From 43905ff30b187d8d1d1dee50e722f47fd8a93144 Mon Sep 17 00:00:00 2001 From: Michael Koch Date: Wed, 30 Apr 2003 07:23:42 +0000 Subject: [PATCH] Engine.java, [...]: New files from classpath. 2003-04-30 Michael Koch * gnu/java/security/Engine.java, gnu/java/security/OID.java, gnu/java/security/der/BitString.java, gnu/java/security/der/DER.java, gnu/java/security/der/DERReader.java, gnu/java/security/der/DERValue.java, gnu/java/security/der/DERWriter.java, gnu/java/security/provider/DSAKeyFactory.java, gnu/java/security/provider/X509CertificateFactory.java, gnu/java/security/x509/X500DistinguishedName.java, gnu/java/security/x509/X509CRL.java, gnu/java/security/x509/X509CRLEntry.java, gnu/java/security/x509/X509Certificate.java, java/security/cert/CRLSelector.java, java/security/cert/CertPathBuilder.java, java/security/cert/CertPathBuilderResult.java, java/security/cert/CertPathBuilderSpi.java, java/security/cert/CertPathParameters.java, java/security/cert/CertPathValidator.java, java/security/cert/CertPathValidatorResult.java, java/security/cert/CertPathValidatorSpi.java, java/security/cert/CertSelector.java, java/security/cert/CertStore.java, java/security/cert/CertStoreParameters.java, java/security/cert/CertStoreSpi.java, java/security/cert/CollectionCertStoreParameters.java, java/security/cert/LDAPCertStoreParameters.java, java/security/cert/PKIXBuilderParameters.java, java/security/cert/PKIXCertPathBuilderResult.java, java/security/cert/PKIXCertPathChecker.java, java/security/cert/PKIXCertPathValidatorResult.java, java/security/cert/PKIXParameters.java, java/security/cert/PolicyNode.java, java/security/cert/PolicyQualifierInfo.java, java/security/cert/TrustAnchor.java, javax/security/auth/x500/X500Principal.java: New files from classpath. * gnu/java/io/ASN1ParsingException.java, gnu/java/io/Base64InputStream.java, gnu/java/security/der/DEREncodingException.java, gnu/java/security/provider/DSAParameters.java, gnu/java/security/provider/DSASignature.java, gnu/java/security/provider/Gnu.java, gnu/java/security/provider/GnuDSAPrivateKey.java, gnu/java/security/provider/GnuDSAPublicKey.java, java/security/AlgorithmParameterGenerator.java, java/security/AlgorithmParameters.java, java/security/KeyFactory.java, java/security/KeyPairGenerator.java, java/security/KeyStore.java, java/security/MessageDigest.java, java/security/SecureClassLoader.java, java/security/SecureRandom.java, java/security/Security.java, java/security/Signature.java, java/security/cert/Certificate.java, java/security/cert/CertificateFactory.java, java/security/cert/CertificateFactorySpi.java, java/security/cert/X509CRL.java, java/security/cert/X509Certificate.java, java/security/spec/DSAPublicKeySpec.java: New versions from classpath. * gnu/java/security/provider/DERReader.java, gnu/java/security/provider/DERWriter.java, java/security/Engine.java: Removed. * Makefile.am (java_source_files, javax_source_files): Added new files. * Makefile.in: Regenerated. From-SVN: r66283 --- libjava/ChangeLog | 71 ++ libjava/Makefile.am | 41 +- libjava/Makefile.in | 84 +- libjava/gnu/java/io/ASN1ParsingException.java | 56 ++ libjava/gnu/java/io/Base64InputStream.java | 191 ++++ libjava/{ => gnu}/java/security/Engine.java | 99 ++- libjava/gnu/java/security/OID.java | 511 +++++++++++ libjava/gnu/java/security/der/BitString.java | 317 +++++++ libjava/gnu/java/security/der/DER.java | 90 ++ .../security/der/DEREncodingException.java | 7 +- libjava/gnu/java/security/der/DERReader.java | 382 ++++++++ libjava/gnu/java/security/der/DERValue.java | 168 ++++ libjava/gnu/java/security/der/DERWriter.java | 324 +++++++ .../gnu/java/security/provider/DERReader.java | 152 ---- .../gnu/java/security/provider/DERWriter.java | 142 --- .../java/security/provider/DSAKeyFactory.java | 134 +++ .../java/security/provider/DSAParameters.java | 54 +- .../java/security/provider/DSASignature.java | 40 +- libjava/gnu/java/security/provider/Gnu.java | 27 +- .../security/provider/GnuDSAPrivateKey.java | 6 + .../security/provider/GnuDSAPublicKey.java | 8 +- .../provider/X509CertificateFactory.java | 269 ++++++ .../security/x509/X500DistinguishedName.java | 824 ++++++++++++++++++ libjava/gnu/java/security/x509/X509CRL.java | 404 +++++++++ .../gnu/java/security/x509/X509CRLEntry.java | 236 +++++ .../java/security/x509/X509Certificate.java | 693 +++++++++++++++ .../security/AlgorithmParameterGenerator.java | 8 +- .../java/security/AlgorithmParameters.java | 6 + libjava/java/security/KeyFactory.java | 6 + libjava/java/security/KeyPairGenerator.java | 13 +- libjava/java/security/KeyStore.java | 6 + libjava/java/security/MessageDigest.java | 12 +- libjava/java/security/SecureClassLoader.java | 2 +- libjava/java/security/SecureRandom.java | 12 +- libjava/java/security/Security.java | 2 +- libjava/java/security/Signature.java | 12 +- libjava/java/security/cert/CRLSelector.java | 69 ++ .../java/security/cert/CertPathBuilder.java | 237 +++++ .../security/cert/CertPathBuilderResult.java | 63 ++ .../security/cert/CertPathBuilderSpi.java | 74 ++ .../security/cert/CertPathParameters.java | 58 ++ .../java/security/cert/CertPathValidator.java | 248 ++++++ .../cert/CertPathValidatorResult.java | 63 ++ .../security/cert/CertPathValidatorSpi.java | 79 ++ libjava/java/security/cert/CertSelector.java | 58 ++ libjava/java/security/cert/CertStore.java | 295 +++++++ .../security/cert/CertStoreParameters.java | 60 ++ libjava/java/security/cert/CertStoreSpi.java | 102 +++ libjava/java/security/cert/Certificate.java | 145 ++- .../security/cert/CertificateFactory.java | 390 +++++---- .../security/cert/CertificateFactorySpi.java | 84 +- .../cert/CollectionCertStoreParameters.java | 121 +++ .../cert/LDAPCertStoreParameters.java | 140 +++ .../security/cert/PKIXBuilderParameters.java | 145 +++ .../cert/PKIXCertPathBuilderResult.java | 101 +++ .../security/cert/PKIXCertPathChecker.java | 133 +++ .../cert/PKIXCertPathValidatorResult.java | 142 +++ .../java/security/cert/PKIXParameters.java | 546 ++++++++++++ libjava/java/security/cert/PolicyNode.java | 102 +++ .../security/cert/PolicyQualifierInfo.java | 172 ++++ libjava/java/security/cert/TrustAnchor.java | 188 ++++ libjava/java/security/cert/X509CRL.java | 15 + .../java/security/cert/X509Certificate.java | 297 +++++-- .../java/security/spec/DSAPublicKeySpec.java | 2 +- .../security/auth/x500/X500Principal.java | 147 ++++ 65 files changed, 9043 insertions(+), 642 deletions(-) create mode 100644 libjava/gnu/java/io/ASN1ParsingException.java create mode 100644 libjava/gnu/java/io/Base64InputStream.java rename libjava/{ => gnu}/java/security/Engine.java (58%) create mode 100644 libjava/gnu/java/security/OID.java create mode 100644 libjava/gnu/java/security/der/BitString.java create mode 100644 libjava/gnu/java/security/der/DER.java create mode 100644 libjava/gnu/java/security/der/DERReader.java create mode 100644 libjava/gnu/java/security/der/DERValue.java create mode 100644 libjava/gnu/java/security/der/DERWriter.java delete mode 100644 libjava/gnu/java/security/provider/DERReader.java delete mode 100644 libjava/gnu/java/security/provider/DERWriter.java create mode 100644 libjava/gnu/java/security/provider/DSAKeyFactory.java create mode 100644 libjava/gnu/java/security/provider/X509CertificateFactory.java create mode 100644 libjava/gnu/java/security/x509/X500DistinguishedName.java create mode 100644 libjava/gnu/java/security/x509/X509CRL.java create mode 100644 libjava/gnu/java/security/x509/X509CRLEntry.java create mode 100644 libjava/gnu/java/security/x509/X509Certificate.java create mode 100644 libjava/java/security/cert/CRLSelector.java create mode 100644 libjava/java/security/cert/CertPathBuilder.java create mode 100644 libjava/java/security/cert/CertPathBuilderResult.java create mode 100644 libjava/java/security/cert/CertPathBuilderSpi.java create mode 100644 libjava/java/security/cert/CertPathParameters.java create mode 100644 libjava/java/security/cert/CertPathValidator.java create mode 100644 libjava/java/security/cert/CertPathValidatorResult.java create mode 100644 libjava/java/security/cert/CertPathValidatorSpi.java create mode 100644 libjava/java/security/cert/CertSelector.java create mode 100644 libjava/java/security/cert/CertStore.java create mode 100644 libjava/java/security/cert/CertStoreParameters.java create mode 100644 libjava/java/security/cert/CertStoreSpi.java create mode 100644 libjava/java/security/cert/CollectionCertStoreParameters.java create mode 100644 libjava/java/security/cert/LDAPCertStoreParameters.java create mode 100644 libjava/java/security/cert/PKIXBuilderParameters.java create mode 100644 libjava/java/security/cert/PKIXCertPathBuilderResult.java create mode 100644 libjava/java/security/cert/PKIXCertPathChecker.java create mode 100644 libjava/java/security/cert/PKIXCertPathValidatorResult.java create mode 100644 libjava/java/security/cert/PKIXParameters.java create mode 100644 libjava/java/security/cert/PolicyNode.java create mode 100644 libjava/java/security/cert/PolicyQualifierInfo.java create mode 100644 libjava/java/security/cert/TrustAnchor.java create mode 100644 libjava/javax/security/auth/x500/X500Principal.java diff --git a/libjava/ChangeLog b/libjava/ChangeLog index a40c89c599b..1ef6a516c01 100644 --- a/libjava/ChangeLog +++ b/libjava/ChangeLog @@ -1,3 +1,74 @@ +2003-04-30 Michael Koch + + * gnu/java/security/Engine.java, + gnu/java/security/OID.java, + gnu/java/security/der/BitString.java, + gnu/java/security/der/DER.java, + gnu/java/security/der/DERReader.java, + gnu/java/security/der/DERValue.java, + gnu/java/security/der/DERWriter.java, + gnu/java/security/provider/DSAKeyFactory.java, + gnu/java/security/provider/X509CertificateFactory.java, + gnu/java/security/x509/X500DistinguishedName.java, + gnu/java/security/x509/X509CRL.java, + gnu/java/security/x509/X509CRLEntry.java, + gnu/java/security/x509/X509Certificate.java, + java/security/cert/CRLSelector.java, + java/security/cert/CertPathBuilder.java, + java/security/cert/CertPathBuilderResult.java, + java/security/cert/CertPathBuilderSpi.java, + java/security/cert/CertPathParameters.java, + java/security/cert/CertPathValidator.java, + java/security/cert/CertPathValidatorResult.java, + java/security/cert/CertPathValidatorSpi.java, + java/security/cert/CertSelector.java, + java/security/cert/CertStore.java, + java/security/cert/CertStoreParameters.java, + java/security/cert/CertStoreSpi.java, + java/security/cert/CollectionCertStoreParameters.java, + java/security/cert/LDAPCertStoreParameters.java, + java/security/cert/PKIXBuilderParameters.java, + java/security/cert/PKIXCertPathBuilderResult.java, + java/security/cert/PKIXCertPathChecker.java, + java/security/cert/PKIXCertPathValidatorResult.java, + java/security/cert/PKIXParameters.java, + java/security/cert/PolicyNode.java, + java/security/cert/PolicyQualifierInfo.java, + java/security/cert/TrustAnchor.java, + javax/security/auth/x500/X500Principal.java: + New files from classpath. + * gnu/java/io/ASN1ParsingException.java, + gnu/java/io/Base64InputStream.java, + gnu/java/security/der/DEREncodingException.java, + gnu/java/security/provider/DSAParameters.java, + gnu/java/security/provider/DSASignature.java, + gnu/java/security/provider/Gnu.java, + gnu/java/security/provider/GnuDSAPrivateKey.java, + gnu/java/security/provider/GnuDSAPublicKey.java, + java/security/AlgorithmParameterGenerator.java, + java/security/AlgorithmParameters.java, + java/security/KeyFactory.java, + java/security/KeyPairGenerator.java, + java/security/KeyStore.java, + java/security/MessageDigest.java, + java/security/SecureClassLoader.java, + java/security/SecureRandom.java, + java/security/Security.java, + java/security/Signature.java, + java/security/cert/Certificate.java, + java/security/cert/CertificateFactory.java, + java/security/cert/CertificateFactorySpi.java, + java/security/cert/X509CRL.java, + java/security/cert/X509Certificate.java, + java/security/spec/DSAPublicKeySpec.java: + New versions from classpath. + * gnu/java/security/provider/DERReader.java, + gnu/java/security/provider/DERWriter.java, + java/security/Engine.java: Removed. + * Makefile.am + (java_source_files, javax_source_files): Added new files. + * Makefile.in: Regenerated. + 2003-04-29 Michael Koch * javax/swing/JTable.java diff --git a/libjava/Makefile.am b/libjava/Makefile.am index 35a2099868b..9d0b8a527db 100644 --- a/libjava/Makefile.am +++ b/libjava/Makefile.am @@ -1645,6 +1645,7 @@ javax/naming/OperationNotSupportedException.java \ javax/print/attribute/Attribute.java \ javax/print/attribute/AttributeSet.java \ javax/print/attribute/PrintRequestAttributeSet.java \ +javax/security/auth/x500/X500Principal.java \ javax/sql/ConnectionEvent.java \ javax/sql/ConnectionEventListener.java \ javax/sql/ConnectionPoolDataSource.java \ @@ -1946,6 +1947,8 @@ gnu/gcj/runtime/SharedLibLoader.java \ gnu/gcj/runtime/StackTrace.java \ gnu/gcj/runtime/StringBuffer.java \ gnu/gcj/runtime/VMClassLoader.java \ +gnu/java/io/ASN1ParsingException.java \ +gnu/java/io/Base64InputStream.java \ gnu/java/io/ClassLoaderObjectInputStream.java \ gnu/java/io/NullOutputStream.java \ gnu/java/io/ObjectIdentityWrapper.java \ @@ -2118,10 +2121,16 @@ gnu/java/nio/charset/UTF_16Decoder.java \ gnu/java/nio/charset/UTF_16Encoder.java \ gnu/java/nio/charset/UTF_16LE.java \ gnu/java/nio/charset/UTF_8.java \ +gnu/java/security/Engine.java \ +gnu/java/security/OID.java \ +gnu/java/security/der/BitString.java \ +gnu/java/security/der/DER.java \ gnu/java/security/der/DEREncodingException.java \ -gnu/java/security/provider/DERReader.java \ -gnu/java/security/provider/DERWriter.java \ +gnu/java/security/der/DERReader.java \ +gnu/java/security/der/DERValue.java \ +gnu/java/security/der/DERWriter.java \ gnu/java/security/provider/DefaultPolicy.java \ +gnu/java/security/provider/DSAKeyFactory.java \ gnu/java/security/provider/DSAKeyPairGenerator.java \ gnu/java/security/provider/DSAParameterGenerator.java \ gnu/java/security/provider/DSAParameters.java \ @@ -2132,7 +2141,12 @@ gnu/java/security/provider/GnuDSAPublicKey.java \ gnu/java/security/provider/MD5.java \ gnu/java/security/provider/SHA.java \ gnu/java/security/provider/SHA1PRNG.java \ +gnu/java/security/provider/X509CertificateFactory.java \ gnu/java/security/util/Prime.java \ +gnu/java/security/x509/X500DistinguishedName.java \ +gnu/java/security/x509/X509Certificate.java \ +gnu/java/security/x509/X509CRLEntry.java \ +gnu/java/security/x509/X509CRL.java \ gnu/java/text/BaseBreakIterator.java \ gnu/java/text/CharacterBreakIterator.java \ gnu/java/text/LineBreakIterator.java \ @@ -2294,7 +2308,6 @@ java/security/DummySignature.java \ java/security/DigestInputStream.java \ java/security/DomainCombiner.java \ java/security/DummyMessageDigest.java \ -java/security/Engine.java \ java/security/GeneralSecurityException.java \ java/security/Guard.java \ java/security/GuardedObject.java \ @@ -2353,6 +2366,7 @@ java/security/acl/NotOwnerException.java \ java/security/acl/Permission.java \ java/security/cert/CRL.java \ java/security/cert/CRLException.java \ +java/security/cert/CRLSelector.java \ java/security/cert/Certificate.java \ java/security/cert/CertificateEncodingException.java \ java/security/cert/CertificateException.java \ @@ -2362,9 +2376,30 @@ java/security/cert/CertificateFactorySpi.java \ java/security/cert/CertificateNotYetValidException.java \ java/security/cert/CertificateParsingException.java \ java/security/cert/CertPath.java \ +java/security/cert/CertPathBuilder.java \ java/security/cert/CertPathBuilderException.java \ +java/security/cert/CertPathBuilderResult.java \ +java/security/cert/CertPathBuilderSpi.java \ +java/security/cert/CertPathParameters.java \ +java/security/cert/CertPathValidator.java \ java/security/cert/CertPathValidatorException.java \ +java/security/cert/CertPathValidatorResult.java \ +java/security/cert/CertPathValidatorSpi.java \ +java/security/cert/CertSelector.java \ +java/security/cert/CertStore.java \ java/security/cert/CertStoreException.java \ +java/security/cert/CertStoreParameters.java \ +java/security/cert/CertStoreSpi.java \ +java/security/cert/CollectionCertStoreParameters.java \ +java/security/cert/LDAPCertStoreParameters.java \ +java/security/cert/PKIXBuilderParameters.java \ +java/security/cert/PKIXCertPathBuilderResult.java \ +java/security/cert/PKIXCertPathChecker.java \ +java/security/cert/PKIXCertPathValidatorResult.java \ +java/security/cert/PKIXParameters.java \ +java/security/cert/PolicyNode.java \ +java/security/cert/PolicyQualifierInfo.java \ +java/security/cert/TrustAnchor.java \ java/security/cert/X509CRL.java \ java/security/cert/X509CRLEntry.java \ java/security/cert/X509Certificate.java \ diff --git a/libjava/Makefile.in b/libjava/Makefile.in index 2b94176c9b5..70b904a2793 100644 --- a/libjava/Makefile.in +++ b/libjava/Makefile.in @@ -1416,6 +1416,7 @@ javax/naming/OperationNotSupportedException.java \ javax/print/attribute/Attribute.java \ javax/print/attribute/AttributeSet.java \ javax/print/attribute/PrintRequestAttributeSet.java \ +javax/security/auth/x500/X500Principal.java \ javax/sql/ConnectionEvent.java \ javax/sql/ConnectionEventListener.java \ javax/sql/ConnectionPoolDataSource.java \ @@ -1708,6 +1709,8 @@ gnu/gcj/runtime/SharedLibLoader.java \ gnu/gcj/runtime/StackTrace.java \ gnu/gcj/runtime/StringBuffer.java \ gnu/gcj/runtime/VMClassLoader.java \ +gnu/java/io/ASN1ParsingException.java \ +gnu/java/io/Base64InputStream.java \ gnu/java/io/ClassLoaderObjectInputStream.java \ gnu/java/io/NullOutputStream.java \ gnu/java/io/ObjectIdentityWrapper.java \ @@ -1880,10 +1883,16 @@ gnu/java/nio/charset/UTF_16Decoder.java \ gnu/java/nio/charset/UTF_16Encoder.java \ gnu/java/nio/charset/UTF_16LE.java \ gnu/java/nio/charset/UTF_8.java \ +gnu/java/security/Engine.java \ +gnu/java/security/OID.java \ +gnu/java/security/der/BitString.java \ +gnu/java/security/der/DER.java \ gnu/java/security/der/DEREncodingException.java \ -gnu/java/security/provider/DERReader.java \ -gnu/java/security/provider/DERWriter.java \ +gnu/java/security/der/DERReader.java \ +gnu/java/security/der/DERValue.java \ +gnu/java/security/der/DERWriter.java \ gnu/java/security/provider/DefaultPolicy.java \ +gnu/java/security/provider/DSAKeyFactory.java \ gnu/java/security/provider/DSAKeyPairGenerator.java \ gnu/java/security/provider/DSAParameterGenerator.java \ gnu/java/security/provider/DSAParameters.java \ @@ -1894,7 +1903,12 @@ gnu/java/security/provider/GnuDSAPublicKey.java \ gnu/java/security/provider/MD5.java \ gnu/java/security/provider/SHA.java \ gnu/java/security/provider/SHA1PRNG.java \ +gnu/java/security/provider/X509CertificateFactory.java \ gnu/java/security/util/Prime.java \ +gnu/java/security/x509/X500DistinguishedName.java \ +gnu/java/security/x509/X509Certificate.java \ +gnu/java/security/x509/X509CRLEntry.java \ +gnu/java/security/x509/X509CRL.java \ gnu/java/text/BaseBreakIterator.java \ gnu/java/text/CharacterBreakIterator.java \ gnu/java/text/LineBreakIterator.java \ @@ -2056,7 +2070,6 @@ java/security/DummySignature.java \ java/security/DigestInputStream.java \ java/security/DomainCombiner.java \ java/security/DummyMessageDigest.java \ -java/security/Engine.java \ java/security/GeneralSecurityException.java \ java/security/Guard.java \ java/security/GuardedObject.java \ @@ -2115,6 +2128,7 @@ java/security/acl/NotOwnerException.java \ java/security/acl/Permission.java \ java/security/cert/CRL.java \ java/security/cert/CRLException.java \ +java/security/cert/CRLSelector.java \ java/security/cert/Certificate.java \ java/security/cert/CertificateEncodingException.java \ java/security/cert/CertificateException.java \ @@ -2124,9 +2138,30 @@ java/security/cert/CertificateFactorySpi.java \ java/security/cert/CertificateNotYetValidException.java \ java/security/cert/CertificateParsingException.java \ java/security/cert/CertPath.java \ +java/security/cert/CertPathBuilder.java \ java/security/cert/CertPathBuilderException.java \ +java/security/cert/CertPathBuilderResult.java \ +java/security/cert/CertPathBuilderSpi.java \ +java/security/cert/CertPathParameters.java \ +java/security/cert/CertPathValidator.java \ java/security/cert/CertPathValidatorException.java \ +java/security/cert/CertPathValidatorResult.java \ +java/security/cert/CertPathValidatorSpi.java \ +java/security/cert/CertSelector.java \ +java/security/cert/CertStore.java \ java/security/cert/CertStoreException.java \ +java/security/cert/CertStoreParameters.java \ +java/security/cert/CertStoreSpi.java \ +java/security/cert/CollectionCertStoreParameters.java \ +java/security/cert/LDAPCertStoreParameters.java \ +java/security/cert/PKIXBuilderParameters.java \ +java/security/cert/PKIXCertPathBuilderResult.java \ +java/security/cert/PKIXCertPathChecker.java \ +java/security/cert/PKIXCertPathValidatorResult.java \ +java/security/cert/PKIXParameters.java \ +java/security/cert/PolicyNode.java \ +java/security/cert/PolicyQualifierInfo.java \ +java/security/cert/TrustAnchor.java \ java/security/cert/X509CRL.java \ java/security/cert/X509CRLEntry.java \ java/security/cert/X509Certificate.java \ @@ -2636,7 +2671,7 @@ libgcj-test.spec.in libgcj.spec.in DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) -TAR = gtar +TAR = tar GZIP_ENV = --best DIST_SUBDIRS = @DIRLTDL@ testsuite gcj include @DIRLTDL@ gcj include DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ @@ -2783,6 +2818,8 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/gnu/java/beans/editors/NativeShortEditor.P \ .deps/gnu/java/beans/editors/StringEditor.P \ .deps/gnu/java/beans/info/ComponentBeanInfo.P \ +.deps/gnu/java/io/ASN1ParsingException.P \ +.deps/gnu/java/io/Base64InputStream.P \ .deps/gnu/java/io/ClassLoaderObjectInputStream.P \ .deps/gnu/java/io/NullOutputStream.P \ .deps/gnu/java/io/ObjectIdentityWrapper.P \ @@ -2983,9 +3020,14 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/gnu/java/rmi/server/UnicastRemoteStub.P \ .deps/gnu/java/rmi/server/UnicastServer.P \ .deps/gnu/java/rmi/server/UnicastServerRef.P \ +.deps/gnu/java/security/Engine.P .deps/gnu/java/security/OID.P \ +.deps/gnu/java/security/der/BitString.P \ +.deps/gnu/java/security/der/DER.P \ .deps/gnu/java/security/der/DEREncodingException.P \ -.deps/gnu/java/security/provider/DERReader.P \ -.deps/gnu/java/security/provider/DERWriter.P \ +.deps/gnu/java/security/der/DERReader.P \ +.deps/gnu/java/security/der/DERValue.P \ +.deps/gnu/java/security/der/DERWriter.P \ +.deps/gnu/java/security/provider/DSAKeyFactory.P \ .deps/gnu/java/security/provider/DSAKeyPairGenerator.P \ .deps/gnu/java/security/provider/DSAParameterGenerator.P \ .deps/gnu/java/security/provider/DSAParameters.P \ @@ -2997,7 +3039,12 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/gnu/java/security/provider/MD5.P \ .deps/gnu/java/security/provider/SHA.P \ .deps/gnu/java/security/provider/SHA1PRNG.P \ +.deps/gnu/java/security/provider/X509CertificateFactory.P \ .deps/gnu/java/security/util/Prime.P \ +.deps/gnu/java/security/x509/X500DistinguishedName.P \ +.deps/gnu/java/security/x509/X509CRL.P \ +.deps/gnu/java/security/x509/X509CRLEntry.P \ +.deps/gnu/java/security/x509/X509Certificate.P \ .deps/gnu/java/text/BaseBreakIterator.P \ .deps/gnu/java/text/CharacterBreakIterator.P \ .deps/gnu/java/text/LineBreakIterator.P \ @@ -3576,7 +3623,7 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/java/security/DomainCombiner.P \ .deps/java/security/DummyKeyPairGenerator.P \ .deps/java/security/DummyMessageDigest.P \ -.deps/java/security/DummySignature.P .deps/java/security/Engine.P \ +.deps/java/security/DummySignature.P \ .deps/java/security/GeneralSecurityException.P \ .deps/java/security/Guard.P .deps/java/security/GuardedObject.P \ .deps/java/security/Identity.P .deps/java/security/IdentityScope.P \ @@ -3619,10 +3666,22 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/java/security/acl/NotOwnerException.P \ .deps/java/security/acl/Owner.P .deps/java/security/acl/Permission.P \ .deps/java/security/cert/CRL.P .deps/java/security/cert/CRLException.P \ +.deps/java/security/cert/CRLSelector.P \ .deps/java/security/cert/CertPath.P \ +.deps/java/security/cert/CertPathBuilder.P \ .deps/java/security/cert/CertPathBuilderException.P \ +.deps/java/security/cert/CertPathBuilderResult.P \ +.deps/java/security/cert/CertPathBuilderSpi.P \ +.deps/java/security/cert/CertPathParameters.P \ +.deps/java/security/cert/CertPathValidator.P \ .deps/java/security/cert/CertPathValidatorException.P \ +.deps/java/security/cert/CertPathValidatorResult.P \ +.deps/java/security/cert/CertPathValidatorSpi.P \ +.deps/java/security/cert/CertSelector.P \ +.deps/java/security/cert/CertStore.P \ .deps/java/security/cert/CertStoreException.P \ +.deps/java/security/cert/CertStoreParameters.P \ +.deps/java/security/cert/CertStoreSpi.P \ .deps/java/security/cert/Certificate.P \ .deps/java/security/cert/CertificateEncodingException.P \ .deps/java/security/cert/CertificateException.P \ @@ -3631,6 +3690,16 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/java/security/cert/CertificateFactorySpi.P \ .deps/java/security/cert/CertificateNotYetValidException.P \ .deps/java/security/cert/CertificateParsingException.P \ +.deps/java/security/cert/CollectionCertStoreParameters.P \ +.deps/java/security/cert/LDAPCertStoreParameters.P \ +.deps/java/security/cert/PKIXBuilderParameters.P \ +.deps/java/security/cert/PKIXCertPathBuilderResult.P \ +.deps/java/security/cert/PKIXCertPathChecker.P \ +.deps/java/security/cert/PKIXCertPathValidatorResult.P \ +.deps/java/security/cert/PKIXParameters.P \ +.deps/java/security/cert/PolicyNode.P \ +.deps/java/security/cert/PolicyQualifierInfo.P \ +.deps/java/security/cert/TrustAnchor.P \ .deps/java/security/cert/X509CRL.P \ .deps/java/security/cert/X509CRLEntry.P \ .deps/java/security/cert/X509Certificate.P \ @@ -3868,6 +3937,7 @@ DEP_FILES = .deps/$(srcdir)/$(CONVERT_DIR)/gen-from-JIS.P \ .deps/javax/rmi/CORBA/Util.P .deps/javax/rmi/CORBA/UtilDelegate.P \ .deps/javax/rmi/CORBA/ValueHandler.P .deps/javax/rmi/ORB.P \ .deps/javax/rmi/PortableRemoteObject.P \ +.deps/javax/security/auth/x500/X500Principal.P \ .deps/javax/sql/ConnectionEvent.P \ .deps/javax/sql/ConnectionEventListener.P \ .deps/javax/sql/ConnectionPoolDataSource.P .deps/javax/sql/DataSource.P \ diff --git a/libjava/gnu/java/io/ASN1ParsingException.java b/libjava/gnu/java/io/ASN1ParsingException.java new file mode 100644 index 00000000000..3a5dade8192 --- /dev/null +++ b/libjava/gnu/java/io/ASN1ParsingException.java @@ -0,0 +1,56 @@ +/* ASN1ParsingException.java -- ASN.1 parsing exception. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.io; + +/** + * Signals a malformed ASN.1 sequence. + */ +public class ASN1ParsingException extends java.io.IOException +{ + + public ASN1ParsingException() + { + super(); + } + + public ASN1ParsingException(String msg) + { + super(msg); + } +} diff --git a/libjava/gnu/java/io/Base64InputStream.java b/libjava/gnu/java/io/Base64InputStream.java new file mode 100644 index 00000000000..0879e945962 --- /dev/null +++ b/libjava/gnu/java/io/Base64InputStream.java @@ -0,0 +1,191 @@ +/* Base64InputStream.java -- base-64 input stream. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.io; + +import java.io.FilterInputStream; +import java.io.InputStream; +import java.io.IOException; +import java.io.EOFException; + +/** + * A filter input stream that decodes data encoded in the Base-64 + * encoding scheme. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class Base64InputStream extends FilterInputStream +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Base-64 digits. */ + private static final String BASE_64 = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + + /** Base-64 padding character. */ + private static final char BASE_64_PAD = '='; + + /** Decoding state. */ + private int state; + + /** Intermediate decoded value. */ + private int temp; + + /** EOF flag. */ + private boolean eof; + + private final byte[] one = new byte[1]; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new Base-64 input stream. The input bytes must be the + * ASCII characters A-Z, a-z, 0-9, + and /, with optional whitespace, + * and will be decoded into a byte stream. + * + * @param in The source of Base-64 input. + */ + public Base64InputStream(InputStream in) + { + super(in); + state = 0; + temp = 0; + eof = false; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public int available() + { + return 0; + } + + public int read() throws IOException + { + if (read(one) == 1) + return one[0]; + return -1; + } + + public int read(byte[] buf, int off, int len) throws IOException + { + if (eof) + return -1; + int count = 0; + while (count < len) + { + int i; + while (Character.isWhitespace((char) (i = in.read()))); + int pos = BASE_64.indexOf((char) i); + if (pos >= 0) + { + switch (state) + { + case 0: + temp = pos << 2; + state = 1; + break; + case 1: + buf[count++] = (byte) (temp | (pos >>> 4)); + temp = (pos & 0x0F) << 4; + state = 2; + break; + case 2: + buf[count++] = (byte) (temp | (pos >>> 2)); + temp = (pos & 0x03) << 6; + state = 3; + break; + case 3: + buf[count++] = (byte) (temp | pos); + state = 0; + break; + } + } + else if (i == BASE_64_PAD) + { + switch (state) + { + case 0: + case 1: + throw new IOException("malformed Base-64 input"); + case 2: + while (Character.isWhitespace((char) (i = in.read()))); + if (i != BASE_64_PAD) + throw new IOException("malformed Base-64 input"); + case 3: + while (Character.isWhitespace((char) (i = in.read()))); + } + eof = true; + break; + } + else // First non-Base-64 character, consider it end-of-stream. + { + if (state != 0) + throw new IOException("malformed Base-64 input"); + eof = true; + break; + } + } + return count; + } + + public boolean markSupported() + { + return false; + } + + public void mark(int markLimit) { } + + public void reset() throws IOException + { + throw new IOException("reset not supported"); + } + + public long skip(long n) throws IOException + { + long skipped; + for (skipped = 0; skipped < n; skipped++) + if (read() == -1) + break; + return skipped; + } +} diff --git a/libjava/java/security/Engine.java b/libjava/gnu/java/security/Engine.java similarity index 58% rename from libjava/java/security/Engine.java rename to libjava/gnu/java/security/Engine.java index 88ff5364a3f..9f6568cddae 100644 --- a/libjava/java/security/Engine.java +++ b/libjava/gnu/java/security/Engine.java @@ -35,7 +35,13 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package java.security; +package gnu.java.security; + +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; + +import java.security.NoSuchAlgorithmException; +import java.security.Provider; /** * Generic implementation of the getInstance methods in the various @@ -51,7 +57,7 @@ package java.security; * @see Provider * @author Casey Marshall */ -final class Engine +public final class Engine { // Constants. @@ -63,6 +69,9 @@ final class Engine /** Maximum number of aliases to try. */ private static final int MAX_ALIASES = 5; + /** Argument list for no-argument constructors. */ + private static final Object[] NO_ARGS = new Object[0]; + // Constructor. // ------------------------------------------------------------------------ @@ -85,13 +94,44 @@ final class Engine * service, but callers should check that this is so. * @throws NoSuchAlgorithmException If the implementation cannot be * found or cannot be instantiated. + * @throws InvocationTargetException If the SPI class's constructor + * throws an exception. * @throws IllegalArgumentException If any of the three arguments are null. */ - static Object - getInstance(String service, String algorithm, Provider provider) - throws NoSuchAlgorithmException + public static Object getInstance(String service, String algorithm, + Provider provider) + throws InvocationTargetException, NoSuchAlgorithmException { - if (service == null || algorithm == null || provider == null) + return getInstance(service, algorithm, provider, NO_ARGS); + } + + /** + * Get the implementation for algorithm for service + * service from provider, passing initArgs to the + * SPI class's constructor (which cannot be null; pass a zero-length + * array if the SPI takes no arguments). The service is e.g. + * "Signature", and the algorithm "DSA". + * + * @param service The service name. + * @param algorithm The name of the algorithm to get. + * @param provider The provider to get the implementation from. + * @param initArgs The arguments to pass to the SPI class's + * constructor (cannot be null). + * @return The engine class for the specified algorithm; the object + * returned is typically a subclass of the SPI class for that + * service, but callers should check that this is so. + * @throws NoSuchAlgorithmException If the implementation cannot be + * found or cannot be instantiated. + * @throws InvocationTargetException If the SPI class's constructor + * throws an exception. + * @throws IllegalArgumentException If any of the four arguments are null. + */ + public static Object getInstance(String service, String algorithm, + Provider provider, Object[] initArgs) + throws InvocationTargetException, NoSuchAlgorithmException + { + if (service == null || algorithm == null + || provider == null || initArgs == null) throw new IllegalArgumentException(); // If there is no property "service.algorithm" @@ -117,14 +157,17 @@ final class Engine // Find and instantiate the implementation. Class clazz = null; ClassLoader loader = provider.getClass().getClassLoader(); + Constructor constructor = null; String error = algorithm; + try { if (loader != null) clazz = loader.loadClass(provider.getProperty(service+"."+algorithm)); else clazz = Class.forName(provider.getProperty(service+"."+algorithm)); - return clazz.newInstance(); + constructor = getCompatibleConstructor(clazz, initArgs); + return constructor.newInstance(initArgs); } catch (ClassNotFoundException cnfe) { @@ -146,7 +189,49 @@ final class Engine { error = "security exception: " + se.getMessage(); } + catch (NoSuchMethodException nsme) + { + error = "no appropriate constructor found"; + } throw new NoSuchAlgorithmException(error); } + + // Own methods. + // ------------------------------------------------------------------------ + + /** + * Find a constructor in the given class that can take the specified + * argument list, allowing any of which to be null. + * + * @param clazz The class from which to get the constructor. + * @param initArgs The argument list to be passed to the constructor. + * @return The constructor. + * @throws NoSuchMethodException If no constructor of the given class + * can take the specified argument array. + */ + private static Constructor getCompatibleConstructor(Class clazz, + Object[] initArgs) + throws NoSuchMethodException + { + Constructor[] c = clazz.getConstructors(); + outer:for (int i = 0; i < c.length; i++) + { + Class[] argTypes = c[i].getParameterTypes(); + if (argTypes.length != initArgs.length) + continue; + for (int j = 0; j < argTypes.length; j++) + { + if (initArgs[j] != null && + !argTypes[j].isAssignableFrom(initArgs[j].getClass())) + continue outer; + } + // If we reach this point, we know this constructor (c[i]) has + // the same number of parameters as the target parameter list, + // and all our parameters are either (1) null, or (2) assignable + // to the target parameter type. + return c[i]; + } + throw new NoSuchMethodException(); + } } diff --git a/libjava/gnu/java/security/OID.java b/libjava/gnu/java/security/OID.java new file mode 100644 index 00000000000..c27ec9253ab --- /dev/null +++ b/libjava/gnu/java/security/OID.java @@ -0,0 +1,511 @@ +/* OID.java -- numeric representation of an object identifier + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.io.IOException; + +import java.util.StringTokenizer; + +import gnu.java.security.der.DEREncodingException; + +/** + * This immutable class represents an object identifier, or OID. + * + *

OIDs are represented as a series of hierarcical tokens, each of + * which is usually represented as a single, unsigned integer. The + * hierarchy works so that later tokens are considered within the group + * of earlier tokens. Thus, the OID for the Serpent block cipher, + * 1.3.6.1.4.1.11591.13.2, is maintained by the GNU project, whose OID + * is 1.3.6.1.4.1.11591 (which is, in turn, part of bigger, more general + * bodies; the topmost, 1, stands for the OIDs assigned by the + * International Standards Organization, ISO). + * + *

OIDs can be represented in a variety of ways, including the + * dotted-decimal form we use here. + * + *

OIDs may be relative, in which case the first two elements of the + * OID are omitted. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class OID implements Cloneable, Comparable, java.io.Serializable +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** + * The numeric ID structure. + */ + private int[] components; + + /** + * The string representation of this OID, in dotted-decimal format. + */ + private transient String strRep; + + /** + * The DER encoding of this OID. + */ + private transient byte[] der; + + /** + * Whether or not this OID is relative. + */ + private boolean relative; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new OID from the given byte array. The argument (which can + * neither be null nor zero-length) is copied to prevent subsequent + * modification. + * + * @param components The numeric IDs. + * @throws IllegalArgumentException If components is null or empty. + */ + public OID(int[] components) + { + this(components, false); + } + + /** + * Create a new OID from the given byte array. The argument (which can + * neither be null nor zero-length) is copied to prevent subsequent + * modification. + * + * @param components The numeric IDs. + * @param relative The relative flag. + * @throws IllegalArgumentException If components is null or empty. + */ + public OID(int[] components, boolean relative) + { + if (components == null || components.length == 0) + throw new IllegalArgumentException(); + this.components = (int[]) components.clone(); + this.relative = relative; + } + + /** + * Create a new OID from the given dotted-decimal representation. + * + * @param strRep The string representation of the OID. + * @throws IllegalArgumentException If the string does not contain at + * least one integer. + * @throws NumberFormatException If the string does not contain only + * numbers and periods ('.'). + */ + public OID(String strRep) + { + this(strRep, false); + } + + /** + * Create a new OID from the given dotted-decimal representation. + * + * @param strRep The string representation of the OID. + * @param relative The relative flag. + * @throws IllegalArgumentException If the string does not contain at + * least one integer. + * @throws NumberFormatException If the string does not contain only + * numbers and periods ('.'). + */ + public OID(String strRep, boolean relative) + { + this.relative = relative; + this.strRep = strRep; + components = fromString(strRep); + } + + /** + * Construct a new OID from the DER bytes in an input stream. This method + * does not read the tag or the length field from the input stream, so + * the caller must supply the number of octets in this OID's encoded + * form. + * + * @param derIn The DER input stream. + * @param len The number of bytes in the encoded form. + * @throws IOException If an error occurs reading the OID. + */ + public OID(InputStream derIn, int len) throws IOException + { + this(derIn, len, false); + } + + /** + * Construct a new OID from the DER bytes in an input stream. This method + * does not read the tag or the length field from the input stream, so + * the caller must supply the number of octets in this OID's encoded + * form. + * + * @param derIn The DER input stream. + * @param len The number of bytes in the encoded form. + * @param relative The relative flag. + * @throws IOException If an error occurs reading the OID. + */ + public OID(InputStream derIn, int len, boolean relative) throws IOException + { + der = new byte[len]; + derIn.read(der); + this.relative = relative; + try + { + components = fromDER(der, relative); + } + catch (ArrayIndexOutOfBoundsException aioobe) + { + aioobe.printStackTrace(); + throw aioobe; + } + } + + /** + * Construct a new OID from the given DER bytes. + * + * @param encoded The DER encoded OID. + * @throws IOException If an error occurs reading the OID. + */ + public OID(byte[] encoded) throws IOException + { + this(encoded, false); + } + + /** + * Construct a new OID from the given DER bytes. + * + * @param root The root OID. + * @param encoded The encoded relative OID. + * @param relative The relative flag. + */ + public OID(byte[] encoded, boolean relative) throws IOException + { + der = (byte[]) encoded.clone(); + this.relative = relative; + try + { + components = fromDER(der, relative); + } + catch (ArrayIndexOutOfBoundsException aioobe) + { + aioobe.printStackTrace(); + throw aioobe; + } + } + + /** + * Our private constructor. + */ + private OID() + { + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the numeric IDs of this OID. The value returned is copied to + * prevent modification. + * + * @return The IDs in a new integer array. + */ + public int[] getIDs() + { + return (int[]) components.clone(); + } + + /** + * Get the DER encoding of this OID, minus the tag and length fields. + * + * @return The DER bytes. + */ + public byte[] getDER() + { + if (der == null) + { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + int i = 0; + if (!relative) + { + int b = components[i++] * 40 + (components.length > 1 + ? components[i++] : 0); + encodeSubID(bout, b); + } + for ( ; i < components.length; i++) + encodeSubID(bout, components[i]); + der = bout.toByteArray(); + } + return (byte[]) der.clone(); + } + + /** + * Get the parent OID of this OID. That is, if this OID is "1.2.3.4", + * then the parent OID will be "1.2.3". If this OID is a top-level + * OID, this method returns null. + * + * @return The parent OID, or null. + */ + public OID getParent() + { + if (components.length == 1) + return null; + int[] parent = new int[components.length - 1]; + System.arraycopy(components, 0, parent, 0, parent.length); + return new OID(parent); + } + + public OID getChild(int id) + { + int[] child = new int[components.length + 1]; + System.arraycopy(components, 0, child, 0, components.length); + child[child.length - 1] = id; + return new OID(child); + } + + /** + * Get the root OID of this OID. That is, the first two components. + * + * @return The root OID. + */ + public OID getRoot() + { + if (components.length <= 2) + return this; + int[] root = new int[2]; + root[0] = components[0]; + root[1] = components[1]; + return new OID(root); + } + + public boolean isRelative() + { + return relative; + } + + /** + * Returns a copy of this OID. + * + * @return The copy. + */ + public Object clone() + { + OID oid = new OID(); + oid.components = this.components; + oid.strRep = this.strRep; + return oid; + } + + /* Nice idea, but possibly too expensive for whatever benefit it + * provides. + + public String getShortName() + { + return OIDTable.getShortName(this); + } + + public String getLongName() + { + return OIDTable.getLongName(this); + } + + */ + + /** + * Returns the value of this OID in dotted-decimal format. + * + * @return The string representation. + */ + public String toString() + { + if (strRep != null) + return strRep; + else + { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < components.length; i++) + { + buf.append((long) components[i] & 0xFFFFFFFFL); + if (i < components.length - 1) + buf.append('.'); + } + return (strRep = buf.toString()); + } + } + + /** + * Computes a hash code for this OID. + * + * @return The hash code. + */ + public int hashCode() + { + int ret = 0; + for (int i = 0; i < components.length; i++) + ret += components[i] << (i & 31); + return ret; + } + + /** + * Tests whether or not this OID equals another. + * + * @return Whether or not this OID equals the other. + */ + public boolean equals(Object o) + { + if (this == o) + return true; + return java.util.Arrays.equals(components, ((OID) o).components); + } + + /** + * Compares this OID to another. The comparison is essentially + * lexicographic, where the two OIDs are compared until their + * first difference, then that difference is returned. If one OID is + * shorter, but all elements equal between the two for the shorter + * length, then the shorter OID is lesser than the longer. + * + * @param o The object to compare. + * @return An integer less than, equal to, or greater than zero if + * this object is less than, equal to, or greater than the + * argument. + * @throws ClassCastException If o is not an OID. + */ + public int compareTo(Object o) + { + if (o == this) + return 0; + int[] components2 = ((OID) o).components; + int len = Math.min(components.length, components2.length); + for (int i = 0; i < len; i++) + { + if (components[i] != components2[i]) + return (components[i] < components2[i]) ? -1 : 1; + } + if (components.length == components2.length) + return 0; + return (components.length < components2.length) ? -1 : 1; + } + + // Own methods. + // ------------------------------------------------------------------------ + + private static int[] fromDER(byte[] der, boolean relative) + throws DEREncodingException + { + // cannot be longer than this. + int[] components = new int[der.length + 1]; + int count = 0; + int i = 0; + if (!relative && i < der.length) + { + // Non-relative OIDs have the first two arcs coded as: + // + // i = first_arc * 40 + second_arc; + // + int j = (der[i] & 0xFF); + components[count++] = j / 40; + components[count++] = j % 40; + i++; + } + while (i < der.length) + { + int j = 0; + do + { + j = der[i++] & 0xFF; + components[count] <<= 7; + components[count] |= j & 0x7F; + if (i >= der.length && (j & 0x80) != 0) + throw new DEREncodingException("malformed OID"); + } + while ((j & 0x80) != 0); + count++; + } + if (count == components.length) + return components; + int[] ret = new int[count]; + System.arraycopy(components, 0, ret, 0, count); + return ret; + } + + private static int[] fromString(String strRep) throws NumberFormatException + { + if (strRep.startsWith("OID.") || strRep.startsWith("oid.")) + strRep = strRep.substring(4); + StringTokenizer tok = new StringTokenizer(strRep, "."); + if (tok.countTokens() == 0) + throw new IllegalArgumentException(); + int[] components = new int[tok.countTokens()]; + int i = 0; + while (tok.hasMoreTokens()) + { + components[i++] = Integer.parseInt(tok.nextToken()); + } + return components; + } + + private static void encodeSubID(ByteArrayOutputStream out, int id) + { + if (id < 128) + { + out.write(id); + } + else if (id < 16384) + { + out.write((id >>> 7) | 0x80); + out.write(id & 0x7F); + } + else if (id < 2097152) + { + out.write((id >>> 14) | 0x80); + out.write(((id >>> 7) | 0x80) & 0xFF); + out.write(id & 0x7F); + } + else if (id < 268435456) + { + out.write( (id >>> 21) | 0x80); + out.write(((id >>> 14) | 0x80) & 0xFF); + out.write(((id >>> 7) | 0x80) & 0xFF); + out.write(id & 0x7F); + } + } +} diff --git a/libjava/gnu/java/security/der/BitString.java b/libjava/gnu/java/security/der/BitString.java new file mode 100644 index 00000000000..c4c2d9ab158 --- /dev/null +++ b/libjava/gnu/java/security/der/BitString.java @@ -0,0 +1,317 @@ +/* BitString.java -- Java representation of the BIT STRING type. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.der; + +import java.math.BigInteger; +import java.util.Arrays; + +/** + * Immutable representation of a bit string, which is equivalent to a + * byte array except some number of the rightmost bits are ignored. For + * example, this could be the bit string: + * + *

   00010101 11101101 11010xxx
+ * + *

Where the "xxx" represents three bits that should be ignored, and + * can have any value. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class BitString implements Cloneable, Comparable, java.io.Serializable +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The bits themselves. */ + private final byte[] bytes; + + /** + * The exportable byte array. This array has the ignored bits + * removed. + */ + private transient byte[] externBytes; + + /** The number of bits ignored at the end of the byte array. */ + private final int ignoredBits; + + /** This bit string as a boolean array. */ + private transient boolean[] boolVal; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new bit string, shifting the given byte array if needed. + * + * @param bytes The byte array holding the bit string. + * @param ignoredBits The number of bits to ignore. + * @param doShift Pass true in this parameter if the byte array has + * not yet been shifted left by ignoredBits. + * @throws IllegalArgumentException If ignoredBits is negative + * or greater than 7. + * @throws NullPointerException If bytes is null. + */ + public BitString(byte[] bytes, int ignoredBits, boolean doShift) + { + this(bytes, 0, bytes.length, ignoredBits, doShift); + } + + /** + * Create a new bit string, shifting the given byte array if needed. + * + * @param bytes The byte array holding the bit string. + * @param offset The offset where the meaningful bytes begin. + * @param length The number of meaningful bytes. + * @param ignoredBits The number of bits to ignore. + * @param doShift Pass true in this parameter if the byte array has + * not yet been shifted left by ignoredBits. + * @throws IllegalArgumentException If ignoredBits is negative + * or greater than 7. + * @throws NullPointerException If bytes is null. + */ + public BitString(byte[] bytes, int offset, int length, + int ignoredBits, boolean doShift) + { + if (ignoredBits < 0 || ignoredBits > 7) + throw new IllegalArgumentException(); + if (bytes == null) + throw new NullPointerException(); + if (doShift && ignoredBits > 0) + { + this.externBytes = new byte[length]; + System.arraycopy(bytes, offset, externBytes, 0, length); + this.bytes = new BigInteger(externBytes).shiftLeft(ignoredBits) + .toByteArray(); + } + else + { + this.bytes = new byte[length]; + System.arraycopy(bytes, offset, this.bytes, 0, length); + } + this.ignoredBits = ignoredBits; + } + + /** + * Create a new bit string. + * + * @param bytes The byte array holding the bit string. + * @param offset The offset where the meaningful bytes begin. + * @param length The number of meaningful bytes. + * @param ignoredBits The number of bits to ignore. + * @throws IllegalArgumentException If ignoredBits is negative + * or greater than 7. + * @throws NullPointerException If bytes is null. + */ + public BitString(byte[] bytes, int offset, int length, int ignoredBits) + { + this(bytes, offset, length, ignoredBits, false); + } + + /** + * Create a new bit string. + * + * @param bytes The byte array holding the bit string. + * @param ignoredBits The number of bits to ignore. + * @throws IllegalArgumentException If ignoredBits is negative + * or greater than 7. + * @throws NullPointerException If bytes is null. + */ + public BitString(byte[] bytes, int ignoredBits) + { + this(bytes, 0, bytes.length, ignoredBits, false); + } + + /** + * Create a new bit string. + * + * @param bytes The byte array holding the bit string. + * @param offset The offset where the meaningful bytes begin. + * @param length The number of meaningful bytes. + * @throws NullPointerException If bytes is null. + */ + public BitString(byte[] bytes, int offset, int length) + { + this(bytes, offset, length, 0, false); + } + + /** + * Create a new bit string. + * + * @param bytes The byte array holding the bit string. + * @throws NullPointerException If bytes is null. + */ + public BitString(byte[] bytes) + { + this(bytes, 0, bytes.length, 0, false); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return this bit string as a byte array, with the ignored bits + * trimmed off. The byte array is cloned every time this method is + * called to prevent modification. + * + * @return The trimmed byte array. + */ + public byte[] toByteArray() + { + if (ignoredBits == 0) + return (byte[]) bytes.clone(); + if (externBytes == null) + externBytes = new BigInteger(bytes).shiftRight(ignoredBits).toByteArray(); + return (byte[]) externBytes.clone(); + } + + /** + * Returns this bit string as a byte array, with the ignored bits + * present. The byte array is cloned every time this method is + * called to prevent modification. + * + * @return The byte array. + */ + public byte[] getShiftedByteArray() + { + return (byte[]) bytes.clone(); + } + + /** + * Returns the number of ignored bits. + * + * @return The number of ignored bits. + */ + public int getIgnoredBits() + { + return ignoredBits; + } + + /** + * Returns the size, in bits, of this bit string. + * + * @return The size of this bit string. + */ + public int size() + { + return (bytes.length << 3) - ignoredBits; + } + + /** + * Return this bit string as a boolean array. The value returned is of + * size {@link #size()}, and each true value + * corresponding to each "1" in this bit string. The boolean array is + * cloned before it is returned. + * + * @return The boolean array. + */ + public boolean[] toBooleanArray() + { + if (boolVal == null) + { + boolVal = new boolean[size()]; + for (int i = 0, j = 7, k = 0; i < boolVal.length; i++) + { + boolVal[i] = (bytes[k] & 1 << j--) != 0; + if (j < 0) + { + j = 7; + k++; + } + } + } + return (boolean[]) boolVal.clone(); + } + + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException cce) + { + throw new InternalError(cce.getMessage()); + } + } + + public int compareTo(Object o) + { + BitString that = (BitString) o; + if (this.equals(that)) + return 0; + if (this.bytes.length != that.bytes.length) + return (this.bytes.length < that.bytes.length) ? -1 : 1; + if (this.ignoredBits != that.ignoredBits) + return (this.ignoredBits < that.ignoredBits) ? -1 : 1; + for (int i = 0; i < this.bytes.length; i++) + if (this.bytes[i] != that.bytes[i]) + return (this.bytes[i] < that.bytes[i]) ? -1 : 1; + return 0; // not reached. + } + + public boolean equals(Object o) + { + if (this == o) + return true; + BitString that = (BitString) o; + // True for cloned instances. + if (this.bytes == that.bytes && this.ignoredBits == that.ignoredBits) + return true; + if (this.ignoredBits == that.ignoredBits) + return Arrays.equals(this.bytes, that.bytes); + return false; + } + + public String toString() + { + StringBuffer sb = new StringBuffer(); + for (int i = 0, j = 7, k = 0; i < size(); i++) + { + sb.append((bytes[k] & 1 << j) != 0 ? "1" : "0"); + j--; + if (j < 0) + { + j = 7; + k++; + } + } + return sb.toString(); + } +} diff --git a/libjava/gnu/java/security/der/DER.java b/libjava/gnu/java/security/der/DER.java new file mode 100644 index 00000000000..94353665c30 --- /dev/null +++ b/libjava/gnu/java/security/der/DER.java @@ -0,0 +1,90 @@ +/* DER.java -- Basic constants in DER sequences. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.der; + +/** + * The set of tags for DER types. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface DER +{ + + // Constants. + // ------------------------------------------------------------------------ + + public static final int UNIVERSAL = 0x00; + public static final int APPLICATION = 0x40; + public static final int CONTEXT = 0x80; + public static final int PRIVATE = 0xC0; + + public static final int CONSTRUCTED = 0x20; + + public static final int ANY = 0x00; + public static final int BOOLEAN = 0x01; + public static final int INTEGER = 0x02; + public static final int BIT_STRING = 0x03; + public static final int OCTET_STRING = 0x04; + public static final int NULL = 0x05; + public static final int OBJECT_IDENTIFIER = 0x06; + public static final int REAL = 0x09; + public static final int ENUMERATED = 0x0a; + public static final int RELATIVE_OID = 0x0d; + + public static final int SEQUENCE = 0x10; + public static final int SET = 0x11; + + public static final Object CONSTRUCTED_VALUE = new Object(); + + public static final int NUMERIC_STRING = 0x12; + public static final int PRINTABLE_STRING = 0x13; + public static final int T61_STRING = 0x14; + public static final int VIDEOTEX_STRING = 0x15; + public static final int IA5_STRING = 0x16; + public static final int GRAPHIC_STRING = 0x19; + public static final int ISO646_STRING = 0x1A; + public static final int GENERAL_STRING = 0x1B; + + public static final int UTF8_STRING = 0x0C; + public static final int UNIVERSAL_STRING = 0x1C; + public static final int BMP_STRING = 0x1E; + + public static final int UTC_TIME = 0x17; + public static final int GENERALIZED_TIME = 0x18; +} diff --git a/libjava/gnu/java/security/der/DEREncodingException.java b/libjava/gnu/java/security/der/DEREncodingException.java index eea40b8d95a..385fbaccc20 100644 --- a/libjava/gnu/java/security/der/DEREncodingException.java +++ b/libjava/gnu/java/security/der/DEREncodingException.java @@ -1,5 +1,5 @@ /* DEREncodingException.java --- DER Encoding Exception - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,9 +38,10 @@ exception statement from your version. */ package gnu.java.security.der; -public class DEREncodingException extends Exception -{ +import java.io.IOException; +public class DEREncodingException extends IOException +{ public DEREncodingException() { super (); diff --git a/libjava/gnu/java/security/der/DERReader.java b/libjava/gnu/java/security/der/DERReader.java new file mode 100644 index 00000000000..3020b8b2d1a --- /dev/null +++ b/libjava/gnu/java/security/der/DERReader.java @@ -0,0 +1,382 @@ +/* DERReader.java -- parses ASN.1 DER sequences + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.der; + +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.EOFException; +import java.io.InputStream; +import java.io.IOException; + +import java.math.BigInteger; + +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.charset.Charset; +import java.nio.charset.CharsetDecoder; + +import java.util.Calendar; +import java.util.Date; +import java.util.TimeZone; + +import gnu.java.security.OID; + +/** + * This class decodes DER sequences into Java objects. The methods of + * this class do not have knowledge of higher-levels of structure in the + * DER stream -- such as ASN.1 constructions -- and it is therefore up + * to the calling application to determine if the data are structured + * properly by inspecting the {@link DERValue} that is returned. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class DERReader implements DER +{ + + // Fields. + // ------------------------------------------------------------------------ + + protected InputStream in; + + protected final ByteArrayOutputStream encBuf; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new DER reader from a byte array. + * + * @param in The encoded bytes. + */ + public DERReader(byte[] in) + { + this(new ByteArrayInputStream(in)); + } + + /** + * Create a new DER readed from an input stream. + * + * @param in The encoded bytes. + */ + public DERReader(InputStream in) + { + if (!in.markSupported()) + this.in = new BufferedInputStream(in, 16384); + else + this.in = in; + encBuf = new ByteArrayOutputStream(2048); + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Convenience method for reading a single primitive value from the + * given byte array. + * + * @param encoded The encoded bytes. + * @throws IOException If the bytes do not represent an encoded + * object. + */ + public static DERValue read(byte[] encoded) throws IOException + { + return new DERReader(encoded).read(); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Decode a single value from the input stream, returning it in a new + * {@link DERValue}. By "single value" we mean any single type in its + * entirety -- including constructed types such as SEQUENCE and all + * the values they contain. Usually it is sufficient to call this + * method once to parse and return the top-level structure, then to + * inspect the returned value for the proper contents. + * + * @return The parsed DER structure. + * @throws IOException If an error occurs reading from the input + * stream. + * @throws DEREncodingException If the input does not represent a + * valid DER stream. + */ + public DERValue read() throws IOException + { + int tag = in.read(); + if (tag == -1) + throw new EOFException(); + encBuf.write(tag); + int len = readLength(); + DERValue value = null; + if ((tag & CONSTRUCTED) == CONSTRUCTED) + { + in.mark(2048); + byte[] encoded = new byte[len]; + in.read(encoded); + encBuf.write(encoded); + value = new DERValue(tag, len, CONSTRUCTED_VALUE, encBuf.toByteArray()); + in.reset(); + encBuf.reset(); + return value; + } + switch (tag & 0xC0) + { + case UNIVERSAL: + value = new DERValue(tag, len, readUniversal(tag, len), + encBuf.toByteArray()); + encBuf.reset(); + break; + case CONTEXT: + byte[] encoded = new byte[len]; + in.read(encoded); + encBuf.write(encoded); + value = new DERValue(tag, len, encoded, encBuf.toByteArray()); + encBuf.reset(); + break; + case APPLICATION: + // This should not be reached, since (I think) APPLICATION is + // always constructed. + throw new DEREncodingException("non-constructed APPLICATION data"); + default: + throw new DEREncodingException("PRIVATE class not supported"); + } + return value; + } + + // Own methods. + // ------------------------------------------------------------------------ + + private Object readUniversal(int tag, int len) throws IOException + { + byte[] value = new byte[len]; + in.read(value); + encBuf.write(value); + switch (tag & 0x1F) + { + case BOOLEAN: + if (value.length != 1) + throw new DEREncodingException(); + return Boolean.valueOf(value[0] != 0); + case NULL: + if (len != 0) + throw new DEREncodingException(); + return null; + case INTEGER: + case ENUMERATED: + return new BigInteger(value); + case BIT_STRING: + byte[] bits = new byte[len - 1]; + System.arraycopy(value, 1, bits, 0, bits.length); + return new BitString(bits, value[0] & 0xFF); + case OCTET_STRING: + return value; + case NUMERIC_STRING: + case PRINTABLE_STRING: + case T61_STRING: + case VIDEOTEX_STRING: + case IA5_STRING: + case GRAPHIC_STRING: + case ISO646_STRING: + case GENERAL_STRING: + case UNIVERSAL_STRING: + case BMP_STRING: + case UTF8_STRING: + return makeString(tag, value); + case UTC_TIME: + case GENERALIZED_TIME: + return makeTime(tag, value); + case OBJECT_IDENTIFIER: + return new OID(value); + case RELATIVE_OID: + return new OID(value, true); + default: + throw new DEREncodingException("unknown tag " + tag); + } + } + + private int readLength() throws IOException + { + int i = in.read(); + if (i == -1) + throw new EOFException(); + encBuf.write(i); + if ((i & ~0x7F) == 0) + { + return i; + } + else if (i < 0xFF) + { + byte[] octets = new byte[i & 0x7F]; + in.read(octets); + encBuf.write(octets); + return new BigInteger(1, octets).intValue(); + } + throw new DEREncodingException(); + } + + private String makeString(int tag, byte[] value) + throws IOException + { + Charset charset = null; + switch (tag & 0x1F) + { + case NUMERIC_STRING: + case PRINTABLE_STRING: + case T61_STRING: + case VIDEOTEX_STRING: + case IA5_STRING: + case GRAPHIC_STRING: + case ISO646_STRING: + case GENERAL_STRING: + charset = Charset.forName("ISO-8859-1"); + break; + case UNIVERSAL_STRING: + // XXX The docs say UniversalString is encoded in four bytes + // per character, but Java has no support (yet) for UTF-32. + //return new String(buf, "UTF-32"); + case BMP_STRING: + charset = Charset.forName("UTF-16BE"); + break; + case UTF8_STRING: + charset = Charset.forName("UTF-8"); + break; + default: + throw new DEREncodingException("unknown string tag"); + } + if (charset == null) + throw new DEREncodingException("no decoder"); + CharsetDecoder decoder = charset.newDecoder(); + CharBuffer result = decoder.decode(ByteBuffer.wrap(value)); + char[] buf = new char[result.remaining()]; + result.get(buf); + return new String(buf); + } + + private Date makeTime(int tag, byte[] value) throws IOException + { + Calendar calendar = Calendar.getInstance(); + String str = makeString(PRINTABLE_STRING, value); + + // Classpath's SimpleDateFormat does not work for parsing these + // types of times, so we do this by hand. + String date = str; + String tz = ""; + if (str.indexOf("+") > 0) + { + date = str.substring(0, str.indexOf("+")); + tz = str.substring(str.indexOf("+")); + } + else if (str.indexOf("-") > 0) + { + date = str.substring(0, str.indexOf("-")); + tz = str.substring(str.indexOf("-")); + } + else if (str.endsWith("Z")) + { + date = str.substring(0, str.length()-2); + tz = "Z"; + } + if (!tz.equals("Z") && tz.length() > 0) + calendar.setTimeZone(TimeZone.getTimeZone(tz)); + else + calendar.setTimeZone(TimeZone.getTimeZone("UTC")); + if ((tag & 0x1F) == UTC_TIME) + { + if (date.length() < 10) // must be at least 10 chars long + throw new DEREncodingException("cannot parse date"); + // UTCTime is of the form "yyMMddHHmm[ss](Z|(+|-)hhmm)" + try + { + int year = Integer.parseInt(str.substring(0, 2)); + if (year < 50) + year += 2000; + else + year += 1900; + calendar.set(year, + Integer.parseInt(str.substring( 2, 4))-1, // month + Integer.parseInt(str.substring( 4, 6)), // day + Integer.parseInt(str.substring( 6, 8)), // hour + Integer.parseInt(str.substring( 8, 10))); // minute + if (date.length() == 12); + calendar.set(calendar.SECOND, + Integer.parseInt(str.substring(10, 12))); + } + catch (NumberFormatException nfe) + { + throw new DEREncodingException("cannot parse date"); + } + } + else + { + if (date.length() < 10) // must be at least 10 chars long + throw new DEREncodingException("cannot parse date"); + // GeneralTime is of the form "yyyyMMddHH[mm[ss[(.|,)SSSS]]]" + // followed by "Z" or "(+|-)hh[mm]" + try + { + calendar.set( + Integer.parseInt(date.substring(0, 4)), // year + Integer.parseInt(date.substring(4, 6))-1, // month + Integer.parseInt(date.substring(6, 8)), // day + Integer.parseInt(date.substring(8, 10)), 0); // hour, min + switch (date.length()) + { + case 19: + case 18: + case 17: + case 16: + calendar.set(calendar.MILLISECOND, + Integer.parseInt(date.substring(15))); + case 14: + calendar.set(calendar.SECOND, + Integer.parseInt(date.substring(12, 14))); + case 12: + calendar.set(calendar.MINUTE, + Integer.parseInt(date.substring(10, 12))); + } + } + catch (NumberFormatException nfe) + { + throw new DEREncodingException("cannot parse date"); + } + } + return calendar.getTime(); + } +} diff --git a/libjava/gnu/java/security/der/DERValue.java b/libjava/gnu/java/security/der/DERValue.java new file mode 100644 index 00000000000..dd8afc4ea1e --- /dev/null +++ b/libjava/gnu/java/security/der/DERValue.java @@ -0,0 +1,168 @@ +/* DERValue.java -- a value read or written to a DER encoding. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.der; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; + +public class DERValue implements DER +{ + + // Fields. + // ------------------------------------------------------------------------ + + private final int tagClass; + + private final boolean constructed; + + private final int tag; + + private int length; + + private final Object value; + + private byte[] encoded; + + // Constructor. + // ------------------------------------------------------------------------ + + public DERValue(int tag, int length, Object value, byte[] encoded) + { + tagClass = tag & 0xC0; + this.tag = tag & 0x1F; + constructed = (tag & CONSTRUCTED) == CONSTRUCTED; + this.length = length; + this.value = value; + if (encoded != null) + this.encoded = (byte[]) encoded.clone(); + } + + public DERValue(int tag, Object value) + { + this(tag, 0, value, null); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public int getExternalTag() + { + return tagClass | tag | (constructed ? 0x20 : 0x00); + } + + public int getTag() + { + return tag; + } + + public int getTagClass() + { + return tagClass; + } + + public boolean isConstructed() + { + return constructed; + } + + public int getLength() + { + if (encoded == null) + { + try + { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + length = DERWriter.write(out, this); + encoded = out.toByteArray(); + } + catch (IOException ioe) + { + encoded = new byte[0]; + } + } + return length; + } + + public Object getValue() + { + return value; + } + + public byte[] getEncoded() + { + if (encoded == null) + { + try + { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + length = DERWriter.write(out, this); + encoded = out.toByteArray(); + } + catch (IOException ioe) + { + encoded = new byte[0]; + } + } + return (byte[]) encoded.clone(); + } + + public int getEncodedLength() + { + if (encoded == null) + { + try + { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + length = DERWriter.write(out, this); + encoded = out.toByteArray(); + } + catch (IOException ioe) + { + encoded = new byte[0]; + } + } + return encoded.length; + } + + public String toString() + { + return "DERValue [ tag=" + tag + ", class=" + tagClass + ", constructed=" + + constructed + ", value=" + value + " ]"; + } +} diff --git a/libjava/gnu/java/security/der/DERWriter.java b/libjava/gnu/java/security/der/DERWriter.java new file mode 100644 index 00000000000..ec3e3df339d --- /dev/null +++ b/libjava/gnu/java/security/der/DERWriter.java @@ -0,0 +1,324 @@ +/* DERWriter.java -- write Java types in DER format. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.der; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStream; + +import java.math.BigInteger; + +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.charset.Charset; +import java.nio.charset.CharsetEncoder; + +import java.text.SimpleDateFormat; + +import java.util.BitSet; +import java.util.Date; +import java.util.Iterator; +import java.util.List; +import java.util.Set; +import java.util.TimeZone; + +import gnu.java.security.OID; + +/** + * Methods that allow various Java types to be written as a DER + * (Distinguished Encoding Rules) stream to the specified output stream. + * DER is used to encode ASN.1 constructions, but this class provides no + * methods for interacting with ASN.1. Rather, callers should construct + * their output objects properly for whatever ASN.1 construct is being + * output. + * + *

This class only defines static methods; there are no instance + * variables needed. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class DERWriter implements DER +{ + + // Constructors. + // ------------------------------------------------------------------------ + + /** This class only has static methods. */ + private DERWriter() + { + } + + // Class methods. + // ------------------------------------------------------------------------ + + public static int write(OutputStream out, DERValue object) + throws IOException + { + out.write(object.getExternalTag()); + Object value = object.getValue(); + if (value == null) + { + writeLength(out, 0); + return 0; + } + if (value instanceof Boolean) + return writeBoolean(out, (Boolean) value); + else if (value instanceof BigInteger) + return writeInteger(out, (BigInteger) value); + else if (value instanceof Date) + return writeDate(out, object.getExternalTag(), (Date) value); + else if (value instanceof String) + return writeString(out, object.getExternalTag(), (String) value); + else if (value instanceof List) + return writeSequence(out, (List) value); + else if (value instanceof Set) + return writeSet(out, (Set) value); + else if (value instanceof BitString) + return writeBitString(out, (BitString) value); + else if (value instanceof OID) + return writeOID(out, (OID) value); + else if (value instanceof byte[]) + { + writeLength(out, ((byte[]) value).length); + out.write((byte[]) value); + return ((byte[]) value).length; + } + else if (value instanceof DERValue) + { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + write(bout, (DERValue) value); + byte[] buf = bout.toByteArray(); + writeLength(out, buf.length); + out.write(buf); + return buf.length; + } + else + throw new DEREncodingException("cannot encode " + value.getClass().getName()); + } + + public static int definiteEncodingSize(int length) + { + if (length < 128) + return 1; + else if (length < 256) + return 2; + else if (length < 65536) + return 3; + else if (length < 16777216) + return 4; + else + return 5; + } + + // Own methods. + // ------------------------------------------------------------------------ + + /** + * Write a BOOLEAN type to the given output stream. + * + * @param out The sink output stream. + * @param b The boolean value to write. + */ + private static int writeBoolean(OutputStream out, Boolean b) + throws IOException + { + writeLength(out, 1); + if (b.booleanValue()) + out.write(0xFF); + else + out.write(0); + return 1; + } + + /** + * Write an INTEGER type to the given output stream. + * + * @param out The sink output stream. + * @param integer The integer to write. + */ + private static int writeInteger(OutputStream out, BigInteger integer) + throws IOException + { + byte[] bytes = integer.toByteArray(); + writeLength(out, bytes.length); + out.write(bytes); + return bytes.length; + } + + private static int writeSequence(OutputStream out, List sequence) + throws IOException + { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + for (Iterator i = sequence.iterator(); i.hasNext(); ) + { + write(bout, (DERValue) i.next()); + } + byte[] buf = bout.toByteArray(); + writeLength(out, buf.length); + out.write(buf); + return buf.length; + } + + private static int writeSet(OutputStream out, Set set) + throws IOException + { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + for (Iterator i = set.iterator(); i.hasNext(); ) + { + write(bout, (DERValue) i.next()); + } + byte[] buf = bout.toByteArray(); + writeLength(out, buf.length); + out.write(buf); + return buf.length; + } + + private static int writeOID(OutputStream out, OID oid) + throws IOException + { + byte[] der = oid.getDER(); + writeLength(out, der.length); + out.write(der); + return der.length; + } + + private static int writeBitString(OutputStream out, BitString bs) + throws IOException + { + byte[] buf = bs.getShiftedByteArray(); + out.write(buf.length + 1); + out.write(bs.getIgnoredBits()); + out.write(buf); + return buf.length; + } + + private static int writeString(OutputStream out, int tag, String str) + throws IOException + { + Charset charset = null; + byte[] b = null; + switch (tag & 0x1F) + { + case NUMERIC_STRING: + case PRINTABLE_STRING: + case T61_STRING: + case VIDEOTEX_STRING: + case IA5_STRING: + case GRAPHIC_STRING: + case ISO646_STRING: + case GENERAL_STRING: + charset = Charset.forName("ISO-8859-1"); + break; + case UNIVERSAL_STRING: + case BMP_STRING: + charset = Charset.forName("UTF-16BE"); + break; + case UTF8_STRING: + default: + charset = Charset.forName("UTF-8"); + break; + } + if (charset == null) + throw new DEREncodingException("no charset"); + CharsetEncoder encoder = charset.newEncoder(); + ByteBuffer result = encoder.encode(CharBuffer.wrap(str)); + if (result.hasArray()) + { + b = result.array(); + } + else + { + b = new byte[result.remaining()]; + result.get(b); + } + writeLength(out, b.length); + out.write(b); + return b.length; + } + + private static int writeDate(OutputStream out, int tag, Date date) + throws IOException + { + SimpleDateFormat sdf = null; + if ((tag & 0x1F) == UTC_TIME) + sdf = new SimpleDateFormat("yyMMddHHmmss'Z'"); + else + sdf = new SimpleDateFormat("yyyyMMddHHmmss'.'SSS'Z'"); + sdf.setTimeZone(TimeZone.getTimeZone("UTC")); + byte[] b = sdf.format(date).getBytes("ISO-8859-1"); + writeLength(out, b.length); + out.write(b); + return b.length; + } + + // Package method. + // ------------------------------------------------------------------------ + + static void writeLength(OutputStream out, int len) throws IOException + { + if (len < 128) + out.write(len); + else if (len < 256) + { + out.write(0x81); + out.write(len); + } + else if (len < 65536) + { + out.write(0x82); + out.write(len >> 8); + out.write(len); + } + else if (len < 16777216) + { + out.write(0x83); + out.write(len >> 16); + out.write(len >> 8); + out.write(len); + } + else + { + out.write(0x84); + out.write(len >> 24); + out.write(len >> 16); + out.write(len >> 8); + out.write(len); + } + } +} diff --git a/libjava/gnu/java/security/provider/DERReader.java b/libjava/gnu/java/security/provider/DERReader.java deleted file mode 100644 index 0f6e492a5f5..00000000000 --- a/libjava/gnu/java/security/provider/DERReader.java +++ /dev/null @@ -1,152 +0,0 @@ -/* DERReader.java - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. */ - - -package gnu.java.security.provider; - -import java.math.BigInteger; -import gnu.java.security.der.DEREncodingException; - -public class DERReader -{ - byte source[]; - int pos; - - static final int UNIVERSAL = 1; - static final int APPLICATION = 2; - static final int CONTEXT_SPECIFIC = 3; - static final int PRIVATE = 4; - - - public DERReader() - { - source = null; - pos = 0; - } - - public DERReader( byte source[] ) - { - init( source ); - } - - public void init( String source ) - { - init( source.getBytes() ); - } - - public void init( byte source[] ) - { - this.source = source; - pos = 0; - } - - public BigInteger getBigInteger() throws DEREncodingException - { - return new BigInteger( getPrimitive() ); - } - - //Reads Primitive, definite-length method - private byte[] getPrimitive() throws DEREncodingException - { - int tmp = pos; - - //Read Identifier - byte identifier = source[tmp++]; - if( (0x20 & identifier) != 0) - throw new DEREncodingException(); - int type = translateLeadIdentifierByte(identifier); - //System.out.println("Type: " + type); - - //get tag - int tag = (0x1f & identifier); - //if( tag == 0x1f) - // tag = getIdentifier(tmp); - //System.out.println("Tag: " + tag); - - //get length - byte len = source[tmp]; //may be length of length parameter - long length = 0x7f & len; - int i; - if( (0x80 & len) != 0 ) { - //System.out.println("Extra Long Length"); - len &= 0x7f; - //System.out.println("Length of Length: " + len); - //get length here - length = 0; - for( i = 0; i < len; i++ ) { - tmp++; - length <<= 8; - length += (source[tmp] < 0 ) ? - (256 + source[tmp]) : - source[tmp]; - //System.out.println("Length of Length: " + length); - } - tmp++; - } else - tmp++; - - /*System.out.println("Position: " + tmp); - System.out.println("Length: " + length); - for( i = 0; i < 10; i++) - System.out.print(source[tmp + i] + " "); - System.out.println();*/ - - byte tmpb[] = new byte[ (int)length ]; - System.arraycopy( source, tmp, tmpb, 0, (int)length); - pos = (int)(tmp + length); - return tmpb; - } - - private int translateLeadIdentifierByte(byte b) - { - if( (0x3f & b ) == b) - return UNIVERSAL; - else if( (0x7f & b ) == b) - return APPLICATION; - else if( (0xbf & b ) == b) - return CONTEXT_SPECIFIC; - else - return PRIVATE; - } - - private int getIdentifier(int tpos) - { - while( (0x80 & source[tpos]) != 0) - tpos++; - return tpos; - } -} diff --git a/libjava/gnu/java/security/provider/DERWriter.java b/libjava/gnu/java/security/provider/DERWriter.java deleted file mode 100644 index 4add1191e06..00000000000 --- a/libjava/gnu/java/security/provider/DERWriter.java +++ /dev/null @@ -1,142 +0,0 @@ -/* DERWriter.java - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. */ - - -package gnu.java.security.provider; - -import java.math.BigInteger; - -public class DERWriter -{ - static final int UNIVERSAL = 1; - static final int APPLICATION = 2; - static final int CONTEXT_SPECIFIC = 3; - static final int PRIVATE = 4; - - public DERWriter() - {} - - public byte[] writeBigInteger( BigInteger i) - { - return writePrimitive( 0x02, UNIVERSAL, (int)Math.ceil((double)i.bitLength() / 8), i.toByteArray() ); - } - - private byte[] writePrimitive( int identifier, int identifierencoding, - int length, byte contents[]) - { - return joinarrays( generateIdentifier( identifier, identifierencoding ), generateLength( length ), contents); - } - - public byte[] joinarrays( byte a[], byte b[]) - { - byte d[] = new byte[ a.length + b.length]; - System.arraycopy( a, 0, d, 0, a.length); - System.arraycopy( b, 0, d, a.length, b.length); - return d; - } - - public byte[] joinarrays( byte a[], byte b[], byte c[]) - { - byte d[] = new byte[ a.length + b.length + c.length]; - System.arraycopy( a, 0, d, 0, a.length); - System.arraycopy( b, 0, d, a.length, b.length); - System.arraycopy( c, 0, d, a.length + b.length, c.length); - return d; - } - - private byte[] generateIdentifier(int identifier, - int identifierencoding) - { - byte b[]; - if( identifier > 31 ) { - int count = (int)(Math.log( identifier ) / Math.log( 256 )); - b = new byte[ count + 1 ]; - b[0] = (byte)(translateLeadIdentifierByte(identifierencoding) - | 0x1f); - int i; - for( i = 1; i < (count + 1); i++) { - b[i] = (byte)(0x7f & ( identifier >> (7 * (count - i)) )); - b[i] |= 0x80; - } - b[i - 1] ^= 0x80; - //System.out.println("Identifier1: " + b[0]); - return b; - } else { - b = new byte[1]; - b[0] = (byte)((translateLeadIdentifierByte(identifierencoding) - | (byte)( identifier & 0x1f )) & 0xdf); - //System.out.println("Identifier2: " + b[0]); - return b; - } - } - - private byte translateLeadIdentifierByte(int b) - { - if( b == UNIVERSAL) - return (byte)0x3f; - else if( b == APPLICATION) - return (byte)0x7f; - else if( b == CONTEXT_SPECIFIC) - return (byte)0xbf; - else - return (byte)0xC0; - } - - private byte[] generateLength( int length ) - { - byte b[]; - if( length > 127 ) { - int count = (int)Math.ceil(Math.log( length ) / Math.log( 256 )); - //System.out.println("Length byte count: " + count); - b = new byte[ count + 1 ]; - b[0] = (byte)((count & 0x7f) | 0x80); - for( int i = 1; i < (count + 1); i++) { - b[i] = (byte)( length >>> (8 * ( count - i) )); - //System.out.println("Length1 byte1: " + (length >>> (8 * ( count - i) ))); - //System.out.println("Length1 byte2: " + b[i]); - } - - //System.out.println("Length1: " + length); - return b; - } else { - b = new byte[1]; - b[0] = (byte)( length & 0x7f ); - //System.out.println("Length2: " + length); - return b; - } - } -} diff --git a/libjava/gnu/java/security/provider/DSAKeyFactory.java b/libjava/gnu/java/security/provider/DSAKeyFactory.java new file mode 100644 index 00000000000..3414f423c48 --- /dev/null +++ b/libjava/gnu/java/security/provider/DSAKeyFactory.java @@ -0,0 +1,134 @@ +/* DSAKeyFactory.java -- DSA key factory. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.provider; + +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactorySpi; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +/** + * DSA key factory. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class DSAKeyFactory extends KeyFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------------ + + public DSAKeyFactory() + { + super(); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + protected PrivateKey engineGeneratePrivate(KeySpec keySpec) + throws InvalidKeySpecException + { + if (!(keySpec instanceof DSAPrivateKeySpec)) + throw new InvalidKeySpecException(); + return new GnuDSAPrivateKey( + ((DSAPrivateKeySpec) keySpec).getX(), + ((DSAPrivateKeySpec) keySpec).getP(), + ((DSAPrivateKeySpec) keySpec).getQ(), + ((DSAPrivateKeySpec) keySpec).getG()); + } + + protected PublicKey engineGeneratePublic(KeySpec keySpec) + throws InvalidKeySpecException + { + if (!(keySpec instanceof DSAPublicKeySpec)) + throw new InvalidKeySpecException(); + return new GnuDSAPublicKey( + ((DSAPublicKeySpec) keySpec).getY(), + ((DSAPublicKeySpec) keySpec).getP(), + ((DSAPublicKeySpec) keySpec).getQ(), + ((DSAPublicKeySpec) keySpec).getG()); + } + + protected KeySpec engineGetKeySpec(Key key, Class keySpec) + throws InvalidKeySpecException + { + if ((key instanceof DSAPublicKey) && + keySpec.isAssignableFrom(DSAPublicKeySpec.class)) + { + return new DSAPublicKeySpec(((DSAPublicKey) key).getY(), + ((DSAPublicKey) key).getParams().getP(), + ((DSAPublicKey) key).getParams().getQ(), + ((DSAPublicKey) key).getParams().getG()); + } + if ((key instanceof DSAPrivateKey) && + keySpec.isAssignableFrom(DSAPrivateKeySpec.class)) + { + return new DSAPrivateKeySpec(((DSAPrivateKey) key).getX(), + ((DSAPrivateKey) key).getParams().getP(), + ((DSAPrivateKey) key).getParams().getQ(), + ((DSAPrivateKey) key).getParams().getG()); + } + throw new InvalidKeySpecException(); + } + + protected Key engineTranslateKey(Key key) throws InvalidKeyException + { + if ((key instanceof GnuDSAPublicKey) || (key instanceof GnuDSAPrivateKey)) + return key; + if (key instanceof DSAPublicKey) + return new GnuDSAPublicKey(((DSAPublicKey) key).getY(), + ((DSAPublicKey) key).getParams().getP(), + ((DSAPublicKey) key).getParams().getQ(), + ((DSAPublicKey) key).getParams().getG()); + if (key instanceof DSAPrivateKey) + return new GnuDSAPrivateKey(((DSAPrivateKey) key).getX(), + ((DSAPrivateKey) key).getParams().getP(), + ((DSAPrivateKey) key).getParams().getQ(), + ((DSAPrivateKey) key).getParams().getG()); + throw new InvalidKeyException(); + } +} diff --git a/libjava/gnu/java/security/provider/DSAParameters.java b/libjava/gnu/java/security/provider/DSAParameters.java index a8f998b2cf0..31c0d5e8e8e 100644 --- a/libjava/gnu/java/security/provider/DSAParameters.java +++ b/libjava/gnu/java/security/provider/DSAParameters.java @@ -1,5 +1,5 @@ /* DSAParameters.java --- DSA Parameters Implementation - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,15 +38,28 @@ exception statement from your version. */ package gnu.java.security.provider; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; + import java.math.BigInteger; + import java.security.AlgorithmParametersSpi; import java.security.InvalidAlgorithmParameterException; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.DSAParameterSpec; import java.security.spec.InvalidParameterSpecException; + +import java.util.ArrayList; +import java.util.List; import java.util.Random; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.der.DER; import gnu.java.security.der.DEREncodingException; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; import gnu.java.security.util.Prime; @@ -76,7 +89,7 @@ public void engineInit(AlgorithmParameterSpec paramSpec) DSAParameterSpec dsaParamSpec = (DSAParameterSpec)paramSpec; p = dsaParamSpec.getP(); q = dsaParamSpec.getQ(); - q = dsaParamSpec.getG(); + g = dsaParamSpec.getG(); } else throw new InvalidParameterSpecException("Only accepts DSAParameterSpec"); @@ -85,16 +98,20 @@ public void engineInit(AlgorithmParameterSpec paramSpec) public void engineInit(byte[] params) throws IOException { - DERReader reader = new DERReader( params ); - try { - - p = reader.getBigInteger(); - q = reader.getBigInteger(); - g = reader.getBigInteger(); - - } catch ( DEREncodingException DERee) { - throw new IOException("Invalid Format: Only accepts ASN.1"); - } + DERReader in = new DERReader(params); + DERValue val = in.read(); + if (val.getValue() != DER.CONSTRUCTED_VALUE) + throw new ASN1ParsingException("badly formed parameters"); + try + { + p = (BigInteger) in.read().getValue(); + q = (BigInteger) in.read().getValue(); + g = (BigInteger) in.read().getValue(); + } + catch (Exception x) + { + throw new ASN1ParsingException("badly formed parameters"); + } } public void engineInit(byte[] params, String format) @@ -117,10 +134,13 @@ public AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) public byte[] engineGetEncoded() throws IOException { - DERWriter writer = new DERWriter(); - return writer.joinarrays( writer.writeBigInteger(p), - writer.writeBigInteger(q), - writer.writeBigInteger(g) ); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + ArrayList seq = new ArrayList(3); + seq.add(new DERValue(DER.INTEGER, p)); + seq.add(new DERValue(DER.INTEGER, q)); + seq.add(new DERValue(DER.INTEGER, g)); + DERWriter.write(bout, new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, seq)); + return bout.toByteArray(); } @@ -135,7 +155,7 @@ public byte[] engineGetEncoded(String format) public String engineToString() { String lineSeparator = System.getProperty("line.seperator"); - return ("q: " + q + lineSeparator + "p: " + p + lineSeparator + "g:" + g); + return ("q: " + q + " p: " + p + " g: " + g); } } diff --git a/libjava/gnu/java/security/provider/DSASignature.java b/libjava/gnu/java/security/provider/DSASignature.java index f33f048aebd..7da1c7dab36 100644 --- a/libjava/gnu/java/security/provider/DSASignature.java +++ b/libjava/gnu/java/security/provider/DSASignature.java @@ -1,5 +1,5 @@ /* DSASignature.java - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -37,7 +37,12 @@ exception statement from your version. */ package gnu.java.security.provider; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; + import java.math.BigInteger; + import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.InvalidParameterException; @@ -52,8 +57,17 @@ import java.security.SignatureSpi; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.spec.AlgorithmParameterSpec; + +import java.util.ArrayList; +import java.util.List; import java.util.Random; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.der.DER; import gnu.java.security.der.DEREncodingException; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; public class DSASignature extends SignatureSpi { @@ -157,9 +171,14 @@ public class DSASignature extends SignatureSpi BigInteger s = sha.add( x.multiply( r ) ); s = s.multiply( k.modInverse(q) ).mod( q ); - DERWriter writer = new DERWriter(); - return writer.joinarrays( writer.writeBigInteger( r ), writer.writeBigInteger( s ) ); - + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + ArrayList seq = new ArrayList(2); + seq.set(0, new DERValue(DER.INTEGER, r)); + seq.set(1, new DERValue(DER.INTEGER, s)); + DERWriter.write(bout, new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, seq)); + return bout.toByteArray(); + } catch (IOException ioe) { + throw new SignatureException(); } catch ( ArithmeticException ae ) { throw new SignatureException(); } @@ -180,9 +199,12 @@ public class DSASignature extends SignatureSpi { //Decode sigBytes from ASN.1 DER encoding try { - DERReader reader = new DERReader( sigBytes ); - BigInteger r = reader.getBigInteger(); - BigInteger s = reader.getBigInteger(); + DERReader in = new DERReader(sigBytes); + DERValue val = in.read(); + if (!val.isConstructed()) + throw new SignatureException("badly formed signature"); + BigInteger r = (BigInteger) in.read().getValue(); + BigInteger s = (BigInteger) in.read().getValue(); BigInteger g = publicKey.getParams().getG(); BigInteger p = publicKey.getParams().getP(); @@ -206,8 +228,8 @@ public class DSASignature extends SignatureSpi return true; else return false; - } catch ( DEREncodingException deree ) { - throw new SignatureException(); + } catch (IOException ioe) { + throw new SignatureException("badly formed signature"); } } diff --git a/libjava/gnu/java/security/provider/Gnu.java b/libjava/gnu/java/security/provider/Gnu.java index c556107cc85..70a7d1df15e 100644 --- a/libjava/gnu/java/security/provider/Gnu.java +++ b/libjava/gnu/java/security/provider/Gnu.java @@ -1,5 +1,5 @@ /* Gnu.java --- Gnu provider main class - Copyright (C) 1999, 2002 Free Software Foundation, Inc. + Copyright (C) 1999, 2002, 2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -43,7 +43,7 @@ public final class Gnu extends Provider { public Gnu() { - super( "GNU", 1.0, "GNU provider v1.0 implementing SHA-1, MD5, DSA"); + super("GNU", 1.0, "GNU provider v1.0 implementing SHA-1, MD5, DSA, X.509 Certificates"); // Note that all implementation class names are referenced by using // Class.getName(). That way when we staticly link the Gnu provider @@ -51,7 +51,7 @@ public final class Gnu extends Provider // Signature put("Signature.SHA1withDSA", - gnu.java.security.provider.DSASignature.class.getName()); + gnu.java.security.provider.DSASignature.class.getName()); put("Alg.Alias.Signature.DSS", "SHA1withDSA"); put("Alg.Alias.Signature.DSA", "SHA1withDSA"); @@ -68,12 +68,20 @@ public final class Gnu extends Provider // Key Pair Generator put("KeyPairGenerator.DSA", - gnu.java.security.provider.DSAKeyPairGenerator.class.getName()); + gnu.java.security.provider.DSAKeyPairGenerator.class.getName()); put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); + // Key Factory + put("KeyFactory.DSA", + gnu.java.security.provider.DSAKeyFactory.class.getName()); + + put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); + put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); + put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); + // Message Digests put("MessageDigest.SHA", gnu.java.security.provider.SHA.class.getName()); put("MessageDigest.MD5", gnu.java.security.provider.MD5.class.getName()); @@ -84,15 +92,20 @@ public final class Gnu extends Provider // Algorithm Parameters put("AlgorithmParameters.DSA", - gnu.java.security.provider.DSAParameters.class.getName()); + gnu.java.security.provider.DSAParameters.class.getName()); // Algorithm Parameter Generator put("AlgorithmParameterGenerator.DSA", - gnu.java.security.provider.DSAParameterGenerator.class.getName()); + gnu.java.security.provider.DSAParameterGenerator.class.getName()); // SecureRandom put("SecureRandom.SHA1PRNG", - gnu.java.security.provider.SHA1PRNG.class.getName()); + gnu.java.security.provider.SHA1PRNG.class.getName()); + // CertificateFactory + put("CertificateFactory.X.509", + gnu.java.security.provider.X509CertificateFactory.class.getName()); + + put("Alg.Alias.CertificateFactory.X509", "X.509"); } } diff --git a/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java b/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java index 45446c713bf..4eceb0074da 100644 --- a/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java +++ b/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java @@ -82,4 +82,10 @@ public class GnuDSAPrivateKey implements DSAPrivateKey { return x; } + + public String toString() + { + return "GnuDSAPrivateKey: x=" + x.toString(16) + " p=" + p.toString(16) + + " q=" + q.toString(16) + " g=" + g.toString(16); + } } diff --git a/libjava/gnu/java/security/provider/GnuDSAPublicKey.java b/libjava/gnu/java/security/provider/GnuDSAPublicKey.java index 2f23abbcc5f..91d6b561c7f 100644 --- a/libjava/gnu/java/security/provider/GnuDSAPublicKey.java +++ b/libjava/gnu/java/security/provider/GnuDSAPublicKey.java @@ -1,5 +1,5 @@ /* GnuDSAPublicKey.java --- Gnu DSA Public Key - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -82,4 +82,10 @@ public class GnuDSAPublicKey implements DSAPublicKey { return y; } + + public String toString() + { + return "GnuDSAPublicKey: y=" + y.toString(16) + " p=" + p.toString(16) + + " q=" + q.toString(16) + " g=" + g.toString(16); + } } diff --git a/libjava/gnu/java/security/provider/X509CertificateFactory.java b/libjava/gnu/java/security/provider/X509CertificateFactory.java new file mode 100644 index 00000000000..62d3d38af62 --- /dev/null +++ b/libjava/gnu/java/security/provider/X509CertificateFactory.java @@ -0,0 +1,269 @@ +/* X509CertificateFactory.java -- generates X.509 certificates. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.provider; + +import java.io.BufferedInputStream; +import java.io.EOFException; +import java.io.InputStream; +import java.io.IOException; + +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactorySpi; +import java.security.cert.CRL; +import java.security.cert.CRLException; + +import java.util.Collection; +import java.util.LinkedList; + +import gnu.java.io.Base64InputStream; +import gnu.java.security.x509.X509Certificate; +import gnu.java.security.x509.X509CRL; + +public class X509CertificateFactory extends CertificateFactorySpi +{ + + // Constants. + // ------------------------------------------------------------------------ + + public static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----"; + public static final String END_CERTIFICATE = "-----END CERTIFICATE-----"; + public static final String BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; + public static final String END_X509_CRL = "-----END X509 CRL-----"; + + // Constructors. + // ------------------------------------------------------------------------ + + public X509CertificateFactory() + { + super(); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Certificate engineGenerateCertificate(InputStream inStream) + throws CertificateException + { + try + { + return generateCert(inStream); + } + catch (IOException ioe) + { + throw new CertificateException(ioe.toString()); + } + } + + public Collection engineGenerateCertificates(InputStream inStream) + throws CertificateException + { + LinkedList certs = new LinkedList(); + while (true) + { + try + { + certs.add(generateCert(inStream)); + } + catch (EOFException eof) + { + break; + } + catch (IOException ioe) + { + throw new CertificateException(ioe.toString()); + } + } + return certs; + } + + public CRL engineGenerateCRL(InputStream inStream) throws CRLException + { + try + { + return generateCRL(inStream); + } + catch (IOException ioe) + { + throw new CRLException(ioe.toString()); + } + } + + public Collection engineGenerateCRLs(InputStream inStream) + throws CRLException + { + LinkedList crls = new LinkedList(); + while (true) + { + try + { + crls.add(generateCRL(inStream)); + } + catch (EOFException eof) + { + break; + } + catch (IOException ioe) + { + throw new CRLException(ioe.toString()); + } + } + return crls; + } + + // Own methods. + // ------------------------------------------------------------------------ + + private X509Certificate generateCert(InputStream inStream) + throws IOException, CertificateException + { + if (!inStream.markSupported()) + inStream = new BufferedInputStream(inStream, 8192); + inStream.mark(20); + int i = inStream.read(); + if (i == -1) + throw new EOFException(); + + // If the input is in binary DER format, the first byte MUST be + // 0x30, which stands for the ASN.1 [UNIVERSAL 16], which is the + // UNIVERSAL SEQUENCE, with the CONSTRUCTED bit (0x20) set. + // + // So if we do not see 0x30 here we will assume it is in Base-64. + if (i != 0x30) + { + inStream.reset(); + StringBuffer line = new StringBuffer(80); + do + { + line.setLength(0); + do + { + i = inStream.read(); + if (i == -1) + throw new EOFException(); + if (i != '\n' && i != '\r') + line.append((char) i); + } + while (i != '\n' && i != '\r'); + } + while (!line.toString().equals(BEGIN_CERTIFICATE)); + X509Certificate ret = new X509Certificate( + new BufferedInputStream(new Base64InputStream(inStream), 8192)); + line.setLength(0); + line.append('-'); // Base64InputStream will eat this. + do + { + i = inStream.read(); + if (i == -1) + throw new EOFException(); + if (i != '\n' && i != '\r') + line.append((char) i); + } + while (i != '\n' && i != '\r'); + // XXX ??? + if (!line.toString().equals(END_CERTIFICATE)) + throw new CertificateException("no end-of-certificate marker"); + return ret; + } + else + { + inStream.reset(); + return new X509Certificate(inStream); + } + } + + private X509CRL generateCRL(InputStream inStream) + throws IOException, CRLException + { + if (!inStream.markSupported()) + inStream = new BufferedInputStream(inStream, 8192); + inStream.mark(20); + int i = inStream.read(); + if (i == -1) + throw new EOFException(); + + // If the input is in binary DER format, the first byte MUST be + // 0x30, which stands for the ASN.1 [UNIVERSAL 16], which is the + // UNIVERSAL SEQUENCE, with the CONSTRUCTED bit (0x20) set. + // + // So if we do not see 0x30 here we will assume it is in Base-64. + if (i != 0x30) + { + inStream.reset(); + StringBuffer line = new StringBuffer(80); + do + { + line.setLength(0); + do + { + i = inStream.read(); + if (i == -1) + throw new EOFException(); + if (i != '\n' && i != '\r') + line.append((char) i); + } + while (i != '\n' && i != '\r'); + } + while (!line.toString().startsWith(BEGIN_X509_CRL)); + X509CRL ret = new X509CRL( + new BufferedInputStream(new Base64InputStream(inStream), 8192)); + line.setLength(0); + line.append('-'); // Base64InputStream will eat this. + do + { + i = inStream.read(); + if (i == -1) + throw new EOFException(); + if (i != '\n' && i != '\r') + line.append((char) i); + } + while (i != '\n' && i != '\r'); + // XXX ??? + if (!line.toString().startsWith(END_X509_CRL)) + throw new CRLException("no end-of-CRL marker"); + return ret; + } + else + { + inStream.reset(); + return new X509CRL(inStream); + } + } + +} diff --git a/libjava/gnu/java/security/x509/X500DistinguishedName.java b/libjava/gnu/java/security/x509/X500DistinguishedName.java new file mode 100644 index 00000000000..5284385267a --- /dev/null +++ b/libjava/gnu/java/security/x509/X500DistinguishedName.java @@ -0,0 +1,824 @@ +/* X500DistinguishedName.java -- X.500 name. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.io.IOException; +import java.io.StreamTokenizer; +import java.io.StringReader; + +import java.security.Principal; + +import java.util.HashSet; +import java.util.LinkedList; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +/** + * A X.500 distinguished name. Distinguished names are sequences of + * ATTRIB=VALUE pairs, where ATTRIB is one of the following: + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + *
NameX.500 AttributeTypeObjectIdentifier
CNcommonName2.5.4.3
CcountryName2.5.4.6
LlocalityName2.5.4.7
STstateOrProvinceName2.5.4.8
STREETstreetAddress2.5.4.9
OorganizationName2.5.4.10
OUorganizationUnitName2.5.4.11
DCdomainComponent0.9.2342.19200300.100.1.25
UIDuserid
DNQ or DNQUALIFIER(*)domainNameQualifier2.5.4.46
SURNAME(*)name2.5.4.41
GIVENNAME(*)givenName2.5.4.42
INITIALS(*)initials2.5.4.43
EMAILADDRESS(*)emailAddress2.5.4.44
+ * + *

(*) = attributes not specified in RFC1779 or RFC2253, but + * recognized anyway. + * + *

Distinguished names of this form are used in the lightweight + * directory access protocol (LDAP) and in the issuer and subject fields + * of X.509 certificates. + * + * @author Casey Marshall (rsdio@metastatic.org) + * @see javax.security.auth.x500.X500Principal + * @status DER decoding/encoding works, RFC1779 and RFC2253 need to be + * made more robust. + */ +public class X500DistinguishedName +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + public static final OID CN = new OID("2.5.4.3"); + public static final OID C = new OID("2.5.4.6"); + public static final OID L = new OID("2.5.4.7"); + public static final OID ST = new OID("2.5.4.8"); + public static final OID STREET = new OID("2.5.4.9"); + public static final OID O = new OID("2.5.4.10"); + public static final OID OU = new OID("2.5.4.11"); + public static final OID T = new OID("2.5.4.12"); + public static final OID DNQ = new OID("2.5.4.46"); + public static final OID NAME = new OID("2.5.4.41"); + public static final OID GIVENNAME = new OID("2.5.4.42"); + public static final OID INITIALS = new OID("2.5.4.43"); + public static final OID GENERATION = new OID("2.5.4.44"); + public static final OID EMAIL = new OID("1.2.840.113549.1.9.1"); + public static final OID DC = new OID("0.9.2342.19200300.100.1.25"); + public static final OID UID = new OID("0.9.2342.19200300.100.1.1"); + + private String commonName; + private String country; + private String locality; + private String orgUnit; + private String organization; + private String street; + private String state; + private String title; + private String dnQualifier; + private String surname; + private String givenName; + private String initials; + private String generation; + private String email; + private String domainComponent; + private String userid; + + private String nameRFC1779; + private String nameRFC2253; + private String nameCanonical; + + private transient byte[] encoded; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new X500DistinguishedName from the RFC1779 or RFC2253 + * encoded form. + * + * @param name The encoded name. + * @throws IllegalArgumentException If the name cannot be parsed. + */ + public X500DistinguishedName(String name) + { + if (name == null) + throw new NullPointerException(); + try + { + parseDN(name, true); + } + catch (Exception e) + { + parseDN(name, false); + } + } + + /** + * Create a new X500DistinguishedName from the DER encoded bytes. + * + * @param encoded The encoded form. + * @throws IOException If the bytes are not a valid DER construct. + */ + public X500DistinguishedName(byte[] encoded) throws IOException + { + this(new ByteArrayInputStream(encoded)); + } + + /** + * Create a new X500DistinguishedName from the DER encoded bytes. + * + * @param encoded The encoded form. + * @throws IOException If the bytes are not a valid DER construct. + */ + public X500DistinguishedName(InputStream encoded) throws IOException + { + parseDER(encoded); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public boolean equals(Object o) + { + return + (commonName != null && + commonName.equals(((X500DistinguishedName) o).commonName)) && + (country != null && + country.equals(((X500DistinguishedName) o).country)) && + (locality != null && + locality.equals(((X500DistinguishedName) o).locality)) && + (orgUnit != null && + orgUnit.equals(((X500DistinguishedName) o).orgUnit)) && + (organization != null && + organization.equals(((X500DistinguishedName) o).organization)) && + (street != null && + street.equals(((X500DistinguishedName) o).street)) && + (state != null && + state.equals(((X500DistinguishedName) o).state)) && + (domainComponent != null && + domainComponent.equals(((X500DistinguishedName) o).domainComponent)) && + (title != null && + title.equals(((X500DistinguishedName) o).title)) && + (dnQualifier != null && + dnQualifier.equals(((X500DistinguishedName) o).dnQualifier)) && + (surname != null && + surname.equals(((X500DistinguishedName) o).surname)) && + (givenName != null && + givenName.equals(((X500DistinguishedName) o).givenName)) && + (initials != null && + initials.equals(((X500DistinguishedName) o).initials)) && + (generation != null && + generation.equals(((X500DistinguishedName) o).generation)) && + (email != null && + email.equals(((X500DistinguishedName) o).email)) && + (userid != null && + userid.equals(((X500DistinguishedName) o).userid)); + } + + public byte[] getEncoded() + { + if (encoded == null) + encoded = encodeDER(); + return (byte[]) encoded.clone(); + } + + private static String quote(String str) + { + if (str.indexOf(" ") > 0 || str.indexOf("\f") > 0 || + str.indexOf("\n") > 0 || str.indexOf("\r") > 0 || + str.indexOf("\t") > 0) + str = '"' + str + '"'; + // XXX needs regex + //return str.replaceAll("([,+\"\\<>;])", "\\\1"); + return str; + } + + public String toRFC1779() + { + if (nameRFC1779 != null) + return nameRFC1779; + StringBuffer buf = new StringBuffer(); + if (commonName != null) + buf.append("CN=").append(quote(commonName)).append(", "); + if (country != null) + buf.append("C=").append(quote(country)).append(", "); + if (locality != null) + buf.append("L=").append(quote(locality)).append(", "); + if (orgUnit != null) + buf.append("OU=").append(quote(orgUnit)).append(", "); + if (organization != null) + buf.append("O=").append(quote(organization)).append(", "); + if (street != null) + buf.append("STREET=").append(quote(street)).append(", "); + if (state != null) + buf.append("ST=").append(quote(state)).append(", "); + if (title != null) + buf.append(T).append("=").append(quote(title)).append(", "); + if (dnQualifier != null) + buf.append(DNQ).append("=").append(quote(dnQualifier)).append(", "); + if (surname != null) + buf.append(NAME).append("=").append(quote(surname)).append(", "); + if (givenName != null) + buf.append(GIVENNAME).append("=").append(quote(givenName)).append(", "); + if (initials != null) + buf.append(INITIALS).append("=").append(quote(initials)).append(", "); + if (generation != null) + buf.append(GENERATION).append("=").append(quote(generation)).append(", "); + if (email != null) + buf.append(EMAIL).append("=").append(quote(email)).append(", "); + if (domainComponent != null) + buf.append(DC).append("=").append(quote(domainComponent)).append(", "); + if (userid != null) + buf.append(UID).append("=").append(quote(userid)).append(", "); + // XXX escapes + return (nameRFC1779 = buf.substring(0, buf.length()-2)); + } + + public String toRFC2253() + { + if (nameRFC2253 != null) + return nameRFC2253; + StringBuffer buf = new StringBuffer(); + if (commonName != null) + buf.append("CN=").append(quote(commonName)).append(","); + if (country != null) + buf.append("C=").append(quote(country)).append(","); + if (locality != null) + buf.append("L=").append(quote(locality)).append(","); + if (orgUnit != null) + buf.append("OU=").append(quote(orgUnit)).append(","); + if (organization != null) + buf.append("O=").append(quote(organization)).append(","); + if (street != null) + buf.append("STREET=").append(quote(street)).append(","); + if (state != null) + buf.append("ST=").append(quote(state)).append(","); + if (title != null) + buf.append(T).append("=").append(quote(title)).append(","); + if (dnQualifier != null) + buf.append(DNQ).append("=").append(quote(dnQualifier)).append(","); + if (surname != null) + buf.append(NAME).append("=").append(quote(surname)).append(","); + if (givenName != null) + buf.append(GIVENNAME).append("=").append(quote(givenName)).append(","); + if (initials != null) + buf.append(INITIALS).append("=").append(quote(initials)).append(","); + if (generation != null) + buf.append(GENERATION).append("=").append(quote(generation)).append(","); + if (email != null) + buf.append(EMAIL).append("=").append(quote(email)).append(","); + if (domainComponent != null) + buf.append(DC).append("=").append(quote(domainComponent)).append(","); + if (userid != null) + buf.append(UID).append("=").append(quote(userid)).append(","); + // XXX escapes. + return (nameRFC2253 = buf.substring(0, buf.length()-1)); + } + + public String toCanonical() + { + if (nameCanonical != null) + return nameCanonical; + nameCanonical = toRFC2253(); + return nameCanonical; // XXX canonicalize + } + + public String getCommonName() + { + return commonName; + } + + public String getCountry() + { + return country; + } + + public String getLocality() + { + return locality; + } + + public String getOrganizationalUnit() + { + return orgUnit; + } + + public String getOrganization() + { + return organization; + } + + public String getStreet() + { + return street; + } + + public String getState() + { + return state; + } + + public String getTitle() + { + return title; + } + + public String getDNQualifier() + { + return dnQualifier; + } + + public String getSurname() + { + return surname; + } + + public String getGivenName() + { + return givenName; + } + + public String getInitials() + { + return initials; + } + + public String getGeneration() + { + return generation; + } + + public String getEmail() + { + return email; + } + + public String getDomain() + { + return domainComponent; + } + + public String getUserID() + { + return userid; + } + + // Own methods. + // ------------------------------------------------------------------------ + + private static String unquote(String str) + { + if (str.startsWith("\"") && str.endsWith("\"")) + str = str.substring(1, str.length()-1); + // XXX needs regex + //return str.replaceAll("\\([,+\"\\<>;])", "\1"); + return str; + } + + private void parseDN(String name, boolean rfc2253) + { + if (name.length() == 0) + throw new IllegalArgumentException("zero-length distinguished name"); + StreamTokenizer parse = new StreamTokenizer(new StringReader(name)); + parse.resetSyntax(); + parse.wordChars('\000', '~'); + parse.ordinaryChar('#'); + parse.ordinaryChar(','); + parse.ordinaryChar('='); + parse.ordinaryChar('<'); + parse.ordinaryChar('>'); + parse.ordinaryChar(';'); + parse.ordinaryChar('\\'); + parse.quoteChar('"'); + String attrib = null; + String value = null; + int token, lastToken = ','; + while (true) + { + try + { + token = parse.nextToken(); + } + catch (IOException ioe) + { + throw new IllegalArgumentException(); + } + switch (token) + { + case StreamTokenizer.TT_WORD: + if (lastToken == ',' || lastToken == '+' || + (!rfc2253 && lastToken == ';')) + attrib = parse.sval.trim(); + else if (lastToken == '=') + value = unquote(parse.sval.trim()); + else + throw new IllegalArgumentException(); + break; + case '"': + if (lastToken == '=') + value = parse.sval; + else + throw new IllegalArgumentException(); + break; + case ';': + if (rfc2253) + throw new IllegalArgumentException(); + case ',': + case '+': + if (attrib == null || value == null) + throw new IllegalArgumentException("extraneous separator"); + try + { + setAttribute(new OID(attrib), value); + } + catch (Exception x) + { + setAttribute(attrib, value); + } + attrib = null; + value = null; + break; + case '=': + break; + case StreamTokenizer.TT_EOF: + return; + default: + throw new IllegalArgumentException("unknown token " + (char)token + + " (" + token + ")"); + } + lastToken = token; + } + } + + private void parseDER(InputStream in) throws IOException + { + DERReader der = new DERReader(in); + DERValue name = der.read(); + if (!name.isConstructed()) + throw new ASN1ParsingException("badly formed Name"); + int len = 0; + while (len < name.getLength()) + { + DERValue rdn = der.read(); + if (rdn.getValue() != DER.CONSTRUCTED_VALUE) + throw new ASN1ParsingException("badly formed RDNSequence"); + int len2 = 0; + while (len2 < rdn.getLength()) + { + DERValue atav = der.read(); + if (atav.getValue() != DER.CONSTRUCTED_VALUE) + throw new ASN1ParsingException( + "badly formed AttributeTypeAndValue"); + OID atype = (OID) der.read().getValue(); + String aval = (String) der.read().getValue(); + setAttribute(atype, aval); + len2 += 1 + atav.getLength() + + DERWriter.definiteEncodingSize(atav.getLength()); + } + len += len2 + 1 + DERWriter.definiteEncodingSize(name.getLength()); + } + } + + private byte[] encodeDER() + { + try + { + LinkedList name = new LinkedList(); + if (commonName != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, CN)); + atav.add(new DERValue(DER.PRINTABLE_STRING, commonName)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (country != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, C)); + atav.add(new DERValue(DER.PRINTABLE_STRING, country)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (locality != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, L)); + atav.add(new DERValue(DER.PRINTABLE_STRING, locality)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (orgUnit != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, OU)); + atav.add(new DERValue(DER.PRINTABLE_STRING, orgUnit)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (organization != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, O)); + atav.add(new DERValue(DER.PRINTABLE_STRING, organization)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (street != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, STREET)); + atav.add(new DERValue(DER.PRINTABLE_STRING, street)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (state != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, ST)); + atav.add(new DERValue(DER.PRINTABLE_STRING, state)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (title != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, T)); + atav.add(new DERValue(DER.PRINTABLE_STRING, title)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (dnQualifier != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, DNQ)); + atav.add(new DERValue(DER.PRINTABLE_STRING, dnQualifier)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (surname != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, NAME)); + atav.add(new DERValue(DER.PRINTABLE_STRING, surname)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (givenName != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, GIVENNAME)); + atav.add(new DERValue(DER.PRINTABLE_STRING, givenName)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (initials != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, INITIALS)); + atav.add(new DERValue(DER.PRINTABLE_STRING, initials)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (generation != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, GENERATION)); + atav.add(new DERValue(DER.PRINTABLE_STRING, generation)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (email != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, EMAIL)); + atav.add(new DERValue(DER.PRINTABLE_STRING, email)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (domainComponent != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, DC)); + atav.add(new DERValue(DER.PRINTABLE_STRING, domainComponent)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + if (userid != null) + { + HashSet rdn = new HashSet(); + LinkedList atav = new LinkedList(); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, UID)); + atav.add(new DERValue(DER.PRINTABLE_STRING, userid)); + rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav)); + name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn)); + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + DERWriter.write(out, new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, name)); + return out.toByteArray(); + } + catch (IOException ioe) + { + throw new Error(ioe); + } + } + + private void setAttribute(String atype, String aval) + { + if (atype.equals("CN")) + commonName = aval; + else if (atype.equals("C")) + country = aval; + else if (atype.equals("L")) + locality = aval; + else if (atype.equals("ST")) + state = aval; + else if (atype.equals("STREET")) + street = aval; + else if (atype.equals("O")) + organization = aval; + else if (atype.equals("OU")) + orgUnit = aval; + else if (atype.equals("T")) + title = aval; + else if (atype.equals("DNQ") || atype.equals("DNQUALIFIER")) + dnQualifier = aval; + else if (atype.equals("SURNAME")) + surname = aval; + else if (atype.equals("GIVENNAME")) + givenName = aval; + else if (atype.equals("INITIALS")) + initials = aval; + else if (atype.equals("GENERATION")) + generation = aval; + else if (atype.equals("EMAILADDRESS")) + email = aval; + else if (atype.equals("DC")) + domainComponent = aval; + else if (atype.equals("UID")) + userid = aval; + else + throw new IllegalArgumentException("unknown attribute " + atype); + } + + private void setAttribute(OID atype, String aval) + { + if (atype.equals(CN)) + commonName = aval; + else if (atype.equals(C)) + country = aval; + else if (atype.equals(L)) + locality = aval; + else if (atype.equals(ST)) + state = aval; + else if (atype.equals(STREET)) + street = aval; + else if (atype.equals(O)) + organization = aval; + else if (atype.equals(OU)) + orgUnit = aval; + else if (atype.equals(T)) + title = aval; + else if (atype.equals(DNQ)) + dnQualifier = aval; + else if (atype.equals(NAME)) + surname = aval; + else if (atype.equals(GIVENNAME)) + givenName = aval; + else if (atype.equals(INITIALS)) + initials = aval; + else if (atype.equals(GENERATION)) + generation = aval; + else if (atype.equals(EMAIL)) + email = aval; + else if (atype.equals(DC)) + domainComponent = aval; + else if (atype.equals(UID)) + userid = aval; + else + throw new IllegalArgumentException("unknown attribute " + atype); + } +} diff --git a/libjava/gnu/java/security/x509/X509CRL.java b/libjava/gnu/java/security/x509/X509CRL.java new file mode 100644 index 00000000000..6205c0f8955 --- /dev/null +++ b/libjava/gnu/java/security/x509/X509CRL.java @@ -0,0 +1,404 @@ +/* X509CRL.java -- X.509 certificate revocation list. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509; + +import java.io.InputStream; +import java.io.IOException; + +import java.math.BigInteger; + +import java.util.Calendar; +import java.util.Collections; +import java.util.Date; +import java.util.HashSet; +import java.util.HashMap; +import java.util.Set; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.Principal; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.Certificate; +import java.security.cert.CRLException; +import java.security.cert.X509CRLEntry; + +import javax.security.auth.x500.X500Principal; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.BitString; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +/** + * X.509 certificate revocation lists. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class X509CRL extends java.security.cert.X509CRL +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + private static final OID ID_DSA = new OID("1.2.840.10040.4.1"); + private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3"); + private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1"); + private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2"); + private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4"); + private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5"); + + private byte[] encoded; + + private byte[] tbsCRLBytes; + private int version; + private OID algId; + private byte[] algParams; + private Date thisUpdate; + private Date nextUpdate; + private X500Principal issuerDN; + private HashMap revokedCerts; + private HashMap extensions; + private HashSet critOids; + private HashSet nonCritOids; + + private OID sigAlg; + private byte[] sigAlgParams; + private byte[] rawSig; + private byte[] signature; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new X.509 CRL. + * + * @param encoded The DER encoded CRL. + * @throws CRLException If the input bytes are incorrect. + * @throws IOException If the input bytes cannot be read. + */ + public X509CRL(InputStream encoded) throws CRLException, IOException + { + super(); + revokedCerts = new HashMap(); + extensions = new HashMap(); + critOids = new HashSet(); + nonCritOids = new HashSet(); + try + { + parse(encoded); + } + catch (IOException ioe) + { + ioe.printStackTrace(); + throw ioe; + } + catch (Exception x) + { + x.printStackTrace(); + throw new CRLException(x.toString()); + } + } + + // X509CRL methods. + // ------------------------------------------------------------------------ + + public boolean equals(Object o) + { + return ((X509CRL) o).revokedCerts.equals(revokedCerts); + } + + public int hashCode() + { + return revokedCerts.hashCode(); + } + + public byte[] getEncoded() throws CRLException + { + return (byte[]) encoded.clone(); + } + + public void verify(PublicKey key) + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException + { + Signature sig = Signature.getInstance(sigAlg.toString()); + doVerify(sig, key); + } + + public void verify(PublicKey key, String provider) + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException + { + Signature sig = Signature.getInstance(sigAlg.toString(), provider); + doVerify(sig, key); + } + + public int getVersion() + { + return version; + } + + public Principal getIssuerDN() + { + return issuerDN; + } + + public X500Principal getIssuerX500Principal() + { + return issuerDN; + } + + public Date getThisUpdate() + { + return (Date) thisUpdate.clone(); + } + + public Date getNextUpdate() + { + if (nextUpdate != null) + return (Date) nextUpdate.clone(); + return null; + } + + public X509CRLEntry getRevokedCertificate(BigInteger serialNo) + { + return (X509CRLEntry) revokedCerts.get(serialNo); + } + + public Set getRevokedCertificates() + { + return Collections.unmodifiableSet(new HashSet(revokedCerts.values())); + } + + public byte[] getTBSCertList() throws CRLException + { + return (byte[]) tbsCRLBytes.clone(); + } + + public byte[] getSignature() + { + return (byte[]) rawSig.clone(); + } + + public String getSigAlgName() + { + if (sigAlg.equals(ID_DSA_WITH_SHA1)) + return "SHA1withDSA"; + if (sigAlg.equals(ID_RSA_WITH_MD2)) + return "MD2withRSA"; + if (sigAlg.equals(ID_RSA_WITH_MD5)) + return "MD5withRSA"; + if (sigAlg.equals(ID_RSA_WITH_SHA1)) + return "SHA1withRSA"; + return "unknown"; + } + + public String getSigAlgOID() + { + return sigAlg.toString(); + } + + public byte[] getSigAlgParams() + { + if (sigAlgParams != null) + return (byte[]) sigAlgParams.clone(); + return null; + } + + // X509Extension methods. + // ------------------------------------------------------------------------ + + public boolean hasUnsupportedCriticalExtension() + { + return false; // XXX + } + + public Set getCriticalExtensionOIDs() + { + return Collections.unmodifiableSet(critOids); + } + + public Set getNonCriticalExtensionOIDs() + { + return Collections.unmodifiableSet(nonCritOids); + } + + public byte[] getExtensionValue(String oid) + { + byte[] ext = (byte[]) extensions.get(oid); + if (ext != null) + return (byte[]) ext.clone(); + return null; + } + + // CRL methods. + // ------------------------------------------------------------------------ + + public String toString() + { + return gnu.java.security.x509.X509CRL.class.getName(); + } + + public boolean isRevoked(Certificate cert) + { + if (!(cert instanceof java.security.cert.X509Certificate)) + throw new IllegalArgumentException("not a X.509 certificate"); + BigInteger certSerial = + ((java.security.cert.X509Certificate) cert).getSerialNumber(); + X509CRLEntry ent = (X509CRLEntry) revokedCerts.get(certSerial); + if (ent == null) + return false; + return ent.getRevocationDate().compareTo(new Date()) < 0; + } + + // Own methods. + // ------------------------------------------------------------------------ + + private void doVerify(Signature sig, PublicKey key) + throws CRLException, InvalidKeyException, SignatureException + { + sig.initVerify(key); + sig.update(tbsCRLBytes); + if (!sig.verify(signature)) + throw new CRLException("signature not verified"); + } + + private void parse(InputStream in) throws Exception + { + DERReader der = new DERReader(in); + DERValue val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed CertificateList"); + encoded = val.getEncoded(); + + val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed TBSCertList"); + tbsCRLBytes = val.getEncoded(); + + val = der.read(); + if (val.getValue() instanceof BigInteger) + { + version = ((BigInteger) val.getValue()).intValue() + 1; + val = der.read(); + } + else + version = 1; + + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + DERValue algIdVal = der.read(); + algId = (OID) algIdVal.getValue(); + if (val.getLength() > algIdVal.getEncodedLength()) + { + val = der.read(); + algParams = val.getEncoded(); + if (val.isConstructed()) + in.skip(val.getLength()); + } + + issuerDN = new X500Principal(in); + + thisUpdate = (Date) der.read().getValue(); + + val = der.read(); + if (val.getValue() instanceof Date) + { + nextUpdate = (Date) val.getValue(); + val = der.read(); + } + if (val.getTag() != 0) + { + int len = 0; + while (len < val.getLength()) + { + X509CRLEntry entry = + new gnu.java.security.x509.X509CRLEntry(version, in); + revokedCerts.put(entry.getSerialNumber(), entry); + len += entry.getEncoded().length; + } + } + if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0) + { + val = der.read(); + int len = 0; + while (len < val.getLength()) + { + DERValue ext = der.read(); + OID extId = (OID) der.read().getValue(); + DERValue val2 = der.read(); + Boolean crit = Boolean.valueOf(false); + if (val2.getValue() instanceof Boolean) + { + crit = (Boolean) val2.getValue(); + val2 = der.read(); + } + byte[] extVal = (byte[]) val2.getValue(); + extensions.put(extId.toString(), extVal); + if (crit.booleanValue()) + critOids.add(extId.toString()); + else + nonCritOids.add(extId.toString()); + len += ext.getEncodedLength(); + } + } + + val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + DERValue sigAlgVal = der.read(); + sigAlg = (OID) sigAlgVal.getValue(); + if (val.getLength() > sigAlgVal.getEncodedLength()) + { + val = der.read(); + sigAlgParams = (byte[]) val.getEncoded(); + if (val.isConstructed()) + in.skip(val.getLength()); + } + val = der.read(); + rawSig = val.getEncoded(); + signature = ((BitString) val.getValue()).toByteArray(); + } +} diff --git a/libjava/gnu/java/security/x509/X509CRLEntry.java b/libjava/gnu/java/security/x509/X509CRLEntry.java new file mode 100644 index 00000000000..4057c60a22a --- /dev/null +++ b/libjava/gnu/java/security/x509/X509CRLEntry.java @@ -0,0 +1,236 @@ +/* X509CRLEntry.java -- entry in a X.509 CRL. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509; + +import java.io.InputStream; +import java.io.IOException; + +import java.math.BigInteger; + +import java.security.cert.CRLException; + +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Set; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +/** + * A single entry in a X.509 certificate revocation list. + * + * @see X509CRL + * @author Casey Marshall + */ +class X509CRLEntry extends java.security.cert.X509CRLEntry +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The DER encoded form of this CRL entry. */ + private byte[] encoded; + + /** The revoked certificate's serial number. */ + private BigInteger serialNo; + + /** The date the certificate was revoked. */ + private Date revocationDate; + + /** The encoded extensions. */ + private HashMap extensions; + + /** The set of critical extension OIDs. */ + private HashSet critOids; + + /** the set of non-critical extension OIDs. */ + private HashSet nonCritOids; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new X.509 certificate revocation list entry from the given + * input stream and CRL version number. + * + * @param version The CRL version. + * @param encoded The stream of DER bytes. + * @throws CRLException If the ASN.1 structure is invalid. + * @throws IOException If the bytes cannot be read. + */ + X509CRLEntry(int version, InputStream encoded) + throws CRLException, IOException + { + super(); + extensions = new HashMap(); + critOids = new HashSet(); + nonCritOids = new HashSet(); + try + { + parse(version, encoded); + } + catch (IOException ioe) + { + throw ioe; + } + catch (Exception x) + { + throw new CRLException(x.toString()); + } + } + + // X509CRLEntry methods. + // ------------------------------------------------------------------------ + + public boolean equals(Object o) + { + return ((X509CRLEntry) o).serialNo.equals(serialNo) && + ((X509CRLEntry) o).revocationDate.equals(revocationDate); + } + + public int hashCode() + { + return serialNo.hashCode(); + } + + public byte[] getEncoded() throws CRLException + { + return (byte[]) encoded.clone(); + } + + public BigInteger getSerialNumber() + { + return serialNo; + } + + public Date getRevocationDate() + { + return (Date) revocationDate.clone(); + } + + public boolean hasExtensions() + { + return ! extensions.isEmpty(); + } + + public String toString() + { + return "X509CRLEntry serial=" + serialNo + " revocation date=" + + revocationDate + " critExt=" + critOids + " ext=" + nonCritOids; + } + + // X509Extension methods. + // ------------------------------------------------------------------------ + + public boolean hasUnsupportedCriticalExtension() + { + return false; // XXX + } + + public Set getCriticalExtensionOIDs() + { + return Collections.unmodifiableSet(critOids); + } + + public Set getNonCriticalExtensionOIDs() + { + return Collections.unmodifiableSet(nonCritOids); + } + + public byte[] getExtensionValue(String oid) + { + byte[] ext = (byte[]) extensions.get(oid); + if (ext != null) + return (byte[]) ext.clone(); + return null; + } + + // Own methods. + // ------------------------------------------------------------------------ + + private void parse(int version, InputStream in) throws Exception + { + DERReader der = new DERReader(in); + DERValue entry = der.read(); + if (!entry.isConstructed()) + throw new ASN1ParsingException("malformed revokedCertificate"); + encoded = entry.getEncoded(); + int len = 0; + DERValue val = der.read(); + serialNo = (BigInteger) val.getValue(); + len += DERWriter.definiteEncodingSize(val.getLength()) + + val.getLength() + 1; + val = der.read(); + revocationDate = (Date) val.getValue(); + len += DERWriter.definiteEncodingSize(val.getLength()) + + val.getLength() + 1; + + if (len < entry.getLength()) + { + if (version < 2) + throw new ASN1ParsingException("extra data in CRL entry"); + while (len < entry.getLength()) + { + val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed Extension"); + OID extOid = (OID) der.read().getValue(); + Boolean critical = Boolean.valueOf(false); + DERValue val2 = der.read(); + if (val2.getValue() instanceof Boolean) + { + critical = (Boolean) val2.getValue(); + val2 = der.read(); + } + byte[] ext = (byte[]) val2.getValue(); + extensions.put(extOid.toString(), ext); + if (critical.booleanValue()) + critOids.add(extOid.toString()); + else + nonCritOids.add(extOid.toString()); + len += val.getEncodedLength(); + } + } + } +} diff --git a/libjava/gnu/java/security/x509/X509Certificate.java b/libjava/gnu/java/security/x509/X509Certificate.java new file mode 100644 index 00000000000..bb66f2e67b6 --- /dev/null +++ b/libjava/gnu/java/security/x509/X509Certificate.java @@ -0,0 +1,693 @@ +/* X509Certificate.java -- X.509 certificate. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.io.IOException; +import java.io.Serializable; + +import java.math.BigInteger; + +import java.security.AlgorithmParameters; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateParsingException; + +import java.security.spec.DSAParameterSpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.RSAPublicKeySpec; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.BitString; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +/** + * An implementation of X.509 certificates. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class X509Certificate extends java.security.cert.X509Certificate + implements Serializable +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + private static final OID ID_DSA = new OID("1.2.840.10040.4.1"); + private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3"); + private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1"); + private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2"); + private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4"); + private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5"); + + private static final OID ID_EXTENSION = new OID("2.5.29"); + private static final OID ID_KEY_USAGE = ID_EXTENSION.getChild(15); + private static final OID ID_BASIC_CONSTRAINTS = ID_EXTENSION.getChild(19); + private static final OID ID_EXT_KEY_USAGE = ID_EXTENSION.getChild(37); + + private static final int OTHER_NAME = 0; + private static final int RFC882_NAME = 1; + private static final int DNS_NAME = 2; + private static final int X400_ADDRESS = 3; + private static final int DIRECTORY_NAME = 4; + private static final int EDI_PARTY_NAME = 5; + private static final int URI = 6; + private static final int IP_ADDRESS = 7; + private static final int REGISTERED_ID = 8; + + // This object SHOULD be serialized with an instance of + // java.security.cert.Certificate.CertificateRep, thus all fields are + // transient. + + // The encoded certificate. + private transient byte[] encoded; + + // TBSCertificate part. + private transient byte[] tbsCertBytes; + private transient int version; + private transient BigInteger serialNo; + private transient OID algId; + private transient byte[] algVal; + private transient X500Principal issuer; + private transient Date notBefore; + private transient Date notAfter; + private transient X500Principal subject; + private transient PublicKey subjectKey; + private transient BitString issuerUniqueId; + private transient BitString subjectUniqueId; + private transient HashMap extensions; + private transient HashSet critOids; + private transient HashSet nonCritOids; + + private transient BitString keyUsage; + private transient int basicConstraints = -1; + + // Signature. + private transient OID sigAlgId; + private transient byte[] sigAlgVal; + private transient byte[] signature; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new X.509 certificate from the encoded data. The input + * data are expected to be the ASN.1 DER encoding of the certificate. + * + * @param encoded The encoded certificate data. + * @throws IOException If the certificate cannot be read, possibly + * from a formatting error. + * @throws CertificateException If the data read is not an X.509 + * certificate. + */ + public X509Certificate(InputStream encoded) + throws CertificateException, IOException + { + super(); + extensions = new HashMap(); + critOids = new HashSet(); + nonCritOids = new HashSet(); + try + { + parse(encoded); + } + catch (IOException ioe) + { + throw ioe; + } + catch (Exception e) + { + throw new CertificateException(e.toString()); + } + } + + // X509Certificate methods. + // ------------------------------------------------------------------------ + + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException + { + checkValidity(new Date()); + } + + public void checkValidity(Date date) + throws CertificateExpiredException, CertificateNotYetValidException + { + if (date.compareTo(notBefore) < 0) + throw new CertificateNotYetValidException(); + if (date.compareTo(notAfter) > 0) + throw new CertificateExpiredException(); + } + + public int getVersion() + { + return version; + } + + public BigInteger getSerialNumber() + { + return serialNo; + } + + public Principal getIssuerDN() + { + return getIssuerX500Principal(); + } + + public X500Principal getIssuerX500Principal() + { + return issuer; + } + + public Principal getSubjectDN() + { + return getSubjectX500Principal(); + } + + public X500Principal getSubjectX500Principal() + { + return subject; + } + + public Date getNotBefore() + { + return (Date) notBefore.clone(); + } + + public Date getNotAfter() + { + return (Date) notAfter.clone(); + } + + public byte[] getTBSCertificate() throws CertificateEncodingException + { + return (byte[]) tbsCertBytes.clone(); + } + + public byte[] getSignature() + { + return (byte[]) signature.clone(); + } + + public String getSigAlgName() + { + if (sigAlgId.equals(ID_DSA_WITH_SHA1)) + return "SHA1withDSA"; + if (sigAlgId.equals(ID_RSA_WITH_MD2 )) + return "MD2withRSA"; + if (sigAlgId.equals(ID_RSA_WITH_MD5 )) + return "MD5withRSA"; + if (sigAlgId.equals(ID_RSA_WITH_SHA1 )) + return "SHA1withRSA"; + return "unknown"; + // return sigAlgId.getShortName(); + } + + public String getSigAlgOID() + { + return sigAlgId.toString(); + } + + public byte[] getSigAlgParams() + { + return (byte[]) sigAlgVal.clone(); + } + + public boolean[] getIssuerUniqueID() + { + if (issuerUniqueId != null) + return issuerUniqueId.toBooleanArray(); + return null; + } + + public boolean[] getSubjectUniqueID() + { + if (subjectUniqueId != null) + return subjectUniqueId.toBooleanArray(); + return null; + } + + public boolean[] getKeyUsage() + { + if (keyUsage != null) + return keyUsage.toBooleanArray(); + return null; + } + + public List getExtendedKeyUsage() throws CertificateParsingException + { + byte[] ext = (byte[]) extensions.get("2.5.29.37"); + if (ext == null) + return null; + LinkedList usages = new LinkedList(); + try + { + DERReader der = new DERReader(new ByteArrayInputStream(ext)); + DERValue seq = der.read(); + if (!seq.isConstructed()) + throw new CertificateParsingException(); + int len = 0; + while (len < seq.getLength()) + { + DERValue oid = der.read(); + if (!(oid.getValue() instanceof OID)) + throw new CertificateParsingException(); + usages.add(oid.getValue().toString()); + len += DERWriter.definiteEncodingSize(oid.getLength()) + + oid.getLength() + 1; + } + } + catch (IOException ioe) + { + throw new CertificateParsingException(); + } + return usages; + } + + public int getBasicConstraints() + { + return basicConstraints; + } + + public Collection getSubjectAlternativeNames() + throws CertificateParsingException + { + byte[] ext = getExtensionValue("2.5.29.17"); + if (ext == null) + return null; + return getAltNames(ext); + } + + public Collection getIssuerAlternativeNames() + throws CertificateParsingException + { + byte[] ext = getExtensionValue("2.5.29.18"); + if (ext == null) + return null; + return getAltNames(ext); + } + + // X509Extension methods. + // ------------------------------------------------------------------------ + + public boolean hasUnsupportedCriticalExtension() + { + for (Iterator it = critOids.iterator(); it.hasNext(); ) + { + String oid = (String) it.next(); + if (!oid.equals("2.5.29.15") && !oid.equals("2.5.29.17") && + !oid.equals("2.5.29.18") && !oid.equals("2.5.29.19") && + !oid.equals("2.5.29.37")) + return true; + } + return false; + } + + public Set getCriticalExtensionOIDs() + { + return Collections.unmodifiableSet(critOids); + } + + public Set getNonCriticalExtensionOIDs() + { + return Collections.unmodifiableSet(nonCritOids); + } + + public byte[] getExtensionValue(String oid) + { + byte[] ext = (byte[]) extensions.get(oid); + if (ext != null) + return (byte[]) ext.clone(); + return null; + } + + // Certificate methods. + // ------------------------------------------------------------------------ + + public byte[] getEncoded() throws CertificateEncodingException + { + return (byte[]) encoded.clone(); + } + + public void verify(PublicKey key) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature sig = Signature.getInstance(sigAlgId.toString()); + doVerify(sig, key); + } + + public void verify(PublicKey key, String provider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature sig = Signature.getInstance(sigAlgId.toString(), provider); + doVerify(sig, key); + } + + public String toString() + { + // XXX say more than this. + return gnu.java.security.x509.X509Certificate.class.getName(); + } + + public PublicKey getPublicKey() + { + return subjectKey; + } + + public Object writeReplace() throws java.io.ObjectStreamException + { + return super.writeReplace(); + } + + // Own methods. + // ------------------------------------------------------------------------ + + /** + * Verify this certificate's signature. + */ + private void doVerify(Signature sig, PublicKey key) + throws CertificateException, InvalidKeyException, SignatureException + { + sig.initVerify(key); + sig.update(tbsCertBytes); + if (!sig.verify(signature)) + throw new CertificateException("signature not validated"); + } + + /** + * Read a GeneralNames structure. + */ + private List getAltNames(byte[] encoded) + throws CertificateParsingException + { + LinkedList names = new LinkedList(); + try + { + ByteArrayInputStream in = new ByteArrayInputStream(encoded); + DERReader der = new DERReader(in); + DERValue seq = der.read(); + if (!seq.isConstructed()) + throw new CertificateParsingException(); + int len = 0; + while (len < seq.getLength()) + { + DERValue name = der.read(); + ArrayList pair = new ArrayList(2); + Object nameVal = null; + switch (name.getTag()) + { + case RFC882_NAME: + case DNS_NAME: + case URI: + nameVal = new String((byte[]) name.getValue()); + break; + case IP_ADDRESS: + nameVal = java.net.InetAddress.getByAddress( + (byte[]) name.getValue()).getHostAddress(); + break; + case REGISTERED_ID: + nameVal = new OID((byte[]) name.getValue()); + break; + case OTHER_NAME: + case X400_ADDRESS: + case DIRECTORY_NAME: + case EDI_PARTY_NAME: + nameVal = name.getEncoded(); + break; + default: + throw new CertificateParsingException(); + } + pair.add(new Integer(name.getTag())); + pair.add(nameVal); + names.add(pair); + if (name.isConstructed()) + in.skip(name.getLength()); + len += name.getEncodedLength(); + } + } + catch (IOException ioe) + { + throw new CertificateParsingException(ioe.toString()); + } + return Collections.unmodifiableList(names); + } + + /** + * Parse a DER stream into an X.509 certificate. + * + * @param encoded The encoded bytes. + */ + private void parse(InputStream encoded) throws Exception + { + DERReader der = new DERReader(encoded); + + // Certificate ::= SEQUENCE { + DERValue cert = der.read(); + this.encoded = cert.getEncoded(); + if (!cert.isConstructed()) + throw new ASN1ParsingException("malformed Certificate"); + + // TBSCertificate ::= SEQUENCE { + DERValue tbsCert = der.read(); + if (tbsCert.getValue() != DER.CONSTRUCTED_VALUE) + throw new ASN1ParsingException("malformed TBSCertificate"); + tbsCertBytes = tbsCert.getEncoded(); + + DERValue val = der.read(); + if (val.getTagClass() == DER.CONTEXT && val.getTag() == 0) + { + // Version ::= INTEGER [0] { v1(0), v2(1), v3(2) } + version = ((BigInteger) der.read().getValue()).intValue() + 1; + val = der.read(); + } + else + { + version = 1; + } + // SerialNumber ::= INTEGER + serialNo = (BigInteger) val.getValue(); + + // AlgorithmIdentifier ::= SEQUENCE { + val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + int certAlgLen = val.getLength(); + val = der.read(); + algId = (OID) val.getValue(); + if (certAlgLen > val.getEncodedLength()) + { + val = der.read(); + if (val == null) + algVal = null; + else + algVal = val.getEncoded(); + if (val.isConstructed()) + encoded.skip(val.getLength()); + } + + issuer = new X500Principal(encoded); + + if (!der.read().isConstructed()) + throw new ASN1ParsingException("malformed Validity"); + notBefore = (Date) der.read().getValue(); + notAfter = (Date) der.read().getValue(); + + subject = new X500Principal(encoded); + + if (!der.read().isConstructed()) + throw new ASN1ParsingException("malformed SubjectPublicKeyInfo"); + + val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + int keyAlgLen = val.getLength(); + val = der.read(); + OID keyID = (OID) val.getValue(); + byte[] keyParams = null; + if (keyAlgLen > val.getEncodedLength()) + { + val = der.read(); + keyParams = val.getEncoded(); + if (algVal == null) + algVal = keyParams; + if (val.isConstructed()) + encoded.skip(val.getLength()); + } + val = der.read(); + byte[] keyVal = ((BitString) val.getValue()).toByteArray(); + + if (keyID.equals(ID_DSA)) + { + AlgorithmParameters params = AlgorithmParameters.getInstance("DSA"); + params.init(keyParams, "ASN.1"); + KeyFactory keyFac = KeyFactory.getInstance("DSA"); + DSAParameterSpec spec = (DSAParameterSpec) + params.getParameterSpec(DSAParameterSpec.class); + subjectKey = keyFac.generatePublic(new DSAPublicKeySpec( + (BigInteger) new DERReader(keyVal).read().getValue(), + spec.getP(), spec.getQ(), spec.getG())); + } + else if (keyID.equals(ID_RSA)) + { + KeyFactory keyFac = KeyFactory.getInstance("RSA"); + DERReader rsaKey = new DERReader(keyVal); + if (!rsaKey.read().isConstructed()) + throw new ASN1ParsingException("malformed RSAPublicKey"); + subjectKey = keyFac.generatePublic(new RSAPublicKeySpec( + (BigInteger) rsaKey.read().getValue(), + (BigInteger) rsaKey.read().getValue())); + } + else + throw new ASN1ParsingException("unknown key algorithm " + keyID); + + if (version > 1) + val = der.read(); + if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 1) + { + byte[] b = (byte[]) val.getValue(); + issuerUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF); + val = der.read(); + } + if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 2) + { + byte[] b = (byte[]) val.getValue(); + subjectUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF); + val = der.read(); + } + if (version >= 3 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 3) + { + val = der.read(); + int len = 0; + while (len < val.getLength()) + { + DERValue ext = der.read(); + OID extId = (OID) der.read().getValue(); + DERValue val2 = der.read(); + Boolean crit = Boolean.valueOf(false); + if (val2.getValue() instanceof Boolean) + { + crit = (Boolean) val2.getValue(); + val2 = der.read(); + } + byte[] extVal = (byte[]) val2.getValue(); + extensions.put(extId.toString(), extVal); + if (crit.booleanValue()) + critOids.add(extId.toString()); + else + nonCritOids.add(extId.toString()); + if (extId.equals(ID_KEY_USAGE)) + { + keyUsage = (BitString) DERReader.read(extVal).getValue(); + } + else if (extId.equals(ID_BASIC_CONSTRAINTS)) + { + DERReader bc = new DERReader(extVal); + DERValue constraints = bc.read(); + if (!constraints.isConstructed()) + throw new ASN1ParsingException("malformed BasicConstraints"); + if (constraints.getLength() > 0) + { + boolean ca = false; + int constr = -1; + val2 = bc.read(); + if (val2.getValue() instanceof Boolean) + { + ca = ((Boolean) val2.getValue()).booleanValue(); + if (constraints.getLength() > val2.getEncodedLength()) + val2 = bc.read(); + } + if (val2.getValue() instanceof BigInteger) + constr = ((BigInteger) val2.getValue()).intValue(); + basicConstraints = constr; + } + } + len += ext.getEncodedLength(); + } + } + + val = der.read(); + if (!val.isConstructed()) + throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + int sigAlgLen = val.getLength(); + val = der.read(); + sigAlgId = (OID) val.getValue(); + if (sigAlgLen > val.getEncodedLength()) + { + val = der.read(); + if (val.getValue() == null) + sigAlgVal = keyParams; + else + sigAlgVal = (byte[]) val.getEncoded(); + if (val.isConstructed()) + encoded.skip(val.getLength()); + } + signature = ((BitString) der.read().getValue()).toByteArray(); + } +} diff --git a/libjava/java/security/AlgorithmParameterGenerator.java b/libjava/java/security/AlgorithmParameterGenerator.java index b8ad8e27ddc..26a7790d37a 100644 --- a/libjava/java/security/AlgorithmParameterGenerator.java +++ b/libjava/java/security/AlgorithmParameterGenerator.java @@ -39,6 +39,8 @@ package java.security; import java.security.spec.AlgorithmParameterSpec; +import gnu.java.security.Engine; + /** *

The AlgorithmParameterGenerator class is used to generate a * set of parameters to be used with a certain algorithm. Parameter generators @@ -201,7 +203,11 @@ public class AlgorithmParameterGenerator (AlgorithmParameterGeneratorSpi) Engine.getInstance( ALGORITHM_PARAMETER_GENERATOR, algorithm, provider), provider, algorithm); - } + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } catch (ClassCastException cce) { throw new NoSuchAlgorithmException(algorithm); diff --git a/libjava/java/security/AlgorithmParameters.java b/libjava/java/security/AlgorithmParameters.java index a7212772ba5..07d76bb7bab 100644 --- a/libjava/java/security/AlgorithmParameters.java +++ b/libjava/java/security/AlgorithmParameters.java @@ -41,6 +41,8 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.AlgorithmParameterSpec; import java.io.IOException; +import gnu.java.security.Engine; + /** *

This class is used as an opaque representation of cryptographic * parameters.

@@ -204,6 +206,10 @@ public class AlgorithmParameters Engine.getInstance(ALGORITHM_PARAMETERS, algorithm, provider), provider, algorithm); } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } catch (ClassCastException cce) { throw new NoSuchAlgorithmException(algorithm); diff --git a/libjava/java/security/KeyFactory.java b/libjava/java/security/KeyFactory.java index 918bf3d6da9..223d0d84af3 100644 --- a/libjava/java/security/KeyFactory.java +++ b/libjava/java/security/KeyFactory.java @@ -41,6 +41,8 @@ import java.security.spec.KeySpec; import java.security.spec.InvalidKeySpecException; import java.security.NoSuchAlgorithmException; +import gnu.java.security.Engine; + /** *

Key factories are used to convert keys (opaque cryptographic keys of type * {@link Key}) into key specifications (transparent representations of the @@ -192,6 +194,10 @@ public class KeyFactory Engine.getInstance(KEY_FACTORY, algorithm, provider), provider, algorithm); } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } catch (ClassCastException cce) { throw new NoSuchAlgorithmException(algorithm); diff --git a/libjava/java/security/KeyPairGenerator.java b/libjava/java/security/KeyPairGenerator.java index 8bc829608c5..b9b07852aa4 100644 --- a/libjava/java/security/KeyPairGenerator.java +++ b/libjava/java/security/KeyPairGenerator.java @@ -39,6 +39,8 @@ package java.security; import java.security.spec.AlgorithmParameterSpec; +import gnu.java.security.Engine; + /** *

The KeyPairGenerator class is used to generate pairs of * public and private keys. Key pair generators are constructed using the @@ -231,7 +233,16 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi if (provider == null) throw new IllegalArgumentException("Illegal provider"); - Object o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider); + Object o = null; + try + { + o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } + KeyPairGenerator result = null; if (o instanceof KeyPairGeneratorSpi) { diff --git a/libjava/java/security/KeyStore.java b/libjava/java/security/KeyStore.java index cd3c2687cf7..5f0c159d7d2 100644 --- a/libjava/java/security/KeyStore.java +++ b/libjava/java/security/KeyStore.java @@ -43,6 +43,8 @@ import java.security.cert.CertificateException; import java.util.Date; import java.util.Enumeration; +import gnu.java.security.Engine; + /** * Keystore represents an in-memory collection of keys and * certificates. There are two types of entries: @@ -194,6 +196,10 @@ public class KeyStore { throw new KeyStoreException(type); } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new KeyStoreException(type); + } catch (ClassCastException cce) { throw new KeyStoreException(type); diff --git a/libjava/java/security/MessageDigest.java b/libjava/java/security/MessageDigest.java index cbf0e0753a7..47b082a19f4 100644 --- a/libjava/java/security/MessageDigest.java +++ b/libjava/java/security/MessageDigest.java @@ -37,6 +37,8 @@ exception statement from your version. */ package java.security; +import gnu.java.security.Engine; + /** *

This MessageDigest class provides applications the * functionality of a message digest algorithm, such as MD5 or SHA. @@ -197,7 +199,15 @@ public abstract class MessageDigest extends MessageDigestSpi throw new IllegalArgumentException("Illegal provider"); MessageDigest result = null; - Object o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider); + Object o = null; + try + { + o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } if (o instanceof MessageDigestSpi) { diff --git a/libjava/java/security/SecureClassLoader.java b/libjava/java/security/SecureClassLoader.java index 7adba1a9bbc..5f7ac211bf0 100644 --- a/libjava/java/security/SecureClassLoader.java +++ b/libjava/java/security/SecureClassLoader.java @@ -93,7 +93,7 @@ public class SecureClassLoader extends ClassLoader /** Returns a PermissionCollection for the specified CodeSource. - The default implmentation invokes + The default implementation invokes java.security.Policy.getPermissions. This method is called by defineClass that takes a CodeSource diff --git a/libjava/java/security/SecureRandom.java b/libjava/java/security/SecureRandom.java index 5cd3cae679d..022d014cf1c 100644 --- a/libjava/java/security/SecureRandom.java +++ b/libjava/java/security/SecureRandom.java @@ -1,4 +1,4 @@ -/* SecureRandom.java --- Secure Random class implmentation +/* SecureRandom.java --- Secure Random class implementation Copyright (C) 1999, 2001, 2002, 2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -41,6 +41,8 @@ import java.io.Serializable; import java.util.Random; import java.util.Enumeration; +import gnu.java.security.Engine; + /** * An interface to a cryptographically secure pseudo-random number * generator (PRNG). Random (or at least unguessable) numbers are used @@ -162,7 +164,7 @@ public class SecureRandom extends Random * the first provider that implements it. * * @param algorithm The algorithm name. - * @return A new SecureRandom implmenting the given algorithm. + * @return A new SecureRandom implementing the given algorithm. * @throws NoSuchAlgorithmException If no installed provider implements * the given algorithm. */ @@ -191,7 +193,7 @@ public class SecureRandom extends Random * * @param algorithm The algorithm name. * @param provider The provider name. - * @return A new SecureRandom implmenting the chosen algorithm. + * @return A new SecureRandom implementing the chosen algorithm. * @throws NoSuchAlgorithmException If the named provider does not implement * the algorithm, or if the implementation cannot be * instantiated. @@ -234,6 +236,10 @@ public class SecureRandom extends Random Engine.getInstance(SECURE_RANDOM, algorithm, provider), provider); } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } catch (ClassCastException cce) { throw new NoSuchAlgorithmException(algorithm); diff --git a/libjava/java/security/Security.java b/libjava/java/security/Security.java index 2b2ac392b3c..0f1827ea02c 100644 --- a/libjava/java/security/Security.java +++ b/libjava/java/security/Security.java @@ -1,4 +1,4 @@ -/* Security.java --- Java base security class implmentation +/* Security.java --- Java base security class implementation Copyright (C) 1999, 2001, 2002, 2003, Free Software Foundation, Inc. This file is part of GNU Classpath. diff --git a/libjava/java/security/Signature.java b/libjava/java/security/Signature.java index dff2e2d87ba..1e99a7bb3e0 100644 --- a/libjava/java/security/Signature.java +++ b/libjava/java/security/Signature.java @@ -41,6 +41,8 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.security.spec.AlgorithmParameterSpec; +import gnu.java.security.Engine; + /** *

This Signature class is used to provide applications the * functionality of a digital signature algorithm. Digital signatures are used @@ -237,7 +239,15 @@ public abstract class Signature extends SignatureSpi throw new IllegalArgumentException("Illegal provider"); Signature result = null; - Object o = Engine.getInstance(SIGNATURE, algorithm, provider); + Object o = null; + try + { + o = Engine.getInstance(SIGNATURE, algorithm, provider); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } if (o instanceof SignatureSpi) { diff --git a/libjava/java/security/cert/CRLSelector.java b/libjava/java/security/cert/CRLSelector.java new file mode 100644 index 00000000000..7bfce306b9c --- /dev/null +++ b/libjava/java/security/cert/CRLSelector.java @@ -0,0 +1,69 @@ +/* CRLSelector.java -- matches CRLs against criteria. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * A generic interface to classes that match certificate revocation + * lists (CRLs) to some given criteria. Implementations of this + * interface are useful for finding {@link CRL} objects in a {@link + * CertStore}. + * + * @see CertStore + * @see CertSelector + * @see X509CRLSelector + */ +public interface CRLSelector extends Cloneable +{ + + /** + * Returns a clone of this instance. + * + * @return The clone. + */ + Object clone(); + + /** + * Match a given certificate revocation list to this selector's + * criteria, returning true if it matches, false otherwise. + * + * @param crl The certificate revocation list to test. + * @return The boolean result of this test. + */ + boolean match(CRL crl); +} diff --git a/libjava/java/security/cert/CertPathBuilder.java b/libjava/java/security/cert/CertPathBuilder.java new file mode 100644 index 00000000000..af935369074 --- /dev/null +++ b/libjava/java/security/cert/CertPathBuilder.java @@ -0,0 +1,237 @@ +/* CertPathBuilder.java -- bulids CertPath objects from Certificates. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.Security; + +import gnu.java.security.Engine; + +/** + * This class builds certificate paths (also called certificate chains), + * which can be used to establish trust for a particular certificate by + * building a path from a trusted certificate (a trust anchor) to the + * untrusted certificate. + * + * @see CertPath + */ +public class CertPathBuilder +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertPathBuilder. */ + private static final String CERT_PATH_BUILDER = "CertPathBuilder"; + + /** The underlying implementation. */ + private CertPathBuilderSpi cpbSpi; + + /** The provider of this implementation. */ + private Provider provider; + + /** The name of this implementation. */ + private String algorithm; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathBuilder. + * + * @param cpbSpi The underlying implementation. + * @param provider The provider of the implementation. + * @param algorithm This implementation's name. + */ + protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider, + String algorithm) + { + this.cpbSpi = cpbSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Get the default cert path builder type. + * + *

This value can be set at run-time by the security property + * "certpathbuilder.type". If this property is not set, + * then the value returned is "PKIX". + * + * @return The default CertPathBuilder algorithm. + */ + public static final String getDefaultType() + { + String type = Security.getProperty("certpathbuilder.type"); + if (type == null) + type = "PKIX"; + return type; + } + + /** + * Get an instance of a named CertPathBuilder, from the first provider + * that implements it. + * + * @param algorithm The name of the CertPathBuilder to create. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider + * implements the named algorithm. + */ + public static CertPathBuilder getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + + for (int i = 0; i < p.length; i++) + { + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException ignored) + { + } + } + + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Get an instance of a named CertPathBuilder from the named + * provider. + * + * @param algorithm The name of the CertPathBuilder to create. + * @param provider The name of the provider from which to get the + * implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider + * implements the named algorithm. + * @throws NoSuchProviderException If the named provider does not + * exist. + */ + public static CertPathBuilder getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Get an instance of a named CertPathBuilder from the specified + * provider. + * + * @param algorithm The name of the CertPathBuilder to create. + * @param provider The provider from which to get the implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider + * implements the named algorithm. + * @throws IllegalArgumentException If provider in + * null. + */ + public static CertPathBuilder getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + if (provider == null) + throw new IllegalArgumentException("null provider"); + try + { + return new CertPathBuilder((CertPathBuilderSpi) + Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider), + provider, algorithm); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } + catch (ClassCastException cce) + { + throw new NoSuchAlgorithmException(algorithm); + } + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the name of this CertPathBuilder algorithm. + * + * @return The algorithm name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Return the provider of this instance's implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Builds a certificate path. The {@link CertPathParameters} parameter + * passed to this method is implementation-specific, but in general + * should contain some number of certificates and some number of + * trusted certificates (or "trust anchors"). + * + * @param params The parameters. + * @retrun The certificate path result. + * @throws CertPathBuilderException If the certificate path cannot be + * built. + * @throws InvalidAlgorithmParameterException If the implementation + * rejects the specified parameters. + */ + public final CertPathBuilderResult build(CertPathParameters params) + throws CertPathBuilderException, InvalidAlgorithmParameterException + { + return cpbSpi.engineBuild(params); + } +} diff --git a/libjava/java/security/cert/CertPathBuilderResult.java b/libjava/java/security/cert/CertPathBuilderResult.java new file mode 100644 index 00000000000..e5b2c6dbc0e --- /dev/null +++ b/libjava/java/security/cert/CertPathBuilderResult.java @@ -0,0 +1,63 @@ +/* CertPathBuilderResult -- results from building cert paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * A standard interface for the result of building a certificate path. + * All implementations of this class must provide a way to get the + * certificate path, but may also define additional methods for + * returning other result data generated by the certificate path + * builder. + */ +public interface CertPathBuilderResult extends Cloneable { + + /** + * Creates a copy of this builder result. + * + * @return The copy. + */ + Object clone(); + + /** + * Get the certificate path that was built. + * + * @retrn The certificate path. + */ + CertPath getCertPath(); +} diff --git a/libjava/java/security/cert/CertPathBuilderSpi.java b/libjava/java/security/cert/CertPathBuilderSpi.java new file mode 100644 index 00000000000..9220f5a4e3f --- /dev/null +++ b/libjava/java/security/cert/CertPathBuilderSpi.java @@ -0,0 +1,74 @@ +/* CertPathBuilderSpi -- CertPathBuilder service provider interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +/** + * The {@link CertPathBuilder} Service Provider Interface + * (SPI). + * + * @see CertPathBuilder + */ +public abstract class CertPathBuilderSpi { + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathBuilderSpi. + */ + public CertPathBuilderSpi() { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Creates a certificate path from the specified parameters. + * + * @param params The parameters to use. + * @return The certificate path result. + * @throws CertPathBuilderException If the certificate path cannot be + * built. + * @throws java.security.InvalidAlgorithmParameterException If the + * implementation rejects the specified parameters. + */ + public abstract CertPathBuilderResult engineBuild(CertPathParameters params) + throws CertPathBuilderException, + java.security.InvalidAlgorithmParameterException; +} diff --git a/libjava/java/security/cert/CertPathParameters.java b/libjava/java/security/cert/CertPathParameters.java new file mode 100644 index 00000000000..5cc678bdc05 --- /dev/null +++ b/libjava/java/security/cert/CertPathParameters.java @@ -0,0 +1,58 @@ +/* CertPathParameters.java -- parameters for CertPathBuilder. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +/** + * Parameters for generating and validating certificate paths. This + * class does not define any methods (except a required cloneable + * interface) and is provided only to provide type safety for + * implementations. Concrete implementations implement this interface + * in accord with thier own needs. + * + * @see CertPathBuilder + * @see CertPathValidator + */ +public interface CertPathParameters extends Cloneable { + + /** + * Makes a copy of this CertPathParameters instance. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/java/security/cert/CertPathValidator.java b/libjava/java/security/cert/CertPathValidator.java new file mode 100644 index 00000000000..4c1262d379b --- /dev/null +++ b/libjava/java/security/cert/CertPathValidator.java @@ -0,0 +1,248 @@ +/* CertPathValidator -- validates certificate paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +import gnu.java.security.Engine; + +/** + * Generic interface to classes that validate certificate paths. + * + *

Using this class is similar to all the provider-based security + * classes; the method of interest, {@link + * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}, + * which takes provider-specific implementations of {@link + * CertPathParameters}, and return provider-specific implementations of + * {@link CertPathValidatorResult}. + * + * @since JDK 1.4 + * @see CertPath + */ +public class CertPathValidator { + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertPathValidator. */ + private static final String CERT_PATH_VALIDATOR = "CertPathValidator"; + + /** The underlying implementation. */ + private final CertPathValidatorSpi validatorSpi; + + /** The provider of this implementation. */ + private final Provider provider; + + /** The algorithm's name. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathValidator. + * + * @param validatorSpi The underlying implementation. + * @param provider The provider of the implementation. + * @param algorithm The algorithm name. + */ + protected CertPathValidator(CertPathValidatorSpi validatorSpi, + Provider provider, String algorithm) + { + this.validatorSpi = validatorSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Returns the default validator type. + * + *

This value may be set at run-time via the security property + * "certpathvalidator.type", or the value "PKIX" if this property is + * not set. + * + * @return The default validator type. + */ + public static synchronized String getDefaultType() { + String type = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("certpathvalidator.type"); + } + } + ); + if (type == null) + type = "PKIX"; + return type; + } + + /** + * Get an instance of the given validator from the first provider that + * implements it. + * + * @param algorithm The name of the algorithm to get. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider + * implements the requested algorithm. + */ + public static CertPathValidator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + for (int i = 0; i < p.length; i++) + { + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException ignored) + { + } + } + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Get an instance of the given validator from the named provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The name of the provider from which to get the + * implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If the named provider does not + * implement the algorithm. + * @throws NoSuchProviderException If no provider named + * provider is installed. + */ + public static CertPathValidator getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + + return getInstance(algorithm, p); + } + + /** + * Get an instance of the given validator from the given provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The provider from which to get the implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If the provider does not implement + * the algorithm. + * @throws IllegalArgumentException If provider is null. + */ + public static CertPathValidator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + if (provider == null) + throw new IllegalArgumentException("null provider"); + + try + { + return new CertPathValidator((CertPathValidatorSpi) + Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider), + provider, algorithm); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } + catch (ClassCastException cce) + { + throw new NoSuchAlgorithmException(algorithm); + } + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the name of this validator. + * + * @return This validator's name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Return the provider of this implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Attempt to validate a certificate path. + * + * @param certPath The path to validate. + * @param params The algorithm-specific parameters. + * @return The result of this validation attempt. + * @throws CertPathValidatorException If the certificate path cannot + * be validated. + * @throws InvalidAlgorithmParameterException If this implementation + * rejects the specified parameters. + */ + public final CertPathValidatorResult validate(CertPath certPath, + CertPathParameters params) + throws CertPathValidatorException, InvalidAlgorithmParameterException + { + return validatorSpi.engineValidate(certPath, params); + } +} diff --git a/libjava/java/security/cert/CertPathValidatorResult.java b/libjava/java/security/cert/CertPathValidatorResult.java new file mode 100644 index 00000000000..0732efc8b26 --- /dev/null +++ b/libjava/java/security/cert/CertPathValidatorResult.java @@ -0,0 +1,63 @@ +/* CertPathValidatorResult -- result of validating certificate paths + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Interface to the result of calling {@link + * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}. + * + *

This interface defines no methods other than the required + * {@link java.lang.Cloneable} interface, and is intended to group and + * provide type safety for validator results. Providers that implement + * a certificate path validator must also provide an implementation of + * this interface, possibly defining additional methods. + * + * @since JDK 1.4 + * @see CertPathValidator + */ +public interface CertPathValidatorResult extends Cloneable +{ + + /** + * Returns a copy of this validator result. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/java/security/cert/CertPathValidatorSpi.java b/libjava/java/security/cert/CertPathValidatorSpi.java new file mode 100644 index 00000000000..cdbde55508a --- /dev/null +++ b/libjava/java/security/cert/CertPathValidatorSpi.java @@ -0,0 +1,79 @@ +/* CertPathValidatorSpi -- cert path validator service provider interface + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * The service provider interface (SPI) for the {@link + * CertPathValidator} class. Providers implementing certificate path + * validators must subclass this class and implement its abstract + * methods. + */ +public abstract class CertPathValidatorSpi +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Default constructor. + */ + public CertPathValidatorSpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Attempt to validate a certificate path. + * + * @param certPath The path to validate. + * @param params The algorithm-specific parameters. + * @return The result of this validation attempt. + * @throws CertPathValidatorException If the certificate path cannot + * be validated. + * @throws InvalidAlgorithmParameterException If this implementation + * rejects the specified parameters. + */ + public abstract CertPathValidatorResult + engineValidate(CertPath certPath, CertPathParameters params) + throws CertPathValidatorException, + java.security.InvalidAlgorithmParameterException; +} diff --git a/libjava/java/security/cert/CertSelector.java b/libjava/java/security/cert/CertSelector.java new file mode 100644 index 00000000000..5001c62da26 --- /dev/null +++ b/libjava/java/security/cert/CertSelector.java @@ -0,0 +1,58 @@ +/* CertSelector.java -- certificate selector interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +public interface CertSelector extends Cloneable +{ + + /** + * Returns a copy of this CertSelector. + * + * @return The copy. + */ + Object clone(); + + /** + * Match a certificate according to this selector's criteria. + * + * @param cert The certificate to match. + * @return true if the certificate matches thin criteria. + */ + boolean match(Certificate cert); +} diff --git a/libjava/java/security/cert/CertStore.java b/libjava/java/security/cert/CertStore.java new file mode 100644 index 00000000000..44143c5ad6c --- /dev/null +++ b/libjava/java/security/cert/CertStore.java @@ -0,0 +1,295 @@ +/* CertStore -- stores and retrieves certificates. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +import java.util.Collection; + +import gnu.java.security.Engine; + +/** + * A CertStore is a read-only repository for certificates and + * certificate revocation lists. + * + * @since JDK 1.4 + */ +public class CertStore +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertStore. */ + private static final String CERT_STORE = "CertStore"; + + /** The underlying implementation. */ + private CertStoreSpi storeSpi; + + /** This implementation's provider. */ + private Provider provider; + + /** The name of this key store type. */ + private String type; + + /** The parameters used to initialize this instance, if any. */ + private CertStoreParameters params; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new CertStore. + * + * @param storeSpi The underlying implementation. + * @param provider The provider of this implementation. + * @param type The type of CertStore this class represents. + * @param params The parameters used to initialize this instance, if any. + */ + protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, + CertStoreParameters params) + { + this.storeSpi = storeSpi; + this.provider = provider; + this.type = type; + this.params = params; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Returns the default certificate store type. + * + *

This value can be set at run-time via the security property + * "certstore.type"; if not specified than the default type will be + * "LDAP". + * + * @return The default CertStore type. + */ + public static final synchronized String getDefaultType() + { + String type = null; + type = (String) java.security.AccessController.doPrivileged( + new PrivilegedAction() { + public Object run() { + return Security.getProperty("certstore.type"); + } + } + ); + if (type == null) + type = "LDAP"; + return type; + } + + /** + * Get an instance of the given certificate store from the first + * installed provider. + * + * @param type The type of CertStore to create. + * @param params The parameters to initialize this cert store with. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects + * the specified parameters. + * @throws NoSuchAlgorithmException If no installed provider + * implements the specified CertStore. + * @throws IllegalArgumentException If provider is null. + */ + public static CertStore getInstance(String type, CertStoreParameters params) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + for (int i = 0; i < p.length; i++) + { + try + { + return getInstance(type, params, p[i]); + } + catch (NoSuchAlgorithmException ignored) + { + } + } + + throw new NoSuchAlgorithmException(type); + } + + /** + * Get an instance of the given certificate store from the named + * provider. + * + * @param type The type of CertStore to create. + * @param params The parameters to initialize this cert store with. + * @param provider The name of the provider from which to get the + * implementation. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects + * the specified parameters. + * @throws NoSuchAlgorithmException If the specified provider does not + * implement the specified CertStore. + * @throws NoSuchProviderException If no provider named + * provider is installed. + * @throws IllegalArgumentException If provider is null. + */ + public static CertStore getInstance(String type, CertStoreParameters params, + String provider) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, + NoSuchProviderException + { + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, params, p); + } + + /** + * Get an instance of the given certificate store from the given + * provider. + * + * @param type The type of CertStore to create. + * @param params The parameters to initialize this cert store with. + * @param provider The provider from which to get the implementation. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects + * the specified parameters. + * @throws NoSuchAlgorithmException If the specified provider does not + * implement the specified CertStore. + * @throws IllegalArgumentException If provider is null. + */ + public static CertStore getInstance(String type, CertStoreParameters params, + Provider provider) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException + { + if (provider == null) + throw new IllegalArgumentException("null provider"); + + try + { + return new CertStore((CertStoreSpi) Engine.getInstance(CERT_STORE, + type, provider, new Object[] { params }), provider, type, params); + } + catch (ClassCastException cce) + { + throw new NoSuchAlgorithmException(type); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + Throwable cause = ite.getCause(); + if (cause != null && + (cause instanceof InvalidAlgorithmParameterException)) + throw (InvalidAlgorithmParameterException) cause; + else + throw new NoSuchAlgorithmException(type); + } + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the type of certificate store this instance represents. + * + * @return The CertStore type. + */ + public final String getType() + { + return type; + } + + /** + * Return the provider of this implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Get the parameters this instance was created with, if any. The + * parameters will be cloned before they are returned. + * + * @return The parameters, or null. + */ + public final CertStoreParameters getCertStoreParameters() + { + return params != null ? (CertStoreParameters) params.clone() : null; + } + + /** + * Get a collection of certificates from this CertStore, optionally + * filtered by the specified CertSelector. The Collection returned may + * be empty, but will never be null. + * + *

Implementations may not allow a null argument, even if no + * filtering is desired. + * + * @param selector The certificate selector. + * @return The collection of certificates. + * @throws CertStoreException If the certificates cannot be retrieved. + */ + public final Collection getCertificates(CertSelector selector) + throws CertStoreException + { + return storeSpi.engineGetCertificates(selector); + } + + /** + * Get a collection of certificate revocation lists from this CertStore, + * optionally filtered by the specified CRLSelector. The Collection + * returned may be empty, but will never be null. + * + *

Implementations may not allow a null argument, even if no + * filtering is desired. + * + * @param selector The certificate selector. + * @return The collection of certificate revocation lists. + * @throws CertStoreException If the CRLs cannot be retrieved. + */ + public final Collection getCRLs(CRLSelector selector) + throws CertStoreException + { + return storeSpi.engineGetCRLs(selector); + } +} diff --git a/libjava/java/security/cert/CertStoreParameters.java b/libjava/java/security/cert/CertStoreParameters.java new file mode 100644 index 00000000000..1f4b40d2b36 --- /dev/null +++ b/libjava/java/security/cert/CertStoreParameters.java @@ -0,0 +1,60 @@ +/* CertStoreParameters -- interface to CertStore parameters. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Parameters used when creating instances of {@link CertStore}. This + * class does not define any methods (except a required cloneable + * interface) and is provided only to provide type safety for + * implementations. Concrete implementations implement this interface + * in accord with thier own needs. + * + * @see LDAPCertStoreParameters + * @see CollectionCertStoreParameters + */ +public interface CertStoreParameters extends Cloneable +{ + + /** + * Create a copy of these parameters. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/java/security/cert/CertStoreSpi.java b/libjava/java/security/cert/CertStoreSpi.java new file mode 100644 index 00000000000..352062329a4 --- /dev/null +++ b/libjava/java/security/cert/CertStoreSpi.java @@ -0,0 +1,102 @@ +/* CertStoreSpi -- certificate store service provider interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.Collection; + +/** + * The service provider interface (SPI) for the {@link + * CertStore} class. + * + *

Providers wishing to implement a CertStore must subclass this + * class, implementing all the abstract methods. Providers may also + * implement the {@link CertStoreParameters} interface, if they require + * parameters. + * + * @since JDK 1.4 + * @see CertStore + * @see CollectionCertStoreParameters + * @see LDAPCertStoreParameters + */ +public abstract class CertStoreSpi +{ + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertStoreSpi. + * + * @param params The parameters to initialize this instance with, or + * null if no parameters are required. + * @throws InvalidAlgorithmParameterException If the specified + * parameters are inappropriate for this class. + */ + public CertStoreSpi(CertStoreParameters params) + throws java.security.InvalidAlgorithmParameterException + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Get the certificates from this store, filtering them through the + * specified CertSelector. + * + * @param selector The CertSelector to filter certificates. + * @return A (non-null) collection of certificates. + * @throws CertStoreException If the certificates cannot be retrieved. + */ + public abstract Collection engineGetCertificates(CertSelector selector) + throws CertStoreException; + + /** + * Get the certificate revocation list from this store, filtering them + * through the specified CRLSelector. + * + * @param selector The CRLSelector to filter certificate revocation + * lists. + * @return A (non-null) collection of certificate revocation list. + * @throws CertStoreException If the CRLs cannot be retrieved. + */ + public abstract Collection engineGetCRLs(CRLSelector selector) + throws CertStoreException; +} diff --git a/libjava/java/security/cert/Certificate.java b/libjava/java/security/cert/Certificate.java index 25e8aadf191..bcb206d0c7a 100644 --- a/libjava/java/security/cert/Certificate.java +++ b/libjava/java/security/cert/Certificate.java @@ -1,5 +1,5 @@ /* Certificate.java --- Certificate class - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -37,6 +37,7 @@ exception statement from your version. */ package java.security.cert; + import java.security.PublicKey; import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; @@ -44,34 +45,38 @@ import java.security.NoSuchProviderException; import java.security.SignatureException; import java.io.ObjectInputStream; import java.io.ByteArrayInputStream; +import java.io.InvalidObjectException; import java.io.ObjectStreamException; /** - The Certificate class is an abstract class used to manage - identity certificates. An identity certificate is a - combination of a principal and a public key which is - certified by another principal. This is the puprose of - Certificate Authorities (CA). - - This class is used to manage different types of certificates - but have important common puposes. Different types of - certificates like X.509 and OpenPGP share general certificate - functions (like encoding and verifying) and information like - public keys. - - X.509, OpenPGP, and SDSI can be implemented by subclassing this - class even though they differ in storage methods and information - stored. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ + * The Certificate class is an abstract class used to manage + * identity certificates. An identity certificate is a + * combination of a principal and a public key which is + * certified by another principal. This is the puprose of + * Certificate Authorities (CA). + * + *

This class is used to manage different types of certificates + * but have important common puposes. Different types of + * certificates like X.509 and OpenPGP share general certificate + * functions (like encoding and verifying) and information like + * public keys. + * + *

X.509, OpenPGP, and SDSI can be implemented by subclassing this + * class even though they differ in storage methods and information + * stored. + * + * @see CertificateFactory + * @see X509Certificate + * @since JDK 1.2 + * @author Mark Benvenuto + * @author Casey Marshall + */ public abstract class Certificate { static final long serialVersionUID = -6751606818319535583L; private String type; + /** Constructs a new certificate of the specified type. An example is "X.509". @@ -203,47 +208,99 @@ public abstract class Certificate */ public abstract PublicKey getPublicKey(); + // Protected methods. + // ------------------------------------------------------------------------ + + /** + * Returns a replacement for this certificate to be serialized. This + * method returns the equivalent to the following for this class: + * + *

+ *
new CertificateRep(getType(), getEncoded());
+ *
+ * + *

This thusly replaces the certificate with its name and its + * encoded form, which can be deserialized later with the {@link + * CertificateFactory} implementation for this certificate's type. + * + * @return The replacement object to be serialized. + * @throws ObjectStreamException If the replacement could not be + * created. + */ + public Object writeReplace() throws ObjectStreamException + { + try + { + return new CertificateRep(getType(), getEncoded()); + } + catch (CertificateEncodingException cee) + { + throw new InvalidObjectException(cee.toString()); + } + } + + // Inner class. + // ------------------------------------------------------------------------ - /* INNER CLASS */ /** Certificate.CertificateRep is an inner class used to provide an alternate storage mechanism for serialized Certificates. */ protected static class CertificateRep implements java.io.Serializable { + + /** From JDK1.4. */ + private static final long serialVersionUID = -8563758940495660020L; + + /** The certificate type, e.g. "X.509". */ private String type; + + /** The encoded certificate data. */ private byte[] data; /** - Create an alternate Certificate class to store a serialized Certificate - - @param type the name of certificate type - @param data the certificate data - */ - protected CertificateRep(String type, - byte[] data) + * Create an alternative representation of this certificate. The + * (type, data) pair is typically the certificate's + * type as returned by {@link Certificate#getType()} (i.e. the + * canonical name of the certificate type) and the encoded form as + * returned by {@link Certificate#getEncoded()}. + * + *

For example, X.509 certificates would create an instance of + * this class with the parameters "X.509" and the ASN.1 + * representation of the certificate, encoded as DER bytes. + * + * @param type The certificate type. + * @param data The encoded certificate data. + */ + protected CertificateRep(String type, byte[] data) { this.type = type; this.data = data; } /** - Return the stored Certificate - - @return the stored certificate - - @throws ObjectStreamException if certificate cannot be resolved - */ - protected Object readResolve() - throws ObjectStreamException + * Deserialize this certificate replacement into the appropriate + * certificate object. That is, this method attempts to create a + * {@link CertificateFactory} for this certificate's type, then + * attempts to parse the encoded data with that factory, returning + * the resulting certificate. + * + * @return The deserialized certificate. + * @throws ObjectStreamException If there is no appropriate + * certificate factory for the given type, or if the encoded form + * cannot be parsed. + */ + protected Object readResolve() throws ObjectStreamException { - try { - return new ObjectInputStream( new ByteArrayInputStream( data ) ).readObject(); - } catch ( Exception e ) { - e.printStackTrace(); - throw new RuntimeException ( e.toString() ); - } + try + { + CertificateFactory fact = CertificateFactory.getInstance(type); + return fact.generateCertificate(new ByteArrayInputStream(data)); + } + catch (Exception e) + { + throw new InvalidObjectException(e.toString()); + } } } - } diff --git a/libjava/java/security/cert/CertificateFactory.java b/libjava/java/security/cert/CertificateFactory.java index 4318862ec9c..e6069549158 100644 --- a/libjava/java/security/cert/CertificateFactory.java +++ b/libjava/java/security/cert/CertificateFactory.java @@ -1,5 +1,5 @@ /* CertificateFactory.java -- Certificate Factory Class - Copyright (C) 1999, 2002 Free Software Foundation, Inc. + Copyright (C) 1999, 2002, 2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -37,239 +37,323 @@ exception statement from your version. */ package java.security.cert; + +import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Provider; import java.security.Security; + import java.io.InputStream; + import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import gnu.java.security.Engine; /** - This class implments the CertificateFactory class interface - used to generate certificates and certificate revocation - list (CRL) objects from their encodings. - - A certifcate factory for X.509 returns certificates of the - java.security.cert.X509Certificate class, and CRLs of the - java.security.cert.X509CRL class. - - @author Mark Benvenuto - @since JDK 1.2 - @status still missing full 1.4 support -*/ + * This class implements the CertificateFactory class interface used to + * generate certificates, certificate revocation lists (CRLs), and certificate + * paths objects from their encoded forms. + * + * @author Mark Benvenuto + * @author Casey Marshall + * @since JDK 1.2 + * @status Fully compatible with JDK 1.4. + */ public class CertificateFactory { + /** The service name for certificate factories. */ + private static final String CERTIFICATE_FACTORY = "CertificateFactory"; + private CertificateFactorySpi certFacSpi; private Provider provider; private String type; /** - Creates an instance of CertificateFactory - - @param certFacSpi A CertificateFactory engine to use - @param provider A provider to use - @param type The type of Certificate - */ - protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type) + * Creates an instance of CertificateFactory. + * + * @param certFacSpi The underlying CertificateFactory engine. + * @param provider The provider of this implementation. + * @param type The type of Certificate this factory creates. + */ + protected CertificateFactory(CertificateFactorySpi certFacSpi, + Provider provider, String type) { this.certFacSpi = certFacSpi; this.provider = provider; this.type = type; } + // Class methods. + // ------------------------------------------------------------------------ /** - Gets an instance of the CertificateFactory class representing - the specified certificate factory. If the type is not - found then, it throws CertificateException. - - @param type the type of certificate to choose - - @return a CertificateFactory repesenting the desired type - - @throws CertificateException if the type of certificate is not implemented by providers - */ - public static final CertificateFactory getInstance(String type) throws CertificateException + * Gets an instance of the CertificateFactory class representing + * the specified certificate factory. If the type is not + * found then, it throws CertificateException. + * + * @param type The type of certificate factory to create. + * @return a CertificateFactory repesenting the desired type + * @throws CertificateException If the type of certificate is not + * implemented by any installed provider. + */ + public static final CertificateFactory getInstance(String type) + throws CertificateException { - Provider[] p = Security.getProviders (); + Provider[] p = Security.getProviders(); for (int i = 0; i < p.length; i++) { - String classname = p[i].getProperty ("CertificateFactory." + type); - if (classname != null) - return getInstance (classname, type, p[i]); + try + { + return getInstance(type, p[i]); + } + catch (CertificateException ignored) + { + } } throw new CertificateException(type); } - - /** - Gets an instance of the CertificateFactory class representing - the specified certificate factory from the specified provider. - If the type is not found then, it throws CertificateException. - If the provider is not found, then it throws - NoSuchProviderException. - - @param type the type of certificate to choose - - @return a CertificateFactory repesenting the desired type - - @throws CertificateException if the type of certificate is not implemented by providers - @throws NoSuchProviderException if the provider is not found - */ - public static final CertificateFactory getInstance(String type, String provider) + * Gets an instance of the CertificateFactory class representing + * the specified certificate factory from the specified provider. + * If the type is not found then, it throws {@link CertificateException}. + * If the provider is not found, then it throws + * {@link java.security.NoSuchProviderException}. + * + * @param type The type of certificate factory to create. + * @param provider The name of the provider from which to get the + * implementation. + * @return A CertificateFactory for the desired type. + * @throws CertificateException If the type of certificate is not + * implemented by the named provider. + * @throws NoSuchProviderException If the named provider is not installed. + */ + public static final CertificateFactory getInstance(String type, + String provider) throws CertificateException, NoSuchProviderException { Provider p = Security.getProvider(provider); if( p == null) throw new NoSuchProviderException(); - return getInstance (p.getProperty ("CertificateFactory." + type), - type, p); + return getInstance(type, p); } - private static CertificateFactory getInstance (String classname, - String type, - Provider provider) - throws CertificateException - { - try { - return new CertificateFactory( (CertificateFactorySpi)Class.forName( classname ).newInstance(), provider, type ); - } catch( ClassNotFoundException cnfe) { - throw new CertificateException("Class not found"); - } catch( InstantiationException ie) { - throw new CertificateException("Class instantiation failed"); - } catch( IllegalAccessException iae) { - throw new CertificateException("Illegal Access"); - } - } - - /** - Gets the provider that the class is from. + * Get a certificate factory for the given certificate type from the + * given provider. + * + * @param type The type of certificate factory to create. + * @param provider The provider from which to get the implementation. + * @return A CertificateFactory for the desired type. + * @throws CertificateException If the type of certificate is not + * implemented by the provider. + * @throws IllegalArgumentException If the provider is null. + */ + public static final CertificateFactory getInstance(String type, + Provider provider) + throws CertificateException + { + if (provider == null) + throw new IllegalArgumentException("null provider"); - @return the provider of this class - */ + try + { + return new CertificateFactory((CertificateFactorySpi) + Engine.getInstance(CERTIFICATE_FACTORY, type, provider), + provider, type); + } + catch (ClassCastException cce) + { + throw new CertificateException(type); + } + catch (java.lang.reflect.InvocationTargetException ite) + { + throw new CertificateException(type); + } + catch (NoSuchAlgorithmException nsae) + { + throw new CertificateException(nsae.getMessage()); + } + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Gets the provider of this implementation. + * + * @return The provider of this implementation. + */ public final Provider getProvider() { return provider; } /** - Returns the type of the certificate supported - - @return A string with the type of certificate - */ + * Returns the type of the certificate this factory creates. + * + * @return A string with the type of certificate + */ public final String getType() { return type; } /** - Generates a Certificate based on the encoded data read - from the InputStream. - - The input stream must contain only one certificate. - - If there exists a specialized certificate class for the - certificate format handled by the certificate factory - then the return Ceritificate should be a typecast of it. - Ex: A X.509 CertificateFactory should return X509Certificate. - - For X.509 certificates, the certificate in inStream must be - DER encoded and supplied in binary or printable (Base64) - encoding. If the certificate is in Base64 encoding, it must be - bounded by -----BEGINCERTIFICATE-----, and - -----END CERTIFICATE-----. - - @param inStream an input stream containing the certificate data - - @return a certificate initialized with InputStream data. - - @throws CertificateException Certificate parsing error - */ + * Generates a Certificate from the encoded data read + * from an InputStream. + * + *

The input stream must contain only one certificate. + * + *

If there exists a specialized certificate class for the + * certificate format handled by the certificate factory + * then the return Ceritificate should be a typecast of it. + * Ex: A X.509 CertificateFactory should return X509Certificate. + * + *

For X.509 certificates, the certificate in inStream must be + * DER encoded and supplied in binary or printable (Base64) + * encoding. If the certificate is in Base64 encoding, it must be + * bounded by -----BEGINCERTIFICATE-----, and + * -----END CERTIFICATE-----. + * + * @param inStream An input stream containing the certificate data. + * @return A certificate initialized from the decoded InputStream data. + * @throws CertificateException If an error occurs decoding the + * certificate. + */ public final Certificate generateCertificate(InputStream inStream) throws CertificateException { - return certFacSpi.engineGenerateCertificate( inStream ); + return certFacSpi.engineGenerateCertificate(inStream); } /** - Returns a collection of certificates that were read from the - input stream. It may be empty, have only one, or have - multiple certificates. - - For a X.509 certificate factory, the stream may contain a - single DER encoded certificate or a PKCS#7 certificate - chain. This is a PKCS#7 SignedData object with the - most significant field being certificates. If no - CRLs are present, then an empty collection is returned. - - @param inStream an input stream containing the certificates - - @return a collection of certificates initialized with - the InputStream data. - - @throws CertificateException Certificate parsing error - */ + * Returns a collection of certificates that were read from the + * input stream. It may be empty, have only one, or have + * multiple certificates. + * + * For a X.509 certificate factory, the stream may contain a + * single DER encoded certificate or a PKCS#7 certificate + * chain. This is a PKCS#7 SignedData object with the + * most significant field being certificates. If no + * CRLs are present, then an empty collection is returned. + * + * @param inStream An input stream containing the certificate data. + * @return A collection of certificates initialized from the decoded + * InputStream data. + * @throws CertificateException If an error occurs decoding the + * certificates. + */ public final Collection generateCertificates(InputStream inStream) throws CertificateException { - return certFacSpi.engineGenerateCertificates( inStream ); + return certFacSpi.engineGenerateCertificates(inStream); } /** - Generates a CRL based on the encoded data read - from the InputStream. - - The input stream must contain only one CRL. - - If there exists a specialized CRL class for the - CRL format handled by the certificate factory - then the return CRL should be a typecast of it. - Ex: A X.509 CertificateFactory should return X509CRL. - - @param inStream an input stream containing the CRL data - - @return a CRL initialized with InputStream data. - - @throws CRLException CRL parsing error - */ + * Generates a CRL based on the encoded data read + * from the InputStream. + * + *

The input stream must contain only one CRL. + * + *

If there exists a specialized CRL class for the + * CRL format handled by the certificate factory + * then the return CRL should be a typecast of it. + * Ex: A X.509 CertificateFactory should return X509CRL. + * + * @param inStream An input stream containing the CRL data. + * @return A CRL initialized from the decoded InputStream data. + * @throws CRLException If an error occurs decoding the CRL. + */ public final CRL generateCRL(InputStream inStream) throws CRLException { - return certFacSpi.engineGenerateCRL( inStream ); + return certFacSpi.engineGenerateCRL(inStream); } - /** - Generates CRLs based on the encoded data read - from the InputStream. - - For a X.509 certificate factory, the stream may contain a - single DER encoded CRL or a PKCS#7 CRL set. This is a - PKCS#7 SignedData object with the most significant - field being crls. If no CRLs are present, then an - empty collection is returned. - - @param inStream an input stream containing the CRLs - - @return a collection of CRLs initialized with - the InputStream data. - - @throws CRLException CRL parsing error - */ + *

Generates CRLs based on the encoded data read + * from the InputStream. + * + *

For a X.509 certificate factory, the stream may contain a + * single DER encoded CRL or a PKCS#7 CRL set. This is a + * PKCS#7 SignedData object with the most significant + * field being crls. If no CRLs are present, then an + * empty collection is returned. + * + * @param inStream an input stream containing the CRLs. + * @return a collection of CRLs initialized from the decoded + * InputStream data. + * @throws CRLException If an error occurs decoding the CRLs. + */ public final Collection generateCRLs(InputStream inStream) throws CRLException { return certFacSpi.engineGenerateCRLs( inStream ); } + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream. The default encoding of this factory is used. + * + * @param inStream The InputStream containing the CertPath data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ public final CertPath generateCertPath(InputStream inStream) throws CertificateException { - throw new CertificateException("not implemented"); + return certFacSpi.engineGenerateCertPath(inStream); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream, using the specified encoding. + * + * @param inStream The InputStream containing the CertPath data. + * @param encoding The encoding of the InputStream data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public final CertPath generateCertPath(InputStream inStream, String encoding) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(inStream, encoding); + } + + /** + * Generate a {@link CertPath} and initialize it with the certificates + * in the {@link java.util.List} argument. + * + * @param certificates The list of certificates with which to create + * the CertPath. + * @return A CertPath initialized from the certificates. + * @throws CertificateException If an error occurs generating the + * CertPath. + */ + public final CertPath generateCertPath(List certificates) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(certificates); + } + + /** + * Returns an Iterator of CertPath encodings supported by this + * factory, with the default encoding first. The returned Iterator + * cannot be modified. + * + * @return The Iterator of supported encodings. + */ + public final Iterator getCertPathEncodings() + { + return certFacSpi.engineGetCertPathEncodings(); } } // class CertificateFactory diff --git a/libjava/java/security/cert/CertificateFactorySpi.java b/libjava/java/security/cert/CertificateFactorySpi.java index 81293909e98..b01eac4abfa 100644 --- a/libjava/java/security/cert/CertificateFactorySpi.java +++ b/libjava/java/security/cert/CertificateFactorySpi.java @@ -1,5 +1,5 @@ /* CertificateFactorySpi.java --- Certificate Factory Class - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -37,13 +37,17 @@ exception statement from your version. */ package java.security.cert; + import java.io.InputStream; + import java.util.Collection; +import java.util.Iterator; +import java.util.List; /** CertificateFactorySpi is the abstract class Service Provider Interface (SPI) for the CertificateFactory class. A provider - must implment all the abstract methods if they wish to + must implement all the abstract methods if they wish to supply a certificate factory for a particular certificate type. Ex: X.509 @@ -53,16 +57,22 @@ import java.util.Collection; @since JDK 1.2 @author Mark Benvenuto -*/ + */ public abstract class CertificateFactorySpi { + // Constructor. + // ------------------------------------------------------------------------ + /** - Constructs a new CertificateFactorySpi - */ + * Constructs a new CertificateFactorySpi + */ public CertificateFactorySpi() {} + // Abstract methods. + // ------------------------------------------------------------------------ + /** Generates a Certificate based on the encoded data read from the InputStream. @@ -77,7 +87,7 @@ public abstract class CertificateFactorySpi For X.509 certificates, the certificate in inStream must be DER encoded and supplied in binary or printable (Base64) encoding. If the certificate is in Base64 encoding, it must be - bounded by -----BEGINCERTIFICATE-----, and + bounded by -----BEGIN CERTIFICATE-----, and -----END CERTIFICATE-----. @param inStream an input stream containing the certificate data @@ -149,5 +159,67 @@ public abstract class CertificateFactorySpi */ public abstract Collection engineGenerateCRLs(InputStream inStream) throws CRLException; + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream. The default encoding of this factory is used. + * + * @param inStream The InputStream containing the CertPath data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public CertPath engineGenerateCertPath(InputStream inStream) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream, using the specified encoding. + * + * @param inStream The InputStream containing the CertPath data. + * @param encoding The encoding of the InputStream data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public CertPath engineGenerateCertPath(InputStream inStream, String encoding) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Generate a {@link CertPath} and initialize it with the certificates + * in the {@link java.util.List} argument. + * + * @param certificates The list of certificates with which to create + * the CertPath. + * @return A CertPath initialized from the certificates. + * @throws CertificateException If an error occurs generating the + * CertPath. + */ + public CertPath engineGenerateCertPath(List certificates) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Returns an Iterator of CertPath encodings supported by this + * factory, with the default encoding first. The returned Iterator + * cannot be modified. + * + * @return The Iterator of supported encodings. + */ + public Iterator engineGetCertPathEncodings() + { + throw new UnsupportedOperationException("not implemented"); + } } diff --git a/libjava/java/security/cert/CollectionCertStoreParameters.java b/libjava/java/security/cert/CollectionCertStoreParameters.java new file mode 100644 index 00000000000..e46cee237eb --- /dev/null +++ b/libjava/java/security/cert/CollectionCertStoreParameters.java @@ -0,0 +1,121 @@ +/* CollectionCertStoreParameters -- collection-based cert store parameters + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; + +/** + * An implementation of {@link CertStoreParameters} with a simple, + * in-memory {@link Collection} of certificates and certificate + * revocation list. + * + *

Note that this class is not thread-safe, and its underlying + * collection may be changed at any time. + * + * @see CertStore + */ +public class CollectionCertStoreParameters implements CertStoreParameters +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The underlying collection. */ + private final Collection collection; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CollectionCertStoreParameters with an empty, + * immutable collection. + */ + public CollectionCertStoreParameters() + { + this(Collections.EMPTY_LIST); + } + + /** + * Create a new CollectionCertStoreParameters with the specified + * collection. The argument is not copied, and subsequent changes to + * the collection will change this class's collection. + * + * @param collection The collection. + * @throws NullPointerException If collection is null. + */ + public CollectionCertStoreParameters(Collection collection) + { + if (collection == null) + throw new NullPointerException(); + this.collection = collection; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Object clone() + { + return new CollectionCertStoreParameters(new ArrayList(collection)); + } + + /** + * Return the underlying collection. The collection is not copied + * before being returned, so callers may update the collection that is + * returned. + * + * @return The collection. + */ + public Collection getCollection() + { + return collection; + } + + /** + * Return a string representation of these parameters. + * + * @return The string representation of these parameters. + */ + public String toString() + { + return "CollectionCertStoreParameters: [ collection: " + + collection + " ]"; + } +} diff --git a/libjava/java/security/cert/LDAPCertStoreParameters.java b/libjava/java/security/cert/LDAPCertStoreParameters.java new file mode 100644 index 00000000000..061f7d0c4a3 --- /dev/null +++ b/libjava/java/security/cert/LDAPCertStoreParameters.java @@ -0,0 +1,140 @@ +/* LDAPCertStoreParameters.java -- LDAP CertStore parameters. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Parameters for CertStores that are retrieved via the lightweight + * directory access protocol (LDAP). + * + * @see CertStore + */ +public class LDAPCertStoreParameters implements CertStoreParameters +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The default LDAP port. */ + private static final int LDAP_PORT = 389; + + /** The server name. */ + private final String serverName; + + /** The LDAP port. */ + private final int port; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new LDAPCertStoreParameters object, with a servername of + * "localhost" and a port of 389. + */ + public LDAPCertStoreParameters() + { + this("localhost", LDAP_PORT); + } + + /** + * Create a new LDAPCertStoreParameters object, with a specified + * server name and a port of 389. + * + * @param serverName The LDAP server name. + * @throws NullPointerException If serverName is null. + */ + public LDAPCertStoreParameters(String serverName) + { + this(serverName, LDAP_PORT); + } + + /** + * Create a new LDAPCertStoreParameters object, with a specified + * server name and port. + * + * @param serverName The LDAP server name. + * @param port The LDAP port. + * @throws NullPointerException If serverName is null. + */ + public LDAPCertStoreParameters(String serverName, int port) + { + if (serverName == null) + throw new NullPointerException(); + this.serverName = serverName; + this.port = port; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Object clone() + { + return new LDAPCertStoreParameters(serverName, port); + } + + /** + * Return the server name. + * + * @return The server name. + */ + public String getServerName() + { + return serverName; + } + + /** + * Return the port. + * + * @return the port. + */ + public int getPort() + { + return port; + } + + /** + * Return a string representation of these parameters. + * + * @return The string representation of these parameters. + */ + public String toString() + { + return "LDAPCertStoreParameters: [ serverName: " + serverName + + "; port: " + port + " ]"; + } +} diff --git a/libjava/java/security/cert/PKIXBuilderParameters.java b/libjava/java/security/cert/PKIXBuilderParameters.java new file mode 100644 index 00000000000..bb44a056198 --- /dev/null +++ b/libjava/java/security/cert/PKIXBuilderParameters.java @@ -0,0 +1,145 @@ +/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Set; + +/** + * Parameters for building certificate paths using the PKIX algorithm. + * + * @see CertPathBuilder + */ +public class PKIXBuilderParameters extends PKIXParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The maximum path length. */ + private int maxPathLength; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXBuilderParameters object, populating the trusted + * certificates set with all X.509 certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @param targetConstraints The target certificate constraints. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If keystore is null. + */ + public PKIXBuilderParameters(KeyStore keystore, + CertSelector targetConstraints) + throws KeyStoreException, InvalidAlgorithmParameterException + { + super(keystore); + setTargetCertConstraints(targetConstraints); + maxPathLength = 5; + } + + /** + * Create a new PKIXBuilderParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @param targetConstraints The target certificate constraints. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public PKIXBuilderParameters(Set trustAnchors, CertSelector targetConstraints) + throws InvalidAlgorithmParameterException + { + super(trustAnchors); + setTargetCertConstraints(targetConstraints); + maxPathLength = 5; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the maximum length of certificate paths to build. + * + *

If this value is 0 it is taken to mean that the certificate path + * should contain only one certificate. A value of -1 means that the + * certificate path length is unconstrained. The default value is 5. + * + * @return The maximum path length. + */ + public int getMaxPathLength() + { + return maxPathLength; + } + + /** + * Sets the maximum length of certificate paths to build. + * + * @param maxPathLength The new path length. + * @throws IllegalArgumentException If maxPathLength is less + * than -1. + */ + public void setMaxPathLength(int maxPathLength) + { + if (maxPathLength < -1) + throw new IllegalArgumentException(); + this.maxPathLength = maxPathLength; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(super.toString()); + buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength); + return buf.toString(); + } +} diff --git a/libjava/java/security/cert/PKIXCertPathBuilderResult.java b/libjava/java/security/cert/PKIXCertPathBuilderResult.java new file mode 100644 index 00000000000..e423f64df4c --- /dev/null +++ b/libjava/java/security/cert/PKIXCertPathBuilderResult.java @@ -0,0 +1,101 @@ +/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * The result of calling the {@link + * CertPathBuilder#build(java.security.cert.CertPathParameters)} method + * of PKIX {@link CertPathBuilder}s. + * + * @see CertPathBuilder + * @see CertPathBuilderResult + */ +public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The certificate path. */ + private CertPath certPath; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new PKIXCertPathBuilderResult. + * + * @param certPath The certificate path. + * @param trustAnchor The trust anchor. + * @param policyTree The root node of the policy tree. + * @param subjectPublicKey The public key. + * @throws NullPointerException If certPath, trustAnchor or + * subjectPublicKey is null. + */ + public PKIXCertPathBuilderResult(CertPath certPath, + TrustAnchor trustAnchor, + PolicyNode policyTree, + java.security.PublicKey subjectPublicKey) + { + super(trustAnchor, policyTree, subjectPublicKey); + if (certPath == null) + throw new NullPointerException(); + this.certPath = certPath; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the certificate path that was built. + * + * @return The certificate path that was built. + */ + public CertPath getCertPath() + { + return certPath; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(super.toString()); + buf.insert(buf.length() - 2, "; CertPath=" + certPath); + return buf.toString(); + } +} diff --git a/libjava/java/security/cert/PKIXCertPathChecker.java b/libjava/java/security/cert/PKIXCertPathChecker.java new file mode 100644 index 00000000000..fda4d061ed9 --- /dev/null +++ b/libjava/java/security/cert/PKIXCertPathChecker.java @@ -0,0 +1,133 @@ +/* PKIXCertPathChecker.java -- checks X.509 certificate paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.Collection; +import java.util.Set; + +/** + * A validator for X.509 certificates when approving certificate chains. + * + *

Concrete subclasses can be passed to the {@link + * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link + * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker} + * methods, which are then used to set up PKIX certificate chain + * builders or validators. These classes then call the {@link + * #check(java.security.cert.Certificate,java.util.Collection)} method + * of this class, performing whatever checks on the certificate, + * throwing an exception if any check fails. + * + *

Subclasses of this must be able to perform their checks in the + * backward direction -- from the most-trusted certificate to the target + * -- and may optionally support forward checking -- from the target to + * the most-trusted certificate. + * + * @see PKIXParameters + */ +public abstract class PKIXCertPathChecker implements Cloneable +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** Default constructor. */ + protected PKIXCertPathChecker() + { + super(); + } + + // Cloneable interface. + // ------------------------------------------------------------------------ + + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException cnse) + { + throw new InternalError(cnse.getMessage()); + } + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Initialize this PKIXCertPathChecker. If subclasses support forward + * checking, a value of true can be passed to this method, and + * certificates can be validated from the target certificate to the + * most-trusted certifcate. + * + * @param forward The direction of this PKIXCertPathChecker. + * @throws CertPathValidatorException If forward is true and + * this class does not support forward checking. + */ + public abstract void init(boolean forward) throws CertPathValidatorException; + + /** + * Returns whether or not this class supports forward checking. + * + * @return Whether or not this class supports forward checking. + */ + public abstract boolean isForwardCheckingSupported(); + + /** + * Returns an immutable set of X.509 extension object identifiers (OIDs) + * supported by this PKIXCertPathChecker. + * + * @return An immutable set of Strings of the supported X.509 OIDs, or + * null if no extensions are supported. + */ + public abstract Set getSupportedExtensions(); + + /** + * Checks a certificate, removing any critical extensions that are + * resolved in this check. + * + * @param cert The certificate to check. + * @param unresolvedCritExts The (mutable) collection of as-of-yet + * unresolved critical extensions, as OID strings. + * @throws CertPathValidatorException If this certificate fails this + * check. + */ + public abstract void check(Certificate cert, Collection unresolvedCritExts) + throws CertPathValidatorException; +} diff --git a/libjava/java/security/cert/PKIXCertPathValidatorResult.java b/libjava/java/security/cert/PKIXCertPathValidatorResult.java new file mode 100644 index 00000000000..7b88acf43b6 --- /dev/null +++ b/libjava/java/security/cert/PKIXCertPathValidatorResult.java @@ -0,0 +1,142 @@ +/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.PublicKey; + +/** + * Results returned by the {@link + * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)} + * method for PKIX {@link CertPathValidator}s. + * + * @see CertPathValidator + */ +public class PKIXCertPathValidatorResult implements CertPathValidatorResult +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trust anchor. */ + private final TrustAnchor trustAnchor; + + /** The root node of the policy tree. */ + private final PolicyNode policyTree; + + /** The subject's public key. */ + private final PublicKey subjectPublicKey; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new PKIXCertPathValidatorResult. + * + * @param trustAnchor The trust anchor. + * @param policyTree The root node of the policy tree. + * @param subjectPublicKey The public key. + * @throws NullPointerException If either trustAnchor or + * subjectPublicKey is null. + */ + public PKIXCertPathValidatorResult(TrustAnchor trustAnchor, + PolicyNode policyTree, + PublicKey subjectPublicKey) + { + if (trustAnchor == null || subjectPublicKey == null) + throw new NullPointerException(); + this.trustAnchor = trustAnchor; + this.policyTree = policyTree; + this.subjectPublicKey = subjectPublicKey; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the trust anchor. + * + * @return The trust anchor. + */ + public TrustAnchor getTrustAnchor() + { + return trustAnchor; + } + + /** + * Returns the root node of the policy tree. + * + * @return The root node of the policy tree. + */ + public PolicyNode getPolicyTree() + { + return policyTree; + } + + /** + * Returns the subject public key. + * + * @return The subject public key. + */ + public PublicKey getPublicKey() + { + return subjectPublicKey; + } + + /** + * Returns a copy of this object. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXCertPathValidatorResult(trustAnchor, policyTree, + subjectPublicKey); + } + + /** + * Returns a printable string representation of this result. + * + * @return A printable string representation of this result. + */ + public String toString() + { + return "[ Trust Anchor=" + trustAnchor + "; Policy Tree=" + + policyTree + "; Subject Public Key=" + subjectPublicKey + " ]"; + } +} diff --git a/libjava/java/security/cert/PKIXParameters.java b/libjava/java/security/cert/PKIXParameters.java new file mode 100644 index 00000000000..faa6fa34886 --- /dev/null +++ b/libjava/java/security/cert/PKIXParameters.java @@ -0,0 +1,546 @@ +/* PKIXParameters.java -- parameters for the PKIX cert path algorithm + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +/** + * Parameters for verifying certificate paths using the PKIX + * (Public-Key Infrastructure (X.509)) algorithm. + * + * @see CertPathBulider + */ +public class PKIXParameters implements CertPathParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trusted certificates. */ + private final Set trustAnchors; + + /** The set of initial policy identifiers. */ + private final Set initPolicies; + + /** The list of certificate stores. */ + private final List certStores; + + /** The list of path checkers. */ + private final List pathCheckers; + + /** The revocation enabled flag. */ + private boolean revocationEnabled; + + /** The explicit policy required flag. */ + private boolean exPolicyRequired; + + /** The policy mapping inhibited flag. */ + private boolean policyMappingInhibited; + + /** The any policy inhibited flag. */ + private boolean anyPolicyInhibited; + + /** The policy qualifiers rejected flag. */ + private boolean policyQualRejected; + + /** The target validation date. */ + private Date date; + + /** The signature algorithm provider. */ + private String sigProvider; + + /** The target constraints. */ + private CertSelector targetConstraints; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with all certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If keystore is null. + */ + public PKIXParameters(KeyStore keystore) + throws KeyStoreException, InvalidAlgorithmParameterException + { + this(); + for (Enumeration e = keystore.aliases(); e.hasMoreElements(); ) + { + String alias = (String) e.nextElement(); + if (!keystore.isCertificateEntry(alias)) + continue; + Certificate cert = keystore.getCertificate(alias); + if (cert instanceof X509Certificate) + trustAnchors.add(new TrustAnchor((X509Certificate) cert, null)); + } + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no certs in the key store"); + } + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public PKIXParameters(Set trustAnchors) + throws InvalidAlgorithmParameterException + { + this(); + setTrustAnchors(trustAnchors); + } + + /** + * Default constructor. + */ + private PKIXParameters() + { + trustAnchors = new HashSet(); + initPolicies = new HashSet(); + certStores = new LinkedList(); + pathCheckers = new LinkedList(); + revocationEnabled = true; + exPolicyRequired = false; + policyMappingInhibited = false; + anyPolicyInhibited = false; + policyQualRejected = true; + } + + /** + * Copying constructor for cloning. + * + * @param that The instance being cloned. + */ + private PKIXParameters(PKIXParameters that) + { + this(); + this.trustAnchors.addAll(that.trustAnchors); + this.initPolicies.addAll(that.initPolicies); + this.certStores.addAll(that.certStores); + this.pathCheckers.addAll(that.pathCheckers); + this.revocationEnabled = that.revocationEnabled; + this.exPolicyRequired = that.exPolicyRequired; + this.policyMappingInhibited = that.policyMappingInhibited; + this.anyPolicyInhibited = that.anyPolicyInhibited; + this.policyQualRejected = that.policyQualRejected; + this.date = that.date; + this.sigProvider = that.sigProvider; + this.targetConstraints = that.targetConstraints != null + ? (CertSelector) that.targetConstraints.clone() : null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns an immutable set of trust anchors. The set returned will + * never be null and will never be empty. + * + * @return A (never null, never empty) immutable set of trust anchors. + */ + public Set getTrustAnchors() + { + return Collections.unmodifiableSet(trustAnchors); + } + + /** + * Sets the trust anchors of this class, replacing the current trust + * anchors with those in the given set. The supplied set is copied to + * prevent modification. + * + * @param trustAnchors The new set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public void setTrustAnchors(Set trustAnchors) + throws InvalidAlgorithmParameterException + { + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no trust anchors"); + this.trustAnchors.clear(); + for (Iterator i = trustAnchors.iterator(); i.hasNext(); ) + { + this.trustAnchors.add((TrustAnchor) i.next()); + } + } + + /** + * Returns the set of initial policy identifiers (as OID strings). If + * any policy is accepted, this method returns the empty set. + * + * @return An immutable set of initial policy OID strings, or the + * empty set if any policy is acceptable. + */ + public Set getInitialPolicies() + { + return Collections.unmodifiableSet(initPolicies); + } + + /** + * Sets the initial policy identifiers (as OID strings). If the + * argument is null or the empty set, then any policy identifier will + * be accepted. + * + * @param initPolicies The new set of policy strings, or null. + * @throws ClassCastException If any element in initPolicies is + * not a string. + */ + public void setInitialPolicies(Set initPolicies) + { + this.initPolicies.clear(); + if (initPolicies == null) + return; + for (Iterator i = initPolicies.iterator(); i.hasNext(); ) + { + this.initPolicies.add((String) i.next()); + } + } + + /** + * Add a {@link CertStore} to the list of cert stores. + * + * @param store The CertStore to add. + */ + public void addCertStore(CertStore store) + { + if (store != null) + certStores.add(store); + } + + /** + * Returns an immutable list of cert stores. This method never returns + * null. + * + * @return The list of cert stores. + */ + public List getCertStores() + { + return Collections.unmodifiableList(certStores); + } + + /** + * Set the cert stores. If the argument is null the list of cert + * stores will be empty. + * + * @param certStores The cert stores. + */ + public void setCertStores(List certStores) + { + this.certStores.clear(); + if (certStores == null) + return; + for (Iterator i = certStores.iterator(); i.hasNext(); ) + { + this.certStores.add((CertStore) i.next()); + } + } + + /** + * Returns the value of the revocation enabled flag. The default + * value for this flag is true. + * + * @return The revocation enabled flag. + */ + public boolean isRevocationEnabled() + { + return revocationEnabled; + } + + /** + * Sets the value of the revocation enabled flag. + * + * @param value The new value. + */ + public void setRevocationEnabled(boolean value) + { + revocationEnabled = value; + } + + /** + * Returns the value of the explicit policy required flag. The + * default value of this flag is false. + * + * @return The explicit policy required flag. + */ + public boolean isExplicitPolicyRequired() + { + return exPolicyRequired; + } + + /** + * Sets the value of the explicit policy required flag. + * + * @param value The new value. + */ + public void setExplicitPolicyRequired(boolean value) + { + exPolicyRequired = value; + } + + /** + * Returns the value of the policy mapping inhibited flag. The + * default value of this flag is false. + * + * @return The policy mapping inhibited flag. + */ + public boolean isPolicyMappingInhibited() + { + return policyMappingInhibited; + } + + /** + * Sets the value of the policy mapping inhibited flag. + * + * @param value The new value. + */ + public void setPolicyMappingInhibited(boolean value) + { + policyMappingInhibited = value; + } + + /** + * Returns the value of the any policy inhibited flag. The + * default value of this flag is false. + * + * @return The any policy inhibited flag. + */ + public boolean isAnyPolicyInhibited() + { + return anyPolicyInhibited; + } + + /** + * Sets the value of the any policy inhibited flag. + * + * @param value The new value. + */ + public void setAnyPolicyInhibited(boolean value) + { + anyPolicyInhibited = value; + } + + /** + * Returns the value of the policy qualifiers enabled flag. The + * default value of this flag is true. + * + * @return The policy qualifiers enabled flag. + */ + public boolean getPolicyQualifiersRejected() + { + return policyQualRejected; + } + + /** + * Sets the value of the policy qualifiers enabled flag. + * + * @param value The new value. + */ + public void setPolicyQualifiersRejected(boolean value) + { + policyQualRejected = value; + } + + /** + * Returns the date for which the certificate path should be + * validated, or null if the current time should be used. The date + * object is copied to prevent subsequent modification. + * + * @return The date, or null if not set. + */ + public Date getDate() + { + return date != null ? (Date) date.clone() : null; + } + + /** + * Sets the date for which the certificate path should be validated, + * or null if the current time should be used. + * + * @param date The new date, or null. + */ + public void setDate(Date date) + { + if (date != null) + this.date = (Date) date.clone(); + else + this.date = null; + } + + /** + * Add a certificate path checker. + * + * @param checker The certificate path checker to add. + */ + public void addCertPathChecker(PKIXCertPathChecker checker) + { + if (checker != null) + pathCheckers.add(checker); + } + + /** + * Returns an immutable list of all certificate path checkers. + * + * @return An immutable list of all certificate path checkers. + */ + public List getCertPathCheckers() + { + return Collections.unmodifiableList(pathCheckers); + } + + /** + * Sets the certificate path checkers. If the argument is null, the + * list of checkers will merely be cleared. + * + * @param pathCheckers The new list of certificate path checkers. + * @throws ClassCastException If any element of pathCheckers is + * not a {@link PKIXCertPathChecker}. + */ + public void setCertPathCheckers(List pathCheckers) + { + this.pathCheckers.clear(); + if (pathCheckers == null) + return; + for (Iterator i = pathCheckers.iterator(); i.hasNext(); ) + { + this.pathCheckers.add((PKIXCertPathChecker) i.next()); + } + } + + /** + * Returns the signature algorithm provider, or null if not set. + * + * @return The signature algorithm provider, or null if not set. + */ + public String getSigProvider() + { + return sigProvider; + } + + /** + * Sets the signature algorithm provider, or null if there is no + * preferred provider. + * + * @param sigProvider The signature provider name. + */ + public void setSigProvider(String sigProvider) + { + this.sigProvider = sigProvider; + } + + /** + * Returns the constraints placed on the target certificate, or null + * if there are none. The target constraints are copied to prevent + * subsequent modification. + * + * @return The target constraints, or null. + */ + public CertSelector getTargetCertConstraints() + { + return targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Sets the constraints placed on the target certificate. + * + * @param targetConstraints The target constraints. + */ + public void setTargetCertConstraints(CertSelector targetConstraints) + { + this.targetConstraints = targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Returns a copy of these parameters. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXParameters(this); + } + + /** + * Returns a printable representation of these parameters. + * + * @return A printable representation of these parameters. + */ + public String toString() { + return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs=" + + (initPolicies != null ? initPolicies.toString() : "any") + + "; Validity Date=" + date + "; Signature Provider=" + + sigProvider + "; Default Revocation Enabled=" + revocationEnabled + + "; Explicit Policy Required=" + exPolicyRequired + + "; Policy Mapping Inhibited=" + policyMappingInhibited + + "; Any Policy Inhibited=" + anyPolicyInhibited + + "; Policy Qualifiers Rejected=" + policyQualRejected + + "; Target Cert Contstraints=" + targetConstraints + + "; Certification Path Checkers=" + pathCheckers + + "; CertStores=" + certStores + " ]"; + } +} diff --git a/libjava/java/security/cert/PolicyNode.java b/libjava/java/security/cert/PolicyNode.java new file mode 100644 index 00000000000..d39a2e57584 --- /dev/null +++ b/libjava/java/security/cert/PolicyNode.java @@ -0,0 +1,102 @@ +/* PolicyNode.java -- a single node in a policy tree + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +public interface PolicyNode +{ + + /** + * Get the iterator of the child nodes of this node. The returned + * iterator is (naturally) unmodifiable. + * + * @return An iterator over the child nodes. + */ + java.util.Iterator getChildren(); + + /** + * Get the depth of this node within the tree, starting at 0 for the + * root node. + * + * @return The depth of this node. + */ + int getDepth(); + + /** + * Returns a set of policies (string OIDs) that will satisfy this + * node's policy. The root node should always return the singleton set + * with the element "any-policy". + * + * @return The set of expected policies. + */ + java.util.Set getExpectedPolicies(); + + /** + * Returns the parent node of this node, or null if this is the root + * node. + * + * @return The parent node, or null. + */ + PolicyNode getParent(); + + /** + * Returns a set of {@link PolicyQualifierInfo} objects that qualify + * the valid policy of this node. The root node should always return + * the empty set. + * + * @return The set of {@link PolicyQualifierInfo} objects. + */ + java.util.Set getPolicyQualifiers(); + + /** + * Get the policy OID this node represents. The root node should return + * the special value "any-policy". + * + * @return The policy of this node. + */ + String getValidPolicy(); + + /** + * Return the criticality flag of this policy node. Nodes who return + * true for this method should be considered critical. The root node + * is never critical. + * + * @return The criticality flag. + */ + boolean isCritical(); +} diff --git a/libjava/java/security/cert/PolicyQualifierInfo.java b/libjava/java/security/cert/PolicyQualifierInfo.java new file mode 100644 index 00000000000..a46b6ba89be --- /dev/null +++ b/libjava/java/security/cert/PolicyQualifierInfo.java @@ -0,0 +1,172 @@ +/* PolicyQualifierInfo.java -- policy qualifier info object. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.DER; +import gnu.java.security.der.DEREncodingException; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +/** + * The PolicyQualifierInfo X.509 certificate extension. + * PolicyQualifierInfo objects are represented by the ASN.1 structure: + * + *

+ * PolicyQualifierInfo ::= SEQUENCE {
+ *    policyQualifierId   PolicyQualifierId,
+ *    qualifier           ANY DEFINED BY policyQualifierId
+ * }
+ *
+ * PolicyQualifierId ::= OBJECT IDENTIFIER
+ * 
+ * + * @since JDK 1.4 + */ +public class PolicyQualifierInfo +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The policyQualifierId field. */ + private OID oid; + + /** The DER encoded form of this object. */ + private byte[] encoded; + + /** The DER encoded form of the qualifier field. */ + private DERValue qualifier; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new PolicyQualifierInfo object from the DER encoded form + * passed in the byte array. The argument is copied. + * + *

The ASN.1 form of PolicyQualifierInfo is: +

+PolicyQualifierInfo ::= SEQUENCE {
+   policyQualifierId     PolicyQualifierId,
+   qualifier             ANY DEFINED BY policyQualifierId
+}
+
+PolicyQualifierId ::= OBJECT IDENTIFIER
+
+ * + * @param encoded The DER encoded form. + * @throws IOException If the structure cannot be parsed from the + * encoded bytes. + */ + public PolicyQualifierInfo(byte[] encoded) throws IOException + { + if (encoded == null) + throw new IOException("null bytes"); + this.encoded = (byte[]) encoded.clone(); + DERReader in = new DERReader(new ByteArrayInputStream(this.encoded)); + DERValue qualInfo = in.read(); + if (!qualInfo.isConstructed()) + throw new ASN1ParsingException("malformed PolicyQualifierInfo"); + DERValue val = in.read(); + if (!(val.getValue() instanceof OID)) + throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER"); + oid = (OID) val.getValue(); + if (val.getEncodedLength() < val.getLength()) + qualifier = in.read(); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the policyQualifierId field of this structure, + * as a dotted-decimal representation of the object identifier. + * + * @return This structure's OID field. + */ + public String getPolicyQualifierId() + { + return oid.toString(); + } + + /** + * Returns the DER encoded form of this object; the contents of the + * returned byte array are equivalent to those that were passed to the + * constructor. The byte array is cloned every time this method is + * called. + * + * @return The encoded form. + */ + public byte[] getEncoded() + { + return (byte[]) encoded.clone(); + } + + /** + * Get the qualifier field of this object, as a DER + * encoded byte array. The byte array returned is cloned every time + * this method is called. + * + * @return The encoded qualifier. + */ + public byte[] getPolicyQualifier() + { + if (qualifier == null) + return new byte[0]; + return qualifier.getEncoded(); + } + + /** + * Returns a printable string representation of this object. + * + * @return The string representation. + */ + public String toString() + { + return "PolicyQualifierInfo { policyQualifierId ::= " + oid + + ", qualifier ::= " + qualifier + " }"; + } +} diff --git a/libjava/java/security/cert/TrustAnchor.java b/libjava/java/security/cert/TrustAnchor.java new file mode 100644 index 00000000000..ccd2a9fadb3 --- /dev/null +++ b/libjava/java/security/cert/TrustAnchor.java @@ -0,0 +1,188 @@ +/* TrustAnchor.java -- an ultimately-trusted certificate. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +import java.security.PublicKey; + +import gnu.java.security.x509.X500DistinguishedName; + +/** + * An ultimately-trusted certificate to serve as the root of a + * certificate chain. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class TrustAnchor +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The certificate authority's distinguished name. */ + private final X500DistinguishedName caName; + + /** The certficate authority's public key. */ + private final PublicKey caKey; + + /** The certficate authority's certificate. */ + private final X509Certificate trustedCert; + + /** The encoded name constraints bytes. */ + private final byte[] nameConstraints; + + // Constnuctors. + // ------------------------------------------------------------------------ + + /** + * Create a new trust anchor from a certificate and (optional) name + * constraints. + * + *

If the nameConstraints argument in non-null, it will be + * copied to prevent modification. + * + * @param trustedCert The trusted certificate. + * @param nameConstraints The encoded nameConstraints. + */ + public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) + { + if (trustedCert == null) + throw new NullPointerException(); + this.trustedCert = trustedCert; + caName = null; + caKey = null; + if (nameConstraints != null) + this.nameConstraints = (byte[]) nameConstraints.clone(); + else + this.nameConstraints = null; + } + + /** + * Create a new trust anchor from a certificate authority's + * distinguished name, public key, and (optional) name constraints. + * + *

If the nameConstraints argument in non-null, it will be + * copied to prevent modification. + * + * @params caName The CA's distinguished name. + * @params caKey The CA's public key. + * @params nameConstraints The encoded nameConstraints. + */ + public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints) + { + if (caName == null || caKey == null) + throw new NullPointerException(); + if (caName.length() == 0) + throw new IllegalArgumentException(); + trustedCert = null; + this.caName = new X500DistinguishedName(caName); + this.caKey = caKey; + if (nameConstraints != null) + this.nameConstraints = (byte[]) nameConstraints.clone(); + else + this.nameConstraints = null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the trusted certificate, or null if none was specified. + * + * @return The trusted certificate. + */ + public final X509Certificate getTrustedCert() + { + return trustedCert; + } + + /** + * Return the certificate authority's distinguished name, or null if + * none was specified. + * + * @return The CA's distinguished name. + */ + public final String getCAName() + { + if (caName != null) + return caName.toRFC2253(); + return null; + } + + /** + * Return the certificate authority's public key, or null if none was + * specified. + * + * @return The CA's public key. + */ + public final PublicKey getCAPublicKey() + { + return caKey; + } + + /** + * Return the encoded name constraints, or null if none was specified. + * + *

The name constraints byte array is copied when this method is + * called to prevent modification. + * + * @return The encoded name constraints. + */ + public final byte[] getNameConstraints() + { + if (nameConstraints == null) + return null; + return (byte[]) nameConstraints.clone(); + } + + /** + * Return a printable representation of this trust anchor. + * + * @return The printable representation. + */ + public String toString() + { + if (trustedCert == null) + return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name=" + + caName.toRFC2253() + " ]"; + return "[ Trusted CA Certificate=" + trustedCert + " ]"; + } +} diff --git a/libjava/java/security/cert/X509CRL.java b/libjava/java/security/cert/X509CRL.java index 24773987bed..6794ccb43ad 100644 --- a/libjava/java/security/cert/X509CRL.java +++ b/libjava/java/security/cert/X509CRL.java @@ -47,6 +47,8 @@ import java.security.SignatureException; import java.util.Date; import java.util.Set; +import javax.security.auth.x500.X500Principal; + /** The X509CRL class is the abstract class used to manage X.509 Certificate Revocation Lists. The CRL is a list of @@ -378,4 +380,17 @@ public abstract class X509CRL extends CRL implements X509Extension */ public abstract byte[] getSigAlgParams(); + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the X.500 distinguished name of this CRL's issuer. + * + * @return The issuer's X.500 distinguished name. + * @since JDK 1.4 + */ + public X500Principal getIssuerX500Principal() + { + throw new UnsupportedOperationException(); + } } diff --git a/libjava/java/security/cert/X509Certificate.java b/libjava/java/security/cert/X509Certificate.java index b245dcdfed6..cce1e535cc4 100644 --- a/libjava/java/security/cert/X509Certificate.java +++ b/libjava/java/security/cert/X509Certificate.java @@ -1,5 +1,5 @@ /* X509Certificate.java --- X.509 Certificate class - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -37,6 +37,7 @@ exception statement from your version. */ package java.security.cert; + import java.math.BigInteger; import java.security.Principal; import java.security.PublicKey; @@ -47,90 +48,104 @@ import java.security.SignatureException; import java.util.Date; /** - X509Certificate is the abstract class for X.509 certificates. - This provides a stanard class interface for accessing all - the attributes of X.509 certificates. - - In June 1996, the basic X.509 v3 format was finished by - ISO/IEC and ANSI X.9. The ASN.1 DER format is below: - - Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } - - These certificates are widely used in various Internet - protocols to support authentication. It is used in - Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), - Secure Sockets Layer (SSL), code signing for trusted software - distribution, and Secure Electronic Transactions (SET). - - The certificates are managed and vouched for by - Certificate Authorities (CAs). CAs are companies or - groups that create certificates by placing the data in the - X.509 certificate format and signing it with their private - key. CAs serve as trusted third parties by certifying that - the person or group specified in the certificate is who - they say they are. - - The ASN.1 defintion for tbsCertificate is - - TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 - } - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - CertificateSerialNumber ::= INTEGER - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - UniqueIdentifier ::= BIT STRING - - SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - - Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - - Certificates are created with the CertificateFactory. - For more information about X.509 certificates, consult - rfc2459. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ + * X509Certificate is the abstract class for X.509 certificates. + * This provides a stanard class interface for accessing all + * the attributes of X.509 certificates. + * + *

In June 1996, the basic X.509 v3 format was finished by + * ISO/IEC and ANSI X.9. The ASN.1 DER format is below: + * + *

+ * Certificate  ::=  SEQUENCE  {
+ *   tbsCertificate       TBSCertificate,
+ *   signatureAlgorithm   AlgorithmIdentifier,
+ *   signatureValue       BIT STRING  }
+ * 
+ * + *

These certificates are widely used in various Internet + * protocols to support authentication. It is used in + * Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), + * Secure Sockets Layer (SSL), code signing for trusted software + * distribution, and Secure Electronic Transactions (SET). + * + *

The certificates are managed and vouched for by + * Certificate Authorities (CAs). CAs are companies or + * groups that create certificates by placing the data in the + * X.509 certificate format and signing it with their private + * key. CAs serve as trusted third parties by certifying that + * the person or group specified in the certificate is who + * they say they are. + * + *

The ASN.1 defintion for tbsCertificate is + * + *

+ * TBSCertificate  ::=  SEQUENCE  {
+ *   version         [0]  EXPLICIT Version DEFAULT v1,
+ *   serialNumber         CertificateSerialNumber,
+ *   signature            AlgorithmIdentifier,
+ *   issuer               Name,
+ *   validity             Validity,
+ *   subject              Name,
+ *   subjectPublicKeyInfo SubjectPublicKeyInfo,
+ *   issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+ *                        -- If present, version shall be v2 or v3
+ *   subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+ *                        -- If present, version shall be v2 or v3
+ *   extensions      [3]  EXPLICIT Extensions OPTIONAL
+ *                        -- If present, version shall be v3
+ * }
+ *
+ * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+ *
+ * CertificateSerialNumber  ::=  INTEGER
+ *
+ * Validity ::= SEQUENCE {
+ *   notBefore      Time,
+ *   notAfter       Time }
+ *
+ * Time ::= CHOICE {
+ *   utcTime        UTCTime,
+ *   generalTime    GeneralizedTime }
+ *
+ * UniqueIdentifier  ::=  BIT STRING
+ *
+ * SubjectPublicKeyInfo  ::=  SEQUENCE  {
+ *   algorithm            AlgorithmIdentifier,
+ *   subjectPublicKey     BIT STRING  }
+ *
+ * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ * Extension  ::=  SEQUENCE  {
+ *   extnID      OBJECT IDENTIFIER,
+ *   critical    BOOLEAN DEFAULT FALSE,
+ *   extnValue   OCTET STRING  }
+ * 
+ * + * Certificates are created with the CertificateFactory. + * + *

References: + * + *

    + *
  1. Olivier Dubuisson, Philippe Fouquart (Translator) ASN.1 - + * Communication between heterogeneous systems, (C) September 2000, + * Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at + * http://www.oss.com/asn1/dubuisson.html
  2. + *
  3. R. Housley et al, RFC + * 3280: Internet X.509 Public Key Infrastructure Certificate and CRL + * Profile.
  4. + *
+ * + * @since JDK 1.2 + * @author Mark Benvenuto + * @author Casey Marshall (rsdio@metastatic.org) + */ public abstract class X509Certificate extends Certificate implements X509Extension { /** - Constructs a new certificate of the specified type. - */ + * Constructs a new certificate of the specified type. + */ protected X509Certificate() { super( "X.509" ); @@ -451,5 +466,125 @@ public abstract class X509Certificate extends Certificate implements X509Extensi */ public abstract int getBasicConstraints(); + // 1.4 instance methods. + // ------------------------------------------------------------------------ + /** + * Returns the ExtendedKeyUsage extension of this + * certificate, or null if there is no extension present. The returned + * value is a {@link java.util.List} strings representing the object + * identifiers of the extended key usages. This extension has the OID + * 2.5.29.37. + * + *

The ASN.1 definition for this extension is: + * + *

 
+   * ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+   *
+   * KeyPurposeId ::= OBJECT IDENTIFIER
+   * 
+ * + * @return The list of extension OIDs, or null if there are none + * present in this certificate. + * @throws CertificateParsingException If this extension cannot be + * parsed from its encoded form. + */ + public java.util.List getExtendedKeyUsage() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the alternative names for this certificate's subject (the + * owner), or null if there are none. + * + *

This is an X.509 extension with OID 2.5.29.17 and is defined by + * the ASN.1 construction: + * + *

+   * SubjectAltNames ::= GeneralNames
+   *
+   * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+   *
+   * GeneralName ::= CHOICE {
+   *   otherName                 [0]   OtherName,
+   *   rfc822Name                [1]   IA5String,
+   *   dNSName                   [2]   IA5String,
+   *   x400Address               [3]   ORAddress,
+   *   directoryName             [4]   Name,
+   *   ediPartyName              [5]   EDIPartyName,
+   *   uniformResourceIdentifier [6]   IA5String,
+   *   iPAddress                 [7]   OCTET STRING,
+   *   registeredID              [8]   OBJECT IDENTIFIER
+   * }
+   * 
+ * + *

The returned collection contains one or more two-element Lists, + * with the first object being an Integer representing the choice + * above (with value 0 through 8) and the second being an (a) String + * if the GeneralName is a rfc822Name, dNSName, + * uniformResourceIdentifier, iPAddress, or registeredID, or (b) a + * byte array of the DER encoded form for any others. + * + * @return The collection of alternative names, or null if there are + * none. + * @throws CertificateParsingException If the encoded extension cannot + * be parsed. + * @since JDK 1.4 + */ + public java.util.Collection getSubjectAlternativeNames() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the alternative names for this certificate's issuer, or + * null if there are none. + * + *

This is an X.509 extension with OID 2.5.29.18, and is defined by + * the ASN.1 construction: + * + *

+   * IssuerAltNames ::= GeneralNames
+   * 
+ * + *

The GeneralNames construct and the form of the + * returned collection are the same as with {@link + * #getSubjectAlternativeNames()}. + * + * @return The collection of alternative names, or null if there are + * none. + * @throws CertificateParsingException If the encoded extension cannot + * be parsed. + * @since JDK 1.4 + */ + public java.util.Collection getIssuerAlternativeNames() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the X.500 distinguished name of this certificate's subject. + * + * @return The subject's X.500 distinguished name. + * @since JDK 1.4 + */ + public javax.security.auth.x500.X500Principal getSubjectX500Principal() + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the X.500 distinguished name of this certificate's issuer. + * + * @return The issuer's X.500 distinguished name. + * @since JDK 1.4 + */ + public javax.security.auth.x500.X500Principal getIssuerX500Principal() + { + throw new UnsupportedOperationException(); + } } diff --git a/libjava/java/security/spec/DSAPublicKeySpec.java b/libjava/java/security/spec/DSAPublicKeySpec.java index 5eb70ba07c3..ef73371188a 100644 --- a/libjava/java/security/spec/DSAPublicKeySpec.java +++ b/libjava/java/security/spec/DSAPublicKeySpec.java @@ -62,7 +62,7 @@ public class DSAPublicKeySpec extends Object implements KeySpec @param q the sub-prime @param g the base */ - public DSAPublicKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g) + public DSAPublicKeySpec(BigInteger y, BigInteger p, BigInteger q, BigInteger g) { this.y = y; this.p = p; diff --git a/libjava/javax/security/auth/x500/X500Principal.java b/libjava/javax/security/auth/x500/X500Principal.java new file mode 100644 index 00000000000..fc72e7b268e --- /dev/null +++ b/libjava/javax/security/auth/x500/X500Principal.java @@ -0,0 +1,147 @@ +/* X500Principal.java -- X.500 principal. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.x500; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.NotActiveException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +import java.security.Principal; + +import java.util.HashSet; +import java.util.LinkedList; + +import gnu.java.security.x509.X500DistinguishedName; + +public final class X500Principal implements Principal, Serializable +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + public static final String CANONICAL = "CANONICAL"; + + public static final String RFC1779 = "RFC1779"; + + public static final String RFC2253 = "RFC2253"; + + private transient X500DistinguishedName name; + + // Constructors. + // ------------------------------------------------------------------------ + + public X500Principal(String name) + { + if (name == null) + throw new NullPointerException(); + this.name = new X500DistinguishedName(name); + } + + public X500Principal(byte[] encoded) + { + try + { + name = new X500DistinguishedName(encoded); + } + catch (IOException ioe) + { + throw new IllegalArgumentException(ioe.toString()); + } + } + + public X500Principal(InputStream encoded) + { + try + { + name = new X500DistinguishedName(encoded); + } + catch (IOException ioe) + { + throw new IllegalArgumentException(ioe.toString()); + } + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public boolean equals(Object o) + { + return ((X500Principal) o).name.equals(name); + } + + public byte[] getEncoded() + { + return name.getEncoded(); + } + + public String getName() + { + return getName(RFC2253); + } + + public String getName(String format) + { + if (format.equalsIgnoreCase(RFC2253)) + return name.toRFC2253(); + else if (format.equalsIgnoreCase(RFC1779)) + return name.toRFC1779(); + else if (format.equalsIgnoreCase(CANONICAL)) + return name.toCanonical(); + throw new IllegalArgumentException("unsupported format " + format); + } + + // Serialization methods. + // ------------------------------------------------------------------------ + + private void writeObject(ObjectOutputStream out) throws IOException + { + out.writeObject(name.getEncoded()); + } + + private void readObject(ObjectInputStream in) + throws IOException, NotActiveException, ClassNotFoundException + { + byte[] buf = (byte[]) in.readObject(); + name = new X500DistinguishedName(buf); + } +}