procyberian/gcc
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Engine.java, [...]: New files from classpath.

Browse source 
2003-04-30  Michael Koch  <konqueror@gmx.de>

	* gnu/java/security/Engine.java,
	gnu/java/security/OID.java,
	gnu/java/security/der/BitString.java,
	gnu/java/security/der/DER.java,
	gnu/java/security/der/DERReader.java,
	gnu/java/security/der/DERValue.java,
	gnu/java/security/der/DERWriter.java,
	gnu/java/security/provider/DSAKeyFactory.java,
	gnu/java/security/provider/X509CertificateFactory.java,
	gnu/java/security/x509/X500DistinguishedName.java,
	gnu/java/security/x509/X509CRL.java,
	gnu/java/security/x509/X509CRLEntry.java,
	gnu/java/security/x509/X509Certificate.java,
	java/security/cert/CRLSelector.java,
	java/security/cert/CertPathBuilder.java,
	java/security/cert/CertPathBuilderResult.java,
	java/security/cert/CertPathBuilderSpi.java,
	java/security/cert/CertPathParameters.java,
	java/security/cert/CertPathValidator.java,
	java/security/cert/CertPathValidatorResult.java,
	java/security/cert/CertPathValidatorSpi.java,
	java/security/cert/CertSelector.java,
	java/security/cert/CertStore.java,
	java/security/cert/CertStoreParameters.java,
	java/security/cert/CertStoreSpi.java,
	java/security/cert/CollectionCertStoreParameters.java,
	java/security/cert/LDAPCertStoreParameters.java,
	java/security/cert/PKIXBuilderParameters.java,
	java/security/cert/PKIXCertPathBuilderResult.java,
	java/security/cert/PKIXCertPathChecker.java,
	java/security/cert/PKIXCertPathValidatorResult.java,
	java/security/cert/PKIXParameters.java,
	java/security/cert/PolicyNode.java,
	java/security/cert/PolicyQualifierInfo.java,
	java/security/cert/TrustAnchor.java,
	javax/security/auth/x500/X500Principal.java:
	New files from classpath.
	* gnu/java/io/ASN1ParsingException.java,
	gnu/java/io/Base64InputStream.java,
	gnu/java/security/der/DEREncodingException.java,
	gnu/java/security/provider/DSAParameters.java,
	gnu/java/security/provider/DSASignature.java,
	gnu/java/security/provider/Gnu.java,
	gnu/java/security/provider/GnuDSAPrivateKey.java,
	gnu/java/security/provider/GnuDSAPublicKey.java,
	java/security/AlgorithmParameterGenerator.java,
	java/security/AlgorithmParameters.java,
	java/security/KeyFactory.java,
	java/security/KeyPairGenerator.java,
	java/security/KeyStore.java,
	java/security/MessageDigest.java,
	java/security/SecureClassLoader.java,
	java/security/SecureRandom.java,
	java/security/Security.java,
	java/security/Signature.java,
	java/security/cert/Certificate.java,
	java/security/cert/CertificateFactory.java,
	java/security/cert/CertificateFactorySpi.java,
	java/security/cert/X509CRL.java,
	java/security/cert/X509Certificate.java,
	java/security/spec/DSAPublicKeySpec.java:
	New versions from classpath.
	* gnu/java/security/provider/DERReader.java,
	gnu/java/security/provider/DERWriter.java,
	java/security/Engine.java: Removed.
	* Makefile.am
	(java_source_files, javax_source_files): Added new files.
	* Makefile.in: Regenerated.

From-SVN: r66283
This commit is contained in:
Michael Koch 2003-04-30 07:23:42 +00:00 committed by Michael Koch
parent 505b0fd661
commit 43905ff30b
65 changed files with 9043 additions and 642 deletions
Download patch file Download diff file Expand all files Collapse all files

8
libjava/java/security/AlgorithmParameterGenerator.java
View file

@ -39,6 +39,8 @@ package java.security;
import java.security.spec.AlgorithmParameterSpec;
import gnu.java.security.Engine;
/**
* <p>The <code>AlgorithmParameterGenerator</code> class is used to generate a
* set of parameters to be used with a certain algorithm. Parameter generators
@ -201,7 +203,11 @@ public class AlgorithmParameterGenerator
(AlgorithmParameterGeneratorSpi) Engine.getInstance(
ALGORITHM_PARAMETER_GENERATOR, algorithm, provider),
provider, algorithm);
}
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);

6
libjava/java/security/AlgorithmParameters.java
View file

@ -41,6 +41,8 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.AlgorithmParameterSpec;
import java.io.IOException;
import gnu.java.security.Engine;
/**
* <p>This class is used as an opaque representation of cryptographic
* parameters.</p>
@ -204,6 +206,10 @@ public class AlgorithmParameters
Engine.getInstance(ALGORITHM_PARAMETERS, algorithm, provider),
provider, algorithm);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);

152
libjava/java/security/Engine.java
View file

@ -1,152 +0,0 @@
/* Engine -- generic getInstance method.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security;
/**
* Generic implementation of the getInstance methods in the various
* engine classes in java.security.
* <p>
* These classes ({@link java.security.Signature} for example) can be
* thought of as the "chrome, upholstery, and steering wheel", and the SPI
* (service provider interface, e.g. {@link java.security.SignatureSpi})
* classes can be thought of as the "engine" -- providing the actual
* functionality of whatever cryptographic algorithm the instance
* represents.
*
* @see Provider
* @author Casey Marshall
*/
final class Engine
{
// Constants.
// ------------------------------------------------------------------------
/** Prefix for aliases. */
private static final String ALG_ALIAS = "Alg.Alias.";
/** Maximum number of aliases to try. */
private static final int MAX_ALIASES = 5;
// Constructor.
// ------------------------------------------------------------------------
/** This class cannot be instantiated. */
private Engine() { }
// Class method.
// ------------------------------------------------------------------------
/**
* Get the implementation for <i>algorithm</i> for service
* <i>service</i> from <i>provider</i>. The service is e.g.
* "Signature", and the algorithm "DSA".
*
* @param service The service name.
* @param algorithm The name of the algorithm to get.
* @param provider The provider to get the implementation from.
* @return The engine class for the specified algorithm; the object
* returned is typically a subclass of the SPI class for that
* service, but callers should check that this is so.
* @throws NoSuchAlgorithmException If the implementation cannot be
* found or cannot be instantiated.
* @throws IllegalArgumentException If any of the three arguments are null.
*/
static Object
getInstance(String service, String algorithm, Provider provider)
throws NoSuchAlgorithmException
{
if (service == null || algorithm == null || provider == null)
throw new IllegalArgumentException();
// If there is no property "service.algorithm"
if (provider.getProperty(service + "." + algorithm) == null)
{
// Iterate through aliases, until we find the class name or resolve
// too many aliases.
String alias = null;
int count = 0;
while ((alias = provider.getProperty(
ALG_ALIAS + service + "." + algorithm)) != null)
{
if (algorithm.equals(alias)) // Refers to itself!
break;
algorithm = alias;
if (count++ > MAX_ALIASES)
throw new NoSuchAlgorithmException("too many aliases");
}
if (provider.getProperty(service + "." + algorithm) == null)
throw new NoSuchAlgorithmException(algorithm);
}
// Find and instantiate the implementation.
Class clazz = null;
ClassLoader loader = provider.getClass().getClassLoader();
String error = algorithm;
try
{
if (loader != null)
clazz = loader.loadClass(provider.getProperty(service+"."+algorithm));
else
clazz = Class.forName(provider.getProperty(service+"."+algorithm));
return clazz.newInstance();
}
catch (ClassNotFoundException cnfe)
{
error = "class not found: " + algorithm;
}
catch (IllegalAccessException iae)
{
error = "illegal access: " + iae.getMessage();
}
catch (InstantiationException ie)
{
error = "instantiation exception: " + ie.getMessage();
}
catch (ExceptionInInitializerError eiie)
{
error = "exception in initializer: " + eiie.getMessage();
}
catch (SecurityException se)
{
error = "security exception: " + se.getMessage();
}
throw new NoSuchAlgorithmException(error);
}
}

6
libjava/java/security/KeyFactory.java
View file

@ -41,6 +41,8 @@ import java.security.spec.KeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.NoSuchAlgorithmException;
import gnu.java.security.Engine;
/**
* <p>Key factories are used to convert keys (opaque cryptographic keys of type
* {@link Key}) into key specifications (transparent representations of the
@ -192,6 +194,10 @@ public class KeyFactory
Engine.getInstance(KEY_FACTORY, algorithm, provider),
provider, algorithm);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);

13
libjava/java/security/KeyPairGenerator.java
View file

@ -39,6 +39,8 @@ package java.security;
import java.security.spec.AlgorithmParameterSpec;
import gnu.java.security.Engine;
/**
* <p>The <code>KeyPairGenerator</code> class is used to generate pairs of
* public and private keys. Key pair generators are constructed using the
@ -231,7 +233,16 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
if (provider == null)
throw new IllegalArgumentException("Illegal provider");
Object o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider);
Object o = null;
try
{
o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
KeyPairGenerator result = null;
if (o instanceof KeyPairGeneratorSpi)
{

6
libjava/java/security/KeyStore.java
View file

@ -43,6 +43,8 @@ import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;
import gnu.java.security.Engine;
/**
* Keystore represents an in-memory collection of keys and
* certificates. There are two types of entries:
@ -194,6 +196,10 @@ public class KeyStore
{
throw new KeyStoreException(type);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new KeyStoreException(type);
}
catch (ClassCastException cce)
{
throw new KeyStoreException(type);

12
libjava/java/security/MessageDigest.java
View file

@ -37,6 +37,8 @@ exception statement from your version. */
package java.security;
import gnu.java.security.Engine;
/**
* <p>This <code>MessageDigest</code> class provides applications the
* functionality of a message digest algorithm, such as <i>MD5</i> or <i>SHA</i>.
@ -197,7 +199,15 @@ public abstract class MessageDigest extends MessageDigestSpi
throw new IllegalArgumentException("Illegal provider");
MessageDigest result = null;
Object o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider);
Object o = null;
try
{
o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
if (o instanceof MessageDigestSpi)
{

2
libjava/java/security/SecureClassLoader.java
View file

@ -93,7 +93,7 @@ public class SecureClassLoader extends ClassLoader
/**
Returns a PermissionCollection for the specified CodeSource.
The default implmentation invokes
The default implementation invokes
java.security.Policy.getPermissions.
This method is called by defineClass that takes a CodeSource

12
libjava/java/security/SecureRandom.java
View file

@ -1,4 +1,4 @@
/* SecureRandom.java --- Secure Random class implmentation
/* SecureRandom.java --- Secure Random class implementation
Copyright (C) 1999, 2001, 2002, 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@ -41,6 +41,8 @@ import java.io.Serializable;
import java.util.Random;
import java.util.Enumeration;
import gnu.java.security.Engine;
/**
* An interface to a cryptographically secure pseudo-random number
* generator (PRNG). Random (or at least unguessable) numbers are used
@ -162,7 +164,7 @@ public class SecureRandom extends Random
* the first provider that implements it.
*
* @param algorithm The algorithm name.
* @return A new SecureRandom implmenting the given algorithm.
* @return A new SecureRandom implementing the given algorithm.
* @throws NoSuchAlgorithmException If no installed provider implements
* the given algorithm.
*/
@ -191,7 +193,7 @@ public class SecureRandom extends Random
*
* @param algorithm The algorithm name.
* @param provider The provider name.
* @return A new SecureRandom implmenting the chosen algorithm.
* @return A new SecureRandom implementing the chosen algorithm.
* @throws NoSuchAlgorithmException If the named provider does not implement
* the algorithm, or if the implementation cannot be
* instantiated.
@ -234,6 +236,10 @@ public class SecureRandom extends Random
Engine.getInstance(SECURE_RANDOM, algorithm, provider),
provider);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);

2
libjava/java/security/Security.java
View file

@ -1,4 +1,4 @@
/* Security.java --- Java base security class implmentation
/* Security.java --- Java base security class implementation
Copyright (C) 1999, 2001, 2002, 2003, Free Software Foundation, Inc.
This file is part of GNU Classpath.

12
libjava/java/security/Signature.java
View file

@ -41,6 +41,8 @@ import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import gnu.java.security.Engine;
/**
* <p>This <code>Signature</code> class is used to provide applications the
* functionality of a digital signature algorithm. Digital signatures are used
@ -237,7 +239,15 @@ public abstract class Signature extends SignatureSpi
throw new IllegalArgumentException("Illegal provider");
Signature result = null;
Object o = Engine.getInstance(SIGNATURE, algorithm, provider);
Object o = null;
try
{
o = Engine.getInstance(SIGNATURE, algorithm, provider);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
if (o instanceof SignatureSpi)
{

69
libjava/java/security/cert/CRLSelector.java Normal file
View file

@ -0,0 +1,69 @@
/* CRLSelector.java -- matches CRLs against criteria.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* A generic interface to classes that match certificate revocation
* lists (CRLs) to some given criteria. Implementations of this
* interface are useful for finding {@link CRL} objects in a {@link
* CertStore}.
*
* @see CertStore
* @see CertSelector
* @see X509CRLSelector
*/
public interface CRLSelector extends Cloneable
{
/**
* Returns a clone of this instance.
*
* @return The clone.
*/
Object clone();
/**
* Match a given certificate revocation list to this selector's
* criteria, returning true if it matches, false otherwise.
*
* @param crl The certificate revocation list to test.
* @return The boolean result of this test.
*/
boolean match(CRL crl);
}

237
libjava/java/security/cert/CertPathBuilder.java Normal file
View file

@ -0,0 +1,237 @@
/* CertPathBuilder.java -- bulids CertPath objects from Certificates.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import gnu.java.security.Engine;
/**
* This class builds certificate paths (also called certificate chains),
* which can be used to establish trust for a particular certificate by
* building a path from a trusted certificate (a trust anchor) to the
* untrusted certificate.
*
* @see CertPath
*/
public class CertPathBuilder
{
// Constants and fields.
// ------------------------------------------------------------------------
/** Service name for CertPathBuilder. */
private static final String CERT_PATH_BUILDER = "CertPathBuilder";
/** The underlying implementation. */
private CertPathBuilderSpi cpbSpi;
/** The provider of this implementation. */
private Provider provider;
/** The name of this implementation. */
private String algorithm;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new CertPathBuilder.
*
* @param cpbSpi The underlying implementation.
* @param provider The provider of the implementation.
* @param algorithm This implementation's name.
*/
protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider,
String algorithm)
{
this.cpbSpi = cpbSpi;
this.provider = provider;
this.algorithm = algorithm;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Get the default cert path builder type.
*
* <p>This value can be set at run-time by the security property
* <code>"certpathbuilder.type"</code>. If this property is not set,
* then the value returned is <code>"PKIX"</code>.
*
* @return The default CertPathBuilder algorithm.
*/
public static final String getDefaultType()
{
String type = Security.getProperty("certpathbuilder.type");
if (type == null)
type = "PKIX";
return type;
}
/**
* Get an instance of a named CertPathBuilder, from the first provider
* that implements it.
*
* @param algorithm The name of the CertPathBuilder to create.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the named algorithm.
*/
public static CertPathBuilder getInstance(String algorithm)
throws NoSuchAlgorithmException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(algorithm, p[i]);
}
catch (NoSuchAlgorithmException ignored)
{
}
}
throw new NoSuchAlgorithmException(algorithm);
}
/**
* Get an instance of a named CertPathBuilder from the named
* provider.
*
* @param algorithm The name of the CertPathBuilder to create.
* @param provider The name of the provider from which to get the
* implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the named algorithm.
* @throws NoSuchProviderException If the named provider does not
* exist.
*/
public static CertPathBuilder getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if (p == null)
throw new NoSuchProviderException(provider);
return getInstance(algorithm, p);
}
/**
* Get an instance of a named CertPathBuilder from the specified
* provider.
*
* @param algorithm The name of the CertPathBuilder to create.
* @param provider The provider from which to get the implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the named algorithm.
* @throws IllegalArgumentException If <i>provider</i> in
* <tt>null</tt>.
*/
public static CertPathBuilder getInstance(String algorithm, Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertPathBuilder((CertPathBuilderSpi)
Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider),
provider, algorithm);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the name of this CertPathBuilder algorithm.
*
* @return The algorithm name.
*/
public final String getAlgorithm()
{
return algorithm;
}
/**
* Return the provider of this instance's implementation.
*
* @return The provider.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Builds a certificate path. The {@link CertPathParameters} parameter
* passed to this method is implementation-specific, but in general
* should contain some number of certificates and some number of
* trusted certificates (or "trust anchors").
*
* @param params The parameters.
* @retrun The certificate path result.
* @throws CertPathBuilderException If the certificate path cannot be
* built.
* @throws InvalidAlgorithmParameterException If the implementation
* rejects the specified parameters.
*/
public final CertPathBuilderResult build(CertPathParameters params)
throws CertPathBuilderException, InvalidAlgorithmParameterException
{
return cpbSpi.engineBuild(params);
}
}

63
libjava/java/security/cert/CertPathBuilderResult.java Normal file
View file

@ -0,0 +1,63 @@
/* CertPathBuilderResult -- results from building cert paths.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* A standard interface for the result of building a certificate path.
* All implementations of this class must provide a way to get the
* certificate path, but may also define additional methods for
* returning other result data generated by the certificate path
* builder.
*/
public interface CertPathBuilderResult extends Cloneable {
/**
* Creates a copy of this builder result.
*
* @return The copy.
*/
Object clone();
/**
* Get the certificate path that was built.
*
* @retrn The certificate path.
*/
CertPath getCertPath();
}

74
libjava/java/security/cert/CertPathBuilderSpi.java Normal file
View file

@ -0,0 +1,74 @@
/* CertPathBuilderSpi -- CertPathBuilder service provider interface.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* The {@link CertPathBuilder} <i>Service Provider Interface</i>
* (<b>SPI</b>).
*
* @see CertPathBuilder
*/
public abstract class CertPathBuilderSpi {
// Constructors.
// ------------------------------------------------------------------------
/**
* Creates a new CertPathBuilderSpi.
*/
public CertPathBuilderSpi() {
super();
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Creates a certificate path from the specified parameters.
*
* @param params The parameters to use.
* @return The certificate path result.
* @throws CertPathBuilderException If the certificate path cannot be
* built.
* @throws java.security.InvalidAlgorithmParameterException If the
* implementation rejects the specified parameters.
*/
public abstract CertPathBuilderResult engineBuild(CertPathParameters params)
throws CertPathBuilderException,
java.security.InvalidAlgorithmParameterException;
}

58
libjava/java/security/cert/CertPathParameters.java Normal file
View file

@ -0,0 +1,58 @@
/* CertPathParameters.java -- parameters for CertPathBuilder.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Parameters for generating and validating certificate paths. This
* class does not define any methods (except a required cloneable
* interface) and is provided only to provide type safety for
* implementations. Concrete implementations implement this interface
* in accord with thier own needs.
*
* @see CertPathBuilder
* @see CertPathValidator
*/
public interface CertPathParameters extends Cloneable {
/**
* Makes a copy of this CertPathParameters instance.
*
* @return The copy.
*/
Object clone();
}

248
libjava/java/security/cert/CertPathValidator.java Normal file
View file

@ -0,0 +1,248 @@
/* CertPathValidator -- validates certificate paths.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import gnu.java.security.Engine;
/**
* Generic interface to classes that validate certificate paths.
*
* <p>Using this class is similar to all the provider-based security
* classes; the method of interest, {@link
* #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
* which takes provider-specific implementations of {@link
* CertPathParameters}, and return provider-specific implementations of
* {@link CertPathValidatorResult}.
*
* @since JDK 1.4
* @see CertPath
*/
public class CertPathValidator {
// Constants and fields.
// ------------------------------------------------------------------------
/** Service name for CertPathValidator. */
private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
/** The underlying implementation. */
private final CertPathValidatorSpi validatorSpi;
/** The provider of this implementation. */
private final Provider provider;
/** The algorithm's name. */
private final String algorithm;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new CertPathValidator.
*
* @param validatorSpi The underlying implementation.
* @param provider The provider of the implementation.
* @param algorithm The algorithm name.
*/
protected CertPathValidator(CertPathValidatorSpi validatorSpi,
Provider provider, String algorithm)
{
this.validatorSpi = validatorSpi;
this.provider = provider;
this.algorithm = algorithm;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Returns the default validator type.
*
* <p>This value may be set at run-time via the security property
* "certpathvalidator.type", or the value "PKIX" if this property is
* not set.
*
* @return The default validator type.
*/
public static synchronized String getDefaultType() {
String type = (String) AccessController.doPrivileged(
new PrivilegedAction()
{
public Object run()
{
return Security.getProperty("certpathvalidator.type");
}
}
);
if (type == null)
type = "PKIX";
return type;
}
/**
* Get an instance of the given validator from the first provider that
* implements it.
*
* @param algorithm The name of the algorithm to get.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the requested algorithm.
*/
public static CertPathValidator getInstance(String algorithm)
throws NoSuchAlgorithmException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(algorithm, p[i]);
}
catch (NoSuchAlgorithmException ignored)
{
}
}
throw new NoSuchAlgorithmException(algorithm);
}
/**
* Get an instance of the given validator from the named provider.
*
* @param algorithm The name of the algorithm to get.
* @param provider The name of the provider from which to get the
* implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If the named provider does not
* implement the algorithm.
* @throws NoSuchProviderException If no provider named
* <i>provider</i> is installed.
*/
public static CertPathValidator getInstance(String algorithm,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if (p == null)
throw new NoSuchProviderException(provider);
return getInstance(algorithm, p);
}
/**
* Get an instance of the given validator from the given provider.
*
* @param algorithm The name of the algorithm to get.
* @param provider The provider from which to get the implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If the provider does not implement
* the algorithm.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertPathValidator getInstance(String algorithm,
Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertPathValidator((CertPathValidatorSpi)
Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider),
provider, algorithm);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the name of this validator.
*
* @return This validator's name.
*/
public final String getAlgorithm()
{
return algorithm;
}
/**
* Return the provider of this implementation.
*
* @return The provider.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Attempt to validate a certificate path.
*
* @param certPath The path to validate.
* @param params The algorithm-specific parameters.
* @return The result of this validation attempt.
* @throws CertPathValidatorException If the certificate path cannot
* be validated.
* @throws InvalidAlgorithmParameterException If this implementation
* rejects the specified parameters.
*/
public final CertPathValidatorResult validate(CertPath certPath,
CertPathParameters params)
throws CertPathValidatorException, InvalidAlgorithmParameterException
{
return validatorSpi.engineValidate(certPath, params);
}
}

63
libjava/java/security/cert/CertPathValidatorResult.java Normal file
View file

@ -0,0 +1,63 @@
/* CertPathValidatorResult -- result of validating certificate paths
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Interface to the result of calling {@link
* CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}.
*
* <p>This interface defines no methods other than the required
* {@link java.lang.Cloneable} interface, and is intended to group and
* provide type safety for validator results. Providers that implement
* a certificate path validator must also provide an implementation of
* this interface, possibly defining additional methods.
*
* @since JDK 1.4
* @see CertPathValidator
*/
public interface CertPathValidatorResult extends Cloneable
{
/**
* Returns a copy of this validator result.
*
* @return The copy.
*/
Object clone();
}

79
libjava/java/security/cert/CertPathValidatorSpi.java Normal file
View file

@ -0,0 +1,79 @@
/* CertPathValidatorSpi -- cert path validator service provider interface
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* The <i>service provider interface</i> (<b>SPI</b>) for the {@link
* CertPathValidator} class. Providers implementing certificate path
* validators must subclass this class and implement its abstract
* methods.
*/
public abstract class CertPathValidatorSpi
{
// Constructor.
// ------------------------------------------------------------------------
/**
* Default constructor.
*/
public CertPathValidatorSpi()
{
super();
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Attempt to validate a certificate path.
*
* @param certPath The path to validate.
* @param params The algorithm-specific parameters.
* @return The result of this validation attempt.
* @throws CertPathValidatorException If the certificate path cannot
* be validated.
* @throws InvalidAlgorithmParameterException If this implementation
* rejects the specified parameters.
*/
public abstract CertPathValidatorResult
engineValidate(CertPath certPath, CertPathParameters params)
throws CertPathValidatorException,
java.security.InvalidAlgorithmParameterException;
}

58
libjava/java/security/cert/CertSelector.java Normal file
View file

@ -0,0 +1,58 @@
/* CertSelector.java -- certificate selector interface.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
public interface CertSelector extends Cloneable
{
/**
* Returns a copy of this CertSelector.
*
* @return The copy.
*/
Object clone();
/**
* Match a certificate according to this selector's criteria.
*
* @param cert The certificate to match.
* @return true if the certificate matches thin criteria.
*/
boolean match(Certificate cert);
}

295
libjava/java/security/cert/CertStore.java Normal file
View file

@ -0,0 +1,295 @@
/* CertStore -- stores and retrieves certificates.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
import gnu.java.security.Engine;
/**
* A CertStore is a read-only repository for certificates and
* certificate revocation lists.
*
* @since JDK 1.4
*/
public class CertStore
{
// Constants and fields.
// ------------------------------------------------------------------------
/** Service name for CertStore. */
private static final String CERT_STORE = "CertStore";
/** The underlying implementation. */
private CertStoreSpi storeSpi;
/** This implementation's provider. */
private Provider provider;
/** The name of this key store type. */
private String type;
/** The parameters used to initialize this instance, if any. */
private CertStoreParameters params;
// Constructor.
// ------------------------------------------------------------------------
/**
* Create a new CertStore.
*
* @param storeSpi The underlying implementation.
* @param provider The provider of this implementation.
* @param type The type of CertStore this class represents.
* @param params The parameters used to initialize this instance, if any.
*/
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type,
CertStoreParameters params)
{
this.storeSpi = storeSpi;
this.provider = provider;
this.type = type;
this.params = params;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Returns the default certificate store type.
*
* <p>This value can be set at run-time via the security property
* "certstore.type"; if not specified than the default type will be
* "LDAP".
*
* @return The default CertStore type.
*/
public static final synchronized String getDefaultType()
{
String type = null;
type = (String) java.security.AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
return Security.getProperty("certstore.type");
}
}
);
if (type == null)
type = "LDAP";
return type;
}
/**
* Get an instance of the given certificate store from the first
* installed provider.
*
* @param type The type of CertStore to create.
* @param params The parameters to initialize this cert store with.
* @return The new instance.
* @throws InvalidAlgorithmParameterException If the instance rejects
* the specified parameters.
* @throws NoSuchAlgorithmException If no installed provider
* implements the specified CertStore.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertStore getInstance(String type, CertStoreParameters params)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(type, params, p[i]);
}
catch (NoSuchAlgorithmException ignored)
{
}
}
throw new NoSuchAlgorithmException(type);
}
/**
* Get an instance of the given certificate store from the named
* provider.
*
* @param type The type of CertStore to create.
* @param params The parameters to initialize this cert store with.
* @param provider The name of the provider from which to get the
* implementation.
* @return The new instance.
* @throws InvalidAlgorithmParameterException If the instance rejects
* the specified parameters.
* @throws NoSuchAlgorithmException If the specified provider does not
* implement the specified CertStore.
* @throws NoSuchProviderException If no provider named
* <i>provider</i> is installed.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertStore getInstance(String type, CertStoreParameters params,
String provider)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if (p == null)
throw new NoSuchProviderException(provider);
return getInstance(type, params, p);
}
/**
* Get an instance of the given certificate store from the given
* provider.
*
* @param type The type of CertStore to create.
* @param params The parameters to initialize this cert store with.
* @param provider The provider from which to get the implementation.
* @return The new instance.
* @throws InvalidAlgorithmParameterException If the instance rejects
* the specified parameters.
* @throws NoSuchAlgorithmException If the specified provider does not
* implement the specified CertStore.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertStore getInstance(String type, CertStoreParameters params,
Provider provider)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertStore((CertStoreSpi) Engine.getInstance(CERT_STORE,
type, provider, new Object[] { params }), provider, type, params);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(type);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
Throwable cause = ite.getCause();
if (cause != null &&
(cause instanceof InvalidAlgorithmParameterException))
throw (InvalidAlgorithmParameterException) cause;
else
throw new NoSuchAlgorithmException(type);
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the type of certificate store this instance represents.
*
* @return The CertStore type.
*/
public final String getType()
{
return type;
}
/**
* Return the provider of this implementation.
*
* @return The provider.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Get the parameters this instance was created with, if any. The
* parameters will be cloned before they are returned.
*
* @return The parameters, or null.
*/
public final CertStoreParameters getCertStoreParameters()
{
return params != null ? (CertStoreParameters) params.clone() : null;
}
/**
* Get a collection of certificates from this CertStore, optionally
* filtered by the specified CertSelector. The Collection returned may
* be empty, but will never be null.
*
* <p>Implementations may not allow a null argument, even if no
* filtering is desired.
*
* @param selector The certificate selector.
* @return The collection of certificates.
* @throws CertStoreException If the certificates cannot be retrieved.
*/
public final Collection getCertificates(CertSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCertificates(selector);
}
/**
* Get a collection of certificate revocation lists from this CertStore,
* optionally filtered by the specified CRLSelector. The Collection
* returned may be empty, but will never be null.
*
* <p>Implementations may not allow a null argument, even if no
* filtering is desired.
*
* @param selector The certificate selector.
* @return The collection of certificate revocation lists.
* @throws CertStoreException If the CRLs cannot be retrieved.
*/
public final Collection getCRLs(CRLSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCRLs(selector);
}
}

60
libjava/java/security/cert/CertStoreParameters.java Normal file
View file

@ -0,0 +1,60 @@
/* CertStoreParameters -- interface to CertStore parameters.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Parameters used when creating instances of {@link CertStore}. This
* class does not define any methods (except a required cloneable
* interface) and is provided only to provide type safety for
* implementations. Concrete implementations implement this interface
* in accord with thier own needs.
*
* @see LDAPCertStoreParameters
* @see CollectionCertStoreParameters
*/
public interface CertStoreParameters extends Cloneable
{
/**
* Create a copy of these parameters.
*
* @return The copy.
*/
Object clone();
}

102
libjava/java/security/cert/CertStoreSpi.java Normal file
View file

@ -0,0 +1,102 @@
/* CertStoreSpi -- certificate store service provider interface.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.Collection;
/**
* The <i>service provider interface</i> (<b>SPI</b>) for the {@link
* CertStore} class.
*
* <p>Providers wishing to implement a CertStore must subclass this
* class, implementing all the abstract methods. Providers may also
* implement the {@link CertStoreParameters} interface, if they require
* parameters.
*
* @since JDK 1.4
* @see CertStore
* @see CollectionCertStoreParameters
* @see LDAPCertStoreParameters
*/
public abstract class CertStoreSpi
{
// Constructors.
// ------------------------------------------------------------------------
/**
* Creates a new CertStoreSpi.
*
* @param params The parameters to initialize this instance with, or
* null if no parameters are required.
* @throws InvalidAlgorithmParameterException If the specified
* parameters are inappropriate for this class.
*/
public CertStoreSpi(CertStoreParameters params)
throws java.security.InvalidAlgorithmParameterException
{
super();
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Get the certificates from this store, filtering them through the
* specified CertSelector.
*
* @param selector The CertSelector to filter certificates.
* @return A (non-null) collection of certificates.
* @throws CertStoreException If the certificates cannot be retrieved.
*/
public abstract Collection engineGetCertificates(CertSelector selector)
throws CertStoreException;
/**
* Get the certificate revocation list from this store, filtering them
* through the specified CRLSelector.
*
* @param selector The CRLSelector to filter certificate revocation
* lists.
* @return A (non-null) collection of certificate revocation list.
* @throws CertStoreException If the CRLs cannot be retrieved.
*/
public abstract Collection engineGetCRLs(CRLSelector selector)
throws CertStoreException;
}

145
libjava/java/security/cert/Certificate.java
View file

@ -1,5 +1,5 @@
/* Certificate.java --- Certificate class
Copyright (C) 1999 Free Software Foundation, Inc.
Copyright (C) 1999,2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@ -37,6 +37,7 @@ exception statement from your version. */
package java.security.cert;
import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
@ -44,34 +45,38 @@ import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.io.ObjectInputStream;
import java.io.ByteArrayInputStream;
import java.io.InvalidObjectException;
import java.io.ObjectStreamException;
/**
The Certificate class is an abstract class used to manage
identity certificates. An identity certificate is a
combination of a principal and a public key which is
certified by another principal. This is the puprose of
Certificate Authorities (CA).
This class is used to manage different types of certificates
but have important common puposes. Different types of
certificates like X.509 and OpenPGP share general certificate
functions (like encoding and verifying) and information like
public keys.
X.509, OpenPGP, and SDSI can be implemented by subclassing this
class even though they differ in storage methods and information
stored.
@since JDK 1.2
@author Mark Benvenuto
*/
* The Certificate class is an abstract class used to manage
* identity certificates. An identity certificate is a
* combination of a principal and a public key which is
* certified by another principal. This is the puprose of
* Certificate Authorities (CA).
*
* <p>This class is used to manage different types of certificates
* but have important common puposes. Different types of
* certificates like X.509 and OpenPGP share general certificate
* functions (like encoding and verifying) and information like
* public keys.
*
* <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this
* class even though they differ in storage methods and information
* stored.
*
* @see CertificateFactory
* @see X509Certificate
* @since JDK 1.2
* @author Mark Benvenuto
* @author Casey Marshall
*/
public abstract class Certificate
{
static final long serialVersionUID = -6751606818319535583L;
private String type;
/**
Constructs a new certificate of the specified type. An example
is "X.509".
@ -203,47 +208,99 @@ public abstract class Certificate
*/
public abstract PublicKey getPublicKey();
// Protected methods.
// ------------------------------------------------------------------------
/**
* Returns a replacement for this certificate to be serialized. This
* method returns the equivalent to the following for this class:
*
* <blockquote>
* <pre>new CertificateRep(getType(), getEncoded());</pre>
* </blockquote>
*
* <p>This thusly replaces the certificate with its name and its
* encoded form, which can be deserialized later with the {@link
* CertificateFactory} implementation for this certificate's type.
*
* @return The replacement object to be serialized.
* @throws ObjectStreamException If the replacement could not be
* created.
*/
public Object writeReplace() throws ObjectStreamException
{
try
{
return new CertificateRep(getType(), getEncoded());
}
catch (CertificateEncodingException cee)
{
throw new InvalidObjectException(cee.toString());
}
}
// Inner class.
// ------------------------------------------------------------------------
/* INNER CLASS */
/**
Certificate.CertificateRep is an inner class used to provide an alternate
storage mechanism for serialized Certificates.
*/
protected static class CertificateRep implements java.io.Serializable
{
/** From JDK1.4. */
private static final long serialVersionUID = -8563758940495660020L;
/** The certificate type, e.g. "X.509". */
private String type;
/** The encoded certificate data. */
private byte[] data;
/**
Create an alternate Certificate class to store a serialized Certificate
@param type the name of certificate type
@param data the certificate data
*/
protected CertificateRep(String type,
byte[] data)
* Create an alternative representation of this certificate. The
* <code>(type, data)</code> pair is typically the certificate's
* type as returned by {@link Certificate#getType()} (i.e. the
* canonical name of the certificate type) and the encoded form as
* returned by {@link Certificate#getEncoded()}.
*
* <p>For example, X.509 certificates would create an instance of
* this class with the parameters "X.509" and the ASN.1
* representation of the certificate, encoded as DER bytes.
*
* @param type The certificate type.
* @param data The encoded certificate data.
*/
protected CertificateRep(String type, byte[] data)
{
this.type = type;
this.data = data;
}
/**
Return the stored Certificate
@return the stored certificate
@throws ObjectStreamException if certificate cannot be resolved
*/
protected Object readResolve()
throws ObjectStreamException
* Deserialize this certificate replacement into the appropriate
* certificate object. That is, this method attempts to create a
* {@link CertificateFactory} for this certificate's type, then
* attempts to parse the encoded data with that factory, returning
* the resulting certificate.
*
* @return The deserialized certificate.
* @throws ObjectStreamException If there is no appropriate
* certificate factory for the given type, or if the encoded form
* cannot be parsed.
*/
protected Object readResolve() throws ObjectStreamException
{
try {
return new ObjectInputStream( new ByteArrayInputStream( data ) ).readObject();
} catch ( Exception e ) {
e.printStackTrace();
throw new RuntimeException ( e.toString() );
}
try
{
CertificateFactory fact = CertificateFactory.getInstance(type);
return fact.generateCertificate(new ByteArrayInputStream(data));
}
catch (Exception e)
{
throw new InvalidObjectException(e.toString());
}
}
}
}

390
libjava/java/security/cert/CertificateFactory.java
View file

@ -1,5 +1,5 @@
/* CertificateFactory.java -- Certificate Factory Class
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
Copyright (C) 1999, 2002, 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@ -37,239 +37,323 @@ exception statement from your version. */
package java.security.cert;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.io.InputStream;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import gnu.java.security.Engine;
/**
This class implments the CertificateFactory class interface
used to generate certificates and certificate revocation
list (CRL) objects from their encodings.
A certifcate factory for X.509 returns certificates of the
java.security.cert.X509Certificate class, and CRLs of the
java.security.cert.X509CRL class.
@author Mark Benvenuto
@since JDK 1.2
@status still missing full 1.4 support
*/
* This class implements the CertificateFactory class interface used to
* generate certificates, certificate revocation lists (CRLs), and certificate
* paths objects from their encoded forms.
*
* @author Mark Benvenuto
* @author Casey Marshall
* @since JDK 1.2
* @status Fully compatible with JDK 1.4.
*/
public class CertificateFactory
{
/** The service name for certificate factories. */
private static final String CERTIFICATE_FACTORY = "CertificateFactory";
private CertificateFactorySpi certFacSpi;
private Provider provider;
private String type;
/**
Creates an instance of CertificateFactory
@param certFacSpi A CertificateFactory engine to use
@param provider A provider to use
@param type The type of Certificate
*/
protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type)
* Creates an instance of CertificateFactory.
*
* @param certFacSpi The underlying CertificateFactory engine.
* @param provider The provider of this implementation.
* @param type The type of Certificate this factory creates.
*/
protected CertificateFactory(CertificateFactorySpi certFacSpi,
Provider provider, String type)
{
this.certFacSpi = certFacSpi;
this.provider = provider;
this.type = type;
}
// Class methods.
// ------------------------------------------------------------------------
/**
Gets an instance of the CertificateFactory class representing
the specified certificate factory. If the type is not
found then, it throws CertificateException.
@param type the type of certificate to choose
@return a CertificateFactory repesenting the desired type
@throws CertificateException if the type of certificate is not implemented by providers
*/
public static final CertificateFactory getInstance(String type) throws CertificateException
* Gets an instance of the CertificateFactory class representing
* the specified certificate factory. If the type is not
* found then, it throws CertificateException.
*
* @param type The type of certificate factory to create.
* @return a CertificateFactory repesenting the desired type
* @throws CertificateException If the type of certificate is not
* implemented by any installed provider.
*/
public static final CertificateFactory getInstance(String type)
throws CertificateException
{
Provider[] p = Security.getProviders ();
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
String classname = p[i].getProperty ("CertificateFactory." + type);
if (classname != null)
return getInstance (classname, type, p[i]);
try
{
return getInstance(type, p[i]);
}
catch (CertificateException ignored)
{
}
}
throw new CertificateException(type);
}
/**
Gets an instance of the CertificateFactory class representing
the specified certificate factory from the specified provider.
If the type is not found then, it throws CertificateException.
If the provider is not found, then it throws
NoSuchProviderException.
@param type the type of certificate to choose
@return a CertificateFactory repesenting the desired type
@throws CertificateException if the type of certificate is not implemented by providers
@throws NoSuchProviderException if the provider is not found
*/
public static final CertificateFactory getInstance(String type, String provider)
* Gets an instance of the CertificateFactory class representing
* the specified certificate factory from the specified provider.
* If the type is not found then, it throws {@link CertificateException}.
* If the provider is not found, then it throws
* {@link java.security.NoSuchProviderException}.
*
* @param type The type of certificate factory to create.
* @param provider The name of the provider from which to get the
* implementation.
* @return A CertificateFactory for the desired type.
* @throws CertificateException If the type of certificate is not
* implemented by the named provider.
* @throws NoSuchProviderException If the named provider is not installed.
*/
public static final CertificateFactory getInstance(String type,
String provider)
throws CertificateException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if( p == null)
throw new NoSuchProviderException();
return getInstance (p.getProperty ("CertificateFactory." + type),
type, p);
return getInstance(type, p);
}
private static CertificateFactory getInstance (String classname,
String type,
Provider provider)
throws CertificateException
{
try {
return new CertificateFactory( (CertificateFactorySpi)Class.forName( classname ).newInstance(), provider, type );
} catch( ClassNotFoundException cnfe) {
throw new CertificateException("Class not found");
} catch( InstantiationException ie) {
throw new CertificateException("Class instantiation failed");
} catch( IllegalAccessException iae) {
throw new CertificateException("Illegal Access");
}
}
/**
Gets the provider that the class is from.
* Get a certificate factory for the given certificate type from the
* given provider.
*
* @param type The type of certificate factory to create.
* @param provider The provider from which to get the implementation.
* @return A CertificateFactory for the desired type.
* @throws CertificateException If the type of certificate is not
* implemented by the provider.
* @throws IllegalArgumentException If the provider is null.
*/
public static final CertificateFactory getInstance(String type,
Provider provider)
throws CertificateException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
@return the provider of this class
*/
try
{
return new CertificateFactory((CertificateFactorySpi)
Engine.getInstance(CERTIFICATE_FACTORY, type, provider),
provider, type);
}
catch (ClassCastException cce)
{
throw new CertificateException(type);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new CertificateException(type);
}
catch (NoSuchAlgorithmException nsae)
{
throw new CertificateException(nsae.getMessage());
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Gets the provider of this implementation.
*
* @return The provider of this implementation.
*/
public final Provider getProvider()
{
return provider;
}
/**
Returns the type of the certificate supported
@return A string with the type of certificate
*/
* Returns the type of the certificate this factory creates.
*
* @return A string with the type of certificate
*/
public final String getType()
{
return type;
}
/**
Generates a Certificate based on the encoded data read
from the InputStream.
The input stream must contain only one certificate.
If there exists a specialized certificate class for the
certificate format handled by the certificate factory
then the return Ceritificate should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509Certificate.
For X.509 certificates, the certificate in inStream must be
DER encoded and supplied in binary or printable (Base64)
encoding. If the certificate is in Base64 encoding, it must be
bounded by -----BEGINCERTIFICATE-----, and
-----END CERTIFICATE-----.
@param inStream an input stream containing the certificate data
@return a certificate initialized with InputStream data.
@throws CertificateException Certificate parsing error
*/
* Generates a Certificate from the encoded data read
* from an InputStream.
*
* <p>The input stream must contain only one certificate.
*
* <p>If there exists a specialized certificate class for the
* certificate format handled by the certificate factory
* then the return Ceritificate should be a typecast of it.
* Ex: A X.509 CertificateFactory should return X509Certificate.
*
* <p>For X.509 certificates, the certificate in inStream must be
* DER encoded and supplied in binary or printable (Base64)
* encoding. If the certificate is in Base64 encoding, it must be
* bounded by -----BEGINCERTIFICATE-----, and
* -----END CERTIFICATE-----.
*
* @param inStream An input stream containing the certificate data.
* @return A certificate initialized from the decoded InputStream data.
* @throws CertificateException If an error occurs decoding the
* certificate.
*/
public final Certificate generateCertificate(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertificate( inStream );
return certFacSpi.engineGenerateCertificate(inStream);
}
/**
Returns a collection of certificates that were read from the
input stream. It may be empty, have only one, or have
multiple certificates.
For a X.509 certificate factory, the stream may contain a
single DER encoded certificate or a PKCS#7 certificate
chain. This is a PKCS#7 <I>SignedData</I> object with the
most significant field being <I>certificates</I>. If no
CRLs are present, then an empty collection is returned.
@param inStream an input stream containing the certificates
@return a collection of certificates initialized with
the InputStream data.
@throws CertificateException Certificate parsing error
*/
* Returns a collection of certificates that were read from the
* input stream. It may be empty, have only one, or have
* multiple certificates.
*
* For a X.509 certificate factory, the stream may contain a
* single DER encoded certificate or a PKCS#7 certificate
* chain. This is a PKCS#7 <I>SignedData</I> object with the
* most significant field being <I>certificates</I>. If no
* CRLs are present, then an empty collection is returned.
*
* @param inStream An input stream containing the certificate data.
* @return A collection of certificates initialized from the decoded
* InputStream data.
* @throws CertificateException If an error occurs decoding the
* certificates.
*/
public final Collection generateCertificates(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertificates( inStream );
return certFacSpi.engineGenerateCertificates(inStream);
}
/**
Generates a CRL based on the encoded data read
from the InputStream.
The input stream must contain only one CRL.
If there exists a specialized CRL class for the
CRL format handled by the certificate factory
then the return CRL should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509CRL.
@param inStream an input stream containing the CRL data
@return a CRL initialized with InputStream data.
@throws CRLException CRL parsing error
*/
* Generates a CRL based on the encoded data read
* from the InputStream.
*
* <p>The input stream must contain only one CRL.
*
* <p>If there exists a specialized CRL class for the
* CRL format handled by the certificate factory
* then the return CRL should be a typecast of it.
* Ex: A X.509 CertificateFactory should return X509CRL.
*
* @param inStream An input stream containing the CRL data.
* @return A CRL initialized from the decoded InputStream data.
* @throws CRLException If an error occurs decoding the CRL.
*/
public final CRL generateCRL(InputStream inStream)
throws CRLException
{
return certFacSpi.engineGenerateCRL( inStream );
return certFacSpi.engineGenerateCRL(inStream);
}
/**
Generates CRLs based on the encoded data read
from the InputStream.
For a X.509 certificate factory, the stream may contain a
single DER encoded CRL or a PKCS#7 CRL set. This is a
PKCS#7 <I>SignedData</I> object with the most significant
field being <I>crls</I>. If no CRLs are present, then an
empty collection is returned.
@param inStream an input stream containing the CRLs
@return a collection of CRLs initialized with
the InputStream data.
@throws CRLException CRL parsing error
*/
* <p>Generates CRLs based on the encoded data read
* from the InputStream.
*
* <p>For a X.509 certificate factory, the stream may contain a
* single DER encoded CRL or a PKCS#7 CRL set. This is a
* PKCS#7 <I>SignedData</I> object with the most significant
* field being <I>crls</I>. If no CRLs are present, then an
* empty collection is returned.
*
* @param inStream an input stream containing the CRLs.
* @return a collection of CRLs initialized from the decoded
* InputStream data.
* @throws CRLException If an error occurs decoding the CRLs.
*/
public final Collection generateCRLs(InputStream inStream)
throws CRLException
{
return certFacSpi.engineGenerateCRLs( inStream );
}
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream. The default encoding of this factory is used.
*
* @param inStream The InputStream containing the CertPath data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public final CertPath generateCertPath(InputStream inStream)
throws CertificateException
{
throw new CertificateException("not implemented");
return certFacSpi.engineGenerateCertPath(inStream);
}
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream, using the specified encoding.
*
* @param inStream The InputStream containing the CertPath data.
* @param encoding The encoding of the InputStream data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public final CertPath generateCertPath(InputStream inStream, String encoding)
throws CertificateException
{
return certFacSpi.engineGenerateCertPath(inStream, encoding);
}
/**
* Generate a {@link CertPath} and initialize it with the certificates
* in the {@link java.util.List} argument.
*
* @param certificates The list of certificates with which to create
* the CertPath.
* @return A CertPath initialized from the certificates.
* @throws CertificateException If an error occurs generating the
* CertPath.
*/
public final CertPath generateCertPath(List certificates)
throws CertificateException
{
return certFacSpi.engineGenerateCertPath(certificates);
}
/**
* Returns an Iterator of CertPath encodings supported by this
* factory, with the default encoding first. The returned Iterator
* cannot be modified.
*
* @return The Iterator of supported encodings.
*/
public final Iterator getCertPathEncodings()
{
return certFacSpi.engineGetCertPathEncodings();
}
} // class CertificateFactory

84
libjava/java/security/cert/CertificateFactorySpi.java
View file

@ -1,5 +1,5 @@
/* CertificateFactorySpi.java --- Certificate Factory Class
Copyright (C) 1999 Free Software Foundation, Inc.
Copyright (C) 1999,2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@ -37,13 +37,17 @@ exception statement from your version. */
package java.security.cert;
import java.io.InputStream;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
/**
CertificateFactorySpi is the abstract class Service Provider
Interface (SPI) for the CertificateFactory class. A provider
must implment all the abstract methods if they wish to
must implement all the abstract methods if they wish to
supply a certificate factory for a particular certificate
type. Ex: X.509
@ -53,16 +57,22 @@ import java.util.Collection;
@since JDK 1.2
@author Mark Benvenuto
*/
*/
public abstract class CertificateFactorySpi
{
// Constructor.
// ------------------------------------------------------------------------
/**
Constructs a new CertificateFactorySpi
*/
* Constructs a new CertificateFactorySpi
*/
public CertificateFactorySpi()
{}
// Abstract methods.
// ------------------------------------------------------------------------
/**
Generates a Certificate based on the encoded data read
from the InputStream.
@ -77,7 +87,7 @@ public abstract class CertificateFactorySpi
For X.509 certificates, the certificate in inStream must be
DER encoded and supplied in binary or printable (Base64)
encoding. If the certificate is in Base64 encoding, it must be
bounded by -----BEGINCERTIFICATE-----, and
bounded by -----BEGIN CERTIFICATE-----, and
-----END CERTIFICATE-----.
@param inStream an input stream containing the certificate data
@ -149,5 +159,67 @@ public abstract class CertificateFactorySpi
*/
public abstract Collection engineGenerateCRLs(InputStream inStream)
throws CRLException;
// 1.4 instance methods.
// ------------------------------------------------------------------------
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream. The default encoding of this factory is used.
*
* @param inStream The InputStream containing the CertPath data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public CertPath engineGenerateCertPath(InputStream inStream)
throws CertificateException
{
throw new UnsupportedOperationException("not implemented");
}
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream, using the specified encoding.
*
* @param inStream The InputStream containing the CertPath data.
* @param encoding The encoding of the InputStream data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public CertPath engineGenerateCertPath(InputStream inStream, String encoding)
throws CertificateException
{
throw new UnsupportedOperationException("not implemented");
}
/**
* Generate a {@link CertPath} and initialize it with the certificates
* in the {@link java.util.List} argument.
*
* @param certificates The list of certificates with which to create
* the CertPath.
* @return A CertPath initialized from the certificates.
* @throws CertificateException If an error occurs generating the
* CertPath.
*/
public CertPath engineGenerateCertPath(List certificates)
throws CertificateException
{
throw new UnsupportedOperationException("not implemented");
}
/**
* Returns an Iterator of CertPath encodings supported by this
* factory, with the default encoding first. The returned Iterator
* cannot be modified.
*
* @return The Iterator of supported encodings.
*/
public Iterator engineGetCertPathEncodings()
{
throw new UnsupportedOperationException("not implemented");
}
}

121
libjava/java/security/cert/CollectionCertStoreParameters.java Normal file
View file

@ -0,0 +1,121 @@
/* CollectionCertStoreParameters -- collection-based cert store parameters
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
/**
* An implementation of {@link CertStoreParameters} with a simple,
* in-memory {@link Collection} of certificates and certificate
* revocation list.
*
* <p>Note that this class is not thread-safe, and its underlying
* collection may be changed at any time.
*
* @see CertStore
*/
public class CollectionCertStoreParameters implements CertStoreParameters
{
// Constants and fields.
// ------------------------------------------------------------------------
/** The underlying collection. */
private final Collection collection;
// Constructors.
// ------------------------------------------------------------------------
/**
* Creates a new CollectionCertStoreParameters with an empty,
* immutable collection.
*/
public CollectionCertStoreParameters()
{
this(Collections.EMPTY_LIST);
}
/**
* Create a new CollectionCertStoreParameters with the specified
* collection. The argument is not copied, and subsequent changes to
* the collection will change this class's collection.
*
* @param collection The collection.
* @throws NullPointerException If <i>collection</i> is null.
*/
public CollectionCertStoreParameters(Collection collection)
{
if (collection == null)
throw new NullPointerException();
this.collection = collection;
}
// Instance methods.
// ------------------------------------------------------------------------
public Object clone()
{
return new CollectionCertStoreParameters(new ArrayList(collection));
}
/**
* Return the underlying collection. The collection is not copied
* before being returned, so callers may update the collection that is
* returned.
*
* @return The collection.
*/
public Collection getCollection()
{
return collection;
}
/**
* Return a string representation of these parameters.
*
* @return The string representation of these parameters.
*/
public String toString()
{
return "CollectionCertStoreParameters: [ collection: "
+ collection + " ]";
}
}

140
libjava/java/security/cert/LDAPCertStoreParameters.java Normal file
View file

@ -0,0 +1,140 @@
/* LDAPCertStoreParameters.java -- LDAP CertStore parameters.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Parameters for CertStores that are retrieved via the <i>lightweight
* directory access protocol</i> (<b>LDAP</b>).
*
* @see CertStore
*/
public class LDAPCertStoreParameters implements CertStoreParameters
{
// Constants and fields.
// ------------------------------------------------------------------------
/** The default LDAP port. */
private static final int LDAP_PORT = 389;
/** The server name. */
private final String serverName;
/** The LDAP port. */
private final int port;
// Constructors.
// ------------------------------------------------------------------------
/**
* Create a new LDAPCertStoreParameters object, with a servername of
* "localhost" and a port of 389.
*/
public LDAPCertStoreParameters()
{
this("localhost", LDAP_PORT);
}
/**
* Create a new LDAPCertStoreParameters object, with a specified
* server name and a port of 389.
*
* @param serverName The LDAP server name.
* @throws NullPointerException If <i>serverName</i> is null.
*/
public LDAPCertStoreParameters(String serverName)
{
this(serverName, LDAP_PORT);
}
/**
* Create a new LDAPCertStoreParameters object, with a specified
* server name and port.
*
* @param serverName The LDAP server name.
* @param port The LDAP port.
* @throws NullPointerException If <i>serverName</i> is null.
*/
public LDAPCertStoreParameters(String serverName, int port)
{
if (serverName == null)
throw new NullPointerException();
this.serverName = serverName;
this.port = port;
}
// Instance methods.
// ------------------------------------------------------------------------
public Object clone()
{
return new LDAPCertStoreParameters(serverName, port);
}
/**
* Return the server name.
*
* @return The server name.
*/
public String getServerName()
{
return serverName;
}
/**
* Return the port.
*
* @return the port.
*/
public int getPort()
{
return port;
}
/**
* Return a string representation of these parameters.
*
* @return The string representation of these parameters.
*/
public String toString()
{
return "LDAPCertStoreParameters: [ serverName: " + serverName
+ "; port: " + port + " ]";
}
}

145
libjava/java/security/cert/PKIXBuilderParameters.java Normal file
View file

@ -0,0 +1,145 @@
/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Set;
/**
* Parameters for building certificate paths using the PKIX algorithm.
*
* @see CertPathBuilder
*/
public class PKIXBuilderParameters extends PKIXParameters
{
// Fields.
// ------------------------------------------------------------------------
/** The maximum path length. */
private int maxPathLength;
// Constructors.
// ------------------------------------------------------------------------
/**
* Create a new PKIXBuilderParameters object, populating the trusted
* certificates set with all X.509 certificates found in the given key
* store. All certificates found in the key store are assumed to be
* trusted by this constructor.
*
* @param keystore The key store.
* @param targetConstraints The target certificate constraints.
* @throws KeyStoreException If the certificates cannot be retrieved
* from the key store.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the key store.
* @throws NullPointerException If <i>keystore</i> is null.
*/
public PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints)
throws KeyStoreException, InvalidAlgorithmParameterException
{
super(keystore);
setTargetCertConstraints(targetConstraints);
maxPathLength = 5;
}
/**
* Create a new PKIXBuilderParameters object, populating the trusted
* certificates set with the elements of the given set, each of which
* must be a {@link TrustAnchor}.
*
* @param trustAnchors The set of trust anchors.
* @param targetConstraints The target certificate constraints.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the set.
* @throws NullPointerException If <i>trustAnchors</i> is null.
* @throws ClassCastException If every element in <i>trustAnchors</i>
* is not a {@link TrustAnchor}.
*/
public PKIXBuilderParameters(Set trustAnchors, CertSelector targetConstraints)
throws InvalidAlgorithmParameterException
{
super(trustAnchors);
setTargetCertConstraints(targetConstraints);
maxPathLength = 5;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the maximum length of certificate paths to build.
*
* <p>If this value is 0 it is taken to mean that the certificate path
* should contain only one certificate. A value of -1 means that the
* certificate path length is unconstrained. The default value is 5.
*
* @return The maximum path length.
*/
public int getMaxPathLength()
{
return maxPathLength;
}
/**
* Sets the maximum length of certificate paths to build.
*
* @param maxPathLength The new path length.
* @throws IllegalArgumentException If <i>maxPathLength</i> is less
* than -1.
*/
public void setMaxPathLength(int maxPathLength)
{
if (maxPathLength < -1)
throw new IllegalArgumentException();
this.maxPathLength = maxPathLength;
}
public String toString()
{
StringBuffer buf = new StringBuffer(super.toString());
buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength);
return buf.toString();
}
}

101
libjava/java/security/cert/PKIXCertPathBuilderResult.java Normal file
View file

@ -0,0 +1,101 @@
/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* The result of calling the {@link
* CertPathBuilder#build(java.security.cert.CertPathParameters)} method
* of PKIX {@link CertPathBuilder}s.
*
* @see CertPathBuilder
* @see CertPathBuilderResult
*/
public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
{
// Fields.
// ------------------------------------------------------------------------
/** The certificate path. */
private CertPath certPath;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new PKIXCertPathBuilderResult.
*
* @param certPath The certificate path.
* @param trustAnchor The trust anchor.
* @param policyTree The root node of the policy tree.
* @param subjectPublicKey The public key.
* @throws NullPointerException If <i>certPath</i>, <i>trustAnchor</i> or
* <i>subjectPublicKey</i> is null.
*/
public PKIXCertPathBuilderResult(CertPath certPath,
TrustAnchor trustAnchor,
PolicyNode policyTree,
java.security.PublicKey subjectPublicKey)
{
super(trustAnchor, policyTree, subjectPublicKey);
if (certPath == null)
throw new NullPointerException();
this.certPath = certPath;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the certificate path that was built.
*
* @return The certificate path that was built.
*/
public CertPath getCertPath()
{
return certPath;
}
public String toString()
{
StringBuffer buf = new StringBuffer(super.toString());
buf.insert(buf.length() - 2, "; CertPath=" + certPath);
return buf.toString();
}
}

133
libjava/java/security/cert/PKIXCertPathChecker.java Normal file
View file

@ -0,0 +1,133 @@
/* PKIXCertPathChecker.java -- checks X.509 certificate paths.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.Collection;
import java.util.Set;
/**
* A validator for X.509 certificates when approving certificate chains.
*
* <p>Concrete subclasses can be passed to the {@link
* PKIXParameters#setCertPathCheckers(java.util.List)} and {@link
* PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker}
* methods, which are then used to set up PKIX certificate chain
* builders or validators. These classes then call the {@link
* #check(java.security.cert.Certificate,java.util.Collection)} method
* of this class, performing whatever checks on the certificate,
* throwing an exception if any check fails.
*
* <p>Subclasses of this must be able to perform their checks in the
* backward direction -- from the most-trusted certificate to the target
* -- and may optionally support forward checking -- from the target to
* the most-trusted certificate.
*
* @see PKIXParameters
*/
public abstract class PKIXCertPathChecker implements Cloneable
{
// Constructor.
// ------------------------------------------------------------------------
/** Default constructor. */
protected PKIXCertPathChecker()
{
super();
}
// Cloneable interface.
// ------------------------------------------------------------------------
public Object clone()
{
try
{
return super.clone();
}
catch (CloneNotSupportedException cnse)
{
throw new InternalError(cnse.getMessage());
}
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Initialize this PKIXCertPathChecker. If subclasses support forward
* checking, a value of true can be passed to this method, and
* certificates can be validated from the target certificate to the
* most-trusted certifcate.
*
* @param forward The direction of this PKIXCertPathChecker.
* @throws CertPathValidatorException If <i>forward</i> is true and
* this class does not support forward checking.
*/
public abstract void init(boolean forward) throws CertPathValidatorException;
/**
* Returns whether or not this class supports forward checking.
*
* @return Whether or not this class supports forward checking.
*/
public abstract boolean isForwardCheckingSupported();
/**
* Returns an immutable set of X.509 extension object identifiers (OIDs)
* supported by this PKIXCertPathChecker.
*
* @return An immutable set of Strings of the supported X.509 OIDs, or
* null if no extensions are supported.
*/
public abstract Set getSupportedExtensions();
/**
* Checks a certificate, removing any critical extensions that are
* resolved in this check.
*
* @param cert The certificate to check.
* @param unresolvedCritExts The (mutable) collection of as-of-yet
* unresolved critical extensions, as OID strings.
* @throws CertPathValidatorException If this certificate fails this
* check.
*/
public abstract void check(Certificate cert, Collection unresolvedCritExts)
throws CertPathValidatorException;
}

142
libjava/java/security/cert/PKIXCertPathValidatorResult.java Normal file
View file

@ -0,0 +1,142 @@
/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.PublicKey;
/**
* Results returned by the {@link
* CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}
* method for PKIX {@link CertPathValidator}s.
*
* @see CertPathValidator
*/
public class PKIXCertPathValidatorResult implements CertPathValidatorResult
{
// Fields.
// ------------------------------------------------------------------------
/** The trust anchor. */
private final TrustAnchor trustAnchor;
/** The root node of the policy tree. */
private final PolicyNode policyTree;
/** The subject's public key. */
private final PublicKey subjectPublicKey;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new PKIXCertPathValidatorResult.
*
* @param trustAnchor The trust anchor.
* @param policyTree The root node of the policy tree.
* @param subjectPublicKey The public key.
* @throws NullPointerException If either <i>trustAnchor</i> or
* <i>subjectPublicKey</i> is null.
*/
public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
PolicyNode policyTree,
PublicKey subjectPublicKey)
{
if (trustAnchor == null || subjectPublicKey == null)
throw new NullPointerException();
this.trustAnchor = trustAnchor;
this.policyTree = policyTree;
this.subjectPublicKey = subjectPublicKey;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the trust anchor.
*
* @return The trust anchor.
*/
public TrustAnchor getTrustAnchor()
{
return trustAnchor;
}
/**
* Returns the root node of the policy tree.
*
* @return The root node of the policy tree.
*/
public PolicyNode getPolicyTree()
{
return policyTree;
}
/**
* Returns the subject public key.
*
* @return The subject public key.
*/
public PublicKey getPublicKey()
{
return subjectPublicKey;
}
/**
* Returns a copy of this object.
*
* @return The copy.
*/
public Object clone()
{
return new PKIXCertPathValidatorResult(trustAnchor, policyTree,
subjectPublicKey);
}
/**
* Returns a printable string representation of this result.
*
* @return A printable string representation of this result.
*/
public String toString()
{
return "[ Trust Anchor=" + trustAnchor + "; Policy Tree="
+ policyTree + "; Subject Public Key=" + subjectPublicKey + " ]";
}
}

546
libjava/java/security/cert/PKIXParameters.java Normal file
View file

@ -0,0 +1,546 @@
/* PKIXParameters.java -- parameters for the PKIX cert path algorithm
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
/**
* Parameters for verifying certificate paths using the PKIX
* (Public-Key Infrastructure (X.509)) algorithm.
*
* @see CertPathBulider
*/
public class PKIXParameters implements CertPathParameters
{
// Fields.
// ------------------------------------------------------------------------
/** The trusted certificates. */
private final Set trustAnchors;
/** The set of initial policy identifiers. */
private final Set initPolicies;
/** The list of certificate stores. */
private final List certStores;
/** The list of path checkers. */
private final List pathCheckers;
/** The revocation enabled flag. */
private boolean revocationEnabled;
/** The explicit policy required flag. */
private boolean exPolicyRequired;
/** The policy mapping inhibited flag. */
private boolean policyMappingInhibited;
/** The any policy inhibited flag. */
private boolean anyPolicyInhibited;
/** The policy qualifiers rejected flag. */
private boolean policyQualRejected;
/** The target validation date. */
private Date date;
/** The signature algorithm provider. */
private String sigProvider;
/** The target constraints. */
private CertSelector targetConstraints;
// Constructors.
// ------------------------------------------------------------------------
/**
* Create a new PKIXParameters object, populating the trusted
* certificates set with all certificates found in the given key
* store. All certificates found in the key store are assumed to be
* trusted by this constructor.
*
* @param keystore The key store.
* @throws KeyStoreException If the certificates cannot be retrieved
* from the key store.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the key store.
* @throws NullPointerException If <i>keystore</i> is null.
*/
public PKIXParameters(KeyStore keystore)
throws KeyStoreException, InvalidAlgorithmParameterException
{
this();
for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
{
String alias = (String) e.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
Certificate cert = keystore.getCertificate(alias);
if (cert instanceof X509Certificate)
trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
}
if (trustAnchors.isEmpty())
throw new InvalidAlgorithmParameterException("no certs in the key store");
}
/**
* Create a new PKIXParameters object, populating the trusted
* certificates set with the elements of the given set, each of which
* must be a {@link TrustAnchor}.
*
* @param trustAnchors The set of trust anchors.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the set.
* @throws NullPointerException If <i>trustAnchors</i> is null.
* @throws ClassCastException If every element in <i>trustAnchors</i>
* is not a {@link TrustAnchor}.
*/
public PKIXParameters(Set trustAnchors)
throws InvalidAlgorithmParameterException
{
this();
setTrustAnchors(trustAnchors);
}
/**
* Default constructor.
*/
private PKIXParameters()
{
trustAnchors = new HashSet();
initPolicies = new HashSet();
certStores = new LinkedList();
pathCheckers = new LinkedList();
revocationEnabled = true;
exPolicyRequired = false;
policyMappingInhibited = false;
anyPolicyInhibited = false;
policyQualRejected = true;
}
/**
* Copying constructor for cloning.
*
* @param that The instance being cloned.
*/
private PKIXParameters(PKIXParameters that)
{
this();
this.trustAnchors.addAll(that.trustAnchors);
this.initPolicies.addAll(that.initPolicies);
this.certStores.addAll(that.certStores);
this.pathCheckers.addAll(that.pathCheckers);
this.revocationEnabled = that.revocationEnabled;
this.exPolicyRequired = that.exPolicyRequired;
this.policyMappingInhibited = that.policyMappingInhibited;
this.anyPolicyInhibited = that.anyPolicyInhibited;
this.policyQualRejected = that.policyQualRejected;
this.date = that.date;
this.sigProvider = that.sigProvider;
this.targetConstraints = that.targetConstraints != null
? (CertSelector) that.targetConstraints.clone() : null;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns an immutable set of trust anchors. The set returned will
* never be null and will never be empty.
*
* @return A (never null, never empty) immutable set of trust anchors.
*/
public Set getTrustAnchors()
{
return Collections.unmodifiableSet(trustAnchors);
}
/**
* Sets the trust anchors of this class, replacing the current trust
* anchors with those in the given set. The supplied set is copied to
* prevent modification.
*
* @param trustAnchors The new set of trust anchors.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the set.
* @throws NullPointerException If <i>trustAnchors</i> is null.
* @throws ClassCastException If every element in <i>trustAnchors</i>
* is not a {@link TrustAnchor}.
*/
public void setTrustAnchors(Set trustAnchors)
throws InvalidAlgorithmParameterException
{
if (trustAnchors.isEmpty())
throw new InvalidAlgorithmParameterException("no trust anchors");
this.trustAnchors.clear();
for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
{
this.trustAnchors.add((TrustAnchor) i.next());
}
}
/**
* Returns the set of initial policy identifiers (as OID strings). If
* any policy is accepted, this method returns the empty set.
*
* @return An immutable set of initial policy OID strings, or the
* empty set if any policy is acceptable.
*/
public Set getInitialPolicies()
{
return Collections.unmodifiableSet(initPolicies);
}
/**
* Sets the initial policy identifiers (as OID strings). If the
* argument is null or the empty set, then any policy identifier will
* be accepted.
*
* @param initPolicies The new set of policy strings, or null.
* @throws ClassCastException If any element in <i>initPolicies</i> is
* not a string.
*/
public void setInitialPolicies(Set initPolicies)
{
this.initPolicies.clear();
if (initPolicies == null)
return;
for (Iterator i = initPolicies.iterator(); i.hasNext(); )
{
this.initPolicies.add((String) i.next());
}
}
/**
* Add a {@link CertStore} to the list of cert stores.
*
* @param store The CertStore to add.
*/
public void addCertStore(CertStore store)
{
if (store != null)
certStores.add(store);
}
/**
* Returns an immutable list of cert stores. This method never returns
* null.
*
* @return The list of cert stores.
*/
public List getCertStores()
{
return Collections.unmodifiableList(certStores);
}
/**
* Set the cert stores. If the argument is null the list of cert
* stores will be empty.
*
* @param certStores The cert stores.
*/
public void setCertStores(List certStores)
{
this.certStores.clear();
if (certStores == null)
return;
for (Iterator i = certStores.iterator(); i.hasNext(); )
{
this.certStores.add((CertStore) i.next());
}
}
/**
* Returns the value of the <i>revocation enabled</i> flag. The default
* value for this flag is <code>true</code>.
*
* @return The <i>revocation enabled</i> flag.
*/
public boolean isRevocationEnabled()
{
return revocationEnabled;
}
/**
* Sets the value of the <i>revocation enabled</i> flag.
*
* @param value The new value.
*/
public void setRevocationEnabled(boolean value)
{
revocationEnabled = value;
}
/**
* Returns the value of the <i>explicit policy required</i> flag. The
* default value of this flag is <code>false</code>.
*
* @return The <i>explicit policy required</i> flag.
*/
public boolean isExplicitPolicyRequired()
{
return exPolicyRequired;
}
/**
* Sets the value of the <i>explicit policy required</i> flag.
*
* @param value The new value.
*/
public void setExplicitPolicyRequired(boolean value)
{
exPolicyRequired = value;
}
/**
* Returns the value of the <i>policy mapping inhibited</i> flag. The
* default value of this flag is <code>false</code>.
*
* @return The <i>policy mapping inhibited</i> flag.
*/
public boolean isPolicyMappingInhibited()
{
return policyMappingInhibited;
}
/**
* Sets the value of the <i>policy mapping inhibited</i> flag.
*
* @param value The new value.
*/
public void setPolicyMappingInhibited(boolean value)
{
policyMappingInhibited = value;
}
/**
* Returns the value of the <i>any policy inhibited</i> flag. The
* default value of this flag is <code>false</code>.
*
* @return The <i>any policy inhibited</i> flag.
*/
public boolean isAnyPolicyInhibited()
{
return anyPolicyInhibited;
}
/**
* Sets the value of the <i>any policy inhibited</i> flag.
*
* @param value The new value.
*/
public void setAnyPolicyInhibited(boolean value)
{
anyPolicyInhibited = value;
}
/**
* Returns the value of the <i>policy qualifiers enabled</i> flag. The
* default value of this flag is <code>true</code>.
*
* @return The <i>policy qualifiers enabled</i> flag.
*/
public boolean getPolicyQualifiersRejected()
{
return policyQualRejected;
}
/**
* Sets the value of the <i>policy qualifiers enabled</i> flag.
*
* @param value The new value.
*/
public void setPolicyQualifiersRejected(boolean value)
{
policyQualRejected = value;
}
/**
* Returns the date for which the certificate path should be
* validated, or null if the current time should be used. The date
* object is copied to prevent subsequent modification.
*
* @return The date, or null if not set.
*/
public Date getDate()
{
return date != null ? (Date) date.clone() : null;
}
/**
* Sets the date for which the certificate path should be validated,
* or null if the current time should be used.
*
* @param date The new date, or null.
*/
public void setDate(Date date)
{
if (date != null)
this.date = (Date) date.clone();
else
this.date = null;
}
/**
* Add a certificate path checker.
*
* @param checker The certificate path checker to add.
*/
public void addCertPathChecker(PKIXCertPathChecker checker)
{
if (checker != null)
pathCheckers.add(checker);
}
/**
* Returns an immutable list of all certificate path checkers.
*
* @return An immutable list of all certificate path checkers.
*/
public List getCertPathCheckers()
{
return Collections.unmodifiableList(pathCheckers);
}
/**
* Sets the certificate path checkers. If the argument is null, the
* list of checkers will merely be cleared.
*
* @param pathCheckers The new list of certificate path checkers.
* @throws ClassCastException If any element of <i>pathCheckers</i> is
* not a {@link PKIXCertPathChecker}.
*/
public void setCertPathCheckers(List pathCheckers)
{
this.pathCheckers.clear();
if (pathCheckers == null)
return;
for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
{
this.pathCheckers.add((PKIXCertPathChecker) i.next());
}
}
/**
* Returns the signature algorithm provider, or null if not set.
*
* @return The signature algorithm provider, or null if not set.
*/
public String getSigProvider()
{
return sigProvider;
}
/**
* Sets the signature algorithm provider, or null if there is no
* preferred provider.
*
* @param sigProvider The signature provider name.
*/
public void setSigProvider(String sigProvider)
{
this.sigProvider = sigProvider;
}
/**
* Returns the constraints placed on the target certificate, or null
* if there are none. The target constraints are copied to prevent
* subsequent modification.
*
* @return The target constraints, or null.
*/
public CertSelector getTargetCertConstraints()
{
return targetConstraints != null
? (CertSelector) targetConstraints.clone() : null;
}
/**
* Sets the constraints placed on the target certificate.
*
* @param targetConstraints The target constraints.
*/
public void setTargetCertConstraints(CertSelector targetConstraints)
{
this.targetConstraints = targetConstraints != null
? (CertSelector) targetConstraints.clone() : null;
}
/**
* Returns a copy of these parameters.
*
* @return The copy.
*/
public Object clone()
{
return new PKIXParameters(this);
}
/**
* Returns a printable representation of these parameters.
*
* @return A printable representation of these parameters.
*/
public String toString() {
return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
+ (initPolicies != null ? initPolicies.toString() : "any")
+ "; Validity Date=" + date + "; Signature Provider="
+ sigProvider + "; Default Revocation Enabled=" + revocationEnabled
+ "; Explicit Policy Required=" + exPolicyRequired
+ "; Policy Mapping Inhibited=" + policyMappingInhibited
+ "; Any Policy Inhibited=" + anyPolicyInhibited
+ "; Policy Qualifiers Rejected=" + policyQualRejected
+ "; Target Cert Contstraints=" + targetConstraints
+ "; Certification Path Checkers=" + pathCheckers
+ "; CertStores=" + certStores + " ]";
}
}

102
libjava/java/security/cert/PolicyNode.java Normal file
View file

@ -0,0 +1,102 @@
/* PolicyNode.java -- a single node in a policy tree
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
public interface PolicyNode
{
/**
* Get the iterator of the child nodes of this node. The returned
* iterator is (naturally) unmodifiable.
*
* @return An iterator over the child nodes.
*/
java.util.Iterator getChildren();
/**
* Get the depth of this node within the tree, starting at 0 for the
* root node.
*
* @return The depth of this node.
*/
int getDepth();
/**
* Returns a set of policies (string OIDs) that will satisfy this
* node's policy. The root node should always return the singleton set
* with the element "any-policy".
*
* @return The set of expected policies.
*/
java.util.Set getExpectedPolicies();
/**
* Returns the parent node of this node, or null if this is the root
* node.
*
* @return The parent node, or null.
*/
PolicyNode getParent();
/**
* Returns a set of {@link PolicyQualifierInfo} objects that qualify
* the valid policy of this node. The root node should always return
* the empty set.
*
* @return The set of {@link PolicyQualifierInfo} objects.
*/
java.util.Set getPolicyQualifiers();
/**
* Get the policy OID this node represents. The root node should return
* the special value "any-policy".
*
* @return The policy of this node.
*/
String getValidPolicy();
/**
* Return the criticality flag of this policy node. Nodes who return
* true for this method should be considered critical. The root node
* is never critical.
*
* @return The criticality flag.
*/
boolean isCritical();
}

172
libjava/java/security/cert/PolicyQualifierInfo.java Normal file
View file

@ -0,0 +1,172 @@
/* PolicyQualifierInfo.java -- policy qualifier info object.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
import gnu.java.security.der.DER;
import gnu.java.security.der.DEREncodingException;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import gnu.java.security.der.DERWriter;
/**
* The PolicyQualifierInfo X.509 certificate extension.
* PolicyQualifierInfo objects are represented by the ASN.1 structure:
*
* <pre>
* PolicyQualifierInfo ::= SEQUENCE {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId
* }
*
* PolicyQualifierId ::= OBJECT IDENTIFIER
* </pre>
*
* @since JDK 1.4
*/
public class PolicyQualifierInfo
{
// Fields.
// ------------------------------------------------------------------------
/** The <code>policyQualifierId</code> field. */
private OID oid;
/** The DER encoded form of this object. */
private byte[] encoded;
/** The DER encoded form of the <code>qualifier</code> field. */
private DERValue qualifier;
// Constructor.
// ------------------------------------------------------------------------
/**
* Create a new PolicyQualifierInfo object from the DER encoded form
* passed in the byte array. The argument is copied.
*
* <p>The ASN.1 form of PolicyQualifierInfo is:
<pre>
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId
}
PolicyQualifierId ::= OBJECT IDENTIFIER
</pre>
*
* @param encoded The DER encoded form.
* @throws IOException If the structure cannot be parsed from the
* encoded bytes.
*/
public PolicyQualifierInfo(byte[] encoded) throws IOException
{
if (encoded == null)
throw new IOException("null bytes");
this.encoded = (byte[]) encoded.clone();
DERReader in = new DERReader(new ByteArrayInputStream(this.encoded));
DERValue qualInfo = in.read();
if (!qualInfo.isConstructed())
throw new ASN1ParsingException("malformed PolicyQualifierInfo");
DERValue val = in.read();
if (!(val.getValue() instanceof OID))
throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER");
oid = (OID) val.getValue();
if (val.getEncodedLength() < val.getLength())
qualifier = in.read();
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the <code>policyQualifierId</code> field of this structure,
* as a dotted-decimal representation of the object identifier.
*
* @return This structure's OID field.
*/
public String getPolicyQualifierId()
{
return oid.toString();
}
/**
* Returns the DER encoded form of this object; the contents of the
* returned byte array are equivalent to those that were passed to the
* constructor. The byte array is cloned every time this method is
* called.
*
* @return The encoded form.
*/
public byte[] getEncoded()
{
return (byte[]) encoded.clone();
}
/**
* Get the <code>qualifier</code> field of this object, as a DER
* encoded byte array. The byte array returned is cloned every time
* this method is called.
*
* @return The encoded qualifier.
*/
public byte[] getPolicyQualifier()
{
if (qualifier == null)
return new byte[0];
return qualifier.getEncoded();
}
/**
* Returns a printable string representation of this object.
*
* @return The string representation.
*/
public String toString()
{
return "PolicyQualifierInfo { policyQualifierId ::= " + oid
+ ", qualifier ::= " + qualifier + " }";
}
}

188
libjava/java/security/cert/TrustAnchor.java Normal file
View file

@ -0,0 +1,188 @@
/* TrustAnchor.java -- an ultimately-trusted certificate.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.PublicKey;
import gnu.java.security.x509.X500DistinguishedName;
/**
* An ultimately-trusted certificate to serve as the root of a
* certificate chain.
*
* @author Casey Marshall (rsdio@metastatic.org)
*/
public class TrustAnchor
{
// Fields.
// ------------------------------------------------------------------------
/** The certificate authority's distinguished name. */
private final X500DistinguishedName caName;
/** The certficate authority's public key. */
private final PublicKey caKey;
/** The certficate authority's certificate. */
private final X509Certificate trustedCert;
/** The encoded name constraints bytes. */
private final byte[] nameConstraints;
// Constnuctors.
// ------------------------------------------------------------------------
/**
* Create a new trust anchor from a certificate and (optional) name
* constraints.
*
* <p>If the <i>nameConstraints</i> argument in non-null, it will be
* copied to prevent modification.
*
* @param trustedCert The trusted certificate.
* @param nameConstraints The encoded nameConstraints.
*/
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
{
if (trustedCert == null)
throw new NullPointerException();
this.trustedCert = trustedCert;
caName = null;
caKey = null;
if (nameConstraints != null)
this.nameConstraints = (byte[]) nameConstraints.clone();
else
this.nameConstraints = null;
}
/**
* Create a new trust anchor from a certificate authority's
* distinguished name, public key, and (optional) name constraints.
*
* <p>If the <i>nameConstraints</i> argument in non-null, it will be
* copied to prevent modification.
*
* @params caName The CA's distinguished name.
* @params caKey The CA's public key.
* @params nameConstraints The encoded nameConstraints.
*/
public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints)
{
if (caName == null || caKey == null)
throw new NullPointerException();
if (caName.length() == 0)
throw new IllegalArgumentException();
trustedCert = null;
this.caName = new X500DistinguishedName(caName);
this.caKey = caKey;
if (nameConstraints != null)
this.nameConstraints = (byte[]) nameConstraints.clone();
else
this.nameConstraints = null;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the trusted certificate, or null if none was specified.
*
* @return The trusted certificate.
*/
public final X509Certificate getTrustedCert()
{
return trustedCert;
}
/**
* Return the certificate authority's distinguished name, or null if
* none was specified.
*
* @return The CA's distinguished name.
*/
public final String getCAName()
{
if (caName != null)
return caName.toRFC2253();
return null;
}
/**
* Return the certificate authority's public key, or null if none was
* specified.
*
* @return The CA's public key.
*/
public final PublicKey getCAPublicKey()
{
return caKey;
}
/**
* Return the encoded name constraints, or null if none was specified.
*
* <p>The name constraints byte array is copied when this method is
* called to prevent modification.
*
* @return The encoded name constraints.
*/
public final byte[] getNameConstraints()
{
if (nameConstraints == null)
return null;
return (byte[]) nameConstraints.clone();
}
/**
* Return a printable representation of this trust anchor.
*
* @return The printable representation.
*/
public String toString()
{
if (trustedCert == null)
return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name="
+ caName.toRFC2253() + " ]";
return "[ Trusted CA Certificate=" + trustedCert + " ]";
}
}

15
libjava/java/security/cert/X509CRL.java
View file

@ -47,6 +47,8 @@ import java.security.SignatureException;
import java.util.Date;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
/**
The X509CRL class is the abstract class used to manage
X.509 Certificate Revocation Lists. The CRL is a list of
@ -378,4 +380,17 @@ public abstract class X509CRL extends CRL implements X509Extension
*/
public abstract byte[] getSigAlgParams();
// 1.4 instance methods.
// ------------------------------------------------------------------------
/**
* Returns the X.500 distinguished name of this CRL's issuer.
*
* @return The issuer's X.500 distinguished name.
* @since JDK 1.4
*/
public X500Principal getIssuerX500Principal()
{
throw new UnsupportedOperationException();
}
}

297
libjava/java/security/cert/X509Certificate.java
View file

@ -1,5 +1,5 @@
/* X509Certificate.java --- X.509 Certificate class
Copyright (C) 1999 Free Software Foundation, Inc.
Copyright (C) 1999,2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@ -37,6 +37,7 @@ exception statement from your version. */
package java.security.cert;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PublicKey;
@ -47,90 +48,104 @@ import java.security.SignatureException;
import java.util.Date;
/**
X509Certificate is the abstract class for X.509 certificates.
This provides a stanard class interface for accessing all
the attributes of X.509 certificates.
In June 1996, the basic X.509 v3 format was finished by
ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
These certificates are widely used in various Internet
protocols to support authentication. It is used in
Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
Secure Sockets Layer (SSL), code signing for trusted software
distribution, and Secure Electronic Transactions (SET).
The certificates are managed and vouched for by
<I>Certificate Authorities</I> (CAs). CAs are companies or
groups that create certificates by placing the data in the
X.509 certificate format and signing it with their private
key. CAs serve as trusted third parties by certifying that
the person or group specified in the certificate is who
they say they are.
The ASN.1 defintion for <I>tbsCertificate</I> is
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version shall be v3
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
Certificates are created with the CertificateFactory.
For more information about X.509 certificates, consult
rfc2459.
@since JDK 1.2
@author Mark Benvenuto
*/
* X509Certificate is the abstract class for X.509 certificates.
* This provides a stanard class interface for accessing all
* the attributes of X.509 certificates.
*
* <p>In June 1996, the basic X.509 v3 format was finished by
* ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
*
* <blockquote><pre>
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
* </pre></blockquote>
*
* <p>These certificates are widely used in various Internet
* protocols to support authentication. It is used in
* Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
* Secure Sockets Layer (SSL), code signing for trusted software
* distribution, and Secure Electronic Transactions (SET).
*
* <p>The certificates are managed and vouched for by
* <I>Certificate Authorities</I> (CAs). CAs are companies or
* groups that create certificates by placing the data in the
* X.509 certificate format and signing it with their private
* key. CAs serve as trusted third parties by certifying that
* the person or group specified in the certificate is who
* they say they are.
*
* <p>The ASN.1 defintion for <I>tbsCertificate</I> is
*
* <blockquote><pre>
* TBSCertificate ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* serialNumber CertificateSerialNumber,
* signature AlgorithmIdentifier,
* issuer Name,
* validity Validity,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* extensions [3] EXPLICIT Extensions OPTIONAL
* -- If present, version shall be v3
* }
*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*
* CertificateSerialNumber ::= INTEGER
*
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time }
*
* Time ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
*
* UniqueIdentifier ::= BIT STRING
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING }
* </pre></blockquote>
*
* Certificates are created with the CertificateFactory.
*
* <p>References:
*
* <ol>
* <li>Olivier Dubuisson, Philippe Fouquart (Translator) <i>ASN.1 -
* Communication between heterogeneous systems</i>, (C) September 2000,
* Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at
* <a
* href="http://www.oss.com/asn1/dubuisson.html">http://www.oss.com/asn1/dubuisson.html</a></li>
* <li>R. Housley et al, <i><a href="http://www.ietf.org/rfc/rfc3280.txt">RFC
* 3280: Internet X.509 Public Key Infrastructure Certificate and CRL
* Profile</a></i>.</li>
* </ol>
*
* @since JDK 1.2
* @author Mark Benvenuto
* @author Casey Marshall (rsdio@metastatic.org)
*/
public abstract class X509Certificate extends Certificate implements X509Extension
{
/**
Constructs a new certificate of the specified type.
*/
* Constructs a new certificate of the specified type.
*/
protected X509Certificate()
{
super( "X.509" );
@ -451,5 +466,125 @@ public abstract class X509Certificate extends Certificate implements X509Extensi
*/
public abstract int getBasicConstraints();
// 1.4 instance methods.
// ------------------------------------------------------------------------
/**
* Returns the <code>ExtendedKeyUsage</code> extension of this
* certificate, or null if there is no extension present. The returned
* value is a {@link java.util.List} strings representing the object
* identifiers of the extended key usages. This extension has the OID
* 2.5.29.37.
*
* <p>The ASN.1 definition for this extension is:
*
* <blockquote><pre>
* ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
*
* KeyPurposeId ::= OBJECT IDENTIFIER
* </pre></blockquote>
*
* @return The list of extension OIDs, or null if there are none
* present in this certificate.
* @throws CertificateParsingException If this extension cannot be
* parsed from its encoded form.
*/
public java.util.List getExtendedKeyUsage()
throws CertificateParsingException
{
throw new UnsupportedOperationException();
}
/**
* Returns the alternative names for this certificate's subject (the
* owner), or null if there are none.
*
* <p>This is an X.509 extension with OID 2.5.29.17 and is defined by
* the ASN.1 construction:
*
* <blockquote><pre>
* SubjectAltNames ::= GeneralNames
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
* GeneralName ::= CHOICE {
* otherName [0] OtherName,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
* }
* </pre></blockquote>
*
* <p>The returned collection contains one or more two-element Lists,
* with the first object being an Integer representing the choice
* above (with value 0 through 8) and the second being an (a) String
* if the <code>GeneralName</code> is a rfc822Name, dNSName,
* uniformResourceIdentifier, iPAddress, or registeredID, or (b) a
* byte array of the DER encoded form for any others.
*
* @return The collection of alternative names, or null if there are
* none.
* @throws CertificateParsingException If the encoded extension cannot
* be parsed.
* @since JDK 1.4
*/
public java.util.Collection getSubjectAlternativeNames()
throws CertificateParsingException
{
throw new UnsupportedOperationException();
}
/**
* Returns the alternative names for this certificate's issuer, or
* null if there are none.
*
* <p>This is an X.509 extension with OID 2.5.29.18, and is defined by
* the ASN.1 construction:
*
* <blockquote><pre>
* IssuerAltNames ::= GeneralNames
* </pre></blockquote>
*
* <p>The <code>GeneralNames</code> construct and the form of the
* returned collection are the same as with {@link
* #getSubjectAlternativeNames()}.
*
* @return The collection of alternative names, or null if there are
* none.
* @throws CertificateParsingException If the encoded extension cannot
* be parsed.
* @since JDK 1.4
*/
public java.util.Collection getIssuerAlternativeNames()
throws CertificateParsingException
{
throw new UnsupportedOperationException();
}
/**
* Returns the X.500 distinguished name of this certificate's subject.
*
* @return The subject's X.500 distinguished name.
* @since JDK 1.4
*/
public javax.security.auth.x500.X500Principal getSubjectX500Principal()
{
throw new UnsupportedOperationException();
}
/**
* Returns the X.500 distinguished name of this certificate's issuer.
*
* @return The issuer's X.500 distinguished name.
* @since JDK 1.4
*/
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
{
throw new UnsupportedOperationException();
}
}

2
libjava/java/security/spec/DSAPublicKeySpec.java
View file

@ -62,7 +62,7 @@ public class DSAPublicKeySpec extends Object implements KeySpec
@param q the sub-prime
@param g the base
*/
public DSAPublicKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g)
public DSAPublicKeySpec(BigInteger y, BigInteger p, BigInteger q, BigInteger g)
{
this.y = y;
this.p = p;