procyberian/gcc
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Attributes.java, [...]: Imported from Classpath.

Browse source 
Sat Aug 19 11:00:53 2000  Anthony Green  <green@redhat.com>

	* java/util/jar/Attributes.java, java/util/jar/JarEntry.java,
	java/util/jar/JarException.java, java/util/jar/JarFile.java,
	java/util/jar/JarInputStream.java,
	java/util/jar/JarOutputStream.java, java/util/jar/Manifest.java,
	java/util/Set.java, java/util/Map.java, java/util/Bucket.java,
	java/util/AbstractSet.java, java/util/BasicMapEntry.java,
	java/security/cert/CRL.java, java/security/cert/CRLException.java,
	java/security/cert/Certificate.java,
	java/security/cert/CertificateEncodingException.java,
	java/security/cert/CertificateException.java,
	java/security/cert/CertificateExpiredException.java,
	java/security/cert/CertificateFactory.java,
	java/security/cert/CertificateFactorySpi.java,
	java/security/cert/CertificateNotYetValidException.java,
	java/security/cert/CertificateParsingException.java,
	java/security/cert/X509CRL.java,
	java/security/cert/X509CRLEntry.java,
	java/security/cert/X509Certificate.java,
	java/security/cert/X509Extension.java: Imported from Classpath.
	* java/util/Hashtable.java: Imported from Classpath.

	* java/util/zip/ZipInputStream.java: Create stub for
	createZipEntry.

	* gcj/javaprims.h: Updated class list.

	* Makefile.in, gcj/Makefile.in: Rebuilt.
	* Makefile.am (ordinary_java_source_files): Add these new classes.

From-SVN: r35809
This commit is contained in:
Anthony Green 2000-08-19 18:19:42 +00:00 committed by Anthony Green
parent e76d9acbe9
commit a729a4e9ab
35 changed files with 5943 additions and 768 deletions
Download patch file Download diff file Expand all files Collapse all files

87
libjava/java/security/cert/CRL.java Normal file
View file

@ -0,0 +1,87 @@
/* CRL.java --- Certificate Revocation List
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
/**
Certificate Revocation List class for managing CRLs that
have different formats but the same general use. They
all serve as lists of revoked certificates and can
be queried for a given certificate.
Specialized CRLs extend this class.
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract class CRL
{
private String type;
/**
Creates a new CRL for the specified type. An example
is "X.509".
@param type the standard name for the CRL type.
*/
protected CRL(String type)
{
this.type = type;
}
/**
Returns the CRL type.
@return a string representing the CRL type
*/
public final String getType()
{
return type;
}
/**
Returns a string representing the CRL.
@return a string representing the CRL.
*/
public abstract String toString();
/**
Determines whether or not the specified Certificate
is revoked.
@param cert A certificate to check if it is revoked
@return true if the certificate is revoked,
false otherwise.
*/
public abstract boolean isRevoked(Certificate cert);
}

59
libjava/java/security/cert/CRLException.java Normal file
View file

@ -0,0 +1,59 @@
/* CRLException.java --- Certificate Revocation List Exception
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.security.GeneralSecurityException;
/**
Exception for a Certificate Revocation List.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CRLException extends GeneralSecurityException
{
/**
Constructs an CRLExceptionwithout a message string.
*/
public CRLException()
{
super();
}
/**
Constructs an CRLException with a message string.
@param msg A message to display with exception
*/
public CRLException(String msg)
{
super( msg );
}
}

237
libjava/java/security/cert/Certificate.java Normal file
View file

@ -0,0 +1,237 @@
/* Certificate.java --- Certificate class
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.io.ObjectInputStream;
import java.io.ByteArrayInputStream;
import java.io.ObjectStreamException;
/**
The Certificate class is an abstract class used to manage
identity certificates. An identity certificate is a
combination of a principal and a public key which is
certified by another principal. This is the puprose of
Certificate Authorities (CA).
This class is used to manage different types of certificates
but have important common puposes. Different types of
certificates like X.509 and OpenPGP share general certificate
functions (like encoding and verifying) and information like
public keys.
X.509, OpenPGP, and SDSI can be implemented by subclassing this
class even though they differ in storage methods and information
stored.
@since JDK 1.2
@author Mark Benvenuto
*/
public abstract class Certificate
{
private String type;
/**
Constructs a new certificate of the specified type. An example
is "X.509".
@param type a valid standard name for a certificate.
*/
protected Certificate(String type)
{
this.type = type;
}
/**
Returns the Certificate type.
@return a string representing the Certificate type
*/
public final String getType()
{
return type;
}
/**
Compares this Certificate to other. It checks if the
object if instanceOf Certificate and then checks if
the encoded form matches.
@param other An Object to test for equality
@return true if equal, false otherwise
*/
public boolean equals(Object other)
{
if( other instanceof Certificate ) {
try {
Certificate x = (Certificate) other;
if( getEncoded().length != x.getEncoded().length )
return false;
byte b1[] = getEncoded();
byte b2[] = x.getEncoded();
for( int i = 0; i < b1.length; i++ )
if( b1[i] != b2[i] )
return false;
} catch( CertificateEncodingException cee ) {
return false;
}
return true;
}
return false;
}
/**
Returns a hash code for this Certificate in its encoded
form.
@return A hash code of this class
*/
public int hashCode()
{
return super.hashCode();
}
/**
Gets the DER ASN.1 encoded format for this Certificate.
It assumes each certificate has only one encoding format.
Ex: X.509 is encoded as ASN.1 DER
@return byte array containg encoded form
@throws CertificateEncodingException if an error occurs
*/
public abstract byte[] getEncoded() throws CertificateEncodingException;
/**
Verifies that this Certificate was properly signed with the
PublicKey that corresponds to its private key.
@param key PublicKey to verify with
@throws CertificateException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException no provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key)
throws CertificateException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Verifies that this Certificate was properly signed with the
PublicKey that corresponds to its private key and uses
the signature engine provided by the provider.
@param key PublicKey to verify with
@param sigProvider Provider to use for signature algorithm
@throws CertificateException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException incorrect provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key,
String sigProvider)
throws CertificateException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Returns a string representing the Certificate.
@return a string representing the Certificate.
*/
public abstract String toString();
/**
Returns the public key stored in the Certificate.
@return The public key
*/
public abstract PublicKey getPublicKey();
/* INNER CLASS */
/**
Certificate.CertificateRep is an inner class used to provide an alternate
storage mechanism for serialized Certificates.
*/
protected static class CertificateRep implements java.io.Serializable
{
private String type;
private byte[] data;
/**
Create an alternate Certificate class to store a serialized Certificate
@param type the name of certificate type
@param data the certificate data
*/
protected CertificateRep(String type,
byte[] data)
{
this.type = type;
this.data = data;
}
/**
Return the stored Certificate
@return the stored certificate
@throws ObjectStreamException if certificate cannot be resolved
*/
protected Object readResolve()
throws ObjectStreamException
{
try {
return new ObjectInputStream( new ByteArrayInputStream( data ) ).readObject();
} catch ( Exception e ) {
e.printStackTrace();
throw new RuntimeException ( e.toString() );
}
}
}
}

58
libjava/java/security/cert/CertificateEncodingException.java Normal file
View file

@ -0,0 +1,58 @@
/* CertificateEncodingException.java --- Certificate Encoding Exception
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
/**
Exception for a Certificate Encoding.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CertificateEncodingException extends CertificateException
{
/**
Constructs an CertificateEncodingException without a message string.
*/
public CertificateEncodingException()
{
super();
}
/**
Constructs an CertificateEncodingException with a message string.
@param msg A message to display with exception
*/
public CertificateEncodingException(String msg)
{
super( msg );
}
}

59
libjava/java/security/cert/CertificateException.java Normal file
View file

@ -0,0 +1,59 @@
/* CertificateException.java --- Certificate Exception
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.security.GeneralSecurityException;
/**
Exception for a Certificate.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CertificateException extends GeneralSecurityException
{
/**
Constructs an CertificateException without a message string.
*/
public CertificateException()
{
super();
}
/**
Constructs an CertificateException with a message string.
@param msg A message to display with exception
*/
public CertificateException(String msg)
{
super( msg );
}
}

58
libjava/java/security/cert/CertificateExpiredException.java Normal file
View file

@ -0,0 +1,58 @@
/* CertificateExpiredException.java --- Certificate Expired Exception
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
/**
Exception for a Certificate Expiring.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CertificateExpiredException extends CertificateException
{
/**
Constructs an CertificateExpiredException without a message string.
*/
public CertificateExpiredException()
{
super();
}
/**
Constructs an CertificateExpiredException with a message string.
@param msg A message to display with exception
*/
public CertificateExpiredException(String msg)
{
super( msg );
}
}

259
libjava/java/security/cert/CertificateFactory.java Normal file
View file

@ -0,0 +1,259 @@
/* CertificateFactory.java --- Certificate Factory Class
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.io.InputStream;
import java.util.Collection;
/**
This class implments the CertificateFactory class interface
used to generate certificates and certificate revocation
list (CRL) objects from their encodings.
A certifcate factory for X.509 returns certificates of the
java.security.cert.X509Certificate class, and CRLs of the
java.security.cert.X509CRL class.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CertificateFactory
{
private CertificateFactorySpi certFacSpi;
private Provider provider;
private String type;
/**
Creates an instance of CertificateFactory
@param certFacSpi A CertificateFactory engine to use
@param provider A provider to use
@param type The type of Certificate
*/
protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type)
{
this.certFacSpi = certFacSpi;
this.provider = provider;
this.type = type;
}
/**
Gets an instance of the CertificateFactory class representing
the specified certificate factory. If the type is not
found then, it throws CertificateException.
@param type the type of certificate to choose
@return a CertificateFactory repesenting the desired type
@throws CertificateException if the type of certificate is not implemented by providers
*/
public static final CertificateFactory getInstance(String type) throws CertificateException
{
Provider[] p = Security.getProviders ();
for (int i = 0; i < p.length; i++)
{
String classname = p[i].getProperty ("CertificateFactory." + type);
if (classname != null)
return getInstance (classname, type, p[i]);
}
throw new CertificateException(type);
}
/**
Gets an instance of the CertificateFactory class representing
the specified certificate factory from the specified provider.
If the type is not found then, it throws CertificateException.
If the provider is not found, then it throws
NoSuchProviderException.
@param type the type of certificate to choose
@return a CertificateFactory repesenting the desired type
@throws CertificateException if the type of certificate is not implemented by providers
@throws NoSuchProviderException if the provider is not found
*/
public static final CertificateFactory getInstance(String type, String provider)
throws CertificateException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if( p == null)
throw new NoSuchProviderException();
return getInstance (p.getProperty ("CertificateFactory." + type),
type, p);
}
private static CertificateFactory getInstance (String classname,
String type,
Provider provider)
throws CertificateException
{
try {
return new CertificateFactory( (CertificateFactorySpi)Class.forName( classname ).newInstance(), provider, type );
} catch( ClassNotFoundException cnfe) {
throw new CertificateException("Class not found");
} catch( InstantiationException ie) {
throw new CertificateException("Class instantiation failed");
} catch( IllegalAccessException iae) {
throw new CertificateException("Illegal Access");
}
}
/**
Gets the provider that the class is from.
@return the provider of this class
*/
public final Provider getProvider()
{
return provider;
}
/**
Returns the type of the certificate supported
@return A string with the type of certificate
*/
public final String getType()
{
return type;
}
/**
Generates a Certificate based on the encoded data read
from the InputStream.
The input stream must contain only one certificate.
If there exists a specialized certificate class for the
certificate format handled by the certificate factory
then the return Ceritificate should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509Certificate.
For X.509 certificates, the certificate in inStream must be
DER encoded and supplied in binary or printable (Base64)
encoding. If the certificate is in Base64 encoding, it must be
bounded by -----BEGINCERTIFICATE-----, and
-----END CERTIFICATE-----.
@param inStream an input stream containing the certificate data
@return a certificate initialized with InputStream data.
@throws CertificateException Certificate parsing error
*/
public final Certificate generateCertificate(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertificate( inStream );
}
/**
Returns a collection of certificates that were read from the
input stream. It may be empty, have only one, or have
multiple certificates.
For a X.509 certificate factory, the stream may contain a
single DER encoded certificate or a PKCS#7 certificate
chain. This is a PKCS#7 <I>SignedData</I> object with the
most significant field being <I>certificates</I>. If no
CRLs are present, then an empty collection is returned.
@param inStream an input stream containing the certificates
@return a collection of certificates initialized with
the InputStream data.
@throws CertificateException Certificate parsing error
*/
public final Collection generateCertificates(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertificates( inStream );
}
/**
Generates a CRL based on the encoded data read
from the InputStream.
The input stream must contain only one CRL.
If there exists a specialized CRL class for the
CRL format handled by the certificate factory
then the return CRL should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509CRL.
@param inStream an input stream containing the CRL data
@return a CRL initialized with InputStream data.
@throws CRLException CRL parsing error
*/
public final CRL generateCRL(InputStream inStream)
throws CRLException
{
return certFacSpi.engineGenerateCRL( inStream );
}
/**
Generates CRLs based on the encoded data read
from the InputStream.
For a X.509 certificate factory, the stream may contain a
single DER encoded CRL or a PKCS#7 CRL set. This is a
PKCS#7 <I>SignedData</I> object with the most significant
field being <I>crls</I>. If no CRLs are present, then an
empty collection is returned.
@param inStream an input stream containing the CRLs
@return a collection of CRLs initialized with
the InputStream data.
@throws CRLException CRL parsing error
*/
public final Collection generateCRLs(InputStream inStream)
throws CRLException
{
return certFacSpi.engineGenerateCRLs( inStream );
}
}

142
libjava/java/security/cert/CertificateFactorySpi.java Normal file
View file

@ -0,0 +1,142 @@
/* CertificateFactorySpi.java --- Certificate Factory Class
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.io.InputStream;
import java.util.Collection;
/**
CertificateFactorySpi is the abstract class Service Provider
Interface (SPI) for the CertificateFactory class. A provider
must implment all the abstract methods if they wish to
supply a certificate factory for a particular certificate
type. Ex: X.509
Certificate factories are used to generate certificates and
certificate revocation lists (CRL) from their encoding.
@since JDK 1.2
@author Mark Benvenuto
*/
public abstract class CertificateFactorySpi
{
/**
Constructs a new CertificateFactorySpi
*/
public CertificateFactorySpi()
{}
/**
Generates a Certificate based on the encoded data read
from the InputStream.
The input stream must contain only one certificate.
If there exists a specialized certificate class for the
certificate format handled by the certificate factory
then the return Ceritificate should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509Certificate.
For X.509 certificates, the certificate in inStream must be
DER encoded and supplied in binary or printable (Base64)
encoding. If the certificate is in Base64 encoding, it must be
bounded by -----BEGINCERTIFICATE-----, and
-----END CERTIFICATE-----.
@param inStream an input stream containing the certificate data
@return a certificate initialized with InputStream data.
@throws CertificateException Certificate parsing error
*/
public abstract Certificate engineGenerateCertificate(InputStream inStream)
throws CertificateException;
/**
Returns a collection of certificates that were read from the
input stream. It may be empty, have only one, or have
multiple certificates.
For a X.509 certificate factory, the stream may contain a
single DER encoded certificate or a PKCS#7 certificate
chain. This is a PKCS#7 <I>SignedData</I> object with the
most significant field being <I>certificates</I>. If no
CRLs are present, then an empty collection is returned.
@param inStream an input stream containing the certificates
@return a collection of certificates initialized with
the InputStream data.
@throws CertificateException Certificate parsing error
*/
public abstract Collection engineGenerateCertificates(InputStream inStream)
throws CertificateException;
/**
Generates a CRL based on the encoded data read
from the InputStream.
The input stream must contain only one CRL.
If there exists a specialized CRL class for the
CRL format handled by the certificate factory
then the return CRL should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509CRL.
@param inStream an input stream containing the CRL data
@return a CRL initialized with InputStream data.
@throws CRLException CRL parsing error
*/
public abstract CRL engineGenerateCRL(InputStream inStream)
throws CRLException;
/**
Generates CRLs based on the encoded data read
from the InputStream.
For a X.509 certificate factory, the stream may contain a
single DER encoded CRL or a PKCS#7 CRL set. This is a
PKCS#7 <I>SignedData</I> object with the most significant
field being <I>crls</I>. If no CRLs are present, then an
empty collection is returned.
@param inStream an input stream containing the CRLs
@return a collection of CRLs initialized with
the InputStream data.
@throws CRLException CRL parsing error
*/
public abstract Collection engineGenerateCRLs(InputStream inStream)
throws CRLException;
}

58
libjava/java/security/cert/CertificateNotYetValidException.java Normal file
View file

@ -0,0 +1,58 @@
/* CertificateNotYetValidException.java --- Certificate Not Yet Valid Exception
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
/**
Exception for a Certificate being not yet valid.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CertificateNotYetValidException extends CertificateException
{
/**
Constructs an CertificateNotYetValidException without a message string.
*/
public CertificateNotYetValidException()
{
super();
}
/**
Constructs an CertificateNotYetValidException with a message string.
@param msg A message to display with exception
*/
public CertificateNotYetValidException(String msg)
{
super( msg );
}
}

58
libjava/java/security/cert/CertificateParsingException.java Normal file
View file

@ -0,0 +1,58 @@
/* CertificateParsingException.java --- Certificate Parsing Exception
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
/**
Exception for a Certificate Parsing.
@since JDK 1.2
@author Mark Benvenuto
*/
public class CertificateParsingException extends CertificateException
{
/**
Constructs an CertificateParsingException without a message string.
*/
public CertificateParsingException()
{
super();
}
/**
Constructs an CertificateParsingException with a message string.
@param msg A message to display with exception
*/
public CertificateParsingException(String msg)
{
super( msg );
}
}

370
libjava/java/security/cert/X509CRL.java Normal file
View file

@ -0,0 +1,370 @@
/* X509CRL.java --- X.509 Certificate Revocation List
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.util.Date;
import java.util.Set;
/**
The X509CRL class is the abstract class used to manage
X.509 Certificate Revocation Lists. The CRL is a list of
time stamped entries which indicate which lists have been
revoked. The list is signed by a Certificate Authority (CA)
and made publically available in a repository.
Each revoked certificate in the CRL is identified by its
certificate serial number. When a piece of code uses a
certificate, the certificates validity is checked by
validating its signature and determing that it is not
only a recently acquired CRL. The recently aquired CRL
is depends on the local policy in affect. The CA issues
a new CRL periodically and entries are removed as the
certificate expiration date is reached
A description of the X.509 v2 CRL follows below from rfc2459.
"The X.509 v2 CRL syntax is as follows. For signature calculation,
the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
encoding is a tag, length, value encoding system for each element.
CertificateList ::= SEQUENCE {
tbsCertList TBSCertList,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, shall be v2
}"
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract class X509CRL extends CRL implements X509Extension
{
/**
Constructs a new X509CRL.
*/
protected X509CRL()
{
super("X.509");
}
/**
Compares this X509CRL to other. It checks if the
object if instanceOf X509CRL and then checks if
the encoded form matches.
@param other An Object to test for equality
@return true if equal, false otherwise
*/
public boolean equals(Object other)
{
if( other instanceof X509CRL ) {
try {
X509CRL x = (X509CRL) other;
if( getEncoded().length != x.getEncoded().length )
return false;
byte b1[] = getEncoded();
byte b2[] = x.getEncoded();
for( int i = 0; i < b1.length; i++ )
if( b1[i] != b2[i] )
return false;
} catch( CRLException crle ) {
return false;
}
return true;
}
return false;
}
/**
Returns a hash code for this X509CRL in its encoded
form.
@return A hash code of this class
*/
public int hashCode()
{
return super.hashCode();
}
/**
Gets the DER ASN.1 encoded format for this X.509 CRL.
@return byte array containg encoded form
@throws CRLException if an error occurs
*/
public abstract byte[] getEncoded() throws CRLException;
/**
Verifies that this CRL was properly signed with the
PublicKey that corresponds to its private key.
@param key PublicKey to verify with
@throws CRLException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException no provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key)
throws CRLException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Verifies that this CRL was properly signed with the
PublicKey that corresponds to its private key and uses
the signature engine provided by the provider.
@param key PublicKey to verify with
@param sigProvider Provider to use for signature algorithm
@throws CRLException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException incorrect provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key,
String sigProvider)
throws CRLException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Gets the version of this CRL.
The ASN.1 encoding is:
version Version OPTIONAL,
-- if present, shall be v2
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Consult rfc2459 for more information.
@return the version number, Ex: 1 or 2
*/
public abstract int getVersion();
/**
Returns the issuer (issuer distinguished name) of the CRL.
The issuer is the entity who signed and issued the
Certificate Revocation List.
The ASN.1 DER encoding is:
issuer Name,
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1.. MAX)),
bmpString BMPString (SIZE (1..MAX)) }
Consult rfc2459 for more information.
@return the issuer in the Principal class
*/
public abstract Principal getIssuerDN();
/**
Returns the thisUpdate date of the CRL.
The ASN.1 DER encoding is:
thisUpdate Time,
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@return the thisUpdate date
*/
public abstract Date getThisUpdate();
/*
Gets the nextUpdate field
The ASN.1 DER encoding is:
nextUpdate Time OPTIONAL,
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@return the nextUpdate date
*/
public abstract Date getNextUpdate();
/**
Gets the requeste dX509Entry for the specified
certificate serial number.
@return a X509CRLEntry representing the X.509 CRL entry
*/
public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
/**
Returns a Set of revoked certificates.
@return a set of revoked certificates.
*/
public abstract Set getRevokedCertificates();
/**
Returns the DER ASN.1 encoded tbsCertList which is
the basic information of the list and associated certificates
in the encoded state. See top for more information.
The ASN.1 DER encoding is:
tbsCertList TBSCertList,
Consult rfc2459 for more information.
@return byte array representing tbsCertList
*/
public abstract byte[] getTBSCertList() throws CRLException;
/**
Returns the signature for the CRL.
The ASN.1 DER encoding is:
signatureValue BIT STRING
Consult rfc2459 for more information.
*/
public abstract byte[] getSignature();
/**
Returns the signature algorithm used to sign the CRL.
An examples is "SHA-1/DSA".
The ASN.1 DER encoding is:
signatureAlgorithm AlgorithmIdentifier,
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Consult rfc2459 for more information.
The algorithm name is determined from the OID.
@return a string with the signature algorithm name
*/
public abstract String getSigAlgName();
/**
Returns the OID for the signature algorithm used.
Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
The ASN.1 DER encoding for the example is:
id-dsa-with-sha1 ID ::= {
iso(1) member-body(2) us(840) x9-57 (10040)
x9cm(4) 3 }
Consult rfc2459 for more information.
@return a string containing the OID.
*/
public abstract String getSigAlgOID();
/**
Returns the AlgorithmParameters in the encoded form
for the signature algorithm used.
If access to the parameters is need, create an
instance of AlgorithmParameters.
@return byte array containing algorithm parameters, null
if no parameters are present in CRL
*/
public abstract byte[] getSigAlgParams();
}

157
libjava/java/security/cert/X509CRLEntry.java Normal file
View file

@ -0,0 +1,157 @@
/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.math.BigInteger;
import java.util.Date;
/**
Abstract class for entries in the CRL (Certificate Revocation
List). The ASN.1 definition for <I>revokedCertificates</I> is
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
CertificateSerialNumber ::= INTEGER
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
For more information consult rfc2459.
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract class X509CRLEntry implements X509Extension
{
/**
Creates a new X509CRLEntry
*/
public X509CRLEntry()
{}
/**
Compares this X509CRLEntry to other. It checks if the
object if instanceOf X509CRLEntry and then checks if
the encoded form( the inner SEQUENCE) matches.
@param other An Object to test for equality
@return true if equal, false otherwise
*/
public boolean equals(Object other)
{
if( other instanceof X509CRLEntry ) {
try {
X509CRLEntry xe = (X509CRLEntry) other;
if( getEncoded().length != xe.getEncoded().length )
return false;
byte b1[] = getEncoded();
byte b2[] = xe.getEncoded();
for( int i = 0; i < b1.length; i++ )
if( b1[i] != b2[i] )
return false;
} catch( CRLException crle ) {
return false;
}
return true;
}
return false;
}
/**
Returns a hash code for this X509CRLEntry in its encoded
form.
@return A hash code of this class
*/
public int hashCode()
{
return super.hashCode();
}
/**
Gets the DER ASN.1 encoded format for this CRL Entry,
the inner SEQUENCE.
@return byte array containg encoded form
@throws CRLException if an error occurs
*/
public abstract byte[] getEncoded() throws CRLException;
/**
Gets the serial number for <I>userCertificate</I> in
this X509CRLEntry.
@return the serial number for this X509CRLEntry.
*/
public abstract BigInteger getSerialNumber();
/**
Gets the revocation date in <I>revocationDate</I> for
this X509CRLEntry.
@return the revocation date for this X509CRLEntry.
*/
public abstract Date getRevocationDate();
/**
Checks if this X509CRLEntry has extensions.
@return true if it has extensions, false otherwise
*/
public abstract boolean hasExtensions();
/**
Returns a string that represents this X509CRLEntry.
@return a string representing this X509CRLEntry.
*/
public abstract String toString();
}

444
libjava/java/security/cert/X509Certificate.java Normal file
View file

@ -0,0 +1,444 @@
/* X509Certificate.java --- X.509 Certificate class
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.util.Date;
/**
X509Certificate is the abstract class for X.509 certificates.
This provides a stanard class interface for accessing all
the attributes of X.509 certificates.
In June 1996, the basic X.509 v3 format was finished by
ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
These certificates are widely used in various Internet
protocols to support authentication. It is used in
Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
Secure Sockets Layer (SSL), code signing for trusted software
distribution, and Secure Electronic Transactions (SET).
The certificates are managed and vouched for by
<I>Certificate Authorities</I> (CAs). CAs are companies or
groups that create certificates by placing the data in the
X.509 certificate format and signing it with their private
key. CAs serve as trusted third parties by certifying that
the person or group specified in the certificate is who
they say they are.
The ASN.1 defintion for <I>tbsCertificate</I> is
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version shall be v3
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
Certificates are created with the CertificateFactory.
For more information about X.509 certificates, consult
rfc2459.
@since JDK 1.2
@author Mark Benvenuto
*/
public abstract class X509Certificate extends Certificate implements X509Extension
{
/**
Constructs a new certificate of the specified type.
*/
protected X509Certificate()
{
super( "X.509" );
}
/**
Checks the validity of the X.509 certificate. It is valid
if the current date and time are within the period specified
by the certificate.
The ASN.1 DER encoding is:
validity Validity,
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@throws CertificateExpiredException if the certificate expired
@throws CertificateNotYetValidException if the certificate is
not yet valid
*/
public abstract void checkValidity()
throws CertificateExpiredException,
CertificateNotYetValidException;
/**
Checks the validity of the X.509 certificate for the
specified time and date. It is valid if the specified
date and time are within the period specified by
the certificate.
@throws CertificateExpiredException if the certificate expired
based on the date
@throws CertificateNotYetValidException if the certificate is
not yet valid based on the date
*/
public abstract void checkValidity(Date date)
throws CertificateExpiredException,
CertificateNotYetValidException;
/**
Returns the version of this certificate.
The ASN.1 DER encoding is:
version [0] EXPLICIT Version DEFAULT v1,
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Consult rfc2459 for more information.
@return version number of certificate
*/
public abstract int getVersion();
/**
Gets the serial number for serial Number in
this Certifcate. It must be a unique number
unique other serial numbers from the granting CA.
The ASN.1 DER encoding is:
serialNumber CertificateSerialNumber,
CertificateSerialNumber ::= INTEGER
Consult rfc2459 for more information.
@return the serial number for this X509CRLEntry.
*/
public abstract BigInteger getSerialNumber();
/**
Returns the issuer (issuer distinguished name) of the
Certificate. The issuer is the entity who signed
and issued the Certificate.
The ASN.1 DER encoding is:
issuer Name,
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1.. MAX)),
bmpString BMPString (SIZE (1..MAX)) }
Consult rfc2459 for more information.
@return the issuer in the Principal class
*/
public abstract Principal getIssuerDN();
/**
Returns the subject (subject distinguished name) of the
Certificate. The subject is the entity who the Certificate
identifies.
The ASN.1 DER encoding is:
subject Name,
Consult rfc2459 for more information.
@return the issuer in the Principal class
*/
public abstract Principal getSubjectDN();
/**
Returns the date that this certificate is not to be used
before, <I>notBefore</I>.
The ASN.1 DER encoding is:
validity Validity,
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@return the date <I>notBefore</I>
*/
public abstract Date getNotBefore();
/**
Returns the date that this certificate is not to be used
after, <I>notAfter</I>.
@return the date <I>notAfter</I>
*/
public abstract Date getNotAfter();
/**
Returns the <I>tbsCertificate</I> from the certificate.
@return the DER encoded tbsCertificate
@throws CertificateEncodingException if encoding error occured
*/
public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
/**
Returns the signature in its raw DER encoded format.
The ASN.1 DER encoding is:
signatureValue BIT STRING
Consult rfc2459 for more information.
@return byte array representing signature
*/
public abstract byte[] getSignature();
/**
Returns the signature algorithm used to sign the CRL.
An examples is "SHA-1/DSA".
The ASN.1 DER encoding is:
signatureAlgorithm AlgorithmIdentifier,
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Consult rfc2459 for more information.
The algorithm name is determined from the OID.
@return a string with the signature algorithm name
*/
public abstract String getSigAlgName();
/**
Returns the OID for the signature algorithm used.
Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
The ASN.1 DER encoding for the example is:
id-dsa-with-sha1 ID ::= {
iso(1) member-body(2) us(840) x9-57 (10040)
x9cm(4) 3 }
Consult rfc2459 for more information.
@return a string containing the OID.
*/
public abstract String getSigAlgOID();
/**
Returns the AlgorithmParameters in the encoded form
for the signature algorithm used.
If access to the parameters is need, create an
instance of AlgorithmParameters.
@return byte array containing algorithm parameters, null
if no parameters are present in certificate
*/
public abstract byte[] getSigAlgParams();
/**
Returns the issuer unique ID for this certificate.
The ASN.1 DER encoding is:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
UniqueIdentifier ::= BIT STRING
Consult rfc2459 for more information.
@return bit representation of <I>issuerUniqueID</I>
*/
public abstract boolean[] getIssuerUniqueID();
/**
Returns the subject unique ID for this certificate.
The ASN.1 DER encoding is:
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
UniqueIdentifier ::= BIT STRING
Consult rfc2459 for more information.
@return bit representation of <I>subjectUniqueID</I>
*/
public abstract boolean[] getSubjectUniqueID();
/**
Returns a boolean array representing the <I>KeyUsage</I>
extension for the certificate. The KeyUsage (OID = 2.5.29.15)
defines the purpose of the key in the certificate.
The ASN.1 DER encoding is:
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
Consult rfc2459 for more information.
@return bit representation of <I>KeyUsage</I>
*/
public abstract boolean[] getKeyUsage();
/**
Returns the certificate constraints path length from the
critical BasicConstraints extension, (OID = 2.5.29.19).
The basic constraints extensions is used to determine if
the subject of the certificate is a Certificate Authority (CA)
and how deep the certification path may exist. The
<I>pathLenConstraint</I> only takes affect if <I>cA</I>
is set to true. "A value of zero indicates that only an
end-entity certificate may follow in the path." (rfc2459)
The ASN.1 DER encoding is:
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
Consult rfc2459 for more information.
@return the length of the path constraint if BasicConstraints
is present and cA is TRUE. Otherwise returns -1.
*/
public abstract int getBasicConstraints();
}

102
libjava/java/security/cert/X509Extension.java Normal file
View file

@ -0,0 +1,102 @@
/* X509Extension.java --- X.509 Extension
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
As a special exception, if you link this library with other files to
produce an executable, this library does not by itself cause the
resulting executable to be covered by the GNU General Public License.
This exception does not however invalidate any other reasons why the
executable file might be covered by the GNU General Public License. */
package java.security.cert;
import java.util.Set;
/**
Public abstract interface for the X.509 Extension.
This is used for X.509 v3 Certificates and CRL v2 (Certificate
Revocation Lists) for managing attributes assoicated with
Certificates, for managing the hierarchy of certificates,
and for managing the distribution of CRL. This extension
format is used to define private extensions.
Each extensions for a certificate or CRL must be marked
either critical or non-critical. If the certificate/CRL
system encounters a critical extension not recognized then
it must reject the certificate. A non-critical extension
may be just ignored if not recognized.
The ASN.1 definition for this class is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract interface X509Extension
{
/**
Returns true if the certificate contains a critical extension
that is not supported.
@return true if has unsupported extension, false otherwise
*/
public boolean hasUnsupportedCriticalExtension();
/**
Returns a set of the CRITICAL extension OIDs from the
certificate/CRL that the object implementing this interface
manages.
@return A Set containing the OIDs. If there are no CRITICAL
extensions or extensions at all this returns null.
*/
public Set getCriticalExtensionOIDs();
/**
Returns a set of the NON-CRITICAL extension OIDs from the
certificate/CRL that the object implementing this interface
manages.
@return A Set containing the OIDs. If there are no NON-CRITICAL
extensions or extensions at all this returns null.
*/
public Set getNonCriticalExtensionOIDs();
/**
Returns the DER encoded OCTET string for the specified
extension value identified by a OID. The OID is a string
of number seperated by periods. Ex: 12.23.45.67
*/
public byte[] getExtensionValue(String oid);
}