());
-    }
-
-    public JcaPKCS10CertificationRequestHolder setProvider(String providerName)
-    {
-        helper = new NamedJcaJceHelper(providerName);
-
-        return this;
-    }
-
-    public JcaPKCS10CertificationRequestHolder setProvider(Provider provider)
-    {
-        helper = new ProviderJcaJceHelper(provider);
-
-        return this;
-    }
-
-    public PublicKey getPublicKey()
-        throws InvalidKeyException, NoSuchAlgorithmException
-    {
-        try
-        {
-            SubjectPublicKeyInfo keyInfo = this.getSubjectPublicKeyInfo();
-            X509EncodedKeySpec xspec = new X509EncodedKeySpec(keyInfo.getEncoded());
-            KeyFactory kFact;
-
-            try
-            {
-                kFact = helper.createKeyFactory(keyInfo.getAlgorithmId().getAlgorithm().getId());
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                //
-                // try an alternate
-                //
-                if (keyAlgorithms.get(keyInfo.getAlgorithmId().getAlgorithm()) != null)
-                {
-                    String  keyAlgorithm = (String)keyAlgorithms.get(keyInfo.getAlgorithmId().getAlgorithm());
-
-                    kFact = helper.createKeyFactory(keyAlgorithm);
-                }
-                else
-                {
-                    throw e;
-                }
-            }
-
-            return kFact.generatePublic(xspec);
-        }
-        catch (InvalidKeySpecException e)
-        {
-            throw new InvalidKeyException("error decoding public key");
-        }
-        catch (IOException e)
-        {
-            throw new InvalidKeyException("error extracting key encoding");
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new NoSuchAlgorithmException("cannot find provider: " + e.getMessage());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/package.html
deleted file mode 100644
index 9b10dc42f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/jcajce/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-JCA extensions to the PKCS#10 certification request package.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/package.html
deleted file mode 100644
index b7b86c3a1..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/pkcs/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
-Basic support package for handling and creating PKCS#10 certification requests and other PKCS objects.
-
-
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java
deleted file mode 100644
index 9454af1f9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/GenTimeAccuracy.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.text.DecimalFormat;
-
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.tsp.Accuracy;
-
-public class GenTimeAccuracy
-{
-    private Accuracy accuracy;
-
-    public GenTimeAccuracy(Accuracy accuracy)
-    {
-        this.accuracy = accuracy;
-    }
-    
-    public int getSeconds()
-    {
-        return getTimeComponent(accuracy.getSeconds());
-    }
-
-    public int getMillis()
-    {
-        return getTimeComponent(accuracy.getMillis());
-    }
-
-    public int getMicros()
-    {
-        return getTimeComponent(accuracy.getMicros());
-    }
-
-    private int getTimeComponent(
-        DERInteger time)
-    {
-        if (time != null)
-        {
-            return time.getValue().intValue();
-        }
-
-        return 0;
-    }
-    
-    public String toString()
-    {
-        DecimalFormat formatter = new DecimalFormat("000"); // three integer
-                                                            // digits
-        return getSeconds() + "." + formatter.format(getMillis()) + formatter.format(getMicros());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java
deleted file mode 100644
index 7d95ff94d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPAlgorithms.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-
-/**
- * Recognised hash algorithms for the time stamp protocol.
- */
-public interface TSPAlgorithms
-{
-    public static final String MD5 = PKCSObjectIdentifiers.md5.getId();
-
-    public static final String SHA1 = OIWObjectIdentifiers.idSHA1.getId();
-    
-    public static final String SHA224 = NISTObjectIdentifiers.id_sha224.getId();
-    public static final String SHA256 = NISTObjectIdentifiers.id_sha256.getId();
-    public static final String SHA384 = NISTObjectIdentifiers.id_sha384.getId();
-    public static final String SHA512 = NISTObjectIdentifiers.id_sha512.getId();
-
-    public static final String RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
-    public static final String RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
-    public static final String RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-    
-    public static final String GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
-    
-    public static final Set    ALLOWED = new HashSet(Arrays.asList(new String[] { GOST3411, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, RIPEMD128, RIPEMD160, RIPEMD256 }));
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPException.java
deleted file mode 100644
index 0ebc51c96..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPException.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.tsp;
-
-public class TSPException
-    extends Exception
-{
-    Exception underlyingException;
-
-    public TSPException(String message)
-    {
-        super(message);
-    }
-
-    public TSPException(String message, Exception e)
-    {
-        super(message);
-        underlyingException = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return underlyingException;
-    }
-
-    public Throwable getCause()
-    {
-        return underlyingException;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPUtil.java
deleted file mode 100644
index 4ee780ad4..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPUtil.java
+++ /dev/null
@@ -1,365 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.Arrays;
-
-public class TSPUtil
-{
-    private static Set EMPTY_SET = Collections.unmodifiableSet(new HashSet());
-    private static List EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
-
-    private static final Map digestLengths = new HashMap();
-    private static final Map digestNames = new HashMap();
-
-    static
-    {
-        digestLengths.put(PKCSObjectIdentifiers.md5.getId(), new Integer(16));
-        digestLengths.put(OIWObjectIdentifiers.idSHA1.getId(), new Integer(20));
-        digestLengths.put(NISTObjectIdentifiers.id_sha224.getId(), new Integer(28));
-        digestLengths.put(NISTObjectIdentifiers.id_sha256.getId(), new Integer(32));
-        digestLengths.put(NISTObjectIdentifiers.id_sha384.getId(), new Integer(48));
-        digestLengths.put(NISTObjectIdentifiers.id_sha512.getId(), new Integer(64));
-        digestLengths.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), new Integer(16));
-        digestLengths.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), new Integer(20));
-        digestLengths.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), new Integer(32));
-        digestLengths.put(CryptoProObjectIdentifiers.gostR3411.getId(), new Integer(32));
-
-        digestNames.put(PKCSObjectIdentifiers.md5.getId(), "MD5");
-        digestNames.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
-        digestNames.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224");
-        digestNames.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256");
-        digestNames.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384");
-        digestNames.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512");
-        digestNames.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1");
-        digestNames.put(PKCSObjectIdentifiers.sha224WithRSAEncryption.getId(), "SHA224");
-        digestNames.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256");
-        digestNames.put(PKCSObjectIdentifiers.sha384WithRSAEncryption.getId(), "SHA384");
-        digestNames.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512");
-        digestNames.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
-        digestNames.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
-        digestNames.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
-        digestNames.put(CryptoProObjectIdentifiers.gostR3411.getId(), "GOST3411");
-    }
-
-    /**
-     * Fetches the signature time-stamp attributes from a SignerInformation object.
-     * Checks that the MessageImprint for each time-stamp matches the signature field.
-     * (see RFC 3161 Appendix A).
-     * 
-     * @param signerInfo a SignerInformation to search for time-stamps
-     * @param provider an optional provider to use to create MessageDigest instances
-     * @return a collection of TimeStampToken objects
-     * @throws TSPValidationException
-     * @deprecated use getSignatureTimestamps(SignerInformation, DigestCalculatorProvider)
-     */
-    public static Collection getSignatureTimestamps(SignerInformation signerInfo, Provider provider)
-        throws TSPValidationException
-    {
-        List timestamps = new ArrayList();
-
-        AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
-        if (unsignedAttrs != null)
-        {
-            ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(
-                PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
-            for (int i = 0; i < allTSAttrs.size(); ++i)
-            {
-                Attribute tsAttr = (Attribute)allTSAttrs.get(i);            
-                ASN1Set tsAttrValues = tsAttr.getAttrValues();
-                for (int j = 0; j < tsAttrValues.size(); ++j)
-                {
-                    try
-                    {
-                        ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j).getDERObject());
-                        TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
-                        TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
-
-                        MessageDigest digest = createDigestInstance(tstInfo.getMessageImprintAlgOID(), provider);
-                        byte[] expectedDigest = digest.digest(signerInfo.getSignature());
-
-                        if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest()))
-                        {
-                            throw new TSPValidationException("Incorrect digest in message imprint");
-                        }
-
-                        timestamps.add(timeStampToken);
-                    }
-                    catch (NoSuchAlgorithmException e)
-                    {
-                        throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
-                    }
-                    catch (Exception e)
-                    {
-                        throw new TSPValidationException("Timestamp could not be parsed");
-                    }
-                }
-            }
-        }
-
-        return timestamps;
-    }
-
-     /**
-     * Fetches the signature time-stamp attributes from a SignerInformation object.
-     * Checks that the MessageImprint for each time-stamp matches the signature field.
-     * (see RFC 3161 Appendix A).
-     *
-     * @param signerInfo a SignerInformation to search for time-stamps
-     * @param digCalcProvider provider for digest calculators
-     * @return a collection of TimeStampToken objects
-     * @throws TSPValidationException
-     */
-    public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider)
-        throws TSPValidationException
-    {
-        List timestamps = new ArrayList();
-
-        AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
-        if (unsignedAttrs != null)
-        {
-            ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(
-                PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
-            for (int i = 0; i < allTSAttrs.size(); ++i)
-            {
-                Attribute tsAttr = (Attribute)allTSAttrs.get(i);
-                ASN1Set tsAttrValues = tsAttr.getAttrValues();
-                for (int j = 0; j < tsAttrValues.size(); ++j)
-                {
-                    try
-                    {
-                        ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j).getDERObject());
-                        TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
-                        TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
-
-                        DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
-
-                        OutputStream dOut = digCalc.getOutputStream();
-
-                        dOut.write(signerInfo.getSignature());
-                        dOut.close();
-
-                        byte[] expectedDigest = digCalc.getDigest();
-
-                        if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest()))
-                        {
-                            throw new TSPValidationException("Incorrect digest in message imprint");
-                        }
-
-                        timestamps.add(timeStampToken);
-                    }
-                    catch (OperatorCreationException e)
-                    {
-                        throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
-                    }
-                    catch (Exception e)
-                    {
-                        throw new TSPValidationException("Timestamp could not be parsed");
-                    }
-                }
-            }
-        }
-
-        return timestamps;
-    }
-
-    /**
-     * Validate the passed in certificate as being of the correct type to be used
-     * for time stamping. To be valid it must have an ExtendedKeyUsage extension
-     * which has a key purpose identifier of id-kp-timeStamping.
-     * 
-     * @param cert the certificate of interest.
-     * @throws TSPValidationException if the certicate fails on one of the check points.
-     */
-    public static void validateCertificate(
-        X509Certificate cert)
-        throws TSPValidationException
-    {
-        if (cert.getVersion() != 3)
-        {
-            throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
-        }
-        
-        byte[]  ext = cert.getExtensionValue(X509Extensions.ExtendedKeyUsage.getId());
-        if (ext == null)
-        {
-            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
-        }
-        
-        if (!cert.getCriticalExtensionOIDs().contains(X509Extensions.ExtendedKeyUsage.getId()))
-        {
-            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
-        }
-
-        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(ext));
-
-        try
-        {
-            aIn = new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString)aIn.readObject()).getOctets()));
-            
-            ExtendedKeyUsage    extKey = ExtendedKeyUsage.getInstance(aIn.readObject());
-            
-            if (!extKey.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) || extKey.size() != 1)
-            {
-                throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
-            }
-        }
-        catch (IOException e)
-        {
-            throw new TSPValidationException("cannot process ExtendedKeyUsage extension");
-        }
-    }
-
-    /**
-     * Validate the passed in certificate as being of the correct type to be used
-     * for time stamping. To be valid it must have an ExtendedKeyUsage extension
-     * which has a key purpose identifier of id-kp-timeStamping.
-     *
-     * @param cert the certificate of interest.
-     * @throws TSPValidationException if the certicate fails on one of the check points.
-     */
-    public static void validateCertificate(
-        X509CertificateHolder cert)
-        throws TSPValidationException
-    {
-        if (cert.toASN1Structure().getVersion() != 3)
-        {
-            throw new IllegalArgumentException("Certificate must have an ExtendedKeyUsage extension.");
-        }
-
-        X509Extension  ext = cert.getExtension(X509Extension.extendedKeyUsage);
-        if (ext == null)
-        {
-            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension.");
-        }
-
-        if (!ext.isCritical())
-        {
-            throw new TSPValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical.");
-        }
-
-        ExtendedKeyUsage    extKey = ExtendedKeyUsage.getInstance(X509Extension.convertValueToObject(ext));
-
-        if (!extKey.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping) || extKey.size() != 1)
-        {
-            throw new TSPValidationException("ExtendedKeyUsage not solely time stamping.");
-        }
-    }
-
-    /*
-     * Return the digest algorithm using one of the standard JCA string
-     * representations rather than the algorithm identifier (if possible).
-     */
-    static String getDigestAlgName(
-        String digestAlgOID)
-    {
-        String digestName = (String)digestNames.get(digestAlgOID);
-
-        if (digestName != null)
-        {
-            return digestName;
-        }
-
-        return digestAlgOID;
-    }
-
-    static int getDigestLength(
-        String digestAlgOID)
-        throws TSPException
-    {
-        Integer length = (Integer)digestLengths.get(digestAlgOID);
-
-        if (length != null)
-        {
-            return length.intValue();
-        }
-
-        throw new TSPException("digest algorithm cannot be found.");
-    }
-
-    static MessageDigest createDigestInstance(String digestAlgOID, Provider provider)
-        throws NoSuchAlgorithmException
-    {
-        String digestName = TSPUtil.getDigestAlgName(digestAlgOID);
-
-        if (provider != null)
-        {
-            try
-            {
-                return MessageDigest.getInstance(digestName, provider);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // Ignore
-            }
-        }
-
-        return MessageDigest.getInstance(digestName);
-    }
-
-        static Set getCriticalExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_SET;
-        }
-
-        return Collections.unmodifiableSet(new HashSet(java.util.Arrays.asList(extensions.getCriticalExtensionOIDs())));
-    }
-
-    static Set getNonCriticalExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_SET;
-        }
-
-        // TODO: should probably produce a set that imposes correct ordering
-        return Collections.unmodifiableSet(new HashSet(java.util.Arrays.asList(extensions.getNonCriticalExtensionOIDs())));
-    }
-
-    static List getExtensionOIDs(X509Extensions extensions)
-    {
-        if (extensions == null)
-        {
-            return EMPTY_LIST;
-        }
-
-        return Collections.unmodifiableList(java.util.Arrays.asList(extensions.getExtensionOIDs()));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPValidationException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPValidationException.java
deleted file mode 100644
index 552b302ec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TSPValidationException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.bouncycastle.tsp;
-
-/**
- * Exception thrown if a TSP request or response fails to validate.
- * 
    
- * If a failure code is associated with the exception it can be retrieved using
- * the getFailureCode() method.
- */
-public class TSPValidationException
-    extends TSPException
-{
-    private int failureCode = -1;
-    
-    public TSPValidationException(String message)
-    {
-        super(message);
-    }
-
-    public TSPValidationException(String message, int failureCode)
-    {
-        super(message);
-        this.failureCode = failureCode;
-    }
-    
-    /**
-     * Return the failure code associated with this exception - if one is set.
-     * 
-     * @return the failure code if set, -1 otherwise.
-     */
-    public int getFailureCode()
-    {
-        return failureCode;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java
deleted file mode 100644
index 6527c3d8b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequest.java
+++ /dev/null
@@ -1,308 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.NoSuchProviderException;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cmp.PKIFailureInfo;
-import org.bouncycastle.asn1.tsp.TimeStampReq;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * Base class for an RFC 3161 Time Stamp Request.
- */
-public class TimeStampRequest
-    implements java.security.cert.X509Extension
-{
-    private TimeStampReq req;
-    private X509Extensions extensions;
-
-    public TimeStampRequest(TimeStampReq req)
-    {
-        this.req = req;
-        this.extensions = req.getExtensions();
-    }
-
-    /**
-     * Create a TimeStampRequest from the past in byte array.
-     * 
-     * @param req byte array containing the request.
-     * @throws IOException if the request is malformed.
-     */
-    public TimeStampRequest(byte[] req) 
-        throws IOException
-    {
-        this(new ByteArrayInputStream(req));
-    }
-
-    /**
-     * Create a TimeStampRequest from the past in input stream.
-     * 
-     * @param in input stream containing the request.
-     * @throws IOException if the request is malformed.
-     */
-    public TimeStampRequest(InputStream in) 
-        throws IOException
-    {
-        try
-        {
-            this.req = TimeStampReq.getInstance(new ASN1InputStream(in).readObject());
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("malformed request: " + e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("malformed request: " + e);
-        }
-    }
-
-    public int getVersion()
-    {
-        return req.getVersion().getValue().intValue();
-    }
-
-    public String getMessageImprintAlgOID()
-    {
-        return req.getMessageImprint().getHashAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getMessageImprintDigest()
-    {
-        return req.getMessageImprint().getHashedMessage();
-    }
-
-    public String getReqPolicy()
-    {
-        if (req.getReqPolicy() != null)
-        {
-            return req.getReqPolicy().getId();
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-    public BigInteger getNonce()
-    {
-        if (req.getNonce() != null)
-        {
-            return req.getNonce().getValue();
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-    public boolean getCertReq()
-    {
-        if (req.getCertReq() != null)
-        {
-            return req.getCertReq().isTrue();
-        }
-        else
-        {
-            return false;
-        }
-    }
-
-    /**
-     * Validate the timestamp request, checking the digest to see if it is of an
-     * accepted type and whether it is of the correct length for the algorithm specified.
-     * 
-     * @param algorithms a set of String OIDS giving accepted algorithms.
-     * @param policies if non-null a set of policies we are willing to sign under.
-     * @param extensions if non-null a set of extensions we are willing to accept.
-     * @param provider the provider to confirm the digest size against.
-     * @throws TSPException if the request is invalid, or processing fails.
-     */
-    public void validate(
-        Set     algorithms,
-        Set     policies,
-        Set     extensions,
-        String  provider)
-        throws TSPException, NoSuchProviderException
-    {
-        if (!algorithms.contains(this.getMessageImprintAlgOID()))
-        {
-            throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg);
-        }
-        
-        if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy()))
-        {
-            throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy);
-        }
-        
-        if (this.getExtensions() != null && extensions != null)
-        {
-            Enumeration en = this.getExtensions().oids();
-            while(en.hasMoreElements())
-            {
-                String  oid = ((DERObjectIdentifier)en.nextElement()).getId();
-                if (!extensions.contains(oid))
-                {
-                    throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension);
-                }
-            }
-        }
-        
-        int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID());
-        
-        if (digestLength != this.getMessageImprintDigest().length)
-        {
-            throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat);
-        }
-    }
-
-    public void validate(
-        Set     algorithms,
-        Set     policies,
-        Set     extensions)
-        throws TSPException
-    {
-        if (!algorithms.contains(this.getMessageImprintAlgOID()))
-        {
-            throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg);
-        }
-
-        if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy()))
-        {
-            throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy);
-        }
-
-        if (this.getExtensions() != null && extensions != null)
-        {
-            Enumeration en = this.getExtensions().oids();
-            while(en.hasMoreElements())
-            {
-                String  oid = ((DERObjectIdentifier)en.nextElement()).getId();
-                if (!extensions.contains(oid))
-                {
-                    throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension);
-                }
-            }
-        }
-
-        int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID());
-
-        if (digestLength != this.getMessageImprintDigest().length)
-        {
-            throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat);
-        }
-    }
-
-   /**
-    * return the ASN.1 encoded representation of this object.
-    */
-    public byte[] getEncoded() throws IOException
-    {
-        return req.getEncoded();
-    }
-
-    X509Extensions getExtensions()
-    {
-        return extensions;
-    }
-
-    public boolean hasExtensions()
-    {
-        return extensions != null;
-    }
-
-    public X509Extension getExtension(ASN1ObjectIdentifier oid)
-    {
-        if (extensions != null)
-        {
-            return extensions.getExtension(oid);
-        }
-
-        return null;
-    }
-
-    public List getExtensionOIDs()
-    {
-        return TSPUtil.getExtensionOIDs(extensions);
-    }
-
-    /* (non-Javadoc)
-     * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
-     */
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = req.getExtensions();
-
-        if (exts != null)
-        {
-            org.bouncycastle.asn1.x509.X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded();
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-    
-    private Set getExtensionOIDS(
-        boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = req.getExtensions();
-
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier                      oid = (DERObjectIdentifier)e.nextElement();
-                org.bouncycastle.asn1.x509.X509Extension ext = extensions.getExtension(oid);
-
-                if (ext.isCritical() == critical)
-                {
-                    set.add(oid.getId());
-                }
-            }
-
-            return set;
-        }
-
-        return null;
-    }
-
-    public Set getNonCriticalExtensionOIDs() 
-    {
-        return getExtensionOIDS(false);
-    }
-    
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDS(true);
-    }
-    
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        return false;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java
deleted file mode 100644
index a2b46ed66..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampRequestGenerator.java
+++ /dev/null
@@ -1,151 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.tsp.MessageImprint;
-import org.bouncycastle.asn1.tsp.TimeStampReq;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * Generator for RFC 3161 Time Stamp Request objects.
- */
-public class TimeStampRequestGenerator
-{
-    private DERObjectIdentifier reqPolicy;
-
-    private DERBoolean certReq;
-    
-    private Hashtable   extensions = new Hashtable();
-    private Vector      extOrdering = new Vector();
-
-    public TimeStampRequestGenerator()
-    {
-    }
-
-    public void setReqPolicy(
-        String reqPolicy)
-    {
-        this.reqPolicy= new DERObjectIdentifier(reqPolicy);
-    }
-
-    public void setCertReq(
-        boolean certReq)
-    {
-        this.certReq = new DERBoolean(certReq);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     * @throws IOException
-     * @deprecated use method taking ASN1ObjectIdentifier
-     */
-    public void addExtension(
-        String          OID,
-        boolean         critical,
-        ASN1Encodable   value)
-        throws IOException
-    {
-        this.addExtension(OID, critical, value.getEncoded());
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag
-     * The value parameter becomes the contents of the octet string associated
-     * with the extension.
-     * @deprecated use method taking ASN1ObjectIdentifier
-     */
-    public void addExtension(
-        String          OID,
-        boolean         critical,
-        byte[]          value)
-    {
-        DERObjectIdentifier oid = new DERObjectIdentifier(OID);
-        extensions.put(oid, new X509Extension(critical, new DEROctetString(value)));
-        extOrdering.addElement(oid);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     * @throws IOException
-     */
-    public void addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean              critical,
-        ASN1Encodable        value)
-        throws IOException
-    {
-        this.addExtension(oid, critical, value.getEncoded());
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag
-     * The value parameter becomes the contents of the octet string associated
-     * with the extension.
-     */
-    public void addExtension(
-        ASN1ObjectIdentifier oid,
-        boolean              critical,
-        byte[]               value)
-    {
-        extensions.put(oid, new X509Extension(critical, new DEROctetString(value)));
-        extOrdering.addElement(oid);
-    }
-
-    public TimeStampRequest generate(
-        String digestAlgorithm,
-        byte[] digest)
-    {
-        return this.generate(digestAlgorithm, digest, null);
-    }
-
-    public TimeStampRequest generate(
-        String      digestAlgorithmOID,
-        byte[]      digest,
-        BigInteger  nonce)
-    {
-        if (digestAlgorithmOID == null)
-        {
-            throw new IllegalArgumentException("No digest algorithm specified");
-        }
-
-        DERObjectIdentifier digestAlgOID = new DERObjectIdentifier(digestAlgorithmOID);
-
-        AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, new DERNull());
-        MessageImprint messageImprint = new MessageImprint(algID, digest);
-
-        X509Extensions  ext = null;
-        
-        if (extOrdering.size() != 0)
-        {
-            ext = new X509Extensions(extOrdering, extensions);
-        }
-        
-        if (nonce != null)
-        {
-            return new TimeStampRequest(new TimeStampReq(messageImprint,
-                    reqPolicy, new DERInteger(nonce), certReq, ext));
-        }
-        else
-        {
-            return new TimeStampRequest(new TimeStampReq(messageImprint,
-                    reqPolicy, null, certReq, ext));
-        }
-    }
-
-    public TimeStampRequest generate(ASN1ObjectIdentifier digestAlgorithm, byte[] digest, BigInteger nonce)
-    {
-        return generate(digestAlgorithm.getId(), digest, nonce);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java
deleted file mode 100644
index e36d02a31..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponse.java
+++ /dev/null
@@ -1,186 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.cmp.PKIFailureInfo;
-import org.bouncycastle.asn1.cmp.PKIFreeText;
-import org.bouncycastle.asn1.cmp.PKIStatus;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.tsp.TimeStampResp;
-import org.bouncycastle.util.Arrays;
-
-/**
- * Base class for an RFC 3161 Time Stamp Response object.
- */
-public class TimeStampResponse
-{
-    TimeStampResp   resp;
-    TimeStampToken  timeStampToken;
-
-    public TimeStampResponse(TimeStampResp resp)
-        throws TSPException, IOException
-    {
-        this.resp = resp;
-        
-        if (resp.getTimeStampToken() != null)
-        {
-            timeStampToken = new TimeStampToken(resp.getTimeStampToken());
-        }
-    }
-
-    /**
-     * Create a TimeStampResponse from a byte array containing an ASN.1 encoding.
-     * 
-     * @param resp the byte array containing the encoded response.
-     * @throws TSPException if the response is malformed.
-     * @throws IOException if the byte array doesn't represent an ASN.1 encoding.
-     */
-    public TimeStampResponse(byte[] resp)
-        throws TSPException, IOException
-    {
-        this(new ByteArrayInputStream(resp));
-    }
-
-    /**
-     * Create a TimeStampResponse from an input stream containing an ASN.1 encoding.
-     * 
-     * @param in the input stream containing the encoded response.
-     * @throws TSPException if the response is malformed.
-     * @throws IOException if the stream doesn't represent an ASN.1 encoding.
-     */
-    public TimeStampResponse(InputStream in)
-        throws TSPException, IOException
-    {
-        this(readTimeStampResp(in));
-    }
-
-    private static TimeStampResp readTimeStampResp(
-        InputStream in) 
-        throws IOException, TSPException
-    {
-        try
-        {
-            return TimeStampResp.getInstance(new ASN1InputStream(in).readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new TSPException("malformed timestamp response: " + e, e);
-        }
-        catch (ClassCastException e)
-        {
-            throw new TSPException("malformed timestamp response: " + e, e);
-        }
-    }
-    
-    public int getStatus()
-    {
-        return resp.getStatus().getStatus().intValue();
-    }
-
-    public String getStatusString()
-    {
-        if (resp.getStatus().getStatusString() != null)
-        {
-            StringBuffer statusStringBuf = new StringBuffer();
-            PKIFreeText text = resp.getStatus().getStatusString();
-            for (int i = 0; i != text.size(); i++)
-            {
-                statusStringBuf.append(text.getStringAt(i).getString());
-            }
-            return statusStringBuf.toString();
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-    public PKIFailureInfo getFailInfo()
-    {
-        if (resp.getStatus().getFailInfo() != null)
-        {
-            return new PKIFailureInfo(resp.getStatus().getFailInfo());
-        }
-        
-        return null;
-    }
-
-    public TimeStampToken getTimeStampToken()
-    {
-        return timeStampToken;
-    }
-
-    /**
-     * Check this response against to see if it a well formed response for 
-     * the passed in request. Validation will include checking the time stamp
-     * token if the response status is GRANTED or GRANTED_WITH_MODS.
-     * 
-     * @param request the request to be checked against
-     * @throws TSPException if the request can not match this response.
-     */
-    public void validate(
-        TimeStampRequest    request)
-        throws TSPException
-    {
-        TimeStampToken tok = this.getTimeStampToken();
-        
-        if (tok != null)
-        {
-            TimeStampTokenInfo  tstInfo = tok.getTimeStampInfo();
-            
-            if (request.getNonce() != null && !request.getNonce().equals(tstInfo.getNonce()))
-            {
-                throw new TSPValidationException("response contains wrong nonce value.");
-            }
-            
-            if (this.getStatus() != PKIStatus.GRANTED && this.getStatus() != PKIStatus.GRANTED_WITH_MODS)
-            {
-                throw new TSPValidationException("time stamp token found in failed request.");
-            }
-            
-            if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest()))
-            {
-                throw new TSPValidationException("response for different message imprint digest.");
-            }
-            
-            if (!tstInfo.getMessageImprintAlgOID().equals(request.getMessageImprintAlgOID()))
-            {
-                throw new TSPValidationException("response for different message imprint algorithm.");
-            }
-
-            Attribute scV1 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
-            Attribute scV2 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
-
-            if (scV1 == null && scV2 == null)
-            {
-                throw new TSPValidationException("no signing certificate attribute present.");
-            }
-
-            if (scV1 != null && scV2 != null)
-            {
-                throw new TSPValidationException("conflicting signing certificate attributes present.");
-            }
-
-            if (request.getReqPolicy() != null && !request.getReqPolicy().equals(tstInfo.getPolicy()))
-            {
-                throw new TSPValidationException("TSA policy wrong for request.");
-            }
-        }
-        else if (this.getStatus() == PKIStatus.GRANTED || this.getStatus() == PKIStatus.GRANTED_WITH_MODS)
-        {
-            throw new TSPValidationException("no time stamp token found and one expected.");
-        }
-    }
-    
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded() throws IOException
-    {
-        return resp.getEncoded();
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java
deleted file mode 100644
index abbf4e10e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampResponseGenerator.java
+++ /dev/null
@@ -1,288 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.util.Date;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cmp.PKIFailureInfo;
-import org.bouncycastle.asn1.cmp.PKIFreeText;
-import org.bouncycastle.asn1.cmp.PKIStatus;
-import org.bouncycastle.asn1.cmp.PKIStatusInfo;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.tsp.TimeStampResp;
-
-/**
- * Generator for RFC 3161 Time Stamp Responses.
- */
-public class TimeStampResponseGenerator
-{
-    int status;
-
-    ASN1EncodableVector statusStrings;
-
-    int failInfo;
-    private TimeStampTokenGenerator tokenGenerator;
-    private Set                     acceptedAlgorithms;
-    private Set                     acceptedPolicies;
-    private Set                     acceptedExtensions;
-    
-    public TimeStampResponseGenerator(
-        TimeStampTokenGenerator tokenGenerator,
-        Set                     acceptedAlgorithms)
-    {
-        this(tokenGenerator, acceptedAlgorithms, null, null);
-    }
-    
-    public TimeStampResponseGenerator(
-        TimeStampTokenGenerator tokenGenerator,
-        Set                     acceptedAlgorithms,
-        Set                     acceptedPolicy)
-    {
-        this(tokenGenerator, acceptedAlgorithms, acceptedPolicy, null);
-    }
-
-    public TimeStampResponseGenerator(
-        TimeStampTokenGenerator tokenGenerator,
-        Set                     acceptedAlgorithms,
-        Set                     acceptedPolicies,
-        Set                     acceptedExtensions)
-    {
-        this.tokenGenerator = tokenGenerator;
-        this.acceptedAlgorithms = acceptedAlgorithms;
-        this.acceptedPolicies = acceptedPolicies;
-        this.acceptedExtensions = acceptedExtensions;
-
-        statusStrings = new ASN1EncodableVector();
-    }
-
-    private void addStatusString(String statusString)
-    {
-        statusStrings.add(new DERUTF8String(statusString));
-    }
-
-    private void setFailInfoField(int field)
-    {
-        failInfo = failInfo | field;
-    }
-
-    private PKIStatusInfo getPKIStatusInfo()
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        
-        v.add(new DERInteger(status));
-        
-        if (statusStrings.size() > 0)
-        {
-            v.add(new PKIFreeText(new DERSequence(statusStrings)));
-        }
-
-        if (failInfo != 0)
-        {
-            DERBitString failInfoBitString = new FailInfo(failInfo);
-            v.add(failInfoBitString);
-        }
-
-        return new PKIStatusInfo(new DERSequence(v));
-    }
-
-    /**
-     * Return an appropriate TimeStampResponse.
-     * 
    
-     * If genTime is null a timeNotAvailable error response will be returned.
-     *
-     * @param request the request this response is for.
-     * @param serialNumber serial number for the response token.
-     * @param genTime generation time for the response token.
-     * @param provider provider to use for signature calculation.
-     * @deprecated use method that does not require provider
-     * @return
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     * @throws TSPException
-     */
-    public TimeStampResponse generate(
-        TimeStampRequest    request,
-        BigInteger          serialNumber,
-        Date                genTime,
-        String              provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, TSPException
-    {   
-        TimeStampResp resp;
-        
-        try
-        {
-            if (genTime == null)
-            {
-                throw new TSPValidationException("The time source is not available.", PKIFailureInfo.timeNotAvailable);
-            }
-
-            request.validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions, provider);
-
-            status = PKIStatus.GRANTED;
-            this.addStatusString("Operation Okay");
-            
-            PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
-            
-            ContentInfo tstTokenContentInfo = null;
-            try
-            {
-                ByteArrayInputStream    bIn = new ByteArrayInputStream(tokenGenerator.generate(request, serialNumber, genTime, provider).toCMSSignedData().getEncoded());
-                ASN1InputStream         aIn = new ASN1InputStream(bIn);
-                
-                tstTokenContentInfo = ContentInfo.getInstance(aIn.readObject());
-            }
-            catch (java.io.IOException ioEx)
-            {
-                throw new TSPException(
-                        "Timestamp token received cannot be converted to ContentInfo", ioEx);
-            }
-    
-            resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo);
-        }
-        catch (TSPValidationException e)
-        {
-            status = PKIStatus.REJECTION;
-            
-            this.setFailInfoField(e.getFailureCode());
-            this.addStatusString(e.getMessage());
-            
-            PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
-
-            resp = new TimeStampResp(pkiStatusInfo, null);
-        }
-
-        try
-        {
-            return new TimeStampResponse(resp);
-        }
-        catch (IOException e)
-        {
-            throw new TSPException("created badly formatted response!");
-        }
-    }
-
-    /**
-     * Return an appropriate TimeStampResponse.
-     * 
    
-     * If genTime is null a timeNotAvailable error response will be returned.
-     *
-     * @param request the request this response is for.
-     * @param serialNumber serial number for the response token.
-     * @param genTime generation time for the response token.
-     * @return
-     * @throws NoSuchAlgorithmException
-     * @throws TSPException
-     */
-    public TimeStampResponse generate(
-        TimeStampRequest    request,
-        BigInteger          serialNumber,
-        Date                genTime)
-        throws TSPException
-    {
-        TimeStampResp resp;
-
-        try
-        {
-            if (genTime == null)
-            {
-                throw new TSPValidationException("The time source is not available.", PKIFailureInfo.timeNotAvailable);
-            }
-
-            request.validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);
-
-            status = PKIStatus.GRANTED;
-            this.addStatusString("Operation Okay");
-
-            PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
-
-            ContentInfo tstTokenContentInfo = null;
-            try
-            {
-                ByteArrayInputStream    bIn = new ByteArrayInputStream(tokenGenerator.generate(request, serialNumber, genTime).toCMSSignedData().getEncoded());
-                ASN1InputStream         aIn = new ASN1InputStream(bIn);
-
-                tstTokenContentInfo = ContentInfo.getInstance(aIn.readObject());
-            }
-            catch (java.io.IOException ioEx)
-            {
-                throw new TSPException(
-                        "Timestamp token received cannot be converted to ContentInfo", ioEx);
-            }
-
-            resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo);
-        }
-        catch (TSPValidationException e)
-        {
-            status = PKIStatus.REJECTION;
-
-            this.setFailInfoField(e.getFailureCode());
-            this.addStatusString(e.getMessage());
-
-            PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
-
-            resp = new TimeStampResp(pkiStatusInfo, null);
-        }
-
-        try
-        {
-            return new TimeStampResponse(resp);
-        }
-        catch (IOException e)
-        {
-            throw new TSPException("created badly formatted response!");
-        }
-    }
-
-    class FailInfo extends DERBitString
-    {
-        FailInfo(int failInfoValue)
-        {
-            super(getBytes(failInfoValue), getPadBits(failInfoValue));
-        }
-    }
-
-    /**
-     * Generate a TimeStampResponse with chosen status and FailInfoField.
-     * 
-     * @param status the PKIStatus to set.
-     * @param failInfoField the FailInfoField to set.
-     * @param statusString an optional string describing the failure.
-     * @return a TimeStampResponse with a failInfoField and optional statusString
-     * @throws TSPException in case the response could not be created
-     */
-    public TimeStampResponse generateFailResponse(int status, int failInfoField, String statusString)
-        throws TSPException
-    {
-        this.status = status;
-
-        this.setFailInfoField(failInfoField);
-
-        if (statusString != null)
-        {
-            this.addStatusString(statusString);
-        }
-
-        PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
-
-        TimeStampResp resp = new TimeStampResp(pkiStatusInfo, null);
-
-        try
-        {
-            return new TimeStampResponse(resp);
-        }
-        catch (IOException e)
-        {
-            throw new TSPException("created badly formatted response!");
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampToken.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampToken.java
deleted file mode 100644
index 9ab7ec6e9..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampToken.java
+++ /dev/null
@@ -1,480 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertStore;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.ess.ESSCertID;
-import org.bouncycastle.asn1.ess.ESSCertIDv2;
-import org.bouncycastle.asn1.ess.SigningCertificate;
-import org.bouncycastle.asn1.ess.SigningCertificateV2;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.tsp.TSTInfo;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.IssuerSerial;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.SignerId;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationVerifier;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Store;
-
-public class TimeStampToken
-{
-    CMSSignedData tsToken;
-
-    SignerInformation tsaSignerInfo;
-
-    Date genTime;
-
-    TimeStampTokenInfo tstInfo;
-    
-    CertID   certID;
-
-    public TimeStampToken(ContentInfo contentInfo)
-        throws TSPException, IOException
-    {
-        this(new CMSSignedData(contentInfo));
-    }   
-    
-    public TimeStampToken(CMSSignedData signedData)
-        throws TSPException, IOException
-    {
-        this.tsToken = signedData;
-
-        if (!this.tsToken.getSignedContentTypeOID().equals(PKCSObjectIdentifiers.id_ct_TSTInfo.getId()))
-        {
-            throw new TSPValidationException("ContentInfo object not for a time stamp.");
-        }
-        
-        Collection signers = tsToken.getSignerInfos().getSigners();
-
-        if (signers.size() != 1)
-        {
-            throw new IllegalArgumentException("Time-stamp token signed by "
-                    + signers.size()
-                    + " signers, but it must contain just the TSA signature.");
-        }
-
-        tsaSignerInfo = (SignerInformation)signers.iterator().next();
-
-        try
-        {
-            CMSProcessable content = tsToken.getSignedContent();
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-            content.write(bOut);
-
-            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray()));
-
-            this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(aIn.readObject()));
-            
-            Attribute   attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
-
-            if (attr != null)
-            {
-                SigningCertificate    signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0));
-
-                this.certID = new CertID(ESSCertID.getInstance(signCert.getCerts()[0]));
-            }
-            else
-            {
-                attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
-
-                if (attr == null)
-                {
-                    throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
-                }
-
-                SigningCertificateV2 signCertV2 = SigningCertificateV2.getInstance(attr.getAttrValues().getObjectAt(0));
-
-                this.certID = new CertID(ESSCertIDv2.getInstance(signCertV2.getCerts()[0]));
-            }
-        }
-        catch (CMSException e)
-        {
-            throw new TSPException(e.getMessage(), e.getUnderlyingException());
-        }
-    }
-
-    public TimeStampTokenInfo getTimeStampInfo()
-    {
-        return tstInfo;
-    }
-
-    public SignerId getSID()
-    {
-        return tsaSignerInfo.getSID();
-    }
-    
-    public AttributeTable getSignedAttributes()
-    {
-        return tsaSignerInfo.getSignedAttributes();
-    }
-
-    public AttributeTable getUnsignedAttributes()
-    {
-        return tsaSignerInfo.getUnsignedAttributes();
-    }
-
-    public CertStore getCertificatesAndCRLs(
-        String type,
-        String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
-    {
-        return tsToken.getCertificatesAndCRLs(type, provider);
-    }
-
-    public Store getCertificates()
-    {
-        return tsToken.getCertificates();
-    }
-
-    public Store getCRLs()
-    {
-        return tsToken.getCRLs();
-    }
-
-    public Store getAttributeCertificates()
-    {
-        return tsToken.getAttributeCertificates();
-    }
-
-    /**
-     * Validate the time stamp token.
-     * 
    
-     * To be valid the token must be signed by the passed in certificate and
-     * the certificate must be the one referred to by the SigningCertificate 
-     * attribute included in the hashed attributes of the token. The
-     * certificate must also have the ExtendedKeyUsageExtension with only
-     * KeyPurposeId.id_kp_timeStamping and have been valid at the time the
-     * timestamp was created.
-     * 
    
-     * 
    
-     * A successful call to validate means all the above are true.
-     * 
    
-     * @deprecated
-     */
-    public void validate(
-        X509Certificate cert,
-        String provider)
-        throws TSPException, TSPValidationException,
-        CertificateExpiredException, CertificateNotYetValidException, NoSuchProviderException
-    {
-        try
-        {
-            if (!Arrays.constantTimeAreEqual(certID.getCertHash(), MessageDigest.getInstance(certID.getHashAlgorithmName()).digest(cert.getEncoded())))
-            {
-                throw new TSPValidationException("certificate hash does not match certID hash.");
-            }
-            
-            if (certID.getIssuerSerial() != null)
-            {
-                if (!certID.getIssuerSerial().getSerial().getValue().equals(cert.getSerialNumber()))
-                {
-                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
-                }
-                
-                GeneralName[]   names = certID.getIssuerSerial().getIssuer().getNames();
-                X509Principal   principal = PrincipalUtil.getIssuerX509Principal(cert);
-                boolean         found = false;
-                
-                for (int i = 0; i != names.length; i++)
-                {
-                    if (names[i].getTagNo() == 4 && new X509Principal(X509Name.getInstance(names[i].getName())).equals(principal))
-                    {
-                        found = true;
-                        break;
-                    }
-                }
-                
-                if (!found)
-                {
-                    throw new TSPValidationException("certificate name does not match certID for signature. ");
-                }
-            }
-            
-            TSPUtil.validateCertificate(cert);
-            
-            cert.checkValidity(tstInfo.getGenTime());
-
-            if (!tsaSignerInfo.verify(cert, provider))
-            {
-                throw new TSPValidationException("signature not created by certificate.");
-            }
-        }
-        catch (CMSException e)
-        {
-            if (e.getUnderlyingException() != null)
-            {
-                throw new TSPException(e.getMessage(), e.getUnderlyingException());
-            }
-            else
-            {
-                throw new TSPException("CMS exception: " + e, e);
-            }
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new TSPException("cannot find algorithm: " + e, e);
-        }
-        catch (CertificateEncodingException e)
-        {
-            throw new TSPException("problem processing certificate: " + e, e);
-        }
-    }
-
-    /**
-     * Validate the time stamp token.
-     * 
    
-     * To be valid the token must be signed by the passed in certificate and
-     * the certificate must be the one referred to by the SigningCertificate
-     * attribute included in the hashed attributes of the token. The
-     * certificate must also have the ExtendedKeyUsageExtension with only
-     * KeyPurposeId.id_kp_timeStamping and have been valid at the time the
-     * timestamp was created.
-     * 
    
-     * 
    
-     * A successful call to validate means all the above are true.
-     * 
    
-     *
-     * @param sigVerifier the content verifier create the objects required to verify the CMS object in the timestamp.
-     * @throws TSPException if an exception occurs in processing the token.
-     * @throws TSPValidationException if the certificate or signature fail to be valid.
-     * @throws IllegalArgumentException if the sigVerifierProvider has no associated certificate.
-     */
-    public void validate(
-        SignerInformationVerifier sigVerifier)
-        throws TSPException, TSPValidationException
-    {
-        if (!sigVerifier.hasAssociatedCertificate())
-        {
-            throw new IllegalArgumentException("verifier provider needs an associated certificate");
-        }
-
-        try
-        {
-            X509CertificateHolder certHolder = sigVerifier.getAssociatedCertificate();
-            DigestCalculator calc = sigVerifier.getDigestCalculator(certID.getHashAlgorithm());
-
-            OutputStream cOut = calc.getOutputStream();
-
-            cOut.write(certHolder.getEncoded());
-            cOut.close();
-
-            if (!Arrays.constantTimeAreEqual(certID.getCertHash(), calc.getDigest()))
-            {
-                throw new TSPValidationException("certificate hash does not match certID hash.");
-            }
-
-            if (certID.getIssuerSerial() != null)
-            {
-                IssuerAndSerialNumber issuerSerial = certHolder.getIssuerAndSerialNumber();
-
-                if (!certID.getIssuerSerial().getSerial().equals(issuerSerial.getSerialNumber()))
-                {
-                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
-                }
-
-                GeneralName[]   names = certID.getIssuerSerial().getIssuer().getNames();
-                boolean         found = false;
-
-                for (int i = 0; i != names.length; i++)
-                {
-                    if (names[i].getTagNo() == 4 && X500Name.getInstance(names[i].getName()).equals(X500Name.getInstance(issuerSerial.getName().getDERObject())))
-                    {
-                        found = true;
-                        break;
-                    }
-                }
-
-                if (!found)
-                {
-                    throw new TSPValidationException("certificate name does not match certID for signature. ");
-                }
-            }
-
-            TSPUtil.validateCertificate(certHolder);
-
-            if (!certHolder.isValidOn(tstInfo.getGenTime()))
-            {
-                throw new TSPValidationException("certificate not valid when time stamp created.");
-            }
-
-            if (!tsaSignerInfo.verify(sigVerifier))
-            {
-                throw new TSPValidationException("signature not created by certificate.");
-            }
-        }
-        catch (CMSException e)
-        {
-            if (e.getUnderlyingException() != null)
-            {
-                throw new TSPException(e.getMessage(), e.getUnderlyingException());
-            }
-            else
-            {
-                throw new TSPException("CMS exception: " + e, e);
-            }
-        }
-        catch (IOException e)
-        {
-            throw new TSPException("problem processing certificate: " + e, e);
-        }
-        catch (OperatorCreationException e)
-        {
-            throw new TSPException("unable to create digest: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Return true if the signature on time stamp token is valid.
-     * 
    
-     * Note: this is a much weaker proof of correctness than calling validate().
-     * 
    
-     *
-     * @param sigVerifier the content verifier create the objects required to verify the CMS object in the timestamp.
-     * @return true if the signature matches, false otherwise.
-     * @throws TSPException if the signature cannot be processed or the provider cannot match the algorithm.
-     */
-    public boolean isSignatureValid(
-        SignerInformationVerifier sigVerifier)
-        throws TSPException
-    {
-        try
-        {
-            return tsaSignerInfo.verify(sigVerifier);
-        }
-        catch (CMSException e)
-        {
-            if (e.getUnderlyingException() != null)
-            {
-                throw new TSPException(e.getMessage(), e.getUnderlyingException());
-            }
-            else
-            {
-                throw new TSPException("CMS exception: " + e, e);
-            }
-        }
-    }
-
-    /**
-     * Return the underlying CMSSignedData object.
-     * 
-     * @return the underlying CMS structure.
-     */
-    public CMSSignedData toCMSSignedData()
-    {
-        return tsToken;
-    }
-    
-    /**
-     * Return a ASN.1 encoded byte stream representing the encoded object.
-     * 
-     * @throws IOException if encoding fails.
-     */
-    public byte[] getEncoded() 
-        throws IOException
-    {
-        return tsToken.getEncoded();
-    }
-
-    // perhaps this should be done using an interface on the ASN.1 classes...
-    private class CertID
-    {
-        private ESSCertID certID;
-        private ESSCertIDv2 certIDv2;
-
-        CertID(ESSCertID certID)
-        {
-            this.certID = certID;
-            this.certIDv2 = null;
-        }
-
-        CertID(ESSCertIDv2 certID)
-        {
-            this.certIDv2 = certID;
-            this.certID = null;
-        }
-
-        public String getHashAlgorithmName()
-        {
-            if (certID != null)
-            {
-                return "SHA-1";
-            }
-            else
-            {
-                if (NISTObjectIdentifiers.id_sha256.equals(certIDv2.getHashAlgorithm().getAlgorithm()))
-                {
-                    return "SHA-256";
-                }
-                return certIDv2.getHashAlgorithm().getAlgorithm().getId();
-            }
-        }
-
-        public AlgorithmIdentifier getHashAlgorithm()
-        {
-            if (certID != null)
-            {
-                return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
-            }
-            else
-            {
-                return certIDv2.getHashAlgorithm();
-            }
-        }
-
-        public byte[] getCertHash()
-        {
-            if (certID != null)
-            {
-                return certID.getCertHash();
-            }
-            else
-            {
-                return certIDv2.getCertHash();
-            }
-        }
-
-        public IssuerSerial getIssuerSerial()
-        {
-            if (certID != null)
-            {
-                return certID.getIssuerSerial();
-            }
-            else
-            {
-                return certIDv2.getIssuerSerial();
-            }
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java
deleted file mode 100644
index 85f565460..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenGenerator.java
+++ /dev/null
@@ -1,459 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.cert.CRLException;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.ess.ESSCertID;
-import org.bouncycastle.asn1.ess.SigningCertificate;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.tsp.Accuracy;
-import org.bouncycastle.asn1.tsp.MessageImprint;
-import org.bouncycastle.asn1.tsp.TSTInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSAttributeTableGenerationException;
-import org.bouncycastle.cms.CMSAttributeTableGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedGenerator;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.SignerInfoGenerator;
-import org.bouncycastle.cms.SimpleAttributeTableGenerator;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.jce.interfaces.GOST3410PrivateKey;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-
-public class TimeStampTokenGenerator
-{
-    int accuracySeconds = -1;
-
-    int accuracyMillis = -1;
-
-    int accuracyMicros = -1;
-
-    boolean ordering = false;
-
-    GeneralName tsa = null;
-    
-    private String  tsaPolicyOID;
-
-    PrivateKey      key;
-    X509Certificate cert;
-    String          digestOID;
-    AttributeTable  signedAttr;
-    AttributeTable  unsignedAttr;
-    CertStore       certsAndCrls;
-
-    private List certs = new ArrayList();
-    private List crls = new ArrayList();
-    private List attrCerts = new ArrayList();
-    private SignerInfoGenerator signerInfoGen;
-
-    /**
-     *
-     */
-    public TimeStampTokenGenerator(
-        final SignerInfoGenerator     signerInfoGen,
-        ASN1ObjectIdentifier          tsaPolicy)
-        throws IllegalArgumentException, TSPException
-    {
-        this.signerInfoGen = signerInfoGen;
-        this.tsaPolicyOID = tsaPolicy.getId();
-
-        if (!signerInfoGen.hasAssociatedCertificate())
-        {
-            throw new IllegalArgumentException("SignerInfoGenerator must have an associated certificate");
-        }
-        
-        TSPUtil.validateCertificate(signerInfoGen.getAssociatedCertificate());
-
-        try
-        {
-            final ESSCertID essCertid = new ESSCertID(MessageDigest.getInstance("SHA-1").digest(signerInfoGen.getAssociatedCertificate().getEncoded()));
-
-            this.signerInfoGen = new SignerInfoGenerator(signerInfoGen, new CMSAttributeTableGenerator()
-            {
-                public AttributeTable getAttributes(Map parameters)
-                    throws CMSAttributeTableGenerationException
-                {
-                    AttributeTable table = signerInfoGen.getSignedAttributeTableGenerator().getAttributes(parameters);
-
-                    return table.add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(essCertid));
-                }
-            }, signerInfoGen.getUnsignedAttributeTableGenerator());
-
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new TSPException("Can't find a SHA-1 implementation.", e);
-        }
-        catch (IOException e)
-        {
-            throw new TSPException("Exception processing certificate.", e);
-        }
-    }
-
-    /**
-     * basic creation - only the default attributes will be included here.
-     * @deprecated use SignerInfoGenerator constructor
-     */
-    public TimeStampTokenGenerator(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        String          tsaPolicyOID)
-        throws IllegalArgumentException, TSPException
-    {
-        this(key, cert, digestOID, tsaPolicyOID, null, null);
-    }
-
-    /**
-     * create with a signer with extra signed/unsigned attributes.
-     * @deprecated use SignerInfoGenerator constructor
-     */
-    public TimeStampTokenGenerator(
-        PrivateKey      key,
-        X509Certificate cert,
-        String          digestOID,
-        String          tsaPolicyOID,
-        AttributeTable  signedAttr,
-        AttributeTable  unsignedAttr)
-        throws IllegalArgumentException, TSPException
-    {   
-        this.key = key;
-        this.cert = cert;
-        this.digestOID = digestOID;
-        this.tsaPolicyOID = tsaPolicyOID;
-        this.unsignedAttr = unsignedAttr;
-
-        //
-        // add the essCertid
-        //
-        Hashtable signedAttrs = null;
-        
-        if (signedAttr != null)
-        {
-            signedAttrs = signedAttr.toHashtable();
-        }
-        else
-        {
-            signedAttrs = new Hashtable();
-        }
-
-
-        TSPUtil.validateCertificate(cert);
-
-        try
-        {
-            ESSCertID essCertid = new ESSCertID(MessageDigest.getInstance("SHA-1").digest(cert.getEncoded()));
-            signedAttrs.put(PKCSObjectIdentifiers.id_aa_signingCertificate,
-                    new Attribute(
-                            PKCSObjectIdentifiers.id_aa_signingCertificate,
-                            new DERSet(new SigningCertificate(essCertid))));
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new TSPException("Can't find a SHA-1 implementation.", e);
-        }
-        catch (CertificateEncodingException e)
-        {
-            throw new TSPException("Exception processing certificate.", e);
-        }
-        
-        this.signedAttr = new AttributeTable(signedAttrs);
-    }
-
-    /**
-     * @deprecated use addCertificates and addCRLs
-     * @param certificates
-     * @throws CertStoreException
-     * @throws TSPException
-     */
-    public void setCertificatesAndCRLs(CertStore certificates)
-            throws CertStoreException, TSPException
-    {
-        Collection c1 = certificates.getCertificates(null);
-
-        for (Iterator it = c1.iterator(); it.hasNext();)
-        {
-            try
-            {
-                certs.add(new JcaX509CertificateHolder((X509Certificate)it.next()));
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new TSPException("cannot encode certificate: " + e.getMessage(), e);
-            }
-        }
-
-        c1 = certificates.getCRLs(null);
-
-        for (Iterator it = c1.iterator(); it.hasNext();)
-        {
-            try
-            {
-                crls.add(new JcaX509CRLHolder((X509CRL)it.next()));
-            }
-            catch (CRLException e)
-            {
-                throw new TSPException("cannot encode CRL: " + e.getMessage(), e);
-            }
-        }
-    }
-
-    /**
-     * Add the store of X509 Certificates to the generator.
-     *
-     * @param certStore  a Store containing X509CertificateHolder objects
-     */
-    public void addCertificates(
-        Store certStore)
-    {
-        certs.addAll(certStore.getMatches(null));
-    }
-
-    /**
-     *
-     * @param crlStore a Store containing X509CRLHolder objects.
-     */
-    public void addCRLs(
-        Store crlStore)
-    {
-        crls.addAll(crlStore.getMatches(null));
-    }
-
-    /**
-     *
-     * @param attrStore a Store containing X509AttributeCertificate objects.
-     */
-    public void addAttributeCertificates(
-        Store attrStore)
-    {
-        attrCerts.addAll(attrStore.getMatches(null));
-    }
-
-    public void setAccuracySeconds(int accuracySeconds)
-    {
-        this.accuracySeconds = accuracySeconds;
-    }
-
-    public void setAccuracyMillis(int accuracyMillis)
-    {
-        this.accuracyMillis = accuracyMillis;
-    }
-
-    public void setAccuracyMicros(int accuracyMicros)
-    {
-        this.accuracyMicros = accuracyMicros;
-    }
-
-    public void setOrdering(boolean ordering)
-    {
-        this.ordering = ordering;
-    }
-
-    public void setTSA(GeneralName tsa)
-    {
-        this.tsa = tsa;
-    }
-    
-    //------------------------------------------------------------------------------
-
-    public TimeStampToken generate(
-        TimeStampRequest    request,
-        BigInteger          serialNumber,
-        Date                genTime,
-        String              provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException, TSPException
-    {
-        if (signerInfoGen == null)
-        {
-            try
-            {
-                JcaSignerInfoGeneratorBuilder sigBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(provider).build());
-
-                sigBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(signedAttr));
-
-                if (unsignedAttr != null)
-                {
-                    sigBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(unsignedAttr));
-                }
-
-                signerInfoGen = sigBuilder.build(new JcaContentSignerBuilder(getSigAlgorithm(key, digestOID)).setProvider(provider).build(key), cert);
-            }
-            catch (OperatorCreationException e)
-            {
-                throw new TSPException("Error generating signing operator", e);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new TSPException("Error encoding certificate", e);
-            }
-        }
-
-        return generate(request, serialNumber, genTime);
-    }
-
-    public TimeStampToken generate(
-        TimeStampRequest    request,
-        BigInteger          serialNumber,
-        Date                genTime)
-        throws TSPException
-    {
-        if (signerInfoGen == null)
-        {
-            throw new IllegalStateException("can only use this method with SignerInfoGenerator constructor");
-        }
-
-        ASN1ObjectIdentifier digestAlgOID = new ASN1ObjectIdentifier(request.getMessageImprintAlgOID());
-
-        AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, new DERNull());
-        MessageImprint      messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
-
-        Accuracy accuracy = null;
-        if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
-        {
-            DERInteger seconds = null;
-            if (accuracySeconds > 0)
-            {
-                seconds = new DERInteger(accuracySeconds);
-            }
-
-            DERInteger millis = null;
-            if (accuracyMillis > 0)
-            {
-                millis = new DERInteger(accuracyMillis);
-            }
-
-            DERInteger micros = null;
-            if (accuracyMicros > 0)
-            {
-                micros = new DERInteger(accuracyMicros);
-            }
-
-            accuracy = new Accuracy(seconds, millis, micros);
-        }
-
-        DERBoolean derOrdering = null;
-        if (ordering)
-        {
-            derOrdering = new DERBoolean(ordering);
-        }
-
-        DERInteger  nonce = null;
-        if (request.getNonce() != null)
-        {
-            nonce = new DERInteger(request.getNonce());
-        }
-
-        ASN1ObjectIdentifier tsaPolicy = new ASN1ObjectIdentifier(tsaPolicyOID);
-        if (request.getReqPolicy() != null)
-        {
-            tsaPolicy = new ASN1ObjectIdentifier(request.getReqPolicy());
-        }
-
-        TSTInfo tstInfo = new TSTInfo(tsaPolicy,
-                messageImprint, new DERInteger(serialNumber),
-                new DERGeneralizedTime(genTime), accuracy, derOrdering,
-                nonce, tsa, request.getExtensions());
-
-        try
-        {
-            CMSSignedDataGenerator  signedDataGenerator = new CMSSignedDataGenerator();
-
-            if (request.getCertReq())
-            {
-                // TODO: do we need to check certs non-empty?
-                signedDataGenerator.addCertificates(new CollectionStore(certs));
-                signedDataGenerator.addCRLs(new CollectionStore(crls));
-                signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
-            }
-            else
-            {
-                signedDataGenerator.addCRLs(new CollectionStore(crls));
-            }
-
-            signedDataGenerator.addSignerInfoGenerator(signerInfoGen);
-
-            byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encodable.DER);
-
-            CMSSignedData signedData = signedDataGenerator.generate(new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo), true);
-
-            return new TimeStampToken(signedData);
-        }
-        catch (CMSException cmsEx)
-        {
-            throw new TSPException("Error generating time-stamp token", cmsEx);
-        }
-        catch (IOException e)
-        {
-            throw new TSPException("Exception encoding info", e);
-        }
-    }
-
-    private String getSigAlgorithm(
-        PrivateKey key,
-        String     digestOID)
-    {
-        String enc = null;
-
-        if (key instanceof RSAPrivateKey || "RSA".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            enc = "RSA";
-        }
-        else if (key instanceof DSAPrivateKey || "DSA".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            enc = "DSA";
-        }
-        else if ("ECDSA".equalsIgnoreCase(key.getAlgorithm()) || "EC".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            enc = "ECDSA";
-        }
-        else if (key instanceof GOST3410PrivateKey || "GOST3410".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            enc = "GOST3410";
-        }
-        else if ("ECGOST3410".equalsIgnoreCase(key.getAlgorithm()))
-        {
-            enc = CMSSignedGenerator.ENCRYPTION_ECGOST3410;
-        }
-
-        return TSPUtil.getDigestAlgName(digestOID) + "with" + enc;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java
deleted file mode 100644
index dfd7a1062..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/TimeStampTokenInfo.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.text.ParseException;
-import java.util.Date;
-
-import org.bouncycastle.asn1.tsp.Accuracy;
-import org.bouncycastle.asn1.tsp.TSTInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-
-public class TimeStampTokenInfo
-{
-    TSTInfo tstInfo;
-    Date    genTime;
-    
-    TimeStampTokenInfo(TSTInfo tstInfo)
-        throws TSPException, IOException
-    {
-        this.tstInfo = tstInfo;
-
-        try
-        {
-            this.genTime = tstInfo.getGenTime().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new TSPException("unable to parse genTime field");
-        }
-    }
-
-    public boolean isOrdered()
-    {
-        return tstInfo.getOrdering().isTrue();
-    }
-
-    public Accuracy getAccuracy()
-    {
-        return tstInfo.getAccuracy();
-    }
-
-    public Date getGenTime()
-    {
-        return genTime;
-    }
-
-    public GenTimeAccuracy getGenTimeAccuracy()
-    {
-        if (this.getAccuracy() != null)
-        {
-            return new GenTimeAccuracy(this.getAccuracy());
-        }
-        
-        return null;
-    }
-    
-    public String getPolicy()
-    {
-        return tstInfo.getPolicy().getId();
-    }
-    
-    public BigInteger getSerialNumber()
-    {
-        return tstInfo.getSerialNumber().getValue();
-    }
-
-    public GeneralName getTsa()
-    {
-        return tstInfo.getTsa();
-    }
-
-    /**
-     * @return the nonce value, null if there isn't one.
-     */
-    public BigInteger getNonce()
-    {
-        if (tstInfo.getNonce() != null)
-        {
-            return tstInfo.getNonce().getValue();
-        }
-
-        return null;
-    }
-
-    public AlgorithmIdentifier getHashAlgorithm()
-    {
-        return tstInfo.getMessageImprint().getHashAlgorithm();
-    }
-
-    public String getMessageImprintAlgOID()
-    {
-        return tstInfo.getMessageImprint().getHashAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getMessageImprintDigest()
-    {
-        return tstInfo.getMessageImprint().getHashedMessage();
-    }
-
-    public byte[] getEncoded() 
-        throws IOException
-    {
-        return tstInfo.getEncoded();
-    }
-
-    public TSTInfo toTSTInfo()
-    {
-        return tstInfo;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java
deleted file mode 100644
index dac006a94..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedData.java
+++ /dev/null
@@ -1,204 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.Evidence;
-import org.bouncycastle.asn1.cms.TimeStampAndCRL;
-import org.bouncycastle.asn1.cms.TimeStampTokenEvidence;
-import org.bouncycastle.asn1.cms.TimeStampedData;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.tsp.TimeStampToken;
-
-public class CMSTimeStampedData
-{
-    private TimeStampedData timeStampedData;
-    private ContentInfo contentInfo;
-    private TimeStampDataUtil util;
-
-    public CMSTimeStampedData(ContentInfo contentInfo)
-    {
-        this.initialize(contentInfo);
-    }
-
-    public CMSTimeStampedData(InputStream in)
-        throws IOException
-    {
-        try
-        {
-            initialize(ContentInfo.getInstance(new ASN1InputStream(in).readObject()));
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("Malformed content: " + e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("Malformed content: " + e);
-        }
-    }
-
-    public CMSTimeStampedData(byte[] baseData)
-        throws IOException
-    {
-        this(new ByteArrayInputStream(baseData));
-    }
-
-    private void initialize(ContentInfo contentInfo)
-    {
-        this.contentInfo = contentInfo;
-
-        if (CMSObjectIdentifiers.timestampedData.equals(contentInfo.getContentType()))
-        {
-            this.timeStampedData = TimeStampedData.getInstance(contentInfo.getContent());
-        }
-        else
-        {
-            throw new IllegalArgumentException("Malformed content - type must be " + CMSObjectIdentifiers.timestampedData.getId());
-        }
-
-        util = new TimeStampDataUtil(this.timeStampedData);
-    }
-
-    public byte[] calculateNextHash(DigestCalculator calculator)
-        throws CMSException
-    {
-        return util.calculateNextHash(calculator);
-    }
-
-    /**
-     * Return a new timeStampedData object with the additional token attached.
-     *
-     * @throws CMSException
-     */
-    public CMSTimeStampedData addTimeStamp(TimeStampToken token)
-        throws CMSException
-    {
-        TimeStampAndCRL[] timeStamps = util.getTimeStamps();
-        TimeStampAndCRL[] newTimeStamps = new TimeStampAndCRL[timeStamps.length + 1];
-
-        System.arraycopy(timeStamps, 0, newTimeStamps, 0, timeStamps.length);
-
-        newTimeStamps[timeStamps.length] = new TimeStampAndCRL(token.toCMSSignedData().getContentInfo());
-
-        return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(timeStampedData.getDataUri(), timeStampedData.getMetaData(), timeStampedData.getContent(), new Evidence(new TimeStampTokenEvidence(newTimeStamps)))));
-    }
-
-    public byte[] getContent()
-    {
-        if (timeStampedData.getContent() != null)
-        {
-            return timeStampedData.getContent().getOctets();
-        }
-
-        return null;
-    }
-
-    public URI getDataUri()
-        throws URISyntaxException
-    {
-        DERIA5String dataURI = this.timeStampedData.getDataUri();
-
-        if (dataURI != null)
-        {
-            return new URI(dataURI.getString());
-        }
-
-        return null;
-    }
-
-    public String getFileName()
-    {
-        return util.getFileName();
-    }
-
-    public String getMediaType()
-    {
-        return util.getMediaType();
-    }
-
-    public AttributeTable getOtherMetaData()
-    {
-        return util.getOtherMetaData();
-    }
-
-    public TimeStampToken[] getTimeStampTokens()
-        throws CMSException
-    {
-        return util.getTimeStampTokens();
-    }
-
-    /**
-     * Initialise the passed in calculator with the MetaData for this message, if it is
-     * required as part of the initial message imprint calculation.
-     *
-     * @param calculator the digest calculator to be initialised.
-     * @throws CMSException if the MetaData is required and cannot be processed
-     */
-    public void initialiseMessageImprintDigestCalculator(DigestCalculator calculator)
-        throws CMSException
-    {
-        util.initialiseMessageImprintDigestCalculator(calculator);
-    }
-
-    /**
-     * Returns an appropriately initialised digest calculator based on the message imprint algorithm
-     * described in the first time stamp in the TemporalData for this message. If the metadata is required
-     * to be included in the digest calculation, the returned calculator will be pre-initialised.
-     *
-     * @param calculatorProvider  a provider of DigestCalculator objects.
-     * @return an initialised digest calculator.
-     * @throws OperatorCreationException if the provider is unable to create the calculator.
-     */
-    public DigestCalculator getMessageImprintDigestCalculator(DigestCalculatorProvider calculatorProvider)
-        throws OperatorCreationException
-    {
-        return util.getMessageImprintDigestCalculator(calculatorProvider);
-    }
-
-    /**
-     * Validate the digests present in the TimeStampTokens contained in the CMSTimeStampedData.
-     *
-     * @param calculatorProvider provider for digest calculators
-     * @param dataDigest the calculated data digest for the message
-     * @throws ImprintDigestInvalidException if an imprint digest fails to compare
-     * @throws CMSException  if an exception occurs processing the message.
-     */
-    public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest)
-        throws ImprintDigestInvalidException, CMSException
-    {
-        util.validate(calculatorProvider, dataDigest);
-    }
-
-    /**
-     * Validate the passed in timestamp token against the tokens and data present in the message.
-     *
-     * @param calculatorProvider provider for digest calculators
-     * @param dataDigest the calculated data digest for the message.
-     * @param timeStampToken  the timestamp token of interest.
-     * @throws ImprintDigestInvalidException if the token is not present in the message, or an imprint digest fails to compare.
-     * @throws CMSException if an exception occurs processing the message.
-     */
-    public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest, TimeStampToken timeStampToken)
-        throws ImprintDigestInvalidException, CMSException
-    {
-        util.validate(calculatorProvider, dataDigest, timeStampToken);
-    }
-
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return contentInfo.getEncoded();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java
deleted file mode 100644
index f6ffd707b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataGenerator.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.Evidence;
-import org.bouncycastle.asn1.cms.TimeStampAndCRL;
-import org.bouncycastle.asn1.cms.TimeStampTokenEvidence;
-import org.bouncycastle.asn1.cms.TimeStampedData;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.util.io.Streams;
-
-public class CMSTimeStampedDataGenerator
-    extends CMSTimeStampedGenerator
-{
-    public CMSTimeStampedData generate(TimeStampToken timeStamp) throws CMSException
-    {
-        return generate(timeStamp, (InputStream)null);
-    }
-
-    public CMSTimeStampedData generate(TimeStampToken timeStamp, byte[] content) throws CMSException
-    {
-        return generate(timeStamp, new ByteArrayInputStream(content));
-    }
-
-    public CMSTimeStampedData generate(TimeStampToken timeStamp, InputStream content)
-        throws CMSException
-    {
-        ByteArrayOutputStream contentOut = new ByteArrayOutputStream();
-
-        if (content != null)
-        {
-            try
-            {
-                Streams.pipeAll(content, contentOut);
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("exception encapsulating content: " + e.getMessage(), e);
-            }
-        }
-
-        ASN1OctetString encContent = null;
-
-        if (contentOut.size() != 0)
-        {
-            encContent = new BERConstructedOctetString(contentOut.toByteArray());
-        }
-
-        TimeStampAndCRL stamp = new TimeStampAndCRL(timeStamp.toCMSSignedData().getContentInfo());
-
-        DERIA5String asn1DataUri = null;
-
-        if (dataUri != null)
-        {
-            asn1DataUri = new DERIA5String(dataUri.toString());
-        }
-        
-        return new CMSTimeStampedData(new ContentInfo(CMSObjectIdentifiers.timestampedData, new TimeStampedData(asn1DataUri, metaData, encContent, new Evidence(new TimeStampTokenEvidence(stamp)))));
-    }
-}
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java
deleted file mode 100644
index 480d3ba12..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedDataParser.java
+++ /dev/null
@@ -1,207 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERTags;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfoParser;
-import org.bouncycastle.asn1.cms.TimeStampedDataParser;
-import org.bouncycastle.cms.CMSContentInfoParser;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.util.io.Streams;
-
-public class CMSTimeStampedDataParser
-    extends CMSContentInfoParser
-{
-    private TimeStampedDataParser timeStampedData;
-    private TimeStampDataUtil util;
-
-    public CMSTimeStampedDataParser(InputStream in)
-        throws CMSException
-    {
-        super(in);
-
-        initialize(_contentInfo);
-    }
-
-    public CMSTimeStampedDataParser(byte[] baseData)
-        throws CMSException
-    {
-        this(new ByteArrayInputStream(baseData));
-    }
-
-    private void initialize(ContentInfoParser contentInfo)
-        throws CMSException
-    {
-        try
-        {
-            if (CMSObjectIdentifiers.timestampedData.equals(contentInfo.getContentType()))
-            {
-                this.timeStampedData = TimeStampedDataParser.getInstance(contentInfo.getContent(DERTags.SEQUENCE));
-            }
-            else
-            {
-                throw new IllegalArgumentException("Malformed content - type must be " + CMSObjectIdentifiers.timestampedData.getId());
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("parsing exception: " + e.getMessage(), e);
-        }
-    }
-
-    public byte[] calculateNextHash(DigestCalculator calculator)
-        throws CMSException
-    {
-        return util.calculateNextHash(calculator);
-    }
-
-    public InputStream getContent()
-    {
-        if (timeStampedData.getContent() != null)
-        {
-            return timeStampedData.getContent().getOctetStream();
-        }
-
-        return null;
-    }
-
-    public URI getDataUri()
-        throws URISyntaxException
-    {
-        DERIA5String dataURI = this.timeStampedData.getDataUri();
-
-        if (dataURI != null)
-        {
-           return new URI(dataURI.getString());
-        }
-
-        return null;
-    }
-
-    public String getFileName()
-    {
-        return util.getFileName();
-    }
-
-    public String getMediaType()
-    {
-        return util.getMediaType();
-    }
-
-    public AttributeTable getOtherMetaData()
-    {
-        return util.getOtherMetaData();
-    }
-
-    /**
-     * Initialise the passed in calculator with the MetaData for this message, if it is
-     * required as part of the initial message imprint calculation.
-     *
-     * @param calculator the digest calculator to be initialised.
-     * @throws CMSException if the MetaData is required and cannot be processed
-     */
-    public void initialiseMessageImprintDigestCalculator(DigestCalculator calculator)
-        throws CMSException
-    {
-        util.initialiseMessageImprintDigestCalculator(calculator);
-    }
-
-    /**
-     * Returns an appropriately initialised digest calculator based on the message imprint algorithm
-     * described in the first time stamp in the TemporalData for this message. If the metadata is required
-     * to be included in the digest calculation, the returned calculator will be pre-initialised.
-     *
-     * @param calculatorProvider  a provider of DigestCalculator objects.
-     * @return an initialised digest calculator.
-     * @throws OperatorCreationException if the provider is unable to create the calculator.
-     */
-    public DigestCalculator getMessageImprintDigestCalculator(DigestCalculatorProvider calculatorProvider)
-        throws OperatorCreationException
-    {
-        try
-        {
-            parseTimeStamps();
-        }
-        catch (CMSException e)
-        {
-            throw new OperatorCreationException("unable to extract algorithm ID: " + e.getMessage(), e);
-        }
-
-        return util.getMessageImprintDigestCalculator(calculatorProvider);
-    }
-
-    public TimeStampToken[] getTimeStampTokens()
-        throws CMSException
-    {
-        parseTimeStamps();
-
-        return util.getTimeStampTokens();
-    }
-
-    /**
-     * Validate the digests present in the TimeStampTokens contained in the CMSTimeStampedData.
-     *
-     * @param calculatorProvider provider for digest calculators
-     * @param dataDigest the calculated data digest for the message
-     * @throws ImprintDigestInvalidException if an imprint digest fails to compare
-     * @throws CMSException  if an exception occurs processing the message.
-     */
-    public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest)
-        throws ImprintDigestInvalidException, CMSException
-    {
-        parseTimeStamps();
-
-        util.validate(calculatorProvider, dataDigest);
-    }
-
-    /**
-     * Validate the passed in timestamp token against the tokens and data present in the message.
-     *
-     * @param calculatorProvider provider for digest calculators
-     * @param dataDigest the calculated data digest for the message.
-     * @param timeStampToken  the timestamp token of interest.
-     * @throws ImprintDigestInvalidException if the token is not present in the message, or an imprint digest fails to compare.
-     * @throws CMSException if an exception occurs processing the message.
-     */
-    public void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest, TimeStampToken timeStampToken)
-        throws ImprintDigestInvalidException, CMSException
-    {
-        parseTimeStamps();
-
-        util.validate(calculatorProvider, dataDigest, timeStampToken);
-    }
-
-    private void parseTimeStamps()
-        throws CMSException
-    {
-        try
-        {
-            if (util == null)
-            {
-                InputStream cont = this.getContent();
-
-                if (cont != null)
-                {
-                    Streams.drain(cont);
-                }
-
-                util = new TimeStampDataUtil(timeStampedData);
-            }
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("unable to parse evidence block: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java
deleted file mode 100644
index 61ccf8f07..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/CMSTimeStampedGenerator.java
+++ /dev/null
@@ -1,88 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import java.net.URI;
-
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cms.Attributes;
-import org.bouncycastle.asn1.cms.MetaData;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.operator.DigestCalculator;
-
-public class CMSTimeStampedGenerator
-{
-    protected MetaData metaData;
-    protected URI dataUri;
-
-    /**
-     * Set the dataURI to be included in message.
-     *
-     * @param dataUri URI for the data the initial message imprint digest is based on.
-     */
-    public void setDataUri(URI dataUri)
-    {
-        this.dataUri = dataUri;
-    }
-
-    /**
-     * Set the MetaData for the generated message.
-     *
-     * @param hashProtected true if the MetaData should be included in first imprint calculation, false otherwise.
-     * @param fileName optional file name, may be null.
-     * @param mediaType optional media type, may be null.
-     */
-    public void setMetaData(boolean hashProtected, String fileName, String mediaType)
-    {
-        setMetaData(hashProtected, fileName, mediaType, null);
-    }
-
-    /**
-     * Set the MetaData for the generated message.
-     *
-     * @param hashProtected true if the MetaData should be included in first imprint calculation, false otherwise.
-     * @param fileName optional file name, may be null.
-     * @param mediaType optional media type, may be null.
-     * @param attributes optional attributes, may be null.
-     */
-    public void setMetaData(boolean hashProtected, String fileName, String mediaType, Attributes attributes)
-    {
-        DERUTF8String asn1FileName = null;
-
-        if (fileName != null)
-        {
-            asn1FileName = new DERUTF8String(fileName);
-        }
-
-        DERIA5String asn1MediaType = null;
-
-        if (mediaType != null)
-        {
-            asn1MediaType = new DERIA5String(mediaType);
-        }
-
-        setMetaData(hashProtected, asn1FileName, asn1MediaType, attributes);
-    }
-
-    private void setMetaData(boolean hashProtected, DERUTF8String fileName, DERIA5String mediaType, Attributes attributes)
-    {
-        this.metaData = new MetaData(new DERBoolean(hashProtected), fileName, mediaType, attributes);
-    }
-
-    /**
-     * Initialise the passed in calculator with the MetaData for this message, if it is
-     * required as part of the initial message imprint calculation. After initialisation the
-     * calculator can then be used to calculate the initial message imprint digest for the first
-     * timestamp.
-     *
-     * @param calculator the digest calculator to be initialised.
-     * @throws CMSException if the MetaData is required and cannot be processed
-     */
-    public void initialiseMessageImprintDigestCalculator(DigestCalculator calculator)
-        throws CMSException
-    {
-        MetaDataUtil util = new MetaDataUtil(metaData);
-
-        util.initialiseMessageImprintDigestCalculator(calculator);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java
deleted file mode 100644
index 369999782..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/ImprintDigestInvalidException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import org.bouncycastle.tsp.TimeStampToken;
-
-public class ImprintDigestInvalidException
-    extends Exception
-{
-    private TimeStampToken token;
-
-    public ImprintDigestInvalidException(String message, TimeStampToken token)
-    {
-        super(message);
-
-        this.token = token;
-    }
-
-    public TimeStampToken getTimeStampToken()
-    {
-        return token;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java
deleted file mode 100644
index ca6717077..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/MetaDataUtil.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1String;
-import org.bouncycastle.asn1.cms.Attributes;
-import org.bouncycastle.asn1.cms.MetaData;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.operator.DigestCalculator;
-
-class MetaDataUtil
-{
-    private final MetaData          metaData;
-
-    MetaDataUtil(MetaData metaData)
-    {
-        this.metaData = metaData;
-    }
-
-    void initialiseMessageImprintDigestCalculator(DigestCalculator calculator)
-        throws CMSException
-    {
-        if (metaData != null && metaData.isHashProtected())
-        {
-            try
-            {
-                calculator.getOutputStream().write(metaData.getDEREncoded());
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("unable to initialise calculator from metaData: " + e.getMessage(), e);
-            }
-        }
-    }
-
-    String getFileName()
-    {
-        if (metaData != null)
-        {
-            return convertString(metaData.getFileName());
-        }
-
-        return null;
-    }
-
-    String getMediaType()
-    {
-        if (metaData != null)
-        {
-            return convertString(metaData.getMediaType());
-        }
-
-        return null;
-    }
-
-    Attributes getOtherMetaData()
-    {
-        if (metaData != null)
-        {
-            return metaData.getOtherMetaData();
-        }
-
-        return null;
-    }
-
-    private String convertString(ASN1String s)
-    {
-        if (s != null)
-        {
-            return s.toString();
-        }
-
-        return null;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java
deleted file mode 100644
index 20620c2a8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/cms/TimeStampDataUtil.java
+++ /dev/null
@@ -1,254 +0,0 @@
-package org.bouncycastle.tsp.cms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.cms.Evidence;
-import org.bouncycastle.asn1.cms.TimeStampAndCRL;
-import org.bouncycastle.asn1.cms.TimeStampedData;
-import org.bouncycastle.asn1.cms.TimeStampedDataParser;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.tsp.TSPException;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.tsp.TimeStampTokenInfo;
-import org.bouncycastle.util.Arrays;
-
-class TimeStampDataUtil
-{
-    private final TimeStampAndCRL[] timeStamps;
-
-    private final MetaDataUtil      metaDataUtil;
-
-    TimeStampDataUtil(TimeStampedData timeStampedData)
-    {
-        this.metaDataUtil = new MetaDataUtil(timeStampedData.getMetaData());
-
-        Evidence evidence = timeStampedData.getTemporalEvidence();
-        this.timeStamps = evidence.getTstEvidence().toTimeStampAndCRLArray();
-    }
-
-    TimeStampDataUtil(TimeStampedDataParser timeStampedData)
-        throws IOException
-    {       
-        this.metaDataUtil = new MetaDataUtil(timeStampedData.getMetaData());
-
-        Evidence evidence = timeStampedData.getTemporalEvidence();
-        this.timeStamps = evidence.getTstEvidence().toTimeStampAndCRLArray();
-    }
-
-    TimeStampToken getTimeStampToken(TimeStampAndCRL timeStampAndCRL)
-        throws CMSException
-    {
-        ContentInfo timeStampToken = timeStampAndCRL.getTimeStampToken();
-
-        try
-        {
-            TimeStampToken token = new TimeStampToken(timeStampToken);
-            return token;
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("unable to parse token data: " + e.getMessage(), e);
-        }
-        catch (TSPException e)
-        {
-            if (e.getCause() instanceof CMSException)
-            {
-                throw (CMSException)e.getCause();
-            }
-
-            throw new CMSException("token data invalid: " + e.getMessage(), e);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new CMSException("token data invalid: " + e.getMessage(), e);
-        }
-    }
-
-    void initialiseMessageImprintDigestCalculator(DigestCalculator calculator)
-        throws CMSException
-    {
-        metaDataUtil.initialiseMessageImprintDigestCalculator(calculator);
-    }
-
-    DigestCalculator getMessageImprintDigestCalculator(DigestCalculatorProvider calculatorProvider)
-        throws OperatorCreationException
-    {
-        TimeStampToken token;
-
-        try
-        {
-            token = this.getTimeStampToken(timeStamps[0]);
-
-            TimeStampTokenInfo info = token.getTimeStampInfo();
-            String algOID = info.getMessageImprintAlgOID();
-
-            DigestCalculator calc = calculatorProvider.get(new AlgorithmIdentifier(algOID));
-
-            initialiseMessageImprintDigestCalculator(calc);
-
-            return calc;
-        }
-        catch (CMSException e)
-        {
-            throw new OperatorCreationException("unable to extract algorithm ID: " + e.getMessage(), e);
-        }
-    }
-
-    TimeStampToken[] getTimeStampTokens()
-        throws CMSException
-    {
-        TimeStampToken[] tokens = new TimeStampToken[timeStamps.length];
-        for (int i = 0; i < timeStamps.length; i++)
-        {
-            tokens[i] = this.getTimeStampToken(timeStamps[i]);
-        }
-
-        return tokens;
-    }
-
-    TimeStampAndCRL[] getTimeStamps()
-    {
-        return timeStamps;
-    }
-
-    byte[] calculateNextHash(DigestCalculator calculator)
-        throws CMSException
-    {
-        TimeStampAndCRL tspToken = timeStamps[timeStamps.length - 1];
-
-        OutputStream out = calculator.getOutputStream();
-
-        try
-        {
-            out.write(tspToken.getDEREncoded());
-
-            out.close();
-
-            return calculator.getDigest();
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception calculating hash: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Validate the digests present in the TimeStampTokens contained in the CMSTimeStampedData.
-     */
-    void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest)
-        throws ImprintDigestInvalidException, CMSException
-    {
-        byte[] currentDigest = dataDigest;
-
-        for (int i = 0; i < timeStamps.length; i++)
-        {
-            try
-            {
-                TimeStampToken token = this.getTimeStampToken(timeStamps[i]);
-                if (i > 0)
-                {
-                    TimeStampTokenInfo info = token.getTimeStampInfo();
-                    DigestCalculator calculator = calculatorProvider.get(info.getHashAlgorithm());
-
-                    calculator.getOutputStream().write(timeStamps[i - 1].getDEREncoded());
-
-                    currentDigest = calculator.getDigest();
-                }
-
-                this.compareDigest(token, currentDigest);
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("exception calculating hash: " + e.getMessage(), e);
-            }
-            catch (OperatorCreationException e)
-            {
-                throw new CMSException("cannot create digest: " + e.getMessage(), e);
-            }
-        }
-    }
-
-    void validate(DigestCalculatorProvider calculatorProvider, byte[] dataDigest, TimeStampToken timeStampToken)
-        throws ImprintDigestInvalidException, CMSException
-    {
-        byte[] currentDigest = dataDigest;
-        byte[] encToken;
-
-        try
-        {
-            encToken = timeStampToken.getEncoded();
-        }
-        catch (IOException e)
-        {
-            throw new CMSException("exception encoding timeStampToken: " + e.getMessage(), e);
-        }
-
-        for (int i = 0; i < timeStamps.length; i++)
-        {
-            try
-            {
-                TimeStampToken token = this.getTimeStampToken(timeStamps[i]);
-                if (i > 0)
-                {
-                    TimeStampTokenInfo info = token.getTimeStampInfo();
-                    DigestCalculator calculator = calculatorProvider.get(info.getHashAlgorithm());
-
-                    calculator.getOutputStream().write(timeStamps[i - 1].getDEREncoded());
-
-                    currentDigest = calculator.getDigest();
-                }
-
-                this.compareDigest(token, currentDigest);
-
-                if (Arrays.areEqual(token.getEncoded(), encToken))
-                {
-                    return;
-                }
-            }
-            catch (IOException e)
-            {
-                throw new CMSException("exception calculating hash: " + e.getMessage(), e);
-            }
-            catch (OperatorCreationException e)
-            {
-                throw new CMSException("cannot create digest: " + e.getMessage(), e);
-            }
-        }
-
-        throw new ImprintDigestInvalidException("passed in token not associated with timestamps present", timeStampToken);
-    }
-
-    private void compareDigest(TimeStampToken timeStampToken, byte[] digest)
-        throws ImprintDigestInvalidException
-    {
-        TimeStampTokenInfo info = timeStampToken.getTimeStampInfo();
-        byte[] tsrMessageDigest = info.getMessageImprintDigest();
-
-        if (!Arrays.areEqual(digest, tsrMessageDigest))
-        {
-            throw new ImprintDigestInvalidException("hash calculated is different from MessageImprintDigest found in TimeStampToken", timeStampToken);
-        }
-    }
-
-    String getFileName()
-    {
-        return metaDataUtil.getFileName();
-    }
-
-    String getMediaType()
-    {
-        return metaDataUtil.getMediaType();
-    }
-
-    AttributeTable getOtherMetaData()
-    {
-        return new AttributeTable(metaDataUtil.getOtherMetaData());
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/package.html
deleted file mode 100644
index 45d0c3c3f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/tsp/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for dealing Time Stamp Protocol (TSP) - RFC 3161.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Arrays.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/Arrays.java
deleted file mode 100644
index 9d6a43b7f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Arrays.java
+++ /dev/null
@@ -1,244 +0,0 @@
-package org.bouncycastle.util;
-
-/**
- * General array utilities.
- */
-public final class Arrays
-{
-    private Arrays() 
-    {
-        // static class, hide constructor
-    }
-    
-    public static boolean areEqual(
-        boolean[]  a,
-        boolean[]  b)
-    {
-        if (a == b)
-        {
-            return true;
-        }
-
-        if (a == null || b == null)
-        {
-            return false;
-        }
-
-        if (a.length != b.length)
-        {
-            return false;
-        }
-
-        for (int i = 0; i != a.length; i++)
-        {
-            if (a[i] != b[i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    public static boolean areEqual(
-        char[]  a,
-        char[]  b)
-    {
-        if (a == b)
-        {
-            return true;
-        }
-
-        if (a == null || b == null)
-        {
-            return false;
-        }
-
-        if (a.length != b.length)
-        {
-            return false;
-        }
-
-        for (int i = 0; i != a.length; i++)
-        {
-            if (a[i] != b[i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    public static boolean areEqual(
-        byte[]  a,
-        byte[]  b)
-    {
-        if (a == b)
-        {
-            return true;
-        }
-
-        if (a == null || b == null)
-        {
-            return false;
-        }
-
-        if (a.length != b.length)
-        {
-            return false;
-        }
-
-        for (int i = 0; i != a.length; i++)
-        {
-            if (a[i] != b[i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * A constant time equals comparison - does not terminate early if
-     * test will fail.
-     *
-     * @param a first array
-     * @param b second array
-     * @return true if arrays equal, false otherwise.
-     */
-    public static boolean constantTimeAreEqual(
-        byte[]  a,
-        byte[]  b)
-    {
-        if (a == b)
-        {
-            return true;
-        }
-
-        if (a == null || b == null)
-        {
-            return false;
-        }
-
-        if (a.length != b.length)
-        {
-            return false;
-        }
-
-        int nonEqual = 0;
-
-        for (int i = 0; i != a.length; i++)
-        {
-            nonEqual |= (a[i] ^ b[i]);
-        }
-
-        return nonEqual == 0;
-    }
-
-    public static boolean areEqual(
-        int[]  a,
-        int[]  b)
-    {
-        if (a == b)
-        {
-            return true;
-        }
-
-        if (a == null || b == null)
-        {
-            return false;
-        }
-
-        if (a.length != b.length)
-        {
-            return false;
-        }
-
-        for (int i = 0; i != a.length; i++)
-        {
-            if (a[i] != b[i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    public static void fill(
-        byte[] array,
-        byte value)
-    {
-        for (int i = 0; i < array.length; i++)
-        {
-            array[i] = value;
-        }
-    }
-    
-    public static void fill(
-        long[] array,
-        long value)
-    {
-        for (int i = 0; i < array.length; i++)
-        {
-            array[i] = value;
-        }
-    }
-
-    public static void fill(
-        short[] array, 
-        short value)
-    {
-        for (int i = 0; i < array.length; i++)
-        {
-            array[i] = value;
-        }
-    }
-
-    public static int hashCode(byte[] data)
-    {
-        if (data == null)
-        {
-            return 0;
-        }
-
-        int i = data.length;
-        int hc = i + 1;
-
-        while (--i >= 0)
-        {
-            hc *= 257;
-            hc ^= data[i];
-        }
-
-        return hc;
-    }
-
-    public static byte[] clone(byte[] data)
-    {
-        if (data == null)
-        {
-            return null;
-        }
-        byte[] copy = new byte[data.length];
-
-        System.arraycopy(data, 0, copy, 0, data.length);
-
-        return copy;
-    }
-
-    public static int[] clone(int[] data)
-    {
-        if (data == null)
-        {
-            return null;
-        }
-        int[] copy = new int[data.length];
-
-        System.arraycopy(data, 0, copy, 0, data.length);
-
-        return copy;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/BigIntegers.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/BigIntegers.java
deleted file mode 100644
index 2115799da..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/BigIntegers.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.util;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * BigInteger utilities.
- */
-public final class BigIntegers
-{
-    private static final int MAX_ITERATIONS = 1000;
-    private static final BigInteger ZERO = BigInteger.valueOf(0);
-
-    /**
-     * Return the passed in value as an unsigned byte array.
-     * 
-     * @param value value to be converted.
-     * @return a byte array without a leading zero byte if present in the signed encoding.
-     */
-    public static byte[] asUnsignedByteArray(
-        BigInteger value)
-    {
-        byte[] bytes = value.toByteArray();
-        
-        if (bytes[0] == 0)
-        {
-            byte[] tmp = new byte[bytes.length - 1];
-            
-            System.arraycopy(bytes, 1, tmp, 0, tmp.length);
-            
-            return tmp;
-        }
-        
-        return bytes;
-    }
-
-    /**
-     * Return a random BigInteger not less than 'min' and not greater than 'max'
-     * 
-     * @param min the least value that may be generated
-     * @param max the greatest value that may be generated
-     * @param random the source of randomness
-     * @return a random BigInteger value in the range [min,max]
-     */
-    public static BigInteger createRandomInRange(
-        BigInteger      min,
-        BigInteger      max,
-        SecureRandom    random)
-    {
-        int cmp = min.compareTo(max);
-        if (cmp >= 0)
-        {
-            if (cmp > 0)
-            {
-                throw new IllegalArgumentException("'min' may not be greater than 'max'");
-            }
-
-            return min;
-        }
-
-        if (min.bitLength() > max.bitLength() / 2)
-        {
-            return createRandomInRange(ZERO, max.subtract(min), random).add(min);
-        }
-
-        for (int i = 0; i < MAX_ITERATIONS; ++i)
-        {
-            BigInteger x = new BigInteger(max.bitLength(), random);
-            if (x.compareTo(min) >= 0 && x.compareTo(max) <= 0)
-            {
-                return x;
-            }
-        }
-
-        // fall back to a faster (restricted) method
-        return new BigInteger(max.subtract(min).bitLength() - 1, random).add(min);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/CollectionStore.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/CollectionStore.java
deleted file mode 100644
index 91aba1462..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/CollectionStore.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.util;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * A simple collection backed store.
- */
-public class CollectionStore
-    implements Store
-{
-    private Collection _local;
-
-    /**
-     * Basic constructor.
-     *
-     * @param collection - initial contents for the store, this is copied.
-     */
-    public CollectionStore(
-        Collection collection)
-    {
-        _local = new ArrayList(collection);
-    }
-
-    /**
-     * Return the matches in the collection for the passed in selector.
-     *
-     * @param selector the selector to match against.
-     * @return a possibly empty collection of matching objects.
-     */
-    public Collection getMatches(Selector selector)
-    {
-        if (selector == null)
-        {
-            return new ArrayList(_local);
-        }
-        else
-        {
-            List col = new ArrayList();
-            Iterator iter = _local.iterator();
-
-            while (iter.hasNext())
-            {
-                Object obj = iter.next();
-
-                if (selector.match(obj))
-                {
-                    col.add(obj);
-                }
-            }
-
-            return col;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/IPAddress.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/IPAddress.java
deleted file mode 100644
index 9f5d1cbc8..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/IPAddress.java
+++ /dev/null
@@ -1,188 +0,0 @@
-package org.bouncycastle.util;
-
-public class IPAddress
-{
-    /**
-     * Validate the given IPv4 or IPv6 address.
-     *
-     * @param address the IP address as a String.
-     *
-     * @return true if a valid address, false otherwise
-     */
-    public static boolean isValid(
-        String address)
-    {
-        return isValidIPv4(address) || isValidIPv6(address);
-    }
-
-    /**
-     * Validate the given IPv4 or IPv6 address and netmask.
-     *
-     * @param address the IP address as a String.
-     *
-     * @return true if a valid address with netmask, false otherwise
-     */
-    public static boolean isValidWithNetMask(
-        String address)
-    {
-        return isValidIPv4WithNetmask(address) || isValidIPv6WithNetmask(address);
-    }
-
-    /**
-     * Validate the given IPv4 address.
-     * 
-     * @param address the IP address as a String.
-     *
-     * @return true if a valid IPv4 address, false otherwise
-     */
-    public static boolean isValidIPv4(
-        String address)
-    {
-        if (address.length() == 0)
-        {
-            return false;
-        }
-
-        int octet;
-        int octets = 0;
-        
-        String temp = address+".";
-
-        int pos;
-        int start = 0;
-        while (start < temp.length()
-            && (pos = temp.indexOf('.', start)) > start)
-        {
-            if (octets == 4)
-            {
-                return false;
-            }
-            try
-            {
-                octet = Integer.parseInt(temp.substring(start, pos));
-            }
-            catch (NumberFormatException ex)
-            {
-                return false;
-            }
-            if (octet < 0 || octet > 255)
-            {
-                return false;
-            }
-            start = pos + 1;
-            octets++;
-        }
-
-        return octets == 4;
-    }
-
-    public static boolean isValidIPv4WithNetmask(
-        String address)
-    {
-        int index = address.indexOf("/");
-        String mask = address.substring(index + 1);
-
-        return (index > 0) && isValidIPv4(address.substring(0, index))
-                           && (isValidIPv4(mask) || isMaskValue(mask, 32));
-    }
-
-    public static boolean isValidIPv6WithNetmask(
-        String address)
-    {
-        int index = address.indexOf("/");
-        String mask = address.substring(index + 1);
-
-        return (index > 0) && (isValidIPv6(address.substring(0, index))
-                           && (isValidIPv6(mask) || isMaskValue(mask, 128)));
-    }
-
-    private static boolean isMaskValue(String component, int size)
-    {
-        try
-        {
-            int value = Integer.parseInt(component);
-
-            return value >= 0 && value <= size;
-        }
-        catch (NumberFormatException e)
-        {
-            return false;
-        }
-    }
-
-    /**
-     * Validate the given IPv6 address.
-     *
-     * @param address the IP address as a String.
-     *
-     * @return true if a valid IPv4 address, false otherwise
-     */
-    public static boolean isValidIPv6(
-        String address)
-    {
-        if (address.length() == 0)
-        {
-            return false;
-        }
-
-        int octet;
-        int octets = 0;
-
-        String temp = address + ":";
-        boolean doubleColonFound = false;
-        int pos;
-        int start = 0;
-        while (start < temp.length()
-            && (pos = temp.indexOf(':', start)) >= start)
-        {
-            if (octets == 8)
-            {
-                return false;
-            }
-
-            if (start != pos)
-            {
-                String value = temp.substring(start, pos);
-
-                if (pos == (temp.length() - 1) && value.indexOf('.') > 0)
-                {
-                    if (!isValidIPv4(value))
-                    {
-                        return false;
-                    }
-
-                    octets++; // add an extra one as address covers 2 words.
-                }
-                else
-                {
-                    try
-                    {
-                        octet = Integer.parseInt(temp.substring(start, pos), 16);
-                    }
-                    catch (NumberFormatException ex)
-                    {
-                        return false;
-                    }
-                    if (octet < 0 || octet > 0xffff)
-                    {
-                        return false;
-                    }
-                }
-            }
-            else
-            {
-                if (pos != 1 && pos != temp.length() - 1 && doubleColonFound)
-                {
-                    return false;
-                }
-                doubleColonFound = true;
-            }
-            start = pos + 1;
-            octets++;
-        }
-
-        return octets == 8 || doubleColonFound;
-    }
-}
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Selector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/Selector.java
deleted file mode 100644
index 7ad86bf4e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Selector.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.util;
-
-public interface Selector
-    extends Cloneable
-{
-    boolean match(Object obj);
-
-    Object clone();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Store.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/Store.java
deleted file mode 100644
index b994c926d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Store.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.util;
-
-import java.util.Collection;
-
-public interface Store
-{
-    Collection getMatches(Selector selector)
-        throws StoreException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/StoreException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/StoreException.java
deleted file mode 100644
index 5ea09e80e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/StoreException.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.util;
-
-public class StoreException
-    extends RuntimeException
-{
-    private Throwable _e;
-
-    public StoreException(String s, Throwable e)
-    {
-        super(s);
-        _e = e;
-    }
-
-    public Throwable getCause()
-    {
-        return _e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParser.java
deleted file mode 100644
index 13f2b1630..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParser.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.util;
-
-import java.util.Collection;
-
-public interface StreamParser
-{
-    Object read() throws StreamParsingException;
-
-    Collection readAll() throws StreamParsingException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParsingException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParsingException.java
deleted file mode 100644
index 0a76378a0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/StreamParsingException.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.util;
-
-public class StreamParsingException 
-    extends Exception
-{
-    Throwable _e;
-
-    public StreamParsingException(String message, Throwable e)
-    {
-        super(message);
-        _e = e;
-    }
-
-    public Throwable getCause()
-    {
-        return _e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Strings.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/Strings.java
deleted file mode 100644
index 0c081f7be..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/Strings.java
+++ /dev/null
@@ -1,258 +0,0 @@
-package org.bouncycastle.util;
-
-import java.io.ByteArrayOutputStream;
-import java.util.Vector;
-
-public final class Strings
-{
-    public static String fromUTF8ByteArray(byte[] bytes)
-    {
-        int i = 0;
-        int length = 0;
-
-        while (i < bytes.length)
-        {
-            length++;
-            if ((bytes[i] & 0xf0) == 0xf0)
-            {
-                // surrogate pair
-                length++;
-                i += 4;
-            }
-            else if ((bytes[i] & 0xe0) == 0xe0)
-            {
-                i += 3;
-            }
-            else if ((bytes[i] & 0xc0) == 0xc0)
-            {
-                i += 2;
-            }
-            else
-            {
-                i += 1;
-            }
-        }
-
-        char[] cs = new char[length];
-
-        i = 0;
-        length = 0;
-
-        while (i < bytes.length)
-        {
-            char ch;
-
-            if ((bytes[i] & 0xf0) == 0xf0)
-            {
-                int codePoint = ((bytes[i] & 0x03) << 18) | ((bytes[i+1] & 0x3F) << 12) | ((bytes[i+2] & 0x3F) << 6) | (bytes[i+3] & 0x3F);
-                int U = codePoint - 0x10000;
-                char W1 = (char)(0xD800 | (U >> 10));
-                char W2 = (char)(0xDC00 | (U & 0x3FF));
-                cs[length++] = W1;
-                ch = W2;
-                i += 4;
-            }
-            else if ((bytes[i] & 0xe0) == 0xe0)
-            {
-                ch = (char)(((bytes[i] & 0x0f) << 12)
-                        | ((bytes[i + 1] & 0x3f) << 6) | (bytes[i + 2] & 0x3f));
-                i += 3;
-            }
-            else if ((bytes[i] & 0xd0) == 0xd0)
-            {
-                ch = (char)(((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
-                i += 2;
-            }
-            else if ((bytes[i] & 0xc0) == 0xc0)
-            {
-                ch = (char)(((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
-                i += 2;
-            }
-            else
-            {
-                ch = (char)(bytes[i] & 0xff);
-                i += 1;
-            }
-
-            cs[length++] = ch;
-        }
-
-        return new String(cs);
-    }
-    
-    public static byte[] toUTF8ByteArray(String string)
-    {
-        return toUTF8ByteArray(string.toCharArray());
-    }
-
-    public static byte[] toUTF8ByteArray(char[] string)
-    {
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        char[] c = string;
-        int i = 0;
-
-        while (i < c.length)
-        {
-            char ch = c[i];
-
-            if (ch < 0x0080)
-            {
-                bOut.write(ch);
-            }
-            else if (ch < 0x0800)
-            {
-                bOut.write(0xc0 | (ch >> 6));
-                bOut.write(0x80 | (ch & 0x3f));
-            }
-            // surrogate pair
-            else if (ch >= 0xD800 && ch <= 0xDFFF)
-            {
-                // in error - can only happen, if the Java String class has a
-                // bug.
-                if (i + 1 >= c.length)
-                {
-                    throw new IllegalStateException("invalid UTF-16 codepoint");
-                }
-                char W1 = ch;
-                ch = c[++i];
-                char W2 = ch;
-                // in error - can only happen, if the Java String class has a
-                // bug.
-                if (W1 > 0xDBFF)
-                {
-                    throw new IllegalStateException("invalid UTF-16 codepoint");
-                }
-                int codePoint = (((W1 & 0x03FF) << 10) | (W2 & 0x03FF)) + 0x10000;
-                bOut.write(0xf0 | (codePoint >> 18));
-                bOut.write(0x80 | ((codePoint >> 12) & 0x3F));
-                bOut.write(0x80 | ((codePoint >> 6) & 0x3F));
-                bOut.write(0x80 | (codePoint & 0x3F));
-            }
-            else
-            {
-                bOut.write(0xe0 | (ch >> 12));
-                bOut.write(0x80 | ((ch >> 6) & 0x3F));
-                bOut.write(0x80 | (ch & 0x3F));
-            }
-
-            i++;
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * A locale independent version of toUpperCase.
-     * 
-     * @param string input to be converted
-     * @return a US Ascii uppercase version
-     */
-    public static String toUpperCase(String string)
-    {
-        boolean changed = false;
-        char[] chars = string.toCharArray();
-        
-        for (int i = 0; i != chars.length; i++)
-        {
-            char ch = chars[i];
-            if ('a' <= ch && 'z' >= ch)
-            {
-                changed = true;
-                chars[i] = (char)(ch - 'a' + 'A');
-            }
-        }
-        
-        if (changed)
-        {
-            return new String(chars);
-        }
-        
-        return string;
-    }
-    
-    /**
-     * A locale independent version of toLowerCase.
-     * 
-     * @param string input to be converted
-     * @return a US ASCII lowercase version
-     */
-    public static String toLowerCase(String string)
-    {
-        boolean changed = false;
-        char[] chars = string.toCharArray();
-        
-        for (int i = 0; i != chars.length; i++)
-        {
-            char ch = chars[i];
-            if ('A' <= ch && 'Z' >= ch)
-            {
-                changed = true;
-                chars[i] = (char)(ch - 'A' + 'a');
-            }
-        }
-        
-        if (changed)
-        {
-            return new String(chars);
-        }
-        
-        return string;
-    }
-
-    public static byte[] toByteArray(char[] chars)
-    {
-        byte[] bytes = new byte[chars.length];
-
-        for (int i = 0; i != bytes.length; i++)
-        {
-            bytes[i] = (byte)chars[i];
-        }
-
-        return bytes;
-    }
-
-    public static byte[] toByteArray(String string)
-    {
-        byte[] bytes = new byte[string.length()];
-
-        for (int i = 0; i != bytes.length; i++)
-        {
-            char ch = string.charAt(i);
-
-            bytes[i] = (byte)ch;
-        }
-
-        return bytes;
-    }
-
-    public static String[] split(String input, char delimiter)
-    {
-        Vector           v = new Vector();
-        boolean moreTokens = true;
-        String subString;
-
-        while (moreTokens)
-        {
-            int tokenLocation = input.indexOf(delimiter);
-            if (tokenLocation > 0)
-            {
-                subString = input.substring(0, tokenLocation);
-                v.addElement(subString);
-                input = input.substring(tokenLocation + 1);
-            }
-            else
-            {
-                moreTokens = false;
-                v.addElement(input);
-            }
-        }
-
-        String[] res = new String[v.size()];
-
-        for (int i = 0; i != res.length; i++)
-        {
-            res[i] = (String)v.elementAt(i);
-        }
-        return res;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64.java
deleted file mode 100644
index 93fed648a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64.java
+++ /dev/null
@@ -1,121 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class Base64
-{
-    private static final Encoder encoder = new Base64Encoder();
-    
-    /**
-     * encode the input data producing a base 64 encoded byte array.
-     *
-     * @return a byte array containing the base 64 encoded data.
-     */
-    public static byte[] encode(
-        byte[]    data)
-    {
-        int len = (data.length + 2) / 3 * 4;
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream(len);
-        
-        try
-        {
-            encoder.encode(data, 0, data.length, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception encoding base64 string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-
-    /**
-     * Encode the byte data to base 64 writing it to the given output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int encode(
-        byte[]                data,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.encode(data, 0, data.length, out);
-    }
-    
-    /**
-     * Encode the byte data to base 64 writing it to the given output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int encode(
-        byte[]                data,
-        int                    off,
-        int                    length,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.encode(data, off, length, out);
-    }
-    
-    /**
-     * decode the base 64 encoded input data. It is assumed the input data is valid.
-     *
-     * @return a byte array representing the decoded data.
-     */
-    public static byte[] decode(
-        byte[]    data)
-    {
-        int len = data.length / 4 * 3;
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream(len);
-        
-        try
-        {
-            encoder.decode(data, 0, data.length, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception decoding base64 string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * decode the base 64 encoded String data - whitespace will be ignored.
-     *
-     * @return a byte array representing the decoded data.
-     */
-    public static byte[] decode(
-        String    data)
-    {
-        int len = data.length() / 4 * 3;
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream(len);
-        
-        try
-        {
-            encoder.decode(data, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception decoding base64 string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * decode the base 64 encoded String data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int decode(
-        String                data,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.decode(data, out);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java
deleted file mode 100644
index 3edc0681b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java
+++ /dev/null
@@ -1,298 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class Base64Encoder
-    implements Encoder
-{
-    protected final byte[] encodingTable =
-        {
-            (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-            (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-            (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
-            (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-            (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-            (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-            (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
-            (byte)'v',
-            (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-            (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6',
-            (byte)'7', (byte)'8', (byte)'9',
-            (byte)'+', (byte)'/'
-        };
-
-    protected byte    padding = (byte)'=';
-    
-    /*
-     * set up the decoding table.
-     */
-    protected final byte[] decodingTable = new byte[128];
-
-    protected void initialiseDecodingTable()
-    {
-        for (int i = 0; i < encodingTable.length; i++)
-        {
-            decodingTable[encodingTable[i]] = (byte)i;
-        }
-    }
-    
-    public Base64Encoder()
-    {
-        initialiseDecodingTable();
-    }
-    
-    /**
-     * encode the input data producing a base 64 output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public int encode(
-        byte[]                data,
-        int                    off,
-        int                    length,
-        OutputStream    out) 
-        throws IOException
-    {
-        int modulus = length % 3;
-        int dataLength = (length - modulus);
-        int a1, a2, a3;
-        
-        for (int i = off; i < off + dataLength; i += 3)
-        {
-            a1 = data[i] & 0xff;
-            a2 = data[i + 1] & 0xff;
-            a3 = data[i + 2] & 0xff;
-
-            out.write(encodingTable[(a1 >>> 2) & 0x3f]);
-            out.write(encodingTable[((a1 << 4) | (a2 >>> 4)) & 0x3f]);
-            out.write(encodingTable[((a2 << 2) | (a3 >>> 6)) & 0x3f]);
-            out.write(encodingTable[a3 & 0x3f]);
-        }
-
-        /*
-         * process the tail end.
-         */
-        int    b1, b2, b3;
-        int    d1, d2;
-
-        switch (modulus)
-        {
-        case 0:        /* nothing left to do */
-            break;
-        case 1:
-            d1 = data[off + dataLength] & 0xff;
-            b1 = (d1 >>> 2) & 0x3f;
-            b2 = (d1 << 4) & 0x3f;
-
-            out.write(encodingTable[b1]);
-            out.write(encodingTable[b2]);
-            out.write(padding);
-            out.write(padding);
-            break;
-        case 2:
-            d1 = data[off + dataLength] & 0xff;
-            d2 = data[off + dataLength + 1] & 0xff;
-
-            b1 = (d1 >>> 2) & 0x3f;
-            b2 = ((d1 << 4) | (d2 >>> 4)) & 0x3f;
-            b3 = (d2 << 2) & 0x3f;
-
-            out.write(encodingTable[b1]);
-            out.write(encodingTable[b2]);
-            out.write(encodingTable[b3]);
-            out.write(padding);
-            break;
-        }
-
-        return (dataLength / 3) * 4 + ((modulus == 0) ? 0 : 4);
-    }
-
-    private boolean ignore(
-        char    c)
-    {
-        return (c == '\n' || c =='\r' || c == '\t' || c == ' ');
-    }
-    
-    /**
-     * decode the base 64 encoded byte data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public int decode(
-        byte[]          data,
-        int             off,
-        int             length,
-        OutputStream    out)
-        throws IOException
-    {
-        byte    b1, b2, b3, b4;
-        int     outLen = 0;
-        
-        int     end = off + length;
-        
-        while (end > off)
-        {
-            if (!ignore((char)data[end - 1]))
-            {
-                break;
-            }
-            
-            end--;
-        }
-        
-        int  i = off;
-        int  finish = end - 4;
-        
-        i = nextI(data, i, finish);
-
-        while (i < finish)
-        {
-            b1 = decodingTable[data[i++]];
-            
-            i = nextI(data, i, finish);
-            
-            b2 = decodingTable[data[i++]];
-            
-            i = nextI(data, i, finish);
-            
-            b3 = decodingTable[data[i++]];
-            
-            i = nextI(data, i, finish);
-            
-            b4 = decodingTable[data[i++]];
-
-            out.write((b1 << 2) | (b2 >> 4));
-            out.write((b2 << 4) | (b3 >> 2));
-            out.write((b3 << 6) | b4);
-            
-            outLen += 3;
-            
-            i = nextI(data, i, finish);
-        }
-
-        outLen += decodeLastBlock(out, (char)data[end - 4], (char)data[end - 3], (char)data[end - 2], (char)data[end - 1]);
-        
-        return outLen;
-    }
-
-    private int nextI(byte[] data, int i, int finish)
-    {
-        while ((i < finish) && ignore((char)data[i]))
-        {
-            i++;
-        }
-        return i;
-    }
-    
-    /**
-     * decode the base 64 encoded String data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public int decode(
-        String          data,
-        OutputStream    out)
-        throws IOException
-    {
-        byte    b1, b2, b3, b4;
-        int     length = 0;
-        
-        int     end = data.length();
-        
-        while (end > 0)
-        {
-            if (!ignore(data.charAt(end - 1)))
-            {
-                break;
-            }
-            
-            end--;
-        }
-        
-        int  i = 0;
-        int  finish = end - 4;
-        
-        i = nextI(data, i, finish);
-        
-        while (i < finish)
-        {
-            b1 = decodingTable[data.charAt(i++)];
-            
-            i = nextI(data, i, finish);
-            
-            b2 = decodingTable[data.charAt(i++)];
-            
-            i = nextI(data, i, finish);
-            
-            b3 = decodingTable[data.charAt(i++)];
-            
-            i = nextI(data, i, finish);
-            
-            b4 = decodingTable[data.charAt(i++)];
-
-            out.write((b1 << 2) | (b2 >> 4));
-            out.write((b2 << 4) | (b3 >> 2));
-            out.write((b3 << 6) | b4);
-            
-            length += 3;
-            
-            i = nextI(data, i, finish);
-        }
-
-        length += decodeLastBlock(out, data.charAt(end - 4), data.charAt(end - 3), data.charAt(end - 2), data.charAt(end - 1));
-
-        return length;
-    }
-
-    private int decodeLastBlock(OutputStream out, char c1, char c2, char c3, char c4) 
-        throws IOException
-    {
-        byte    b1, b2, b3, b4;
-        
-        if (c3 == padding)
-        {
-            b1 = decodingTable[c1];
-            b2 = decodingTable[c2];
-
-            out.write((b1 << 2) | (b2 >> 4));
-            
-            return 1;
-        }
-        else if (c4 == padding)
-        {
-            b1 = decodingTable[c1];
-            b2 = decodingTable[c2];
-            b3 = decodingTable[c3];
-
-            out.write((b1 << 2) | (b2 >> 4));
-            out.write((b2 << 4) | (b3 >> 2));
-            
-            return 2;
-        }
-        else
-        {
-            b1 = decodingTable[c1];
-            b2 = decodingTable[c2];
-            b3 = decodingTable[c3];
-            b4 = decodingTable[c4];
-
-            out.write((b1 << 2) | (b2 >> 4));
-            out.write((b2 << 4) | (b3 >> 2));
-            out.write((b3 << 6) | b4);
-            
-            return 3;
-        } 
-    }
-
-    private int nextI(String data, int i, int finish)
-    {
-        while ((i < finish) && ignore(data.charAt(i)))
-        {
-            i++;
-        }
-        return i;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java
deleted file mode 100644
index 672430ac2..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-
-/**
- * a buffering class to allow translation from one format to another to
- * be done in discrete chunks.
- */
-public class BufferedDecoder
-{
-    protected byte[]        buf;
-    protected int           bufOff;
-
-    protected Translator    translator;
-
-    /**
-     * @param translator the translator to use.
-     * @param bufSize amount of input to buffer for each chunk.
-     */
-    public BufferedDecoder(
-        Translator  translator,
-        int         bufSize)
-    {
-        this.translator = translator;
-
-        if ((bufSize % translator.getEncodedBlockSize()) != 0)
-        {
-            throw new IllegalArgumentException("buffer size not multiple of input block size");
-        }
-
-        buf = new byte[bufSize];
-        bufOff = 0;
-    }
-
-    public int processByte(
-        byte        in,
-        byte[]      out,
-        int         outOff)
-    {
-        int         resultLen = 0;
-
-        buf[bufOff++] = in;
-
-        if (bufOff == buf.length)
-        {
-            resultLen = translator.decode(buf, 0, buf.length, out, outOff);
-            bufOff = 0;
-        }
-
-        return resultLen;
-    }
-
-    public int processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len,
-        byte[]      out,
-        int         outOff)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int resultLen = 0;
-        int gapLen = buf.length - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += translator.decode(buf, 0, buf.length, out, outOff);
-
-            bufOff = 0;
-
-            len -= gapLen;
-            inOff += gapLen;
-            outOff += resultLen;
-
-            int chunkSize = len - (len % buf.length);
-
-            resultLen += translator.decode(in, inOff, chunkSize, out, outOff);
-
-            len -= chunkSize;
-            inOff += chunkSize;
-        }
-
-        if (len != 0)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, len);
-
-            bufOff += len;
-        }
-
-        return resultLen;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java
deleted file mode 100644
index 107eee89d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-
-/**
- * a buffering class to allow translation from one format to another to
- * be done in discrete chunks.
- */
-public class BufferedEncoder
-{
-    protected byte[]        buf;
-    protected int           bufOff;
-
-    protected Translator    translator;
-
-    /**
-     * @param translator the translator to use.
-     * @param bufSize amount of input to buffer for each chunk.
-     */
-    public BufferedEncoder(
-        Translator  translator,
-        int         bufSize)
-    {
-        this.translator = translator;
-
-        if ((bufSize % translator.getEncodedBlockSize()) != 0)
-        {
-            throw new IllegalArgumentException("buffer size not multiple of input block size");
-        }
-
-        buf = new byte[bufSize];
-        bufOff = 0;
-    }
-
-    public int processByte(
-        byte        in,
-        byte[]      out,
-        int         outOff)
-    {
-        int         resultLen = 0;
-
-        buf[bufOff++] = in;
-
-        if (bufOff == buf.length)
-        {
-            resultLen = translator.encode(buf, 0, buf.length, out, outOff);
-            bufOff = 0;
-        }
-
-        return resultLen;
-    }
-
-    public int processBytes(
-        byte[]      in,
-        int         inOff,
-        int         len,
-        byte[]      out,
-        int         outOff)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException("Can't have a negative input length!");
-        }
-
-        int resultLen = 0;
-        int gapLen = buf.length - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            resultLen += translator.encode(buf, 0, buf.length, out, outOff);
-
-            bufOff = 0;
-
-            len -= gapLen;
-            inOff += gapLen;
-            outOff += resultLen;
-
-            int chunkSize = len - (len % buf.length);
-
-            resultLen += translator.encode(in, inOff, chunkSize, out, outOff);
-
-            len -= chunkSize;
-            inOff += chunkSize;
-        }
-
-        if (len != 0)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, len);
-
-            bufOff += len;
-        }
-
-        return resultLen;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Encoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Encoder.java
deleted file mode 100644
index b06612105..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Encoder.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * Encode and decode byte arrays (typically from binary to 7-bit ASCII 
- * encodings).
- */
-public interface Encoder
-{
-    int encode(byte[] data, int off, int length, OutputStream out) throws IOException;
-    
-    int decode(byte[] data, int off, int length, OutputStream out) throws IOException;
-
-    int decode(String data, OutputStream out) throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Hex.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Hex.java
deleted file mode 100644
index d69f7739f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Hex.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class Hex
-{
-    private static final Encoder encoder = new HexEncoder();
-    
-    /**
-     * encode the input data producing a Hex encoded byte array.
-     *
-     * @return a byte array containing the Hex encoded data.
-     */
-    public static byte[] encode(
-        byte[]    data)
-    {
-        return encode(data, 0, data.length);
-    }
-    
-    /**
-     * encode the input data producing a Hex encoded byte array.
-     *
-     * @return a byte array containing the Hex encoded data.
-     */
-    public static byte[] encode(
-        byte[]    data,
-        int       off,
-        int       length)
-    {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        
-        try
-        {
-            encoder.encode(data, off, length, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception encoding Hex string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-
-    /**
-     * Hex encode the byte data writing it to the given output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int encode(
-        byte[]         data,
-        OutputStream   out)
-        throws IOException
-    {
-        return encoder.encode(data, 0, data.length, out);
-    }
-    
-    /**
-     * Hex encode the byte data writing it to the given output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int encode(
-        byte[]         data,
-        int            off,
-        int            length,
-        OutputStream   out)
-        throws IOException
-    {
-        return encoder.encode(data, off, length, out);
-    }
-    
-    /**
-     * decode the Hex encoded input data. It is assumed the input data is valid.
-     *
-     * @return a byte array representing the decoded data.
-     */
-    public static byte[] decode(
-        byte[]    data)
-    {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        
-        try
-        {
-            encoder.decode(data, 0, data.length, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception decoding Hex string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * decode the Hex encoded String data - whitespace will be ignored.
-     *
-     * @return a byte array representing the decoded data.
-     */
-    public static byte[] decode(
-        String    data)
-    {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        
-        try
-        {
-            encoder.decode(data, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception decoding Hex string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * decode the Hex encoded String data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int decode(
-        String          data,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.decode(data, out);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java
deleted file mode 100644
index 0dcae2917..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java
+++ /dev/null
@@ -1,172 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class HexEncoder
-    implements Encoder
-{
-    protected final byte[] encodingTable =
-        {
-            (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7',
-            (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f'
-        };
-    
-    /*
-     * set up the decoding table.
-     */
-    protected final byte[] decodingTable = new byte[128];
-
-    protected void initialiseDecodingTable()
-    {
-        for (int i = 0; i < encodingTable.length; i++)
-        {
-            decodingTable[encodingTable[i]] = (byte)i;
-        }
-        
-        decodingTable['A'] = decodingTable['a'];
-        decodingTable['B'] = decodingTable['b'];
-        decodingTable['C'] = decodingTable['c'];
-        decodingTable['D'] = decodingTable['d'];
-        decodingTable['E'] = decodingTable['e'];
-        decodingTable['F'] = decodingTable['f'];
-    }
-    
-    public HexEncoder()
-    {
-        initialiseDecodingTable();
-    }
-    
-    /**
-     * encode the input data producing a Hex output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public int encode(
-        byte[]                data,
-        int                    off,
-        int                    length,
-        OutputStream    out) 
-        throws IOException
-    {        
-        for (int i = off; i < (off + length); i++)
-        {
-            int    v = data[i] & 0xff;
-
-            out.write(encodingTable[(v >>> 4)]);
-            out.write(encodingTable[v & 0xf]);
-        }
-
-        return length * 2;
-    }
-
-    private boolean ignore(
-        char    c)
-    {
-        return (c == '\n' || c =='\r' || c == '\t' || c == ' ');
-    }
-    
-    /**
-     * decode the Hex encoded byte data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public int decode(
-        byte[]          data,
-        int             off,
-        int             length,
-        OutputStream    out)
-        throws IOException
-    {
-        byte    b1, b2;
-        int     outLen = 0;
-        
-        int     end = off + length;
-        
-        while (end > off)
-        {
-            if (!ignore((char)data[end - 1]))
-            {
-                break;
-            }
-            
-            end--;
-        }
-        
-        int i = off;
-        while (i < end)
-        {
-            while (i < end && ignore((char)data[i]))
-            {
-                i++;
-            }
-            
-            b1 = decodingTable[data[i++]];
-            
-            while (i < end && ignore((char)data[i]))
-            {
-                i++;
-            }
-            
-            b2 = decodingTable[data[i++]];
-
-            out.write((b1 << 4) | b2);
-            
-            outLen++;
-        }
-
-        return outLen;
-    }
-    
-    /**
-     * decode the Hex encoded String data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public int decode(
-        String          data,
-        OutputStream    out)
-        throws IOException
-    {
-        byte    b1, b2;
-        int     length = 0;
-        
-        int     end = data.length();
-        
-        while (end > 0)
-        {
-            if (!ignore(data.charAt(end - 1)))
-            {
-                break;
-            }
-            
-            end--;
-        }
-        
-        int i = 0;
-        while (i < end)
-        {
-            while (i < end && ignore(data.charAt(i)))
-            {
-                i++;
-            }
-            
-            b1 = decodingTable[data.charAt(i++)];
-            
-            while (i < end && ignore(data.charAt(i)))
-            {
-                i++;
-            }
-            
-            b2 = decodingTable[data.charAt(i++)];
-
-            out.write((b1 << 4) | b2);
-            
-            length++;
-        }
-
-        return length;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java
deleted file mode 100644
index 3fff65a6f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-/**
- * Converters for going from hex to binary and back. Note: this class assumes ASCII processing.
- */
-public class HexTranslator
-    implements Translator
-{
-    private static final byte[]   hexTable = 
-        { 
-            (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7',
-            (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f'
-        };
-
-    /**
-     * size of the output block on encoding produced by getDecodedBlockSize()
-     * bytes.
-     */
-    public int getEncodedBlockSize()
-    {
-        return 2;
-    }
-
-    public int encode(
-        byte[]  in,
-        int     inOff,
-        int     length,
-        byte[]  out,
-        int     outOff)
-    {
-        for (int i = 0, j = 0; i < length; i++, j += 2)
-        {
-            out[outOff + j] = hexTable[(in[inOff] >> 4) & 0x0f];
-            out[outOff + j + 1] = hexTable[in[inOff] & 0x0f];
-
-            inOff++;
-        }
-
-        return length * 2;
-    }
-
-    /**
-     * size of the output block on decoding produced by getEncodedBlockSize()
-     * bytes.
-     */
-    public int getDecodedBlockSize()
-    {
-        return 1;
-    }
-
-    public int decode(
-        byte[]  in,
-        int     inOff,
-        int     length,
-        byte[]  out,
-        int     outOff)
-    {
-        int halfLength = length / 2;
-        byte left, right;
-        for (int i = 0; i < halfLength; i++)
-        {
-            left  = in[inOff + i * 2];
-            right = in[inOff + i * 2 + 1];
-            
-            if (left < (byte)'a')
-            {
-                out[outOff] = (byte)((left - '0') << 4);
-            }
-            else
-            {
-                out[outOff] = (byte)((left - 'a' + 10) << 4);
-            }
-            if (right < (byte)'a')
-            {
-                out[outOff] += (byte)(right - '0');
-            }
-            else
-            {
-                out[outOff] += (byte)(right - 'a' + 10);
-            }
-
-            outOff++;
-        }
-
-        return halfLength;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Translator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Translator.java
deleted file mode 100644
index a3a0cb8ea..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/Translator.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-/**
- * general interface for an translator.
- */
-public interface Translator
-{
-    /**
-     * size of the output block on encoding produced by getDecodedBlockSize()
-     * bytes.
-     */
-    public int getEncodedBlockSize();
-
-    public int encode(byte[] in, int inOff, int length, byte[] out, int outOff);
-
-    /**
-     * size of the output block on decoding produced by getEncodedBlockSize()
-     * bytes.
-     */
-    public int getDecodedBlockSize();
-
-    public int decode(byte[] in, int inOff, int length, byte[] out, int outOff);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java
deleted file mode 100644
index a22d94af6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java
+++ /dev/null
@@ -1,129 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * Convert binary data to and from UrlBase64 encoding.  This is identical to
- * Base64 encoding, except that the padding character is "." and the other 
- * non-alphanumeric characters are "-" and "_" instead of "+" and "/".
- * 
    
- * The purpose of UrlBase64 encoding is to provide a compact encoding of binary
- * data that is safe for use as an URL parameter. Base64 encoding does not
- * produce encoded values that are safe for use in URLs, since "/" can be 
- * interpreted as a path delimiter; "+" is the encoded form of a space; and
- * "=" is used to separate a name from the corresponding value in an URL 
- * parameter.
- */
-public class UrlBase64
-{
-    private static final Encoder encoder = new UrlBase64Encoder();
-    
-    /**
-     * Encode the input data producing a URL safe base 64 encoded byte array.
-     *
-     * @return a byte array containing the URL safe base 64 encoded data.
-     */
-    public static byte[] encode(
-        byte[]    data)
-    {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        
-        try
-        {
-            encoder.encode(data, 0, data.length, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception encoding URL safe base64 string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-
-    /**
-     * Encode the byte data writing it to the given output stream.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int encode(
-        byte[]                data,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.encode(data, 0, data.length, out);
-    }
-    
-    /**
-     * Decode the URL safe base 64 encoded input data - white space will be ignored.
-     *
-     * @return a byte array representing the decoded data.
-     */
-    public static byte[] decode(
-        byte[]    data)
-    {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        
-        try
-        {
-            encoder.decode(data, 0, data.length, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception decoding URL safe base64 string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * decode the URL safe base 64 encoded byte data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int decode(
-        byte[]                data,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.decode(data, 0, data.length, out);
-    }
-    
-    /**
-     * decode the URL safe base 64 encoded String data - whitespace will be ignored.
-     *
-     * @return a byte array representing the decoded data.
-     */
-    public static byte[] decode(
-        String    data)
-    {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        
-        try
-        {
-            encoder.decode(data, bOut);
-        }
-        catch (IOException e)
-        {
-            throw new RuntimeException("exception decoding URL safe base64 string: " + e);
-        }
-        
-        return bOut.toByteArray();
-    }
-    
-    /**
-     * Decode the URL safe base 64 encoded String data writing it to the given output stream,
-     * whitespace characters will be ignored.
-     *
-     * @return the number of bytes produced.
-     */
-    public static int decode(
-        String                data,
-        OutputStream    out)
-        throws IOException
-    {
-        return encoder.decode(data, out);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java
deleted file mode 100644
index a5fff5ec0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.util.encoders;
-
-/**
- * Convert binary data to and from UrlBase64 encoding.  This is identical to
- * Base64 encoding, except that the padding character is "." and the other 
- * non-alphanumeric characters are "-" and "_" instead of "+" and "/".
- * 
    
- * The purpose of UrlBase64 encoding is to provide a compact encoding of binary
- * data that is safe for use as an URL parameter. Base64 encoding does not
- * produce encoded values that are safe for use in URLs, since "/" can be 
- * interpreted as a path delimiter; "+" is the encoded form of a space; and
- * "=" is used to separate a name from the corresponding value in an URL 
- * parameter.
- */
-public class UrlBase64Encoder extends Base64Encoder
-{
-    public UrlBase64Encoder()
-    {
-        encodingTable[encodingTable.length - 2] = (byte) '-';
-        encodingTable[encodingTable.length - 1] = (byte) '_';
-        padding = (byte) '.';
-        // we must re-create the decoding table with the new encoded values.
-        initialiseDecodingTable();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/package.html
deleted file mode 100644
index 3be222b29..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/encoders/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Classes for producing and reading Base64 and Hex strings.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java
deleted file mode 100644
index 01af8da90..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.util.io;
-
-import java.io.IOException;
-
-public class StreamOverflowException
-    extends IOException
-{
-    public StreamOverflowException(String msg)
-    {
-        super(msg);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/Streams.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/Streams.java
deleted file mode 100644
index 41560b5dd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/Streams.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package org.bouncycastle.util.io;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-public final class Streams
-{
-    private static int BUFFER_SIZE = 512;
-
-    public static void drain(InputStream inStr)
-        throws IOException
-    {
-        byte[] bs = new byte[BUFFER_SIZE];
-        while (inStr.read(bs, 0, bs.length) >= 0)
-        {
-        }
-    }
-
-    public static byte[] readAll(InputStream inStr)
-        throws IOException
-    {
-        ByteArrayOutputStream buf = new ByteArrayOutputStream();
-        pipeAll(inStr, buf);
-        return buf.toByteArray();
-    }
-
-    public static byte[] readAllLimited(InputStream inStr, int limit)
-        throws IOException
-    {
-        ByteArrayOutputStream buf = new ByteArrayOutputStream();
-        pipeAllLimited(inStr, limit, buf);
-        return buf.toByteArray();
-    }
-
-    public static int readFully(InputStream inStr, byte[] buf)
-        throws IOException
-    {
-        return readFully(inStr, buf, 0, buf.length);
-    }
-
-    public static int readFully(InputStream inStr, byte[] buf, int off, int len)
-        throws IOException
-    {
-        int totalRead = 0;
-        while (totalRead < len)
-        {
-            int numRead = inStr.read(buf, off + totalRead, len - totalRead);
-            if (numRead < 0)
-            {
-                break;
-            }
-            totalRead += numRead;
-        }
-        return totalRead;
-    }
-
-    public static void pipeAll(InputStream inStr, OutputStream outStr)
-        throws IOException
-    {
-        byte[] bs = new byte[BUFFER_SIZE];
-        int numRead;
-        while ((numRead = inStr.read(bs, 0, bs.length)) >= 0)
-        {
-            outStr.write(bs, 0, numRead);
-        }
-    }
-
-    public static long pipeAllLimited(InputStream inStr, long limit, OutputStream outStr)
-        throws IOException
-    {
-        long total = 0;
-        byte[] bs = new byte[BUFFER_SIZE];
-        int numRead;
-        while ((numRead = inStr.read(bs, 0, bs.length)) >= 0)
-        {
-            total += numRead;
-            if (total > limit)
-            {
-                throw new StreamOverflowException("Data Overflow");
-            }
-            outStr.write(bs, 0, numRead);
-        }
-        return total;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeInputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeInputStream.java
deleted file mode 100644
index 844ad4d0a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeInputStream.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.util.io;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-public class TeeInputStream
-    extends InputStream
-{
-    private final InputStream input;
-    private final OutputStream output;
-
-    public TeeInputStream(InputStream input, OutputStream output)
-    {
-        this.input = input;
-        this.output = output;
-    }
-
-    public int read(byte[] buf)
-        throws IOException
-    {
-        return read(buf, 0, buf.length);
-    }
-
-    public int read(byte[] buf, int off, int len)
-        throws IOException
-    {
-        int i = input.read(buf, off, len);
-
-        if (i > 0)
-        {
-            output.write(buf, off, i);
-        }
-
-        return i;
-    }
-
-    public int read()
-        throws IOException
-    {
-        int i = input.read();
-
-        if (i >= 0)
-        {
-            output.write(i);
-        }
-
-        return i;
-    }
-
-    public void close()
-        throws IOException
-    {
-        this.input.close();
-        this.output.close();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java
deleted file mode 100644
index a4919cd80..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.util.io;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class TeeOutputStream
-    extends OutputStream
-{
-    private OutputStream output1;
-    private OutputStream output2;
-
-    public TeeOutputStream(OutputStream output1, OutputStream output2)
-    {
-        this.output1 = output1;
-        this.output2 = output2;
-    }
-
-    public void write(byte[] buf)
-        throws IOException
-    {
-        this.output1.write(buf);
-        this.output2.write(buf);
-    }
-
-    public void write(byte[] buf, int off, int len)
-        throws IOException
-    {
-        this.output1.write(buf, off, len);
-        this.output2.write(buf, off, len);
-    }
-
-    public void write(int b)
-        throws IOException
-    {
-        this.output1.write(b);
-        this.output2.write(b);
-    }
-
-    public void flush()
-        throws IOException
-    {
-        this.output1.flush();
-        this.output2.flush();
-    }
-
-    public void close()
-        throws IOException
-    {
-        this.output1.close();
-        this.output2.close();
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
deleted file mode 100644
index 69a773e72..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-import java.io.IOException;
-
-public class PemGenerationException
-    extends IOException
-{
-    private Throwable cause;
-
-    public PemGenerationException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public PemGenerationException(String message)
-    {
-        super(message);
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
deleted file mode 100644
index b201c134b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-public class PemHeader
-{
-    private String name;
-    private String value;
-
-    public PemHeader(String name, String value)
-    {
-        this.name = name;
-        this.value = value;
-    }
-
-    public String getName()
-    {
-        return name;
-    }
-
-    public String getValue()
-    {
-        return value;
-    }
-
-    public int hashCode()
-    {
-        return getHashCode(this.name) + 31 * getHashCode(this.value);    
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof PemHeader))
-        {
-            return false;
-        }
-
-        PemHeader other = (PemHeader)o;
-
-        return other == this || (isEqual(this.name, other.name) && isEqual(this.value, other.value));
-    }
-
-    private int getHashCode(String s)
-    {
-        if (s == null)
-        {
-            return 1;
-        }
-
-        return s.hashCode();
-    }
-
-    private boolean isEqual(String s1, String s2)
-    {
-        if (s1 == s2)
-        {
-            return true;
-        }
-
-        if (s1 == null || s2 == null)
-        {
-            return false;
-        }
-
-        return s1.equals(s2);
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObject.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
deleted file mode 100644
index 2199520bf..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-public class PemObject
-    implements PemObjectGenerator
-{
-    private static final List EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
-
-    private String type;
-    private List   headers;
-    private byte[] content;
-
-    /**
-     * Generic constructor for object without headers.
-     *
-     * @param type pem object type.
-     * @param content the binary content of the object.
-     */
-    public PemObject(String type, byte[] content)
-    {
-        this(type, EMPTY_LIST, content);
-    }
-
-    /**
-     * Generic constructor for object with headers.
-     *
-     * @param type pem object type.
-     * @param headers a list of PemHeader objects.
-     * @param content the binary content of the object.
-     */
-    public PemObject(String type, List headers, byte[] content)
-    {
-        this.type = type;
-        this.headers = Collections.unmodifiableList(headers);
-        this.content = content;
-    }
-
-    public String getType()
-    {
-        return type;
-    }
-
-    public List getHeaders()
-    {
-        return headers;
-    }
-
-    public byte[] getContent()
-    {
-        return content;
-    }
-
-    public PemObject generate()
-        throws PemGenerationException
-    {
-        return this;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
deleted file mode 100644
index 6fffdc585..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-public interface PemObjectGenerator
-{
-    PemObject generate()
-        throws PemGenerationException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
deleted file mode 100644
index b18b55054..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-import java.io.IOException;
-
-public interface PemObjectParser
-{
-    Object parseObject(PemObject obj)
-            throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemReader.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
deleted file mode 100644
index 28f777ddc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.Reader;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.util.encoders.Base64;
-
-public class PemReader
-    extends BufferedReader
-{
-    private static final String BEGIN = "-----BEGIN ";
-    private static final String END = "-----END ";
-
-    public PemReader(Reader reader)
-    {
-        super(reader);
-    }
-
-    public PemObject readPemObject()
-        throws IOException
-    {
-        String line = readLine();
-
-        if (line != null && line.startsWith(BEGIN))
-        {
-            line = line.substring(BEGIN.length());
-            int index = line.indexOf('-');
-            String type = line.substring(0, index);
-
-            if (index > 0)
-            {
-                return loadObject(type);
-            }
-        }
-
-        return null;
-    }
-
-    private PemObject loadObject(String type)
-        throws IOException
-    {
-        String          line;
-        String          endMarker = END + type;
-        StringBuffer    buf = new StringBuffer();
-        List            headers = new ArrayList();
-
-        while ((line = readLine()) != null)
-        {
-            if (line.indexOf(":") >= 0)
-            {
-                int index = line.indexOf(':');
-                String hdr = line.substring(0, index);
-                String value = line.substring(index + 1).trim();
-
-                headers.add(new PemHeader(hdr, value));
-
-                continue;
-            }
-
-            if (line.indexOf(endMarker) != -1)
-            {
-                break;
-            }
-            
-            buf.append(line.trim());
-        }
-
-        if (line == null)
-        {
-            throw new IOException(endMarker + " not found");
-        }
-
-        return new PemObject(type, headers, Base64.decode(buf.toString()));
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java b/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java
deleted file mode 100644
index ccefa36eb..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package org.bouncycastle.util.io.pem;
-
-import java.io.BufferedWriter;
-import java.io.IOException;
-import java.io.Writer;
-import java.util.Iterator;
-
-import org.bouncycastle.util.encoders.Base64;
-
-/**
- * A generic PEM writer, based on RFC 1421
- */
-public class PemWriter
-    extends BufferedWriter
-{
-    private static final int LINE_LENGTH = 64;
-
-    private final int nlLength;
-    private char[]  buf = new char[LINE_LENGTH];
-
-    /**
-     * Base constructor.
-     *
-     * @param out output stream to use.
-     */
-    public PemWriter(Writer out)
-    {
-        super(out);
-
-        String nl = System.getProperty("line.separator");
-        if (nl != null)
-        {
-            nlLength = nl.length();
-        }
-        else
-        {
-            nlLength = 2;
-        }
-    }
-
-    /**
-     * Return the number of bytes or characters required to contain the
-     * passed in object if it is PEM encoded.
-     *
-     * @param obj pem object to be output
-     * @return an estimate of the number of bytes
-     */
-    public int getOutputSize(PemObject obj)
-    {
-        // BEGIN and END boundaries.
-        int size = (2 * (obj.getType().length() + 10 + nlLength)) + 6 + 4;
-
-        if (!obj.getHeaders().isEmpty())
-        {
-            for (Iterator it = obj.getHeaders().iterator(); it.hasNext();)
-            {
-                PemHeader hdr = (PemHeader)it.next();
-
-                size += hdr.getName().length() + ": ".length() + hdr.getValue().length() + nlLength;
-            }
-
-            size += nlLength;
-        }
-
-        // base64 encoding
-        int dataLen = ((obj.getContent().length + 2) / 3) * 4;
-        
-        size += dataLen + (((dataLen + LINE_LENGTH - 1) / LINE_LENGTH) * nlLength);
-
-        return size;
-    }
-    
-    public void writeObject(PemObjectGenerator objGen)
-        throws IOException
-    {
-        PemObject obj = objGen.generate();
-
-        writePreEncapsulationBoundary(obj.getType());
-
-        if (!obj.getHeaders().isEmpty())
-        {
-            for (Iterator it = obj.getHeaders().iterator(); it.hasNext();)
-            {
-                PemHeader hdr = (PemHeader)it.next();
-
-                this.write(hdr.getName());
-                this.write(": ");
-                this.write(hdr.getValue());
-                this.newLine();
-            }
-
-            this.newLine();
-        }
-        
-        writeEncoded(obj.getContent());
-        writePostEncapsulationBoundary(obj.getType());
-    }
-
-    private void writeEncoded(byte[] bytes)
-        throws IOException
-    {
-        bytes = Base64.encode(bytes);
-
-        for (int i = 0; i < bytes.length; i += buf.length)
-        {
-            int index = 0;
-
-            while (index != buf.length)
-            {
-                if ((i + index) >= bytes.length)
-                {
-                    break;
-                }
-                buf[index] = (char)bytes[i + index];
-                index++;
-            }
-            this.write(buf, 0, index);
-            this.newLine();
-        }
-    }
-
-    private void writePreEncapsulationBoundary(
-        String type)
-        throws IOException
-    {
-        this.write("-----BEGIN " + type + "-----");
-        this.newLine();
-    }
-
-    private void writePostEncapsulationBoundary(
-        String type)
-        throws IOException
-    {
-        this.write("-----END " + type + "-----");
-        this.newLine();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/voms/VOMSAttribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/voms/VOMSAttribute.java
deleted file mode 100644
index d347dec3f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/voms/VOMSAttribute.java
+++ /dev/null
@@ -1,245 +0,0 @@
-package org.bouncycastle.voms;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.IetfAttrSyntax;
-import org.bouncycastle.x509.X509Attribute;
-import org.bouncycastle.x509.X509AttributeCertificate;
-
-import java.util.List;
-import java.util.Vector;
-
-
-/**
- * Representation of the authorization information (VO, server address
- * and list of Fully Qualified Attribute Names, or FQANs) contained in
- * a VOMS attribute certificate.
- */
-public class VOMSAttribute
-{
-
-    /**
-     * The ASN.1 object identifier for VOMS attributes
-     */
-    public static final String VOMS_ATTR_OID = "1.3.6.1.4.1.8005.100.100.4";
-    private X509AttributeCertificate myAC;
-    private String myHostPort;
-    private String myVo;
-    private Vector myStringList = new Vector();
-    private Vector myFQANs = new Vector();
-
-    /**
-     * Parses the contents of an attribute certificate.
    
-     * NOTE: Cryptographic signatures, time stamps etc. will not be checked.
-     *
-     * @param ac the attribute certificate to parse for VOMS attributes
-     */
-    public VOMSAttribute(X509AttributeCertificate ac) 
-    {
-        if (ac == null) 
-        {
-            throw new IllegalArgumentException("VOMSAttribute: AttributeCertificate is NULL");
-        }
-
-        myAC = ac;
-
-        X509Attribute[] l = ac.getAttributes(VOMS_ATTR_OID);
-
-        if (l == null) 
-        {
-            return;
-        }
-
-        try 
-        {
-            for (int i = 0; i != l.length; i++) 
-            {
-                IetfAttrSyntax attr = new IetfAttrSyntax((ASN1Sequence)l[i].getValues()[0]);
-
-                // policyAuthority is on the format /:
-                String url = ((DERIA5String)GeneralName.getInstance(((ASN1Sequence) attr.getPolicyAuthority().getDERObject()).getObjectAt(0)).getName()).getString();
-                int idx = url.indexOf("://");
-
-                if ((idx < 0) || (idx == (url.length() - 1)))
-                {
-                    throw new IllegalArgumentException("Bad encoding of VOMS policyAuthority : [" + url + "]");
-                }
-
-                myVo = url.substring(0, idx);
-                myHostPort = url.substring(idx + 3);
-
-                if (attr.getValueType() != IetfAttrSyntax.VALUE_OCTETS)
-                {
-                    throw new IllegalArgumentException(
-                        "VOMS attribute values are not encoded as octet strings, policyAuthority = " + url);
-                }
-
-                ASN1OctetString[]   values = (ASN1OctetString[])attr.getValues();
-                for (int j = 0; j != values.length; j++)        
-                {
-                    String fqan = new String(values[j].getOctets());
-                    FQAN f = new FQAN(fqan);
-
-                    if (!myStringList.contains(fqan) && fqan.startsWith("/" + myVo + "/"))
-               {
-                        myStringList.add(fqan);
-                        myFQANs.add(f);
-                    }
-                }
-            }
-        }
-        catch (IllegalArgumentException ie) 
-        {
-            throw ie;
-        }
-        catch (Exception e) 
-        {
-            throw new IllegalArgumentException("Badly encoded VOMS extension in AC issued by " +
-                ac.getIssuer());
-        }
-    }
-
-    /**
-     * @return The AttributeCertificate containing the VOMS information
-     */
-    public X509AttributeCertificate getAC()
-    {
-        return myAC;
-    }
-
-    /**
-     * @return List of String of the VOMS fully qualified
-     * attributes names (FQANs):
    
-     * /vo[/group[/group2...]][/Role=[role]][/Capability=capability]
-     */
-    public List getFullyQualifiedAttributes()
-    {
-        return myStringList;
-    }
-
-    /**
-     * @return List of FQAN of the VOMS fully qualified
-     * attributes names (FQANs)
-     * @see #FQAN
-     */
-    public List getListOfFQAN()
-    {
-        return myFQANs;
-    }
-
-    /**
-     * Returns the address of the issuing VOMS server, on the form <host>:<port>
-     * @return String
-     */
-    public String getHostPort()
-    {
-        return myHostPort;
-    }
-
-    /**
-     * Returns the VO name
-     * @return
-     */
-    public String getVO()
-    {
-        return myVo;
-    }
-
-    public String toString()
-    {
-        return "VO      :" + myVo + "\n" + "HostPort:" + myHostPort + "\n" + "FQANs   :" + myFQANs;
-    }
-
-    /**
-     * Inner class providing a container of the group,role,capability
-     * information triplet in an FQAN.
-     */
-    public class FQAN
-    {
-        String fqan;
-        String group;
-        String role;
-        String capability;
-
-        public FQAN(String fqan)
-        {
-            this.fqan = fqan;
-        }
-
-        public FQAN(String group, String role, String capability)
-        {
-            this.group = group;
-            this.role = role;
-            this.capability = capability;
-        }
-
-        public String getFQAN()
-        {
-            if (fqan != null)
-            {
-                return fqan;
-            }
-
-            fqan = group + "/Role=" + ((role != null) ? role : "") +
-                ((capability != null) ? ("/Capability=" + capability) : "");
-
-            return fqan;
-        }
-
-        protected void split()
-        {
-            int len = fqan.length();
-            int i = fqan.indexOf("/Role=");
-
-            if (i < 0)
-            {
-                return;
-            }
-
-            group = fqan.substring(0, i);
-
-            int j = fqan.indexOf("/Capability=", i + 6);
-            String s = (j < 0) ? fqan.substring(i + 6) : fqan.substring(i + 6, j);
-            role = (s.length() == 0) ? null : s;
-            s = (j < 0) ? null : fqan.substring(j + 12);
-            capability = ((s == null) || (s.length() == 0)) ? null : s;
-        }
-
-        public String getGroup()
-        {
-            if ((group == null) && (fqan != null))
-            {
-                split();
-            }
-
-            return group;
-        }
-
-        public String getRole()
-        {
-            if ((group == null) && (fqan != null))
-            {
-                split();
-            }
-
-            return role;
-        }
-
-        public String getCapability()   
-        {
-            if ((group == null) && (fqan != null))
-            {
-                split();
-            }
-
-            return capability;
-        }
-
-        public String toString()
-        {
-            return getFQAN();
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
deleted file mode 100644
index 229048481..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
+++ /dev/null
@@ -1,419 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.Holder;
-import org.bouncycastle.asn1.x509.IssuerSerial;
-import org.bouncycastle.asn1.x509.ObjectDigestInfo;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-
-/**
- * The Holder object.
- * 
- * 
    - *          Holder ::= SEQUENCE {
- *                baseCertificateID   [0] IssuerSerial OPTIONAL,
- *                         -- the issuer and serial number of
- *                         -- the holder's Public Key Certificate
- *                entityName          [1] GeneralNames OPTIONAL,
- *                         -- the name of the claimant or role
- *                objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
- *                         -- used to directly authenticate the holder,
- *                         -- for example, an executable
- *          }
- * 
    
- * @deprecated use org.bouncycastle.cert.AttributeCertificateHolder
- */
-public class AttributeCertificateHolder
-    implements CertSelector, Selector
-{
-    final Holder holder;
-
-    AttributeCertificateHolder(ASN1Sequence seq)
-    {
-        holder = Holder.getInstance(seq);
-    }
-
-    public AttributeCertificateHolder(X509Principal issuerName,
-        BigInteger serialNumber)
-    {
-        holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial(
-            new GeneralNames(new DERSequence(new GeneralName(issuerName))),
-            new DERInteger(serialNumber)));
-    }
-
-    public AttributeCertificateHolder(X500Principal issuerName,
-        BigInteger serialNumber)
-    {
-        this(X509Util.convertPrincipal(issuerName), serialNumber);
-    }
-
-    public AttributeCertificateHolder(X509Certificate cert)
-        throws CertificateParsingException
-    {
-        X509Principal name;
-
-        try
-        {
-            name = PrincipalUtil.getIssuerX509Principal(cert);
-        }
-        catch (Exception e)
-        {
-            throw new CertificateParsingException(e.getMessage());
-        }
-
-        holder = new Holder(new IssuerSerial(generateGeneralNames(name),
-            new DERInteger(cert.getSerialNumber())));
-    }
-
-    public AttributeCertificateHolder(X509Principal principal)
-    {
-        holder = new Holder(generateGeneralNames(principal));
-    }
-
-    public AttributeCertificateHolder(X500Principal principal)
-    {
-        this(X509Util.convertPrincipal(principal));
-    }
-
-    /**
-     * Constructs a holder for v2 attribute certificates with a hash value for
-     * some type of object.
-     * 
    
-     * digestedObjectType can be one of the following:
-     * 
      
-     * 
    • 0 - publicKey - A hash of the public key of the holder must be
-     * passed.
-     * 
    • 1 - publicKeyCert - A hash of the public key certificate of the
-     * holder must be passed.
-     * 
    • 2 - otherObjectDigest - A hash of some other object type must be
-     * passed. otherObjectTypeID must not be empty.
-     * 
    
-     * 
    
-     * This cannot be used if a v1 attribute certificate is used.
-     * 
-     * @param digestedObjectType The digest object type.
-     * @param digestAlgorithm The algorithm identifier for the hash.
-     * @param otherObjectTypeID The object type ID if
-     *            digestedObjectType is
-     *            otherObjectDigest.
-     * @param objectDigest The hash value.
-     */
-    public AttributeCertificateHolder(int digestedObjectType,
-        String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest)
-    {
-        holder = new Holder(new ObjectDigestInfo(digestedObjectType,
-            otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays
-                .clone(objectDigest)));
-    }
-
-    /**
-     * Returns the digest object type if an object digest info is used.
-     * 
    
-     * 
      
-     * 
    • 0 - publicKey - A hash of the public key of the holder must be
-     * passed.
-     * 
    • 1 - publicKeyCert - A hash of the public key certificate of the
-     * holder must be passed.
-     * 
    • 2 - otherObjectDigest - A hash of some other object type must be
-     * passed. otherObjectTypeID must not be empty.
-     * 
    
-     * 
-     * @return The digest object type or -1 if no object digest info is set.
-     */
-    public int getDigestedObjectType()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            return holder.getObjectDigestInfo().getDigestedObjectType()
-                .getValue().intValue();
-        }
-        return -1;
-    }
-
-    /**
-     * Returns the other object type ID if an object digest info is used.
-     * 
-     * @return The other object type ID or null if no object
-     *         digest info is set.
-     */
-    public String getDigestAlgorithm()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            return holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId()
-                .getId();
-        }
-        return null;
-    }
-
-    /**
-     * Returns the hash if an object digest info is used.
-     * 
-     * @return The hash or null if no object digest info is set.
-     */
-    public byte[] getObjectDigest()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            return holder.getObjectDigestInfo().getObjectDigest().getBytes();
-        }
-        return null;
-    }
-
-    /**
-     * Returns the digest algorithm ID if an object digest info is used.
-     * 
-     * @return The digest algorithm ID or null if no object
-     *         digest info is set.
-     */
-    public String getOtherObjectTypeID()
-    {
-        if (holder.getObjectDigestInfo() != null)
-        {
-            holder.getObjectDigestInfo().getOtherObjectTypeID().getId();
-        }
-        return null;
-    }
-
-    private GeneralNames generateGeneralNames(X509Principal principal)
-    {
-        return new GeneralNames(new DERSequence(new GeneralName(principal)));
-    }
-
-    private boolean matchesDN(X509Principal subject, GeneralNames targets)
-    {
-        GeneralName[] names = targets.getNames();
-
-        for (int i = 0; i != names.length; i++)
-        {
-            GeneralName gn = names[i];
-
-            if (gn.getTagNo() == GeneralName.directoryName)
-            {
-                try
-                {
-                    if (new X509Principal(((ASN1Encodable)gn.getName())
-                        .getEncoded()).equals(subject))
-                    {
-                        return true;
-                    }
-                }
-                catch (IOException e)
-                {
-                }
-            }
-        }
-
-        return false;
-    }
-
-    private Object[] getNames(GeneralName[] names)
-    {
-        List l = new ArrayList(names.length);
-
-        for (int i = 0; i != names.length; i++)
-        {
-            if (names[i].getTagNo() == GeneralName.directoryName)
-            {
-                try
-                {
-                    l.add(new X500Principal(
-                        ((ASN1Encodable)names[i].getName()).getEncoded()));
-                }
-                catch (IOException e)
-                {
-                    throw new RuntimeException("badly formed Name object");
-                }
-            }
-        }
-
-        return l.toArray(new Object[l.size()]);
-    }
-
-    private Principal[] getPrincipals(GeneralNames names)
-    {
-        Object[] p = this.getNames(names.getNames());
-        List l = new ArrayList();
-
-        for (int i = 0; i != p.length; i++)
-        {
-            if (p[i] instanceof Principal)
-            {
-                l.add(p[i]);
-            }
-        }
-
-        return (Principal[])l.toArray(new Principal[l.size()]);
-    }
-
-    /**
-     * Return any principal objects inside the attribute certificate holder
-     * entity names field.
-     * 
-     * @return an array of Principal objects (usually X500Principal), null if no
-     *         entity names field is set.
-     */
-    public Principal[] getEntityNames()
-    {
-        if (holder.getEntityName() != null)
-        {
-            return getPrincipals(holder.getEntityName());
-        }
-
-        return null;
-    }
-
-    /**
-     * Return the principals associated with the issuer attached to this holder
-     * 
-     * @return an array of principals, null if no BaseCertificateID is set.
-     */
-    public Principal[] getIssuer()
-    {
-        if (holder.getBaseCertificateID() != null)
-        {
-            return getPrincipals(holder.getBaseCertificateID().getIssuer());
-        }
-
-        return null;
-    }
-
-    /**
-     * Return the serial number associated with the issuer attached to this
-     * holder.
-     * 
-     * @return the certificate serial number, null if no BaseCertificateID is
-     *         set.
-     */
-    public BigInteger getSerialNumber()
-    {
-        if (holder.getBaseCertificateID() != null)
-        {
-            return holder.getBaseCertificateID().getSerial().getValue();
-        }
-
-        return null;
-    }
-
-    public Object clone()
-    {
-        return new AttributeCertificateHolder((ASN1Sequence)holder
-            .toASN1Object());
-    }
-
-    public boolean match(Certificate cert)
-    {
-        if (!(cert instanceof X509Certificate))
-        {
-            return false;
-        }
-
-        X509Certificate x509Cert = (X509Certificate)cert;
-
-        try
-        {
-            if (holder.getBaseCertificateID() != null)
-            {
-                return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
-                    && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), holder.getBaseCertificateID().getIssuer());
-            }
-
-            if (holder.getEntityName() != null)
-            {
-                if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert),
-                    holder.getEntityName()))
-                {
-                    return true;
-                }
-            }
-            if (holder.getObjectDigestInfo() != null)
-            {
-                MessageDigest md = null;
-                try
-                {
-                    md = MessageDigest.getInstance(getDigestAlgorithm(), "BC");
-
-                }
-                catch (Exception e)
-                {
-                    return false;
-                }
-                switch (getDigestedObjectType())
-                {
-                case ObjectDigestInfo.publicKey:
-                    // TODO: DSA Dss-parms
-                    md.update(cert.getPublicKey().getEncoded());
-                    break;
-                case ObjectDigestInfo.publicKeyCert:
-                    md.update(cert.getEncoded());
-                    break;
-                }
-                if (!Arrays.areEqual(md.digest(), getObjectDigest()))
-                {
-                    return false;
-                }
-            }
-        }
-        catch (CertificateEncodingException e)
-        {
-            return false;
-        }
-
-        return false;
-    }
-
-    public boolean equals(Object obj)
-    {
-        if (obj == this)
-        {
-            return true;
-        }
-
-        if (!(obj instanceof AttributeCertificateHolder))
-        {
-            return false;
-        }
-
-        AttributeCertificateHolder other = (AttributeCertificateHolder)obj;
-
-        return this.holder.equals(other.holder);
-    }
-
-    public int hashCode()
-    {
-        return this.holder.hashCode();
-    }
-
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509Certificate))
-        {
-            return false;
-        }
-
-        return match((Certificate)obj);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
deleted file mode 100644
index 0c88b3fd6..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
+++ /dev/null
@@ -1,208 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.V2Form;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Selector;
-
-/**
- * Carrying class for an attribute certificate issuer.
- * @deprecated use org.bouncycastle.cert.AttributeCertificateIssuer
- */
-public class AttributeCertificateIssuer
-    implements CertSelector, Selector
-{
-    final ASN1Encodable form;
-
-    /**
-     * Set the issuer directly with the ASN.1 structure.
-     * 
-     * @param issuer The issuer
-     */
-    public AttributeCertificateIssuer(AttCertIssuer issuer)
-    {
-        form = issuer.getIssuer();
-    }
-
-    public AttributeCertificateIssuer(X500Principal principal)
-        throws IOException
-    {
-        this(new X509Principal(principal.getEncoded()));
-    }
-
-    public AttributeCertificateIssuer(X509Principal principal)
-    {
-        form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal))));
-    }
-
-    private Object[] getNames()
-    {
-        GeneralNames name;
-
-        if (form instanceof V2Form)
-        {
-            name = ((V2Form)form).getIssuerName();
-        }
-        else
-        {
-            name = (GeneralNames)form;
-        }
-
-        GeneralName[] names = name.getNames();
-
-        List l = new ArrayList(names.length);
-
-        for (int i = 0; i != names.length; i++)
-        {
-            if (names[i].getTagNo() == GeneralName.directoryName)
-            {
-                try
-                {
-                    l.add(new X500Principal(
-                        ((ASN1Encodable)names[i].getName()).getEncoded()));
-                }
-                catch (IOException e)
-                {
-                    throw new RuntimeException("badly formed Name object");
-                }
-            }
-        }
-
-        return l.toArray(new Object[l.size()]);
-    }
-
-    /**
-     * Return any principal objects inside the attribute certificate issuer
-     * object.
-     * 
-     * @return an array of Principal objects (usually X500Principal)
-     */
-    public Principal[] getPrincipals()
-    {
-        Object[] p = this.getNames();
-        List l = new ArrayList();
-
-        for (int i = 0; i != p.length; i++)
-        {
-            if (p[i] instanceof Principal)
-            {
-                l.add(p[i]);
-            }
-        }
-
-        return (Principal[])l.toArray(new Principal[l.size()]);
-    }
-
-    private boolean matchesDN(X500Principal subject, GeneralNames targets)
-    {
-        GeneralName[] names = targets.getNames();
-
-        for (int i = 0; i != names.length; i++)
-        {
-            GeneralName gn = names[i];
-
-            if (gn.getTagNo() == GeneralName.directoryName)
-            {
-                try
-                {
-                    if (new X500Principal(((ASN1Encodable)gn.getName()).getEncoded()).equals(subject))
-                    {
-                        return true;
-                    }
-                }
-                catch (IOException e)
-                {
-                }
-            }
-        }
-
-        return false;
-    }
-
-    public Object clone()
-    {
-        return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form));
-    }
-
-    public boolean match(Certificate cert)
-    {
-        if (!(cert instanceof X509Certificate))
-        {
-            return false;
-        }
-
-        X509Certificate x509Cert = (X509Certificate)cert;
-
-        if (form instanceof V2Form)
-        {
-            V2Form issuer = (V2Form)form;
-            if (issuer.getBaseCertificateID() != null)
-            {
-                return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
-                    && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer());
-            }
-
-            GeneralNames name = issuer.getIssuerName();
-            if (matchesDN(x509Cert.getSubjectX500Principal(), name))
-            {
-                return true;
-            }
-        }
-        else
-        {
-            GeneralNames name = (GeneralNames)form;
-            if (matchesDN(x509Cert.getSubjectX500Principal(), name))
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    public boolean equals(Object obj)
-    {
-        if (obj == this)
-        {
-            return true;
-        }
-
-        if (!(obj instanceof AttributeCertificateIssuer))
-        {
-            return false;
-        }
-
-        AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj;
-
-        return this.form.equals(other.form);
-    }
-
-    public int hashCode()
-    {
-        return this.form.hashCode();
-    }
-
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509Certificate))
-        {
-            return false;
-        }
-
-        return match((Certificate)obj);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java
deleted file mode 100644
index 173d47890..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java
+++ /dev/null
@@ -1,72 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.security.cert.CertPath;
-
-import org.bouncycastle.i18n.ErrorBundle;
-import org.bouncycastle.i18n.LocalizedException;
-
-public class CertPathReviewerException extends LocalizedException
-{
-
-    private int index = -1;
-    
-    private CertPath certPath = null;
-    
-    public CertPathReviewerException(ErrorBundle errorMessage, Throwable throwable)
-    {
-        super(errorMessage, throwable);
-    }
-
-    public CertPathReviewerException(ErrorBundle errorMessage)
-    {
-        super(errorMessage);
-    }
-
-    public CertPathReviewerException(
-            ErrorBundle errorMessage, 
-            Throwable throwable,
-            CertPath certPath,
-            int index)
-    {
-        super(errorMessage, throwable);
-        if (certPath == null || index == -1)
-        {
-            throw new IllegalArgumentException();
-        }
-        if (index < -1 || (certPath != null && index >= certPath.getCertificates().size()))
-        {
-            throw new IndexOutOfBoundsException();
-        }
-        this.certPath = certPath;
-        this.index = index;
-    }
-    
-    public CertPathReviewerException(
-            ErrorBundle errorMessage, 
-            CertPath certPath,
-            int index)
-    {
-        super(errorMessage);
-        if (certPath == null || index == -1)
-        {
-            throw new IllegalArgumentException();
-        }
-        if (index < -1 || (certPath != null && index >= certPath.getCertificates().size()))
-        {
-            throw new IndexOutOfBoundsException();
-        }
-        this.certPath = certPath;
-        this.index = index;
-    }
-    
-    public CertPath getCertPath()
-    {
-        return certPath;
-    }
-    
-    public int getIndex()
-    {
-        return index;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties
deleted file mode 100644
index 6843d2c31..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties
+++ /dev/null
@@ -1,616 +0,0 @@
-
-## constructor exceptions 
-
-# cert path is empty
-CertPathReviewer.emptyCertPath.title = CertPath is empty
-CertPathReviewer.emptyCertPath.text = PKIXCertPathReviewer: the CertPath is empty.
-CertPathReviewer.emptyCertPath.summary = PKIXCertPathReviewer: the CertPath is empty.
-CertPathReviewer.emptyCertPath.details = PKIXCertPathReviewer: the CertPath is empty.
-
-## name constraints processing errors
-
-# cert DN is not in the permitted tree
-# {0} DN as String 
-CertPathReviewer.notPermittedDN.title = Name constraint error: certificate DN is not permitted
-CertPathReviewer.notPermittedDN.text = Name constraint error: the certificate DN {0} is not permitted.
-CertPathReviewer.notPermittedDN.summary = Name constraint error: certificate DN is not permitted.
-CertPathReviewer.notPermittedDN.details = Name constraint checking error. The certificate DN {0} is not in the permitted set of DNs.
-
-# cert DN is in the excluded tree
-# {0} DN as String
-CertPathReviewer.excludedDN.title = Name constraint error: certificate DN is excluded
-CertPathReviewer.excludedDN.text = Name constraint error: The certificate DN {0} is excluded.
-CertPathReviewer.excludedDN.summary = Name constraint error: certificate DN is excluded.
-CertPathReviewer.excludedDN.details = Name constraint checking error. The certificate DN {0} is inside of the excluded set of DNs.
-
-# cert email is not in the permitted tree
-# {0} email address as String
-CertPathReviewer.notPermittedEmail.title = Name constraint error: not permitted email address
-CertPathReviewer.notPermittedEmail.text = Name constraint error: certificate contains the not permitted email address {0}.
-CertPathReviewer.notPermittedEmail.summary = Name constraint error: not permitted email address.
-CertPathReviewer.notPermittedEmail.details = Name constraint checking error. The certificate contains the email address {0} which is not in the permitted set of email addresses.
-
-# cert email is in the excluded tree
-# {0} email as String
-CertPathReviewer.excludedEmail.title = Name constraint error: excluded email address
-CertPathReviewer.excludedEmail.text = Name constraint error: certificate contains the excluded email address {0}. 
-CertPathReviewer.excludedEmail.summary = Name constraint error: excluded email address.
-CertPathReviewer.excludedEmail.details = Name constraint checking error. The certificate contains the email address {0} which is in the excluded set of email addresses.
-
-# cert IP is not in the permitted tree
-# {0} ip address as String
-CertPathReviewer.notPermittedIP.title = Name constraint error: not permitted IP address
-CertPathReviewer.notPermittedIP.text = Name constraint error: certificate contains the not permitted IP address {0}.
-CertPathReviewer.notPermittedIP.summary = Name constraint error: not permitted IP address.
-CertPathReviewer.notPermittedIP.details = Name constraint checking error. The certificate contains the IP address {0} which is not in the permitted set of IP addresses.
-
-# cert ip is in the excluded tree
-# {0} ip address as String
-CertPathReviewer.excludedIP.title = Name constraint error: excluded IP address
-CertPathReviewer.excludedIP.text = Name constraint error: certificate contains the excluded IP address {0}.
-CertPathReviewer.excludedIP.summary = Name constraint error: excluded IP address.
-CertPathReviewer.excludedIP.details = Name constraint checking error. The certificate contains the IP address {0} which is in the excluded set of IP addresses.
-
-# error processing the name constraints extension
-CertPathReviewer.ncExtError.title = Name constraint checking failed
-CertPathReviewer.ncExtError.text = Name constraint checking failed: there was an error processing the name constraints extension of the certificate.
-CertPathReviewer.ncExtError.summary = Error processing the name constraints extension.
-CertPathReviewer.ncExtError.details = Name constraint checking failed: there was an error processing the name constraints extension of the certificate.
-
-# error processing the subject alternative name extension
-CertPathReviewer.subjAltNameExtError.title = Name constraint checking failed
-CertPathReviewer.subjAltNameExtError.text = Name constraint checking failed: there was an error processing the subject alternative name extension of the certificate.
-CertPathReviewer.subjAltNameExtError.summary = Error processing the subject alternative name extension.
-CertPathReviewer.subjAltNameExtError.details = Name constraint checking failed: there was an error processing the subject alternative name extension of the certificate.
-
-# exception extracting subject name when checking subtrees
-# {0} subject Principal
-CertPathReviewer.ncSubjectNameError.title = Name constraint checking failed
-CertPathReviewer.ncSubjectNameError.text = Name constraint checking failed: there was an exception extracting the DN from the certificate.
-CertPathReviewer.ncSubjectNameError.summary = Name constraint checking failed: exception extracting the DN.
-CertPathReviewer.ncSubjectNameError.details = Name constraint checking failed: there was an exception extracting the DN from the certificate.
-
-
-## path length errors
-
-# max path length extended
-CertPathReviewer.pathLenghtExtended.title = Maximum path length extended 
-CertPathReviewer.pathLenghtExtended.text = Certificate path invalid: Maximum path length extended.
-CertPathReviewer.pathLenghtExtended.summary = Certificate path invalid: Maximum path length extended.
-CertPathReviewer.pathLenghtExtended.details = Certificate path invalid: Maximum path length extended.
-
-# error reading length constraint from basic constraint extension
-CertPathReviewer.processLengthConstError.title = Path length checking failed
-CertPathReviewer.processLengthConstError.text = Path length checking failed: there was an error processing the basic constraint extension of the certificate. 
-CertPathReviewer.processLengthConstError.summary = Error processing the subject alternative name extension.
-CertPathReviewer.processLengthConstError.details = Path length checking failed: there was an error processing the basic constraint extension of the certificate.
-
-
-## path length notifications
-
-# total path length as defined in rfc 3280
-# {0} the path length as Integer
-CertPathReviewer.totalPathLength.title = Total path length
-CertPathReviewer.totalPathLength.text = The total path length without self-signed certificates is {0}.
-CertPathReviewer.totalPathLength.summary = The total path length without self-signed certificates is {0}.
-CertPathReviewer.totalPathLength.details = The total path length without self-signed certificates, as defined in RFC 3280, is {0}.
-
-
-## critical extensions errors
-
-# one unknown critical extension
-# {0} extension as String
-CertPathReviewer.unknownCriticalExt.title = Unknown critical extension
-CertPathReviewer.unknownCriticalExt.text = The certificate contains the unknown critical extension {0}.
-CertPathReviewer.unknownCriticalExt.summary = Unknown critical extension: {0}.
-CertPathReviewer.unknownCriticalExt.details = The certificate contains the unknown critical extension with the OID {0}.
-
-# more unknown critical extensions
-# {0} extensions as Set of Strings
-CertPathReviewer.unknownCriticalExts.title = Unknown critical extensions
-CertPathReviewer.unknownCriticalExts.text = The certificate contains two or more unknown critical extensions: {0}.
-CertPathReviewer.unknownCriticalExts.summary = Unknown critical extensions: {0}.
-CertPathReviewer.unknownCriticalExts.details = The certificate contains two or more unknown critical extensions with the OIDs: {0}.
-
-# error processing critical extension
-# {0} the message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.criticalExtensionError.title = Error processing a critical extension
-CertPathReviewer.criticalExtensionError.text = Error processing a critical extension. A {0} occurred.
-CertPathReviewer.criticalExtensionError.summary = Error processing a critical extension. A {0} occurred.
-CertPathReviewer.criticalExtensionError.details = Error processing a critical extension. A {0} occurred. Cause: {0}.
-
-# error initializing the certpath checkers
-# {0} the message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.certPathCheckerError.title = Checking critical extensions failed
-CertPathReviewer.certPathCheckerError.text = Checking critical extensions failed: there was a {2} initializing a CertPathChecker.
-CertPathReviewer.certPathCheckerError.summary = Checking critical extensions failed: {2} initializing a CertPathChecker
-CertPathReviewer.certPathCheckerError.details = Checking critical extensions failed: there was an {2} initializing a CertPathChecker. Cause: {0}
-
-
-## check signature errors
-
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.title = Root key with valid signature but no trust anchor
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.text = The certificate has a valid signature, but is no trust anchor
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.summary = The certificate has a valid signature, but is no trust anchor
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.details = The certificate has a valid signature, but is no trust anchor
-
-# trustanchor found, but certificate validation failed
-CertPathReviewer.trustButInvalidCert.title = Trust anchor found, but different public key
-CertPathReviewer.trustButInvalidCert.text = A trust anchor was found. But it has a different public key, than was used to issue the first certificate of the cert path.
-CertPathReviewer.trustButInvalidCert.summary = A trust anchor was found. But it has a different public key, than was used to issue the first certificate of the cert path.
-CertPathReviewer.trustButInvalidCert.details = A trust anchor was found. But it has a different public key, than was used to issue the first certificate of the cert path.
-
-# trustanchor - cannot extract issuer
-CertPathReviewer.trustAnchorIssuerError.title = Finding trust anchor failed 
-CertPathReviewer.trustAnchorIssuerError.text = Finding trust anchor failed: cannot extract issuer from certificate.
-CertPathReviewer.trustAnchorIssuerError.summary = Finding trust anchor failed: cannot extract issuer from certificate.
-CertPathReviewer.trustAnchorIssuerError.details = Finding trust anchor failed: cannot extract issuer from certificate.
-
-# no trustanchor was found for the certificate path
-# {0} issuer of the root certificate of the path
-# {1} number of trusted root certificates (trustanchors) provided
-CertPathReviewer.noTrustAnchorFound.title = No trusted root certificate found
-CertPathReviewer.noTrustAnchorFound.text = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "{0}".
-CertPathReviewer.noTrustAnchorFound.summary = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation.
-CertPathReviewer.noTrustAnchorFound.details = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "{0}". The trusted-root-certificate store contains {1} CA(s).
-
-# conflicting trust anchors
-# {0} number of trustanchors found (Integer)
-# {1} the ca name
-CertPathReviewer.conflictingTrustAnchors.title = Corrupt trust root store
-CertPathReviewer.conflictingTrustAnchors.text = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key.
-CertPathReviewer.conflictingTrustAnchors.summary = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key.
-CertPathReviewer.conflictingTrustAnchors.details = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key.
-
-# trustanchor DN is invalid
-# {0} DN of the Trustanchor
-CertPathReviewer.trustDNInvalid.title = DN of TrustAnchor is improperly specified
-CertPathReviewer.trustDNInvalid.text = The DN of the TrustAnchor is improperly specified: {0}.
-CertPathReviewer.trustDNInvalid.summary = The DN of the TrustAnchor is improperly specified.
-CertPathReviewer.trustDNInvalid.details = The DN of the TrustAnchor is improperly specified: {0}. It's not a valid X.500 name. See RFC 1779 or RFC 2253. 
-
-# trustanchor public key algorithm error
-CertPathReviewer.trustPubKeyError.title = Error processing public key of the trust anchor
-CertPathReviewer.trustPubKeyError.text = Error processing public key of the trust anchor.
-CertPathReviewer.trustPubKeyError.summary = Error processing public key of the trust anchor.
-CertPathReviewer.trustPubKeyError.details = Error processing public key of the trust anchor. Could not extract the AlorithmIdentifier for the key.
-
-# can not verifiy signature: issuer public key unknown
-CertPathReviewer.NoIssuerPublicKey.title = Can not verify the certificate signature 
-CertPathReviewer.NoIssuerPublicKey.text = Can not verify the certificate signature: Issuer public key is unknown.
-CertPathReviewer.NoIssuerPublicKey.summary = Can not verify the certificate signature: Issuer public key is unknown.
-CertPathReviewer.NoIssuerPublicKey.details = Can not verify the certificate signature: Issuer public key is unknown.
-
-# signature can not be verified
-# {0} message of the underlying exception (english)
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.signatureNotVerified.title = Certificate signature invalid
-CertPathReviewer.signatureNotVerified.text = The certificate signature is invalid. A {2} occurred.
-CertPathReviewer.signatureNotVerified.summary = The certificate signature is invalid.
-CertPathReviewer.signatureNotVerified.details = The certificate signature is invalid. A {2} occurred. Cause: {0}
-
-# certificate expired
-# {0} the date the certificate expired 
-CertPathReviewer.certificateExpired.title = Certificate is expired
-CertPathReviewer.certificateExpired.text = Could not validate the certificate. Certificate expired on {0,date} {0,time,full}.
-CertPathReviewer.certificateExpired.summary = Certificate expired on {0,date} {0,time,full}.
-CertPathReviewer.certificateExpired.details = Could not validate the certificate. Certificate expired on {0,date} {0,time,full}. 
-
-# certificate not yet valid
-# {0} the date from which on the certificate is valid
-CertPathReviewer.certificateNotYetValid.title = Certificate is not yet valid
-CertPathReviewer.certificateNotYetValid.text = Could not validate the certificate. Certificate is not valid until {0,date} {0,time,full}.
-CertPathReviewer.certificateNotYetValid.summary = Certificate is not valid until {0,date} {0,time,full}.
-CertPathReviewer.certificateNotYetValid.details = Could not validate the certificate. Certificate is not valid until {0,date} {0,time,full}. 
-
-# certificate invalid issuer DN
-# {0} expected issuer DN as String
-# {1} found issuer DN as String
-CertPathReviewer.certWrongIssuer.title = Issuer of certificate not valid
-CertPathReviewer.certWrongIssuer.text = Issuer of certificate is not valid. Expected {0}, but found {1}. 
-CertPathReviewer.certWrongIssuer.summary = Issuer of certificate is not valid. 
-CertPathReviewer.certWrongIssuer.details = Issuer of certificate is not valid. Expected {0}, but found {1}.
-
-# intermediate certificate is no ca cert
-CertPathReviewer.noCACert.title = Certificate is no CA certificate
-CertPathReviewer.noCACert.text = Intermediate certificate is no CA certificate.
-CertPathReviewer.noCACert.summary = The certificate is no CA certificate.
-CertPathReviewer.noCACert.details = The certificate is no CA certificate but used as one.
-
-# cert laks basic constraints
-CertPathReviewer.noBasicConstraints.title = Certificate has no basic constraints
-CertPathReviewer.noBasicConstraints.text = Intermediate certificate has no basic constraints.
-CertPathReviewer.noBasicConstraints.summary = Intermediate certificate has no basic constraints.
-CertPathReviewer.noBasicConstraints.details = Intermediate certificate has no basic constraints.
-
-# error processing basic constraints
-CertPathReviewer.errorProcesingBC.title = Error processing the basic constraints extension
-CertPathReviewer.errorProcesingBC.text = There was an error while processing the basic constraints extension of this certificate.
-CertPathReviewer.errorProcesingBC.summary = Error processing the basic constraints extension. 
-CertPathReviewer.errorProcesingBC.details = There was an error while processing the basic constraints extension of this certificate.
-
-# certificate not usable for signing certs
-CertPathReviewer.noCertSign.title = Key not usable for signing certificates
-CertPathReviewer.noCertSign.text = The key usage constraint does not allow the use of this certificate key for signing certificates.
-CertPathReviewer.noCertSign.summary = The certificate key can not be used for signing certificates.
-CertPathReviewer.noCertSign.details = The key usage constraint does not allow the use of this certificate key for signing certificates.
-
-# error processing public key
-CertPathReviewer.pubKeyError.title = Error processing public key
-CertPathReviewer.pubKeyError.text = Error processing public key of the certificate.
-CertPathReviewer.pubKeyError.summary = Error processing public key of the certificate.
-CertPathReviewer.pubKeyError.details = Error processing public key of the certificate. Could not extract the AlorithmIdentifier for the key.
-
-
-## check signatures notifications
-
-#
-# trust anchor has no keyusage certSign
-CertPathReviewer.trustKeyUsage.title = Trust anchor key usage
-CertPathReviewer.trustKeyUsage.text = The trust anchor is not alloed to sign certificates. 
-CertPathReviewer.trustKeyUsage.summary = The trust anchor is not alloed to sign certificates.
-CertPathReviewer.trustKeyUsage.details = The trust anchor is not alloed to sign certificates.
-
-# certificate path validation date
-# {0} date for which the cert path is validated
-# {1} current date
-CertPathReviewer.certPathValidDate.title = Certificate path validation date
-CertPathReviewer.certPathValidDate.text = The certificate path was applied on {0,date} {0,time,full}. It was checked at {1,date} {1,time,full}.
-CertPathReviewer.certPathValidDate.summary = The certificate path was validated for {0,date} {0,time,full}. It was checked at {1,date} {1,time,full}.
-CertPathReviewer.certPathValidDate.details = The certificate path was validated for {0,date} {0,time,full}. It was checked at {1,date} {1,time,full}.
-
-
-## check policy errors
-
-# error processing certificate policy extension
-CertPathReviewer.policyExtError.title = Policy checking failed
-CertPathReviewer.policyExtError.text = Policy checking failed: there was an error processing the certificate policy extension. 
-CertPathReviewer.policyExtError.summary = Error processing the certificate policy extension.
-CertPathReviewer.policyExtError.details = Policy checking failed: there was an error processing the certificate policy extension. 
-
-# error processing policy constraints extension
-CertPathReviewer.policyConstExtError.title = Policy checking failed
-CertPathReviewer.policyConstExtError.text = Policy checking failed: there was an error processing the policy constraints extension.
-CertPathReviewer.policyConstExtError.summary = Error processing the policy constraints extension.
-CertPathReviewer.policyConstExtError.details = Policy checking failed: there was an error processing the policy constraints extension.
-
-# error processing policy mapping extension
-CertPathReviewer.policyMapExtError.title = Policy checking failed
-CertPathReviewer.policyMapExtError.text = Policy checking failed: there was an error processing the policy mapping extension.
-CertPathReviewer.policyMapExtError.summary = Error processing the policy mapping extension.
-CertPathReviewer.policyMapExtError.details = Policy checking failed: there was an error processing the policy mapping extension.
-
-# error processing inhibit any policy extension
-CertPathReviewer.policyInhibitExtError.title = Policy checking failed
-CertPathReviewer.policyInhibitExtError.text = Policy checking failed: there was an error processing the inhibit any policy extension.
-CertPathReviewer.policyInhibitExtError.summary = Error processing the inhibit any policy extension.
-CertPathReviewer.policyInhibitExtError.details = Policy checking failed: there was an error processing the inhibit any policy extension.
-
-# error building qualifier set
-CertPathReviewer.policyQualifierError.title = Policy checking failed
-CertPathReviewer.policyQualifierError.text = Policy checking failed: error building the policy qualifier set.
-CertPathReviewer.policyQualifierError.summary = Policy checking failed: error building the policy qualifier set.
-CertPathReviewer.policyQualifierError.details = Policy checking failed: error building the policy qualifier set.
-
-# no valid policy tree - explicit policy required
-CertPathReviewer.noValidPolicyTree.title = Policy checking failed
-CertPathReviewer.noValidPolicyTree.text = Policy checking failed: no valid policy tree found when one expected.
-CertPathReviewer.noValidPolicyTree.summary = Policy checking failed: no valid policy tree found when one expected.
-CertPathReviewer.noValidPolicyTree.details = Policy checking failed: no valid policy tree found when one expected.
-
-# expicit policy requested, but no policy available
-CertPathReviewer.explicitPolicy.title = Policy checking failed
-CertPathReviewer.explicitPolicy.text = Policy checking failed: explicit policy requested but no policy available.
-CertPathReviewer.explicitPolicy.summary = Policy checking failed: explicit policy requested but no policy available.
-CertPathReviewer.explicitPolicy.details = Policy checking failed: explicit policy requested but no policy available.
-
-# path processing failed on policy
-CertPathReviewer.invalidPolicy.title = Path processing failed on policy
-CertPathReviewer.invalidPolicy.text = Path processing failed on policy.
-CertPathReviewer.invalidPolicy.summary = Path processing failed on policy.
-CertPathReviewer.invalidPolicy.details = Path processing failed on policy.
-
-# invalid policy mapping
-CertPathReviewer.invalidPolicyMapping.title = Invalid policy mapping 
-CertPathReviewer.invalidPolicyMapping.text = Certificate contains an invalid policy mapping.
-CertPathReviewer.invalidPolicyMapping.summary = Certificate contains an invalid policy mapping. 
-CertPathReviewer.invalidPolicyMapping.details = Certificate contains a policy mapping including the value any policy which is invalid.
-
-## check CRL notifications
-
-# found local valid CRL
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-CertPathReviewer.localValidCRL.title = Found valid local CRL
-CertPathReviewer.localValidCRL.text = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}.
-CertPathReviewer.localValidCRL.summary = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}.
-CertPathReviewer.localValidCRL.details = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}.
-
-
-# found matching CRL, but not valid
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-CertPathReviewer.localInvalidCRL.title = Local CRL outdated
-CertPathReviewer.localInvalidCRL.text = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}.
-CertPathReviewer.localInvalidCRL.summary = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}.
-CertPathReviewer.localInvalidCRL.details = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}.
-
-# found a valid crl at crl distribution point
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-# {2} the url of the distribution point
-CertPathReviewer.onlineValidCRL.title = Found valid CRL at CRL distribution point
-CertPathReviewer.onlineValidCRL.text = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}.
-CertPathReviewer.onlineValidCRL.summary = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}.
-CertPathReviewer.onlineValidCRL.details = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}.
-
-# found an invalid CRL at crl distribution point
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-# {2} the url of the distribution point
-CertPathReviewer.onlineInvalidCRL.title = Outdated CRL at CRL distribution point
-CertPathReviewer.onlineInvalidCRL.text = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}.
-CertPathReviewer.onlineInvalidCRL.summary = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}.
-CertPathReviewer.onlineInvalidCRL.details = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}.
-
-#found a CRL at a crl distribution point, but issued by another CA
-# {0} issuer of the CRL
-# {1} expected issuer
-# {2} the url of the distribution point
-CertPathReviewer.onlineCRLWrongCA.title = CRL from wrong issuer at CRL distribution point
-CertPathReviewer.onlineCRLWrongCA.text = The CRL loaded from {2} has was issued by {0}, excpected {1}.
-CertPathReviewer.onlineCRLWrongCA.summary = The CRL loaded from {2} has a wrong issuer.
-CertPathReviewer.onlineCRLWrongCA.details = The CRL loaded from {2} has was issued by {0}, excpected {1}.
-
-# Certificate not revoked
-CertPathReviewer.notRevoked.title = Certificate not revoked
-CertPathReviewer.notRevoked.text = The certificate was not revoked.
-CertPathReviewer.notRevoked.summary = The certificate was not revoked.
-CertPathReviewer.notRevoked.details = The certificate was not revoked.
-
-# CRL found: certificate was revoked, but after the validationDate
-# {0} the date the certificate was revoked
-# {1} the reason for revoking the certificate
-CertPathReviewer.revokedAfterValidation.title = Certificate was revoked after the validation date
-CertPathReviewer.revokedAfterValidation.text = The certificate was revoked after the validation date at {0,date} {0,time,full}. Reason: {1}.
-CertPathReviewer.revokedAfterValidation.summary = The certificate was revoked after the validation date at {0,date} {0,time,full}.
-CertPathReviewer.revokedAfterValidation.details = The certificate was revoked after the validation date at {0,date} {0,time,full}. Reason: {1}.
-
-# updated crl available
-# {0} date since when the update is available
-CertPathReviewer.crlUpdateAvailable.title = CRL update available
-CertPathReviewer.crlUpdateAvailable.text = An update for the CRL of this certificate is available since {0,date} {0,time,full}.
-CertPathReviewer.crlUpdateAvailable.summary = An update for the CRL of this certificate is available since {0,date} {0,time,full}.
-CertPathReviewer.crlUpdateAvailable.details = An update for the CRL of this certificate is available since {0,date} {0,time,full}.
-
-# crl distribution point url
-# {0} the crl distribution point url as String
-CertPathReviewer.crlDistPoint.title = CRL distribution point
-CertPathReviewer.crlDistPoint.text = A CRL can be obtained from: {0}.
-CertPathReviewer.crlDistPoint.summary = A CRL can be obtained from: {0}.
-CertPathReviewer.crlDistPoint.details = A CRL can be obtained from: {0}.
-
-# ocsp location
-# {0} the url on which the ocsp service can be found
-CertPathReviewer.ocspLocation.title = OCSP responder location
-CertPathReviewer.ocspLocation.text = OCSP responder location: {0}.
-CertPathReviewer.ocspLocation.summary = OCSP responder location: {0}.
-CertPathReviewer.ocspLocation.details = OCSP responder location: {0}.
-
-# unable to get crl from crl distribution point
-# {0} the url of the distribution point
-# {1} the message of the occurred exception
-# {2} the occurred exception
-# {3} the name of the exception
-CertPathReviewer.loadCrlDistPointError.title = Cannot load CRL from CRL distribution point
-CertPathReviewer.loadCrlDistPointError.text = Unable to load a CRL from: {0}. A {3} occurred.
-CertPathReviewer.loadCrlDistPointError.summary = Unable to load a CRL from: {0}. A {3} occurred.
-CertPathReviewer.loadCrlDistPointError.details = Unable to load a CRL from: {0}. A {3} occurred. Cause: {1}.
-
-# no crl found in certstores
-# {0} the issuers which we searched for
-# {1} list of crl issuer names that are found in the certstores
-# {2} number of crls in the certstores
-CertPathReviewer.noCrlInCertstore.title = No matching CRL found in local CRL store
-CertPathReviewer.noCrlInCertstore.text = No matching CRL was found in the provided local CRL store.
-CertPathReviewer.noCrlInCertstore.summary = No matching CRL was found in the provided local CRL store.
-CertPathReviewer.noCrlInCertstore.details = No matching CRL was found in the provided local CRL store. \
-No CRL was found for the selector "{0}". The {2} CRL(s) in the certstores are from "{1}".
-
-
-## check CRL exceptions
-
-# cannot extract issuer from certificate
-CertPathReviewer.crlIssuerException.title = CRL checking failed
-CertPathReviewer.crlIssuerException.text = CRL checking failed: cannot extract issuer from certificate.
-CertPathReviewer.crlIssuerException.summary = CRL checking failed: cannot extract issuer from certificate.
-CertPathReviewer.crlIssuerException.details = CRL checking failed: cannot extract issuer from certificate.
-
-# cannot extract crls
-# {0} message from the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.crlExtractionError.title = CRL checking failed
-CertPathReviewer.crlExtractionError.text = CRL checking failed: Cannot extract CRL from CertStore. There was a {2}.
-CertPathReviewer.crlExtractionError.summary = CRL checking failed: Cannot extract CRL from CertStore. There was a {2}.
-CertPathReviewer.crlExtractionError.details = CRL checking failed: Cannot extract CRL from CertStore. There was a {2}. Cause: {0}.
-
-# Issuer certificate key usage extension does not permit crl signing
-CertPathReviewer.noCrlSigningPermited.title = CRL checking failed
-CertPathReviewer.noCrlSigningPermited.text = CRL checking failed: issuer certificate does not permit CRL signing.
-CertPathReviewer.noCrlSigningPermited.summary = CRL checking failed: issuer certificate does not permit CRL signing.
-CertPathReviewer.noCrlSigningPermited.details = CRL checking failed: issuer certificate does not permit CRL signing.
-
-# can not verify crl: issuer public key unknown
-CertPathReviewer.crlNoIssuerPublicKey.title = CRL checking failed
-CertPathReviewer.crlNoIssuerPublicKey.text = CRL checking failed: Can not verify the CRL: Issuer public key is unknown.
-CertPathReviewer.crlNoIssuerPublicKey.summary = CRL checking failed: Can not verify the CRL: Issuer public key is unknown.
-CertPathReviewer.crlNoIssuerPublicKey.details = CRL checking failed: Can not verify the CRL: Issuer public key is unknown.
-
-# crl verification failed
-CertPathReviewer.crlVerifyFailed.title = CRL checking failed
-CertPathReviewer.crlVerifyFailed.text = CRL checking failed: CRL signature is invalid.
-CertPathReviewer.crlVerifyFailed.summary = CRL checking failed: CRL signature is invalid.
-CertPathReviewer.crlVerifyFailed.details = CRL checking failed: CRL signature is invalid.
-
-# no valid CRL found
-CertPathReviewer.noValidCrlFound.title = CRL checking failed
-CertPathReviewer.noValidCrlFound.text = CRL checking failed: no valid CRL found.
-CertPathReviewer.noValidCrlFound.summary = CRL checking failed: no valid CRL found.
-CertPathReviewer.noValidCrlFound.details = CRL checking failed: no valid CRL found.
-
-# No base CRL for delta CRL
-CertPathReviewer.noBaseCRL.title = CRL checking failed
-CertPathReviewer.noBaseCRL.text = CRL checking failed: no base CRL found for delta CRL.
-CertPathReviewer.noBaseCRL.summary = CRL checking failed: no base CRL found for delta CRL.
-CertPathReviewer.noBaseCRL.details = CRL checking failed: no base CRL found for delta CRL.
-
-# certificate revoked
-# {0} the date the certificate was revoked
-# {1} the reason for revoking the certificate
-CertPathReviewer.certRevoked.title = Certificate was revoked
-CertPathReviewer.certRevoked.text = The certificate was revoked at {0,date} {0,time,full}. Reason: {1}.
-CertPathReviewer.certRevoked.summary = The certificate was revoked at {0,date} {0,time,full}.
-CertPathReviewer.certRevoked.details = The certificate was revoked at {0,date} {0,time,full}. Reason: {1}.
-
-# error processing issuing distribution point extension
-CertPathReviewer.distrPtExtError.title = CRL checking failed
-CertPathReviewer.distrPtExtError.text = CRL checking failed: there was an error processing the issuing distribution point extension. 
-CertPathReviewer.distrPtExtError.summary = Error processing the issuing distribution point extension.
-CertPathReviewer.distrPtExtError.details = CRL checking failed: there was an error processing the issuing distribution point extension.
-
-# error processing crl distribution points extension
-CertPathReviewer.crlDistPtExtError.title = CRL checking failed
-CertPathReviewer.crlDistPtExtError.text = CRL checking failed: there was an error processing the crl distribution points extension.
-CertPathReviewer.crlDistPtExtError.summary = Error processing the crl distribution points extension.
-CertPathReviewer.crlDistPtExtError.details = CRL checking failed: there was an error processing the crl distribution points extension.
-
-# error processing the authority info access extension
-CertPathReviewer.crlAuthInfoAccError.title = CRL checking failed
-CertPathReviewer.crlAuthInfoAccError.text = CRL checking failed: there was an error processing the authority info access extension.
-CertPathReviewer.crlAuthInfoAccError.summary = Error processing the authority info access extension.
-CertPathReviewer.crlAuthInfoAccError.details = CRL checking failed: there was an error processing the authority info access extension.
-
-# error processing delta crl indicator extension
-CertPathReviewer.deltaCrlExtError.title = CRL checking failed
-CertPathReviewer.deltaCrlExtError.text = CRL checking failed: there was an error processing the delta CRL indicator extension. 
-CertPathReviewer.deltaCrlExtError.summary = Error processing the delta CRL indicator extension.
-CertPathReviewer.deltaCrlExtError.details = CRL checking failed: there was an error processing the delta CRL indicator extension.
-
-# error porcessing crl number extension
-CertPathReviewer.crlNbrExtError.title = CRL checking failed
-CertPathReviewer.crlNbrExtError.text = CRL checking failed: there was an error processing the CRL number extension.
-CertPathReviewer.crlNbrExtError.summary = Error processing the CRL number extension.
-CertPathReviewer.crlNbrExtError.details = CRL checking failed: there was an error processing the CRL number extension.
-
-# error processing crl reason code extension
-CertPathReviewer.crlReasonExtError.title = CRL checking failed
-CertPathReviewer.crlReasonExtError.text = CRL checking failed: there was an error processing the CRL reason code extension.
-CertPathReviewer.crlReasonExtError.summary = Error processing the CRL reason code extension.
-CertPathReviewer.crlReasonExtError.details = CRL checking failed: there was an error processing the CRL reason code extension.
-
-# error processing basic constraints extension
-CertPathReviewer.crlBCExtError.title = CRL checking failed
-CertPathReviewer.crlBCExtError.text = CRL checking failed: there was an error processing the basic constraints extension.
-CertPathReviewer.crlBCExtError.summary = Error processing the basic constraints extension.
-CertPathReviewer.crlBCExtError.details = CRL checking failed: there was an error processing the basic constraints extension.
-
-# CA Cert CRL only contains user certificates
-CertPathReviewer.crlOnlyUserCert.title = CRL checking failed
-CertPathReviewer.crlOnlyUserCert.text = CRL checking failed: CRL only contains user certificates.
-CertPathReviewer.crlOnlyUserCert.summary = CRL checking failed: CRL only contains user certificates.
-CertPathReviewer.crlOnlyUserCert.details = CRL checking failed: CRL for CA certificate only contains user certificates.
-
-# End CRL only contains CA certificates
-CertPathReviewer.crlOnlyCaCert.title = CRL checking failed
-CertPathReviewer.crlOnlyCaCert.text = CRL checking failed: CRL only contains CA certificates.
-CertPathReviewer.crlOnlyCaCert.summary = CRL checking failed: CRL only contains CA certificates.
-CertPathReviewer.crlOnlyCaCert.details = CRL checking failed: CRL for end certificate only contains CA certificates.
-
-# onlyContainsAttributeCerts boolean is asserted
-CertPathReviewer.crlOnlyAttrCert.title = CRL checking failed
-CertPathReviewer.crlOnlyAttrCert.text = CRL checking failed: CRL only contains attribute certificates.
-CertPathReviewer.crlOnlyAttrCert.summary = CRL checking failed: CRL only contains attribute certificates.
-CertPathReviewer.crlOnlyAttrCert.details = CRL checking failed: CRL only contains attribute certificates.
-
-
-## QcStatement notifications
-
-# unkown statement
-# {0} statement OID
-# {1} statement as ANS1Sequence
-CertPathReviewer.QcUnknownStatement.title = Unknown statement in QcStatement extension 
-CertPathReviewer.QcUnknownStatement.text = Unknown statement in QcStatement extension: OID = {0}
-CertPathReviewer.QcUnknownStatement.summary = Unknown statement in QcStatement extension: OID = {0}
-CertPathReviewer.QcUnknownStatement.details = Unknown statement in QcStatement extension: OID = {0}, statement = {1}
-
-# QcLimitValue Alpha currency code
-# {0} currency code
-# {1} limit value
-# {2} monetary value as MonetaryValue
-CertPathReviewer.QcLimitValueAlpha.title = Transaction Value Limit
-CertPathReviewer.QcLimitValueAlpha.text = This certificate has a limit for the transaction value: {1,number, ###,###,###,##0.00#} {0}.
-CertPathReviewer.QcLimitValueAlpha.summary = Transaction value limit: {1,number, ###,###,###,##0.00#} {0}.
-CertPathReviewer.QcLimitValueAlpha.details = This certificate has a limitation on the value of transaction for which this certificate can be used to the specified amount, according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. The limit for this certificate is {1,number, ###,###,###,##0.00#} {0}.
-
-# QcLimitValue Numeric currency code
-# {0} currency code
-# {1} limit value
-# {2} monetary value as MonetaryValue
-CertPathReviewer.QcLimitValueNum.title = Transaction Value Limit
-CertPathReviewer.QcLimitValueNum.text = This certificate has a limit for the transaction value: {1,number, ###,###,###,##0.00#} of currency {0} (See RFC 4217 for currency codes).
-CertPathReviewer.QcLimitValueNum.summary = Transaction value limit: {1,number, ###,###,###,##0.00#} of currency {0} (See RFC 4217 for currency codes).
-CertPathReviewer.QcLimitValueNum.details = This certificate has a limitation on the value of transaction for which this certificate can be used to the specified amount, according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. The limit for this certificate is {1,number, ###,###,###,##0.00#} of currency {0} (See RFC 4217 for currency codes).
-
-# QcSSCD
-CertPathReviewer.QcSSCD.title = QcSSCD Statement
-CertPathReviewer.QcSSCD.text = (SSCD) The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
-CertPathReviewer.QcSSCD.summary = (SSCD) The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
-CertPathReviewer.QcSSCD.details = (SSCD) The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
-
-# QcEuCompliance
-CertPathReviewer.QcEuCompliance.title = Qualified Certificate
-CertPathReviewer.QcEuCompliance.text = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate.
-CertPathReviewer.QcEuCompliance.summary = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate.
-CertPathReviewer.QcEuCompliance.details = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. 
-
-## QcStatement errors
-
-# error processing the QcStatement extension
-CertPathReviewer.QcStatementExtError.title = Error processing the qc statements extension
-CertPathReviewer.QcStatementExtError.text = Error processing the qc statements extension.
-CertPathReviewer.QcStatementExtError.summary = Error processing the qc statements extension.
-CertPathReviewer.QcStatementExtError.details = Error processing the qc statements extension.
-
-## unknown/generic errors
-CertPathReviewer.unknown.title = Unexpected Error 
-CertPathReviewer.unknown.text = Unexpected Error {0}
-CertPathReviewer.unknown.summary = Unexpected Error 
-CertPathReviewer.unknown.details = Unexpected Error {0}
-
-#
-# crl reasons
-#
-unspecified = Unspecified
-keyCompromise = Key Compromise
-cACompromise = CA Compromise
-affiliationChanged = Affiliation Changed
-superseded = Superseded
-cessationOfOperation = Cessation of Operation
-certificateHold = Certificate Hold
-unknown = Unknown
-removeFromCRL = Remove from CRL
-privilegeWithdrawn = Privilege Withdrawn
-aACompromise = AA Compromise
-
-#
-#
-#
-missingIssuer = The missing certificate was issued by
-missingSerial = with the serial number
- 
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages_de.properties b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages_de.properties
deleted file mode 100644
index b9398ea94..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages_de.properties
+++ /dev/null
@@ -1,621 +0,0 @@
-
-## constructor exceptions 
-
-# cert path is empty
-CertPathReviewer.emptyCertPath.title = Zertifizierungspfad ist leer
-CertPathReviewer.emptyCertPath.text = PKIXCertPathReviewer: der Zertifizierungspfad ist leer.
-CertPathReviewer.emptyCertPath.summary = PKIXCertPathReviewer: der Zertifizierungspfad ist leer.
-CertPathReviewer.emptyCertPath.details = PKIXCertPathReviewer: der Zertifizierungspfad ist leer.
-
-## name constraints processing errors
-
-# cert DN is not in the permitted tree
-# {0} DN as String 
-CertPathReviewer.notPermittedDN.title = Fehler bei der Namensbeschränkung: Zertifikats DN ist nicht erlaubt
-CertPathReviewer.notPermittedDN.text = Fehler bei der Namensbeschränkung: Der Zertifikats DN {0} ist nicht erlaubt.
-CertPathReviewer.notPermittedDN.summary = Fehler bei der Namensbeschränkung: Der Zertifikats DN ist nicht erlaubt.
-CertPathReviewer.notPermittedDN.details = Fehler bei der Namensbeschränkung: Der Zertifikats DN {0} ist nicht im Set der erlaubten DNs.
-
-# cert DN is in the excluded tree
-# {0} DN as String
-CertPathReviewer.excludedDN.title = Fehler bei der Namensbeschränkung: Zertifikats DN ist ausgeschlossen
-CertPathReviewer.excludedDN.text = Fehler bei der Namensbeschränkung: Der Zertifikats DN {0} ist ausgeschlossen.
-CertPathReviewer.excludedDN.summary = Fehler bei der Namensbeschränkung: Der Zertifikats DN ist ausgeschlossen
-CertPathReviewer.excludedDN.details = Fehler bei der Namensbeschränkung: Der Zertifikats DN ist {0} is innerhalb des Sets von ausgeschlossenen DNs.
-
-# cert email is not in the permitted tree
-# {0} email address as String
-CertPathReviewer.notPermittedEmail.title = Fehler bei der Namensbeschränkung: nicht erlaubte Email Addresse
-CertPathReviewer.notPermittedEmail.text = Fehler bei der Namensbeschränkung: Das Zertifikat enthält die nicht erlaubte Email Addresse {0}.
-CertPathReviewer.notPermittedEmail.summary = Fehler bei der Namensbeschränkung: Die Email Addresse ist nicht erlaubt.
-CertPathReviewer.notPermittedEmail.details = Fehler bei der Namensbeschränkung: Das Zertifikat enthält die Email Addresse {0}, welche nicht im Set der erlaubten Email Addressen ist.
-
-# cert email is in the excluded tree
-# {0} email as String
-CertPathReviewer.excludedEmail.title = Fehler bei der Namensbeschränkung: Email Addresse ausgeschlossen
-CertPathReviewer.excludedEmail.text = Fehler bei der Namensbeschränkung: Die Email Addresse {0} im Zertifikat ist ausgeschlossen. 
-CertPathReviewer.excludedEmail.summary = Fehler bei der Namensbeschränkung: Die Email Addresse ist ausgeschlossen.
-CertPathReviewer.excludedEmail.details = Fehler bei der Namensbeschränkung: Das Zertifikat enthält die Email Addresse {0}, welche im Set der ausgeschlossenen Email Addressen ist.
-
-# cert IP is not in the permitted tree
-# {0} ip address as String
-CertPathReviewer.notPermittedIP.title = Fehler bei der Namensbeschränkung: nicht erlaubte IP Addresse
-CertPathReviewer.notPermittedIP.text = Fehler bei der Namensbeschränkung: Das Zertifikat enthält die nicht erlaubte IP Addresse {0}.
-CertPathReviewer.notPermittedIP.summary = Fehler bei der Namensbeschränkung: Die IP Addresse ist nicht erlaubt.
-CertPathReviewer.notPermittedIP.details = Fehler bei der Namensbeschränkung: Das Zertifikat enthält die IP Addresse {0}, welche nicht im Set der erlaubten IP Addressen ist.
-
-# cert ip is in the excluded tree
-# {0} ip address as String
-CertPathReviewer.excludedIP.title = Fehler bei der Namensbeschränkung: Ausgeschlossene IP Addresse
-CertPathReviewer.excludedIP.text = Fehler bei der Namensbeschränkung: Das Zertifikat enhält die ausgeschlossene IP Addresse {0}.
-CertPathReviewer.excludedIP.summary = Fehler bei der Namensbeschränkung: Die IP Addresse im Zertifikat ist ausgeschlossen.
-CertPathReviewer.excludedIP.details = Fehler bei der Namensbeschränkung: Das Zertifikat enthält die IP Addresse {0}, welche im Set der ausgeschlossenen IP Addressen ist.
-
-# error processing the name constraints extension
-CertPathReviewer.ncExtError.title = Prüfen der Namensbeschränkungen fehlgeschlagen
-CertPathReviewer.ncExtError.text = Prüfen der Namensbeschränkungen fehlgeschlagen: Es gab Fehler bei der Verarbeitung der Name Constraints Erweiterung des Zertifikats.
-CertPathReviewer.ncExtError.summary = Prüfen der Namensbeschränkungen fehlgeschlagen: Fehler bei der Verarbeitung der Name Constraints Erweiterung.
-CertPathReviewer.ncExtError.details = Prüfen der Namensbeschränkungen fehlgeschlagen: Es gab Fehler bei der Verarbeitung der Name Constraints Erweiterung des Zertifikats.
-
-# error processing the subject alternative name extension
-CertPathReviewer.subjAltNameExtError.title = Prüfen der Namensbeschränkungen fehlgeschlagen
-CertPathReviewer.subjAltNameExtError.text = Prüfen der Namensbeschränkungen fehlgeschlagen: Es gab Fehler bei der Verarbeitung der Subject Alternative Name Erweiterung des Zertifikats.
-CertPathReviewer.subjAltNameExtError.summary = Prüfen der Namensbeschränkungen fehlgeschlagen: Fehler bei der Verarbeitung der Subject Alternative Name Erweiterung.
-CertPathReviewer.subjAltNameExtError.details = Prüfen der Namensbeschränkungen fehlgeschlagen: Es gab Fehler bei der Verarbeitung der Subject Alternative Name Erweiterung des Zertifikats.
-
-# exception extracting subject name when checking subtrees
-# {0} subject Principal
-CertPathReviewer.ncSubjectNameError.title = Prüfen der Namensbeschränkungen fehlgeschlagen
-CertPathReviewer.ncSubjectNameError.text = Prüfen der Namensbeschränkungen fehlgeschlagen: Es gab einen Fehler beim auslesen des DN des Zertifikats.
-CertPathReviewer.ncSubjectNameError.summary = Prüfen der Namensbeschränkungen fehlgeschlagen: Fehler beim auslesen des DNs.
-CertPathReviewer.ncSubjectNameError.details = Prüfen der Namensbeschränkungen fehlgeschlagen: Es gab einen Fehler beim auslesen des DN des Zertifikats.
-
-
-## path length errors
-
-# max path length extended
-CertPathReviewer.pathLenghtExtended.title = Maximale Pfadlänge überschritten 
-CertPathReviewer.pathLenghtExtended.text = Zertifizierungspfad ungültig: die Maximale Pfadlänge ist überschritten.
-CertPathReviewer.pathLenghtExtended.summary = Zertifizierungspfad ungültig: die Maximale Pfadlänge ist überschritten.
-CertPathReviewer.pathLenghtExtended.details = Zertifizierungspfad ungültig: die Maximale Pfadlänge ist überschritten.
-
-# error reading length constraint from basic constraint extension
-CertPathReviewer.processLengthConstError.title = Prüfen der Pfadlänge fehlgeschlagen
-CertPathReviewer.processLengthConstError.text = Prüfen der Pfadlänge fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der subject alternative name Erweiterung des Zertifikats. 
-CertPathReviewer.processLengthConstError.summary = Fehler bei der Verarbeitung der subject alternative name Erweiterung.
-CertPathReviewer.processLengthConstError.details = Prüfen der Pfadlänge fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der subject alternative name Erweiterung des Zertifikats.
-
-
-## path length notifications
-
-# total path length as defined in rfc 3280
-# {0} the path length as Integer
-CertPathReviewer.totalPathLength.title = Totale Pfadlänge
-CertPathReviewer.totalPathLength.text = Die totale Pfadlänge ohne self-signed Zertifikate ist {0}.
-CertPathReviewer.totalPathLength.summary = Die totale Pfadlänge ohne self-signed Zertifikate ist {0}.
-CertPathReviewer.totalPathLength.details = Die totale Pfadlänge ohne self-signed Zertifikate, wie beschrieben in RFC 3280, ist {0}.
-
-
-## critical extensions errors
-
-# one unknown critical extension
-# {0} extension as String
-CertPathReviewer.unknownCriticalExt.title = Unbekannte kritische Erweiterung
-CertPathReviewer.unknownCriticalExt.text = Das Zertifikat enhält eine unbekannte kritische Erweiterung mit der OID {0}.
-CertPathReviewer.unknownCriticalExt.summary = Unbekannte kritische Erweiterung: {0}.
-CertPathReviewer.unknownCriticalExt.details = Das Zertifikat enhält eine unbekannte kritische Erweiterung mit der OID {0}.
-
-# more unknown critical extensions
-# {0} extensions as Set of Strings
-CertPathReviewer.unknownCriticalExts.title = Unbekannte kritische Erweiterung
-CertPathReviewer.unknownCriticalExts.text = Das Zertifikat enhält zwei oder mehr unbekannte kritische Erweiterungen mit den OIDs {0}.
-CertPathReviewer.unknownCriticalExts.summary = Unbekannte kritische Erweiterungen: {0}.
-CertPathReviewer.unknownCriticalExts.details = Das Zertifikat enhält zwei oder mehr unbekannte kritische Erweiterungen mit den OIDs {0}.
-
-# error processing critical extension
-# {0} the message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.criticalExtensionError.title = Fehler bei der Verarbeitung einer kritischen Erweiterung
-CertPathReviewer.criticalExtensionError.text = Fehler bei der Verarbeitung einer kritischen Erweiterung. Es gab eine {2}.
-CertPathReviewer.criticalExtensionError.summary = Fehler bei der Verarbeitung einer kritischen Erweiterung. Es gab eine {2}.
-CertPathReviewer.criticalExtensionError.details = Fehler bei der Verarbeitung einer kritischen Erweiterung. Es gab eine {2}. Grund: {0}.
-
-# error initializing the certpath checkers
-# {0} the message of the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.certPathCheckerError.title = Prüfen der kritischen Erweiterungen fehlgeschlagen
-CertPathReviewer.certPathCheckerError.text = Prüfen der kritischen Erweiterungen fehlgeschlagen: Es gab eine {2} bei der Initialisierung eines CertPathChecker.
-CertPathReviewer.certPathCheckerError.summary = Prüfen der kritischen Erweiterungen fehlgeschlagen: {2} bei der Initialisierung eines CertPathChecker.
-CertPathReviewer.certPathCheckerError.details = Prüfen der kritischen Erweiterungen fehlgeschlagen: Es gab eine {2} bei der Initialisierung eines CertPathChecker. Grund: {0}
-
-
-## check signature errors
-
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.title = rootKeyIsValidButNotATrustAnchor
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.text = Das Zertifikat hat eine gültige Signatur, ist aber kein vertrauenswürdiges Root Zertifikat.
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.summary = Das Zertifikat hat eine gültige Signatur, ist aber kein vertrauenswürdiges Root Zertifikat.
-CertPathReviewer.rootKeyIsValidButNotATrustAnchor.details = Das Zertifikat hat eine gültige Signatur, ist aber kein vertrauenswürdiges Root Zertifikat.
-
-# trustanchor found, but certificate validation failed
-CertPathReviewer.trustButInvalidCert.title = Vertrauenswürdiges Root Zertifikat invalid
-CertPathReviewer.trustButInvalidCert.text = Ein Root Zertifikat wurde gefunden. Es hat aber einen anderen öffentlichen Schlüssel als verwendet wurde um das erste Zertifikat des Zertifizierungspfades zu signieren.
-CertPathReviewer.trustButInvalidCert.summary = Ein Root Zertifikat wurde gefunden. Es hat aber einen anderen öffentlichen Schlüssel als verwendet wurde um das erste Zertifikat des Zertifizierungspfades zu signieren.
-CertPathReviewer.trustButInvalidCert.details = Ein Root Zertifikat wurde gefunden. Es hat aber einen anderen öffentlichen Schlüssel als verwendet wurde um das erste Zertifikat des Zertifizierungspfades zu signieren.
-
-# trustanchor - cannot extract issuer
-CertPathReviewer.trustAnchorIssuerError.title = Kann kein vertrauenswürdiges Root Zertifikat finden
-CertPathReviewer.trustAnchorIssuerError.text = Kann kein vertrauenswürdiges Root Zertifikat finden: Der Herausgeber vom Zertifikat kann nicht auslesen werden.
-CertPathReviewer.trustAnchorIssuerError.summary = Kann kein vertrauenswürdiges Root Zertifikat finden: Der Herausgeber vom Zertifikat kann nicht auslesen werden.
-CertPathReviewer.trustAnchorIssuerError.details = Kann kein vertrauenswürdiges Root Zertifikat finden: Der Herausgeber vom Zertifikat kann nicht auslesen werden.
-
-# no trustanchor was found for the certificate path
-# {0} issuer of the root certificate of the path
-# {1} number of trusted root certificates (trustanchors) provided
-CertPathReviewer.noTrustAnchorFound.title = Kein vertrauenswürdiges Root Zertifikat gefunden
-CertPathReviewer.noTrustAnchorFound.text = Das Root Zertifikat der Zertifizierungspfads wurde nicht von einer vertrauenswürdigen CA ausgestellt. Der Name der CA ist "{0}".
-CertPathReviewer.noTrustAnchorFound.summary = Das Root Zertifikat der Zertifizierungspfads wurde nicht von einer vertrauenswürdigen CA ausgestellt.
-CertPathReviewer.noTrustAnchorFound.details = Das Root Zertifikat der Zertifizierungspfads wurde nicht von einer vertrauenswürdigen CA ausgestellt. Der Name der CA ist "{0}". Der Root-Zertifikat-Speicher enthält {1} CA(s).
-
-# conflicting trust anchors
-# {0} number of trustanchors found (Integer)
-# {1} the ca name
-CertPathReviewer.conflictingTrustAnchors.title = Korrupter Root-Zertifikat-Speicher
-CertPathReviewer.conflictingTrustAnchors.text = Warnung: Es sind {0} öffentliche Schlüssel für die CA "{1}" im Root-Zertifikat-Speicher vorhanden - bitte prüfen Sie mit der CA welches der richtige Schlüssel ist.
-CertPathReviewer.conflictingTrustAnchors.summary = Warnung: Es sind {0} öffentliche Schlüssel für die CA "{1}" im Root-Zertifikat-Speicher vorhanden - bitte prüfen Sie mit der CA welches der richtige Schlüssel ist.
-CertPathReviewer.conflictingTrustAnchors.details = Warnung: Es sind {0} öffentliche Schlüssel für die CA "{1}" im Root-Zertifikat-Speicher vorhanden - bitte prüfen Sie mit der CA welches der richtige Schlüssel ist.
-
-# trustanchor DN is invalid
-# {0} DN of the Trustanchor
-CertPathReviewer.trustDNInvalid.title = DN des vertrauenswürdigen Root Zertifikats mit falschem Format.
-CertPathReviewer.trustDNInvalid.text = Der DN des vertrauenswürdigen Root Zertifikats hat ein falsches Format: {0}.
-CertPathReviewer.trustDNInvalid.summary = Der DN des vertrauenswürdigen Root Zertifikats hat ein falsches Format: {0}.
-CertPathReviewer.trustDNInvalid.details = Der DN des vertrauenswürdigen Root Zertifikats hat ein falsches Format: {0}. Es ist kein gültiger X.500 Name. Siehe RFC 1779 oder RFC 2253. 
-
-# trustanchor public key algorithm error
-CertPathReviewer.trustPubKeyError.title = Fehler bei der Verarbeitung des öffentlichen Schlüssels der vertrauenswürdigen Root Zertifikats
-CertPathReviewer.trustPubKeyError.text = Fehler bei der Verarbeitung des öffentlichen Schlüssels der vertrauenswürdigen Root Zertifikats.
-CertPathReviewer.trustPubKeyError.summary = Fehler bei der Verarbeitung des öffentlichen Schlüssels der vertrauenswürdigen Root Zertifikats.
-CertPathReviewer.trustPubKeyError.details = Fehler bei der Verarbeitung des öffentlichen Schlüssels der vertrauenswürdigen Root Zertifikats. Der AlorithmIdentifier vom Schlüssel kann nicht ausgelesen werden.
-
-# can not verifiy signature: issuer public key unknown
-CertPathReviewer.NoIssuerPublicKey.title = Zertifikats Signatur kann nicht geprüft werden 
-CertPathReviewer.NoIssuerPublicKey.text = Die Zertifikats Signatur kann nicht geprüft werden: Der öffentliche Schlüssel des Herausgebers ist unbekannt.
-CertPathReviewer.NoIssuerPublicKey.summary = Die Zertifikats Signatur kann nicht geprüft werden: Der öffentliche Schlüssel des Herausgebers ist unbekannt.
-CertPathReviewer.NoIssuerPublicKey.details = Die Zertifikats Signatur kann nicht geprüft werden: Der öffentliche Schlüssel des Herausgebers ist unbekannt.
-
-# signature can not be verified
-# {0} message of the underlying exception (english)
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.signatureNotVerified.title = Zertifikats Signatur ist ungültig
-CertPathReviewer.signatureNotVerified.text = Die Zertifikats Signatur ist ungültig. Es gab eine {2}.
-CertPathReviewer.signatureNotVerified.summary = Die Zertifikats Signatur ist ungültig.
-CertPathReviewer.signatureNotVerified.details = Die Zertifikats Signatur ist ungültig. Es gab eine {2}. Grund: {0}
-
-# certificate expired
-# {0} the date the certificate expired 
-CertPathReviewer.certificateExpired.title = Zertifikat ist abgelaufen
-CertPathReviewer.certificateExpired.text = Das Zertifikat ist ungültig. Es ist am {0,date} {0,time,full} abgelaufen.
-CertPathReviewer.certificateExpired.summary = Das Zertifikat ist abgelaufen am {0,date} {0,time,full}.
-CertPathReviewer.certificateExpired.details = Das Zertifikat ist ungültig. Es ist am {0,date} {0,time,full} abgelaufen. 
-
-# certificate not yet valid
-# {0} the date from which on the certificate is valid
-CertPathReviewer.certificateNotYetValid.title = Das Zertifikat ist noch nicht gültig
-CertPathReviewer.certificateNotYetValid.text = Das Zertifikat ist ungültig. Es ist erst gültig ab {0,date} {0,time,full}.
-CertPathReviewer.certificateNotYetValid.summary = Das Zertifikat ist nicht gültig bis {0,date} {0,time,full}.
-CertPathReviewer.certificateNotYetValid.details = Das Zertifikat ist ungültig. Es ist erst gültig ab {0,date} {0,time,full}. 
-
-# certificate invalid issuer DN
-# {0} expected issuer DN as String
-# {1} found issuer DN as String
-CertPathReviewer.certWrongIssuer.title = Falscher Herausgeber
-CertPathReviewer.certWrongIssuer.text = Das Herausgeber des Zertifikats ist ungültig. Erwartet {0}, gefunden {1}. 
-CertPathReviewer.certWrongIssuer.summary = Das Herausgeber des Zertifikats ist ungültig. 
-CertPathReviewer.certWrongIssuer.details = Das Herausgeber des Zertifikats ist ungültig. Erwartet {0}, gefunden {1}.
-
-# intermediate certificate is no ca cert
-CertPathReviewer.noCACert.title = Zertifikat ist kein CA Zertifikat
-CertPathReviewer.noCACert.text = Das Zertifikat ist kein CA Zertifikat.
-CertPathReviewer.noCACert.summary = Das Zertifikat ist kein CA Zertifikat.
-CertPathReviewer.noCACert.details = Das Zertifikat ist kein CA Zertifikat, wird aber wie eines gebraucht.
-
-# cert laks basic constraints
-CertPathReviewer.noBasicConstraints.title = Zertifikat hat keine Basiseinschränkungen
-CertPathReviewer.noBasicConstraints.text = Das Zertifikat hat keine Basiseinschränkungen.
-CertPathReviewer.noBasicConstraints.summary = Das Zertifikat hat keine Basiseinschränkungen.
-CertPathReviewer.noBasicConstraints.details = Das Zertifikat hat keine Basiseinschränkungen.
-
-# error processing basic constraints
-CertPathReviewer.errorProcesingBC.title = Fehler bei der Verarbeitung der Basiseinschränkungen
-CertPathReviewer.errorProcesingBC.text = Es gab einen Fehler bei der Verarbeitung der Basiseinschränkungen des Zertifikats.
-CertPathReviewer.errorProcesingBC.summary = Fehler bei der Verarbeitung der Basiseinschränkungen 
-CertPathReviewer.errorProcesingBC.details = Es gab einen Fehler bei der Verarbeitung der Basiseinschränkungen des Zertifikats.
-
-# certificate not usable for signing certs
-CertPathReviewer.noCertSign.title = Schlüssel nicht nutzbar für Zertifikatssignaturen
-CertPathReviewer.noCertSign.text = Der Schlüssel kann nicht zum Signieren von Zertifikaten verwendet werden.
-CertPathReviewer.noCertSign.summary = Der Schlüssel kann nicht zum Signieren von Zertifikaten verwendet werden.
-CertPathReviewer.noCertSign.details = Der Schlüssel kann nicht zum Signieren von Zertifikaten verwendet werden.
-
-# error processing public key
-CertPathReviewer.pubKeyError.title = Fehler bei der Verarbeitung des öffentlichen Schlüssels
-CertPathReviewer.pubKeyError.text = Fehler bei der Verarbeitung des öffentlichen Schlüssels des Zertifikats.
-CertPathReviewer.pubKeyError.summary = Fehler bei der Verarbeitung des öffentlichen Schlüssels des Zertifikats.
-CertPathReviewer.pubKeyError.details = Fehler bei der Verarbeitung des öffentlichen Schlüssels des Zertifikats. Der AlorithmIdentifier konnte nicht extrahiert werden.
-
-
-## check signatures notifications
-
-#
-# trust anchor has no keyusage certSign
-CertPathReviewer.trustKeyUsage.title = Root-Zertifikat Schlüsselverwendung
-CertPathReviewer.trustKeyUsage.text = Das Root-Zertifikat darf nicht zum Signieren von Zertifikaten verwendet werden.
-CertPathReviewer.trustKeyUsage.summary = Das Root-Zertifikat darf nicht zum Signieren von Zertifikaten verwendet werden.
-CertPathReviewer.trustKeyUsage.details = Das Root-Zertifikat darf nicht zum Signieren von Zertifikaten verwendet werden.
-
-# certificate path validation date
-# {0} date for which the cert path is validated
-# {1} current date
-CertPathReviewer.certPathValidDate.title = Datum der Zertifikatspfad Validierung
-CertPathReviewer.certPathValidDate.text = Der Zertifikatspfad wurde am {0,date} {0,time,full} angewendet. Er wurde am {1,date} {1,time,full} geprüft.
-CertPathReviewer.certPathValidDate.summary = Der Zertifikatspfad wurde am {0,date} {0,time,full} angewendet. Er wurde am {1,date} {1,time,full} geprüft.
-CertPathReviewer.certPathValidDate.details = Der Zertifikatspfad wurde am {0,date} {0,time,full} angewendet. Er wurde am {1,date} {1,time,full} geprüft.
-
-
-## check policy errors
-
-# error processing certificate policy extension
-CertPathReviewer.policyExtError.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.policyExtError.text = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Policy Erweiterung. 
-CertPathReviewer.policyExtError.summary = Fehler bei der Verarbeitung der Policy Erweiterung.
-CertPathReviewer.policyExtError.details = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Policy Erweiterung. 
-
-# error processing policy constraints extension
-CertPathReviewer.policyConstExtError.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.policyConstExtError.text = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Policy Constraints Erweiterung.
-CertPathReviewer.policyConstExtError.summary = Fehler bei der Verarbeitung der Policy Constraints Erweiterung.
-CertPathReviewer.policyConstExtError.details = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Policy Constraints Erweiterung.
-
-# error processing policy mapping extension
-CertPathReviewer.policyMapExtError.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.policyMapExtError.text = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Policy Mapping Erweiterung.
-CertPathReviewer.policyMapExtError.summary = Fehler bei der Verarbeitung der Policy Mapping Erweiterung.
-CertPathReviewer.policyMapExtError.details = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Policy Mapping Erweiterung.
-
-# error processing inhibit any policy extension
-CertPathReviewer.policyInhibitExtError.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.policyInhibitExtError.text = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Inhibit Any Policy Erweiterung.
-CertPathReviewer.policyInhibitExtError.summary = Fehler bei der Verarbeitung der Inhibit Any Policy Erweiterung.
-CertPathReviewer.policyInhibitExtError.details = Prüfen der Policy fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Inhibit Any Policy Erweiterung.
-
-# error building qualifier set
-CertPathReviewer.policyQualifierError.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.policyQualifierError.text = Prüfen der Policy fehlgeschlagen: Fehler beim erstellen des Policy Qualifier Set.
-CertPathReviewer.policyQualifierError.summary = Prüfen der Policy fehlgeschlagen: Fehler beim erstellen des Policy Qualifier Set.
-CertPathReviewer.policyQualifierError.details = Prüfen der Policy fehlgeschlagen: Fehler beim erstellen des Policy Qualifier Set.
-
-# no valid policy tree - explicit policy required
-CertPathReviewer.noValidPolicyTree.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.noValidPolicyTree.text = Prüfen der Policy fehlgeschlagen: Kein gültiger Policy Baum gefunden, als einer erwartet wurde.
-CertPathReviewer.noValidPolicyTree.summary = Prüfen der Policy fehlgeschlagen: Kein gültiger Policy Baum gefunden, als einer erwartet wurde.
-CertPathReviewer.noValidPolicyTree.details = Prüfen der Policy fehlgeschlagen: Kein gültiger Policy Baum gefunden, als einer erwartet wurde.
-
-# expicit policy requested, but no policy available
-CertPathReviewer.explicitPolicy.title = Prüfen der Policy fehlgeschlagen
-CertPathReviewer.explicitPolicy.text = Prüfen der Policy fehlgeschlagen: Policy verlang, aber keine Policy vorhanden.
-CertPathReviewer.explicitPolicy.summary = Prüfen der Policy fehlgeschlagen: Policy verlang, aber keine Policy vorhanden.
-CertPathReviewer.explicitPolicy.details = Prüfen der Policy fehlgeschlagen: Policy verlang, aber keine Policy vorhanden.
-
-# path processing failed on policy
-CertPathReviewer.invalidPolicy.title = Pfad Validierung wegen der Policy fehlgeschlagen
-CertPathReviewer.invalidPolicy.text = Pfad Validierung wegen der Policy fehlgeschlagen.
-CertPathReviewer.invalidPolicy.summary = Pfad Validierung wegen der Policy fehlgeschlagen.
-CertPathReviewer.invalidPolicy.details = Pfad Validierung wegen der Policy fehlgeschlagen.
-
-# invalid policy mapping
-CertPathReviewer.invalidPolicyMapping.title = Ungültiges Policy Mapping 
-CertPathReviewer.invalidPolicyMapping.text = Das Zertifikat enthält ein Ungültiges Policy Mapping.
-CertPathReviewer.invalidPolicyMapping.summary = Das Zertifikat enthält ein Ungültiges Policy Mapping. 
-CertPathReviewer.invalidPolicyMapping.details = Das Zertifikat enthält ein Ungültiges Policy Mapping, das den Wert Any Policy enthält.
-
-## check CRL notifications
-
-# found local valid CRL
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-CertPathReviewer.localValidCRL.title = Gültige Zertifikatssperrliste (CRL) gefunden
-CertPathReviewer.localValidCRL.text = Gültige Zertifikatssperrliste (CRL) im lokalen Speicher gefunden. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.localValidCRL.summary = Gültige Zertifikatssperrliste (CRL) im lokalen Speicher gefunden. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.localValidCRL.details = Gültige Zertifikatssperrliste (CRL) im lokalen Speicher gefunden. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-
-
-# found matching CRL, but not valid
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-CertPathReviewer.localInvalidCRL.title = Lokale Zertifikatssperrliste (CRL) veraltet
-CertPathReviewer.localInvalidCRL.text = Eine lokale Zertifikatssperrliste (CRL) wurde nicht genutzt, da sie veraltet ist. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.localInvalidCRL.summary = Eine lokale Zertifikatssperrliste (CRL) wurde nicht genutzt, da sie veraltet ist. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.localInvalidCRL.details = Eine lokale Zertifikatssperrliste (CRL) wurde nicht genutzt, da sie veraltet ist. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-
-# found a valid crl at crl distribution point
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-# {2} the url of the distribution point
-CertPathReviewer.onlineValidCRL.title = Gültige Zertifikatssperrliste (CRL) von einem CDP
-CertPathReviewer.onlineValidCRL.text = Gültige Zertifikatssperrliste (CRL) gefunden von: {2}. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.onlineValidCRL.summary = Gültige Zertifikatssperrliste (CRL) gefunden von: {2}. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.onlineValidCRL.details = Gültige Zertifikatssperrliste (CRL) gefunden von: {2}. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-
-# found an invalid CRL at crl distribution point
-# {0} thisUpdate of the CRL
-# {1} nextUpdate of the CRL
-# {2} the url of the distribution point
-CertPathReviewer.onlineInvalidCRL.title = Veraltete Zertifikatssperrliste (CRL) von einem CDP
-CertPathReviewer.onlineInvalidCRL.text = Die Zertifikatssperrliste (CRL) von {2} ist veraltet. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.onlineInvalidCRL.summary = Die Zertifikatssperrliste (CRL) von {2} ist veraltet. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-CertPathReviewer.onlineInvalidCRL.details = Die Zertifikatssperrliste (CRL) von {2} ist veraltet. Herausgegeben am {0,date}, nächstes Update am {1,date}.
-
-#found a CRL at a crl distribution point, but issued by another CA
-# {0} issuer of the CRL
-# {1} expected issuer
-# {2} the url of the distribution point
-CertPathReviewer.onlineCRLWrongCA.title = Zertifikatssperrliste (CRL) von CDP mit falschem Herausgeber
-CertPathReviewer.onlineCRLWrongCA.text = Die Zertifikatssperrliste (CRL) von {2} wurde von {0} herausgegeben, erwartet wurde {1}.
-CertPathReviewer.onlineCRLWrongCA.summary = Die Zertifikatssperrliste (CRL) von {2} hat einen falschen Herausgeber.
-CertPathReviewer.onlineCRLWrongCA.details = Die Zertifikatssperrliste (CRL) von {2} wurde von {0} herausgegeben, erwartet wurde {1}.
-
-# Certificate not revoked
-CertPathReviewer.notRevoked.title = Zertifikat nicht revoziert
-CertPathReviewer.notRevoked.text = Das Zertifikat ist nicht revoziert.
-CertPathReviewer.notRevoked.summary = Das Zertifikat ist nicht revoziert.
-CertPathReviewer.notRevoked.details = Das Zertifikat ist nicht revoziert.
-
-# CRL found: certificate was revoked, but after the validationDate
-# {0} the date the certificate was revoked
-# {1} the reason for revoking the certificate
-CertPathReviewer.revokedAfterValidation.title = Zertifikat revoziert nach dem Validierungdatum
-CertPathReviewer.revokedAfterValidation.text = Das Zertifikat wurde nach dem Validierungdatum am {0,date} {0,time,full} revoziert. Grund: {1}.
-CertPathReviewer.revokedAfterValidation.summary = Das Zertifikat wurde nach dem Validierungdatum am {0,date} {0,time,full} revoziert.
-CertPathReviewer.revokedAfterValidation.details = Das Zertifikat wurde nach dem Validierungdatum am {0,date} {0,time,full} revoziert. Grund: {1}.
-
-# updated crl available
-# {0} date since when the update is available
-CertPathReviewer.crlUpdateAvailable.title = Zertifikatssperrlisten (CRL) Update erhältlich
-CertPathReviewer.crlUpdateAvailable.text = Ein Update für die Zertifikatssperrliste (CRL) für dieses Zertifikat ist erhältlich seit {0,date} {0,time,full}.
-CertPathReviewer.crlUpdateAvailable.summary = Ein Update für die Zertifikatssperrliste (CRL) für dieses Zertifikat ist erhältlich seit {0,date} {0,time,full}.
-CertPathReviewer.crlUpdateAvailable.details = Ein Update für die Zertifikatssperrliste (CRL) für dieses Zertifikat ist erhältlich seit {0,date} {0,time,full}.
-
-# crl distribution point url
-# {0} the crl distribution point url as String
-CertPathReviewer.crlDistPoint.title = CDP
-CertPathReviewer.crlDistPoint.text = Eine Zertifikatssperrliste (CRL) kann von {0} geladen werden.
-CertPathReviewer.crlDistPoint.summary = Eine Zertifikatssperrliste (CRL) kann von {0} geladen werden.
-CertPathReviewer.crlDistPoint.details = Eine Zertifikatssperrliste (CRL) kann von {0} geladen werden.
-
-# ocsp location
-# {0} the url on which the ocsp service can be found
-CertPathReviewer.ocspLocation.title = OCSP Server 
-CertPathReviewer.ocspLocation.text = OCSP Server: {0}.
-CertPathReviewer.ocspLocation.summary = OCSP Server: {0}.
-CertPathReviewer.ocspLocation.details = OCSP Server: {0}.
-
-# unable to get crl from crl distribution point
-# {0} the url of the distribution point
-# {1} the message of the occurred exception
-# {2} the occurred exception
-# {3} the name of the exception
-CertPathReviewer.loadCrlDistPointError.title = Kann Zertifikatssperrliste (CRL) nicht von CDP laden
-CertPathReviewer.loadCrlDistPointError.text = Kann die Zertifikatssperrliste (CRL) von {0} nicht laden. Es gab eine {2}.
-CertPathReviewer.loadCrlDistPointError.summary = Kann die Zertifikatssperrliste (CRL) von {0} nicht laden. Es gab eine {2}.
-CertPathReviewer.loadCrlDistPointError.details = Kann die Zertifikatssperrliste (CRL) von {0} nicht laden. Es gab eine {2}. Grund: {1}.
-
-# no crl found in certstores
-# {0} the issuers which we searched for
-# {1} list of crl issuer names that are found in the certstores
-# {2} number of crls in the certstores
-CertPathReviewer.noCrlInCertstore.title = Keine Zertifikatssperrliste (CRL) im lokalen Speicher
-CertPathReviewer.noCrlInCertstore.text = Es wurde keine Zertifikatssperrliste (CRL) im lokalen Speicher gefunden.
-CertPathReviewer.noCrlInCertstore.summary = Es wurde keine Zertifikatssperrliste (CRL) im lokalen Speicher gefunden.
-CertPathReviewer.noCrlInCertstore.details = Es wurde keine Zertifikatssperrliste (CRL) für den Herausgeber {0} im lokalen Speicher gefunden. \
-Die {2} Zertifikatssperrlisten im lokalen Speicher wurden hearusgegeben von {1}.
-
-
-## check CRL exceptions
-
-# cannot extract issuer from certificate
-CertPathReviewer.crlIssuerException.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlIssuerException.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Kann den Herausgeber vom Zertifikat nicht extrahieren.
-CertPathReviewer.crlIssuerException.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Kann den Herausgeber vom Zertifikat nicht extrahieren.
-CertPathReviewer.crlIssuerException.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Kann den Herausgeber vom Zertifikat nicht extrahieren.
-
-# cannot extract crls
-# {0} message from the underlying exception
-# {1} the underlying exception
-# {2} the name of the exception
-CertPathReviewer.crlExtractionError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlExtractionError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab eine {2} beim laden der Zertifikatssperrliste (CRL) aus dem lokalen Speicher.
-CertPathReviewer.crlExtractionError.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab eine {2} beim laden der Zertifikatssperrliste (CRL) aus dem lokalen Speicher.
-CertPathReviewer.crlExtractionError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab eine {2} beim laden der Zertifikatssperrliste (CRL) aus dem lokalen Speicher. Grund: {0}.
-
-# Issuer certificate key usage extension does not permit crl signing
-CertPathReviewer.noCrlSigningPermited.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.noCrlSigningPermited.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Das Herausgeber Zertifikat erlaubt keine Signieren von Zertifikatssperrlisten (CRL).
-CertPathReviewer.noCrlSigningPermited.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Das Herausgeber Zertifikat erlaubt keine Signieren von Zertifikatssperrlisten (CRL).
-CertPathReviewer.noCrlSigningPermited.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Das Herausgeber Zertifikat erlaubt keine Signieren von Zertifikatssperrlisten (CRL).
-
-# can not verify crl: issuer public key unknown
-CertPathReviewer.crlNoIssuerPublicKey.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlNoIssuerPublicKey.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Kann die Zertifikatssperrliste (CRL) nicht verifizieren. Der öffentliche Schlüssel des Herausgebers ist unbekannt.
-CertPathReviewer.crlNoIssuerPublicKey.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Kann die Zertifikatssperrliste (CRL) nicht verifizieren. Der öffentliche Schlüssel des Herausgebers ist unbekannt.
-CertPathReviewer.crlNoIssuerPublicKey.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Kann die Zertifikatssperrliste (CRL) nicht verifizieren. Der öffentliche Schlüssel des Herausgebers ist unbekannt.
-
-# crl verification failed
-CertPathReviewer.crlVerifyFailed.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlVerifyFailed.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Signatur der Zertifikatssperrliste (CRL) ist ungültig.
-CertPathReviewer.crlVerifyFailed.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Signatur der Zertifikatssperrliste (CRL) ist ungültig.
-CertPathReviewer.crlVerifyFailed.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Signatur der Zertifikatssperrliste (CRL) ist ungültig.
-
-# no valid CRL found
-CertPathReviewer.noValidCrlFound.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.noValidCrlFound.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: keine gültige Zertifikatssperrliste (CRL) gefunden.
-CertPathReviewer.noValidCrlFound.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: keine gültige Zertifikatssperrliste (CRL) gefunden.
-CertPathReviewer.noValidCrlFound.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: keine gültige Zertifikatssperrliste (CRL) gefunden.
-
-# No base CRL for delta CRL
-CertPathReviewer.noBaseCRL.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.noBaseCRL.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: keine Basis CRL für die Delta CRL gefunden.
-CertPathReviewer.noBaseCRL.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: keine Basis CRL für die Delta CRL gefunden.
-CertPathReviewer.noBaseCRL.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: keine Basis CRL für die Delta CRL gefunden.
-
-# certificate revoked
-# {0} the date the certificate was revoked
-# {1} the reason for revoking the certificate
-CertPathReviewer.certRevoked.title = Zertifikat wurde revoziert
-CertPathReviewer.certRevoked.text = Das Zertifikat wurde am {0,date} {0,time,full} revoziert. Grund: {1}.
-CertPathReviewer.certRevoked.summary = Das Zertifikat wurde am {0,date} {0,time,full} revoziert.
-CertPathReviewer.certRevoked.details = Das Zertifikat wurde am {0,date} {0,time,full} revoziert. Grund: {1}.
-
-# error processing issuing distribution point extension
-CertPathReviewer.distrPtExtError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.distrPtExtError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Issuing Distribution Point Erweiterung. 
-CertPathReviewer.distrPtExtError.summary = Fehler bei der Verarbeitung der Issuing Distribution Point Erweiterung.
-CertPathReviewer.distrPtExtError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Issuing Distribution Point Erweiterung.
-
-# error processing crl distribution points extension
-CertPathReviewer.crlDistPtExtError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlDistPtExtError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Distribution Points Erweiterung.
-CertPathReviewer.crlDistPtExtError.summary = Fehler bei der Verarbeitung der CRL Distribution Points Erweiterung.
-CertPathReviewer.crlDistPtExtError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Distribution Points Erweiterung.
-
-# error processing the authority info access extension
-CertPathReviewer.crlAuthInfoAccError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlAuthInfoAccError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Authority Info Access Erweiterung.
-CertPathReviewer.crlAuthInfoAccError.summary = Fehler bei der Verarbeitung der Authority Info Access Erweiterung.
-CertPathReviewer.crlAuthInfoAccError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Authority Info Access Erweiterung.
-
-# error processing delta crl indicator extension
-CertPathReviewer.deltaCrlExtError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.deltaCrlExtError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Delta CRL Indicator Erweiterung. 
-CertPathReviewer.deltaCrlExtError.summary = Fehler bei der Verarbeitung der Delta CRL Indicator Erweiterung.
-CertPathReviewer.deltaCrlExtError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der Delta CRL Indicator Erweiterung.
-
-# error porcessing crl number extension
-CertPathReviewer.crlNbrExtError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlNbrExtError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Number Erweiterung.
-CertPathReviewer.crlNbrExtError.summary = Fehler bei der Verarbeitung der CRL Number Erweiterung.
-CertPathReviewer.crlNbrExtError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Number Erweiterung.
-
-# error processing crl reason code extension
-CertPathReviewer.crlReasonExtError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlReasonExtError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Reason Code Erweiterung.
-CertPathReviewer.crlReasonExtError.summary = Fehler bei der Verarbeitung der CRL Reason Code Erweiterung.
-CertPathReviewer.crlReasonExtError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Reason Code Erweiterung.
-
-# error processing basic constraints extension
-CertPathReviewer.crlBCExtError.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlBCExtError.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Reason Code Erweiterung.
-CertPathReviewer.crlBCExtError.summary = Fehler bei der Verarbeitung der CRL Reason Code Erweiterung.
-CertPathReviewer.crlBCExtError.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Es gab einen Fehler bei der Verarbeitung der CRL Reason Code Erweiterung.
-
-# CA Cert CRL only contains user certificates
-CertPathReviewer.crlOnlyUserCert.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlOnlyUserCert.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur User Zertifikate.
-CertPathReviewer.crlOnlyUserCert.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur User Zertifikate.
-CertPathReviewer.crlOnlyUserCert.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur User Zertifikate.
-
-# End CRL only contains CA certificates
-CertPathReviewer.crlOnlyCaCert.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlOnlyCaCert.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur CA Zertifikate.
-CertPathReviewer.crlOnlyCaCert.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur CA Zertifikate.
-CertPathReviewer.crlOnlyCaCert.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur CA Zertifikate.
-
-# onlyContainsAttributeCerts boolean is asserted
-CertPathReviewer.crlOnlyAttrCert.title = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen
-CertPathReviewer.crlOnlyAttrCert.text = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur Attribut Zertifikate.
-CertPathReviewer.crlOnlyAttrCert.summary = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur Attribut Zertifikate.
-CertPathReviewer.crlOnlyAttrCert.details = Prüfung der Zertifikatssperrliste (CRL) fehlgeschlagen: Die Zertifikatssperrliste (CRL) enthält nur Attribut Zertifikate.
-
-
-## QcStatement notifications
-
-# unkown statement
-# {0} statement OID
-# {1} statement as ANS1Sequence
-CertPathReviewer.QcUnknownStatement.title = Unbekanntes Statement in der QcStatement Erweiterung 
-CertPathReviewer.QcUnknownStatement.text = Unbekanntes Statement in der QcStatement Erweiterung: OID = {0}
-CertPathReviewer.QcUnknownStatement.summary = Unbekanntes Statement in der QcStatement Erweiterung: OID = {0}
-CertPathReviewer.QcUnknownStatement.details = Unbekanntes Statement in der QcStatement Erweiterung: OID = {0}, statement = {1}
-
-# QcLimitValue Alpha currency code
-# {0} currency code
-# {1} limit value
-# {2} monetary value as MonetaryValue
-CertPathReviewer.QcLimitValueAlpha.title = Transaction Value Limit
-CertPathReviewer.QcLimitValueAlpha.text = Dieses Zertifikat hat ein Wertlimite von {1,number, ###,###,###,##0.00#} {0} für Transaktionen.
-CertPathReviewer.QcLimitValueAlpha.summary = Wertlimite von {1,number, ###,###,###,##0.00#} {0} für Transaktionen.
-CertPathReviewer.QcLimitValueAlpha.details = Dieses Zertifikat hat eine Wertlimite für Transaktionen für welche\
- das Zertifikat genutzt werden kann, gemäss der Richtlinie 1999/93/EG des Europäischen Parlaments und\
- des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen und gemäss der Umsetzung der\
- Richtlinie im Land, das im Herausgeber dieses Zertifikats angegeben ist. Die Limite für diese Zertifikat ist {1,number, ###,###,###,##0.00#} {0}.
-
-# QcLimitValue Numeric currency code
-# {0} currency code
-# {1} limit value
-# {2} monetary value as MonetaryValue
-CertPathReviewer.QcLimitValueNum.title = Transaction Value Limit
-CertPathReviewer.QcLimitValueNum.text = Dieses Zertifikat hat eine Wertlimite für Transaktionen von {1,number, ###,###,###,##0.00#} der Währung {0} (Siehe RFC 4217 für Währungscodes).
-CertPathReviewer.QcLimitValueNum.summary = Wertlimite für Transaktionen von {1,number, ###,###,###,##0.00#} der Währung {0} (Siehe RFC 4217 für Währungscodes).
-CertPathReviewer.QcLimitValueNum.details = Dieses Zertifikat hat eine Wertlimite für Transaktionen für welche\
- das Zertifikat genutzt werden kann, gemäss der Richtlinie 1999/93/EG des Europäischen Parlaments und\
- des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen und gemäss der Umsetzung der\
- Richtlinie im Land, das im Herausgeber dieses Zertifikats angegeben ist. Die Limite für diese Zertifikat ist {1,number, ###,###,###,##0.00#} der Währung {0} (Siehe RFC 4217 für Währungscodes).
-
-# QcSSCD
-CertPathReviewer.QcSSCD.title = QcSSCD Statement
-CertPathReviewer.QcSSCD.text = (SSCD) Der Herausgeber macht geltend, dass der Private Schlüssel, der mit diesem Zertifikat verbunden ist, nach den Anforderungen die im Anhang III der Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen geschützt ist.
-CertPathReviewer.QcSSCD.summary = (SSCD) Der Herausgeber macht geltend, dass der Private Schlüssel, der mit diesem Zertifikat verbunden ist, nach den Anforderungen die im Anhang III der Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen geschützt ist.
-CertPathReviewer.QcSSCD.details = (SSCD) Der Herausgeber macht geltend, dass der Private Schlüssel, der mit diesem Zertifikat verbunden ist, nach den Anforderungen die im Anhang III der Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen geschützt ist.
-
-# QcEuCompliance
-CertPathReviewer.QcEuCompliance.title = Qualifiziertes Zertifikat
-CertPathReviewer.QcEuCompliance.text = Dieses Zertifikat wurde als Qualifiziertes Zertifikat herausgegeben gemäss Anhang I und II der Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen und gemäss der Umsetzung der Richtlinie im Land, das im Herausgeber dieses Zertifikats angegeben ist.
-CertPathReviewer.QcEuCompliance.summary = Dieses Zertifikat wurde als Qualifiziertes Zertifikat herausgegeben gemäss Anhang I und II der Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen und gemäss der Umsetzung der Richtlinie in dem Land, das im Herausgeber dieses Zertifikats angegeben ist.
-CertPathReviewer.QcEuCompliance.details = Dieses Zertifikat wurde als Qualifiziertes Zertifikat herausgegeben gemäss Anhang I und II der Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen und gemäss der Umsetzung der Richtlinie in dem Land, das im Herausgeber dieses Zertifikats angegeben ist.
-
-## QcStatement errors
-
-# error processing the QcStatement extension
-CertPathReviewer.QcStatementExtError.title = Fehler bei der Verarbeitung der QcStatement Erweiterung
-CertPathReviewer.QcStatementExtError.text = Fehler bei der Verarbeitung der QcStatement Erweiterung.
-CertPathReviewer.QcStatementExtError.summary = Fehler bei der Verarbeitung der QcStatement Erweiterung.
-CertPathReviewer.QcStatementExtError.details = Fehler bei der Verarbeitung der QcStatement Erweiterung.
-
-## unknown/generic errors
-CertPathReviewer.unknown.title = Unbekannter Fehler 
-CertPathReviewer.unknown.text = Unbekannter Fehler {0}
-CertPathReviewer.unknown.summary = Unbekannter Fehler 
-CertPathReviewer.unknown.details = Unbekannter Fehler {0}
-
-#
-# crl reasons
-#
-unspecified = Nicht spezifiziert
-keyCompromise = Schlüssel Kompromittierung
-cACompromise = CA Kompromittierung
-affiliationChanged = Veränderte Zugehörigkeit
-superseded = Ersetzt
-cessationOfOperation = Einstellen der Tätigkeiten
-certificateHold = Zertifikat vorübergehend gesperrt
-unknown = Unbekannt
-removeFromCRL = Entferne von der CRL
-privilegeWithdrawn = Zurückgezogene Rechte
-aACompromise = AA Kompromittierung
-
-#
-#
-#
-missingIssuer = The missing certificate was issued by
-missingSerial = with the serial number
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java
deleted file mode 100644
index a26c31031..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.security.cert.CertificateEncodingException;
-
-class ExtCertificateEncodingException
-    extends CertificateEncodingException
-{
-    Throwable cause;
-
-    ExtCertificateEncodingException(String message, Throwable cause)
-    {
-        super(message);
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java
deleted file mode 100644
index 51831d07d..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java
+++ /dev/null
@@ -1,210 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.PKIXParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * This class contains extended parameters for PKIX certification path builders.
- * 
- * @see java.security.cert.PKIXBuilderParameters
- * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
- */
-public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters
-{
-
-    private int maxPathLength = 5;
-
-    private Set excludedCerts = Collections.EMPTY_SET;
-
-    /**
-     * Excluded certificates are not used for building a certification path.
-     * 
    
-     * The returned set is immutable.
-     * 
-     * @return Returns the excluded certificates.
-     */
-    public Set getExcludedCerts()
-    {
-        return Collections.unmodifiableSet(excludedCerts);
-    }
-
-    /**
-     * Sets the excluded certificates which are not used for building a
-     * certification path. If the Set is null an
-     * empty set is assumed.
-     * 
    
-     * The given set is cloned to protect it against subsequent modifications.
-     * 
-     * @param excludedCerts The excluded certificates to set.
-     */
-    public void setExcludedCerts(Set excludedCerts)
-    {
-        if (excludedCerts == null)
-        {
-            excludedCerts = Collections.EMPTY_SET;
-        }
-        else
-        {
-            this.excludedCerts = new HashSet(excludedCerts);
-        }
-    }
-
-    /**
-     * Creates an instance of PKIXBuilderParameters with the
-     * specified Set of most-trusted CAs. Each element of the set
-     * is a {@link TrustAnchor TrustAnchor}.
-     * 
-     * 
    
-     * Note that the Set is copied to protect against subsequent
-     * modifications.
-     * 
-     * @param trustAnchors a Set of TrustAnchors
-     * @param targetConstraints a Selector specifying the
-     *            constraints on the target certificate or attribute
-     *            certificate.
-     * @throws InvalidAlgorithmParameterException if trustAnchors
-     *             is empty.
-     * @throws NullPointerException if trustAnchors is
-     *             null
-     * @throws ClassCastException if any of the elements of
-     *             trustAnchors is not of type
-     *             java.security.cert.TrustAnchor
-     */
-    public ExtendedPKIXBuilderParameters(Set trustAnchors,
-            Selector targetConstraints)
-            throws InvalidAlgorithmParameterException
-    {
-        super(trustAnchors);
-        setTargetConstraints(targetConstraints);
-    }
-
-    /**
-     * Sets the maximum number of intermediate non-self-issued certificates in a
-     * certification path. The PKIX CertPathBuilder must not
-     * build paths longer then this length.
-     * 
    
-     * A value of 0 implies that the path can only contain a single certificate.
-     * A value of -1 does not limit the length. The default length is 5.
-     * 
-     * 
    
-     * 
-     * The basic constraints extension of a CA certificate overrides this value
-     * if smaller.
-     * 
-     * @param maxPathLength the maximum number of non-self-issued intermediate
-     *            certificates in the certification path
-     * @throws InvalidParameterException if maxPathLength is set
-     *             to a value less than -1
-     * 
-     * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
-     * @see #getMaxPathLength
-     */
-    public void setMaxPathLength(int maxPathLength)
-    {
-        if (maxPathLength < -1)
-        {
-            throw new InvalidParameterException("The maximum path "
-                    + "length parameter can not be less than -1.");
-        }
-        this.maxPathLength = maxPathLength;
-    }
-
-    /**
-     * Returns the value of the maximum number of intermediate non-self-issued
-     * certificates in the certification path.
-     * 
-     * @return the maximum number of non-self-issued intermediate certificates
-     *         in the certification path, or -1 if no limit exists.
-     * 
-     * @see #setMaxPathLength(int)
-     */
-    public int getMaxPathLength()
-    {
-        return maxPathLength;
-    }
-
-    /**
-     * Can alse handle ExtendedPKIXBuilderParameters and
-     * PKIXBuilderParameters.
-     * 
-     * @param params Parameters to set.
-     * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
-     */
-    protected void setParams(PKIXParameters params)
-    {
-        super.setParams(params);
-        if (params instanceof ExtendedPKIXBuilderParameters)
-        {
-            ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params;
-            maxPathLength = _params.maxPathLength;
-            excludedCerts = new HashSet(_params.excludedCerts);
-        }
-        if (params instanceof PKIXBuilderParameters)
-        {
-            PKIXBuilderParameters _params = (PKIXBuilderParameters) params;
-            maxPathLength = _params.getMaxPathLength();
-        }
-    }
-
-    /**
-     * Makes a copy of this PKIXParameters object. Changes to the
-     * copy will not affect the original and vice versa.
-     * 
-     * @return a copy of this PKIXParameters object
-     */
-    public Object clone()
-    {
-        ExtendedPKIXBuilderParameters params = null;
-        try
-        {
-            params = new ExtendedPKIXBuilderParameters(getTrustAnchors(),
-                    getTargetConstraints());
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException(e.getMessage());
-        }
-        params.setParams(this);
-        return params;
-    }
-
-    /**
-     * Returns an instance of ExtendedPKIXParameters which can be
-     * safely casted to ExtendedPKIXBuilderParameters.
-     * 
    
-     * This method can be used to get a copy from other
-     * PKIXBuilderParameters, PKIXParameters,
-     * and ExtendedPKIXParameters instances.
-     * 
-     * @param pkixParams The PKIX parameters to create a copy of.
-     * @return An ExtendedPKIXBuilderParameters instance.
-     */
-    public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
-    {
-        ExtendedPKIXBuilderParameters params;
-        try
-        {
-            params = new ExtendedPKIXBuilderParameters(pkixParams
-                    .getTrustAnchors(), X509CertStoreSelector
-                    .getInstance((X509CertSelector) pkixParams
-                            .getTargetCertConstraints()));
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException(e.getMessage());
-        }
-        params.setParams(pkixParams);
-        return params;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java
deleted file mode 100644
index 638661826..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java
+++ /dev/null
@@ -1,651 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.Store;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.cert.CertSelector;
-import java.security.cert.CertStore;
-import java.security.cert.PKIXParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-/**
- * This class extends the PKIXParameters with a validity model parameter.
- */
-public class ExtendedPKIXParameters
-    extends PKIXParameters
-{
-
-    private List stores;
-
-    private Selector selector;
-
-    private boolean additionalLocationsEnabled;
-
-    private List additionalStores;
-
-    private Set trustedACIssuers;
-
-    private Set necessaryACAttributes;
-
-    private Set prohibitedACAttributes;
-
-    private Set attrCertCheckers;
-
-    /**
-     * Creates an instance of PKIXParameters with the specified
-     * Set of most-trusted CAs. Each element of the set is a
-     * {@link TrustAnchor TrustAnchor}. 
     Note that the Set
-     * is copied to protect against subsequent modifications.
-     * 
-     * @param trustAnchors a Set of TrustAnchors
-     * @throws InvalidAlgorithmParameterException if the specified
-     *             Set is empty.
-     * @throws NullPointerException if the specified Set is
-     *             null
-     * @throws ClassCastException if any of the elements in the Set
-     *             is not of type java.security.cert.TrustAnchor
-     */
-    public ExtendedPKIXParameters(Set trustAnchors)
-        throws InvalidAlgorithmParameterException
-    {
-        super(trustAnchors);
-        stores = new ArrayList();
-        additionalStores = new ArrayList();
-        trustedACIssuers = new HashSet();
-        necessaryACAttributes = new HashSet();
-        prohibitedACAttributes = new HashSet();
-        attrCertCheckers = new HashSet();
-    }
-
-    /**
-     * Returns an instance with the parameters of a given
-     * PKIXParameters object.
-     * 
-     * @param pkixParams The given PKIXParameters
-     * @return an extended PKIX params object
-     */
-    public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
-    {
-        ExtendedPKIXParameters params;
-        try
-        {
-            params = new ExtendedPKIXParameters(pkixParams.getTrustAnchors());
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException(e.getMessage());
-        }
-        params.setParams(pkixParams);
-        return params;
-    }
-
-    /**
-     * Method to support clone() under J2ME.
-     * super.clone() does not exist and fields are not copied.
-     * 
-     * @param params Parameters to set. If this are
-     *            ExtendedPKIXParameters they are copied to.
-     */
-    protected void setParams(PKIXParameters params)
-    {
-        setDate(params.getDate());
-        setCertPathCheckers(params.getCertPathCheckers());
-        setCertStores(params.getCertStores());
-        setAnyPolicyInhibited(params.isAnyPolicyInhibited());
-        setExplicitPolicyRequired(params.isExplicitPolicyRequired());
-        setPolicyMappingInhibited(params.isPolicyMappingInhibited());
-        setRevocationEnabled(params.isRevocationEnabled());
-        setInitialPolicies(params.getInitialPolicies());
-        setPolicyQualifiersRejected(params.getPolicyQualifiersRejected());
-        setSigProvider(params.getSigProvider());
-        setTargetCertConstraints(params.getTargetCertConstraints());
-        try
-        {
-            setTrustAnchors(params.getTrustAnchors());
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException(e.getMessage());
-        }
-        if (params instanceof ExtendedPKIXParameters)
-        {
-            ExtendedPKIXParameters _params = (ExtendedPKIXParameters) params;
-            validityModel = _params.validityModel;
-            useDeltas = _params.useDeltas;
-            additionalLocationsEnabled = _params.additionalLocationsEnabled;
-            selector = _params.selector == null ? null
-                : (Selector) _params.selector.clone();
-            stores = new ArrayList(_params.stores);
-            additionalStores = new ArrayList(_params.additionalStores);
-            trustedACIssuers = new HashSet(_params.trustedACIssuers);
-            prohibitedACAttributes = new HashSet(_params.prohibitedACAttributes);
-            necessaryACAttributes = new HashSet(_params.necessaryACAttributes);
-            attrCertCheckers = new HashSet(_params.attrCertCheckers);
-        }
-    }
-
-    /**
-     * This is the default PKIX validity model. Actually there are two variants
-     * of this: The PKIX model and the modified PKIX model. The PKIX model
-     * verifies that all involved certificates must have been valid at the
-     * current time. The modified PKIX model verifies that all involved
-     * certificates were valid at the signing time. Both are indirectly choosen
-     * with the {@link PKIXParameters#setDate(java.util.Date)} method, so this
-     * methods sets the Date when all certificates must have been
-     * valid.
-     */
-    public static final int PKIX_VALIDITY_MODEL = 0;
-
-    /**
-     * This model uses the following validity model. Each certificate must have
-     * been valid at the moment where is was used. That means the end
-     * certificate must have been valid at the time the signature was done. The
-     * CA certificate which signed the end certificate must have been valid,
-     * when the end certificate was signed. The CA (or Root CA) certificate must
-     * have been valid, when the CA certificate was signed and so on. So the
-     * {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when
-     * the end certificate must have been valid. 
     It is used e.g.
-     * in the German signature law.
-     */
-    public static final int CHAIN_VALIDITY_MODEL = 1;
-
-    private int validityModel = PKIX_VALIDITY_MODEL;
-
-    private boolean useDeltas = false;
-
-    /**
-     * Defaults to false.
-     * 
-     * @return Returns if delta CRLs should be used.
-     */
-    public boolean isUseDeltasEnabled()
-    {
-        return useDeltas;
-    }
-
-    /**
-     * Sets if delta CRLs should be used for checking the revocation status.
-     * 
-     * @param useDeltas true if delta CRLs should be used.
-     */
-    public void setUseDeltasEnabled(boolean useDeltas)
-    {
-        this.useDeltas = useDeltas;
-    }
-
-    /**
-     * @return Returns the validity model.
-     * @see #CHAIN_VALIDITY_MODEL
-     * @see #PKIX_VALIDITY_MODEL
-     */
-    public int getValidityModel()
-    {
-        return validityModel;
-    }
-
-    /**
-     * Sets the Java CertStore to this extended PKIX parameters.
-     * 
-     * @throws ClassCastException if an element of stores is not
-     *             a CertStore.
-     */
-    public void setCertStores(List stores)
-    {
-        if (stores != null)
-        {
-            Iterator it = stores.iterator();
-            while (it.hasNext())
-            {
-                addCertStore((CertStore)it.next());
-            }
-        }
-    }
-
-    /**
-     * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute
-     * certificates or cross certificates.
-     * 
    
-     * The List is cloned.
-     * 
-     * @param stores A list of stores to use.
-     * @see #getStores
-     * @throws ClassCastException if an element of stores is not
-     *             a {@link Store}.
-     */
-    public void setStores(List stores)
-    {
-        if (stores == null)
-        {
-            this.stores = new ArrayList();
-        }
-        else
-        {
-            for (Iterator i = stores.iterator(); i.hasNext();)
-            {
-                if (!(i.next() instanceof Store))
-                {
-                    throw new ClassCastException(
-                        "All elements of list must be "
-                            + "of type org.bouncycastle.util.Store.");
-                }
-            }
-            this.stores = new ArrayList(stores);
-        }
-    }
-
-    /**
-     * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute
-     * certificates or cross certificates.
-     * 
    
-     * This method should be used to add local stores, like collection based
-     * X.509 stores, if available. Local stores should be considered first,
-     * before trying to use additional (remote) locations, because they do not
-     * need possible additional network traffic.
-     * 
    
-     * If store is null it is ignored.
-     * 
-     * @param store The store to add.
-     * @see #getStores
-     */
-    public void addStore(Store store)
-    {
-        if (store != null)
-        {
-            stores.add(store);
-        }
-    }
-
-    /**
-     * Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates,
-     * attribute certificates or cross certificates.
-     * 
    
-     * You should not use this method. This method is used for adding additional
-     * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found
-     * during X.509 object processing, e.g. in certificates or CRLs. This method
-     * is used in PKIX certification path processing.
-     * 
    
-     * If store is null it is ignored.
-     * 
-     * @param store The store to add.
-     * @see #getStores()
-     */
-    public void addAdditionalStore(Store store)
-    {
-        if (store != null)
-        {
-            additionalStores.add(store);
-        }
-    }
-
-    /**
-     * @deprecated
-     */
-    public void addAddionalStore(Store store)
-    {
-        addAdditionalStore(store);      
-    }
-
-    /**
-     * Returns an immutable List of additional Bouncy Castle
-     * Stores used for finding CRLs, certificates, attribute
-     * certificates or cross certificates.
-     * 
-     * @return an immutable List of additional Bouncy Castle
-     *         Stores. Never null.
-     * 
-     * @see #addAdditionalStore(Store)
-     */
-    public List getAdditionalStores()
-    {
-        return Collections.unmodifiableList(additionalStores);
-    }
-
-    /**
-     * Returns an immutable List of Bouncy Castle
-     * Stores used for finding CRLs, certificates, attribute
-     * certificates or cross certificates.
-     * 
-     * @return an immutable List of Bouncy Castle
-     *         Stores. Never null.
-     * 
-     * @see #setStores(List)
-     */
-    public List getStores()
-    {
-        return Collections.unmodifiableList(new ArrayList(stores));
-    }
-
-    /**
-     * @param validityModel The validity model to set.
-     * @see #CHAIN_VALIDITY_MODEL
-     * @see #PKIX_VALIDITY_MODEL
-     */
-    public void setValidityModel(int validityModel)
-    {
-        this.validityModel = validityModel;
-    }
-
-    public Object clone()
-    {
-        ExtendedPKIXParameters params;
-        try
-        {
-            params = new ExtendedPKIXParameters(getTrustAnchors());
-        }
-        catch (Exception e)
-        {
-            // cannot happen
-            throw new RuntimeException(e.getMessage());
-        }
-        params.setParams(this);
-        return params;
-    }
-
-    /**
-     * Returns if additional {@link X509Store}s for locations like LDAP found
-     * in certificates or CRLs should be used.
-     * 
-     * @return Returns true if additional stores are used.
-     */
-    public boolean isAdditionalLocationsEnabled()
-    {
-        return additionalLocationsEnabled;
-    }
-
-    /**
-     * Sets if additional {@link X509Store}s for locations like LDAP found in
-     * certificates or CRLs should be used.
-     * 
-     * @param enabled true if additional stores are used.
-     */
-    public void setAdditionalLocationsEnabled(boolean enabled)
-    {
-        additionalLocationsEnabled = enabled;
-    }
-
-    /**
-     * Returns the required constraints on the target certificate or attribute
-     * certificate. The constraints are returned as an instance of
-     * Selector. If null, no constraints are
-     * defined.
-     * 
-     * 
    
-     * The target certificate in a PKIX path may be a certificate or an
-     * attribute certificate.
-     * 
    
-     * Note that the Selector returned is cloned to protect
-     * against subsequent modifications.
-     * 
-     * @return a Selector specifying the constraints on the
-     *         target certificate or attribute certificate (or null)
-     * @see #setTargetConstraints
-     * @see X509CertStoreSelector
-     * @see X509AttributeCertStoreSelector
-     */
-    public Selector getTargetConstraints()
-    {
-        if (selector != null)
-        {
-            return (Selector) selector.clone();
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-    /**
-     * Sets the required constraints on the target certificate or attribute
-     * certificate. The constraints are specified as an instance of
-     * Selector. If null, no constraints are
-     * defined.
-     * 
    
-     * The target certificate in a PKIX path may be a certificate or an
-     * attribute certificate.
-     * 
    
-     * Note that the Selector specified is cloned to protect
-     * against subsequent modifications.
-     * 
-     * @param selector a Selector specifying the constraints on
-     *            the target certificate or attribute certificate (or
-     *            null)
-     * @see #getTargetConstraints
-     * @see X509CertStoreSelector
-     * @see X509AttributeCertStoreSelector
-     */
-    public void setTargetConstraints(Selector selector)
-    {
-        if (selector != null)
-        {
-            this.selector = (Selector) selector.clone();
-        }
-        else
-        {
-            this.selector = null;
-        }
-    }
-
-    /**
-     * Sets the required constraints on the target certificate. The constraints
-     * are specified as an instance of X509CertSelector. If
-     * null, no constraints are defined.
-     * 
-     * 
    
-     * This method wraps the given X509CertSelector into a
-     * X509CertStoreSelector.
-     * 
    
-     * Note that the X509CertSelector specified is cloned to
-     * protect against subsequent modifications.
-     * 
-     * @param selector a X509CertSelector specifying the
-     *            constraints on the target certificate (or null)
-     * @see #getTargetCertConstraints
-     * @see X509CertStoreSelector
-     */
-    public void setTargetCertConstraints(CertSelector selector)
-    {
-        super.setTargetCertConstraints(selector);
-        if (selector != null)
-        {
-            this.selector = X509CertStoreSelector
-                .getInstance((X509CertSelector) selector);
-        }
-        else
-        {
-            this.selector = null;
-        }
-    }
-
-    /**
-     * Returns the trusted attribute certificate issuers. If attribute
-     * certificates is verified the trusted AC issuers must be set.
-     * 
    
-     * The returned Set consists of TrustAnchors.
-     * 
    
-     * The returned Set is immutable. Never null
-     * 
-     * @return Returns an immutable set of the trusted AC issuers.
-     */
-    public Set getTrustedACIssuers()
-    {
-        return Collections.unmodifiableSet(trustedACIssuers);
-    }
-
-    /**
-     * Sets the trusted attribute certificate issuers. If attribute certificates
-     * is verified the trusted AC issuers must be set.
-     * 
    
-     * The trustedACIssuers must be a Set of
-     * TrustAnchor
-     * 
    
-     * The given set is cloned.
-     * 
-     * @param trustedACIssuers The trusted AC issuers to set. Is never
-     *            null.
-     * @throws ClassCastException if an element of stores is not
-     *             a TrustAnchor.
-     */
-    public void setTrustedACIssuers(Set trustedACIssuers)
-    {
-        if (trustedACIssuers == null)
-        {
-            this.trustedACIssuers.clear();
-            return;
-        }
-        for (Iterator it = trustedACIssuers.iterator(); it.hasNext();)
-        {
-            if (!(it.next() instanceof TrustAnchor))
-            {
-                throw new ClassCastException("All elements of set must be "
-                    + "of type " + TrustAnchor.class.getName() + ".");
-            }
-        }
-        this.trustedACIssuers.clear();
-        this.trustedACIssuers.addAll(trustedACIssuers);
-    }
-
-    /**
-     * Returns the neccessary attributes which must be contained in an attribute
-     * certificate.
-     * 
    
-     * The returned Set is immutable and contains
-     * Strings with the OIDs.
-     * 
-     * @return Returns the necessary AC attributes.
-     */
-    public Set getNecessaryACAttributes()
-    {
-        return Collections.unmodifiableSet(necessaryACAttributes);
-    }
-
-    /**
-     * Sets the neccessary which must be contained in an attribute certificate.
-     * 
    
-     * The Set must contain Strings with the
-     * OIDs.
-     * 
    
-     * The set is cloned.
-     * 
-     * @param necessaryACAttributes The necessary AC attributes to set.
-     * @throws ClassCastException if an element of
-     *             necessaryACAttributes is not a
-     *             String.
-     */
-    public void setNecessaryACAttributes(Set necessaryACAttributes)
-    {
-        if (necessaryACAttributes == null)
-        {
-            this.necessaryACAttributes.clear();
-            return;
-        }
-        for (Iterator it = necessaryACAttributes.iterator(); it.hasNext();)
-        {
-            if (!(it.next() instanceof String))
-            {
-                throw new ClassCastException("All elements of set must be "
-                    + "of type String.");
-            }
-        }
-        this.necessaryACAttributes.clear();
-        this.necessaryACAttributes.addAll(necessaryACAttributes);
-    }
-
-    /**
-     * Returns the attribute certificates which are not allowed.
-     * 
    
-     * The returned Set is immutable and contains
-     * Strings with the OIDs.
-     * 
-     * @return Returns the prohibited AC attributes. Is never null.
-     */
-    public Set getProhibitedACAttributes()
-    {
-        return Collections.unmodifiableSet(prohibitedACAttributes);
-    }
-
-    /**
-     * Sets the attribute certificates which are not allowed.
-     * 
    
-     * The Set must contain Strings with the
-     * OIDs.
-     * 
    
-     * The set is cloned.
-     * 
-     * @param prohibitedACAttributes The prohibited AC attributes to set.
-     * @throws ClassCastException if an element of
-     *             prohibitedACAttributes is not a
-     *             String.
-     */
-    public void setProhibitedACAttributes(Set prohibitedACAttributes)
-    {
-        if (prohibitedACAttributes == null)
-        {
-            this.prohibitedACAttributes.clear();
-            return;
-        }
-        for (Iterator it = prohibitedACAttributes.iterator(); it.hasNext();)
-        {
-            if (!(it.next() instanceof String))
-            {
-                throw new ClassCastException("All elements of set must be "
-                    + "of type String.");
-            }
-        }
-        this.prohibitedACAttributes.clear();
-        this.prohibitedACAttributes.addAll(prohibitedACAttributes);
-    }
-
-    /**
-     * Returns the attribute certificate checker. The returned set contains
-     * {@link PKIXAttrCertChecker}s and is immutable.
-     * 
-     * @return Returns the attribute certificate checker. Is never
-     *         null.
-     */
-    public Set getAttrCertCheckers()
-    {
-        return Collections.unmodifiableSet(attrCertCheckers);
-    }
-
-    /**
-     * Sets the attribute certificate checkers.
-     * 
    
-     * All elements in the Set must a {@link PKIXAttrCertChecker}.
-     * 
    
-     * The given set is cloned.
-     * 
-     * @param attrCertCheckers The attribute certificate checkers to set. Is
-     *            never null.
-     * @throws ClassCastException if an element of attrCertCheckers
-     *             is not a PKIXAttrCertChecker.
-     */
-    public void setAttrCertCheckers(Set attrCertCheckers)
-    {
-        if (attrCertCheckers == null)
-        {
-            this.attrCertCheckers.clear();
-            return;
-        }
-        for (Iterator it = attrCertCheckers.iterator(); it.hasNext();)
-        {
-            if (!(it.next() instanceof PKIXAttrCertChecker))
-            {
-                throw new ClassCastException("All elements of set must be "
-                    + "of type " + PKIXAttrCertChecker.class.getName() + ".");
-            }
-        }
-        this.attrCertCheckers.clear();
-        this.attrCertCheckers.addAll(attrCertCheckers);
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchParserException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchParserException.java
deleted file mode 100644
index c25b9dd14..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchParserException.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.x509;
-
-public class NoSuchParserException
-    extends Exception
-{
-    public NoSuchParserException(String message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java
deleted file mode 100644
index 255c03031..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.x509;
-
-public class NoSuchStoreException
-    extends Exception
-{
-    public NoSuchStoreException(String message)
-    {
-        super(message);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java
deleted file mode 100644
index 816cdab37..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.security.cert.CertPath;
-import java.security.cert.CertPathValidatorException;
-import java.util.Collection;
-import java.util.Set;
-
-public abstract class PKIXAttrCertChecker
-    implements Cloneable
-{
-
-    /**
-     * Returns an immutable Set of X.509 attribute certificate
-     * extensions that this PKIXAttrCertChecker supports or
-     * null if no extensions are supported.
-     * 
    
-     * Each element of the set is a String representing the
-     * Object Identifier (OID) of the X.509 extension that is supported.
-     * 
    
-     * All X.509 attribute certificate extensions that a
-     * PKIXAttrCertChecker might possibly be able to process
-     * should be included in the set.
-     * 
-     * @return an immutable Set of X.509 extension OIDs (in
-     *         String format) supported by this
-     *         PKIXAttrCertChecker, or null if no
-     *         extensions are supported
-     */
-    public abstract Set getSupportedExtensions();
-
-    /**
-     * Performs checks on the specified attribute certificate. Every handled
-     * extension is rmeoved from the unresolvedCritExts
-     * collection.
-     * 
-     * @param attrCert The attribute certificate to be checked.
-     * @param certPath The certificate path which belongs to the attribute
-     *            certificate issuer public key certificate.
-     * @param holderCertPath The certificate path which belongs to the holder
-     *            certificate.
-     * @param unresolvedCritExts a Collection of OID strings
-     *            representing the current set of unresolved critical extensions
-     * @throws CertPathValidatorException if the specified attribute certificate
-     *             does not pass the check.
-     */
-    public abstract void check(X509AttributeCertificate attrCert, CertPath certPath,
-                                 CertPath holderCertPath, Collection unresolvedCritExts)
-        throws CertPathValidatorException;
-
-    /**
-     * Returns a clone of this object.
-     * 
-     * @return a copy of this PKIXAttrCertChecker
-     */
-    public abstract Object clone();
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
deleted file mode 100644
index 3d8a9b6e0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
+++ /dev/null
@@ -1,2547 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.net.HttpURLConnection;
-import java.net.InetAddress;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.PKIXParameters;
-import java.security.cert.PolicyNode;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.x509.AccessDescription;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.DistributionPoint;
-import org.bouncycastle.asn1.x509.DistributionPointName;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.GeneralSubtree;
-import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
-import org.bouncycastle.asn1.x509.NameConstraints;
-import org.bouncycastle.asn1.x509.PolicyInformation;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
-import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
-import org.bouncycastle.asn1.x509.qualified.QCStatement;
-import org.bouncycastle.i18n.ErrorBundle;
-import org.bouncycastle.i18n.LocaleString;
-import org.bouncycastle.i18n.filter.TrustedInput;
-import org.bouncycastle.i18n.filter.UntrustedInput;
-import org.bouncycastle.i18n.filter.UntrustedUrlInput;
-import org.bouncycastle.jce.provider.AnnotatedException;
-import org.bouncycastle.jce.provider.CertPathValidatorUtilities;
-import org.bouncycastle.jce.provider.PKIXNameConstraintValidator;
-import org.bouncycastle.jce.provider.PKIXNameConstraintValidatorException;
-import org.bouncycastle.jce.provider.PKIXPolicyNode;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-/**
- * PKIXCertPathReviewer
    
- * Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible.
- */
-public class PKIXCertPathReviewer extends CertPathValidatorUtilities
-{
-    
-    private static final String QC_STATEMENT = X509Extensions.QCStatements.getId();
-    private static final String CRL_DIST_POINTS = X509Extensions.CRLDistributionPoints.getId();
-    private static final String AUTH_INFO_ACCESS = X509Extensions.AuthorityInfoAccess.getId();
-    
-    private static final String RESOURCE_NAME = "org.bouncycastle.x509.CertPathReviewerMessages";
-    
-    // input parameters
-    
-    protected CertPath certPath;
-
-    protected PKIXParameters pkixParams;
-
-    protected Date validDate;
-
-    // state variables
-    
-    protected List certs;
-
-    protected int n;
-    
-    // output variables
-    
-    protected List[] notifications;
-    protected List[] errors;
-    protected TrustAnchor trustAnchor;
-    protected PublicKey subjectPublicKey;
-    protected PolicyNode policyTree;
-    
-    private boolean initialized;
-    
-    /** 
-     * Initializes the PKIXCertPathReviewer with the given {@link CertPath} and {@link PKIXParameters} params
-     * @param certPath the {@link CertPath} to validate
-     * @param params the {@link PKIXParameters} to use
-     * @throws CertPathReviewerException if the certPath is empty
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} is already initialized
-     */
-    public void init(CertPath certPath, PKIXParameters params)
-            throws CertPathReviewerException
-    {
-        if (initialized)
-        {
-            throw new IllegalStateException("object is already initialized!");
-        }
-        initialized = true;
-        
-        // check input parameters
-        if (certPath == null)
-        {
-            throw new NullPointerException("certPath was null");
-        }
-        this.certPath = certPath;
-
-        certs = certPath.getCertificates();
-        n = certs.size();
-        if (certs.isEmpty())
-        {
-            throw new CertPathReviewerException(
-                    new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.emptyCertPath"));
-        }
-
-        pkixParams = (PKIXParameters) params.clone();
-
-        // 6.1.1 - Inputs
-
-        // a) done
-
-        // b)
-
-        validDate = getValidDate(pkixParams);
-
-        // c) part of pkixParams
-
-        // d) done at the beginning of checkSignatures
-
-        // e) f) g) part of pkixParams
-        
-        // initialize output parameters
-        
-        notifications = null;
-        errors = null;
-        trustAnchor = null;
-        subjectPublicKey = null;
-        policyTree = null;
-    }
-    
-    /**
-     * Creates a PKIXCertPathReviewer and initializes it with the given {@link CertPath} and {@link PKIXParameters} params
-     * @param certPath the {@link CertPath} to validate
-     * @param params the {@link PKIXParameters} to use
-     * @throws CertPathReviewerException if the certPath is empty
-     */
-    public PKIXCertPathReviewer(CertPath certPath, PKIXParameters params)
-            throws CertPathReviewerException
-    {
-        init(certPath, params);
-    }
-    
-    /**
-     * Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object.
-     */
-    public PKIXCertPathReviewer()
-    {
-        // do nothing
-    }
-    
-    /**
-     * 
-     * @return the CertPath that was validated
-     */
-    public CertPath getCertPath()
-    {
-        return certPath;
-    }
-    
-    /**
-     * 
-     * @return the size of the CertPath
-     */
-    public int getCertPathSize()
-    {
-        return n;
-    }
-
-    /**
-     * Returns an Array of Lists which contains a List of global error messages 
-     * and a List of error messages for each certificate in the path.
-     * The global error List is at index 0. The error lists for each certificate at index 1 to n. 
-     * The error messages are of type.
-     * @return the Array of Lists which contain the error messages
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public List[] getErrors()
-    {
-        doChecks();
-        return errors;
-    }
-    
-    /**
-     * Returns an List of error messages for the certificate at the given index in the CertPath.
-     * If index == -1 then the list of global errors is returned with errors not specific to a certificate. 
-     * @param index the index of the certificate in the CertPath
-     * @return List of error messages for the certificate
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public List getErrors(int index)
-    {
-        doChecks();
-        return errors[index + 1];
-    }
-
-    /**
-     * Returns an Array of Lists which contains a List of global notification messages 
-     * and a List of botification messages for each certificate in the path.
-     * The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. 
-     * The error messages are of type.
-     * @return the Array of Lists which contain the notification messages
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public List[] getNotifications()
-    {
-        doChecks();
-        return notifications;
-    }
-    
-    /**
-     * Returns an List of notification messages for the certificate at the given index in the CertPath.
-     * If index == -1 then the list of global notifications is returned with notifications not specific to a certificate. 
-     * @param index the index of the certificate in the CertPath
-     * @return List of notification messages for the certificate
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public List getNotifications(int index)
-    {
-        doChecks();
-        return notifications[index + 1];
-    }
-
-    /**
-     * 
-     * @return the valid policy tree, null if no valid policy exists.
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public PolicyNode getPolicyTree()
-    {
-        doChecks();
-        return policyTree;
-    }
-
-    /**
-     * 
-     * @return the PublicKey if the last certificate in the CertPath
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public PublicKey getSubjectPublicKey()
-    {
-        doChecks();
-        return subjectPublicKey;
-    }
-
-    /**
-     * 
-     * @return the TrustAnchor for the CertPath, null if no valid TrustAnchor was found.
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public TrustAnchor getTrustAnchor()
-    {
-        doChecks();
-        return trustAnchor;
-    }
-    
-    /**
-     * 
-     * @return if the CertPath is valid
-     * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized
-     */
-    public boolean isValidCertPath()
-    {
-        doChecks();
-        boolean valid = true;
-        for (int i = 0; i < errors.length; i++)
-        {
-            if (!errors[i].isEmpty())
-            {
-                valid = false;
-                break;
-            }
-        }
-        return valid;
-    }
-    
-    protected void addNotification(ErrorBundle msg)
-    {
-        notifications[0].add(msg);
-    }
-    
-    protected void addNotification(ErrorBundle msg, int index)
-    {
-        if (index < -1 || index >= n)
-        {
-            throw new IndexOutOfBoundsException();
-        }
-        notifications[index + 1].add(msg);
-    }
-
-    protected void addError(ErrorBundle msg) 
-    {
-        errors[0].add(msg);
-    }
-    
-    protected void addError(ErrorBundle msg, int index)
-    {
-        if (index < -1 || index >= n)
-        {
-            throw new IndexOutOfBoundsException();
-        }
-        errors[index + 1].add(msg);
-    }
-    
-    protected void doChecks()
-    {
-        if (!initialized)
-        {
-            throw new IllegalStateException("Object not initialized. Call init() first.");
-        }
-        if (notifications == null)
-        {
-            // initialize lists
-            notifications = new List[n+1];
-            errors = new List[n+1];
-            
-            for (int i = 0; i < notifications.length; i++)
-            {
-                notifications[i] = new ArrayList();
-                errors[i] = new ArrayList();
-            }
-            
-            // check Signatures
-            checkSignatures();
-            
-            // check Name Constraints
-            checkNameConstraints();
-            
-            // check Path Length
-            checkPathLength();
-            
-            // check Policy
-            checkPolicy();
-            
-            // check other critical extensions
-            checkCriticalExtensions();
-            
-        }
-    }
-
-    private void checkNameConstraints()
-    {
-        X509Certificate cert = null;
-        
-        //
-        // Setup
-        //
-        
-        // (b)  and (c)
-        PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator();
-
-        //
-        // process each certificate except the last in the path
-        //
-        int index;
-        int i;
-        
-        try 
-        {
-            for (index = certs.size()-1; index>0; index--) 
-            {
-                i = n - index;
-                
-                //
-                // certificate processing
-                //    
-                
-                cert = (X509Certificate) certs.get(index);
-                
-                // b),c)
-                
-                if (!isSelfIssued(cert))
-                {
-                    X500Principal principal = getSubjectPrincipal(cert);
-                    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded()));
-                    ASN1Sequence    dns;
-    
-                    try
-                    {
-                        dns = (ASN1Sequence)aIn.readObject();
-                    }
-                    catch (IOException e)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncSubjectNameError", 
-                                new Object[] {new UntrustedInput(principal)});
-                        throw new CertPathReviewerException(msg,e,certPath,index);
-                    }
-    
-                    try
-                    {
-                        nameConstraintValidator.checkPermittedDN(dns);
-                    }
-                    catch (PKIXNameConstraintValidatorException cpve)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN", 
-                                new Object[] {new UntrustedInput(principal.getName())});
-                        throw new CertPathReviewerException(msg,cpve,certPath,index);
-                    }
-                    
-                    try
-                    {
-                        nameConstraintValidator.checkExcludedDN(dns);
-                    }
-                    catch (PKIXNameConstraintValidatorException cpve)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
-                                new Object[] {new UntrustedInput(principal.getName())});
-                        throw new CertPathReviewerException(msg,cpve,certPath,index);
-                    }
-            
-                    ASN1Sequence altName;
-                    try 
-                    {
-                        altName = (ASN1Sequence)getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME);
-                    }
-                    catch (AnnotatedException ae)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.subjAltNameExtError");
-                        throw new CertPathReviewerException(msg,ae,certPath,index);
-                    }
-                    
-                    if (altName != null)
-                    {
-                        for (int j = 0; j < altName.size(); j++)
-                        {
-                            GeneralName name = GeneralName.getInstance(altName.getObjectAt(j));
-
-                            try
-                            {
-                                nameConstraintValidator.checkPermitted(name);
-                                nameConstraintValidator.checkExcluded(name);
-                            }
-                            catch (PKIXNameConstraintValidatorException cpve)
-                            {
-                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
-                                        new Object[] {new UntrustedInput(name)});
-                                throw new CertPathReviewerException(msg,cpve,certPath,index);
-                            }
-//                            switch(o.getTagNo())            TODO - move resources to PKIXNameConstraints
-//                            {
-//                            case 1:
-//                                String email = DERIA5String.getInstance(o, true).getString();
-//
-//                                try
-//                                {
-//                                    checkPermittedEmail(permittedSubtreesEmail, email);
-//                                }
-//                                catch (CertPathValidatorException cpve)
-//                                {
-//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
-//                                            new Object[] {new UntrustedInput(email)});
-//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-//                                }
-//
-//                                try
-//                                {
-//                                    checkExcludedEmail(excludedSubtreesEmail, email);
-//                                }
-//                                catch (CertPathValidatorException cpve)
-//                                {
-//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedEmail",
-//                                            new Object[] {new UntrustedInput(email)});
-//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-//                                }
-//
-//                                break;
-//                            case 4:
-//                                ASN1Sequence altDN = ASN1Sequence.getInstance(o, true);
-//
-//                                try
-//                                {
-//                                    checkPermittedDN(permittedSubtreesDN, altDN);
-//                                }
-//                                catch (CertPathValidatorException cpve)
-//                                {
-//                                    X509Name altDNName = new X509Name(altDN);
-//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN",
-//                                            new Object[] {new UntrustedInput(altDNName)});
-//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-//                                }
-//
-//                                try
-//                                {
-//                                    checkExcludedDN(excludedSubtreesDN, altDN);
-//                                }
-//                                catch (CertPathValidatorException cpve)
-//                                {
-//                                    X509Name altDNName = new X509Name(altDN);
-//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
-//                                            new Object[] {new UntrustedInput(altDNName)});
-//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-//                                }
-//
-//                                break;
-//                            case 7:
-//                                byte[] ip = ASN1OctetString.getInstance(o, true).getOctets();
-//
-//                                try
-//                                {
-//                                    checkPermittedIP(permittedSubtreesIP, ip);
-//                                }
-//                                catch (CertPathValidatorException cpve)
-//                                {
-//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedIP",
-//                                            new Object[] {IPtoString(ip)});
-//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-//                                }
-//
-//                                try
-//                                {
-//                                    checkExcludedIP(excludedSubtreesIP, ip);
-//                                }
-//                                catch (CertPathValidatorException cpve)
-//                                {
-//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedIP",
-//                                            new Object[] {IPtoString(ip)});
-//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-//                                }
-//                            }
-                        }
-                    }
-                }
-                
-                //
-                // prepare for next certificate
-                //
-                
-                //
-                // (g) handle the name constraints extension
-                //
-                ASN1Sequence ncSeq;
-                try 
-                {
-                    ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS);
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncExtError");
-                    throw new CertPathReviewerException(msg,ae,certPath,index);
-                }
-                
-                if (ncSeq != null)
-                {
-                    NameConstraints nc = new NameConstraints(ncSeq);
-
-                    //
-                    // (g) (1) permitted subtrees
-                    //
-                    ASN1Sequence permitted = nc.getPermittedSubtrees();
-                    if (permitted != null)
-                    {
-                        nameConstraintValidator.intersectPermittedSubtree(permitted);
-                    }
-                
-                    //
-                    // (g) (2) excluded subtrees
-                    //
-                    ASN1Sequence excluded = nc.getExcludedSubtrees();
-                    if (excluded != null)
-                    {
-                        Enumeration e = excluded.getObjects();
-                        while (e.hasMoreElements())
-                        {
-                            GeneralSubtree  subtree = GeneralSubtree.getInstance(e.nextElement());
-
-                            nameConstraintValidator.addExcludedSubtree(subtree);
-                        }
-                    }
-                }
-                
-            } // for
-        }
-        catch (CertPathReviewerException cpre)
-        {
-            addError(cpre.getErrorMessage(),cpre.getIndex());
-        }
-        
-    }
-
-    /*
-     * checks: - path length constraints and reports - total path length
-     */
-    private void checkPathLength()
-    {
-        // init
-        int maxPathLength = n;
-        int totalPathLength = 0;
-
-        X509Certificate cert = null;
-
-        int i;
-        for (int index = certs.size() - 1; index > 0; index--)
-        {
-            i = n - index;
-
-            cert = (X509Certificate) certs.get(index);
-
-            // l)
-
-            if (!isSelfIssued(cert))
-            {
-                if (maxPathLength <= 0)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.pathLenghtExtended");
-                    addError(msg);
-                }
-                maxPathLength--;
-                totalPathLength++;
-            }
-
-            // m)
-
-            BasicConstraints bc;
-            try
-            {
-                bc = BasicConstraints.getInstance(getExtensionValue(cert,
-                        BASIC_CONSTRAINTS));
-            }
-            catch (AnnotatedException ae)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.processLengthConstError");
-                addError(msg,index);
-                bc = null;
-            }
-
-            if (bc != null)
-            {
-                BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
-
-                if (_pathLengthConstraint != null)
-                {
-                    int _plc = _pathLengthConstraint.intValue();
-
-                    if (_plc < maxPathLength)
-                    {
-                        maxPathLength = _plc;
-                    }
-                }
-            }
-
-        }
-
-        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.totalPathLength",
-                new Object[] {new Integer(totalPathLength)});
-        
-        addNotification(msg);
-    }
-
-    /*
-     * checks: - signatures - name chaining - validity of certificates - todo:
-     * if certificate revoked (if specified in the parameters)
-     */
-    private void checkSignatures()
-    {
-        // 1.6.1 - Inputs
-        
-        // d)
-        
-        TrustAnchor trust = null;
-        X500Principal trustPrincipal = null;
-        
-        // validation date
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certPathValidDate",
-                    new Object[] {new TrustedInput(validDate), new TrustedInput(new Date())});
-            addNotification(msg);
-        }
-        
-        // find trust anchors
-        try
-        {
-            X509Certificate cert = (X509Certificate) certs.get(certs.size() - 1);
-            Collection trustColl = getTrustAnchors(cert,pkixParams.getTrustAnchors());
-            if (trustColl.size() > 1)
-            {
-                // conflicting trust anchors                
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "CertPathReviewer.conflictingTrustAnchors",
-                        new Object[] {new Integer(trustColl.size()),
-                                      new UntrustedInput(cert.getIssuerX500Principal())});
-                addError(msg);
-            }
-            else if (trustColl.isEmpty())
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "CertPathReviewer.noTrustAnchorFound",
-                        new Object[] {new UntrustedInput(cert.getIssuerX500Principal()),
-                                      new Integer(pkixParams.getTrustAnchors().size())});
-                addError(msg);
-            }
-            else
-            {
-                PublicKey trustPublicKey;
-                trust = (TrustAnchor) trustColl.iterator().next();
-                if (trust.getTrustedCert() != null)
-                {
-                    trustPublicKey = trust.getTrustedCert().getPublicKey();
-                }
-                else
-                {
-                    trustPublicKey = trust.getCAPublicKey();
-                }
-                try
-                {
-                    CertPathValidatorUtilities.verifyX509Certificate(cert, trustPublicKey,
-                        pkixParams.getSigProvider());
-                }
-                catch (SignatureException e)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustButInvalidCert");
-                    addError(msg);
-                }
-                catch (Exception e)
-                {
-                    // do nothing, error occurs again later
-                }
-            }
-        }
-        catch (CertPathReviewerException cpre)
-        {
-            addError(cpre.getErrorMessage());
-        }
-        catch (Throwable t)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "CertPathReviewer.unknown",
-                    new Object[] {new UntrustedInput(t.getMessage()), new UntrustedInput(t)});
-            addError(msg);
-        }
-        
-        if (trust != null)
-        {
-            // get the name of the trustAnchor
-            X509Certificate sign = trust.getTrustedCert();
-            try
-            {
-                if (sign != null)
-                {
-                    trustPrincipal = getSubjectPrincipal(sign);
-                }
-                else
-                {
-                    trustPrincipal = new X500Principal(trust.getCAName());
-                }
-            }
-            catch (IllegalArgumentException ex)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustDNInvalid",
-                        new Object[] {new UntrustedInput(trust.getCAName())});
-                addError(msg);
-            }
-            
-            // test key usages of the trust anchor
-            if (sign != null)
-            {
-                boolean[] ku = sign.getKeyUsage(); 
-                if (ku != null && !ku[5])
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustKeyUsage");
-                    addNotification(msg);
-                }
-            }
-        }
-        
-        // 1.6.2 - Initialization
-        
-        PublicKey workingPublicKey = null;
-        X500Principal workingIssuerName = trustPrincipal;
-        
-        X509Certificate sign = null;
-
-        AlgorithmIdentifier workingAlgId = null;
-        DERObjectIdentifier workingPublicKeyAlgorithm = null;
-        DEREncodable workingPublicKeyParameters = null;
-        
-        if (trust != null)
-        {
-            sign = trust.getTrustedCert();
-            
-            if (sign != null)
-            {
-                workingPublicKey = sign.getPublicKey();
-            }
-            else
-            {
-                workingPublicKey = trust.getCAPublicKey();
-            }
-        
-            try
-            {
-                workingAlgId = getAlgorithmIdentifier(workingPublicKey);
-                workingPublicKeyAlgorithm = workingAlgId.getObjectId();
-                workingPublicKeyParameters = workingAlgId.getParameters();
-            }
-            catch (CertPathValidatorException ex)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustPubKeyError");
-                addError(msg);
-                workingAlgId = null;
-            }
-            
-        }
-
-        // Basic cert checks
-
-        X509Certificate cert = null;
-        int i;
-
-        for (int index = certs.size() - 1; index >= 0; index--)
-        {
-            //
-            // i as defined in the algorithm description
-            //
-            i = n - index;
-
-            //
-            // set certificate to be checked in this round
-            // sign and workingPublicKey and workingIssuerName are set
-            // at the end of the for loop and initialied the
-            // first time from the TrustAnchor
-            //
-            cert = (X509Certificate) certs.get(index);
-
-            // verify signature
-            if (workingPublicKey != null)
-            {
-                try
-                {
-                    CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
-                        pkixParams.getSigProvider());
-                }
-                catch (GeneralSecurityException ex)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.signatureNotVerified",
-                            new Object[] {ex.getMessage(),ex,ex.getClass().getName()}); 
-                    addError(msg,index);
-                }
-            }
-            else if (isSelfIssued(cert))
-            {
-                try
-                {
-                    CertPathValidatorUtilities.verifyX509Certificate(cert, cert.getPublicKey(),
-                        pkixParams.getSigProvider());
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.rootKeyIsValidButNotATrustAnchor");
-                    addError(msg, index);
-                }
-                catch (GeneralSecurityException ex)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.signatureNotVerified",
-                            new Object[] {ex.getMessage(),ex,ex.getClass().getName()}); 
-                    addError(msg,index);
-                }
-            }
-            else
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.NoIssuerPublicKey");
-                // if there is an authority key extension add the serial and issuer of the missing certificate
-                byte[] akiBytes = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-                if (akiBytes != null)
-                {
-                    try
-                    {
-                        AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(
-                            X509ExtensionUtil.fromExtensionValue(akiBytes));
-                        GeneralNames issuerNames = aki.getAuthorityCertIssuer();
-                        if (issuerNames != null)
-                        {
-                            GeneralName name = issuerNames.getNames()[0];
-                            BigInteger serial = aki.getAuthorityCertSerialNumber(); 
-                            if (serial != null)
-                            {
-                                Object[] extraArgs = {new LocaleString(RESOURCE_NAME, "missingIssuer"), " \"", name , 
-                                        "\" ", new LocaleString(RESOURCE_NAME, "missingSerial") , " ", serial};
-                                msg.setExtraArguments(extraArgs);
-                            }
-                        }
-                    }
-                    catch (IOException e)
-                    {
-                        // ignore
-                    }
-                }
-                addError(msg,index);
-            }
-
-            // certificate valid?
-            try
-            {
-                cert.checkValidity(validDate);
-            }
-            catch (CertificateNotYetValidException cnve)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certificateNotYetValid",
-                        new Object[] {new TrustedInput(cert.getNotBefore())});
-                addError(msg,index);
-            }
-            catch (CertificateExpiredException cee)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certificateExpired",
-                        new Object[] {new TrustedInput(cert.getNotAfter())});
-                addError(msg,index);
-            }
-
-            // certificate revoked?
-            if (pkixParams.isRevocationEnabled())
-            {
-                // read crl distribution points extension
-                CRLDistPoint crlDistPoints = null;
-                try
-                {
-                    DERObject crl_dp = getExtensionValue(cert,CRL_DIST_POINTS);
-                    if (crl_dp != null)
-                    {
-                        crlDistPoints = CRLDistPoint.getInstance(crl_dp);
-                    }
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlDistPtExtError");
-                    addError(msg,index);
-                }
-
-                // read authority information access extension
-                AuthorityInformationAccess authInfoAcc = null;
-                try
-                {
-                    DERObject auth_info_acc = getExtensionValue(cert,AUTH_INFO_ACCESS);
-                    if (auth_info_acc != null)
-                    {
-                        authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc);
-                    }
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlAuthInfoAccError");
-                    addError(msg,index);
-                }
-                
-                Vector crlDistPointUrls = getCRLDistUrls(crlDistPoints);
-                Vector ocspUrls = getOCSPUrls(authInfoAcc);
-                
-                // add notifications with the crl distribution points
-                
-                // output crl distribution points
-                Iterator urlIt = crlDistPointUrls.iterator();
-                while (urlIt.hasNext())
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlDistPoint",
-                                new Object[] {new UntrustedUrlInput(urlIt.next())});
-                    addNotification(msg,index);
-                }
-                
-                // output ocsp urls
-                urlIt = ocspUrls.iterator();
-                while (urlIt.hasNext())
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ocspLocation",
-                            new Object[] {new UntrustedUrlInput(urlIt.next())});
-                    addNotification(msg,index);
-                }
-                
-                // TODO also support Netscapes revocation-url and/or OCSP instead of CRLs for revocation checking
-                // check CRLs
-                try 
-                {
-                    checkRevocation(pkixParams, cert, validDate, sign, workingPublicKey, crlDistPointUrls, ocspUrls, index);
-                }
-                catch (CertPathReviewerException cpre)
-                {
-                    addError(cpre.getErrorMessage(),index);
-                }
-            }
-
-            // certificate issuer correct
-            if (workingIssuerName != null && !cert.getIssuerX500Principal().equals(workingIssuerName))
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certWrongIssuer",
-                            new Object[] {workingIssuerName.getName(),
-                            cert.getIssuerX500Principal().getName()});
-                addError(msg,index);
-            }
-
-            //
-            // prepare for next certificate
-            //
-            if (i != n)
-            {
-
-                if (cert != null && cert.getVersion() == 1)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCACert");
-                    addError(msg,index);
-                }
-
-                // k)
-
-                BasicConstraints bc;
-                try
-                {
-                    bc = BasicConstraints.getInstance(getExtensionValue(cert,
-                            BASIC_CONSTRAINTS));
-                    if (bc != null)
-                    {
-                        if (!bc.isCA())
-                        {
-                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCACert");
-                            addError(msg,index);
-                        }
-                    }
-                    else
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noBasicConstraints");
-                        addError(msg,index);
-                    }
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.errorProcesingBC");
-                    addError(msg,index);
-                }
-
-                // n)
-
-                boolean[] _usage = cert.getKeyUsage();
-
-                if ((_usage != null) && !_usage[KEY_CERT_SIGN])
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCertSign");
-                    addError(msg,index);
-                }
-
-            } // if
-
-            // set signing certificate for next round
-            sign = cert;
-            
-            // c)
-
-            workingIssuerName = cert.getSubjectX500Principal();
-
-            // d) e) f)
-
-            try
-            {
-                workingPublicKey = getNextWorkingKey(certs, index);
-                workingAlgId = getAlgorithmIdentifier(workingPublicKey);
-                workingPublicKeyAlgorithm = workingAlgId.getObjectId();
-                workingPublicKeyParameters = workingAlgId.getParameters();
-            }
-            catch (CertPathValidatorException ex)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.pubKeyError");
-                addError(msg,index);
-                workingAlgId = null;
-                workingPublicKeyAlgorithm = null;
-                workingPublicKeyParameters = null;
-            }
-
-        } // for
-
-        trustAnchor = trust;
-        subjectPublicKey = workingPublicKey;
-    }
-
-    private void checkPolicy()
-    {
-        //
-        // 6.1.1 Inputs
-        //
-
-        // c) Initial Policy Set
-
-        Set userInitialPolicySet = pkixParams.getInitialPolicies();
-
-        // e) f) g) are part of pkixParams
-
-        //
-        // 6.1.2 Initialization
-        //
-
-        // a) valid policy tree
-
-        List[] policyNodes = new ArrayList[n + 1];
-        for (int j = 0; j < policyNodes.length; j++)
-        {
-            policyNodes[j] = new ArrayList();
-        }
-
-        Set policySet = new HashSet();
-
-        policySet.add(ANY_POLICY);
-
-        PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0,
-                policySet, null, new HashSet(), ANY_POLICY, false);
-
-        policyNodes[0].add(validPolicyTree);
-
-        // d) explicit policy
-
-        int explicitPolicy;
-        if (pkixParams.isExplicitPolicyRequired())
-        {
-            explicitPolicy = 0;
-        }
-        else
-        {
-            explicitPolicy = n + 1;
-        }
-
-        // e) inhibit any policy
-
-        int inhibitAnyPolicy;
-        if (pkixParams.isAnyPolicyInhibited())
-        {
-            inhibitAnyPolicy = 0;
-        }
-        else
-        {
-            inhibitAnyPolicy = n + 1;
-        }
-
-        // f) policy mapping
-
-        int policyMapping;
-        if (pkixParams.isPolicyMappingInhibited())
-        {
-            policyMapping = 0;
-        }
-        else
-        {
-            policyMapping = n + 1;
-        }
-
-        Set acceptablePolicies = null;
-
-        //
-        // 6.1.3 Basic Certificate processing
-        //
-
-        X509Certificate cert = null;
-        int index;
-        int i;
-
-        try 
-        {
-            for (index = certs.size() - 1; index >= 0; index--)
-            {
-                // i as defined in the algorithm description
-                i = n - index;
-    
-                // set certificate to be checked in this round
-                cert = (X509Certificate) certs.get(index);
-    
-                // d) process policy information
-    
-                ASN1Sequence certPolicies;
-                try 
-                {
-                    certPolicies = (ASN1Sequence) getExtensionValue(
-                        cert, CERTIFICATE_POLICIES);
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError");
-                    throw new CertPathReviewerException(msg,ae,certPath,index);
-                }
-                if (certPolicies != null && validPolicyTree != null)
-                {
-
-                    // d) 1)
-
-                    Enumeration e = certPolicies.getObjects();
-                    Set pols = new HashSet();
-
-                    while (e.hasMoreElements())
-                    {
-                        PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
-                        DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
-
-                        pols.add(pOid.getId());
-
-                        if (!ANY_POLICY.equals(pOid.getId()))
-                        {
-                            Set pq;
-                            try
-                            {
-                                pq = getQualifierSet(pInfo.getPolicyQualifiers());
-                            }
-                            catch (CertPathValidatorException cpve)
-                            {
-                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError");
-                                throw new CertPathReviewerException(msg,cpve,certPath,index);
-                            }
-
-                            boolean match = processCertD1i(i, policyNodes, pOid, pq);
-
-                            if (!match)
-                            {
-                                processCertD1ii(i, policyNodes, pOid, pq);
-                            }
-                        }
-                    }
-
-                    if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY))
-                    {
-                        acceptablePolicies = pols;
-                    }
-                    else
-                    {
-                        Iterator it = acceptablePolicies.iterator();
-                        Set t1 = new HashSet();
-
-                        while (it.hasNext())
-                        {
-                            Object o = it.next();
-
-                            if (pols.contains(o))
-                            {
-                                t1.add(o);
-                            }
-                        }
-
-                        acceptablePolicies = t1;
-                    }
-
-                    // d) 2)
-
-                    if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert)))
-                    {
-                        e = certPolicies.getObjects();
-
-                        while (e.hasMoreElements())
-                        {
-                            PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
-
-                            if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId()))
-                            {
-                                Set _apq;
-                                try
-                                {
-                                    _apq = getQualifierSet(pInfo.getPolicyQualifiers());
-                                }
-                                catch (CertPathValidatorException cpve)
-                                {
-                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError");
-                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-                                }
-                                List _nodes = policyNodes[i - 1];
-
-                                for (int k = 0; k < _nodes.size(); k++)
-                                {
-                                    PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
-
-                                    Iterator _policySetIter = _node.getExpectedPolicies().iterator();
-                                    while (_policySetIter.hasNext())
-                                    {
-                                        Object _tmp = _policySetIter.next();
-
-                                        String _policy;
-                                        if (_tmp instanceof String)
-                                        {
-                                            _policy = (String) _tmp;
-                                        }
-                                        else if (_tmp instanceof DERObjectIdentifier)
-                                        {
-                                            _policy = ((DERObjectIdentifier) _tmp).getId();
-                                        }
-                                        else
-                                        {
-                                            continue;
-                                        }
-
-                                        boolean _found = false;
-                                        Iterator _childrenIter = _node
-                                                .getChildren();
-
-                                        while (_childrenIter.hasNext())
-                                        {
-                                            PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
-
-                                            if (_policy.equals(_child.getValidPolicy()))
-                                            {
-                                                _found = true;
-                                            }
-                                        }
-
-                                        if (!_found)
-                                        {
-                                            Set _newChildExpectedPolicies = new HashSet();
-                                            _newChildExpectedPolicies.add(_policy);
-
-                                            PKIXPolicyNode _newChild = new PKIXPolicyNode(
-                                                    new ArrayList(), i,
-                                                    _newChildExpectedPolicies,
-                                                    _node, _apq, _policy, false);
-                                            _node.addChild(_newChild);
-                                            policyNodes[i].add(_newChild);
-                                        }
-                                    }
-                                }
-                                break;
-                            }
-                        }
-                    }
-
-                    //
-                    // (d) (3)
-                    //
-                    for (int j = (i - 1); j >= 0; j--)
-                    {
-                        List nodes = policyNodes[j];
-
-                        for (int k = 0; k < nodes.size(); k++)
-                        {
-                            PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
-                            if (!node.hasChildren())
-                            {
-                                validPolicyTree = removePolicyNode(
-                                        validPolicyTree, policyNodes, node);
-                                if (validPolicyTree == null)
-                                {
-                                    break;
-                                }
-                            }
-                        }
-                    }
-
-                    //
-                    // d (4)
-                    //
-                    Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
-
-                    if (criticalExtensionOids != null)
-                    {
-                        boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES);
-
-                        List nodes = policyNodes[i];
-                        for (int j = 0; j < nodes.size(); j++)
-                        {
-                            PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
-                            node.setCritical(critical);
-                        }
-                    }
-
-                }
-                
-                // e)
-                
-                if (certPolicies == null) 
-                {
-                    validPolicyTree = null;
-                }
-                
-                // f)
-                
-                if (explicitPolicy <= 0 && validPolicyTree == null)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidPolicyTree");
-                    throw new CertPathReviewerException(msg);
-                }
-    
-                //
-                // 6.1.4 preparation for next Certificate
-                //
-    
-                if (i != n)
-                {
-                    
-                    // a)
-                    
-                    DERObject pm;
-                    try
-                    {
-                        pm = getExtensionValue(cert, POLICY_MAPPINGS);
-                    }
-                    catch (AnnotatedException ae)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyMapExtError");
-                        throw new CertPathReviewerException(msg,ae,certPath,index);
-                    }
-                    
-                    if (pm != null) 
-                    {
-                        ASN1Sequence mappings = (ASN1Sequence) pm;
-                        for (int j = 0; j < mappings.size(); j++) 
-                        {
-                            ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
-                            DERObjectIdentifier ip_id = (DERObjectIdentifier) mapping.getObjectAt(0);
-                            DERObjectIdentifier sp_id = (DERObjectIdentifier) mapping.getObjectAt(1);
-                            if (ANY_POLICY.equals(ip_id.getId())) 
-                            {
-                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping");
-                                throw new CertPathReviewerException(msg,certPath,index);
-                            }
-                            if (ANY_POLICY.equals(sp_id.getId()))
-                            {
-                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping");
-                                throw new CertPathReviewerException(msg,certPath,index);
-                            }
-                        }
-                    }
-                    
-                    // b)
-                    
-                    if (pm != null)
-                    {
-                        ASN1Sequence mappings = (ASN1Sequence)pm;
-                        Map m_idp = new HashMap();
-                        Set s_idp = new HashSet();
-                        
-                        for (int j = 0; j < mappings.size(); j++)
-                        {
-                            ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j);
-                            String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId();
-                            String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId();
-                            Set tmp;
-                            
-                            if (!m_idp.containsKey(id_p))
-                            {
-                                tmp = new HashSet();
-                                tmp.add(sd_p);
-                                m_idp.put(id_p, tmp);
-                                s_idp.add(id_p);
-                            }
-                            else
-                            {
-                                tmp = (Set)m_idp.get(id_p);
-                                tmp.add(sd_p);
-                            }
-                        }
-    
-                        Iterator it_idp = s_idp.iterator();
-                        while (it_idp.hasNext())
-                        {
-                            String id_p = (String)it_idp.next();
-                            
-                            //
-                            // (1)
-                            //
-                            if (policyMapping > 0)
-                            {
-                                try
-                                {
-                                    prepareNextCertB1(i,policyNodes,id_p,m_idp,cert);
-                                }
-                                catch (AnnotatedException ae)
-                                {
-                                    // error processing certificate policies extension
-                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError");
-                                    throw new CertPathReviewerException(msg,ae,certPath,index);
-                                }
-                                catch (CertPathValidatorException cpve)
-                                {
-                                    // error building qualifier set
-                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError");
-                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
-                                }
-                                
-                                //
-                                // (2)
-                                // 
-                            }
-                            else if (policyMapping <= 0)
-                            {
-                                validPolicyTree = prepareNextCertB2(i,policyNodes,id_p,validPolicyTree);
-                            }
-                            
-                        }
-                    }
-                    
-                    //
-                    // h)
-                    //
-                    
-                    if (!isSelfIssued(cert)) 
-                    {
-                        
-                        // (1)
-                        if (explicitPolicy != 0)
-                        {
-                            explicitPolicy--;
-                        }
-                        
-                        // (2)
-                        if (policyMapping != 0)
-                        {
-                            policyMapping--;
-                        }
-                        
-                        // (3)
-                        if (inhibitAnyPolicy != 0)
-                        {
-                            inhibitAnyPolicy--;
-                        }
-                        
-                    }
-    
-                    //
-                    // i)
-                    //
-                    
-                    try
-                    {
-                        ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert,POLICY_CONSTRAINTS);
-                        if (pc != null)
-                        {
-                            Enumeration policyConstraints = pc.getObjects();
-                            
-                            while (policyConstraints.hasMoreElements())
-                            {
-                                ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
-                                int tmpInt; 
-                                
-                                switch (constraint.getTagNo())
-                                {
-                                case 0:
-                                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
-                                    if (tmpInt < explicitPolicy)
-                                    {
-                                        explicitPolicy = tmpInt;
-                                    }
-                                    break;
-                                case 1:
-                                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
-                                    if (tmpInt < policyMapping)
-                                    {
-                                        policyMapping = tmpInt;
-                                    }
-                                break;
-                                }
-                            }
-                        }
-                    }
-                    catch (AnnotatedException ae)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError");
-                        throw new CertPathReviewerException(msg,certPath,index);
-                    }
-    
-                    //
-                    // j)
-                    //
-                    
-                    try 
-                    {
-                        DERInteger iap = (DERInteger)getExtensionValue(cert, INHIBIT_ANY_POLICY);
-                        
-                        if (iap != null)
-                        {
-                            int _inhibitAnyPolicy = iap.getValue().intValue();
-                        
-                            if (_inhibitAnyPolicy < inhibitAnyPolicy)
-                            {
-                                inhibitAnyPolicy = _inhibitAnyPolicy;
-                            }
-                        }
-                    }
-                    catch (AnnotatedException ae)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyInhibitExtError");
-                        throw new CertPathReviewerException(msg,certPath,index);
-                    }
-                }
-    
-            }
-    
-            //
-            // 6.1.5 Wrap up
-            //
-    
-            //
-            // a)
-            //
-            
-            if (!isSelfIssued(cert) && explicitPolicy > 0) 
-            {
-                explicitPolicy--;
-            }
-    
-            //
-            // b)
-            //
-            
-            try
-            {
-                ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
-                if (pc != null)
-                {
-                    Enumeration policyConstraints = pc.getObjects();
-        
-                    while (policyConstraints.hasMoreElements())
-                    {
-                        ASN1TaggedObject    constraint = (ASN1TaggedObject)policyConstraints.nextElement();
-                        switch (constraint.getTagNo())
-                        {
-                        case 0:
-                            int tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
-                            if (tmpInt == 0)
-                            {
-                                explicitPolicy = 0;
-                            }
-                            break;
-                        }
-                    }
-                }
-            }
-            catch (AnnotatedException e)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError");
-                throw new CertPathReviewerException(msg,certPath,index);
-            }
-            
-            
-            //
-            // (g)
-            //
-            PKIXPolicyNode intersection;
-            
-    
-            //
-            // (g) (i)
-            //
-            if (validPolicyTree == null)
-            { 
-                if (pkixParams.isExplicitPolicyRequired())
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.explicitPolicy");
-                    throw new CertPathReviewerException(msg,certPath,index);
-                }
-                intersection = null;
-            }
-            else if (isAnyPolicy(userInitialPolicySet)) // (g) (ii)
-            {
-                if (pkixParams.isExplicitPolicyRequired())
-                {
-                    if (acceptablePolicies.isEmpty())
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.explicitPolicy");
-                        throw new CertPathReviewerException(msg,certPath,index);
-                    }
-                    else
-                    {
-                        Set _validPolicyNodeSet = new HashSet();
-                        
-                        for (int j = 0; j < policyNodes.length; j++)
-                        {
-                            List      _nodeDepth = policyNodes[j];
-                            
-                            for (int k = 0; k < _nodeDepth.size(); k++)
-                            {
-                                PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k);
-                                
-                                if (ANY_POLICY.equals(_node.getValidPolicy()))
-                                {
-                                    Iterator _iter = _node.getChildren();
-                                    while (_iter.hasNext())
-                                    {
-                                        _validPolicyNodeSet.add(_iter.next());
-                                    }
-                                }
-                            }
-                        }
-                        
-                        Iterator _vpnsIter = _validPolicyNodeSet.iterator();
-                        while (_vpnsIter.hasNext())
-                        {
-                            PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next();
-                            String _validPolicy = _node.getValidPolicy();
-                            
-                            if (!acceptablePolicies.contains(_validPolicy))
-                            {
-                                //validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
-                            }
-                        }
-                        if (validPolicyTree != null)
-                        {
-                            for (int j = (n - 1); j >= 0; j--)
-                            {
-                                List      nodes = policyNodes[j];
-                                
-                                for (int k = 0; k < nodes.size(); k++)
-                                {
-                                    PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k);
-                                    if (!node.hasChildren())
-                                    {
-                                        validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
-    
-                intersection = validPolicyTree;
-            }
-            else
-            {
-                //
-                // (g) (iii)
-                //
-                // This implementation is not exactly same as the one described in RFC3280.
-                // However, as far as the validation result is concerned, both produce 
-                // adequate result. The only difference is whether AnyPolicy is remain 
-                // in the policy tree or not. 
-                //
-                // (g) (iii) 1
-                //
-                Set _validPolicyNodeSet = new HashSet();
-                
-                for (int j = 0; j < policyNodes.length; j++)
-                {
-                    List      _nodeDepth = policyNodes[j];
-                    
-                    for (int k = 0; k < _nodeDepth.size(); k++)
-                    {
-                        PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k);
-                        
-                        if (ANY_POLICY.equals(_node.getValidPolicy()))
-                        {
-                            Iterator _iter = _node.getChildren();
-                            while (_iter.hasNext())
-                            {
-                                PKIXPolicyNode _c_node = (PKIXPolicyNode)_iter.next();
-                                if (!ANY_POLICY.equals(_c_node.getValidPolicy()))
-                                {
-                                    _validPolicyNodeSet.add(_c_node);
-                                }
-                            }
-                        }
-                    }
-                }
-                
-                //
-                // (g) (iii) 2
-                //
-                Iterator _vpnsIter = _validPolicyNodeSet.iterator();
-                while (_vpnsIter.hasNext())
-                {
-                    PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next();
-                    String _validPolicy = _node.getValidPolicy();
-    
-                    if (!userInitialPolicySet.contains(_validPolicy))
-                    {
-                        validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
-                    }
-                }
-                
-                //
-                // (g) (iii) 4
-                //
-                if (validPolicyTree != null)
-                {
-                    for (int j = (n - 1); j >= 0; j--)
-                    {
-                        List      nodes = policyNodes[j];
-                        
-                        for (int k = 0; k < nodes.size(); k++)
-                        {
-                            PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k);
-                            if (!node.hasChildren())
-                            {
-                                validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
-                            }
-                        }
-                    }
-                }
-                
-                intersection = validPolicyTree;
-            }
-     
-            if ((explicitPolicy <= 0) && (intersection == null))
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicy");
-                throw new CertPathReviewerException(msg);
-            }
-            
-            validPolicyTree = intersection;
-        }
-        catch (CertPathReviewerException cpre)
-        {
-            addError(cpre.getErrorMessage(),cpre.getIndex());
-            validPolicyTree = null;
-        }
-    }
-
-    private void checkCriticalExtensions()
-    {
-        //      
-        // initialise CertPathChecker's
-        //
-        List  pathCheckers = pkixParams.getCertPathCheckers();
-        Iterator certIter = pathCheckers.iterator();
-        
-        try
-        {
-            try
-            {
-                while (certIter.hasNext())
-                {
-                    ((PKIXCertPathChecker)certIter.next()).init(false);
-                }
-            }
-            catch (CertPathValidatorException cpve)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certPathCheckerError",
-                        new Object[] {cpve.getMessage(),cpve,cpve.getClass().getName()});
-                throw new CertPathReviewerException(msg,cpve);
-            }
-            
-            //
-            // process critical extesions for each certificate
-            //
-            
-            X509Certificate cert = null;
-            
-            int index;
-            
-            for (index = certs.size()-1; index >= 0; index--)
-            {
-                cert = (X509Certificate) certs.get(index);
-                
-                Set criticalExtensions = cert.getCriticalExtensionOIDs();
-                if (criticalExtensions == null || criticalExtensions.isEmpty())
-                {
-                    continue;
-                }
-                // remove already processed extensions
-                criticalExtensions.remove(KEY_USAGE);
-                criticalExtensions.remove(CERTIFICATE_POLICIES);
-                criticalExtensions.remove(POLICY_MAPPINGS);
-                criticalExtensions.remove(INHIBIT_ANY_POLICY);
-                criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT);
-                criticalExtensions.remove(DELTA_CRL_INDICATOR);
-                criticalExtensions.remove(POLICY_CONSTRAINTS);
-                criticalExtensions.remove(BASIC_CONSTRAINTS);
-                criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME);
-                criticalExtensions.remove(NAME_CONSTRAINTS);
-                
-                // process qcStatements extension
-                if (criticalExtensions.contains(QC_STATEMENT))
-                {
-                    if (processQcStatements(cert,index)) 
-                    {
-                        criticalExtensions.remove(QC_STATEMENT);
-                    }
-                }
-                
-                Iterator tmpIter = pathCheckers.iterator();
-                while (tmpIter.hasNext())
-                {
-                    try
-                    {
-                        ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
-                    }
-                    catch (CertPathValidatorException e)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.criticalExtensionError",
-                                new Object[] {e.getMessage(),e,e.getClass().getName()});
-                        throw new CertPathReviewerException(msg,e.getCause(),certPath,index);
-                    }
-                }
-                if (!criticalExtensions.isEmpty())
-                {
-                    ErrorBundle msg;
-                    Iterator it = criticalExtensions.iterator();
-                    while (it.hasNext())
-                    {
-                        msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.unknownCriticalExt",
-                                new Object[] {new DERObjectIdentifier((String) it.next())});
-                        addError(msg, index);
-                    }
-                }
-            }
-        }
-        catch (CertPathReviewerException cpre)
-        {
-            addError(cpre.getErrorMessage(),cpre.getIndex());
-        }
-    }
-    
-    private boolean processQcStatements(
-            X509Certificate cert,
-            int index)
-    {   
-        try
-        {
-            boolean unknownStatement = false;
-            
-            ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert,QC_STATEMENT);
-            for (int j = 0; j < qcSt.size(); j++)
-            {
-                QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j));
-                if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId()))
-                {
-                    // process statement - just write a notification that the certificate contains this statement
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcEuCompliance");
-                    addNotification(msg,index);
-                }
-                else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId()))
-                {
-                    // process statement - just recognize the statement
-                }
-                else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId()))
-                {
-                    // process statement - just write a notification that the certificate contains this statement
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcSSCD");
-                    addNotification(msg,index);
-                }
-                else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId()))
-                {
-                    // process statement - write a notification containing the limit value
-                    MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo());
-                    Iso4217CurrencyCode currency = limit.getCurrency();
-                    double value = limit.getAmount().doubleValue() * Math.pow(10,limit.getExponent().doubleValue());
-                    ErrorBundle msg;
-                    if (limit.getCurrency().isAlphabetic())
-                    {
-                        msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueAlpha",
-                                new Object[] {limit.getCurrency().getAlphabetic(),
-                                              new TrustedInput(new Double(value)),
-                                              limit});
-                    }
-                    else
-                    {
-                        msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueNum",
-                                new Object[] {new Integer(limit.getCurrency().getNumeric()),
-                                              new TrustedInput(new Double(value)),
-                                              limit});
-                    }
-                    addNotification(msg,index);
-                }
-                else
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcUnknownStatement",
-                            new Object[] {stmt.getStatementId(),new UntrustedInput(stmt)});
-                    addNotification(msg,index);
-                    unknownStatement = true;
-                }
-            }
-            
-            return !unknownStatement;
-        }
-        catch (AnnotatedException ae)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcStatementExtError");
-            addError(msg,index);
-        }
-        
-        return false;
-    }
-    
-    private String IPtoString(byte[] ip)
-    {
-        String result;
-        try
-        {
-            result = InetAddress.getByAddress(ip).getHostAddress();
-        }
-        catch (Exception e)
-        {
-            StringBuffer b = new StringBuffer();
-            
-            for (int i = 0; i != ip.length; i++)
-            {
-                b.append(Integer.toHexString(ip[i] & 0xff));
-                b.append(' ');
-            }
-            
-            result = b.toString();
-        }
-        
-        return result;
-    }
-    
-    protected void checkRevocation(PKIXParameters paramsPKIX,
-            X509Certificate cert,
-            Date validDate,
-            X509Certificate sign,
-            PublicKey workingPublicKey,
-            Vector crlDistPointUrls,
-            Vector ocspUrls,
-            int index)
-        throws CertPathReviewerException
-    {
-        checkCRLs(paramsPKIX, cert, validDate, sign, workingPublicKey, crlDistPointUrls, index);
-    }
-    
-    protected void checkCRLs(
-            PKIXParameters paramsPKIX,
-            X509Certificate cert,
-            Date validDate,
-            X509Certificate sign,
-            PublicKey workingPublicKey,
-            Vector crlDistPointUrls,
-            int index) 
-        throws CertPathReviewerException
-    {
-        X509CRLStoreSelector crlselect;
-        crlselect = new X509CRLStoreSelector();
-        
-        try
-        {
-            crlselect.addIssuerName(getEncodedIssuerPrincipal(cert).getEncoded());
-        }
-        catch (IOException e)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException");
-            throw new CertPathReviewerException(msg,e);
-        }
-    
-        crlselect.setCertificateChecking(cert);
-    
-        Iterator crl_iter;
-        try 
-        {
-            Collection crl_coll = CRL_UTIL.findCRLs(crlselect, paramsPKIX);
-            crl_iter = crl_coll.iterator();
-            
-            if (crl_coll.isEmpty())
-            {
-                // notifcation - no local crls found
-                crl_coll = CRL_UTIL.findCRLs(new X509CRLStoreSelector(),paramsPKIX);
-                Iterator it = crl_coll.iterator();
-                List nonMatchingCrlNames = new ArrayList();
-                while (it.hasNext())
-                {
-                    nonMatchingCrlNames.add(((X509CRL) it.next()).getIssuerX500Principal());
-                }
-                int numbOfCrls = nonMatchingCrlNames.size();
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "CertPathReviewer.noCrlInCertstore",
-                        new Object[] {new UntrustedInput(crlselect.getIssuerNames()),
-                                      new UntrustedInput(nonMatchingCrlNames),
-                                      new Integer(numbOfCrls)});
-                addNotification(msg,index);
-            }
-
-        }
-        catch (AnnotatedException ae)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError",
-                    new Object[] {ae.getCause().getMessage(),ae.getCause(),ae.getCause().getClass().getName()});
-            addError(msg,index);
-            crl_iter = new ArrayList().iterator();
-        }
-        boolean validCrlFound = false;
-        X509CRL crl = null;
-        while (crl_iter.hasNext())
-        {
-            crl = (X509CRL)crl_iter.next();
-            
-            if (crl.getNextUpdate() == null
-                || new Date().before(crl.getNextUpdate()))
-            {
-                validCrlFound = true;
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "CertPathReviewer.localValidCRL",
-                        new Object[] {new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate())});
-                addNotification(msg,index);
-                break;
-            }
-            else
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                        "CertPathReviewer.localInvalidCRL",
-                        new Object[] {new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate())});
-                addNotification(msg,index);
-            }
-        }
-        
-        // if no valid crl was found in the CertStores try to get one from a
-        // crl distribution point
-        if (!validCrlFound)
-        {
-            X509CRL onlineCRL = null;
-            Iterator urlIt = crlDistPointUrls.iterator();
-            while (urlIt.hasNext())
-            {
-                try
-                {
-                    String location = (String) urlIt.next();
-                    onlineCRL = getCRL(location);
-                    if (onlineCRL != null)
-                    {
-                        // check if crl issuer is correct
-                        if (!cert.getIssuerX500Principal().equals(onlineCRL.getIssuerX500Principal()))
-                        {
-                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                        "CertPathReviewer.onlineCRLWrongCA",
-                                        new Object[] {new UntrustedInput(onlineCRL.getIssuerX500Principal().getName()),
-                                                      new UntrustedInput(cert.getIssuerX500Principal().getName()),
-                                                      new UntrustedUrlInput(location)});
-                            addNotification(msg,index);
-                            continue;
-                        }
-                        
-                        if (onlineCRL.getNextUpdate() == null
-                            || new Date().before(onlineCRL.getNextUpdate()))
-                        {
-                            validCrlFound = true;
-                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                    "CertPathReviewer.onlineValidCRL",
-                                    new Object[] {new TrustedInput(onlineCRL.getThisUpdate()),
-                                                  new TrustedInput(onlineCRL.getNextUpdate()),
-                                                  new UntrustedUrlInput(location)});
-                            addNotification(msg,index);
-                            crl = onlineCRL;
-                            break;
-                        }
-                        else
-                        {
-                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                                    "CertPathReviewer.onlineInvalidCRL",
-                                    new Object[] {new TrustedInput(onlineCRL.getThisUpdate()),
-                                                  new TrustedInput(onlineCRL.getNextUpdate()),
-                                                  new UntrustedUrlInput(location)});
-                            addNotification(msg,index);
-                        }
-                    }
-                }
-                catch (CertPathReviewerException cpre)
-                {
-                    addNotification(cpre.getErrorMessage(),index);
-                }
-            }
-        }
-        
-        // check the crl
-        X509CRLEntry crl_entry;
-        if (crl != null)
-        {
-            if (sign != null)
-            {
-                boolean[] keyusage = sign.getKeyUsage();
-
-                if (keyusage != null
-                    && (keyusage.length < 7 || !keyusage[CRL_SIGN]))
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited");
-                    throw new CertPathReviewerException(msg);
-                }
-            }
-
-            if (workingPublicKey != null)
-            {
-                try
-                {
-                    crl.verify(workingPublicKey, "BC");
-                }
-                catch (Exception e)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed");
-                    throw new CertPathReviewerException(msg,e);
-                }
-            }
-            else // issuer public key not known
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey");
-                throw new CertPathReviewerException(msg);
-            }
-
-            crl_entry = crl.getRevokedCertificate(cert.getSerialNumber());
-            if (crl_entry != null)
-            {
-                String reason = null;
-                
-                if (crl_entry.hasExtensions())
-                {
-                    DEREnumerated reasonCode;
-                    try
-                    {
-                        reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
-                    }
-                    catch (AnnotatedException ae)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError");
-                        throw new CertPathReviewerException(msg,ae);
-                    }
-                    if (reasonCode != null)
-                    {
-                        reason = crlReasons[reasonCode.getValue().intValue()];
-                    }
-                }
-
-                if (reason == null)
-                {
-                    reason = crlReasons[7]; // unknown
-                }
-
-                // i18n reason
-                LocaleString ls = new LocaleString(RESOURCE_NAME, reason);
-                
-                if (!validDate.before(crl_entry.getRevocationDate()))
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked",
-                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
-                    throw new CertPathReviewerException(msg);
-                }
-                else // cert was revoked after validation date
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation",
-                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
-                    addNotification(msg,index);
-                }
-            }
-            else // cert is not revoked
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notRevoked");
-                addNotification(msg,index);
-            }
-            
-            //
-            // warn if a new crl is available
-            //
-            if (crl.getNextUpdate() != null && crl.getNextUpdate().before(new Date()))
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlUpdateAvailable",
-                        new Object[] {new TrustedInput(crl.getNextUpdate())});
-                addNotification(msg,index);
-            }
-            
-            //
-            // check the DeltaCRL indicator, base point and the issuing distribution point
-            //
-            DERObject idp;
-            try
-            {
-                idp = getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
-            }
-            catch (AnnotatedException ae)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError");
-                throw new CertPathReviewerException(msg);
-            }
-            DERObject dci;
-            try
-            {
-                dci = getExtensionValue(crl, DELTA_CRL_INDICATOR);
-            }
-            catch (AnnotatedException ae)
-            {
-                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.deltaCrlExtError");
-                throw new CertPathReviewerException(msg);
-            }
-
-            if (dci != null)
-            {
-                X509CRLStoreSelector baseSelect = new X509CRLStoreSelector();
-
-                try
-                {
-                    baseSelect.addIssuerName(getIssuerPrincipal(crl).getEncoded());
-                }
-                catch (IOException e)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException");
-                    throw new CertPathReviewerException(msg,e);
-                }
-
-                baseSelect.setMinCRLNumber(((DERInteger)dci).getPositiveValue());
-                try
-                {
-                    baseSelect.setMaxCRLNumber(((DERInteger)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNbrExtError");
-                    throw new CertPathReviewerException(msg,ae);
-                }
-                
-                boolean  foundBase = false;
-                Iterator it;
-                try 
-                {
-                    it  = CRL_UTIL.findCRLs(baseSelect, paramsPKIX).iterator();
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError");
-                    throw new CertPathReviewerException(msg,ae);
-                }
-                while (it.hasNext())
-                {
-                    X509CRL base = (X509CRL)it.next();
-
-                    DERObject baseIdp;
-                    try
-                    {
-                        baseIdp = getExtensionValue(base, ISSUING_DISTRIBUTION_POINT);
-                    }
-                    catch (AnnotatedException ae)
-                    {
-                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError");
-                        throw new CertPathReviewerException(msg,ae);
-                    }
-                    
-                    if (idp == null)
-                    {
-                        if (baseIdp == null)
-                        {
-                            foundBase = true;
-                            break;
-                        }
-                    }
-                    else
-                    {
-                        if (idp.equals(baseIdp))
-                        {
-                            foundBase = true;
-                            break;
-                        }
-                    }
-                }
-                
-                if (!foundBase)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noBaseCRL");
-                    throw new CertPathReviewerException(msg);
-                }
-            }
-
-            if (idp != null)
-            {
-                IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
-                BasicConstraints bc = null;
-                try
-                {
-                    bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
-                }
-                catch (AnnotatedException ae)
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlBCExtError");
-                    throw new CertPathReviewerException(msg,ae);
-                }
-                
-                if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyUserCert");
-                    throw new CertPathReviewerException(msg);
-                }
-                
-                if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyCaCert");
-                    throw new CertPathReviewerException(msg);
-                }
-                
-                if (p.onlyContainsAttributeCerts())
-                {
-                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyAttrCert");
-                    throw new CertPathReviewerException(msg);
-                }
-            }
-        }
-        
-        if (!validCrlFound)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidCrlFound");
-            throw new CertPathReviewerException(msg);
-        }
-    
-    }
-    
-    protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints)
-    {
-        Vector urls = new Vector();
-        
-        if (crlDistPoints != null)
-        {
-            DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints();
-            for (int i = 0; i < distPoints.length; i++)
-            {
-                DistributionPointName dp_name = distPoints[i].getDistributionPoint();
-                if (dp_name.getType() == DistributionPointName.FULL_NAME)
-                {
-                    GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames();
-                    for (int j = 0; j < generalNames.length; j++)
-                    {
-                        if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier)
-                        {
-                            String url = ((DERIA5String) generalNames[j].getName()).getString();
-                            urls.add(url);
-                        }
-                    }
-                }
-            }
-        }
-        return urls;
-    }
-    
-    protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess)
-    {
-        Vector urls = new Vector();
-        
-        if (authInfoAccess != null)
-        {
-            AccessDescription[] ads = authInfoAccess.getAccessDescriptions();
-            for (int i = 0; i < ads.length; i++)
-            {
-                if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp))
-                {
-                    GeneralName name = ads[i].getAccessLocation();
-                    if (name.getTagNo() == GeneralName.uniformResourceIdentifier)
-                    {
-                        String url = ((DERIA5String) name.getName()).getString();
-                        urls.add(url);
-                    }
-                }
-            }
-        }
-        
-        return urls;
-    }
-    
-    private X509CRL getCRL(String location) throws CertPathReviewerException
-    {
-        X509CRL result = null;
-        try
-        {
-            URL url = new URL(location);
-            
-            if (url.getProtocol().equals("http") || url.getProtocol().equals("https"))
-            {
-                HttpURLConnection conn = (HttpURLConnection) url.openConnection();
-                conn.setUseCaches(false);
-                //conn.setConnectTimeout(2000);
-                conn.setDoInput(true);
-                conn.connect();
-                if (conn.getResponseCode() == HttpURLConnection.HTTP_OK)
-                {
-                    CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
-                    result = (X509CRL) cf.generateCRL(conn.getInputStream());
-                }
-                else
-                {
-                    throw new Exception(conn.getResponseMessage());
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
-                    "CertPathReviewer.loadCrlDistPointError",
-                    new Object[] {new UntrustedInput(location),
-                                  e.getMessage(),e,e.getClass().getName()});
-            throw new CertPathReviewerException(msg);
-        }
-        return result;
-    }
-    
-    protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
-    {
-        Collection trustColl = new ArrayList();
-        Iterator it = trustanchors.iterator();
-        
-        X509CertSelector certSelectX509 = new X509CertSelector();
-
-        try
-        {
-            certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
-            byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-
-            if (ext != null)
-            {
-                ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(ext);
-                AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Object.fromByteArray(oct.getOctets()));
-
-                certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
-                byte[] keyID = authID.getKeyIdentifier();
-                if (keyID != null)
-                {
-                    certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
-                }
-            }
-        }
-        catch (IOException ex)
-        {
-            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
-            throw new CertPathReviewerException(msg);
-        }
-
-        while (it.hasNext())
-        {
-            TrustAnchor trust = (TrustAnchor) it.next();
-            if (trust.getTrustedCert() != null)
-            {
-                if (certSelectX509.match(trust.getTrustedCert()))
-                {
-                    trustColl.add(trust);
-                }
-            }
-            else if (trust.getCAName() != null && trust.getCAPublicKey() != null)
-            {
-                X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
-                X500Principal caName = new X500Principal(trust.getCAName());
-                if (certIssuer.equals(caName))
-                {
-                    trustColl.add(trust);
-                }
-            }
-        }
-        return trustColl;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Attribute.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Attribute.java
deleted file mode 100644
index f4c65ab50..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Attribute.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.x509.Attribute;
-
-/**
- * Class for carrying the values in an X.509 Attribute.
- */
-public class X509Attribute
-    extends ASN1Encodable
-{
-    Attribute    attr;
-    
-    /**
-     * @param at an object representing an attribute.
-     */
-    X509Attribute(
-        ASN1Encodable   at)
-    {
-        this.attr = Attribute.getInstance(at);
-    }
-
-    /**
-     * Create an X.509 Attribute with the type given by the passed in oid and
-     * the value represented by an ASN.1 Set containing value.
-     * 
-     * @param oid type of the attribute
-     * @param value value object to go into the atribute's value set.
-     */
-    public X509Attribute(
-        String          oid,
-        ASN1Encodable   value)
-    {
-        this.attr = new Attribute(new DERObjectIdentifier(oid), new DERSet(value));
-    }
-    
-    /**
-     * Create an X.59 Attribute with the type given by the passed in oid and the
-     * value represented by an ASN.1 Set containing the objects in value.
-     * 
-     * @param oid type of the attribute
-     * @param value vector of values to go in the attribute's value set.
-     */
-    public X509Attribute(
-        String              oid,
-        ASN1EncodableVector value)
-    {
-        this.attr = new Attribute(new DERObjectIdentifier(oid), new DERSet(value));
-    }
-    
-    public String getOID()
-    {
-        return attr.getAttrType().getId();
-    }
-    
-    public ASN1Encodable[] getValues()
-    {
-        ASN1Set         s = attr.getAttrValues();
-        ASN1Encodable[] values = new ASN1Encodable[s.size()];
-        
-        for (int i = 0; i != s.size(); i++)
-        {
-            values[i] = (ASN1Encodable)s.getObjectAt(i);
-        }
-        
-        return values;
-    }
-    
-    public DERObject toASN1Object()
-    {
-        return attr.toASN1Object();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java
deleted file mode 100644
index 66fb74d12..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java
+++ /dev/null
@@ -1,484 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.Target;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.asn1.x509.Targets;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Selector;
-
-/**
- * This class is an Selector like implementation to select
- * attribute certificates from a given set of criteria.
- * 
- * @see org.bouncycastle.x509.X509AttributeCertificate
- * @see org.bouncycastle.x509.X509Store
- *  @deprecated use org.bouncycastle.cert.X509AttributeCertificateSelector and org.bouncycastle.cert.X509AttributeCertificateSelectorBuilder.
- */
-public class X509AttributeCertStoreSelector
-    implements Selector
-{
-
-    // TODO: name constraints???
-
-    private AttributeCertificateHolder holder;
-
-    private AttributeCertificateIssuer issuer;
-
-    private BigInteger serialNumber;
-
-    private Date attributeCertificateValid;
-
-    private X509AttributeCertificate attributeCert;
-
-    private Collection targetNames = new HashSet();
-
-    private Collection targetGroups = new HashSet();
-
-    public X509AttributeCertStoreSelector()
-    {
-        super();
-    }
-
-    /**
-     * Decides if the given attribute certificate should be selected.
-     * 
-     * @param obj The attribute certificate which should be checked.
-     * @return true if the attribute certificate can be selected,
-     *         false otherwise.
-     */
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509AttributeCertificate))
-        {
-            return false;
-        }
-
-        X509AttributeCertificate attrCert = (X509AttributeCertificate) obj;
-
-        if (this.attributeCert != null)
-        {
-            if (!this.attributeCert.equals(attrCert))
-            {
-                return false;
-            }
-        }
-        if (serialNumber != null)
-        {
-            if (!attrCert.getSerialNumber().equals(serialNumber))
-            {
-                return false;
-            }
-        }
-        if (holder != null)
-        {
-            if (!attrCert.getHolder().equals(holder))
-            {
-                return false;
-            }
-        }
-        if (issuer != null)
-        {
-            if (!attrCert.getIssuer().equals(issuer))
-            {
-                return false;
-            }
-        }
-
-        if (attributeCertificateValid != null)
-        {
-            try
-            {
-                attrCert.checkValidity(attributeCertificateValid);
-            }
-            catch (CertificateExpiredException e)
-            {
-                return false;
-            }
-            catch (CertificateNotYetValidException e)
-            {
-                return false;
-            }
-        }
-        if (!targetNames.isEmpty() || !targetGroups.isEmpty())
-        {
-
-            byte[] targetInfoExt = attrCert
-                .getExtensionValue(X509Extensions.TargetInformation.getId());
-            if (targetInfoExt != null)
-            {
-                TargetInformation targetinfo;
-                try
-                {
-                    targetinfo = TargetInformation
-                        .getInstance(new ASN1InputStream(
-                            ((DEROctetString) DEROctetString
-                                .fromByteArray(targetInfoExt)).getOctets())
-                            .readObject());
-                }
-                catch (IOException e)
-                {
-                    return false;
-                }
-                catch (IllegalArgumentException e)
-                {
-                    return false;
-                }
-                Targets[] targetss = targetinfo.getTargetsObjects();
-                if (!targetNames.isEmpty())
-                {
-                    boolean found = false;
-
-                    for (int i=0; inull     is
-     * given any will do.
-     * 
-     * @param attributeCert The attribute certificate to set.
-     */
-    public void setAttributeCert(X509AttributeCertificate attributeCert)
-    {
-        this.attributeCert = attributeCert;
-    }
-
-    /**
-     * Get the criteria for the validity.
-     * 
-     * @return Returns the attributeCertificateValid.
-     */
-    public Date getAttributeCertificateValid()
-    {
-        if (attributeCertificateValid != null)
-        {
-            return new Date(attributeCertificateValid.getTime());
-        }
-
-        return null;
-    }
-
-    /**
-     * Set the time, when the certificate must be valid. If null
-     * is given any will do.
-     * 
-     * @param attributeCertificateValid The attribute certificate validation
-     *            time to set.
-     */
-    public void setAttributeCertificateValid(Date attributeCertificateValid)
-    {
-        if (attributeCertificateValid != null)
-        {
-            this.attributeCertificateValid = new Date(attributeCertificateValid
-                .getTime());
-        }
-        else
-        {
-            this.attributeCertificateValid = null;
-        }
-    }
-
-    /**
-     * Gets the holder.
-     * 
-     * @return Returns the holder.
-     */
-    public AttributeCertificateHolder getHolder()
-    {
-        return holder;
-    }
-
-    /**
-     * Sets the holder. If null is given any will do.
-     * 
-     * @param holder The holder to set.
-     */
-    public void setHolder(AttributeCertificateHolder holder)
-    {
-        this.holder = holder;
-    }
-
-    /**
-     * Returns the issuer criterion.
-     * 
-     * @return Returns the issuer.
-     */
-    public AttributeCertificateIssuer getIssuer()
-    {
-        return issuer;
-    }
-
-    /**
-     * Sets the issuer the attribute certificate must have. If null
-     * is given any will do.
-     * 
-     * @param issuer The issuer to set.
-     */
-    public void setIssuer(AttributeCertificateIssuer issuer)
-    {
-        this.issuer = issuer;
-    }
-
-    /**
-     * Gets the serial number the attribute certificate must have.
-     * 
-     * @return Returns the serialNumber.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return serialNumber;
-    }
-
-    /**
-     * Sets the serial number the attribute certificate must have. If
-     * null is given any will do.
-     * 
-     * @param serialNumber The serialNumber to set.
-     */
-    public void setSerialNumber(BigInteger serialNumber)
-    {
-        this.serialNumber = serialNumber;
-    }
-
-    /**
-     * Adds a target name criterion for the attribute certificate to the target
-     * information extension criteria. The X509AttributeCertificate
-     * must contain at least one of the specified target names.
-     * 
    
-     * Each attribute certificate may contain a target information extension
-     * limiting the servers where this attribute certificate can be used. If
-     * this extension is not present, the attribute certificate is not targeted
-     * and may be accepted by any server.
-     *
-     * @param name The name as a GeneralName (not null)
-     */
-    public void addTargetName(GeneralName name)
-    {
-        targetNames.add(name);
-    }
-
-    /**
-     * Adds a target name criterion for the attribute certificate to the target
-     * information extension criteria. The X509AttributeCertificate
-     * must contain at least one of the specified target names.
-     * 
    
-     * Each attribute certificate may contain a target information extension
-     * limiting the servers where this attribute certificate can be used. If
-     * this extension is not present, the attribute certificate is not targeted
-     * and may be accepted by any server.
-     *
-     * @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
-     * @throws IOException if a parsing error occurs.
-     */
-    public void addTargetName(byte[] name) throws IOException
-    {
-        addTargetName(GeneralName.getInstance(ASN1Object.fromByteArray(name)));
-    }
-
-    /**
-     * Adds a collection with target names criteria. If null is
-     * given any will do.
-     * 
    
-     * The collection consists of either GeneralName objects or byte[] arrays representing
-     * DER encoded GeneralName structures.
-     * 
-     * @param names A collection of target names.
-     * @throws IOException if a parsing error occurs.
-     * @see #addTargetName(byte[])
-     * @see #addTargetName(GeneralName)
-     */
-    public void setTargetNames(Collection names) throws IOException
-    {
-        targetNames = extractGeneralNames(names);
-    }
-
-    /**
-     * Gets the target names. The collection consists of GeneralName
-     * objects.
-     * 
    
-     * The returned collection is immutable.
-     * 
-     * @return The collection of target names
-     * @see #setTargetNames(Collection)
-     */
-    public Collection getTargetNames()
-    {
-        return Collections.unmodifiableCollection(targetNames);
-    }
-
-    /**
-     * Adds a target group criterion for the attribute certificate to the target
-     * information extension criteria. The X509AttributeCertificate
-     * must contain at least one of the specified target groups.
-     * 
    
-     * Each attribute certificate may contain a target information extension
-     * limiting the servers where this attribute certificate can be used. If
-     * this extension is not present, the attribute certificate is not targeted
-     * and may be accepted by any server.
-     *
-     * @param group The group as GeneralName form (not null)
-     */
-    public void addTargetGroup(GeneralName group)
-    {
-        targetGroups.add(group);
-    }
-
-    /**
-     * Adds a target group criterion for the attribute certificate to the target
-     * information extension criteria. The X509AttributeCertificate
-     * must contain at least one of the specified target groups.
-     * 
    
-     * Each attribute certificate may contain a target information extension
-     * limiting the servers where this attribute certificate can be used. If
-     * this extension is not present, the attribute certificate is not targeted
-     * and may be accepted by any server.
-     *
-     * @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
-     * @throws IOException if a parsing error occurs.
-     */
-    public void addTargetGroup(byte[] name) throws IOException
-    {
-        addTargetGroup(GeneralName.getInstance(ASN1Object.fromByteArray(name)));
-    }
-
-    /**
-     * Adds a collection with target groups criteria. If null is
-     * given any will do.
-     * 
    
-     * The collection consists of GeneralName objects or byte[]GeneralName objects.
-     * 
    
-     * The returned collection is immutable.
-     *
-     * @return The collection of target groups.
-     * @see #setTargetGroups(Collection)
-     */
-    public Collection getTargetGroups()
-    {
-        return Collections.unmodifiableCollection(targetGroups);
-    }
-
-    private Set extractGeneralNames(Collection names)
-        throws IOException
-    {
-        if (names == null || names.isEmpty())
-        {
-            return new HashSet();
-        }
-        Set temp = new HashSet();
-        for (Iterator it = names.iterator(); it.hasNext();)
-        {
-            Object o = it.next();
-            if (o instanceof GeneralName)
-            {
-                temp.add(o);
-            }
-            else
-            {
-                temp.add(GeneralName.getInstance(ASN1Object.fromByteArray((byte[])o)));
-            }
-        }
-        return temp;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java
deleted file mode 100644
index 48a825f23..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java
+++ /dev/null
@@ -1,101 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Extension;
-import java.util.Date;
-
-/**
- * Interface for an X.509 Attribute Certificate.
- */
-public interface X509AttributeCertificate
-    extends X509Extension
-{   
-    /**
-     * Return the version number for the certificate.
-     * 
-     * @return the version number.
-     */
-    public int getVersion();
-    
-    /**
-     * Return the serial number for the certificate.
-     * 
-     * @return the serial number.
-     */
-    public BigInteger getSerialNumber();
-    
-    /**
-     * Return the date before which the certificate is not valid.
-     * 
-     * @return the "not valid before" date.
-     */
-    public Date getNotBefore();
-    
-    /**
-     * Return the date after which the certificate is not valid.
-     * 
-     * @return the "not valid afer" date.
-     */
-    public Date getNotAfter();
-    
-    /**
-     * Return the holder of the certificate.
-     * 
-     * @return the holder.
-     */
-    public AttributeCertificateHolder getHolder();
-    
-    /**
-     * Return the issuer details for the certificate.
-     * 
-     * @return the issuer details.
-     */
-    public AttributeCertificateIssuer getIssuer();
-    
-    /**
-     * Return the attributes contained in the attribute block in the certificate.
-     * 
-     * @return an array of attributes.
-     */
-    public X509Attribute[] getAttributes();
-    
-    /**
-     * Return the attributes with the same type as the passed in oid.
-     * 
-     * @param oid the object identifier we wish to match.
-     * @return an array of matched attributes, null if there is no match.
-     */
-    public X509Attribute[] getAttributes(String oid);
-    
-    public boolean[] getIssuerUniqueID();
-    
-    public void checkValidity()
-        throws CertificateExpiredException, CertificateNotYetValidException;
-    
-    public void checkValidity(Date date)
-        throws CertificateExpiredException, CertificateNotYetValidException;
-    
-    public byte[] getSignature();
-    
-    public void verify(PublicKey key, String provider)
-            throws CertificateException, NoSuchAlgorithmException,
-            InvalidKeyException, NoSuchProviderException, SignatureException;
-    
-    /**
-     * Return an ASN.1 encoded byte array representing the attribute certificate.
-     * 
-     * @return an ASN.1 encoded byte array.
-     * @throws IOException if the certificate cannot be encoded.
-     */
-    public byte[] getEncoded()
-        throws IOException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
deleted file mode 100644
index 1ef5c61aa..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
+++ /dev/null
@@ -1,330 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CRL;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLSelector;
-
-/**
- * This class is a Selector implementation for X.509 certificate revocation
- * lists.
- * 
- * @see org.bouncycastle.util.Selector
- * @see org.bouncycastle.x509.X509Store
- * @see org.bouncycastle.jce.provider.X509StoreCRLCollection
- */
-public class X509CRLStoreSelector
-    extends X509CRLSelector
-    implements Selector
-{
-    private boolean deltaCRLIndicator = false;
-
-    private boolean completeCRLEnabled = false;
-
-    private BigInteger maxBaseCRLNumber = null;
-
-    private byte[] issuingDistributionPoint = null;
-
-    private boolean issuingDistributionPointEnabled = false;
-
-    private X509AttributeCertificate attrCertChecking;
-
-    /**
-     * Returns if the issuing distribution point criteria should be applied.
-     * Defaults to false.
-     * 
    
-     * You may also set the issuing distribution point criteria if not a missing
-     * issuing distribution point should be assumed.
-     * 
-     * @return Returns if the issuing distribution point check is enabled.
-     */
-    public boolean isIssuingDistributionPointEnabled()
-    {
-        return issuingDistributionPointEnabled;
-    }
-
-    /**
-     * Enables or disables the issuing distribution point check.
-     * 
-     * @param issuingDistributionPointEnabled true to enable the
-     *            issuing distribution point check.
-     */
-    public void setIssuingDistributionPointEnabled(
-        boolean issuingDistributionPointEnabled)
-    {
-        this.issuingDistributionPointEnabled = issuingDistributionPointEnabled;
-    }
-
-    /**
-     * Sets the attribute certificate being checked. This is not a criterion.
-     * Rather, it is optional information that may help a {@link X509Store} find
-     * CRLs that would be relevant when checking revocation for the specified
-     * attribute certificate. If null is specified, then no such
-     * optional information is provided.
-     * 
-     * @param attrCert the X509AttributeCertificate being checked (or
-     *            null)
-     * @see #getAttrCertificateChecking()
-     */
-    public void setAttrCertificateChecking(X509AttributeCertificate attrCert)
-    {
-        attrCertChecking = attrCert;
-    }
-
-    /**
-     * Returns the attribute certificate being checked.
-     * 
-     * @return Returns the attribute certificate being checked.
-     * @see #setAttrCertificateChecking(X509AttributeCertificate)
-     */
-    public X509AttributeCertificate getAttrCertificateChecking()
-    {
-        return attrCertChecking;
-    }
-
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509CRL))
-        {
-            return false;
-        }
-        X509CRL crl = (X509CRL)obj;
-        DERInteger dci = null;
-        try
-        {
-            byte[] bytes = crl
-                .getExtensionValue(X509Extensions.DeltaCRLIndicator.getId());
-            if (bytes != null)
-            {
-                dci = DERInteger.getInstance(X509ExtensionUtil
-                    .fromExtensionValue(bytes));
-            }
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-        if (isDeltaCRLIndicatorEnabled())
-        {
-            if (dci == null)
-            {
-                return false;
-            }
-        }
-        if (isCompleteCRLEnabled())
-        {
-            if (dci != null)
-            {
-                return false;
-            }
-        }
-        if (dci != null)
-        {
-
-            if (maxBaseCRLNumber != null)
-            {
-                if (dci.getPositiveValue().compareTo(maxBaseCRLNumber) == 1)
-                {
-                    return false;
-                }
-            }
-        }
-        if (issuingDistributionPointEnabled)
-        {
-            byte[] idp = crl
-                .getExtensionValue(X509Extensions.IssuingDistributionPoint
-                    .getId());
-            if (issuingDistributionPoint == null)
-            {
-                if (idp != null)
-                {
-                    return false;
-                }
-            }
-            else
-            {
-                if (!Arrays.areEqual(idp, issuingDistributionPoint))
-                {
-                    return false;
-                }
-            }
-
-        }
-        return super.match((X509CRL)obj);
-    }
-
-    public boolean match(CRL crl)
-    {
-        return match((Object)crl);
-    }
-
-    /**
-     * Returns if this selector must match CRLs with the delta CRL indicator
-     * extension set. Defaults to false.
-     * 
-     * @return Returns true if only CRLs with the delta CRL
-     *         indicator extension are selected.
-     */
-    public boolean isDeltaCRLIndicatorEnabled()
-    {
-        return deltaCRLIndicator;
-    }
-
-    /**
-     * If this is set to true the CRL reported contains the delta
-     * CRL indicator CRL extension.
-     * 
    
-     * {@link #setCompleteCRLEnabled(boolean)} and
-     * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other.
-     * 
-     * @param deltaCRLIndicator true if the delta CRL indicator
-     *            extension must be in the CRL.
-     */
-    public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)
-    {
-        this.deltaCRLIndicator = deltaCRLIndicator;
-    }
-
-    /**
-     * Returns an instance of this from a X509CRLSelector.
-     * 
-     * @param selector A X509CRLSelector instance.
-     * @return An instance of an X509CRLStoreSelector.
-     * @exception IllegalArgumentException if selector is null or creation
-     *                fails.
-     */
-    public static X509CRLStoreSelector getInstance(X509CRLSelector selector)
-    {
-        if (selector == null)
-        {
-            throw new IllegalArgumentException(
-                "cannot create from null selector");
-        }
-        X509CRLStoreSelector cs = new X509CRLStoreSelector();
-        cs.setCertificateChecking(selector.getCertificateChecking());
-        cs.setDateAndTime(selector.getDateAndTime());
-        try
-        {
-            cs.setIssuerNames(selector.getIssuerNames());
-        }
-        catch (IOException e)
-        {
-            // cannot happen
-            throw new IllegalArgumentException(e.getMessage());
-        }
-        //cs.setIssuers(selector.getIssuers());
-        cs.setMaxCRLNumber(selector.getMaxCRL());
-        cs.setMinCRLNumber(selector.getMinCRL());
-        return cs;
-    }
-    
-    public Object clone()
-    {
-        X509CRLStoreSelector sel = X509CRLStoreSelector.getInstance(this);
-        sel.deltaCRLIndicator = deltaCRLIndicator;
-        sel.completeCRLEnabled = completeCRLEnabled;
-        sel.maxBaseCRLNumber = maxBaseCRLNumber;
-        sel.attrCertChecking = attrCertChecking;
-        sel.issuingDistributionPointEnabled = issuingDistributionPointEnabled;
-        sel.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint);
-        return sel;
-    }
-
-    /**
-     * If true only complete CRLs are returned. Defaults to
-     * false.
-     * 
-     * @return true if only complete CRLs are returned.
-     */
-    public boolean isCompleteCRLEnabled()
-    {
-        return completeCRLEnabled;
-    }
-
-    /**
-     * If set to true only complete CRLs are returned.
-     * 
    
-     * {@link #setCompleteCRLEnabled(boolean)} and
-     * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other.
-     * 
-     * @param completeCRLEnabled true if only complete CRLs
-     *            should be returned.
-     */
-    public void setCompleteCRLEnabled(boolean completeCRLEnabled)
-    {
-        this.completeCRLEnabled = completeCRLEnabled;
-    }
-
-    /**
-     * Get the maximum base CRL number. Defaults to null.
-     * 
-     * @return Returns the maximum base CRL number.
-     * @see #setMaxBaseCRLNumber(BigInteger)
-     */
-    public BigInteger getMaxBaseCRLNumber()
-    {
-        return maxBaseCRLNumber;
-    }
-
-    /**
-     * Sets the maximum base CRL number. Setting to null disables
-     * this cheack.
-     * 
    
-     * This is only meaningful for delta CRLs. Complete CRLs must have a CRL
-     * number which is greater or equal than the base number of the
-     * corresponding CRL.
-     * 
-     * @param maxBaseCRLNumber The maximum base CRL number to set.
-     */
-    public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber)
-    {
-        this.maxBaseCRLNumber = maxBaseCRLNumber;
-    }
-
-    /**
-     * Returns the issuing distribution point. Defaults to null,
-     * which is a missing issuing distribution point extension.
-     * 
    
-     * The internal byte array is cloned before it is returned.
-     * 
    
-     * The criteria must be enable with
-     * {@link #setIssuingDistributionPointEnabled(boolean)}.
-     * 
-     * @return Returns the issuing distribution point.
-     * @see #setIssuingDistributionPoint(byte[])
-     */
-    public byte[] getIssuingDistributionPoint()
-    {
-        return Arrays.clone(issuingDistributionPoint);
-    }
-
-    /**
-     * Sets the issuing distribution point.
-     * 
    
-     * The issuing distribution point extension is a CRL extension which
-     * identifies the scope and the distribution point of a CRL. The scope
-     * contains among others information about revocation reasons contained in
-     * the CRL. Delta CRLs and complete CRLs must have matching issuing
-     * distribution points.
-     * 
    
-     * The byte array is cloned to protect against subsequent modifications.
-     * 
    
-     * You must also enable or disable this criteria with
-     * {@link #setIssuingDistributionPointEnabled(boolean)}.
-     * 
-     * @param issuingDistributionPoint The issuing distribution point to set.
-     *            This is the DER encoded OCTET STRING extension value.
-     * @see #getIssuingDistributionPoint()
-     */
-    public void setIssuingDistributionPoint(byte[] issuingDistributionPoint)
-    {
-        this.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java
deleted file mode 100644
index 187b0983f..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java
+++ /dev/null
@@ -1,155 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-
-/**
- * This class is an Selector like implementation to select
- * certificates pairs, which are e.g. used for cross certificates. The set of
- * criteria is given from two
- * {@link org.bouncycastle.x509.X509CertStoreSelector}s which must be both
- * matched.
- * 
- * @see org.bouncycastle.x509.X509AttributeCertificate
- * @see org.bouncycastle.x509.X509Store
- */
-public class X509CertPairStoreSelector implements Selector
-{
-
-    private X509CertStoreSelector forwardSelector;
-
-    private X509CertStoreSelector reverseSelector;
-
-    private X509CertificatePair certPair;
-
-    public X509CertPairStoreSelector()
-    {
-    }
-
-    /**
-     * Returns the certificate pair which is used for testing on equality.
-     * 
-     * @return Returns the certificate pair which is checked.
-     */
-    public X509CertificatePair getCertPair()
-    {
-        return certPair;
-    }
-
-    /**
-     * Set the certificate pair which is used for testing on equality.
-     * 
-     * @param certPair The certPairChecking to set.
-     */
-    public void setCertPair(X509CertificatePair certPair)
-    {
-        this.certPair = certPair;
-    }
-
-    /**
-     * @param forwardSelector The certificate selector for the forward part in
-     *            the pair.
-     */
-    public void setForwardSelector(X509CertStoreSelector forwardSelector)
-    {
-        this.forwardSelector = forwardSelector;
-    }
-
-    /**
-     * @param reverseSelector The certificate selector for the reverse part in
-     *            the pair.
-     */
-    public void setReverseSelector(X509CertStoreSelector reverseSelector)
-    {
-        this.reverseSelector = reverseSelector;
-    }
-
-    /**
-     * Returns a clone of this selector.
-     * 
-     * @return A clone of this selector.
-     * @see java.lang.Object#clone()
-     */
-    public Object clone()
-    {
-        X509CertPairStoreSelector cln = new X509CertPairStoreSelector();
-
-        cln.certPair = certPair;
-        
-        if (forwardSelector != null)
-        {
-            cln.setForwardSelector((X509CertStoreSelector) forwardSelector
-                    .clone());
-        }
-
-        if (reverseSelector != null)
-        {
-            cln.setReverseSelector((X509CertStoreSelector) reverseSelector
-                    .clone());
-        }
-
-        return cln;
-    }
-
-    /**
-     * Decides if the given certificate pair should be selected. If
-     * obj is not a {@link X509CertificatePair} this method
-     * returns false.
-     * 
-     * @param obj The {@link X509CertificatePair} which should be tested.
-     * @return true if the object matches this selector.
-     */
-    public boolean match(Object obj)
-    {
-        try
-        {
-            if (!(obj instanceof X509CertificatePair))
-            {
-                return false;
-            }
-            X509CertificatePair pair = (X509CertificatePair)obj;
-
-            if (forwardSelector != null
-                    && !forwardSelector.match((Object)pair.getForward()))
-            {
-                return false;
-            }
-
-            if (reverseSelector != null
-                    && !reverseSelector.match((Object)pair.getReverse()))
-            {
-                return false;
-            }
-
-            if (certPair != null)
-            {
-                return certPair.equals(obj);
-            }
-
-            return true;
-        }
-        catch (Exception e)
-        {
-            return false;
-        }
-    }
-
-    /**
-     * Returns the certicate selector for the forward part.
-     * 
-     * @return Returns the certicate selector for the forward part.
-     */
-    public X509CertStoreSelector getForwardSelector()
-    {
-        return forwardSelector;
-    }
-
-    /**
-     * Returns the certicate selector for the reverse part.
-     * 
-     * @return Returns the reverse selector for teh reverse part.
-     */
-    public X509CertStoreSelector getReverseSelector()
-    {
-        return reverseSelector;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java
deleted file mode 100644
index 878577d22..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-
-/**
- * This class is a Selector implementation for X.509 certificates.
- * 
- * @see org.bouncycastle.util.Selector
- * @see org.bouncycastle.x509.X509Store
- * @see org.bouncycastle.jce.provider.X509StoreCertCollection
- */
-public class X509CertStoreSelector
-    extends X509CertSelector
-    implements Selector
-{
-    public boolean match(Object obj)
-    {
-        if (!(obj instanceof X509Certificate))
-        {
-            return false;
-        }
-
-        X509Certificate other = (X509Certificate)obj;
-
-        return super.match(other);
-    }
-
-    public boolean match(Certificate cert)
-    {
-        return match((Object)cert);
-    }
-
-    public Object clone()
-    {
-        X509CertStoreSelector selector = (X509CertStoreSelector)super.clone();
-
-        return selector;
-    }
-
-    /**
-     * Returns an instance of this from a X509CertSelector.
-     *
-     * @param selector A X509CertSelector instance.
-     * @return An instance of an X509CertStoreSelector.
-     * @exception IllegalArgumentException if selector is null or creation fails.
-     */
-    public static X509CertStoreSelector getInstance(X509CertSelector selector)
-    {
-        if (selector == null)
-        {
-            throw new IllegalArgumentException("cannot create from null selector");
-        }
-        X509CertStoreSelector cs = new X509CertStoreSelector();
-        cs.setAuthorityKeyIdentifier(selector.getAuthorityKeyIdentifier());
-        cs.setBasicConstraints(selector.getBasicConstraints());
-        cs.setCertificate(selector.getCertificate());
-        cs.setCertificateValid(selector.getCertificateValid());
-        cs.setMatchAllSubjectAltNames(selector.getMatchAllSubjectAltNames());
-        try
-        {
-            cs.setPathToNames(selector.getPathToNames());
-            cs.setExtendedKeyUsage(selector.getExtendedKeyUsage());
-            cs.setNameConstraints(selector.getNameConstraints());
-            cs.setPolicy(selector.getPolicy());
-            cs.setSubjectPublicKeyAlgID(selector.getSubjectPublicKeyAlgID());
-            cs.setIssuer(selector.getIssuerAsBytes());
-            cs.setSubject(selector.getSubjectAsBytes());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("error in passed in selector: " + e);
-        }
-        cs.setKeyUsage(selector.getKeyUsage());
-        cs.setPrivateKeyValid(selector.getPrivateKeyValid());
-        cs.setSerialNumber(selector.getSerialNumber());
-        cs.setSubjectKeyIdentifier(selector.getSubjectKeyIdentifier());
-        cs.setSubjectPublicKey(selector.getSubjectPublicKey());
-        return cs;
-    }
-
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertificatePair.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertificatePair.java
deleted file mode 100644
index 6bb8a3f6b..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CertificatePair.java
+++ /dev/null
@@ -1,166 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.x509.CertificatePair;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-
-/**
- * This class contains a cross certificate pair. Cross certificates pairs may
- * contain two cross signed certificates from two CAs. A certificate from the
- * other CA to this CA is contained in the forward certificate, the certificate
- * from this CA to the other CA is contained in the reverse certificate.
- */
-public class X509CertificatePair
-{
-    private X509Certificate forward;
-    private X509Certificate reverse;
-
-    /**
-     * Constructor.
-     *
-     * @param forward Certificate from the other CA to this CA.
-     * @param reverse Certificate from this CA to the other CA.
-     */
-    public X509CertificatePair(
-        X509Certificate forward,
-        X509Certificate reverse)
-    {
-        this.forward = forward;
-        this.reverse = reverse;
-    }
-
-    /**
-     * Constructor from a ASN.1 CertificatePair structure.
-     *
-     * @param pair The CertificatePair ASN.1 object.
-     */
-    public X509CertificatePair(
-        CertificatePair pair)
-        throws CertificateParsingException
-    {
-        if (pair.getForward() != null)
-        {
-            this.forward = new X509CertificateObject(pair.getForward());
-        }
-        if (pair.getReverse() != null)
-        {
-            this.reverse = new X509CertificateObject(pair.getReverse());
-        }
-    }
-    
-    public byte[] getEncoded()
-        throws CertificateEncodingException
-    {
-        X509CertificateStructure f = null;
-        X509CertificateStructure r = null;
-        try
-        {
-            if (forward != null)
-            {
-                f = X509CertificateStructure.getInstance(new ASN1InputStream(
-                    forward.getEncoded()).readObject());
-                if (f == null)
-                {
-                    throw new CertificateEncodingException("unable to get encoding for forward");
-                }
-            }
-            if (reverse != null)
-            {
-                r = X509CertificateStructure.getInstance(new ASN1InputStream(
-                    reverse.getEncoded()).readObject());
-                if (r == null)
-                {
-                    throw new CertificateEncodingException("unable to get encoding for reverse");
-                }
-            }
-            return new CertificatePair(f, r).getDEREncoded();
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new ExtCertificateEncodingException(e.toString(), e);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException(e.toString(), e);
-        }
-    }
-
-    /**
-     * Returns the certificate from the other CA to this CA.
-     *
-     * @return Returns the forward certificate.
-     */
-    public X509Certificate getForward()
-    {
-        return forward;
-    }
-
-    /**
-     * Return the certificate from this CA to the other CA.
-     *
-     * @return Returns the reverse certificate.
-     */
-    public X509Certificate getReverse()
-    {
-        return reverse;
-    }
-
-    public boolean equals(Object o)
-    {
-        if (o == null)
-        {
-            return false;
-        }
-        if (!(o instanceof X509CertificatePair))
-        {
-            return false;
-        }
-        X509CertificatePair pair = (X509CertificatePair)o;
-        boolean equalReverse = true;
-        boolean equalForward = true;
-        if (forward != null)
-        {
-            equalForward = this.forward.equals(pair.forward);
-        }
-        else
-        {
-            if (pair.forward != null)
-            {
-                equalForward = false;
-            }
-        }
-        if (reverse != null)
-        {
-            equalReverse = this.reverse.equals(pair.reverse);
-        }
-        else
-        {
-            if (pair.reverse != null)
-            {
-                equalReverse = false;
-            }
-        }
-        return equalForward && equalReverse;
-    }
-
-    public int hashCode()
-    {
-        int hash = -1;
-        if (forward != null)
-        {
-            hash ^= forward.hashCode();
-        }
-        if (reverse != null)
-        {
-            hash *= 17;
-            hash ^= reverse.hashCode();
-        }
-        return hash;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java
deleted file mode 100644
index 16420fed0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.util.ArrayList;
-import java.util.Collection;
-
-/**
- * This class contains a collection for collection based X509Stores.
- * 
- * @see org.bouncycastle.x509.X509Store
- * 
- */
-public class X509CollectionStoreParameters
-    implements X509StoreParameters
-{
-    private Collection collection;
-
-    /**
-     * Constructor.
-     * 
    
-     * The collection is copied.
-     * 
    
-     * 
-     * @param collection
-     *            The collection containing X.509 object types.
-     * @throws NullPointerException if collection is null.
-     */
-    public X509CollectionStoreParameters(Collection collection)
-    {
-        if (collection == null)
-        {
-            throw new NullPointerException("collection cannot be null");
-        }
-        this.collection = collection;
-    }
-
-    /**
-     * Returns a shallow clone. The returned contents are not copied, so adding
-     * or removing objects will effect this.
-     * 
-     * @return a shallow clone.
-     */
-    public Object clone()
-    {
-        return new X509CollectionStoreParameters(collection);
-    }
-    
-    /**
-     * Returns a copy of the Collection.
-     * 
-     * @return The Collection. Is never null.
-     */
-    public Collection getCollection()
-    {
-        return new ArrayList(collection);
-    }
-    
-    /**
-     * Returns a formatted string describing the parameters.
-     * 
-     * @return a formatted string describing the parameters
-     */
-    public String toString()
-    {
-        StringBuffer sb = new StringBuffer();
-        sb.append("X509CollectionStoreParameters: [\n");
-        sb.append("  collection: " + collection + "\n");
-        sb.append("]");
-        return sb.toString();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Store.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Store.java
deleted file mode 100644
index 1bfc00fcf..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Store.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.util.Store;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.util.Collection;
-
-public class X509Store
-    implements Store
-{
-    public static X509Store getInstance(String type, X509StoreParameters parameters)
-        throws NoSuchStoreException
-    {
-        try
-        {
-            X509Util.Implementation impl = X509Util.getImplementation("X509Store", type);
-
-            return createStore(impl, parameters);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new NoSuchStoreException(e.getMessage());
-        }
-    }
-
-    public static X509Store getInstance(String type, X509StoreParameters parameters, String provider)
-        throws NoSuchStoreException, NoSuchProviderException
-    {
-        return getInstance(type, parameters, X509Util.getProvider(provider));
-    }
-
-    public static X509Store getInstance(String type, X509StoreParameters parameters, Provider provider)
-        throws NoSuchStoreException
-    {
-        try
-        {
-            X509Util.Implementation impl = X509Util.getImplementation("X509Store", type, provider);
-
-            return createStore(impl, parameters);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new NoSuchStoreException(e.getMessage());
-        }
-    }
-
-    private static X509Store createStore(X509Util.Implementation impl, X509StoreParameters parameters)
-    {
-        X509StoreSpi spi = (X509StoreSpi)impl.getEngine();
-
-        spi.engineInit(parameters);
-
-        return new X509Store(impl.getProvider(), spi);
-    }
-
-    private Provider     _provider;
-    private X509StoreSpi _spi;
-
-    private X509Store(
-        Provider provider,
-        X509StoreSpi spi)
-    {
-        _provider = provider;
-        _spi = spi;
-    }
-
-    public Provider getProvider()
-    {
-       return _provider;
-    }
-
-    public Collection getMatches(Selector selector)
-    {
-        return _spi.engineGetMatches(selector);
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreParameters.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreParameters.java
deleted file mode 100644
index 22548da4a..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreParameters.java
+++ /dev/null
@@ -1,5 +0,0 @@
-package org.bouncycastle.x509;
-
-public interface X509StoreParameters
-{
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreSpi.java
deleted file mode 100644
index 3455add94..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StoreSpi.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-
-import java.util.Collection;
-
-public abstract class X509StoreSpi
-{
-    public abstract void engineInit(X509StoreParameters parameters);
-
-    public abstract Collection engineGetMatches(Selector selector);
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParser.java
deleted file mode 100644
index 3ad284682..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParser.java
+++ /dev/null
@@ -1,161 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.x509.util.StreamParser;
-import org.bouncycastle.x509.util.StreamParsingException;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.util.Collection;
-
-/**
- *
- * This class allows access to different implementations for reading X.509
- * objects from streams.
- * 
    
- * A X509StreamParser is used to read a collection of objects or a single object
- * of a certain X.509 object structure. E.g. one X509StreamParser can read
- * certificates, another one CRLs, certification paths, attribute certificates
- * and so on. The kind of object structure is specified with the
- * algorithm parameter to the getInstance methods.
- * 
    
- * Implementations must implement the
- * {@link org.bouncycastle.x509.X509StreamParserSpi}.
- */
-public class X509StreamParser
-    implements StreamParser
-{
-    /**
-     * Generates a StreamParser object that implements the specified type. If
-     * the default provider package provides an implementation of the requested
-     * type, an instance of StreamParser containing that implementation is
-     * returned. If the type is not available in the default package, other
-     * packages are searched.
-     *
-     * @param type
-     *            The name of the requested X.509 object type.
-     * @return a StreamParser object for the specified type.
-     *
-     * @exception NoSuchParserException
-     *                if the requested type is not available in the default
-     *                provider package or any of the other provider packages
-     *                that were searched.
-     */
-    public static X509StreamParser getInstance(String type)
-        throws NoSuchParserException
-    {
-        try
-        {
-            X509Util.Implementation impl = X509Util.getImplementation("X509StreamParser", type);
-
-            return createParser(impl);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new NoSuchParserException(e.getMessage());
-        }
-    }
-
-    /**
-     * Generates a X509StreamParser object for the specified type from the
-     * specified provider.
-     *
-     * @param type
-     *            the name of the requested X.509 object type.
-     * @param provider
-     *            the name of the provider.
-     *
-     * @return a X509StreamParser object for the specified type.
-     *
-     * @exception NoSuchParserException
-     *                if the type is not available from the specified provider.
-     *
-     * @exception NoSuchProviderException
-     *                if the provider can not be found.
-     *
-     * @see Provider
-     */
-    public static X509StreamParser getInstance(String type, String provider)
-        throws NoSuchParserException, NoSuchProviderException
-    {
-        return getInstance(type, X509Util.getProvider(provider));
-    }
-
-    /**
-     * Generates a X509StreamParser object for the specified type from the
-     * specified provider.
-     *
-     * @param type
-     *            the name of the requested X.509 object type.
-     * @param provider
-     *            the Provider to use.
-     *
-     * @return a X509StreamParser object for the specified type.
-     *
-     * @exception NoSuchParserException
-     *                if the type is not available from the specified provider.
-     *
-     * @see Provider
-     */
-    public static X509StreamParser getInstance(String type, Provider provider)
-        throws NoSuchParserException
-    {
-        try
-        {
-            X509Util.Implementation impl = X509Util.getImplementation("X509StreamParser", type, provider);
-
-            return createParser(impl);
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new NoSuchParserException(e.getMessage());
-        }
-    }
-
-    private static X509StreamParser createParser(X509Util.Implementation impl)
-    {
-        X509StreamParserSpi spi = (X509StreamParserSpi)impl.getEngine();
-
-        return new X509StreamParser(impl.getProvider(), spi);
-    }
-
-    private Provider            _provider;
-    private X509StreamParserSpi _spi;
-
-    private X509StreamParser(
-        Provider provider,
-        X509StreamParserSpi spi)
-    {
-        _provider = provider;
-        _spi = spi;
-    }
-
-    public Provider getProvider()
-    {
-        return _provider;
-    }
-
-    public void init(InputStream stream)
-    {
-        _spi.engineInit(stream);
-    }
-
-    public void init(byte[] data)
-    {
-        _spi.engineInit(new ByteArrayInputStream(data));
-    }
-
-    public Object read()
-        throws StreamParsingException
-    {
-        return _spi.engineRead();
-    }
-
-    public Collection readAll()
-        throws StreamParsingException
-    {
-        return _spi.engineReadAll();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java
deleted file mode 100644
index 6929eb127..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.x509.util.StreamParsingException;
-
-import java.io.InputStream;
-import java.util.Collection;
-
-/**
- * This abstract class defines the service provider interface (SPI) for
- * X509StreamParser.
- *
- * @see org.bouncycastle.x509.X509StreamParser
- *
- */
-public abstract class X509StreamParserSpi
-{
-    /**
-     * Initializes this stream parser with the input stream.
-     *
-     * @param in The input stream.
-     */
-    public abstract void engineInit(InputStream in);
-
-    /**
-     * Returns the next X.509 object of the type of this SPI from the given
-     * input stream.
-     *
-     * @return the next X.509 object in the stream or null if the
-     *         end of the stream is reached.
-     * @exception StreamParsingException
-     *                if the object cannot be created from input stream.
-     */
-    public abstract Object engineRead() throws StreamParsingException;
-
-    /**
-     * Returns all X.509 objects of the type of this SPI from
-     * the given input stream.
-     *
-     * @return A collection of all X.509 objects in the input stream or
-     *         null if the end of the stream is reached.
-     * @exception StreamParsingException
-     *                if an object cannot be created from input stream.
-     */
-    public abstract Collection engineReadAll() throws StreamParsingException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Util.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Util.java
deleted file mode 100644
index 018657aa3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509Util.java
+++ /dev/null
@@ -1,412 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Strings;
-
-class X509Util
-{
-    private static Hashtable algorithms = new Hashtable();
-    private static Hashtable params = new Hashtable();
-    private static Set       noParams = new HashSet();
-    
-    static
-    {   
-        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-        algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
-        algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
-        algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
-        algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
-        algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-        algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-        algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-
-        //
-        // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
-        // The parameters field SHALL be NULL for RSA based signature algorithms.
-        //
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
-        noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
-        
-        //
-        // RFC 4491
-        //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-
-        //
-        // explicit params
-        //
-        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
-        params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
-
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
-        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
-        params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
-
-        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull());
-        params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48));
-
-        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull());
-        params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
-    }
-
-    private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize)
-    {
-        return new RSASSAPSSparams(
-            hashAlgId,
-            new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
-            new DERInteger(saltSize),
-            new DERInteger(1));
-    }
-
-    static DERObjectIdentifier getAlgorithmOID(
-        String algorithmName)
-    {
-        algorithmName = Strings.toUpperCase(algorithmName);
-        
-        if (algorithms.containsKey(algorithmName))
-        {
-            return (DERObjectIdentifier)algorithms.get(algorithmName);
-        }
-        
-        return new DERObjectIdentifier(algorithmName);
-    }
-    
-    static AlgorithmIdentifier getSigAlgID(
-        DERObjectIdentifier sigOid,
-        String              algorithmName)
-    {
-        if (noParams.contains(sigOid))
-        {
-            return new AlgorithmIdentifier(sigOid);
-        }
-
-        algorithmName = Strings.toUpperCase(algorithmName);
-
-        if (params.containsKey(algorithmName))
-        {
-            return new AlgorithmIdentifier(sigOid, (DEREncodable)params.get(algorithmName));
-        }
-        else
-        {
-            return new AlgorithmIdentifier(sigOid, new DERNull());
-        }
-    }
-    
-    static Iterator getAlgNames()
-    {
-        Enumeration e = algorithms.keys();
-        List        l = new ArrayList();
-        
-        while (e.hasMoreElements())
-        {
-            l.add(e.nextElement());
-        }
-        
-        return l.iterator();
-    }
-
-    static Signature getSignatureInstance(
-        String algorithm)
-        throws NoSuchAlgorithmException
-    {
-        return Signature.getInstance(algorithm);
-    }
-
-    static Signature getSignatureInstance(
-        String algorithm,
-        String provider)
-        throws NoSuchProviderException, NoSuchAlgorithmException
-    {
-        if (provider != null)
-        {
-            return Signature.getInstance(algorithm, provider);
-        }
-        else
-        {
-            return Signature.getInstance(algorithm);
-        }
-    }
-
-    static byte[] calculateSignature(
-        DERObjectIdentifier sigOid,
-        String              sigName,
-        PrivateKey          key,
-        SecureRandom        random,
-        ASN1Encodable       object)
-        throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException
-    {
-        Signature sig;
-
-        if (sigOid == null)
-        {
-            throw new IllegalStateException("no signature algorithm specified");
-        }
-
-        sig = X509Util.getSignatureInstance(sigName);
-
-        if (random != null)
-        {
-            sig.initSign(key, random);
-        }
-        else
-        {
-            sig.initSign(key);
-        }
-
-        sig.update(object.getEncoded(ASN1Encodable.DER));
-
-        return sig.sign();
-    }
-
-    static byte[] calculateSignature(
-        DERObjectIdentifier sigOid,
-        String              sigName,
-        String              provider,
-        PrivateKey          key,
-        SecureRandom        random,
-        ASN1Encodable       object)
-        throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException
-    {
-        Signature sig;
-
-        if (sigOid == null)
-        {
-            throw new IllegalStateException("no signature algorithm specified");
-        }
-
-        sig = X509Util.getSignatureInstance(sigName, provider);
-
-        if (random != null)
-        {
-            sig.initSign(key, random);
-        }
-        else
-        {
-            sig.initSign(key);
-        }
-
-        sig.update(object.getEncoded(ASN1Encodable.DER));
-
-        return sig.sign();
-    }
-
-    static X509Principal convertPrincipal(
-        X500Principal principal)
-    {
-        try
-        {
-            return new X509Principal(principal.getEncoded());
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("cannot convert principal");
-        }
-    }
-
-    static class Implementation
-    {
-        Object      engine;
-        Provider provider;
-
-        Implementation(
-            Object      engine,
-            Provider    provider)
-        {
-            this.engine = engine;
-            this.provider = provider;
-        }
-
-        Object getEngine()
-        {
-            return engine;
-        }
-
-        Provider getProvider()
-        {
-            return provider;
-        }
-    }
-
-    /**
-     * see if we can find an algorithm (or its alias and what it represents) in
-     * the property table for the given provider.
-     */
-    static Implementation getImplementation(
-        String      baseName,
-        String      algorithm,
-        Provider    prov)
-        throws NoSuchAlgorithmException
-    {
-        algorithm = Strings.toUpperCase(algorithm);
-
-        String      alias;
-
-        while ((alias = prov.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null)
-        {
-            algorithm = alias;
-        }
-
-        String      className = prov.getProperty(baseName + "." + algorithm);
-
-        if (className != null)
-        {
-            try
-            {
-                Class       cls;
-                ClassLoader clsLoader = prov.getClass().getClassLoader();
-
-                if (clsLoader != null)
-                {
-                    cls = clsLoader.loadClass(className);
-                }
-                else
-                {
-                    cls = Class.forName(className);
-                }
-
-                return new Implementation(cls.newInstance(), prov);
-            }
-            catch (ClassNotFoundException e)
-            {
-                throw new IllegalStateException(
-                    "algorithm " + algorithm + " in provider " + prov.getName() + " but no class \"" + className + "\" found!");
-            }
-            catch (Exception e)
-            {
-                throw new IllegalStateException(
-                    "algorithm " + algorithm + " in provider " + prov.getName() + " but class \"" + className + "\" inaccessible!");
-            }
-        }
-
-        throw new NoSuchAlgorithmException("cannot find implementation " + algorithm + " for provider " + prov.getName());
-    }
-
-    /**
-     * return an implementation for a given algorithm/provider.
-     * If the provider is null, we grab the first avalaible who has the required algorithm.
-     */
-    static Implementation getImplementation(
-        String      baseName,
-        String      algorithm)
-        throws NoSuchAlgorithmException
-    {
-        Provider[] prov = Security.getProviders();
-
-        //
-        // search every provider looking for the algorithm we want.
-        //
-        for (int i = 0; i != prov.length; i++)
-        {
-            //
-            // try case insensitive
-            //
-            Implementation imp = getImplementation(baseName, Strings.toUpperCase(algorithm), prov[i]);
-            if (imp != null)
-            {
-                return imp;
-            }
-
-            try
-            {
-                imp = getImplementation(baseName, algorithm, prov[i]);
-            }
-            catch (NoSuchAlgorithmException e)
-            {
-                // continue
-            }
-        }
-
-        throw new NoSuchAlgorithmException("cannot find implementation " + algorithm);
-    }
-
-    static Provider getProvider(String provider)
-        throws NoSuchProviderException
-    {
-        Provider prov = Security.getProvider(provider);
-
-        if (prov == null)
-        {
-            throw new NoSuchProviderException("Provider " + provider + " not found");
-        }
-
-        return prov;
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
deleted file mode 100644
index 5e99e76bd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ /dev/null
@@ -1,377 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Iterator;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-
-/**
- * class to produce an X.509 Version 1 certificate.
- * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder.
- */
-public class X509V1CertificateGenerator
-{
-    private V1TBSCertificateGenerator   tbsGen;
-    private DERObjectIdentifier         sigOID;
-    private AlgorithmIdentifier         sigAlgId;
-    private String                      signatureAlgorithm;
-
-    public X509V1CertificateGenerator()
-    {
-        tbsGen = new V1TBSCertificateGenerator();
-    }
-
-    /**
-     * reset the generator
-     */
-    public void reset()
-    {
-        tbsGen = new V1TBSCertificateGenerator();
-    }
-
-    /**
-     * set the serial number for the certificate.
-     */
-    public void setSerialNumber(
-        BigInteger      serialNumber)
-    {
-        if (serialNumber.compareTo(BigInteger.ZERO) <= 0)
-        {
-            throw new IllegalArgumentException("serial number must be a positive integer");
-        }
-        
-        tbsGen.setSerialNumber(new DERInteger(serialNumber));
-    }
-
-    /**
-     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
-     * certificate.
-     */
-    public void setIssuerDN(
-        X500Principal   issuer)
-    {
-        try
-        {
-            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't process principal: " + e);
-        }
-    }
-    
-    /**
-     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
-     * certificate.
-     */
-    public void setIssuerDN(
-        X509Name   issuer)
-    {
-        tbsGen.setIssuer(issuer);
-    }
-
-    public void setNotBefore(
-        Date    date)
-    {
-        tbsGen.setStartDate(new Time(date));
-    }
-
-    public void setNotAfter(
-        Date    date)
-    {
-        tbsGen.setEndDate(new Time(date));
-    }
-
-    /**
-     * Set the subject distinguished name. The subject describes the entity associated with the public key.
-     */
-    public void setSubjectDN(
-        X500Principal   subject)
-    {
-        try
-        {
-            tbsGen.setSubject(new X509Principal(subject.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't process principal: " + e);
-        }
-    }
-    
-    /**
-     * Set the subject distinguished name. The subject describes the entity associated with the public key.
-     */
-    public void setSubjectDN(
-        X509Name   subject)
-    {
-        tbsGen.setSubject(subject);
-    }
-
-    public void setPublicKey(
-        PublicKey       key)
-    {
-        try
-        {
-            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
-                                new ByteArrayInputStream(key.getEncoded())).readObject()));
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("unable to process key - " + e.toString());
-        }
-    }
-
-    /**
-     * Set the signature algorithm. This can be either a name or an OID, names
-     * are treated as case insensitive.
-     * 
-     * @param signatureAlgorithm string representation of the algorithm name.
-     */
-    public void setSignatureAlgorithm(
-        String  signatureAlgorithm)
-    {
-        this.signatureAlgorithm = signatureAlgorithm;
-
-        try
-        {
-            sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("Unknown signature type requested");
-        }
-
-        sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
-        tbsGen.setSignature(sigAlgId);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider "BC".
-     * @deprecated use generate(key, "BC")
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key)
-        throws SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generateX509Certificate(key, "BC", null);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new SecurityException("BC provider not installed!");
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider "BC" and the passed in source of randomness
-     * @deprecated use generate(key, random, "BC")
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key,
-        SecureRandom    random)
-        throws SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generateX509Certificate(key, "BC", random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new SecurityException("BC provider not installed!");
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing, and the passed in source
-     * of randomness (if required).
-     * @deprecated use generate()
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key,
-        String          provider)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        return generateX509Certificate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing, and the passed in source
-     * of randomness (if required).
-     * @deprecated use generate()
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generate(key, provider, random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw e;
-        }
-        catch (SignatureException e)
-        {
-            throw e;
-        }
-        catch (InvalidKeyException e)
-        {
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new SecurityException("exception: " + e);
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider.
-     * 
    
-     * Note: this differs from the deprecated method in that the default provider is
-     * used - not "BC".
-     * 
    
-     */
-    public X509Certificate generate(
-        PrivateKey      key)
-        throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        return generate(key, (SecureRandom)null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider and the passed in source of randomness
-     * 
    
-     * Note: this differs from the deprecated method in that the default provider is
-     * used - not "BC".
-     * 
    
-     */
-    public X509Certificate generate(
-        PrivateKey      key,
-        SecureRandom    random)
-        throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
-        byte[] signature;
-
-        try
-        {
-            signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
-        }
-
-        return generateJcaObject(tbsCert, signature);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing, and the passed in source
-     * of randomness (if required).
-     */
-    public X509Certificate generate(
-        PrivateKey      key,
-        String          provider)
-        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        return generate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing, and the passed in source
-     * of randomness (if required).
-     */
-    public X509Certificate generate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
-        byte[] signature;
-
-        try
-        {
-            signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
-        }
-
-        return generateJcaObject(tbsCert, signature);
-    }
-
-    private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature)
-        throws CertificateEncodingException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(tbsCert);
-        v.add(sigAlgId);
-        v.add(new DERBitString(signature));
-
-        try
-        {
-            return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
-        }
-        catch (CertificateParsingException e)
-        {
-            throw new ExtCertificateEncodingException("exception producing certificate object", e);
-        }
-    }
-
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return X509Util.getAlgNames();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
deleted file mode 100644
index 4d40dd95c..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
+++ /dev/null
@@ -1,349 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Arrays;
-
-/**
- * An implementation of a version 2 X.509 Attribute Certificate.
- * @deprecated use org.bouncycastle.cert.X509AttributeCertificateHolder
- */
-public class X509V2AttributeCertificate
-    implements X509AttributeCertificate
-{
-    private AttributeCertificate    cert;
-    private Date                    notBefore;
-    private Date                    notAfter;
-
-    private static AttributeCertificate getObject(InputStream in)
-        throws IOException
-    {
-        try
-        {
-            return AttributeCertificate.getInstance(new ASN1InputStream(in).readObject());
-        }
-        catch (IOException e)
-        {
-            throw e;
-        }
-        catch (Exception e)
-        {
-            throw new IOException("exception decoding certificate structure: " + e.toString());
-        }
-    }
-
-    public X509V2AttributeCertificate(
-        InputStream encIn)
-        throws IOException
-    {
-        this(getObject(encIn));
-    }
-    
-    public X509V2AttributeCertificate(
-        byte[]  encoded)
-        throws IOException
-    {
-        this(new ByteArrayInputStream(encoded));
-    }
-    
-    X509V2AttributeCertificate(
-        AttributeCertificate    cert)
-        throws IOException
-    {
-        this.cert = cert;
-        
-        try
-        {
-            this.notAfter = cert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime().getDate();
-            this.notBefore = cert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IOException("invalid data structure in certificate!");
-        }
-    }
-    
-    public int getVersion()
-    {
-        return cert.getAcinfo().getVersion().getValue().intValue() + 1;
-    }
-    
-    public BigInteger getSerialNumber()
-    {
-        return cert.getAcinfo().getSerialNumber().getValue();
-    }
-    
-    public AttributeCertificateHolder getHolder()
-    {
-        return new AttributeCertificateHolder((ASN1Sequence)cert.getAcinfo().getHolder().toASN1Object());
-    }
-    
-    public AttributeCertificateIssuer getIssuer()
-    {
-        return new AttributeCertificateIssuer(cert.getAcinfo().getIssuer());
-    }
-    
-    public Date getNotBefore()
-    {
-        return notBefore;
-    }
-    
-    public Date getNotAfter()
-    {
-        return notAfter;
-    }
-    
-    public boolean[] getIssuerUniqueID()
-    {
-        DERBitString    id = cert.getAcinfo().getIssuerUniqueID();
-
-        if (id != null)
-        {
-            byte[]          bytes = id.getBytes();
-            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
-
-            for (int i = 0; i != boolId.length; i++)
-            {
-                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
-            }
-
-            return boolId;
-        }
-            
-        return null;
-    }
-    
-    public void checkValidity() 
-        throws CertificateExpiredException, CertificateNotYetValidException
-    {
-        this.checkValidity(new Date());
-    }
-    
-    public void checkValidity(
-        Date    date)
-        throws CertificateExpiredException, CertificateNotYetValidException
-    {
-        if (date.after(this.getNotAfter()))
-        {
-            throw new CertificateExpiredException("certificate expired on " + this.getNotAfter());
-        }
-
-        if (date.before(this.getNotBefore()))
-        {
-            throw new CertificateNotYetValidException("certificate not valid till " + this.getNotBefore());
-        }
-    }
-    
-    public byte[] getSignature()
-    {
-        return cert.getSignatureValue().getBytes();
-    }
-    
-    public final void verify(
-            PublicKey   key,
-            String      provider)
-            throws CertificateException, NoSuchAlgorithmException,
-            InvalidKeyException, NoSuchProviderException, SignatureException
-    {
-        Signature   signature = null;
-
-        if (!cert.getSignatureAlgorithm().equals(cert.getAcinfo().getSignature()))
-        {
-            throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
-        }
-
-        signature = Signature.getInstance(cert.getSignatureAlgorithm().getObjectId().getId(), provider);
-
-        signature.initVerify(key);
-
-        try
-        {
-            signature.update(cert.getAcinfo().getEncoded());
-        }
-        catch (IOException e)
-        {
-            throw new SignatureException("Exception encoding certificate info object");
-        }
-
-        if (!signature.verify(this.getSignature()))
-        {
-            throw new InvalidKeyException("Public key presented not for certificate signature");
-        }
-    }
-    
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return cert.getEncoded();
-    }
-
-    public byte[] getExtensionValue(String oid) 
-    {
-        X509Extensions  extensions = cert.getAcinfo().getExtensions();
-
-        if (extensions != null)
-        {
-            X509Extension   ext = extensions.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encodable.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    private Set getExtensionOIDs(
-        boolean critical) 
-    {
-        X509Extensions  extensions = cert.getAcinfo().getExtensions();
-
-        if (extensions != null)
-        {
-            Set             set = new HashSet();
-            Enumeration     e = extensions.oids();
-
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-
-                if (ext.isCritical() == critical)
-                {
-                    set.add(oid.getId());
-                }
-            }
-
-            return set;
-        }
-
-        return null;
-    }
-    
-    public Set getNonCriticalExtensionOIDs() 
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public Set getCriticalExtensionOIDs() 
-    {
-        return getExtensionOIDs(true);
-    }
-    
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set  extensions = getCriticalExtensionOIDs();
-
-        return extensions != null && !extensions.isEmpty();
-    }
-
-    public X509Attribute[] getAttributes()
-    {
-        ASN1Sequence    seq = cert.getAcinfo().getAttributes();
-        X509Attribute[] attrs = new X509Attribute[seq.size()];
-        
-        for (int i = 0; i != seq.size(); i++)
-        {
-            attrs[i] = new X509Attribute((ASN1Encodable)seq.getObjectAt(i));
-        }
-        
-        return attrs;
-    }
-    
-    public X509Attribute[] getAttributes(String oid)
-    {
-        ASN1Sequence    seq = cert.getAcinfo().getAttributes();
-        List            list = new ArrayList();
-        
-        for (int i = 0; i != seq.size(); i++)
-        {
-            X509Attribute attr = new X509Attribute((ASN1Encodable)seq.getObjectAt(i));
-            if (attr.getOID().equals(oid))
-            {
-                list.add(attr);
-            }
-        }
-        
-        if (list.size() == 0)
-        {
-            return null;
-        }
-        
-        return (X509Attribute[])list.toArray(new X509Attribute[list.size()]);
-    }
-
-    public boolean equals(
-        Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-
-        if (!(o instanceof X509AttributeCertificate))
-        {
-            return false;
-        }
-
-        X509AttributeCertificate other = (X509AttributeCertificate)o;
-
-        try
-        {
-            byte[] b1 = this.getEncoded();
-            byte[] b2 = other.getEncoded();
-
-            return Arrays.areEqual(b1, b2);
-        }
-        catch (IOException e)
-        {
-            return false;
-        }
-    }
-
-    public int hashCode()
-    {
-        try
-        {
-            return Arrays.hashCode(this.getEncoded());
-        }
-        catch (IOException e)
-        {
-            return 0;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java
deleted file mode 100644
index 62f3993bd..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java
+++ /dev/null
@@ -1,268 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.util.Date;
-import java.util.Iterator;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
-import org.bouncycastle.asn1.x509.V2AttributeCertificateInfoGenerator;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-
-/**
- * class to produce an X.509 Version 2 AttributeCertificate.
- * @deprecated use org.bouncycastle.cert.X509v2AttributeCertificateBuilder
- */
-public class X509V2AttributeCertificateGenerator
-{
-    private V2AttributeCertificateInfoGenerator   acInfoGen;
-    private DERObjectIdentifier         sigOID;
-    private AlgorithmIdentifier         sigAlgId;
-    private String                      signatureAlgorithm;
-    private X509ExtensionsGenerator     extGenerator;
-
-    public X509V2AttributeCertificateGenerator()
-    {
-        acInfoGen = new V2AttributeCertificateInfoGenerator();
-        extGenerator = new X509ExtensionsGenerator();
-    }
-
-    /**
-     * reset the generator
-     */
-    public void reset()
-    {
-        acInfoGen = new V2AttributeCertificateInfoGenerator();
-        extGenerator.reset();
-    }
-
-    /**
-     * Set the Holder of this Attribute Certificate
-     */
-    public void setHolder(
-        AttributeCertificateHolder     holder)
-    {
-        acInfoGen.setHolder(holder.holder);
-    }
-
-    /**
-     * Set the issuer
-     */
-    public void setIssuer(
-        AttributeCertificateIssuer  issuer)
-    {
-        acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
-    }
-
-    /**
-     * set the serial number for the certificate.
-     */
-    public void setSerialNumber(
-        BigInteger      serialNumber)
-    {
-        acInfoGen.setSerialNumber(new DERInteger(serialNumber));
-    }
-
-    public void setNotBefore(
-        Date    date)
-    {
-        acInfoGen.setStartDate(new DERGeneralizedTime(date));
-    }
-
-    public void setNotAfter(
-        Date    date)
-    {
-        acInfoGen.setEndDate(new DERGeneralizedTime(date));
-    }
-
-    /**
-     * Set the signature algorithm. This can be either a name or an OID, names
-     * are treated as case insensitive.
-     * 
-     * @param signatureAlgorithm string representation of the algorithm name.
-     */
-    public void setSignatureAlgorithm(
-        String  signatureAlgorithm)
-    {
-        this.signatureAlgorithm = signatureAlgorithm;
-
-        try
-        {
-            sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("Unknown signature type requested");
-        }
-
-        sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
-        acInfoGen.setSignature(sigAlgId);
-    }
-    
-    /**
-     * add an attribute
-     */
-    public void addAttribute(
-        X509Attribute       attribute)
-    {
-        acInfoGen.addAttribute(Attribute.getInstance(attribute.toASN1Object()));
-    }
-
-    public void setIssuerUniqueId(
-        boolean[] iui)
-    {
-        // [TODO] convert boolean array to bit string
-        //acInfoGen.setIssuerUniqueID(iui);
-        throw new RuntimeException("not implemented (yet)");
-    }
-     
-    /**
-     * add a given extension field for the standard extensions tag
-     * @throws IOException
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        ASN1Encodable   value)
-        throws IOException
-    {
-        extGenerator.addExtension(new DERObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag
-     * The value parameter becomes the contents of the octet string associated
-     * with the extension.
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        byte[]          value)
-    {
-        extGenerator.addExtension(new DERObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     * @deprecated use generate()
-     */
-    public X509AttributeCertificate generateCertificate(
-        PrivateKey      key,
-        String          provider)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        return generateCertificate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing and the supplied source
-     * of randomness, if required.
-     * @deprecated use generate()
-     */
-    public X509AttributeCertificate generateCertificate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generate(key, provider, random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw e;
-        }
-        catch (SignatureException e)
-        {
-            throw e;
-        }
-        catch (InvalidKeyException e)
-        {
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new SecurityException("exception creating certificate: " + e);
-        }
-    }
-
-   /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     */
-    public X509AttributeCertificate generate(
-        PrivateKey      key,
-        String          provider)
-       throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, SignatureException, InvalidKeyException, NoSuchAlgorithmException
-   {
-        return generate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing and the supplied source
-     * of randomness, if required.
-     */
-    public X509AttributeCertificate generate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        if (!extGenerator.isEmpty())
-        {
-            acInfoGen.setExtensions(extGenerator.generate());
-        }
-
-        AttributeCertificateInfo acInfo = acInfoGen.generateAttributeCertificateInfo();
-
-        ASN1EncodableVector  v = new ASN1EncodableVector();
-
-        v.add(acInfo);
-        v.add(sigAlgId);
-
-        try
-        {
-            v.add(new DERBitString(X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, acInfo)));
-
-            return new X509V2AttributeCertificate(new AttributeCertificate(new DERSequence(v)));
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException("constructed invalid certificate", e);
-        }
-    }
-
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return X509Util.getAlgNames();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java
deleted file mode 100644
index acade77c0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java
+++ /dev/null
@@ -1,449 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.X509CRLObject;
-
-/**
- * class to produce an X.509 Version 2 CRL.
- *  @deprecated use org.bouncycastle.cert.X509v2CRLBuilder.
- */
-public class X509V2CRLGenerator
-{
-    private V2TBSCertListGenerator      tbsGen;
-    private DERObjectIdentifier         sigOID;
-    private AlgorithmIdentifier         sigAlgId;
-    private String                      signatureAlgorithm;
-    private X509ExtensionsGenerator     extGenerator;
-
-    public X509V2CRLGenerator()
-    {
-        tbsGen = new V2TBSCertListGenerator();
-        extGenerator = new X509ExtensionsGenerator();
-    }
-
-    /**
-     * reset the generator
-     */
-    public void reset()
-    {
-        tbsGen = new V2TBSCertListGenerator();
-        extGenerator.reset();
-    }
-
-    /**
-     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
-     * certificate.
-     */
-    public void setIssuerDN(
-        X500Principal   issuer)
-    {
-        try
-        {
-            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't process principal: " + e);
-        }
-    }
-
-    /**
-     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
-     * certificate.
-     */
-    public void setIssuerDN(
-        X509Name   issuer)
-    {
-        tbsGen.setIssuer(issuer);
-    }
-
-    public void setThisUpdate(
-        Date    date)
-    {
-        tbsGen.setThisUpdate(new Time(date));
-    }
-
-    public void setNextUpdate(
-        Date    date)
-    {
-        tbsGen.setNextUpdate(new Time(date));
-    }
-
-    /**
-     * Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise
-     * or 0 if CRLReason is not to be used
-     **/
-    public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason)
-    {
-        tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason);
-    }
-
-    /**
-     * Add a CRL entry with an Invalidity Date extension as well as a CRLReason extension.
-     * Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise
-     * or 0 if CRLReason is not to be used
-     **/
-    public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate)
-    {
-        tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate));
-    }
-   
-    /**
-     * Add a CRL entry with extensions.
-     **/
-    public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions)
-    {
-        tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), extensions);
-    }
-    
-    /**
-     * Add the CRLEntry objects contained in a previous CRL.
-     * 
-     * @param other the X509CRL to source the other entries from. 
-     */
-    public void addCRL(X509CRL other)
-        throws CRLException
-    {
-        Set revocations = other.getRevokedCertificates();
-
-        if (revocations != null)
-        {
-            Iterator it = revocations.iterator();
-            while (it.hasNext())
-            {
-                X509CRLEntry entry = (X509CRLEntry)it.next();
-
-                ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());
-
-                try
-                {
-                    tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
-                }
-                catch (IOException e)
-                {
-                    throw new CRLException("exception processing encoding of CRL: " + e.toString());
-                }
-            }
-        }
-    }
-    
-    /**
-     * Set the signature algorithm. This can be either a name or an OID, names
-     * are treated as case insensitive.
-     * 
-     * @param signatureAlgorithm string representation of the algorithm name.
-     */
-    public void setSignatureAlgorithm(
-        String  signatureAlgorithm)
-    {
-        this.signatureAlgorithm = signatureAlgorithm;
-
-        try
-        {
-            sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("Unknown signature type requested");
-        }
-
-        sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
-        tbsGen.setSignature(sigAlgId);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 0)
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        DEREncodable    value)
-    {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 0)
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        DEREncodable        value)
-    {
-        extGenerator.addExtension(oid, critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 0)
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        byte[]          value)
-    {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 0)
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        byte[]              value)
-    {
-        extGenerator.addExtension(oid, critical, value);
-    }
-
-    /**
-     * generate an X509 CRL, based on the current issuer and subject
-     * using the default provider "BC".
-     * @deprecated use generate(key, "BC")
-     */
-    public X509CRL generateX509CRL(
-        PrivateKey      key)
-        throws SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generateX509CRL(key, "BC", null);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new SecurityException("BC provider not installed!");
-        }
-    }
-
-    /**
-     * generate an X509 CRL, based on the current issuer and subject
-     * using the default provider "BC" and an user defined SecureRandom object as
-     * source of randomness.
-     * @deprecated use generate(key, random, "BC")
-     */
-    public X509CRL generateX509CRL(
-        PrivateKey      key,
-        SecureRandom    random)
-        throws SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generateX509CRL(key, "BC", random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new SecurityException("BC provider not installed!");
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the passed in provider for the signing.
-     * @deprecated use generate()
-     */
-    public X509CRL generateX509CRL(
-        PrivateKey      key,
-        String          provider)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        return generateX509CRL(key, provider, null);
-    }
-
-    /**
-     * generate an X509 CRL, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     * @deprecated use generate()
-     */
-    public X509CRL generateX509CRL(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generate(key, provider, random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw e;
-        }
-        catch (SignatureException e)
-        {
-            throw e;
-        }
-        catch (InvalidKeyException e)
-        {
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new SecurityException("exception: " + e);
-        }
-    }
-    
-    /**
-     * generate an X509 CRL, based on the current issuer and subject
-     * using the default provider.
-     * 
    
-     * Note: this differs from the deprecated method in that the default provider is
-     * used - not "BC".
-     * 
    
-     */
-    public X509CRL generate(
-        PrivateKey      key)
-        throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        return generate(key, (SecureRandom)null);
-    }
-
-    /**
-     * generate an X509 CRL, based on the current issuer and subject
-     * using the default provider and an user defined SecureRandom object as
-     * source of randomness.
-     * 
    
-     * Note: this differs from the deprecated method in that the default provider is
-     * used - not "BC".
-     * 
    
-     */
-    public X509CRL generate(
-        PrivateKey      key,
-        SecureRandom    random)
-        throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        TBSCertList tbsCrl = generateCertList();
-        byte[] signature;
-
-        try
-        {
-            signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCRLException("cannot generate CRL encoding", e);
-        }
-
-        return generateJcaObject(tbsCrl, signature);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the passed in provider for the signing.
-     */
-    public X509CRL generate(
-        PrivateKey      key,
-        String          provider)
-        throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        return generate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 CRL, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     */
-    public X509CRL generate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        TBSCertList tbsCrl = generateCertList();
-        byte[] signature;
-
-        try
-        {
-            signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCRLException("cannot generate CRL encoding", e);
-        }
-
-        return generateJcaObject(tbsCrl, signature);
-    }
-
-    private TBSCertList generateCertList()
-    {
-        if (!extGenerator.isEmpty())
-        {
-            tbsGen.setExtensions(extGenerator.generate());
-        }
-
-        return tbsGen.generateTBSCertList();
-    }
-
-    private X509CRL generateJcaObject(TBSCertList tbsCrl, byte[] signature)
-        throws CRLException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(tbsCrl);
-        v.add(sigAlgId);
-        v.add(new DERBitString(signature));
-
-        return new X509CRLObject(new CertificateList(new DERSequence(v)));
-    }
-
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return X509Util.getAlgNames();
-    }
-
-    private static class ExtCRLException
-        extends CRLException
-    {
-        Throwable cause;
-
-        ExtCRLException(String message, Throwable cause)
-        {
-            super(message);
-            this.cause = cause;
-        }
-
-        public Throwable getCause()
-        {
-            return cause;
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
deleted file mode 100644
index 1ac395cec..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ /dev/null
@@ -1,527 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Iterator;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-/**
- * class to produce an X.509 Version 3 certificate.
- *  @deprecated use org.bouncycastle.cert.X509v3CertificateBuilder.
- */
-public class X509V3CertificateGenerator
-{
-    private V3TBSCertificateGenerator   tbsGen;
-    private DERObjectIdentifier         sigOID;
-    private AlgorithmIdentifier         sigAlgId;
-    private String                      signatureAlgorithm;
-    private X509ExtensionsGenerator     extGenerator;
-
-    public X509V3CertificateGenerator()
-    {
-        tbsGen = new V3TBSCertificateGenerator();
-        extGenerator = new X509ExtensionsGenerator();
-    }
-
-    /**
-     * reset the generator
-     */
-    public void reset()
-    {
-        tbsGen = new V3TBSCertificateGenerator();
-        extGenerator.reset();
-    }
-
-    /**
-     * set the serial number for the certificate.
-     */
-    public void setSerialNumber(
-        BigInteger      serialNumber)
-    {
-        if (serialNumber.compareTo(BigInteger.ZERO) <= 0)
-        {
-            throw new IllegalArgumentException("serial number must be a positive integer");
-        }
-        
-        tbsGen.setSerialNumber(new DERInteger(serialNumber));
-    }
-
-    /**
-     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
-     * certificate.
-     */
-    public void setIssuerDN(
-        X500Principal   issuer)
-    {
-        try
-        {
-            tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't process principal: " + e);
-        }
-    }
-    
-    /**
-     * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
-     * certificate.
-     */
-    public void setIssuerDN(
-        X509Name   issuer)
-    {
-        tbsGen.setIssuer(issuer);
-    }
-
-    public void setNotBefore(
-        Date    date)
-    {
-        tbsGen.setStartDate(new Time(date));
-    }
-
-    public void setNotAfter(
-        Date    date)
-    {
-        tbsGen.setEndDate(new Time(date));
-    }
-
-    /**
-     * Set the subject distinguished name. The subject describes the entity associated with the public key.
-     */
-    public void setSubjectDN(
-        X500Principal   subject)
-    {
-        try
-        {
-            tbsGen.setSubject(new X509Principal(subject.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("can't process principal: " + e);
-        }
-    }
-    
-    /**
-     * Set the subject distinguished name. The subject describes the entity associated with the public key.
-     */
-    public void setSubjectDN(
-        X509Name   subject)
-    {
-        tbsGen.setSubject(subject);
-    }
-
-    public void setPublicKey(
-        PublicKey       key)
-        throws IllegalArgumentException
-    {
-        try
-        {
-            tbsGen.setSubjectPublicKeyInfo(
-                       SubjectPublicKeyInfo.getInstance(new ASN1InputStream(key.getEncoded()).readObject()));
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("unable to process key - " + e.toString());
-        }
-    }
-
-    /**
-     * Set the signature algorithm. This can be either a name or an OID, names
-     * are treated as case insensitive.
-     * 
-     * @param signatureAlgorithm string representation of the algorithm name.
-     */
-    public void setSignatureAlgorithm(
-        String  signatureAlgorithm)
-    {
-        this.signatureAlgorithm = signatureAlgorithm;
-
-        try
-        {
-            sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("Unknown signature type requested: " + signatureAlgorithm);
-        }
-
-        sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
-        tbsGen.setSignature(sigAlgId);
-    }
-
-    /**
-     * Set the subject unique ID - note: it is very rare that it is correct to do this.
-     */
-    public void setSubjectUniqueID(boolean[] uniqueID)
-    {
-        tbsGen.setSubjectUniqueID(booleanToBitString(uniqueID));
-    }
-
-    /**
-     * Set the issuer unique ID - note: it is very rare that it is correct to do this.
-     */
-    public void setIssuerUniqueID(boolean[] uniqueID)
-    {
-        tbsGen.setIssuerUniqueID(booleanToBitString(uniqueID));
-    }
-
-    private DERBitString booleanToBitString(boolean[] id)
-    {
-        byte[] bytes = new byte[(id.length + 7) / 8];
-
-        for (int i = 0; i != id.length; i++)
-        {
-            bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0;
-        }
-
-        int pad = id.length % 8;
-
-        if (pad == 0)
-        {
-            return new DERBitString(bytes);
-        }
-        else
-        {
-            return new DERBitString(bytes, 8 - pad);
-        }
-    }
-    
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        DEREncodable    value)
-    {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        DEREncodable        value)
-    {
-        extGenerator.addExtension(oid, critical,  value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     * The value parameter becomes the contents of the octet string associated
-     * with the extension.
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        byte[]          value)
-    {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        byte[]              value)
-    {
-        extGenerator.addExtension(oid, critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     * copying the extension value from another certificate.
-     * @throws CertificateParsingException if the extension cannot be extracted.
-     */
-    public void copyAndAddExtension(
-        String          oid,
-        boolean         critical,
-        X509Certificate cert) 
-        throws CertificateParsingException
-    {
-        byte[] extValue = cert.getExtensionValue(oid);
-        
-        if (extValue == null)
-        {
-            throw new CertificateParsingException("extension " + oid + " not present");
-        }
-        
-        try
-        {
-            ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue);
-    
-            this.addExtension(oid, critical, value);
-        }
-        catch (IOException e)
-        {
-            throw new CertificateParsingException(e.toString());
-        }
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag (tag 3)
-     * copying the extension value from another certificate.
-     * @throws CertificateParsingException if the extension cannot be extracted.
-     */
-    public void copyAndAddExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        X509Certificate     cert)
-        throws CertificateParsingException
-    {
-        this.copyAndAddExtension(oid.getId(), critical, cert);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider "BC".
-     * @deprecated use generate(key, "BC")
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key)
-        throws SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generateX509Certificate(key, "BC", null);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new SecurityException("BC provider not installed!");
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider "BC", and the passed in source of randomness
-     * (if required).
-     * @deprecated use generate(key, random, "BC")
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key,
-        SecureRandom    random)
-        throws SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generateX509Certificate(key, "BC", random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new SecurityException("BC provider not installed!");
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     * @deprecated use generate()
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key,
-        String          provider)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        return generateX509Certificate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing and the supplied source
-     * of randomness, if required.
-     * @deprecated use generate()
-     */
-    public X509Certificate generateX509Certificate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generate(key, provider, random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw e;
-        }
-        catch (SignatureException e)
-        {
-            throw e;
-        }
-        catch (InvalidKeyException e)
-        {
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new SecurityException("exception: " + e);
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider.
-     * 
    
-     * Note: this differs from the deprecated method in that the default provider is
-     * used - not "BC".
-     * 
    
-     */
-    public X509Certificate generate(
-        PrivateKey      key)
-        throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        return generate(key, (SecureRandom)null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject
-     * using the default provider, and the passed in source of randomness
-     * (if required).
-     * 
    
-     * Note: this differs from the deprecated method in that the default provider is
-     * used - not "BC".
-     * 
    
-     */
-    public X509Certificate generate(
-        PrivateKey      key,
-        SecureRandom    random)
-        throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        TBSCertificateStructure tbsCert = generateTbsCert();
-        byte[] signature;
-
-        try
-        {
-            signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
-        }
-
-        try
-        {
-            return generateJcaObject(tbsCert, signature);
-        }
-        catch (CertificateParsingException e)
-        {
-            throw new ExtCertificateEncodingException("exception producing certificate object", e);
-        }
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     */
-    public X509Certificate generate(
-        PrivateKey      key,
-        String          provider)
-        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        return generate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing and the supplied source
-     * of randomness, if required.
-     */
-    public X509Certificate generate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        TBSCertificateStructure tbsCert = generateTbsCert();
-        byte[] signature;
-
-        try
-        {
-            signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
-        }
-
-        try
-        {
-            return generateJcaObject(tbsCert, signature);
-        }
-        catch (CertificateParsingException e)
-        {
-            throw new ExtCertificateEncodingException("exception producing certificate object", e);
-        }
-    }
-
-    private TBSCertificateStructure generateTbsCert()
-    {
-        if (!extGenerator.isEmpty())
-        {
-            tbsGen.setExtensions(extGenerator.generate());
-        }
-
-        return tbsGen.generateTBSCertificate();
-    }
-
-    private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature)
-        throws CertificateParsingException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(tbsCert);
-        v.add(sigAlgId);
-        v.add(new DERBitString(signature));
-
-        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
-    }
-
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return X509Util.getAlgNames();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java
deleted file mode 100644
index 99828aab7..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java
+++ /dev/null
@@ -1,314 +0,0 @@
-package org.bouncycastle.x509.examples;
-
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
-import org.bouncycastle.asn1.misc.NetscapeCertType;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.x509.AttributeCertificateHolder;
-import org.bouncycastle.x509.AttributeCertificateIssuer;
-import org.bouncycastle.x509.X509Attribute;
-import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-/**
- * A simple example that generates an attribute certificate.
- */
-public class AttrCertExample
-{
-    static X509V1CertificateGenerator  v1CertGen = new X509V1CertificateGenerator();
-    static X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
-    
-    /**
-     * we generate the AC issuer's certificate
-     */
-    public static X509Certificate createAcIssuerCert(
-        PublicKey       pubKey,
-        PrivateKey      privKey)
-        throws Exception
-    {
-        //
-        // signers name 
-        //
-        String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // subjects name - the same as we are self signed.
-        //
-        String  subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // create the certificate - version 1
-        //
-
-        v1CertGen.setSerialNumber(BigInteger.valueOf(10));
-        v1CertGen.setIssuerDN(new X509Principal(issuer));
-        v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v1CertGen.setSubjectDN(new X509Principal(subject));
-        v1CertGen.setPublicKey(pubKey);
-        v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        X509Certificate cert = v1CertGen.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        return cert;
-    }
-    
-    /**
-     * we generate a certificate signed by our CA's intermediate certficate
-     */
-    public static X509Certificate createClientCert(
-        PublicKey       pubKey,
-        PrivateKey      caPrivKey,
-        PublicKey       caPubKey)
-        throws Exception
-    {
-        //
-        // issuer
-        //
-        String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // subjects name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.CN, "Eric H. Echidna");
-        attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.CN);
-        order.addElement(X509Principal.EmailAddress);
-
-        //
-        // create the certificate - version 3
-        //
-        v3CertGen.reset();
-
-        v3CertGen.setSerialNumber(BigInteger.valueOf(20));
-        v3CertGen.setIssuerDN(new X509Principal(issuer));
-        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v3CertGen.setSubjectDN(new X509Principal(order, attrs));
-        v3CertGen.setPublicKey(pubKey);
-        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        //
-        // add the extensions
-        //
-
-        v3CertGen.addExtension(
-            MiscObjectIdentifiers.netscapeCertType,
-            false,
-            new NetscapeCertType(NetscapeCertType.objectSigning | NetscapeCertType.smime));
-
-        X509Certificate cert = v3CertGen.generate(caPrivKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(caPubKey);
-
-        return cert;
-    }
-    
-    public static void main(String args[])
-        throws Exception
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        //
-        // personal keys
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16),
-            new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-            new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-            new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-            new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-            new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-            new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
-        //
-        // ca keys
-        //
-        RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec   caPrivKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16),
-            new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16),
-            new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16),
-            new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16),
-            new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16),
-            new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16),
-            new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16));
-
-        //
-        // set up the keys
-        //
-        KeyFactory          fact = KeyFactory.getInstance("RSA", "BC");
-        PrivateKey          caPrivKey = fact.generatePrivate(caPrivKeySpec);
-        PublicKey           caPubKey = fact.generatePublic(caPubKeySpec);
-        PrivateKey          privKey = fact.generatePrivate(privKeySpec);
-        PublicKey           pubKey = fact.generatePublic(pubKeySpec);
-
-        //
-        // note in this case we are using the CA certificate for both the client cetificate
-        // and the attribute certificate. This is to make the vcode simpler to read, in practice
-        // the CA for the attribute certificate should be different to that of the client certificate
-        //
-        X509Certificate     caCert = createAcIssuerCert(caPubKey, caPrivKey);
-        X509Certificate     clientCert = createClientCert(pubKey, caPrivKey, caPubKey);
-
-        // Instantiate a new AC generator
-        X509V2AttributeCertificateGenerator acGen = new X509V2AttributeCertificateGenerator();
-
-        acGen.reset();
-
-        //
-        // Holder: here we use the IssuerSerial form
-        //
-        acGen.setHolder(new AttributeCertificateHolder(clientCert));
-
-        // set the Issuer
-        acGen.setIssuer(new AttributeCertificateIssuer(caCert.getSubjectX500Principal()));
-
-        //
-        // serial number (as it's an example we don't have to keep track of the
-        // serials anyway
-        //
-        acGen.setSerialNumber(new BigInteger("1"));
-
-        // not Before
-        acGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-
-        // not After
-        acGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-
-        // signature Algorithmus
-        acGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        // the actual attributes
-        GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
-        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
-        roleSyntax.add(roleName);
-
-        // roleSyntax OID: 2.5.24.72
-        X509Attribute attributes = new X509Attribute("2.5.24.72",
-                new DERSequence(roleSyntax));
-
-        acGen.addAttribute(attributes);
-
-        //      finally create the AC
-        X509V2AttributeCertificate att = (X509V2AttributeCertificate)acGen
-                .generate(caPrivKey, "BC");
-
-        //
-        // starting here, we parse the newly generated AC
-        //
-
-        // Holder
-
-        AttributeCertificateHolder h = att.getHolder();
-        if (h.match(clientCert))
-        {
-            if (h.getEntityNames() != null)
-            {
-                System.out.println(h.getEntityNames().length + " entity names found");
-            }
-            if (h.getIssuer() != null)
-            {
-                System.out.println(h.getIssuer().length + " issuer names found, serial number " + h.getSerialNumber());
-            }
-            System.out.println("Matches original client x509 cert");
-        }
-
-        // Issuer
-        
-        AttributeCertificateIssuer issuer = att.getIssuer();
-        if (issuer.match(caCert))
-        {
-            if (issuer.getPrincipals() != null)
-            {
-                System.out.println(issuer.getPrincipals().length + " entity names found");
-            }
-            System.out.println("Matches original ca x509 cert");
-        }
-        
-        // Dates
-        System.out.println("valid not before: " + att.getNotBefore());
-        System.out.println("valid not before: " + att.getNotAfter());
-
-        // check the dates, an exception is thrown in checkValidity()...
-
-        try
-        {
-            att.checkValidity();
-            att.checkValidity(new Date());
-        }
-        catch (Exception e)
-        {
-            System.out.println(e);
-        }
-
-        // verify
-
-        try
-        {
-            att.verify(caPubKey, "BC");
-        }
-        catch (Exception e)
-        {
-            System.out.println(e);
-        }
-
-        // Attribute
-        X509Attribute[] attribs = att.getAttributes();
-        System.out.println("cert has " + attribs.length + " attributes:");
-        for (int i = 0; i < attribs.length; i++)
-        {
-            X509Attribute a = attribs[i];
-            System.out.println("OID: " + a.getOID());
-            
-            // currently we only check for the presence of a 'RoleSyntax' attribute
-
-            if (a.getOID().equals("2.5.24.72"))
-            {
-                System.out.println("rolesyntax read from cert!");
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/package.html
deleted file mode 100644
index 6262157db..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/examples/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
    
-Examples for X.509 attribute certificates.
-
    
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java
deleted file mode 100644
index 8de75d250..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package org.bouncycastle.x509.extension;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.PublicKey;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.PrincipalUtil;
-
-/**
- * A high level authority key identifier.
- */
-public class AuthorityKeyIdentifierStructure
-    extends AuthorityKeyIdentifier
-{
-    /**
-     * Constructor which will take the byte[] returned from getExtensionValue()
-     * 
-     * @param encodedValue a DER octet encoded string with the extension structure in it.
-     * @throws IOException on parsing errors.
-     */
-    public AuthorityKeyIdentifierStructure(
-        byte[]  encodedValue)
-        throws IOException
-    {
-        super((ASN1Sequence)X509ExtensionUtil.fromExtensionValue(encodedValue));
-    }
-
-    /**
-     * Constructor which will take an extension
-     *
-     * @param extension a X509Extension object containing an AuthorityKeyIdentifier.
-     */
-    public AuthorityKeyIdentifierStructure(
-        X509Extension extension)
-    {
-        super((ASN1Sequence)extension.getParsedValue());
-    }
-
-    private static ASN1Sequence fromCertificate(
-        X509Certificate certificate)
-        throws CertificateParsingException
-    {
-        try
-        {
-            if (certificate.getVersion() != 3)
-            {
-                GeneralName          genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
-                SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-                        (ASN1Sequence)new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
-                
-                return (ASN1Sequence)new AuthorityKeyIdentifier(
-                               info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
-            }
-            else
-            {
-                GeneralName             genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
-                
-                byte[]                  ext = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
-                
-                if (ext != null)
-                {
-                    ASN1OctetString     str = (ASN1OctetString)X509ExtensionUtil.fromExtensionValue(ext);
-                
-                    return (ASN1Sequence)new AuthorityKeyIdentifier(
-                                    str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
-                }
-                else
-                {
-                    SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-                            (ASN1Sequence)new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
-                    
-                    return (ASN1Sequence)new AuthorityKeyIdentifier(
-                            info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            throw new CertificateParsingException("Exception extracting certificate details: " + e.toString());
-        }
-    }
-    
-    private static ASN1Sequence fromKey(
-        PublicKey pubKey)
-        throws InvalidKeyException
-    {
-        try
-        {
-            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
-                                        (ASN1Sequence)new ASN1InputStream(pubKey.getEncoded()).readObject());
-        
-            return (ASN1Sequence)new AuthorityKeyIdentifier(info).toASN1Object();
-        }
-        catch (Exception e)
-        {
-            throw new InvalidKeyException("can't process key: " + e);
-        }
-    }
-    
-    /**
-     * Create an AuthorityKeyIdentifier using the passed in certificate's public
-     * key, issuer and serial number.
-     * 
-     * @param certificate the certificate providing the information.
-     * @throws CertificateParsingException if there is a problem processing the certificate
-     */
-    public AuthorityKeyIdentifierStructure(
-        X509Certificate certificate)
-        throws CertificateParsingException
-    {
-        super(fromCertificate(certificate));
-    }
-    
-    /**
-     * Create an AuthorityKeyIdentifier using just the hash of the 
-     * public key.
-     * 
-     * @param pubKey the key to generate the hash from.
-     * @throws InvalidKeyException if there is a problem using the key.
-     */
-    public AuthorityKeyIdentifierStructure(
-        PublicKey pubKey) 
-        throws InvalidKeyException
-    {
-        super(fromKey(pubKey));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java
deleted file mode 100644
index 8f54c6ef0..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.bouncycastle.x509.extension;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.PublicKey;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-/**
- * A high level subject key identifier.
- */
-public class SubjectKeyIdentifierStructure
-    extends SubjectKeyIdentifier
-{
-    /**
-     * Constructor which will take the byte[] returned from getExtensionValue()
-     * 
-     * @param encodedValue a DER octet encoded string with the extension structure in it.
-     * @throws IOException on parsing errors.
-     */
-    public SubjectKeyIdentifierStructure(
-        byte[]  encodedValue)
-        throws IOException
-    {
-        super((ASN1OctetString)X509ExtensionUtil.fromExtensionValue(encodedValue));
-    }
-    
-    private static ASN1OctetString fromPublicKey(
-        PublicKey pubKey)
-        throws InvalidKeyException
-    {
-        try
-        {
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pubKey.getEncoded());
-
-            return (ASN1OctetString)(new SubjectKeyIdentifier(info).toASN1Object());
-        }
-        catch (Exception e)
-        {
-            throw new InvalidKeyException("Exception extracting key details: " + e.toString());
-        }
-    }
-    
-    public SubjectKeyIdentifierStructure(
-        PublicKey pubKey)
-        throws InvalidKeyException
-    {
-        super(fromPublicKey(pubKey));
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
deleted file mode 100644
index 10ecc7d9e..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
+++ /dev/null
@@ -1,100 +0,0 @@
-package org.bouncycastle.x509.extension;
-
-import java.io.IOException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-
-
-public class X509ExtensionUtil
-{
-    public static ASN1Object fromExtensionValue(
-        byte[]  encodedValue) 
-        throws IOException
-    {
-        ASN1OctetString octs = (ASN1OctetString)ASN1Object.fromByteArray(encodedValue);
-        
-        return ASN1Object.fromByteArray(octs.getOctets());
-    }
-
-    public static Collection getIssuerAlternativeNames(X509Certificate cert)
-            throws CertificateParsingException
-    {
-        byte[] extVal = cert.getExtensionValue(X509Extensions.IssuerAlternativeName.getId());
-
-        return getAlternativeNames(extVal);
-    }
-
-    public static Collection getSubjectAlternativeNames(X509Certificate cert)
-            throws CertificateParsingException
-    {        
-        byte[] extVal = cert.getExtensionValue(X509Extensions.SubjectAlternativeName.getId());
-
-        return getAlternativeNames(extVal);
-    }
-
-    private static Collection getAlternativeNames(byte[] extVal)
-        throws CertificateParsingException
-    {
-        if (extVal == null)
-        {
-            return Collections.EMPTY_LIST;
-        }
-        try
-        {
-            Collection temp = new ArrayList();
-            Enumeration it = DERSequence.getInstance(fromExtensionValue(extVal)).getObjects();
-            while (it.hasMoreElements())
-            {
-                GeneralName genName = GeneralName.getInstance(it.nextElement());
-                List list = new ArrayList();
-                list.add(new Integer(genName.getTagNo()));
-                switch (genName.getTagNo())
-                {
-                case GeneralName.ediPartyName:
-                case GeneralName.x400Address:
-                case GeneralName.otherName:
-                    list.add(genName.getName().getDERObject());
-                    break;
-                case GeneralName.directoryName:
-                    list.add(X509Name.getInstance(genName.getName()).toString());
-                    break;
-                case GeneralName.dNSName:
-                case GeneralName.rfc822Name:
-                case GeneralName.uniformResourceIdentifier:
-                    list.add(((ASN1String)genName.getName()).getString());
-                    break;
-                case GeneralName.registeredID:
-                    list.add(DERObjectIdentifier.getInstance(genName.getName()).getId());
-                    break;
-                case GeneralName.iPAddress:
-                    list.add(DEROctetString.getInstance(genName.getName()).getOctets());
-                    break;
-                default:
-                    throw new IOException("Bad tag number: " + genName.getTagNo());
-                }
-
-                temp.add(list);
-            }
-            return Collections.unmodifiableCollection(temp);
-        }
-        catch (Exception e)
-        {
-            throw new CertificateParsingException(e.getMessage());
-        }
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/package.html
deleted file mode 100644
index abc2da578..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/extension/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-Helper classes for dealing with common X.509 extensions.
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/package.html b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/package.html
deleted file mode 100644
index b6b5298bc..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/package.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
    
-Classes for supporting the generation of X.509 certificates and X.509 attribute certificates.
-
    
-
-
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
deleted file mode 100644
index 71a98fe51..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
+++ /dev/null
@@ -1,1117 +0,0 @@
-package org.bouncycastle.x509.util;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.x509.CertificatePair;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
-import org.bouncycastle.jce.provider.X509AttrCertParser;
-import org.bouncycastle.jce.provider.X509CRLParser;
-import org.bouncycastle.jce.provider.X509CertPairParser;
-import org.bouncycastle.jce.provider.X509CertParser;
-import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509CertPairStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
-import org.bouncycastle.x509.X509CertificatePair;
-
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.security.auth.x500.X500Principal;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.sql.Date;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
-/**
- * This is a general purpose implementation to get X.509 certificates, CRLs,
- * attribute certificates and cross certificates from a LDAP location.
- * 
    
- * At first a search is performed in the ldap*AttributeNames of the
- * {@link org.bouncycastle.jce.X509LDAPCertStoreParameters} with the given
- * information of the subject (for all kind of certificates) or issuer (for
- * CRLs), respectively, if a {@link org.bouncycastle.x509.X509CertStoreSelector} or
- * {@link org.bouncycastle.x509.X509AttributeCertificate} is given with that
- * details.
- * 
    
- * For the used schemes see:
- * 
    
- */
-public class LDAPStoreHelper
-{
-
-    // TODO: cache results
-
-    private X509LDAPCertStoreParameters params;
-
-    public LDAPStoreHelper(X509LDAPCertStoreParameters params)
-    {
-        this.params = params;
-    }
-
-    /**
-     * Initial Context Factory.
-     */
-    private static String LDAP_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";
-
-    /**
-     * Processing referrals..
-     */
-    private static String REFERRALS_IGNORE = "ignore";
-
-    /**
-     * Security level to be used for LDAP connections.
-     */
-    private static final String SEARCH_SECURITY_LEVEL = "none";
-
-    /**
-     * Package Prefix for loading URL context factories.
-     */
-    private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url";
-
-    private DirContext connectLDAP() throws NamingException
-    {
-        Properties props = new Properties();
-        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
-        props.setProperty(Context.BATCHSIZE, "0");
-
-        props.setProperty(Context.PROVIDER_URL, params.getLdapURL());
-        props.setProperty(Context.URL_PKG_PREFIXES, URL_CONTEXT_PREFIX);
-        props.setProperty(Context.REFERRAL, REFERRALS_IGNORE);
-        props.setProperty(Context.SECURITY_AUTHENTICATION,
-            SEARCH_SECURITY_LEVEL);
-
-        DirContext ctx = new InitialDirContext(props);
-        return ctx;
-    }
-
-    private String parseDN(String subject, String dNAttributeName)
-    {
-        String temp = subject;
-        int begin = temp.toLowerCase().indexOf(
-            dNAttributeName.toLowerCase() + "=");
-        if (begin == -1)
-        {
-            return "";
-        }
-        temp = temp.substring(begin + dNAttributeName.length());
-        int end = temp.indexOf(',');
-        if (end == -1)
-        {
-            end = temp.length();
-        }
-        while (temp.charAt(end - 1) == '\\')
-        {
-            end = temp.indexOf(',', end + 1);
-            if (end == -1)
-            {
-                end = temp.length();
-            }
-        }
-        temp = temp.substring(0, end);
-        begin = temp.indexOf('=');
-        temp = temp.substring(begin + 1);
-        if (temp.charAt(0) == ' ')
-        {
-            temp = temp.substring(1);
-        }
-        if (temp.startsWith("\""))
-        {
-            temp = temp.substring(1);
-        }
-        if (temp.endsWith("\""))
-        {
-            temp = temp.substring(0, temp.length() - 1);
-        }
-        return temp;
-    }
-
-    private Set createCerts(List list, X509CertStoreSelector xselector)
-        throws StoreException
-    {
-        Set certSet = new HashSet();
-
-        Iterator it = list.iterator();
-        X509CertParser parser = new X509CertParser();
-        while (it.hasNext())
-        {
-            try
-            {
-                parser.engineInit(new ByteArrayInputStream((byte[])it
-                    .next()));
-                X509Certificate cert = (X509Certificate)parser
-                    .engineRead();
-                if (xselector.match((Object)cert))
-                {
-                    certSet.add(cert);
-                }
-
-            }
-            catch (Exception e)
-            {
-
-            }
-        }
-
-        return certSet;
-    }
-
-    /**
-     * Can use the subject and serial and the subject and serialNumber of the
-     * certificate of the given of the X509CertStoreSelector. If a certificate
-     * for checking is given this has higher precedence.
-     *
-     * @param xselector             The selector with the search criteria.
-     * @param attrs                 Attributes which contain the certificates in the LDAP
-     *                              directory.
-     * @param attrNames             Attribute names in teh LDAP directory which correspond to the
-     *                              subjectAttributeNames.
-     * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to
-     *                              search in the LDAP directory
-     * @return A list of found DER encoded certificates.
-     * @throws StoreException if an error occurs while searching.
-     */
-    private List certSubjectSerialSearch(X509CertStoreSelector xselector,
-                                         String[] attrs, String attrNames[], String subjectAttributeNames[])
-        throws StoreException
-    {
-        // TODO: support also subjectAltNames?
-        List list = new ArrayList();
-
-        String subject = null;
-        String serial = null;
-
-        subject = getSubjectAsString(xselector);
-
-        if (xselector.getSerialNumber() != null)
-        {
-            serial = xselector.getSerialNumber().toString();
-        }
-        if (xselector.getCertificate() != null)
-        {
-            subject = xselector.getCertificate().getSubjectX500Principal().getName("RFC1779");
-            serial = xselector.getCertificate().getSerialNumber().toString();
-        }
-
-        String attrValue = null;
-        if (subject != null)
-        {
-            for (int i = 0; i < subjectAttributeNames.length; i++)
-            {
-                attrValue = parseDN(subject, subjectAttributeNames[i]);
-                list
-                    .addAll(search(attrNames, "*" + attrValue + "*",
-                        attrs));
-            }
-        }
-        if (serial != null && params.getSearchForSerialNumberIn() != null)
-        {
-            attrValue = serial;
-            list.addAll(search(
-                splitString(params.getSearchForSerialNumberIn()),
-                                                  attrValue, attrs));
-        }
-        if (serial == null && subject == null)
-        {
-            list.addAll(search(attrNames, "*", attrs));
-        }
-
-        return list;
-    }
-
-
-
-    /**
-     * Can use the subject of the forward certificate of the set certificate
-     * pair or the subject of the forward
-     * {@link org.bouncycastle.x509.X509CertStoreSelector} of the given
-     * selector.
-     *
-     * @param xselector             The selector with the search criteria.
-     * @param attrs                 Attributes which contain the attribute certificates in the
-     *                              LDAP directory.
-     * @param attrNames             Attribute names in the LDAP directory which correspond to the
-     *                              subjectAttributeNames.
-     * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to
-     *                              search in the LDAP directory
-     * @return A list of found DER encoded certificate pairs.
-     * @throws StoreException if an error occurs while searching.
-     */
-    private List crossCertificatePairSubjectSearch(
-        X509CertPairStoreSelector xselector, String[] attrs,
-        String attrNames[], String subjectAttributeNames[])
-        throws StoreException
-    {
-        List list = new ArrayList();
-
-        // search for subject
-        String subject = null;
-
-        if (xselector.getForwardSelector() != null)
-        {
-            subject = getSubjectAsString(xselector.getForwardSelector());
-        }
-        if (xselector.getCertPair() != null)
-        {
-            if (xselector.getCertPair().getForward() != null)
-            {
-                subject = xselector.getCertPair().getForward()
-                    .getSubjectX500Principal().getName("RFC1779");
-            }
-        }
-        String attrValue = null;
-        if (subject != null)
-        {
-            for (int i = 0; i < subjectAttributeNames.length; i++)
-            {
-                attrValue = parseDN(subject, subjectAttributeNames[i]);
-                list
-                    .addAll(search(attrNames, "*" + attrValue + "*",
-                        attrs));
-            }
-        }
-        if (subject == null)
-        {
-            list.addAll(search(attrNames, "*", attrs));
-        }
-
-        return list;
-    }
-
-    /**
-     * Can use the entityName of the holder of the attribute certificate, the
-     * serialNumber of attribute certificate and the serialNumber of the
-     * associated certificate of the given of the X509AttributeCertSelector.
-     *
-     * @param xselector             The selector with the search criteria.
-     * @param attrs                 Attributes which contain the attribute certificates in the
-     *                              LDAP directory.
-     * @param attrNames             Attribute names in the LDAP directory which correspond to the
-     *                              subjectAttributeNames.
-     * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to
-     *                              search in the LDAP directory
-     * @return A list of found DER encoded attribute certificates.
-     * @throws StoreException if an error occurs while searching.
-     */
-    private List attrCertSubjectSerialSearch(
-        X509AttributeCertStoreSelector xselector, String[] attrs,
-        String attrNames[], String subjectAttributeNames[])
-        throws StoreException
-    {
-        List list = new ArrayList();
-
-        // search for serialNumber of associated cert,
-        // serialNumber of the attribute certificate or DN in the entityName
-        // of the holder
-
-        String subject = null;
-        String serial = null;
-
-        Collection serials = new HashSet();
-        Principal principals[] = null;
-        if (xselector.getHolder() != null)
-        {
-            // serialNumber of associated cert
-            if (xselector.getHolder().getSerialNumber() != null)
-            {
-                serials.add(xselector.getHolder().getSerialNumber()
-                    .toString());
-            }
-            // DN in the entityName of the holder
-            if (xselector.getHolder().getEntityNames() != null)
-            {
-                principals = xselector.getHolder().getEntityNames();
-            }
-        }
-
-        if (xselector.getAttributeCert() != null)
-        {
-            if (xselector.getAttributeCert().getHolder().getEntityNames() != null)
-            {
-                principals = xselector.getAttributeCert().getHolder()
-                    .getEntityNames();
-            }
-            // serialNumber of the attribute certificate
-            serials.add(xselector.getAttributeCert().getSerialNumber()
-                .toString());
-        }
-        if (principals != null)
-        {
-            // only first should be relevant
-            if (principals[0] instanceof X500Principal)
-            {
-                subject = ((X500Principal)principals[0])
-                    .getName("RFC1779");
-            }
-            else
-            {
-                // strange ...
-                subject = principals[0].getName();
-            }
-        }
-        if (xselector.getSerialNumber() != null)
-        {
-            serials.add(xselector.getSerialNumber().toString());
-        }
-
-        String attrValue = null;
-        if (subject != null)
-        {
-            for (int i = 0; i < subjectAttributeNames.length; i++)
-            {
-                attrValue = parseDN(subject, subjectAttributeNames[i]);
-                list
-                    .addAll(search(attrNames, "*" + attrValue + "*",
-                        attrs));
-            }
-        }
-        if (serials.size() > 0
-            && params.getSearchForSerialNumberIn() != null)
-        {
-            Iterator it = serials.iterator();
-            while (it.hasNext())
-            {
-                serial = (String)it.next();
-                list.addAll(search(splitString(params.getSearchForSerialNumberIn()), serial, attrs));
-            }
-        }
-        if (serials.size() == 0 && subject == null)
-        {
-            list.addAll(search(attrNames, "*", attrs));
-        }
-
-        return list;
-    }
-
-    /**
-     * Can use the issuer of the given of the X509CRLStoreSelector.
-     *
-     * @param xselector            The selector with the search criteria.
-     * @param attrs                Attributes which contain the attribute certificates in the
-     *                             LDAP directory.
-     * @param attrNames            Attribute names in the LDAP directory which correspond to the
-     *                             subjectAttributeNames.
-     * @param issuerAttributeNames Issuer attribute names (like "CN", "O", "OU") to use to search
-     *                             in the LDAP directory
-     * @return A list of found DER encoded CRLs.
-     * @throws StoreException if an error occurs while searching.
-     */
-    private List cRLIssuerSearch(X509CRLStoreSelector xselector,
-                                 String[] attrs, String attrNames[], String issuerAttributeNames[])
-        throws StoreException
-    {
-        List list = new ArrayList();
-
-        String issuer = null;
-        Collection issuers = new HashSet();
-/*
-        if (xselector.getIssuers() != null)
-        {
-            issuers.addAll(xselector.getIssuers());
-        }
-*/
-        if (xselector.getCertificateChecking() != null)
-        {
-            issuers.add(getCertificateIssuer(xselector.getCertificateChecking()));
-        }
-        if (xselector.getAttrCertificateChecking() != null)
-        {
-            Principal principals[] = xselector.getAttrCertificateChecking().getIssuer().getPrincipals();
-            for (int i=0; iList of encodings of the certificates, attribute
-     * certificates, CRL or certificate pairs.
-     *
-     * @param attributeNames The attribute names to look for in the LDAP.
-     * @param attributeValue The value the attribute name must have.
-     * @param attrs          The attributes in the LDAP which hold the certificate,
-     *                       attribute certificate, certificate pair or CRL in a found
-     *                       entry.
-     * @return A List of byte arrays with the encodings.
-     * @throws StoreException if an error occurs getting the results from the LDAP
-     *                        directory.
-     */
-    private List search(String attributeNames[], String attributeValue,
-                        String[] attrs) throws StoreException
-    {
-        String filter = null;
-        if (attributeNames == null)
-        {
-            filter = null;
-        }
-        else
-        {
-            filter = "";
-            if (attributeValue.equals("**"))
-            {
-                attributeValue = "*";
-            }
-            for (int i = 0; i < attributeNames.length; i++)
-            {
-                filter += "(" + attributeNames[i] + "=" + attributeValue + ")";
-            }
-            filter = "(|" + filter + ")";
-        }
-        String filter2 = "";
-        for (int i = 0; i < attrs.length; i++)
-        {
-            filter2 += "(" + attrs[i] + "=*)";
-        }
-        filter2 = "(|" + filter2 + ")";
-
-        String filter3 = "(&" + filter + "" + filter2 + ")";
-        if (filter == null)
-        {
-            filter3 = filter2;
-        }
-        List list;
-        list = getFromCache(filter3);
-        if (list != null)
-        {
-            return list;
-        }
-        DirContext ctx = null;
-        list = new ArrayList();
-        try
-        {
-
-            ctx = connectLDAP();
-
-            SearchControls constraints = new SearchControls();
-            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
-            constraints.setCountLimit(0);
-            constraints.setReturningAttributes(attrs);
-            NamingEnumeration results = ctx.search(params.getBaseDN(), filter3,
-                constraints);
-            while (results.hasMoreElements())
-            {
-                SearchResult sr = (SearchResult)results.next();
-                NamingEnumeration enumeration = ((Attribute)(sr
-                    .getAttributes().getAll().next())).getAll();
-                while (enumeration.hasMore())
-                {
-                    list.add(enumeration.next());
-                }
-            }
-            addToCache(filter3, list);
-        }
-        catch (NamingException e)
-        {
-            // skip exception, unfortunately if an attribute type is not
-            // supported an exception is thrown
-
-        }
-        finally
-        {
-            try
-            {
-                if (null != ctx)
-                {
-                    ctx.close();
-                }
-            }
-            catch (Exception e)
-            {
-            }
-        }
-        return list;
-    }
-
-    private Set createCRLs(List list, X509CRLStoreSelector xselector)
-        throws StoreException
-    {
-        Set crlSet = new HashSet();
-
-        X509CRLParser parser = new X509CRLParser();
-        Iterator it = list.iterator();
-        while (it.hasNext())
-        {
-            try
-            {
-                parser.engineInit(new ByteArrayInputStream((byte[])it
-                    .next()));
-                X509CRL crl = (X509CRL)parser.engineRead();
-                if (xselector.match((Object)crl))
-                {
-                    crlSet.add(crl);
-                }
-            }
-            catch (StreamParsingException e)
-            {
-
-            }
-        }
-
-        return crlSet;
-    }
-
-    private Set createCrossCertificatePairs(List list,
-                                            X509CertPairStoreSelector xselector) throws StoreException
-    {
-        Set certPairSet = new HashSet();
-
-        int i = 0;
-        while (i < list.size())
-        {
-            X509CertificatePair pair;
-            try
-            {
-                // first try to decode it as certificate pair
-                try
-                {
-                    X509CertPairParser parser = new X509CertPairParser();
-                    parser.engineInit(new ByteArrayInputStream(
-                        (byte[])list.get(i)));
-                    pair = (X509CertificatePair)parser.engineRead();
-                }
-                catch (StreamParsingException e)
-                {
-                    // now try it to construct it the forward and reverse
-                    // certificate
-                    byte[] forward = (byte[])list.get(i);
-                    byte[] reverse = (byte[])list.get(i + 1);
-                    pair = new X509CertificatePair(new CertificatePair(
-                        X509CertificateStructure
-                            .getInstance(new ASN1InputStream(
-                            forward).readObject()),
-                        X509CertificateStructure
-                            .getInstance(new ASN1InputStream(
-                            reverse).readObject())));
-                    i++;
-                }
-                if (xselector.match((Object)pair))
-                {
-                    certPairSet.add(pair);
-                }
-            }
-            catch (CertificateParsingException e)
-            {
-                // try next
-            }
-            catch (IOException e)
-            {
-                // try next
-            }
-            i++;
-        }
-
-        return certPairSet;
-    }
-
-    private Set createAttributeCertificates(List list,
-                                            X509AttributeCertStoreSelector xselector) throws StoreException
-    {
-        Set certSet = new HashSet();
-
-        Iterator it = list.iterator();
-        X509AttrCertParser parser = new X509AttrCertParser();
-        while (it.hasNext())
-        {
-            try
-            {
-                parser.engineInit(new ByteArrayInputStream((byte[])it
-                    .next()));
-                X509AttributeCertificate cert = (X509AttributeCertificate)parser
-                    .engineRead();
-                if (xselector.match((Object)cert))
-                {
-                    certSet.add(cert);
-                }
-            }
-            catch (StreamParsingException e)
-            {
-
-            }
-        }
-
-        return certSet;
-    }
-
-    /**
-     * Returns the CRLs for issued certificates for other CAs matching the given
-     * selector. 
    
-     * The authorityRevocationList attribute includes revocation information
-     * regarding certificates issued to other CAs.
-     *
-     * @param selector The CRL selector to use to find the CRLs.
-     * @return A possible empty collection with CRLs
-     * @throws StoreException
-     */
-    public Collection getAuthorityRevocationLists(X509CRLStoreSelector selector)
-        throws StoreException
-    {
-        String[] attrs = splitString(params.getAuthorityRevocationListAttribute());
-        String attrNames[] = splitString(params
-            .getLdapAuthorityRevocationListAttributeName());
-        String issuerAttributeNames[] = splitString(params
-            .getAuthorityRevocationListIssuerAttributeName());
-
-        List list = cRLIssuerSearch(selector, attrs, attrNames,
-            issuerAttributeNames);
-        Set resultSet = createCRLs(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
-            list = cRLIssuerSearch(emptySelector, attrs, attrNames,
-                issuerAttributeNames);
-
-            resultSet.addAll(createCRLs(list, selector));
-        }
-        return resultSet;
-    }
-
-    /**
-     * Returns the revocation list for revoked attribute certificates.
-     * 
    
-     * The attributeCertificateRevocationList holds a list of attribute
-     * certificates that have been revoked.
-     *
-     * @param selector The CRL selector to use to find the CRLs.
-     * @return A possible empty collection with CRLs.
-     * @throws StoreException
-     */
-    public Collection getAttributeCertificateRevocationLists(
-        X509CRLStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params
-            .getAttributeCertificateRevocationListAttribute());
-        String attrNames[] = splitString(params
-            .getLdapAttributeCertificateRevocationListAttributeName());
-        String issuerAttributeNames[] = splitString(params
-            .getAttributeCertificateRevocationListIssuerAttributeName());
-
-        List list = cRLIssuerSearch(selector, attrs, attrNames,
-            issuerAttributeNames);
-        Set resultSet = createCRLs(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
-            list = cRLIssuerSearch(emptySelector, attrs, attrNames,
-                issuerAttributeNames);
-
-            resultSet.addAll(createCRLs(list, selector));
-        }
-        return resultSet;
-    }
-
-    /**
-     * Returns the revocation list for revoked attribute certificates for an
-     * attribute authority
-     * 
    
-     * The attributeAuthorityList holds a list of AA certificates that have been
-     * revoked.
-     *
-     * @param selector The CRL selector to use to find the CRLs.
-     * @return A possible empty collection with CRLs
-     * @throws StoreException
-     */
-    public Collection getAttributeAuthorityRevocationLists(
-        X509CRLStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params.getAttributeAuthorityRevocationListAttribute());
-        String attrNames[] = splitString(params
-            .getLdapAttributeAuthorityRevocationListAttributeName());
-        String issuerAttributeNames[] = splitString(params
-            .getAttributeAuthorityRevocationListIssuerAttributeName());
-
-        List list = cRLIssuerSearch(selector, attrs, attrNames,
-            issuerAttributeNames);
-        Set resultSet = createCRLs(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
-            list = cRLIssuerSearch(emptySelector, attrs, attrNames,
-                issuerAttributeNames);
-
-            resultSet.addAll(createCRLs(list, selector));
-        }
-        return resultSet;
-    }
-
-    /**
-     * Returns cross certificate pairs.
-     *
-     * @param selector The selector to use to find the cross certificates.
-     * @return A possible empty collection with {@link X509CertificatePair}s
-     * @throws StoreException
-     */
-    public Collection getCrossCertificatePairs(
-        X509CertPairStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params.getCrossCertificateAttribute());
-        String attrNames[] = splitString(params.getLdapCrossCertificateAttributeName());
-        String subjectAttributeNames[] = splitString(params
-            .getCrossCertificateSubjectAttributeName());
-        List list = crossCertificatePairSubjectSearch(selector, attrs,
-            attrNames, subjectAttributeNames);
-        Set resultSet = createCrossCertificatePairs(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CertStoreSelector emptyCertselector = new X509CertStoreSelector();
-            X509CertPairStoreSelector emptySelector = new X509CertPairStoreSelector();
-
-            emptySelector.setForwardSelector(emptyCertselector);
-            emptySelector.setReverseSelector(emptyCertselector);
-            list = crossCertificatePairSubjectSearch(emptySelector, attrs,
-                attrNames, subjectAttributeNames);
-            resultSet.addAll(createCrossCertificatePairs(list, selector));
-        }
-        return resultSet;
-    }
-
-    /**
-     * Returns end certificates.
-     * 
    
-     * The attributeDescriptorCertificate is self signed by a source of
-     * authority and holds a description of the privilege and its delegation
-     * rules.
-     *
-     * @param selector The selector to find the certificates.
-     * @return A possible empty collection with certificates.
-     * @throws StoreException
-     */
-    public Collection getUserCertificates(X509CertStoreSelector selector)
-        throws StoreException
-    {
-        String[] attrs = splitString(params.getUserCertificateAttribute());
-        String attrNames[] = splitString(params.getLdapUserCertificateAttributeName());
-        String subjectAttributeNames[] = splitString(params
-            .getUserCertificateSubjectAttributeName());
-
-        List list = certSubjectSerialSearch(selector, attrs, attrNames,
-            subjectAttributeNames);
-        Set resultSet = createCerts(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CertStoreSelector emptySelector = new X509CertStoreSelector();
-            list = certSubjectSerialSearch(emptySelector, attrs, attrNames,
-                subjectAttributeNames);
-            resultSet.addAll(createCerts(list, selector));
-        }
-
-        return resultSet;
-    }
-
-    /**
-     * Returns attribute certificates for an attribute authority
-     * 
    
-     * The aAcertificate holds the privileges of an attribute authority.
-     *
-     * @param selector The selector to find the attribute certificates.
-     * @return A possible empty collection with attribute certificates.
-     * @throws StoreException
-     */
-    public Collection getAACertificates(X509AttributeCertStoreSelector selector)
-        throws StoreException
-    {
-        String[] attrs = splitString(params.getAACertificateAttribute());
-        String attrNames[] = splitString(params.getLdapAACertificateAttributeName());
-        String subjectAttributeNames[] = splitString(params.getAACertificateSubjectAttributeName());
-
-        List list = attrCertSubjectSerialSearch(selector, attrs, attrNames,
-            subjectAttributeNames);
-        Set resultSet = createAttributeCertificates(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
-            list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames,
-                subjectAttributeNames);
-            resultSet.addAll(createAttributeCertificates(list, selector));
-        }
-
-        return resultSet;
-    }
-
-    /**
-     * Returns an attribute certificate for an authority
-     * 
    
-     * The attributeDescriptorCertificate is self signed by a source of
-     * authority and holds a description of the privilege and its delegation
-     * rules.
-     *
-     * @param selector The selector to find the attribute certificates.
-     * @return A possible empty collection with attribute certificates.
-     * @throws StoreException
-     */
-    public Collection getAttributeDescriptorCertificates(
-        X509AttributeCertStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params.getAttributeDescriptorCertificateAttribute());
-        String attrNames[] = splitString(params
-            .getLdapAttributeDescriptorCertificateAttributeName());
-        String subjectAttributeNames[] = splitString(params
-            .getAttributeDescriptorCertificateSubjectAttributeName());
-
-        List list = attrCertSubjectSerialSearch(selector, attrs, attrNames,
-            subjectAttributeNames);
-        Set resultSet = createAttributeCertificates(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
-            list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames,
-                subjectAttributeNames);
-            resultSet.addAll(createAttributeCertificates(list, selector));
-        }
-
-        return resultSet;
-    }
-
-    /**
-     * Returns CA certificates.
-     * 
    
-     * The cACertificate attribute of a CA's directory entry shall be used to
-     * store self-issued certificates (if any) and certificates issued to this
-     * CA by CAs in the same realm as this CA.
-     *
-     * @param selector The selector to find the certificates.
-     * @return A possible empty collection with certificates.
-     * @throws StoreException
-     */
-    public Collection getCACertificates(X509CertStoreSelector selector)
-        throws StoreException
-    {
-        String[] attrs = splitString(params.getCACertificateAttribute());
-        String attrNames[] = splitString(params.getLdapCACertificateAttributeName());
-        String subjectAttributeNames[] = splitString(params
-            .getCACertificateSubjectAttributeName());
-        List list = certSubjectSerialSearch(selector, attrs, attrNames,
-            subjectAttributeNames);
-        Set resultSet = createCerts(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CertStoreSelector emptySelector = new X509CertStoreSelector();
-            list = certSubjectSerialSearch(emptySelector, attrs, attrNames,
-                subjectAttributeNames);
-            resultSet.addAll(createCerts(list, selector));
-        }
-        return resultSet;
-    }
-
-    /**
-     * Returns the delta revocation list for revoked certificates.
-     *
-     * @param selector The CRL selector to use to find the CRLs.
-     * @return A possible empty collection with CRLs.
-     * @throws StoreException
-     */
-    public Collection getDeltaCertificateRevocationLists(
-        X509CRLStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params.getDeltaRevocationListAttribute());
-        String attrNames[] = splitString(params.getLdapDeltaRevocationListAttributeName());
-        String issuerAttributeNames[] = splitString(params
-            .getDeltaRevocationListIssuerAttributeName());
-        List list = cRLIssuerSearch(selector, attrs, attrNames,
-            issuerAttributeNames);
-        Set resultSet = createCRLs(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
-            list = cRLIssuerSearch(emptySelector, attrs, attrNames,
-                issuerAttributeNames);
-
-            resultSet.addAll(createCRLs(list, selector));
-        }
-        return resultSet;
-    }
-
-    /**
-     * Returns an attribute certificate for an user.
-     * 
    
-     * The attributeCertificateAttribute holds the privileges of a user
-     *
-     * @param selector The selector to find the attribute certificates.
-     * @return A possible empty collection with attribute certificates.
-     * @throws StoreException
-     */
-    public Collection getAttributeCertificateAttributes(
-        X509AttributeCertStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params.getAttributeCertificateAttributeAttribute());
-        String attrNames[] = splitString(params
-            .getLdapAttributeCertificateAttributeAttributeName());
-        String subjectAttributeNames[] = splitString(params
-            .getAttributeCertificateAttributeSubjectAttributeName());
-        List list = attrCertSubjectSerialSearch(selector, attrs, attrNames,
-            subjectAttributeNames);
-        Set resultSet = createAttributeCertificates(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
-            list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames,
-                subjectAttributeNames);
-            resultSet.addAll(createAttributeCertificates(list, selector));
-        }
-
-        return resultSet;
-    }
-
-    /**
-     * Returns the certificate revocation lists for revoked certificates.
-     *
-     * @param selector The CRL selector to use to find the CRLs.
-     * @return A possible empty collection with CRLs.
-     * @throws StoreException
-     */
-    public Collection getCertificateRevocationLists(
-        X509CRLStoreSelector selector) throws StoreException
-    {
-        String[] attrs = splitString(params.getCertificateRevocationListAttribute());
-        String attrNames[] = splitString(params
-            .getLdapCertificateRevocationListAttributeName());
-        String issuerAttributeNames[] = splitString(params
-            .getCertificateRevocationListIssuerAttributeName());
-        List list = cRLIssuerSearch(selector, attrs, attrNames,
-            issuerAttributeNames);
-        Set resultSet = createCRLs(list, selector);
-        if (resultSet.size() == 0)
-        {
-            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
-            list = cRLIssuerSearch(emptySelector, attrs, attrNames,
-                issuerAttributeNames);
-
-            resultSet.addAll(createCRLs(list, selector));
-        }
-        return resultSet;
-    }
-
-    private Map cacheMap = new HashMap(cacheSize);
-
-    private static int cacheSize = 32;
-
-    private static long lifeTime = 60 * 1000;
-
-    private synchronized void addToCache(String searchCriteria, List list)
-    {
-        Date now = new Date(System.currentTimeMillis());
-        List cacheEntry = new ArrayList();
-        cacheEntry.add(now);
-        cacheEntry.add(list);
-        if (cacheMap.containsKey(searchCriteria))
-        {
-            cacheMap.put(searchCriteria, cacheEntry);
-        }
-        else
-        {
-            if (cacheMap.size() >= cacheSize)
-            {
-                // replace oldest
-                Iterator it = cacheMap.entrySet().iterator();
-                long oldest = now.getTime();
-                Object replace = null;
-                while (it.hasNext())
-                {
-                    Map.Entry entry = (Map.Entry)it.next();
-                    long current = ((Date)((List)entry.getValue()).get(0))
-                        .getTime();
-                    if (current < oldest)
-                    {
-                        oldest = current;
-                        replace = entry.getKey();
-                    }
-                }
-                cacheMap.remove(replace);
-            }
-            cacheMap.put(searchCriteria, cacheEntry);
-        }
-    }
-
-    private List getFromCache(String searchCriteria)
-    {
-        List entry = (List)cacheMap.get(searchCriteria);
-        long now = System.currentTimeMillis();
-        if (entry != null)
-        {
-            // too old
-            if (((Date)entry.get(0)).getTime() < (now - lifeTime))
-            {
-                return null;
-            }
-            return (List)entry.get(1);
-        }
-        return null;
-    }
-
-    /*
-     * spilt string based on spaces
-     */
-    private String[] splitString(String str)
-    {
-        return str.split("\\s+");
-    }
-
-    private String getSubjectAsString(X509CertStoreSelector xselector)
-    {
-        try
-        {
-            byte[] encSubject = xselector.getSubjectAsBytes();
-            if (encSubject != null)
-            {
-                return new X500Principal(encSubject).getName("RFC1779");
-            }
-        }
-        catch (IOException e)
-        {
-            throw new StoreException("exception processing name: " + e.getMessage(), e);
-        }
-        return null;
-    }
-
-    private X500Principal getCertificateIssuer(X509Certificate cert)
-    {
-        return cert.getIssuerX500Principal();
-    }
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParser.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParser.java
deleted file mode 100644
index 260489468..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParser.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.bouncycastle.x509.util;
-
-import java.util.Collection;
-
-public interface StreamParser
-{
-    Object read() throws StreamParsingException;
-
-    Collection readAll() throws StreamParsingException;
-}
diff --git a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java b/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java
deleted file mode 100644
index 8f69ff6c3..000000000
--- a/fine-bcprov-old/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.bouncycastle.x509.util;
-
-public class StreamParsingException 
-    extends Exception
-{
-    Throwable _e;
-
-    public StreamParsingException(String message, Throwable e)
-    {
-        super(message);
-        _e = e;
-    }
-
-    public Throwable getCause()
-    {
-        return _e;
-    }
-}
diff --git a/fine-bcprov-old/src/main/resources/cmp/sample_cr.der b/fine-bcprov-old/src/main/resources/cmp/sample_cr.der
deleted file mode 100644
index 6322bee0551ad2a2c90df95e06234c5fa26699cd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 489
zcmXqLVti`Qc!!CRX^E_Xv>}fH7aMaZ3o{S1V^Dx0w*e=J$0p3=?6Jhsz}!&KfFB~w
z;h2(}ndj_iXeeqR3=-nv;c@kHa&}Y*PRuRHNk!5c?7Gm+z=e%dtIebBTP?d2uYoy>
zOmSjPiC?~NVo6DAQFumTNk~R!ad1gdW?s5yu>m_9t2Q4qlN1vZ3j@$S9NKJ*tgIZ2
zOp63q_<~dOQc{b&JzaE-3=Axm@U!q58W|Xy8JHUwnp&EeEEQrAczjL
-Date: Fri, 06 Sep 2002 00:25:21 -0300 
-Content-Type: multipart/signed;
-    micalg=SHA1;
-    boundary="----=_NextBoundry____Fri,_06_Sep_2002_00:25:21";
-    protocol="application/pkcs7-signature"
-
-This is a multi-part message in MIME format.
-
-------=_NextBoundry____Fri,_06_Sep_2002_00:25:21
-
-This is some sample content.
-------=_NextBoundry____Fri,_06_Sep_2002_00:25:21
-Content-Type: application/pkcs7-signature; name=smime.p7s
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename=smime.p7s
-
-MIIDdwYJKoZIhvcNAQcCoIIDaDCCA2QCAQExCTAHBgUrDgMCGjALBgkqhkiG9w0BBwGgggLgMIIC
-3DCCApugAwIBAgICAMgwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDTk5MDgxNzAx
-MTA0OVoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIQWxpY2VEU1MwggG2MIIBKwYHKoZIzjgE
-ATCCAR4CgYEAgY3N7YPqCp45PsJIKKPkR5PdDteoDuxTxauECE//lOFzSH4M1vNESNH+n6+koYkv
-4dkwyDbeP5u/t0zcX2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iLVPE/sAcIR01diMPDtbPjVQh11Tl2
-EMR4vf+dsISXN/LkURu15AmWXPN+W9sCFQDiR6YaRWa4E8baj7g3IStii/eTzQKBgCY40BSJMqo5
-+z5t2UtZakx2IzkEAjVc8ssaMMMeUF3dm1nizaoFPVjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G3q
-nMkhijt2FOnOLl2jB80jhbgvMAF8bUmJEYk2RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ/5h0wtGB
-SmA5ujY5A4GEAAKBgFzjuVp1FJYLqXrd4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3V1ExI9Q1tv5VG/
-+onyohs+JH09B41bY8i7RaWgSuOF1s4GgD/oI34a8iSrUxq4Jw0e7wi/ZhSAXGKsZfoVi/G7NNTS
-ljf2YUeyxDKE8H5BQP1Gp2NOM/Kl4vTyg+W4o4GBMH8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E
-BAMCBsAwHwYDVR0jBBgwFoAUcEQ+gi5vh95K03XjPSC8QyuT8R8wHQYDVR0OBBYEFL5sobPjwfft
-Q3CkzhMB4v3jl/7NMB8GA1UdEQQYMBaBFEFsaWNlRFNTQGV4YW1wbGUuY29tMAkGByqGSM44BAMD
-MAAwLQIUVQykGR9CK4lxIjONg2q1PWdrv0UCFQCfYVNSVAtcst3a53Yd4hBSW0NevTFjMGECAQEw
-GDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAHBgUrDgMCGjAJBgcqhkjOOAQDBC4wLAIUM/mGf6gk
-gp9Z0XtRdGimJeB/BxUCFGFFJqwYRt1WYcIOQoGiaowqGzVI
-
-------=_NextBoundry____Fri,_06_Sep_2002_00:25:21--
diff --git a/fine-bcprov-old/src/main/resources/rfc4134/4.9.eml b/fine-bcprov-old/src/main/resources/rfc4134/4.9.eml
deleted file mode 100644
index 543157589..000000000
--- a/fine-bcprov-old/src/main/resources/rfc4134/4.9.eml
+++ /dev/null
@@ -1,28 +0,0 @@
-MIME-Version: 1.0
-To: User2@examples.com
-From: aliceDss@examples.com
-Subject: Example 4.9
-Message-Id: <021031164540300.304@examples.com>
-Date: Thu, 31 Oct 2002 16:45:14 -0300 
-Content-Type: application/pkcs7-mime; smime-type=signed-data;
-    name=smime.p7m
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename=smime.p7m
-
-MIIDmQYJKoZIhvcNAQcCoIIDijCCA4YCAQExCTAHBgUrDgMCGjAtBgkqhkiG9w0BBwGgIAQeDQpU
-aGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIIC4DCCAtwwggKboAMCAQICAgDIMAkGByqGSM44
-BAMwEjEQMA4GA1UEAxMHQ2FybERTUzAeFw05OTA4MTcwMTEwNDlaFw0zOTEyMzEyMzU5NTlaMBMx
-ETAPBgNVBAMTCEFsaWNlRFNTMIIBtjCCASsGByqGSM44BAEwggEeAoGBAIGNze2D6gqeOT7CSCij
-5EeT3Q7XqA7sU8WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg23j+bv7dM3F9piuR10DcMkQiV
-m96nXvn89J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dhDEeL3/nbCElzfy5FEbteQJllzzflvb
-AhUA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUiTKqOfs+bdlLWWpMdiM5BAI1XPLLGjDDHlBd
-3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oIXks+kPht6pzJIYo7dhTpzi5dowfNI4W4LzABfG1J
-iRGJNkS9+MiVSlNWteL5c+waYTYfEX/Cve3RUP+YdMLRgUpgObo2OQOBhAACgYBc47ladRSWC6l6
-3eM/qeysXty9txMRNKYWiSgRI9k0hmd1dRMSPUNbb+VRv/qJ8qIbPiR9PQeNW2PIu0WloErjhdbO
-BoA/6CN+GvIkq1MauCcNHu8Iv2YUgFxirGX6FYvxuzTU0pY39mFHssQyhPB+QUD9RqdjTjPypeL0
-8oPluKOBgTB/MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIu
-b4feStN14z0gvEMrk/EfMB0GA1UdDgQWBBS+bKGz48H37UNwpM4TAeL945f+zTAfBgNVHREEGDAW
-gRRBbGljZURTU0BleGFtcGxlLmNvbTAJBgcqhkjOOAQDAzAAMC0CFFUMpBkfQiuJcSIzjYNqtT1n
-a79FAhUAn2FTUlQLXLLd2ud2HeIQUltDXr0xYzBhAgEBMBgwEjEQMA4GA1UEAxMHQ2FybERTUwIC
-AMgwBwYFKw4DAhowCQYHKoZIzjgEAwQuMCwCFD1cSW6LIUFzeXle3YI5SKSBer/sAhQmCq7s/CTF
-HOEjgASeUjbMpx5g6A==
diff --git a/fine-bcprov-old/src/main/resources/rfc4134/5.3.eml b/fine-bcprov-old/src/main/resources/rfc4134/5.3.eml
deleted file mode 100644
index 55013adcf..000000000
--- a/fine-bcprov-old/src/main/resources/rfc4134/5.3.eml
+++ /dev/null
@@ -1,19 +0,0 @@
-MIME-Version: 1.0
-Message-Id: <00103112005203.00349@amyemily.ig.com>
-Date: Tue, 31 Oct 2000 12:00:52 -0600 (Central Standard Time)
-From: User1
-To: User2
-Subject: Example 5.3
-Content-Type: application/pkcs7-mime;
-	name=smime.p7m;
-	smime-type=enveloped-data
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename=smime.p7m
-
-MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJsUlNB
-AhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAC3EN5nGIiJi2lsGPcP2iJ97a4e8k
-bKQz36zg6Z2i0yx6zYC4mZ7mX7FBs3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadCDgO8/nUkUNYeNxJ
-tuzubGgzoyEd8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHRLFf02hosdR8wQwYJKoZI
-hvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43LrY4OxUk660cu1lXeCSFOSOpO
-J7FuVyU=
-

From 0087ad7cb2e6400d313a2cf77c4aec8a8bdfe586 Mon Sep 17 00:00:00 2001
From: charile_Lu 
Date: Wed, 22 Jul 2020 15:20:13 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E5=88=A0=E9=99=A4gradle=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E4=B8=AD=E5=92=8Cfine-bcprov-old=E7=9B=B8=E5=85=B3=E7=9A=84?=
 =?UTF-8?q?=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 build.third_step2-jdk11.gradle | 3 ---
 build.third_step2.gradle       | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/build.third_step2-jdk11.gradle b/build.third_step2-jdk11.gradle
index d59f865b8..94e5ad6e2 100644
--- a/build.third_step2-jdk11.gradle
+++ b/build.third_step2-jdk11.gradle
@@ -31,7 +31,6 @@ sourceSets{
 	main{
 		java{
 			srcDirs=[
-					"${srcDir}/fine-bcprov-old/src/main/java",
 					"${srcDir}/fine-byte-buddy/src/main/java",
                     "${srcDir}/fine-cglib/src/main/java",
 					"${srcDir}/fine-commons-fileupload/src/main/java",
@@ -60,8 +59,6 @@ sourceSets{
 }
 
 def resourceDirs = [
-	"${srcDir}/fine-bcprov-old/src/main/java",
-	"${srcDir}/fine-bcprov-old/src/main/resources",
 	"${srcDir}/fine-byte-buddy/src/main/java",
 	"${srcDir}/fine-byte-buddy/src/main/resources",
 	"${srcDir}/fine-cglib/src/main/java",
diff --git a/build.third_step2.gradle b/build.third_step2.gradle
index 7847a05cc..9c8904df2 100644
--- a/build.third_step2.gradle
+++ b/build.third_step2.gradle
@@ -24,7 +24,6 @@ sourceSets{
 	main{
 		java{
 			srcDirs=[
-					"${srcDir}/fine-bcprov-old/src/main/java",
 					"${srcDir}/fine-byte-buddy/src/main/java",
                     "${srcDir}/fine-cglib/src/main/java",
 					"${srcDir}/fine-commons-fileupload/src/main/java",
@@ -97,8 +96,6 @@ def dataContent ={def dir ->
 task copyFiles(type:Copy,dependsOn:'compileJava'){
 	copy{
 		println "------------------------------------------------copyfiles"
-		with dataContent.call("${srcDir}/fine-bcprov-old/src/main/java")
-		with dataContent.call("${srcDir}/fine-bcprov-old/src/main/resources")
 		with dataContent.call("${srcDir}/fine-byte-buddy/src/main/java")
 		with dataContent.call("${srcDir}/fine-byte-buddy/src/main/resources")
 		with dataContent.call("${srcDir}/fine-cglib/src/main/java")