FreeChainXenon/gcc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial revision

Browse source 
From-SVN: r102074
This commit is contained in:
Tom Tromey 2005-07-16 00:30:23 +00:00
parent 6f4434b39b
commit f911ba985a
4557 changed files with 1000262 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

98
libjava/classpath/java/security/cert/CRL.java Normal file
View file

@ -0,0 +1,98 @@
/* CRL.java --- Certificate Revocation List
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
Certificate Revocation List class for managing CRLs that
have different formats but the same general use. They
all serve as lists of revoked certificates and can
be queried for a given certificate.
Specialized CRLs extend this class.
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract class CRL
{
private String type;
/**
Creates a new CRL for the specified type. An example
is "X.509".
@param type the standard name for the CRL type.
*/
protected CRL(String type)
{
this.type = type;
}
/**
Returns the CRL type.
@return a string representing the CRL type
*/
public final String getType()
{
return type;
}
/**
Returns a string representing the CRL.
@return a string representing the CRL.
*/
public abstract String toString();
/**
Determines whether or not the specified Certificate
is revoked.
@param cert A certificate to check if it is revoked
@return true if the certificate is revoked,
false otherwise.
*/
public abstract boolean isRevoked(Certificate cert);
}

73
libjava/classpath/java/security/cert/CRLException.java Normal file
View file

@ -0,0 +1,73 @@
/* CRLException.java -- Certificate Revocation List Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.GeneralSecurityException;
/**
* Exception for a Certificate Revocation List.
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
*/
public class CRLException extends GeneralSecurityException
{
/**
* Compatible with JDK 1.2+.
*/
private static final long serialVersionUID = -6694728944094197147L;
/**
* Constructs an CRLExceptionwithout a message string.
*/
public CRLException()
{
}
/**
* Constructs an CRLException with a message string.
*
* @param msg a message to display with exception
*/
public CRLException(String msg)
{
super(msg);
}
}

69
libjava/classpath/java/security/cert/CRLSelector.java Normal file
View file

@ -0,0 +1,69 @@
/* CRLSelector.java -- matches CRLs against criteria.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* A generic interface to classes that match certificate revocation
* lists (CRLs) to some given criteria. Implementations of this
* interface are useful for finding {@link CRL} objects in a {@link
* CertStore}.
*
* @see CertStore
* @see CertSelector
* @see X509CRLSelector
*/
public interface CRLSelector extends Cloneable
{
/**
* Returns a clone of this instance.
*
* @return The clone.
*/
Object clone();
/**
* Match a given certificate revocation list to this selector's
* criteria, returning true if it matches, false otherwise.
*
* @param crl The certificate revocation list to test.
* @return The boolean result of this test.
*/
boolean match(CRL crl);
}

252
libjava/classpath/java/security/cert/CertPath.java Normal file
View file

@ -0,0 +1,252 @@
/* CertPath.java -- a sequence of certificates
Copyright (C) 2002, 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.ByteArrayInputStream;
import java.io.NotSerializableException;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
/**
* This class represents an immutable sequence, or path, of security
* certificates. The path type must match the type of each certificate in the
* path, or in other words, for all instances of cert in a certpath object,
* <code>cert.getType().equals(certpath.getType())</code> will return true.
*
* <p>Since this class is immutable, it is thread-safe. During serialization,
* the path is consolidated into a {@link CertPathRep}, which preserves the
* data regardless of the underlying implementation of the path.
*
* @author Eric Blake (ebb9@email.byu.edu)
* @since 1.4
* @status updated to 1.4
*/
public abstract class CertPath implements Serializable
{
/**
* The serialized representation of a path.
*
* @author Eric Blake (ebb9@email.byu.edu)
*/
protected static class CertPathRep implements Serializable
{
/**
* Compatible with JDK 1.4+.
*/
private static final long serialVersionUID = 3015633072427920915L;
/**
* The certificate type.
*
* @serial the type of the certificate path
*/
private final String type;
/**
* The encoded form of the path.
*
* @serial the encoded form
*/
private final byte[] data;
/**
* Create the new serial representation.
*
* @param type the path type
* @param data the encoded path data
*/
protected CertPathRep(String type, byte[] data)
{
this.type = type;
this.data = data;
}
/**
* Decode the data into an actual {@link CertPath} upon deserialization.
*
* @return the replacement object
* @throws ObjectStreamException if replacement fails
*/
protected Object readResolve() throws ObjectStreamException
{
try
{
return CertificateFactory.getInstance(type)
.generateCertPath(new ByteArrayInputStream(data));
}
catch (CertificateException e)
{
throw (ObjectStreamException)
new NotSerializableException("java.security.cert.CertPath: "
+ type).initCause(e);
}
}
} // class CertPathRep
/**
* Compatible with JDK 1.4+.
*/
private static final long serialVersionUID = 6068470306649138683L;
/**
* The path type.
*
* @serial the type of all certificates in this path
*/
private final String type;
/**
* Create a certificate path with the given type. Most code should use
* {@link CertificateFactory} to create CertPaths.
*
* @param type the type of the path
*/
protected CertPath(String type)
{
this.type = type;
}
/**
* Get the (non-null) type of all certificates in the path.
*
* @return the path certificate type
*/
public String getType()
{
return type;
}
/**
* Get an immutable iterator over the path encodings (all String names),
* starting with the default encoding. The iterator will throw an
* <code>UnsupportedOperationException</code> if an attempt is made to
* remove items from the list.
*
* @return the iterator of supported encodings in the path
*/
public abstract Iterator getEncodings();
/**
* Compares this path to another for semantic equality. To be equal, both
* must be instances of CertPath, with the same type, and identical
* certificate lists. Overriding classes must not change this behavior.
*
* @param o the object to compare to
* @return true if the two are equal
*/
public boolean equals(Object o)
{
if (! (o instanceof CertPath))
return false;
CertPath cp = (CertPath) o;
return type.equals(cp.type)
&& getCertificates().equals(cp.getCertificates());
}
/**
* Returns the hashcode of this certificate path. This is defined as:<br>
* <code>31 * getType().hashCode() + getCertificates().hashCode()</code>.
*
* @return the hashcode
*/
public int hashCode()
{
return 31 * type.hashCode() + getCertificates().hashCode();
}
public String toString()
{
List l = getCertificates();
int size = l.size();
int i = 0;
StringBuffer result = new StringBuffer(type);
result.append(" Cert Path: length = ").append(size).append(".\n[\n");
while (--size >= 0)
result.append(l.get(i++)).append('\n');
return result.append("\n]").toString();
}
/**
* Returns the encoded form of this path, via the default encoding.
*
* @return the encoded form
* @throws CertificateEncodingException if encoding fails
*/
public abstract byte[] getEncoded() throws CertificateEncodingException;
/**
* Returns the encoded form of this path, via the specified encoding.
*
* @param encoding the encoding to use
* @return the encoded form
* @throws CertificateEncodingException if encoding fails or does not exist
*/
public abstract byte[] getEncoded(String encoding)
throws CertificateEncodingException;
/**
* Returns the immutable, thread-safe list of certificates in this path.
*
* @return the list of certificates, non-null but possibly empty
*/
public abstract List getCertificates();
/**
* Serializes the path in its encoded form, to ensure reserialization with
* the appropriate factory object without worrying about list implementation.
* The result will always be an instance of {@link CertPathRep}.
*
* @return the replacement object
* @throws ObjectStreamException if the replacement creation fails
*/
protected Object writeReplace() throws ObjectStreamException
{
try
{
return new CertPathRep(type, getEncoded());
}
catch (CertificateEncodingException e)
{
throw (ObjectStreamException)
new NotSerializableException("java.security.cert.CertPath: "
+ type).initCause(e);
}
}
} // class CertPath

238
libjava/classpath/java/security/cert/CertPathBuilder.java Normal file
View file

@ -0,0 +1,238 @@
/* CertPathBuilder.java -- bulids CertPath objects from Certificates.
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.java.security.Engine;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
/**
* This class builds certificate paths (also called certificate chains),
* which can be used to establish trust for a particular certificate by
* building a path from a trusted certificate (a trust anchor) to the
* untrusted certificate.
*
* @see CertPath
*/
public class CertPathBuilder
{
// Constants and fields.
// ------------------------------------------------------------------------
/** Service name for CertPathBuilder. */
private static final String CERT_PATH_BUILDER = "CertPathBuilder";
/** The underlying implementation. */
private CertPathBuilderSpi cpbSpi;
/** The provider of this implementation. */
private Provider provider;
/** The name of this implementation. */
private String algorithm;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new CertPathBuilder.
*
* @param cpbSpi The underlying implementation.
* @param provider The provider of the implementation.
* @param algorithm This implementation's name.
*/
protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider,
String algorithm)
{
this.cpbSpi = cpbSpi;
this.provider = provider;
this.algorithm = algorithm;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Get the default cert path builder type.
*
* <p>This value can be set at run-time by the security property
* <code>"certpathbuilder.type"</code>. If this property is not set,
* then the value returned is <code>"PKIX"</code>.
*
* @return The default CertPathBuilder algorithm.
*/
public static final String getDefaultType()
{
String type = Security.getProperty("certpathbuilder.type");
if (type == null)
type = "PKIX";
return type;
}
/**
* Get an instance of a named CertPathBuilder, from the first provider
* that implements it.
*
* @param algorithm The name of the CertPathBuilder to create.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the named algorithm.
*/
public static CertPathBuilder getInstance(String algorithm)
throws NoSuchAlgorithmException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(algorithm, p[i]);
}
catch (NoSuchAlgorithmException e)
{
// Ignored.
}
}
throw new NoSuchAlgorithmException(algorithm);
}
/**
* Get an instance of a named CertPathBuilder from the named
* provider.
*
* @param algorithm The name of the CertPathBuilder to create.
* @param provider The name of the provider from which to get the
* implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the named algorithm.
* @throws NoSuchProviderException If the named provider does not
* exist.
*/
public static CertPathBuilder getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if (p == null)
throw new NoSuchProviderException(provider);
return getInstance(algorithm, p);
}
/**
* Get an instance of a named CertPathBuilder from the specified
* provider.
*
* @param algorithm The name of the CertPathBuilder to create.
* @param provider The provider from which to get the implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the named algorithm.
* @throws IllegalArgumentException If <i>provider</i> in
* <tt>null</tt>.
*/
public static CertPathBuilder getInstance(String algorithm, Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertPathBuilder((CertPathBuilderSpi)
Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider),
provider, algorithm);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the name of this CertPathBuilder algorithm.
*
* @return The algorithm name.
*/
public final String getAlgorithm()
{
return algorithm;
}
/**
* Return the provider of this instance's implementation.
*
* @return The provider.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Builds a certificate path. The {@link CertPathParameters} parameter
* passed to this method is implementation-specific, but in general
* should contain some number of certificates and some number of
* trusted certificates (or "trust anchors").
*
* @param params The parameters.
* @retrun The certificate path result.
* @throws CertPathBuilderException If the certificate path cannot be
* built.
* @throws InvalidAlgorithmParameterException If the implementation
* rejects the specified parameters.
*/
public final CertPathBuilderResult build(CertPathParameters params)
throws CertPathBuilderException, InvalidAlgorithmParameterException
{
return cpbSpi.engineBuild(params);
}
}

159
libjava/classpath/java/security/cert/CertPathBuilderException.java Normal file
View file

@ -0,0 +1,159 @@
/* CertPathBuilderException.java -- wraps an exception during certificate
path building
Copyright (C) 2002, 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.security.GeneralSecurityException;
/**
* Indicates a problem while using a <code>CertPathBuilder</code>, wrapping
* the lower exception. This class is not thread-safe.
*
* @author Eric Blake (ebb9@email.byu.edu)
* @see CertPathBuilder
* @since 1.4
* @status updated to 1.4
*/
public class CertPathBuilderException extends GeneralSecurityException
{
/**
* Compatible with JDK 1.4+.
*/
private static final long serialVersionUID = 5316471420178794402L;
/**
* Create an exception without a message. The cause may be initialized.
*/
public CertPathBuilderException()
{
}
/**
* Create an exception with a message. The cause may be initialized.
*
* @param msg a message to display with exception
*/
public CertPathBuilderException(String msg)
{
super(msg);
}
/**
* Create an exception with a cause. The message will be
* <code>cause == null ? null : cause.toString()</code>.
*
* @param cause the cause
*/
public CertPathBuilderException(Throwable cause)
{
this(cause == null ? null : cause.toString(), cause);
}
/**
* Create an exception with a cause and a message.
*
* @param msg the message
* @param cause the cause
*/
public CertPathBuilderException(String msg, Throwable cause)
{
super(msg);
initCause(cause);
}
/**
* Get the detail message.
*
* @return the detail message
*/
public String getMessage()
{
return super.getMessage();
}
/**
* Get the cause, null if unknown.
*
* @return the cause
*/
public Throwable getCause()
{
return super.getCause();
}
/**
* Convert this to a string, including its cause.
*
* @return the string conversion
*/
public String toString()
{
return super.toString();
}
/**
* Print the stack trace to <code>System.err</code>.
*/
public void printStackTrace()
{
super.printStackTrace();
}
/**
* Print the stack trace to a stream.
*
* @param stream the stream
*/
public void printStackTrace(PrintStream stream)
{
super.printStackTrace(stream);
}
/**
* Print the stack trace to a stream.
*
* @param stream the stream
*/
public void printStackTrace(PrintWriter stream)
{
super.printStackTrace(stream);
}
}

63
libjava/classpath/java/security/cert/CertPathBuilderResult.java Normal file
View file

@ -0,0 +1,63 @@
/* CertPathBuilderResult -- results from building cert paths.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* A standard interface for the result of building a certificate path.
* All implementations of this class must provide a way to get the
* certificate path, but may also define additional methods for
* returning other result data generated by the certificate path
* builder.
*/
public interface CertPathBuilderResult extends Cloneable {
/**
* Creates a copy of this builder result.
*
* @return The copy.
*/
Object clone();
/**
* Get the certificate path that was built.
*
* @retrn The certificate path.
*/
CertPath getCertPath();
}

74
libjava/classpath/java/security/cert/CertPathBuilderSpi.java Normal file
View file

@ -0,0 +1,74 @@
/* CertPathBuilderSpi -- CertPathBuilder service provider interface.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* The {@link CertPathBuilder} <i>Service Provider Interface</i>
* (<b>SPI</b>).
*
* @see CertPathBuilder
*/
public abstract class CertPathBuilderSpi {
// Constructors.
// ------------------------------------------------------------------------
/**
* Creates a new CertPathBuilderSpi.
*/
public CertPathBuilderSpi() {
super();
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Creates a certificate path from the specified parameters.
*
* @param params The parameters to use.
* @return The certificate path result.
* @throws CertPathBuilderException If the certificate path cannot be
* built.
* @throws java.security.InvalidAlgorithmParameterException If the
* implementation rejects the specified parameters.
*/
public abstract CertPathBuilderResult engineBuild(CertPathParameters params)
throws CertPathBuilderException,
java.security.InvalidAlgorithmParameterException;
}

58
libjava/classpath/java/security/cert/CertPathParameters.java Normal file
View file

@ -0,0 +1,58 @@
/* CertPathParameters.java -- parameters for CertPathBuilder.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Parameters for generating and validating certificate paths. This
* class does not define any methods (except a required cloneable
* interface) and is provided only to provide type safety for
* implementations. Concrete implementations implement this interface
* in accord with thier own needs.
*
* @see CertPathBuilder
* @see CertPathValidator
*/
public interface CertPathParameters extends Cloneable {
/**
* Makes a copy of this CertPathParameters instance.
*
* @return The copy.
*/
Object clone();
}

249
libjava/classpath/java/security/cert/CertPathValidator.java Normal file
View file

@ -0,0 +1,249 @@
/* CertPathValidator -- validates certificate paths.
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.java.security.Engine;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
/**
* Generic interface to classes that validate certificate paths.
*
* <p>Using this class is similar to all the provider-based security
* classes; the method of interest, {@link
* #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
* which takes provider-specific implementations of {@link
* CertPathParameters}, and return provider-specific implementations of
* {@link CertPathValidatorResult}.
*
* @since JDK 1.4
* @see CertPath
*/
public class CertPathValidator {
// Constants and fields.
// ------------------------------------------------------------------------
/** Service name for CertPathValidator. */
private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
/** The underlying implementation. */
private final CertPathValidatorSpi validatorSpi;
/** The provider of this implementation. */
private final Provider provider;
/** The algorithm's name. */
private final String algorithm;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new CertPathValidator.
*
* @param validatorSpi The underlying implementation.
* @param provider The provider of the implementation.
* @param algorithm The algorithm name.
*/
protected CertPathValidator(CertPathValidatorSpi validatorSpi,
Provider provider, String algorithm)
{
this.validatorSpi = validatorSpi;
this.provider = provider;
this.algorithm = algorithm;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Returns the default validator type.
*
* <p>This value may be set at run-time via the security property
* "certpathvalidator.type", or the value "PKIX" if this property is
* not set.
*
* @return The default validator type.
*/
public static synchronized String getDefaultType() {
String type = (String) AccessController.doPrivileged(
new PrivilegedAction()
{
public Object run()
{
return Security.getProperty("certpathvalidator.type");
}
}
);
if (type == null)
type = "PKIX";
return type;
}
/**
* Get an instance of the given validator from the first provider that
* implements it.
*
* @param algorithm The name of the algorithm to get.
* @return The new instance.
* @throws NoSuchAlgorithmException If no installed provider
* implements the requested algorithm.
*/
public static CertPathValidator getInstance(String algorithm)
throws NoSuchAlgorithmException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(algorithm, p[i]);
}
catch (NoSuchAlgorithmException e)
{
// Ignored.
}
}
throw new NoSuchAlgorithmException(algorithm);
}
/**
* Get an instance of the given validator from the named provider.
*
* @param algorithm The name of the algorithm to get.
* @param provider The name of the provider from which to get the
* implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If the named provider does not
* implement the algorithm.
* @throws NoSuchProviderException If no provider named
* <i>provider</i> is installed.
*/
public static CertPathValidator getInstance(String algorithm,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if (p == null)
throw new NoSuchProviderException(provider);
return getInstance(algorithm, p);
}
/**
* Get an instance of the given validator from the given provider.
*
* @param algorithm The name of the algorithm to get.
* @param provider The provider from which to get the implementation.
* @return The new instance.
* @throws NoSuchAlgorithmException If the provider does not implement
* the algorithm.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertPathValidator getInstance(String algorithm,
Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertPathValidator((CertPathValidatorSpi)
Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider),
provider, algorithm);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new NoSuchAlgorithmException(algorithm);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(algorithm);
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the name of this validator.
*
* @return This validator's name.
*/
public final String getAlgorithm()
{
return algorithm;
}
/**
* Return the provider of this implementation.
*
* @return The provider.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Attempt to validate a certificate path.
*
* @param certPath The path to validate.
* @param params The algorithm-specific parameters.
* @return The result of this validation attempt.
* @throws CertPathValidatorException If the certificate path cannot
* be validated.
* @throws InvalidAlgorithmParameterException If this implementation
* rejects the specified parameters.
*/
public final CertPathValidatorResult validate(CertPath certPath,
CertPathParameters params)
throws CertPathValidatorException, InvalidAlgorithmParameterException
{
return validatorSpi.engineValidate(certPath, params);
}
}

226
libjava/classpath/java/security/cert/CertPathValidatorException.java Normal file
View file

@ -0,0 +1,226 @@
/* CertPathValidatorException.java -- wraps an exception during validation
of a CertPath
Copyright (C) 2002, 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.security.GeneralSecurityException;
/**
* Indicates a problem while validating a certification path. In addition,
* it can store the path an index in that path that caused the problem. This
* class is not thread-safe.
*
* @author Eric Blake (ebb9@email.byu.edu)
* @see CertPathValidator
* @since 1.4
* @status updated to 1.4
*/
public class CertPathValidatorException extends GeneralSecurityException
{
/**
* Compatible with JDK 1.4+.
*/
private static final long serialVersionUID = -3083180014971893139L;
/**
* The index of the certificate path that failed, or -1.
*
* @serial the failed index
*/
private final int index;
/**
* The <code>CertPath</code> that failed.
*
* @serial the object being validated at time of failure
*/
private final CertPath certPath;
/**
* Create an exception without a message. The cause may be initialized. The
* index is set to -1 and the failed CertPath object to null.
*/
public CertPathValidatorException()
{
this((String) null);
}
/**
* Create an exception with a message. The cause may be initialized. The
* index is set to -1 and the failed CertPath object to null.
*
* @param msg a message to display with exception
*/
public CertPathValidatorException(String msg)
{
super(msg);
index = -1;
certPath = null;
}
/**
* Create an exception with a cause. The message will be
* <code>cause == null ? null : cause.toString()</code>. The index is set
* to -1 and the failed CertPath object to null.
*
* @param cause the cause
*/
public CertPathValidatorException(Throwable cause)
{
this(cause == null ? null : cause.toString(), cause, null, -1);
}
/**
* Create an exception with a cause and a message. The index is set to -1
* and the failed CertPath object to null.
*
* @param msg the message
* @param cause the cause
*/
public CertPathValidatorException(String msg, Throwable cause)
{
this(msg, cause, null, -1);
}
/**
* Create an exception with a cause, message, failed object, and index of
* failure in that CertPath.
*
* @param msg the message
* @param cause the cause
* @param certPath the path that was being validated, or null
* @param index the index of the path, or -1
* @throws IndexOutOfBoundsException if index is &lt; -1 or
* &gt; certPath.getCertificates().size()
* @throws IllegalArgumentException if certPath is null but index != -1
*/
public CertPathValidatorException(String msg, Throwable cause,
CertPath certPath, int index)
{
super(msg);
initCause(cause);
if (index < -1 || (certPath != null
&& index >= certPath.getCertificates().size()))
throw new IndexOutOfBoundsException();
if ((certPath == null) != (index == -1))
throw new IllegalArgumentException();
this.certPath = certPath;
this.index = index;
}
/**
* Get the detail message.
*
* @return the detail message
*/
public String getMessage()
{
return super.getMessage();
}
/**
* Get the certificate path that had the failure, or null.
*
* @return the culprit path
*/
public CertPath getCertPath()
{
return certPath;
}
/**
* Get the index that failed, or -1.
*
* @return the colprit index
*/
public int getIndex()
{
return index;
}
/**
* Get the cause, null if unknown.
*
* @return the cause
*/
public Throwable getCause()
{
return super.getCause();
}
/**
* Convert this to a string, including its cause.
*
* @return the string conversion
*/
public String toString()
{
return super.toString();
}
/**
* Print the stack trace to <code>System.err</code>.
*/
public void printStackTrace()
{
super.printStackTrace();
}
/**
* Print the stack trace to a stream.
*
* @param stream the stream
*/
public void printStackTrace(PrintStream stream)
{
super.printStackTrace(stream);
}
/**
* Print the stack trace to a stream.
*
* @param stream the stream
*/
public void printStackTrace(PrintWriter stream)
{
super.printStackTrace(stream);
}
}

63
libjava/classpath/java/security/cert/CertPathValidatorResult.java Normal file
View file

@ -0,0 +1,63 @@
/* CertPathValidatorResult -- result of validating certificate paths
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Interface to the result of calling {@link
* CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}.
*
* <p>This interface defines no methods other than the required
* {@link java.lang.Cloneable} interface, and is intended to group and
* provide type safety for validator results. Providers that implement
* a certificate path validator must also provide an implementation of
* this interface, possibly defining additional methods.
*
* @since JDK 1.4
* @see CertPathValidator
*/
public interface CertPathValidatorResult extends Cloneable
{
/**
* Returns a copy of this validator result.
*
* @return The copy.
*/
Object clone();
}

79
libjava/classpath/java/security/cert/CertPathValidatorSpi.java Normal file
View file

@ -0,0 +1,79 @@
/* CertPathValidatorSpi -- cert path validator service provider interface
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* The <i>service provider interface</i> (<b>SPI</b>) for the {@link
* CertPathValidator} class. Providers implementing certificate path
* validators must subclass this class and implement its abstract
* methods.
*/
public abstract class CertPathValidatorSpi
{
// Constructor.
// ------------------------------------------------------------------------
/**
* Default constructor.
*/
public CertPathValidatorSpi()
{
super();
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Attempt to validate a certificate path.
*
* @param certPath The path to validate.
* @param params The algorithm-specific parameters.
* @return The result of this validation attempt.
* @throws CertPathValidatorException If the certificate path cannot
* be validated.
* @throws InvalidAlgorithmParameterException If this implementation
* rejects the specified parameters.
*/
public abstract CertPathValidatorResult
engineValidate(CertPath certPath, CertPathParameters params)
throws CertPathValidatorException,
java.security.InvalidAlgorithmParameterException;
}

58
libjava/classpath/java/security/cert/CertSelector.java Normal file
View file

@ -0,0 +1,58 @@
/* CertSelector.java -- certificate selector interface.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
public interface CertSelector extends Cloneable
{
/**
* Returns a copy of this CertSelector.
*
* @return The copy.
*/
Object clone();
/**
* Match a certificate according to this selector's criteria.
*
* @param cert The certificate to match.
* @return true if the certificate matches thin criteria.
*/
boolean match(Certificate cert);
}

294
libjava/classpath/java/security/cert/CertStore.java Normal file
View file

@ -0,0 +1,294 @@
/* CertStore -- stores and retrieves certificates.
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.java.security.Engine;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
/**
* A CertStore is a read-only repository for certificates and
* certificate revocation lists.
*
* @since JDK 1.4
*/
public class CertStore
{
// Constants and fields.
// ------------------------------------------------------------------------
/** Service name for CertStore. */
private static final String CERT_STORE = "CertStore";
/** The underlying implementation. */
private CertStoreSpi storeSpi;
/** This implementation's provider. */
private Provider provider;
/** The name of this key store type. */
private String type;
/** The parameters used to initialize this instance, if any. */
private CertStoreParameters params;
// Constructor.
// ------------------------------------------------------------------------
/**
* Create a new CertStore.
*
* @param storeSpi The underlying implementation.
* @param provider The provider of this implementation.
* @param type The type of CertStore this class represents.
* @param params The parameters used to initialize this instance, if any.
*/
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type,
CertStoreParameters params)
{
this.storeSpi = storeSpi;
this.provider = provider;
this.type = type;
this.params = params;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Returns the default certificate store type.
*
* <p>This value can be set at run-time via the security property
* "certstore.type"; if not specified than the default type will be
* "LDAP".
*
* @return The default CertStore type.
*/
public static final synchronized String getDefaultType()
{
String type = null;
type = (String) java.security.AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
return Security.getProperty("certstore.type");
}
}
);
if (type == null)
type = "LDAP";
return type;
}
/**
* Get an instance of the given certificate store from the first
* installed provider.
*
* @param type The type of CertStore to create.
* @param params The parameters to initialize this cert store with.
* @return The new instance.
* @throws InvalidAlgorithmParameterException If the instance rejects
* the specified parameters.
* @throws NoSuchAlgorithmException If no installed provider
* implements the specified CertStore.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertStore getInstance(String type, CertStoreParameters params)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(type, params, p[i]);
}
catch (NoSuchAlgorithmException e)
{
// Ignored.
}
}
throw new NoSuchAlgorithmException(type);
}
/**
* Get an instance of the given certificate store from the named
* provider.
*
* @param type The type of CertStore to create.
* @param params The parameters to initialize this cert store with.
* @param provider The name of the provider from which to get the
* implementation.
* @return The new instance.
* @throws InvalidAlgorithmParameterException If the instance rejects
* the specified parameters.
* @throws NoSuchAlgorithmException If the specified provider does not
* implement the specified CertStore.
* @throws NoSuchProviderException If no provider named
* <i>provider</i> is installed.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertStore getInstance(String type, CertStoreParameters params,
String provider)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if (p == null)
throw new NoSuchProviderException(provider);
return getInstance(type, params, p);
}
/**
* Get an instance of the given certificate store from the given
* provider.
*
* @param type The type of CertStore to create.
* @param params The parameters to initialize this cert store with.
* @param provider The provider from which to get the implementation.
* @return The new instance.
* @throws InvalidAlgorithmParameterException If the instance rejects
* the specified parameters.
* @throws NoSuchAlgorithmException If the specified provider does not
* implement the specified CertStore.
* @throws IllegalArgumentException If <i>provider</i> is null.
*/
public static CertStore getInstance(String type, CertStoreParameters params,
Provider provider)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertStore((CertStoreSpi) Engine.getInstance(CERT_STORE,
type, provider, new Object[] { params }), provider, type, params);
}
catch (ClassCastException cce)
{
throw new NoSuchAlgorithmException(type);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
Throwable cause = ite.getCause();
if (cause instanceof InvalidAlgorithmParameterException)
throw (InvalidAlgorithmParameterException) cause;
else
throw new NoSuchAlgorithmException(type);
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the type of certificate store this instance represents.
*
* @return The CertStore type.
*/
public final String getType()
{
return type;
}
/**
* Return the provider of this implementation.
*
* @return The provider.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Get the parameters this instance was created with, if any. The
* parameters will be cloned before they are returned.
*
* @return The parameters, or null.
*/
public final CertStoreParameters getCertStoreParameters()
{
return params != null ? (CertStoreParameters) params.clone() : null;
}
/**
* Get a collection of certificates from this CertStore, optionally
* filtered by the specified CertSelector. The Collection returned may
* be empty, but will never be null.
*
* <p>Implementations may not allow a null argument, even if no
* filtering is desired.
*
* @param selector The certificate selector.
* @return The collection of certificates.
* @throws CertStoreException If the certificates cannot be retrieved.
*/
public final Collection getCertificates(CertSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCertificates(selector);
}
/**
* Get a collection of certificate revocation lists from this CertStore,
* optionally filtered by the specified CRLSelector. The Collection
* returned may be empty, but will never be null.
*
* <p>Implementations may not allow a null argument, even if no
* filtering is desired.
*
* @param selector The certificate selector.
* @return The collection of certificate revocation lists.
* @throws CertStoreException If the CRLs cannot be retrieved.
*/
public final Collection getCRLs(CRLSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCRLs(selector);
}
}

159
libjava/classpath/java/security/cert/CertStoreException.java Normal file
View file

@ -0,0 +1,159 @@
/* CertStoreException.java -- wraps an exception during certificate storage
Copyright (C) 2002, 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.security.GeneralSecurityException;
/**
* Indicates a problem while retrieving certificates and CRLs from
* <code>CertStore</code>, wrapping the lower exception. This class is not
* thread-safe.
*
* @author Eric Blake (ebb9@email.byu.edu)
* @see CertStore
* @since 1.4
* @status updated to 1.4
*/
public class CertStoreException extends GeneralSecurityException
{
/**
* Compatible with JDK 1.4+.
*/
private static final long serialVersionUID = 2395296107471573245L;
/**
* Create an exception without a message. The cause may be initialized.
*/
public CertStoreException()
{
}
/**
* Create an exception with a message. The cause may be initialized.
*
* @param msg a message to display with exception
*/
public CertStoreException(String msg)
{
super(msg);
}
/**
* Create an exception with a cause. The message will be
* <code>cause == null ? null : cause.toString()</code>.
*
* @param cause the cause
*/
public CertStoreException(Throwable cause)
{
this(cause == null ? null : cause.toString(), cause);
}
/**
* Create an exception with a cause and a message.
*
* @param msg the message
* @param cause the cause
*/
public CertStoreException(String msg, Throwable cause)
{
super(msg);
initCause(cause);
}
/**
* Get the detail message.
*
* @return the detail message
*/
public String getMessage()
{
return super.getMessage();
}
/**
* Get the cause, null if unknown.
*
* @return the cause
*/
public Throwable getCause()
{
return super.getCause();
}
/**
* Convert this to a string, including its cause.
*
* @return the string conversion
*/
public String toString()
{
return super.toString();
}
/**
* Print the stack trace to <code>System.err</code>.
*/
public void printStackTrace()
{
super.printStackTrace();
}
/**
* Print the stack trace to a stream.
*
* @param stream the stream
*/
public void printStackTrace(PrintStream stream)
{
super.printStackTrace(stream);
}
/**
* Print the stack trace to a stream.
*
* @param stream the stream
*/
public void printStackTrace(PrintWriter stream)
{
super.printStackTrace(stream);
}
}

60
libjava/classpath/java/security/cert/CertStoreParameters.java Normal file
View file

@ -0,0 +1,60 @@
/* CertStoreParameters -- interface to CertStore parameters.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Parameters used when creating instances of {@link CertStore}. This
* class does not define any methods (except a required cloneable
* interface) and is provided only to provide type safety for
* implementations. Concrete implementations implement this interface
* in accord with thier own needs.
*
* @see LDAPCertStoreParameters
* @see CollectionCertStoreParameters
*/
public interface CertStoreParameters extends Cloneable
{
/**
* Create a copy of these parameters.
*
* @return The copy.
*/
Object clone();
}

102
libjava/classpath/java/security/cert/CertStoreSpi.java Normal file
View file

@ -0,0 +1,102 @@
/* CertStoreSpi -- certificate store service provider interface.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.Collection;
/**
* The <i>service provider interface</i> (<b>SPI</b>) for the {@link
* CertStore} class.
*
* <p>Providers wishing to implement a CertStore must subclass this
* class, implementing all the abstract methods. Providers may also
* implement the {@link CertStoreParameters} interface, if they require
* parameters.
*
* @since JDK 1.4
* @see CertStore
* @see CollectionCertStoreParameters
* @see LDAPCertStoreParameters
*/
public abstract class CertStoreSpi
{
// Constructors.
// ------------------------------------------------------------------------
/**
* Creates a new CertStoreSpi.
*
* @param params The parameters to initialize this instance with, or
* null if no parameters are required.
* @throws InvalidAlgorithmParameterException If the specified
* parameters are inappropriate for this class.
*/
public CertStoreSpi(CertStoreParameters params)
throws java.security.InvalidAlgorithmParameterException
{
super();
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Get the certificates from this store, filtering them through the
* specified CertSelector.
*
* @param selector The CertSelector to filter certificates.
* @return A (non-null) collection of certificates.
* @throws CertStoreException If the certificates cannot be retrieved.
*/
public abstract Collection engineGetCertificates(CertSelector selector)
throws CertStoreException;
/**
* Get the certificate revocation list from this store, filtering them
* through the specified CRLSelector.
*
* @param selector The CRLSelector to filter certificate revocation
* lists.
* @return A (non-null) collection of certificate revocation list.
* @throws CertStoreException If the CRLs cannot be retrieved.
*/
public abstract Collection engineGetCRLs(CRLSelector selector)
throws CertStoreException;
}

306
libjava/classpath/java/security/cert/Certificate.java Normal file
View file

@ -0,0 +1,306 @@
/* Certificate.java --- Certificate class
Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.ByteArrayInputStream;
import java.io.InvalidObjectException;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
/**
* The Certificate class is an abstract class used to manage
* identity certificates. An identity certificate is a
* combination of a principal and a public key which is
* certified by another principal. This is the puprose of
* Certificate Authorities (CA).
*
* <p>This class is used to manage different types of certificates
* but have important common puposes. Different types of
* certificates like X.509 and OpenPGP share general certificate
* functions (like encoding and verifying) and information like
* public keys.
*
* <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this
* class even though they differ in storage methods and information
* stored.
*
* @see CertificateFactory
* @see X509Certificate
* @since JDK 1.2
* @author Mark Benvenuto
* @author Casey Marshall
*/
public abstract class Certificate implements Serializable
{
private static final long serialVersionUID = -6751606818319535583L;
private String type;
/**
Constructs a new certificate of the specified type. An example
is "X.509".
@param type a valid standard name for a certificate.
*/
protected Certificate(String type)
{
this.type = type;
}
/**
Returns the Certificate type.
@return a string representing the Certificate type
*/
public final String getType()
{
return type;
}
/**
Compares this Certificate to other. It checks if the
object if instanceOf Certificate and then checks if
the encoded form matches.
@param other An Object to test for equality
@return true if equal, false otherwise
*/
public boolean equals(Object other)
{
if( other instanceof Certificate ) {
try {
Certificate x = (Certificate) other;
if( getEncoded().length != x.getEncoded().length )
return false;
byte[] b1 = getEncoded();
byte[] b2 = x.getEncoded();
for( int i = 0; i < b1.length; i++ )
if( b1[i] != b2[i] )
return false;
} catch( CertificateEncodingException cee ) {
return false;
}
return true;
}
return false;
}
/**
Returns a hash code for this Certificate in its encoded
form.
@return A hash code of this class
*/
public int hashCode()
{
return super.hashCode();
}
/**
Gets the DER ASN.1 encoded format for this Certificate.
It assumes each certificate has only one encoding format.
Ex: X.509 is encoded as ASN.1 DER
@return byte array containg encoded form
@throws CertificateEncodingException if an error occurs
*/
public abstract byte[] getEncoded() throws CertificateEncodingException;
/**
Verifies that this Certificate was properly signed with the
PublicKey that corresponds to its private key.
@param key PublicKey to verify with
@throws CertificateException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException no provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key)
throws CertificateException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Verifies that this Certificate was properly signed with the
PublicKey that corresponds to its private key and uses
the signature engine provided by the provider.
@param key PublicKey to verify with
@param sigProvider Provider to use for signature algorithm
@throws CertificateException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException incorrect provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key,
String sigProvider)
throws CertificateException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Returns a string representing the Certificate.
@return a string representing the Certificate.
*/
public abstract String toString();
/**
Returns the public key stored in the Certificate.
@return The public key
*/
public abstract PublicKey getPublicKey();
// Protected methods.
// ------------------------------------------------------------------------
/**
* Returns a replacement for this certificate to be serialized. This
* method returns the equivalent to the following for this class:
*
* <blockquote>
* <pre>new CertificateRep(getType(), getEncoded());</pre>
* </blockquote>
*
* <p>This thusly replaces the certificate with its name and its
* encoded form, which can be deserialized later with the {@link
* CertificateFactory} implementation for this certificate's type.
*
* @return The replacement object to be serialized.
* @throws ObjectStreamException If the replacement could not be
* created.
*/
protected Object writeReplace() throws ObjectStreamException
{
try
{
return new CertificateRep(getType(), getEncoded());
}
catch (CertificateEncodingException cee)
{
throw new InvalidObjectException(cee.toString());
}
}
// Inner class.
// ------------------------------------------------------------------------
/**
Certificate.CertificateRep is an inner class used to provide an alternate
storage mechanism for serialized Certificates.
*/
protected static class CertificateRep implements java.io.Serializable
{
/** From JDK1.4. */
private static final long serialVersionUID = -8563758940495660020L;
/** The certificate type, e.g. "X.509". */
private String type;
/** The encoded certificate data. */
private byte[] data;
/**
* Create an alternative representation of this certificate. The
* <code>(type, data)</code> pair is typically the certificate's
* type as returned by {@link Certificate#getType()} (i.e. the
* canonical name of the certificate type) and the encoded form as
* returned by {@link Certificate#getEncoded()}.
*
* <p>For example, X.509 certificates would create an instance of
* this class with the parameters "X.509" and the ASN.1
* representation of the certificate, encoded as DER bytes.
*
* @param type The certificate type.
* @param data The encoded certificate data.
*/
protected CertificateRep(String type, byte[] data)
{
this.type = type;
this.data = data;
}
/**
* Deserialize this certificate replacement into the appropriate
* certificate object. That is, this method attempts to create a
* {@link CertificateFactory} for this certificate's type, then
* attempts to parse the encoded data with that factory, returning
* the resulting certificate.
*
* @return The deserialized certificate.
* @throws ObjectStreamException If there is no appropriate
* certificate factory for the given type, or if the encoded form
* cannot be parsed.
*/
protected Object readResolve() throws ObjectStreamException
{
try
{
CertificateFactory fact = CertificateFactory.getInstance(type);
return fact.generateCertificate(new ByteArrayInputStream(data));
}
catch (Exception e)
{
throw new InvalidObjectException(e.toString());
}
}
}
}

71
libjava/classpath/java/security/cert/CertificateEncodingException.java Normal file
View file

@ -0,0 +1,71 @@
/* CertificateEncodingException.java -- Certificate Encoding Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Exception for a Certificate Encoding.
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
*/
public class CertificateEncodingException extends CertificateException
{
/**
* Compatible with JDK 1.2+.
*/
private static final long serialVersionUID = 6219492851589449162L;
/**
* Constructs an exception without a message string.
*/
public CertificateEncodingException()
{
}
/**
* Constructs an exception with a message string.
*
* @param msg A message to display with exception
*/
public CertificateEncodingException(String msg)
{
super(msg);
}
}

74
libjava/classpath/java/security/cert/CertificateException.java Normal file
View file

@ -0,0 +1,74 @@
/* CertificateException.java -- Certificate Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.GeneralSecurityException;
/**
* Exception for a Certificate.
*
* @author Mark Benvenuto
* @see Certificate
* @since 1.2
* @status updated to 1.4
*/
public class CertificateException extends GeneralSecurityException
{
/**
* Compatible with JDK 1.2+.
*/
private static final long serialVersionUID = 3192535253797119798L;
/**
* Constructs an exception without a message string.
*/
public CertificateException()
{
}
/**
* Constructs an exception with a message string.
*
* @param msg a message to display with exception
*/
public CertificateException(String msg)
{
super(msg);
}
}

71
libjava/classpath/java/security/cert/CertificateExpiredException.java Normal file
View file

@ -0,0 +1,71 @@
/* CertificateExpiredException.java --- Certificate Expired Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Exception for a Certificate Expiring.
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
*/
public class CertificateExpiredException extends CertificateException
{
/**
* Compatible with JDK 1.2+.
*/
private static final long serialVersionUID = 9071001339691533771L;
/**
* Constructs an exception without a message string.
*/
public CertificateExpiredException()
{
}
/**
* Constructs an exception with a message string.
*
* @param msg a message to display with exception
*/
public CertificateExpiredException(String msg)
{
super(msg);
}
}

358
libjava/classpath/java/security/cert/CertificateFactory.java Normal file
View file

@ -0,0 +1,358 @@
/* CertificateFactory.java -- Certificate Factory Class
Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.java.security.Engine;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
/**
* This class implements the CertificateFactory class interface used to
* generate certificates, certificate revocation lists (CRLs), and certificate
* paths objects from their encoded forms.
*
* @author Mark Benvenuto
* @author Casey Marshall
* @since JDK 1.2
* @status Fully compatible with JDK 1.4.
*/
public class CertificateFactory
{
/** The service name for certificate factories. */
private static final String CERTIFICATE_FACTORY = "CertificateFactory";
private CertificateFactorySpi certFacSpi;
private Provider provider;
private String type;
/**
* Creates an instance of CertificateFactory.
*
* @param certFacSpi The underlying CertificateFactory engine.
* @param provider The provider of this implementation.
* @param type The type of Certificate this factory creates.
*/
protected CertificateFactory(CertificateFactorySpi certFacSpi,
Provider provider, String type)
{
this.certFacSpi = certFacSpi;
this.provider = provider;
this.type = type;
}
// Class methods.
// ------------------------------------------------------------------------
/**
* Gets an instance of the CertificateFactory class representing
* the specified certificate factory. If the type is not
* found then, it throws CertificateException.
*
* @param type The type of certificate factory to create.
* @return a CertificateFactory repesenting the desired type
* @throws CertificateException If the type of certificate is not
* implemented by any installed provider.
*/
public static final CertificateFactory getInstance(String type)
throws CertificateException
{
Provider[] p = Security.getProviders();
for (int i = 0; i < p.length; i++)
{
try
{
return getInstance(type, p[i]);
}
catch (CertificateException e)
{
// Ignored.
}
}
throw new CertificateException(type);
}
/**
* Gets an instance of the CertificateFactory class representing
* the specified certificate factory from the specified provider.
* If the type is not found then, it throws {@link CertificateException}.
* If the provider is not found, then it throws
* {@link java.security.NoSuchProviderException}.
*
* @param type The type of certificate factory to create.
* @param provider The name of the provider from which to get the
* implementation.
* @return A CertificateFactory for the desired type.
* @throws CertificateException If the type of certificate is not
* implemented by the named provider.
* @throws NoSuchProviderException If the named provider is not installed.
*/
public static final CertificateFactory getInstance(String type,
String provider)
throws CertificateException, NoSuchProviderException
{
Provider p = Security.getProvider(provider);
if( p == null)
throw new NoSuchProviderException(provider);
return getInstance(type, p);
}
/**
* Get a certificate factory for the given certificate type from the
* given provider.
*
* @param type The type of certificate factory to create.
* @param provider The provider from which to get the implementation.
* @return A CertificateFactory for the desired type.
* @throws CertificateException If the type of certificate is not
* implemented by the provider.
* @throws IllegalArgumentException If the provider is null.
*/
public static final CertificateFactory getInstance(String type,
Provider provider)
throws CertificateException
{
if (provider == null)
throw new IllegalArgumentException("null provider");
try
{
return new CertificateFactory((CertificateFactorySpi)
Engine.getInstance(CERTIFICATE_FACTORY, type, provider),
provider, type);
}
catch (ClassCastException cce)
{
throw new CertificateException(type);
}
catch (java.lang.reflect.InvocationTargetException ite)
{
throw new CertificateException(type);
}
catch (NoSuchAlgorithmException nsae)
{
throw new CertificateException(nsae.getMessage());
}
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Gets the provider of this implementation.
*
* @return The provider of this implementation.
*/
public final Provider getProvider()
{
return provider;
}
/**
* Returns the type of the certificate this factory creates.
*
* @return A string with the type of certificate
*/
public final String getType()
{
return type;
}
/**
* Generates a Certificate from the encoded data read
* from an InputStream.
*
* <p>The input stream must contain only one certificate.
*
* <p>If there exists a specialized certificate class for the
* certificate format handled by the certificate factory
* then the return Ceritificate should be a typecast of it.
* Ex: A X.509 CertificateFactory should return X509Certificate.
*
* <p>For X.509 certificates, the certificate in inStream must be
* DER encoded and supplied in binary or printable (Base64)
* encoding. If the certificate is in Base64 encoding, it must be
* bounded by -----BEGINCERTIFICATE-----, and
* -----END CERTIFICATE-----.
*
* @param inStream An input stream containing the certificate data.
* @return A certificate initialized from the decoded InputStream data.
* @throws CertificateException If an error occurs decoding the
* certificate.
*/
public final Certificate generateCertificate(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertificate(inStream);
}
/**
* Returns a collection of certificates that were read from the
* input stream. It may be empty, have only one, or have
* multiple certificates.
*
* For a X.509 certificate factory, the stream may contain a
* single DER encoded certificate or a PKCS#7 certificate
* chain. This is a PKCS#7 <I>SignedData</I> object with the
* most significant field being <I>certificates</I>. If no
* CRLs are present, then an empty collection is returned.
*
* @param inStream An input stream containing the certificate data.
* @return A collection of certificates initialized from the decoded
* InputStream data.
* @throws CertificateException If an error occurs decoding the
* certificates.
*/
public final Collection generateCertificates(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertificates(inStream);
}
/**
* Generates a CRL based on the encoded data read
* from the InputStream.
*
* <p>The input stream must contain only one CRL.
*
* <p>If there exists a specialized CRL class for the
* CRL format handled by the certificate factory
* then the return CRL should be a typecast of it.
* Ex: A X.509 CertificateFactory should return X509CRL.
*
* @param inStream An input stream containing the CRL data.
* @return A CRL initialized from the decoded InputStream data.
* @throws CRLException If an error occurs decoding the CRL.
*/
public final CRL generateCRL(InputStream inStream)
throws CRLException
{
return certFacSpi.engineGenerateCRL(inStream);
}
/**
* <p>Generates CRLs based on the encoded data read
* from the InputStream.
*
* <p>For a X.509 certificate factory, the stream may contain a
* single DER encoded CRL or a PKCS#7 CRL set. This is a
* PKCS#7 <I>SignedData</I> object with the most significant
* field being <I>crls</I>. If no CRLs are present, then an
* empty collection is returned.
*
* @param inStream an input stream containing the CRLs.
* @return a collection of CRLs initialized from the decoded
* InputStream data.
* @throws CRLException If an error occurs decoding the CRLs.
*/
public final Collection generateCRLs(InputStream inStream)
throws CRLException
{
return certFacSpi.engineGenerateCRLs( inStream );
}
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream. The default encoding of this factory is used.
*
* @param inStream The InputStream containing the CertPath data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public final CertPath generateCertPath(InputStream inStream)
throws CertificateException
{
return certFacSpi.engineGenerateCertPath(inStream);
}
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream, using the specified encoding.
*
* @param inStream The InputStream containing the CertPath data.
* @param encoding The encoding of the InputStream data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public final CertPath generateCertPath(InputStream inStream, String encoding)
throws CertificateException
{
return certFacSpi.engineGenerateCertPath(inStream, encoding);
}
/**
* Generate a {@link CertPath} and initialize it with the certificates
* in the {@link java.util.List} argument.
*
* @param certificates The list of certificates with which to create
* the CertPath.
* @return A CertPath initialized from the certificates.
* @throws CertificateException If an error occurs generating the
* CertPath.
*/
public final CertPath generateCertPath(List certificates)
throws CertificateException
{
return certFacSpi.engineGenerateCertPath(certificates);
}
/**
* Returns an Iterator of CertPath encodings supported by this
* factory, with the default encoding first. The returned Iterator
* cannot be modified.
*
* @return The Iterator of supported encodings.
*/
public final Iterator getCertPathEncodings()
{
return certFacSpi.engineGetCertPathEncodings();
}
} // class CertificateFactory

225
libjava/classpath/java/security/cert/CertificateFactorySpi.java Normal file
View file

@ -0,0 +1,225 @@
/* CertificateFactorySpi.java --- Certificate Factory Class
Copyright (C) 1999,2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.io.InputStream;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
/**
CertificateFactorySpi is the abstract class Service Provider
Interface (SPI) for the CertificateFactory class. A provider
must implement all the abstract methods if they wish to
supply a certificate factory for a particular certificate
type. Ex: X.509
Certificate factories are used to generate certificates and
certificate revocation lists (CRL) from their encoding.
@since JDK 1.2
@author Mark Benvenuto
*/
public abstract class CertificateFactorySpi
{
// Constructor.
// ------------------------------------------------------------------------
/**
* Constructs a new CertificateFactorySpi
*/
public CertificateFactorySpi()
{}
// Abstract methods.
// ------------------------------------------------------------------------
/**
Generates a Certificate based on the encoded data read
from the InputStream.
The input stream must contain only one certificate.
If there exists a specialized certificate class for the
certificate format handled by the certificate factory
then the return Ceritificate should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509Certificate.
For X.509 certificates, the certificate in inStream must be
DER encoded and supplied in binary or printable (Base64)
encoding. If the certificate is in Base64 encoding, it must be
bounded by -----BEGIN CERTIFICATE-----, and
-----END CERTIFICATE-----.
@param inStream an input stream containing the certificate data
@return a certificate initialized with InputStream data.
@throws CertificateException Certificate parsing error
*/
public abstract Certificate engineGenerateCertificate(InputStream inStream)
throws CertificateException;
/**
Returns a collection of certificates that were read from the
input stream. It may be empty, have only one, or have
multiple certificates.
For a X.509 certificate factory, the stream may contain a
single DER encoded certificate or a PKCS#7 certificate
chain. This is a PKCS#7 <I>SignedData</I> object with the
most significant field being <I>certificates</I>. If no
CRLs are present, then an empty collection is returned.
@param inStream an input stream containing the certificates
@return a collection of certificates initialized with
the InputStream data.
@throws CertificateException Certificate parsing error
*/
public abstract Collection engineGenerateCertificates(InputStream inStream)
throws CertificateException;
/**
Generates a CRL based on the encoded data read
from the InputStream.
The input stream must contain only one CRL.
If there exists a specialized CRL class for the
CRL format handled by the certificate factory
then the return CRL should be a typecast of it.
Ex: A X.509 CertificateFactory should return X509CRL.
@param inStream an input stream containing the CRL data
@return a CRL initialized with InputStream data.
@throws CRLException CRL parsing error
*/
public abstract CRL engineGenerateCRL(InputStream inStream)
throws CRLException;
/**
Generates CRLs based on the encoded data read
from the InputStream.
For a X.509 certificate factory, the stream may contain a
single DER encoded CRL or a PKCS#7 CRL set. This is a
PKCS#7 <I>SignedData</I> object with the most significant
field being <I>crls</I>. If no CRLs are present, then an
empty collection is returned.
@param inStream an input stream containing the CRLs
@return a collection of CRLs initialized with
the InputStream data.
@throws CRLException CRL parsing error
*/
public abstract Collection engineGenerateCRLs(InputStream inStream)
throws CRLException;
// 1.4 instance methods.
// ------------------------------------------------------------------------
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream. The default encoding of this factory is used.
*
* @param inStream The InputStream containing the CertPath data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public CertPath engineGenerateCertPath(InputStream inStream)
throws CertificateException
{
throw new UnsupportedOperationException("not implemented");
}
/**
* Generate a {@link CertPath} and initialize it with data parsed from
* the input stream, using the specified encoding.
*
* @param inStream The InputStream containing the CertPath data.
* @param encoding The encoding of the InputStream data.
* @return A CertPath initialized from the input stream data.
* @throws CertificateException If an error occurs decoding the
* CertPath.
*/
public CertPath engineGenerateCertPath(InputStream inStream, String encoding)
throws CertificateException
{
throw new UnsupportedOperationException("not implemented");
}
/**
* Generate a {@link CertPath} and initialize it with the certificates
* in the {@link java.util.List} argument.
*
* @param certificates The list of certificates with which to create
* the CertPath.
* @return A CertPath initialized from the certificates.
* @throws CertificateException If an error occurs generating the
* CertPath.
*/
public CertPath engineGenerateCertPath(List certificates)
throws CertificateException
{
throw new UnsupportedOperationException("not implemented");
}
/**
* Returns an Iterator of CertPath encodings supported by this
* factory, with the default encoding first. The returned Iterator
* cannot be modified.
*
* @return The Iterator of supported encodings.
*/
public Iterator engineGetCertPathEncodings()
{
throw new UnsupportedOperationException("not implemented");
}
}

71
libjava/classpath/java/security/cert/CertificateNotYetValidException.java Normal file
View file

@ -0,0 +1,71 @@
/* CertificateNotYetValidException.java -- Certificate Not Yet Valid Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Exception for a Certificate that is not yet valid.
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
*/
public class CertificateNotYetValidException extends CertificateException
{
/**
* Compatible with JDK 1.2+.
*/
private static final long serialVersionUID = 4355919900041064702L;
/**
* Constructs an exception without a message string.
*/
public CertificateNotYetValidException()
{
}
/**
* Constructs an exception with a message string.
*
* @param msg A message to display with exception
*/
public CertificateNotYetValidException(String msg)
{
super(msg);
}
}

71
libjava/classpath/java/security/cert/CertificateParsingException.java Normal file
View file

@ -0,0 +1,71 @@
/* CertificateParsingException.java -- Certificate Parsing Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Exception for parsing a DER-encoded Certificate.
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
*/
public class CertificateParsingException extends CertificateException
{
/**
* Compatible with JDK 1.2+.
*/
private static final long serialVersionUID = -7989222416793322029L;
/**
* Constructs an exception without a message string.
*/
public CertificateParsingException()
{
}
/**
* Constructs an exception with a message string.
*
* @param msg a message to display with exception
*/
public CertificateParsingException(String msg)
{
super(msg);
}
}

121
libjava/classpath/java/security/cert/CollectionCertStoreParameters.java Normal file
View file

@ -0,0 +1,121 @@
/* CollectionCertStoreParameters -- collection-based cert store parameters
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
/**
* An implementation of {@link CertStoreParameters} with a simple,
* in-memory {@link Collection} of certificates and certificate
* revocation list.
*
* <p>Note that this class is not thread-safe, and its underlying
* collection may be changed at any time.
*
* @see CertStore
*/
public class CollectionCertStoreParameters implements CertStoreParameters
{
// Constants and fields.
// ------------------------------------------------------------------------
/** The underlying collection. */
private final Collection collection;
// Constructors.
// ------------------------------------------------------------------------
/**
* Creates a new CollectionCertStoreParameters with an empty,
* immutable collection.
*/
public CollectionCertStoreParameters()
{
this(Collections.EMPTY_LIST);
}
/**
* Create a new CollectionCertStoreParameters with the specified
* collection. The argument is not copied, and subsequent changes to
* the collection will change this class's collection.
*
* @param collection The collection.
* @throws NullPointerException If <i>collection</i> is null.
*/
public CollectionCertStoreParameters(Collection collection)
{
if (collection == null)
throw new NullPointerException();
this.collection = collection;
}
// Instance methods.
// ------------------------------------------------------------------------
public Object clone()
{
return new CollectionCertStoreParameters(new ArrayList(collection));
}
/**
* Return the underlying collection. The collection is not copied
* before being returned, so callers may update the collection that is
* returned.
*
* @return The collection.
*/
public Collection getCollection()
{
return collection;
}
/**
* Return a string representation of these parameters.
*
* @return The string representation of these parameters.
*/
public String toString()
{
return "CollectionCertStoreParameters: [ collection: "
+ collection + " ]";
}
}

140
libjava/classpath/java/security/cert/LDAPCertStoreParameters.java Normal file
View file

@ -0,0 +1,140 @@
/* LDAPCertStoreParameters.java -- LDAP CertStore parameters.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* Parameters for CertStores that are retrieved via the <i>lightweight
* directory access protocol</i> (<b>LDAP</b>).
*
* @see CertStore
*/
public class LDAPCertStoreParameters implements CertStoreParameters
{
// Constants and fields.
// ------------------------------------------------------------------------
/** The default LDAP port. */
private static final int LDAP_PORT = 389;
/** The server name. */
private final String serverName;
/** The LDAP port. */
private final int port;
// Constructors.
// ------------------------------------------------------------------------
/**
* Create a new LDAPCertStoreParameters object, with a servername of
* "localhost" and a port of 389.
*/
public LDAPCertStoreParameters()
{
this("localhost", LDAP_PORT);
}
/**
* Create a new LDAPCertStoreParameters object, with a specified
* server name and a port of 389.
*
* @param serverName The LDAP server name.
* @throws NullPointerException If <i>serverName</i> is null.
*/
public LDAPCertStoreParameters(String serverName)
{
this(serverName, LDAP_PORT);
}
/**
* Create a new LDAPCertStoreParameters object, with a specified
* server name and port.
*
* @param serverName The LDAP server name.
* @param port The LDAP port.
* @throws NullPointerException If <i>serverName</i> is null.
*/
public LDAPCertStoreParameters(String serverName, int port)
{
if (serverName == null)
throw new NullPointerException();
this.serverName = serverName;
this.port = port;
}
// Instance methods.
// ------------------------------------------------------------------------
public Object clone()
{
return new LDAPCertStoreParameters(serverName, port);
}
/**
* Return the server name.
*
* @return The server name.
*/
public String getServerName()
{
return serverName;
}
/**
* Return the port.
*
* @return the port.
*/
public int getPort()
{
return port;
}
/**
* Return a string representation of these parameters.
*
* @return The string representation of these parameters.
*/
public String toString()
{
return "LDAPCertStoreParameters: [ serverName: " + serverName
+ "; port: " + port + " ]";
}
}

145
libjava/classpath/java/security/cert/PKIXBuilderParameters.java Normal file
View file

@ -0,0 +1,145 @@
/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Set;
/**
* Parameters for building certificate paths using the PKIX algorithm.
*
* @see CertPathBuilder
*/
public class PKIXBuilderParameters extends PKIXParameters
{
// Fields.
// ------------------------------------------------------------------------
/** The maximum path length. */
private int maxPathLength;
// Constructors.
// ------------------------------------------------------------------------
/**
* Create a new PKIXBuilderParameters object, populating the trusted
* certificates set with all X.509 certificates found in the given key
* store. All certificates found in the key store are assumed to be
* trusted by this constructor.
*
* @param keystore The key store.
* @param targetConstraints The target certificate constraints.
* @throws KeyStoreException If the certificates cannot be retrieved
* from the key store.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the key store.
* @throws NullPointerException If <i>keystore</i> is null.
*/
public PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints)
throws KeyStoreException, InvalidAlgorithmParameterException
{
super(keystore);
setTargetCertConstraints(targetConstraints);
maxPathLength = 5;
}
/**
* Create a new PKIXBuilderParameters object, populating the trusted
* certificates set with the elements of the given set, each of which
* must be a {@link TrustAnchor}.
*
* @param trustAnchors The set of trust anchors.
* @param targetConstraints The target certificate constraints.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the set.
* @throws NullPointerException If <i>trustAnchors</i> is null.
* @throws ClassCastException If every element in <i>trustAnchors</i>
* is not a {@link TrustAnchor}.
*/
public PKIXBuilderParameters(Set trustAnchors, CertSelector targetConstraints)
throws InvalidAlgorithmParameterException
{
super(trustAnchors);
setTargetCertConstraints(targetConstraints);
maxPathLength = 5;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the maximum length of certificate paths to build.
*
* <p>If this value is 0 it is taken to mean that the certificate path
* should contain only one certificate. A value of -1 means that the
* certificate path length is unconstrained. The default value is 5.
*
* @return The maximum path length.
*/
public int getMaxPathLength()
{
return maxPathLength;
}
/**
* Sets the maximum length of certificate paths to build.
*
* @param maxPathLength The new path length.
* @throws IllegalArgumentException If <i>maxPathLength</i> is less
* than -1.
*/
public void setMaxPathLength(int maxPathLength)
{
if (maxPathLength < -1)
throw new IllegalArgumentException();
this.maxPathLength = maxPathLength;
}
public String toString()
{
StringBuffer buf = new StringBuffer(super.toString());
buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength);
return buf.toString();
}
}

102
libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java Normal file
View file

@ -0,0 +1,102 @@
/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
/**
* The result of calling the {@link
* CertPathBuilder#build(java.security.cert.CertPathParameters)} method
* of PKIX {@link CertPathBuilder}s.
*
* @see CertPathBuilder
* @see CertPathBuilderResult
*/
public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
implements CertPathBuilderResult
{
// Fields.
// ------------------------------------------------------------------------
/** The certificate path. */
private CertPath certPath;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new PKIXCertPathBuilderResult.
*
* @param certPath The certificate path.
* @param trustAnchor The trust anchor.
* @param policyTree The root node of the policy tree.
* @param subjectPublicKey The public key.
* @throws NullPointerException If <i>certPath</i>, <i>trustAnchor</i> or
* <i>subjectPublicKey</i> is null.
*/
public PKIXCertPathBuilderResult(CertPath certPath,
TrustAnchor trustAnchor,
PolicyNode policyTree,
java.security.PublicKey subjectPublicKey)
{
super(trustAnchor, policyTree, subjectPublicKey);
if (certPath == null)
throw new NullPointerException();
this.certPath = certPath;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the certificate path that was built.
*
* @return The certificate path that was built.
*/
public CertPath getCertPath()
{
return certPath;
}
public String toString()
{
StringBuffer buf = new StringBuffer(super.toString());
buf.insert(buf.length() - 2, "; CertPath=" + certPath);
return buf.toString();
}
}

133
libjava/classpath/java/security/cert/PKIXCertPathChecker.java Normal file
View file

@ -0,0 +1,133 @@
/* PKIXCertPathChecker.java -- checks X.509 certificate paths.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.Collection;
import java.util.Set;
/**
* A validator for X.509 certificates when approving certificate chains.
*
* <p>Concrete subclasses can be passed to the {@link
* PKIXParameters#setCertPathCheckers(java.util.List)} and {@link
* PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker}
* methods, which are then used to set up PKIX certificate chain
* builders or validators. These classes then call the {@link
* #check(java.security.cert.Certificate,java.util.Collection)} method
* of this class, performing whatever checks on the certificate,
* throwing an exception if any check fails.
*
* <p>Subclasses of this must be able to perform their checks in the
* backward direction -- from the most-trusted certificate to the target
* -- and may optionally support forward checking -- from the target to
* the most-trusted certificate.
*
* @see PKIXParameters
*/
public abstract class PKIXCertPathChecker implements Cloneable
{
// Constructor.
// ------------------------------------------------------------------------
/** Default constructor. */
protected PKIXCertPathChecker()
{
super();
}
// Cloneable interface.
// ------------------------------------------------------------------------
public Object clone()
{
try
{
return super.clone();
}
catch (CloneNotSupportedException cnse)
{
throw new InternalError(cnse.getMessage());
}
}
// Abstract methods.
// ------------------------------------------------------------------------
/**
* Initialize this PKIXCertPathChecker. If subclasses support forward
* checking, a value of true can be passed to this method, and
* certificates can be validated from the target certificate to the
* most-trusted certifcate.
*
* @param forward The direction of this PKIXCertPathChecker.
* @throws CertPathValidatorException If <i>forward</i> is true and
* this class does not support forward checking.
*/
public abstract void init(boolean forward) throws CertPathValidatorException;
/**
* Returns whether or not this class supports forward checking.
*
* @return Whether or not this class supports forward checking.
*/
public abstract boolean isForwardCheckingSupported();
/**
* Returns an immutable set of X.509 extension object identifiers (OIDs)
* supported by this PKIXCertPathChecker.
*
* @return An immutable set of Strings of the supported X.509 OIDs, or
* null if no extensions are supported.
*/
public abstract Set getSupportedExtensions();
/**
* Checks a certificate, removing any critical extensions that are
* resolved in this check.
*
* @param cert The certificate to check.
* @param unresolvedCritExts The (mutable) collection of as-of-yet
* unresolved critical extensions, as OID strings.
* @throws CertPathValidatorException If this certificate fails this
* check.
*/
public abstract void check(Certificate cert, Collection unresolvedCritExts)
throws CertPathValidatorException;
}

142
libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java Normal file
View file

@ -0,0 +1,142 @@
/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.PublicKey;
/**
* Results returned by the {@link
* CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}
* method for PKIX {@link CertPathValidator}s.
*
* @see CertPathValidator
*/
public class PKIXCertPathValidatorResult implements CertPathValidatorResult
{
// Fields.
// ------------------------------------------------------------------------
/** The trust anchor. */
private final TrustAnchor trustAnchor;
/** The root node of the policy tree. */
private final PolicyNode policyTree;
/** The subject's public key. */
private final PublicKey subjectPublicKey;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a new PKIXCertPathValidatorResult.
*
* @param trustAnchor The trust anchor.
* @param policyTree The root node of the policy tree.
* @param subjectPublicKey The public key.
* @throws NullPointerException If either <i>trustAnchor</i> or
* <i>subjectPublicKey</i> is null.
*/
public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
PolicyNode policyTree,
PublicKey subjectPublicKey)
{
if (trustAnchor == null || subjectPublicKey == null)
throw new NullPointerException();
this.trustAnchor = trustAnchor;
this.policyTree = policyTree;
this.subjectPublicKey = subjectPublicKey;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the trust anchor.
*
* @return The trust anchor.
*/
public TrustAnchor getTrustAnchor()
{
return trustAnchor;
}
/**
* Returns the root node of the policy tree.
*
* @return The root node of the policy tree.
*/
public PolicyNode getPolicyTree()
{
return policyTree;
}
/**
* Returns the subject public key.
*
* @return The subject public key.
*/
public PublicKey getPublicKey()
{
return subjectPublicKey;
}
/**
* Returns a copy of this object.
*
* @return The copy.
*/
public Object clone()
{
return new PKIXCertPathValidatorResult(trustAnchor, policyTree,
subjectPublicKey);
}
/**
* Returns a printable string representation of this result.
*
* @return A printable string representation of this result.
*/
public String toString()
{
return "[ Trust Anchor=" + trustAnchor + "; Policy Tree="
+ policyTree + "; Subject Public Key=" + subjectPublicKey + " ]";
}
}

546
libjava/classpath/java/security/cert/PKIXParameters.java Normal file
View file

@ -0,0 +1,546 @@
/* PKIXParameters.java -- parameters for the PKIX cert path algorithm
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
/**
* Parameters for verifying certificate paths using the PKIX
* (Public-Key Infrastructure (X.509)) algorithm.
*
* @see CertPathBulider
*/
public class PKIXParameters implements CertPathParameters
{
// Fields.
// ------------------------------------------------------------------------
/** The trusted certificates. */
private final Set trustAnchors;
/** The set of initial policy identifiers. */
private final Set initPolicies;
/** The list of certificate stores. */
private final List certStores;
/** The list of path checkers. */
private final List pathCheckers;
/** The revocation enabled flag. */
private boolean revocationEnabled;
/** The explicit policy required flag. */
private boolean exPolicyRequired;
/** The policy mapping inhibited flag. */
private boolean policyMappingInhibited;
/** The any policy inhibited flag. */
private boolean anyPolicyInhibited;
/** The policy qualifiers rejected flag. */
private boolean policyQualRejected;
/** The target validation date. */
private Date date;
/** The signature algorithm provider. */
private String sigProvider;
/** The target constraints. */
private CertSelector targetConstraints;
// Constructors.
// ------------------------------------------------------------------------
/**
* Create a new PKIXParameters object, populating the trusted
* certificates set with all certificates found in the given key
* store. All certificates found in the key store are assumed to be
* trusted by this constructor.
*
* @param keystore The key store.
* @throws KeyStoreException If the certificates cannot be retrieved
* from the key store.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the key store.
* @throws NullPointerException If <i>keystore</i> is null.
*/
public PKIXParameters(KeyStore keystore)
throws KeyStoreException, InvalidAlgorithmParameterException
{
this();
for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
{
String alias = (String) e.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
Certificate cert = keystore.getCertificate(alias);
if (cert instanceof X509Certificate)
trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
}
if (trustAnchors.isEmpty())
throw new InvalidAlgorithmParameterException("no certs in the key store");
}
/**
* Create a new PKIXParameters object, populating the trusted
* certificates set with the elements of the given set, each of which
* must be a {@link TrustAnchor}.
*
* @param trustAnchors The set of trust anchors.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the set.
* @throws NullPointerException If <i>trustAnchors</i> is null.
* @throws ClassCastException If every element in <i>trustAnchors</i>
* is not a {@link TrustAnchor}.
*/
public PKIXParameters(Set trustAnchors)
throws InvalidAlgorithmParameterException
{
this();
setTrustAnchors(trustAnchors);
}
/**
* Default constructor.
*/
private PKIXParameters()
{
trustAnchors = new HashSet();
initPolicies = new HashSet();
certStores = new LinkedList();
pathCheckers = new LinkedList();
revocationEnabled = true;
exPolicyRequired = false;
policyMappingInhibited = false;
anyPolicyInhibited = false;
policyQualRejected = true;
}
/**
* Copying constructor for cloning.
*
* @param that The instance being cloned.
*/
private PKIXParameters(PKIXParameters that)
{
this();
this.trustAnchors.addAll(that.trustAnchors);
this.initPolicies.addAll(that.initPolicies);
this.certStores.addAll(that.certStores);
this.pathCheckers.addAll(that.pathCheckers);
this.revocationEnabled = that.revocationEnabled;
this.exPolicyRequired = that.exPolicyRequired;
this.policyMappingInhibited = that.policyMappingInhibited;
this.anyPolicyInhibited = that.anyPolicyInhibited;
this.policyQualRejected = that.policyQualRejected;
this.date = that.date;
this.sigProvider = that.sigProvider;
this.targetConstraints = that.targetConstraints != null
? (CertSelector) that.targetConstraints.clone() : null;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns an immutable set of trust anchors. The set returned will
* never be null and will never be empty.
*
* @return A (never null, never empty) immutable set of trust anchors.
*/
public Set getTrustAnchors()
{
return Collections.unmodifiableSet(trustAnchors);
}
/**
* Sets the trust anchors of this class, replacing the current trust
* anchors with those in the given set. The supplied set is copied to
* prevent modification.
*
* @param trustAnchors The new set of trust anchors.
* @throws InvalidAlgorithmParameterException If there are no
* certificates in the set.
* @throws NullPointerException If <i>trustAnchors</i> is null.
* @throws ClassCastException If every element in <i>trustAnchors</i>
* is not a {@link TrustAnchor}.
*/
public void setTrustAnchors(Set trustAnchors)
throws InvalidAlgorithmParameterException
{
if (trustAnchors.isEmpty())
throw new InvalidAlgorithmParameterException("no trust anchors");
this.trustAnchors.clear();
for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
{
this.trustAnchors.add((TrustAnchor) i.next());
}
}
/**
* Returns the set of initial policy identifiers (as OID strings). If
* any policy is accepted, this method returns the empty set.
*
* @return An immutable set of initial policy OID strings, or the
* empty set if any policy is acceptable.
*/
public Set getInitialPolicies()
{
return Collections.unmodifiableSet(initPolicies);
}
/**
* Sets the initial policy identifiers (as OID strings). If the
* argument is null or the empty set, then any policy identifier will
* be accepted.
*
* @param initPolicies The new set of policy strings, or null.
* @throws ClassCastException If any element in <i>initPolicies</i> is
* not a string.
*/
public void setInitialPolicies(Set initPolicies)
{
this.initPolicies.clear();
if (initPolicies == null)
return;
for (Iterator i = initPolicies.iterator(); i.hasNext(); )
{
this.initPolicies.add((String) i.next());
}
}
/**
* Add a {@link CertStore} to the list of cert stores.
*
* @param store The CertStore to add.
*/
public void addCertStore(CertStore store)
{
if (store != null)
certStores.add(store);
}
/**
* Returns an immutable list of cert stores. This method never returns
* null.
*
* @return The list of cert stores.
*/
public List getCertStores()
{
return Collections.unmodifiableList(certStores);
}
/**
* Set the cert stores. If the argument is null the list of cert
* stores will be empty.
*
* @param certStores The cert stores.
*/
public void setCertStores(List certStores)
{
this.certStores.clear();
if (certStores == null)
return;
for (Iterator i = certStores.iterator(); i.hasNext(); )
{
this.certStores.add((CertStore) i.next());
}
}
/**
* Returns the value of the <i>revocation enabled</i> flag. The default
* value for this flag is <code>true</code>.
*
* @return The <i>revocation enabled</i> flag.
*/
public boolean isRevocationEnabled()
{
return revocationEnabled;
}
/**
* Sets the value of the <i>revocation enabled</i> flag.
*
* @param value The new value.
*/
public void setRevocationEnabled(boolean value)
{
revocationEnabled = value;
}
/**
* Returns the value of the <i>explicit policy required</i> flag. The
* default value of this flag is <code>false</code>.
*
* @return The <i>explicit policy required</i> flag.
*/
public boolean isExplicitPolicyRequired()
{
return exPolicyRequired;
}
/**
* Sets the value of the <i>explicit policy required</i> flag.
*
* @param value The new value.
*/
public void setExplicitPolicyRequired(boolean value)
{
exPolicyRequired = value;
}
/**
* Returns the value of the <i>policy mapping inhibited</i> flag. The
* default value of this flag is <code>false</code>.
*
* @return The <i>policy mapping inhibited</i> flag.
*/
public boolean isPolicyMappingInhibited()
{
return policyMappingInhibited;
}
/**
* Sets the value of the <i>policy mapping inhibited</i> flag.
*
* @param value The new value.
*/
public void setPolicyMappingInhibited(boolean value)
{
policyMappingInhibited = value;
}
/**
* Returns the value of the <i>any policy inhibited</i> flag. The
* default value of this flag is <code>false</code>.
*
* @return The <i>any policy inhibited</i> flag.
*/
public boolean isAnyPolicyInhibited()
{
return anyPolicyInhibited;
}
/**
* Sets the value of the <i>any policy inhibited</i> flag.
*
* @param value The new value.
*/
public void setAnyPolicyInhibited(boolean value)
{
anyPolicyInhibited = value;
}
/**
* Returns the value of the <i>policy qualifiers enabled</i> flag. The
* default value of this flag is <code>true</code>.
*
* @return The <i>policy qualifiers enabled</i> flag.
*/
public boolean getPolicyQualifiersRejected()
{
return policyQualRejected;
}
/**
* Sets the value of the <i>policy qualifiers enabled</i> flag.
*
* @param value The new value.
*/
public void setPolicyQualifiersRejected(boolean value)
{
policyQualRejected = value;
}
/**
* Returns the date for which the certificate path should be
* validated, or null if the current time should be used. The date
* object is copied to prevent subsequent modification.
*
* @return The date, or null if not set.
*/
public Date getDate()
{
return date != null ? (Date) date.clone() : null;
}
/**
* Sets the date for which the certificate path should be validated,
* or null if the current time should be used.
*
* @param date The new date, or null.
*/
public void setDate(Date date)
{
if (date != null)
this.date = (Date) date.clone();
else
this.date = null;
}
/**
* Add a certificate path checker.
*
* @param checker The certificate path checker to add.
*/
public void addCertPathChecker(PKIXCertPathChecker checker)
{
if (checker != null)
pathCheckers.add(checker);
}
/**
* Returns an immutable list of all certificate path checkers.
*
* @return An immutable list of all certificate path checkers.
*/
public List getCertPathCheckers()
{
return Collections.unmodifiableList(pathCheckers);
}
/**
* Sets the certificate path checkers. If the argument is null, the
* list of checkers will merely be cleared.
*
* @param pathCheckers The new list of certificate path checkers.
* @throws ClassCastException If any element of <i>pathCheckers</i> is
* not a {@link PKIXCertPathChecker}.
*/
public void setCertPathCheckers(List pathCheckers)
{
this.pathCheckers.clear();
if (pathCheckers == null)
return;
for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
{
this.pathCheckers.add((PKIXCertPathChecker) i.next());
}
}
/**
* Returns the signature algorithm provider, or null if not set.
*
* @return The signature algorithm provider, or null if not set.
*/
public String getSigProvider()
{
return sigProvider;
}
/**
* Sets the signature algorithm provider, or null if there is no
* preferred provider.
*
* @param sigProvider The signature provider name.
*/
public void setSigProvider(String sigProvider)
{
this.sigProvider = sigProvider;
}
/**
* Returns the constraints placed on the target certificate, or null
* if there are none. The target constraints are copied to prevent
* subsequent modification.
*
* @return The target constraints, or null.
*/
public CertSelector getTargetCertConstraints()
{
return targetConstraints != null
? (CertSelector) targetConstraints.clone() : null;
}
/**
* Sets the constraints placed on the target certificate.
*
* @param targetConstraints The target constraints.
*/
public void setTargetCertConstraints(CertSelector targetConstraints)
{
this.targetConstraints = targetConstraints != null
? (CertSelector) targetConstraints.clone() : null;
}
/**
* Returns a copy of these parameters.
*
* @return The copy.
*/
public Object clone()
{
return new PKIXParameters(this);
}
/**
* Returns a printable representation of these parameters.
*
* @return A printable representation of these parameters.
*/
public String toString() {
return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
+ (initPolicies != null ? initPolicies.toString() : "any")
+ "; Validity Date=" + date + "; Signature Provider="
+ sigProvider + "; Default Revocation Enabled=" + revocationEnabled
+ "; Explicit Policy Required=" + exPolicyRequired
+ "; Policy Mapping Inhibited=" + policyMappingInhibited
+ "; Any Policy Inhibited=" + anyPolicyInhibited
+ "; Policy Qualifiers Rejected=" + policyQualRejected
+ "; Target Cert Contstraints=" + targetConstraints
+ "; Certification Path Checkers=" + pathCheckers
+ "; CertStores=" + certStores + " ]";
}
}

102
libjava/classpath/java/security/cert/PolicyNode.java Normal file
View file

@ -0,0 +1,102 @@
/* PolicyNode.java -- a single node in a policy tree
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
public interface PolicyNode
{
/**
* Get the iterator of the child nodes of this node. The returned
* iterator is (naturally) unmodifiable.
*
* @return An iterator over the child nodes.
*/
java.util.Iterator getChildren();
/**
* Get the depth of this node within the tree, starting at 0 for the
* root node.
*
* @return The depth of this node.
*/
int getDepth();
/**
* Returns a set of policies (string OIDs) that will satisfy this
* node's policy. The root node should always return the singleton set
* with the element "any-policy".
*
* @return The set of expected policies.
*/
java.util.Set getExpectedPolicies();
/**
* Returns the parent node of this node, or null if this is the root
* node.
*
* @return The parent node, or null.
*/
PolicyNode getParent();
/**
* Returns a set of {@link PolicyQualifierInfo} objects that qualify
* the valid policy of this node. The root node should always return
* the empty set.
*
* @return The set of {@link PolicyQualifierInfo} objects.
*/
java.util.Set getPolicyQualifiers();
/**
* Get the policy OID this node represents. The root node should return
* the special value "any-policy".
*
* @return The policy of this node.
*/
String getValidPolicy();
/**
* Return the criticality flag of this policy node. Nodes who return
* true for this method should be considered critical. The root node
* is never critical.
*
* @return The criticality flag.
*/
boolean isCritical();
}

168
libjava/classpath/java/security/cert/PolicyQualifierInfo.java Normal file
View file

@ -0,0 +1,168 @@
/* PolicyQualifierInfo.java -- policy qualifier info object.
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import java.io.ByteArrayInputStream;
import java.io.IOException;
/**
* The PolicyQualifierInfo X.509 certificate extension.
* PolicyQualifierInfo objects are represented by the ASN.1 structure:
*
* <pre>
* PolicyQualifierInfo ::= SEQUENCE {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId
* }
*
* PolicyQualifierId ::= OBJECT IDENTIFIER
* </pre>
*
* @since JDK 1.4
*/
public final class PolicyQualifierInfo
{
// Fields.
// ------------------------------------------------------------------------
/** The <code>policyQualifierId</code> field. */
private OID oid;
/** The DER encoded form of this object. */
private byte[] encoded;
/** The DER encoded form of the <code>qualifier</code> field. */
private DERValue qualifier;
// Constructor.
// ------------------------------------------------------------------------
/**
* Create a new PolicyQualifierInfo object from the DER encoded form
* passed in the byte array. The argument is copied.
*
* <p>The ASN.1 form of PolicyQualifierInfo is:
<pre>
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId
}
PolicyQualifierId ::= OBJECT IDENTIFIER
</pre>
*
* @param encoded The DER encoded form.
* @throws IOException If the structure cannot be parsed from the
* encoded bytes.
*/
public PolicyQualifierInfo(byte[] encoded) throws IOException
{
if (encoded == null)
throw new IOException("null bytes");
this.encoded = (byte[]) encoded.clone();
DERReader in = new DERReader(new ByteArrayInputStream(this.encoded));
DERValue qualInfo = in.read();
if (!qualInfo.isConstructed())
throw new ASN1ParsingException("malformed PolicyQualifierInfo");
DERValue val = in.read();
if (!(val.getValue() instanceof OID))
throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER");
oid = (OID) val.getValue();
if (val.getEncodedLength() < val.getLength())
qualifier = in.read();
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Returns the <code>policyQualifierId</code> field of this structure,
* as a dotted-decimal representation of the object identifier.
*
* @return This structure's OID field.
*/
public String getPolicyQualifierId()
{
return oid.toString();
}
/**
* Returns the DER encoded form of this object; the contents of the
* returned byte array are equivalent to those that were passed to the
* constructor. The byte array is cloned every time this method is
* called.
*
* @return The encoded form.
*/
public byte[] getEncoded()
{
return (byte[]) encoded.clone();
}
/**
* Get the <code>qualifier</code> field of this object, as a DER
* encoded byte array. The byte array returned is cloned every time
* this method is called.
*
* @return The encoded qualifier.
*/
public byte[] getPolicyQualifier()
{
if (qualifier == null)
return new byte[0];
return qualifier.getEncoded();
}
/**
* Returns a printable string representation of this object.
*
* @return The string representation.
*/
public String toString()
{
return "PolicyQualifierInfo { policyQualifierId ::= " + oid
+ ", qualifier ::= " + qualifier + " }";
}
}

185
libjava/classpath/java/security/cert/TrustAnchor.java Normal file
View file

@ -0,0 +1,185 @@
/* TrustAnchor.java -- an ultimately-trusted certificate.
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.java.security.x509.X500DistinguishedName;
import java.security.PublicKey;
/**
* An ultimately-trusted certificate to serve as the root of a
* certificate chain.
*
* @author Casey Marshall (rsdio@metastatic.org)
*/
public class TrustAnchor
{
// Fields.
// ------------------------------------------------------------------------
/** The certificate authority's distinguished name. */
private final X500DistinguishedName caName;
/** The certficate authority's public key. */
private final PublicKey caKey;
/** The certficate authority's certificate. */
private final X509Certificate trustedCert;
/** The encoded name constraints bytes. */
private final byte[] nameConstraints;
// Constnuctors.
// ------------------------------------------------------------------------
/**
* Create a new trust anchor from a certificate and (optional) name
* constraints.
*
* <p>If the <i>nameConstraints</i> argument in non-null, it will be
* copied to prevent modification.
*
* @param trustedCert The trusted certificate.
* @param nameConstraints The encoded nameConstraints.
*/
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
{
if (trustedCert == null)
throw new NullPointerException();
this.trustedCert = trustedCert;
caName = null;
caKey = null;
if (nameConstraints != null)
this.nameConstraints = (byte[]) nameConstraints.clone();
else
this.nameConstraints = null;
}
/**
* Create a new trust anchor from a certificate authority's
* distinguished name, public key, and (optional) name constraints.
*
* <p>If the <i>nameConstraints</i> argument in non-null, it will be
* copied to prevent modification.
*
* @params caName The CA's distinguished name.
* @params caKey The CA's public key.
* @params nameConstraints The encoded nameConstraints.
*/
public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints)
{
if (caName == null || caKey == null)
throw new NullPointerException();
if (caName.length() == 0)
throw new IllegalArgumentException();
trustedCert = null;
this.caName = new X500DistinguishedName(caName);
this.caKey = caKey;
if (nameConstraints != null)
this.nameConstraints = (byte[]) nameConstraints.clone();
else
this.nameConstraints = null;
}
// Instance methods.
// ------------------------------------------------------------------------
/**
* Return the trusted certificate, or null if none was specified.
*
* @return The trusted certificate.
*/
public final X509Certificate getTrustedCert()
{
return trustedCert;
}
/**
* Return the certificate authority's distinguished name, or null if
* none was specified.
*
* @return The CA's distinguished name.
*/
public final String getCAName()
{
if (caName != null)
return caName.toString();
return null;
}
/**
* Return the certificate authority's public key, or null if none was
* specified.
*
* @return The CA's public key.
*/
public final PublicKey getCAPublicKey()
{
return caKey;
}
/**
* Return the encoded name constraints, or null if none was specified.
*
* <p>The name constraints byte array is copied when this method is
* called to prevent modification.
*
* @return The encoded name constraints.
*/
public final byte[] getNameConstraints()
{
if (nameConstraints == null)
return null;
return (byte[]) nameConstraints.clone();
}
/**
* Return a printable representation of this trust anchor.
*
* @return The printable representation.
*/
public String toString()
{
if (trustedCert == null)
return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name="
+ caName.toString() + " ]";
return "[ Trusted CA Certificate=" + trustedCert + " ]";
}
}

397
libjava/classpath/java/security/cert/X509CRL.java Normal file
View file

@ -0,0 +1,397 @@
/* X509CRL.java --- X.509 Certificate Revocation List
Copyright (C) 1999, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.util.Date;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
/**
The X509CRL class is the abstract class used to manage
X.509 Certificate Revocation Lists. The CRL is a list of
time stamped entries which indicate which lists have been
revoked. The list is signed by a Certificate Authority (CA)
and made publically available in a repository.
Each revoked certificate in the CRL is identified by its
certificate serial number. When a piece of code uses a
certificate, the certificates validity is checked by
validating its signature and determing that it is not
only a recently acquired CRL. The recently aquired CRL
is depends on the local policy in affect. The CA issues
a new CRL periodically and entries are removed as the
certificate expiration date is reached
A description of the X.509 v2 CRL follows below from rfc2459.
"The X.509 v2 CRL syntax is as follows. For signature calculation,
the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
encoding is a tag, length, value encoding system for each element.
CertificateList ::= SEQUENCE {
tbsCertList TBSCertList,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, shall be v2
}"
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract class X509CRL extends CRL implements X509Extension
{
/**
Constructs a new X509CRL.
*/
protected X509CRL()
{
super("X.509");
}
/**
Compares this X509CRL to other. It checks if the
object if instanceOf X509CRL and then checks if
the encoded form matches.
@param other An Object to test for equality
@return true if equal, false otherwise
*/
public boolean equals(Object other)
{
if( other instanceof X509CRL ) {
try {
X509CRL x = (X509CRL) other;
if( getEncoded().length != x.getEncoded().length )
return false;
byte[] b1 = getEncoded();
byte[] b2 = x.getEncoded();
for( int i = 0; i < b1.length; i++ )
if( b1[i] != b2[i] )
return false;
} catch( CRLException crle ) {
return false;
}
return true;
}
return false;
}
/**
Returns a hash code for this X509CRL in its encoded
form.
@return A hash code of this class
*/
public int hashCode()
{
return super.hashCode();
}
/**
Gets the DER ASN.1 encoded format for this X.509 CRL.
@return byte array containg encoded form
@throws CRLException if an error occurs
*/
public abstract byte[] getEncoded() throws CRLException;
/**
Verifies that this CRL was properly signed with the
PublicKey that corresponds to its private key.
@param key PublicKey to verify with
@throws CRLException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException no provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key)
throws CRLException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Verifies that this CRL was properly signed with the
PublicKey that corresponds to its private key and uses
the signature engine provided by the provider.
@param key PublicKey to verify with
@param sigProvider Provider to use for signature algorithm
@throws CRLException encoding error
@throws NoSuchAlgorithmException unsupported algorithm
@throws InvalidKeyException incorrect key
@throws NoSuchProviderException incorrect provider
@throws SignatureException signature error
*/
public abstract void verify(PublicKey key,
String sigProvider)
throws CRLException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException;
/**
Gets the version of this CRL.
The ASN.1 encoding is:
version Version OPTIONAL,
-- if present, shall be v2
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Consult rfc2459 for more information.
@return the version number, Ex: 1 or 2
*/
public abstract int getVersion();
/**
Returns the issuer (issuer distinguished name) of the CRL.
The issuer is the entity who signed and issued the
Certificate Revocation List.
The ASN.1 DER encoding is:
issuer Name,
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1.. MAX)),
bmpString BMPString (SIZE (1..MAX)) }
Consult rfc2459 for more information.
@return the issuer in the Principal class
*/
public abstract Principal getIssuerDN();
/**
Returns the thisUpdate date of the CRL.
The ASN.1 DER encoding is:
thisUpdate Time,
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@return the thisUpdate date
*/
public abstract Date getThisUpdate();
/*
Gets the nextUpdate field
The ASN.1 DER encoding is:
nextUpdate Time OPTIONAL,
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@return the nextUpdate date
*/
public abstract Date getNextUpdate();
/**
Gets the requeste dX509Entry for the specified
certificate serial number.
@return a X509CRLEntry representing the X.509 CRL entry
*/
public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
/**
Returns a Set of revoked certificates.
@return a set of revoked certificates.
*/
public abstract Set getRevokedCertificates();
/**
Returns the DER ASN.1 encoded tbsCertList which is
the basic information of the list and associated certificates
in the encoded state. See top for more information.
The ASN.1 DER encoding is:
tbsCertList TBSCertList,
Consult rfc2459 for more information.
@return byte array representing tbsCertList
*/
public abstract byte[] getTBSCertList() throws CRLException;
/**
Returns the signature for the CRL.
The ASN.1 DER encoding is:
signatureValue BIT STRING
Consult rfc2459 for more information.
*/
public abstract byte[] getSignature();
/**
Returns the signature algorithm used to sign the CRL.
An examples is "SHA-1/DSA".
The ASN.1 DER encoding is:
signatureAlgorithm AlgorithmIdentifier,
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Consult rfc2459 for more information.
The algorithm name is determined from the OID.
@return a string with the signature algorithm name
*/
public abstract String getSigAlgName();
/**
Returns the OID for the signature algorithm used.
Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
The ASN.1 DER encoding for the example is:
id-dsa-with-sha1 ID ::= {
iso(1) member-body(2) us(840) x9-57 (10040)
x9cm(4) 3 }
Consult rfc2459 for more information.
@return a string containing the OID.
*/
public abstract String getSigAlgOID();
/**
Returns the AlgorithmParameters in the encoded form
for the signature algorithm used.
If access to the parameters is need, create an
instance of AlgorithmParameters.
@return byte array containing algorithm parameters, null
if no parameters are present in CRL
*/
public abstract byte[] getSigAlgParams();
// 1.4 instance methods.
// ------------------------------------------------------------------------
/**
* Returns the X.500 distinguished name of this CRL's issuer.
*
* @return The issuer's X.500 distinguished name.
* @since JDK 1.4
*/
public X500Principal getIssuerX500Principal()
{
throw new UnsupportedOperationException();
}
}

169
libjava/classpath/java/security/cert/X509CRLEntry.java Normal file
View file

@ -0,0 +1,169 @@
/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.math.BigInteger;
import java.util.Date;
/**
Abstract class for entries in the CRL (Certificate Revocation
List). The ASN.1 definition for <I>revokedCertificates</I> is
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
CertificateSerialNumber ::= INTEGER
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
For more information consult rfc2459.
@author Mark Benvenuto
@since JDK 1.2
*/
public abstract class X509CRLEntry implements X509Extension
{
/**
Creates a new X509CRLEntry
*/
public X509CRLEntry()
{}
/**
Compares this X509CRLEntry to other. It checks if the
object if instanceOf X509CRLEntry and then checks if
the encoded form( the inner SEQUENCE) matches.
@param other An Object to test for equality
@return true if equal, false otherwise
*/
public boolean equals(Object other)
{
if( other instanceof X509CRLEntry ) {
try {
X509CRLEntry xe = (X509CRLEntry) other;
if( getEncoded().length != xe.getEncoded().length )
return false;
byte[] b1 = getEncoded();
byte[] b2 = xe.getEncoded();
for( int i = 0; i < b1.length; i++ )
if( b1[i] != b2[i] )
return false;
} catch( CRLException crle ) {
return false;
}
return true;
}
return false;
}
/**
Returns a hash code for this X509CRLEntry in its encoded
form.
@return A hash code of this class
*/
public int hashCode()
{
return super.hashCode();
}
/**
Gets the DER ASN.1 encoded format for this CRL Entry,
the inner SEQUENCE.
@return byte array containg encoded form
@throws CRLException if an error occurs
*/
public abstract byte[] getEncoded() throws CRLException;
/**
Gets the serial number for <I>userCertificate</I> in
this X509CRLEntry.
@return the serial number for this X509CRLEntry.
*/
public abstract BigInteger getSerialNumber();
/**
Gets the revocation date in <I>revocationDate</I> for
this X509CRLEntry.
@return the revocation date for this X509CRLEntry.
*/
public abstract Date getRevocationDate();
/**
Checks if this X509CRLEntry has extensions.
@return true if it has extensions, false otherwise
*/
public abstract boolean hasExtensions();
/**
Returns a string that represents this X509CRLEntry.
@return a string representing this X509CRLEntry.
*/
public abstract String toString();
}

440
libjava/classpath/java/security/cert/X509CRLSelector.java Normal file
View file

@ -0,0 +1,440 @@
/* X509CRLSelector.java -- selects X.509 CRLs by criteria.
Copyright (C) 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import gnu.classpath.SystemProperties;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
/**
* A class for matching X.509 certificate revocation lists by criteria.
*
* <p>Use of this class requires extensive knowledge of the Internet
* Engineering Task Force's Public Key Infrastructure (X.509). The primary
* document describing this standard is <a
* href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
* Public Key Infrastructure Certificate and Certificate Revocation List
* (CRL) Profile</a>.
*
* <p>Note that this class is not thread-safe. If multiple threads will
* use or modify this class then they need to synchronize on the object.
*
* @author Casey Marshall (csm@gnu.org)
*/
public class X509CRLSelector implements CRLSelector, Cloneable
{
// Fields.
// -------------------------------------------------------------------------
private static final String CRL_NUMBER_ID = "2.5.29.20";
private List issuerNames;
private BigInteger maxCrlNumber;
private BigInteger minCrlNumber;
private Date date;
private X509Certificate cert;
// Constructor.
// -------------------------------------------------------------------------
/**
* Creates a new CRL selector with no criteria enabled; i.e., every CRL
* will be matched.
*/
public X509CRLSelector()
{
}
// Instance methods.
// -------------------------------------------------------------------------
/**
* Add an issuer name to the set of issuer names criteria, as the DER
* encoded form.
*
* @param name The name to add, as DER bytes.
* @throws IOException If the argument is not a valid DER-encoding.
*/
public void addIssuerName(byte[] name) throws IOException
{
X500Principal p = null;
try
{
p = new X500Principal(name);
}
catch (IllegalArgumentException iae)
{
IOException ioe = new IOException("malformed name");
ioe.initCause(iae);
throw ioe;
}
if (issuerNames == null)
issuerNames = new LinkedList();
issuerNames.add(p);
}
/**
* Add an issuer name to the set of issuer names criteria, as a
* String representation.
*
* @param name The name to add.
* @throws IOException If the argument is not a valid name.
*/
public void addIssuerName(String name) throws IOException
{
X500Principal p = null;
try
{
p = new X500Principal(name);
}
catch (IllegalArgumentException iae)
{
IOException ioe = new IOException("malformed name: " + name);
ioe.initCause(iae);
throw ioe;
}
if (issuerNames == null)
issuerNames = new LinkedList();
issuerNames.add(p);
}
/**
* Sets the issuer names criterion. Pass <code>null</code> to clear this
* value. CRLs matched by this selector must have an issuer name in this
* set.
*
* @param names The issuer names.
* @throws IOException If any of the elements in the collection is not
* a valid name.
*/
public void setIssuerNames(Collection names) throws IOException
{
if (names == null)
{
issuerNames = null;
return;
}
List l = new ArrayList(names.size());
for (Iterator it = names.iterator(); it.hasNext(); )
{
Object o = it.next();
if (o instanceof X500Principal)
l.add(o);
else if (o instanceof String)
{
try
{
l.add(new X500Principal((String) o));
}
catch (IllegalArgumentException iae)
{
IOException ioe = new IOException("malformed name: " + o);
ioe.initCause(iae);
throw ioe;
}
}
else if (o instanceof byte[])
{
try
{
l.add(new X500Principal((byte[]) o));
}
catch (IllegalArgumentException iae)
{
IOException ioe = new IOException("malformed name");
ioe.initCause(iae);
throw ioe;
}
}
else if (o instanceof InputStream)
{
try
{
l.add(new X500Principal((InputStream) o));
}
catch (IllegalArgumentException iae)
{
IOException ioe = new IOException("malformed name");
ioe.initCause(iae);
throw ioe;
}
}
else
throw new IOException("not a valid name: " +
(o != null ? o.getClass().getName() : "null"));
}
issuerNames = l;
}
/**
* Returns the set of issuer names that are matched by this selector,
* or <code>null</code> if this criteria is not set. The returned
* collection is not modifiable.
*
* @return The set of issuer names.
*/
public Collection getIssuerNames()
{
if (issuerNames != null)
return Collections.unmodifiableList(issuerNames);
else
return null;
}
/**
* Returns the maximum value of the CRLNumber extension present in
* CRLs matched by this selector, or <code>null</code> if this
* criteria is not set.
*
* @return The maximum CRL number.
*/
public BigInteger getMaxCRL()
{
return maxCrlNumber;
}
/**
* Returns the minimum value of the CRLNumber extension present in
* CRLs matched by this selector, or <code>null</code> if this
* criteria is not set.
*
* @return The minimum CRL number.
*/
public BigInteger getMinCRL()
{
return minCrlNumber;
}
/**
* Sets the maximum value of the CRLNumber extension present in CRLs
* matched by this selector. Specify <code>null</code> to clear this
* criterion.
*
* @param maxCrlNumber The maximum CRL number.
*/
public void setMaxCRLNumber(BigInteger maxCrlNumber)
{
this.maxCrlNumber = maxCrlNumber;
}
/**
* Sets the minimum value of the CRLNumber extension present in CRLs
* matched by this selector. Specify <code>null</code> to clear this
* criterion.
*
* @param minCrlNumber The minimum CRL number.
*/
public void setMinCRLNumber(BigInteger minCrlNumber)
{
this.minCrlNumber = minCrlNumber;
}
/**
* Returns the date when this CRL must be valid; that is, the date
* must be after the thisUpdate date, but before the nextUpdate date.
* Returns <code>null</code> if this criterion is not set.
*
* @return The date.
*/
public Date getDateAndTime()
{
return date != null ? (Date) date.clone() : null;
}
/**
* Sets the date at which this CRL must be valid. Specify
* <code>null</code> to clear this criterion.
*
* @param date The date.
*/
public void setDateAndTime(Date date)
{
this.date = date != null ? (Date) date.clone() : null;
}
/**
* Returns the certificate being checked, or <code>null</code> if this
* value is not set.
*
* @return The certificate.
*/
public X509Certificate getCertificateChecking()
{
return cert;
}
/**
* Sets the certificate being checked. This is not a criterion, but
* info used by certificate store implementations to aid in searching.
*
* @param cert The certificate.
*/
public void setCertificateChecking(X509Certificate cert)
{
this.cert = cert;
}
/**
* Returns a string representation of this selector. The string will
* only describe the enabled criteria, so if none are enabled this will
* return a string that contains little else besides the class name.
*
* @return The string.
*/
public String toString()
{
StringBuffer str = new StringBuffer(X509CRLSelector.class.getName());
String nl = SystemProperties.getProperty("line.separator");
String eol = ";" + nl;
str.append(" {").append(nl);
if (issuerNames != null)
str.append(" issuer names = ").append(issuerNames).append(eol);
if (maxCrlNumber != null)
str.append(" max CRL = ").append(maxCrlNumber).append(eol);
if (minCrlNumber != null)
str.append(" min CRL = ").append(minCrlNumber).append(eol);
if (date != null)
str.append(" date = ").append(date).append(eol);
if (cert != null)
str.append(" certificate = ").append(cert).append(eol);
str.append("}").append(nl);
return str.toString();
}
/**
* Checks a CRL against the criteria of this selector, returning
* <code>true</code> if the given CRL matches all the criteria.
*
* @param _crl The CRL being checked.
* @return True if the CRL matches, false otherwise.
*/
public boolean match(CRL _crl)
{
if (!(_crl instanceof X509CRL))
return false;
X509CRL crl = (X509CRL) _crl;
if (issuerNames != null)
{
if (!issuerNames.contains(crl.getIssuerX500Principal()))
return false;
}
BigInteger crlNumber = null;
if (maxCrlNumber != null)
{
byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
if (b == null)
return false;
try
{
DERValue val = DERReader.read(b);
if (!(val.getValue() instanceof BigInteger))
return false;
crlNumber = (BigInteger) val.getValue();
}
catch (IOException ioe)
{
return false;
}
if (maxCrlNumber.compareTo(crlNumber) < 0)
return false;
}
if (minCrlNumber != null)
{
if (crlNumber == null)
{
byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
if (b == null)
return false;
try
{
DERValue val = DERReader.read(b);
if (!(val.getValue() instanceof BigInteger))
return false;
crlNumber = (BigInteger) val.getValue();
}
catch (IOException ioe)
{
return false;
}
}
if (minCrlNumber.compareTo(crlNumber) > 0)
return false;
}
if (date != null)
{
if (date.compareTo(crl.getThisUpdate()) < 0 ||
date.compareTo(crl.getNextUpdate()) > 0)
return false;
}
return true;
}
/**
* Returns a copy of this object.
*
* @return The copy.
*/
public Object clone()
{
try
{
return super.clone();
}
catch (CloneNotSupportedException shouldNotHappen)
{
throw new Error(shouldNotHappen);
}
}
}

1106
libjava/classpath/java/security/cert/X509CertSelector.java Normal file
View file

File diff suppressed because it is too large Load diff

588
libjava/classpath/java/security/cert/X509Certificate.java Normal file
View file

@ -0,0 +1,588 @@
/* X509Certificate.java --- X.509 Certificate class
Copyright (C) 1999,2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.math.BigInteger;
import java.security.Principal;
import java.util.Date;
/**
* X509Certificate is the abstract class for X.509 certificates.
* This provides a stanard class interface for accessing all
* the attributes of X.509 certificates.
*
* <p>In June 1996, the basic X.509 v3 format was finished by
* ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
*
* <blockquote><pre>
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
* </pre></blockquote>
*
* <p>These certificates are widely used in various Internet
* protocols to support authentication. It is used in
* Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
* Secure Sockets Layer (SSL), code signing for trusted software
* distribution, and Secure Electronic Transactions (SET).
*
* <p>The certificates are managed and vouched for by
* <I>Certificate Authorities</I> (CAs). CAs are companies or
* groups that create certificates by placing the data in the
* X.509 certificate format and signing it with their private
* key. CAs serve as trusted third parties by certifying that
* the person or group specified in the certificate is who
* they say they are.
*
* <p>The ASN.1 defintion for <I>tbsCertificate</I> is
*
* <blockquote><pre>
* TBSCertificate ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* serialNumber CertificateSerialNumber,
* signature AlgorithmIdentifier,
* issuer Name,
* validity Validity,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* extensions [3] EXPLICIT Extensions OPTIONAL
* -- If present, version shall be v3
* }
*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*
* CertificateSerialNumber ::= INTEGER
*
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time }
*
* Time ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
*
* UniqueIdentifier ::= BIT STRING
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING }
* </pre></blockquote>
*
* Certificates are created with the CertificateFactory.
*
* <p>References:
*
* <ol>
* <li>Olivier Dubuisson, Philippe Fouquart (Translator) <i>ASN.1 -
* Communication between heterogeneous systems</i>, (C) September 2000,
* Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at
* <a
* href="http://www.oss.com/asn1/dubuisson.html">http://www.oss.com/asn1/dubuisson.html</a></li>
* <li>R. Housley et al, <i><a href="http://www.ietf.org/rfc/rfc3280.txt">RFC
* 3280: Internet X.509 Public Key Infrastructure Certificate and CRL
* Profile</a></i>.</li>
* </ol>
*
* @since JDK 1.2
* @author Mark Benvenuto
* @author Casey Marshall (rsdio@metastatic.org)
*/
public abstract class X509Certificate
extends java.security.cert.Certificate // XXX workaround for gcj bug #17845
implements X509Extension
{
private static final long serialVersionUID = -2491127588187038216L;
/**
* Constructs a new certificate of the specified type.
*/
protected X509Certificate()
{
super( "X.509" );
}
/**
Checks the validity of the X.509 certificate. It is valid
if the current date and time are within the period specified
by the certificate.
The ASN.1 DER encoding is:
validity Validity,
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@throws CertificateExpiredException if the certificate expired
@throws CertificateNotYetValidException if the certificate is
not yet valid
*/
public abstract void checkValidity()
throws CertificateExpiredException,
CertificateNotYetValidException;
/**
Checks the validity of the X.509 certificate for the
specified time and date. It is valid if the specified
date and time are within the period specified by
the certificate.
@throws CertificateExpiredException if the certificate expired
based on the date
@throws CertificateNotYetValidException if the certificate is
not yet valid based on the date
*/
public abstract void checkValidity(Date date)
throws CertificateExpiredException,
CertificateNotYetValidException;
/**
Returns the version of this certificate.
The ASN.1 DER encoding is:
version [0] EXPLICIT Version DEFAULT v1,
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Consult rfc2459 for more information.
@return version number of certificate
*/
public abstract int getVersion();
/**
Gets the serial number for serial Number in
this Certifcate. It must be a unique number
unique other serial numbers from the granting CA.
The ASN.1 DER encoding is:
serialNumber CertificateSerialNumber,
CertificateSerialNumber ::= INTEGER
Consult rfc2459 for more information.
@return the serial number for this X509CRLEntry.
*/
public abstract BigInteger getSerialNumber();
/**
Returns the issuer (issuer distinguished name) of the
Certificate. The issuer is the entity who signed
and issued the Certificate.
The ASN.1 DER encoding is:
issuer Name,
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1.. MAX)),
bmpString BMPString (SIZE (1..MAX)) }
Consult rfc2459 for more information.
@return the issuer in the Principal class
*/
public abstract Principal getIssuerDN();
/**
Returns the subject (subject distinguished name) of the
Certificate. The subject is the entity who the Certificate
identifies.
The ASN.1 DER encoding is:
subject Name,
Consult rfc2459 for more information.
@return the issuer in the Principal class
*/
public abstract Principal getSubjectDN();
/**
Returns the date that this certificate is not to be used
before, <I>notBefore</I>.
The ASN.1 DER encoding is:
validity Validity,
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Consult rfc2459 for more information.
@return the date <I>notBefore</I>
*/
public abstract Date getNotBefore();
/**
Returns the date that this certificate is not to be used
after, <I>notAfter</I>.
@return the date <I>notAfter</I>
*/
public abstract Date getNotAfter();
/**
Returns the <I>tbsCertificate</I> from the certificate.
@return the DER encoded tbsCertificate
@throws CertificateEncodingException if encoding error occurred
*/
public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
/**
Returns the signature in its raw DER encoded format.
The ASN.1 DER encoding is:
signatureValue BIT STRING
Consult rfc2459 for more information.
@return byte array representing signature
*/
public abstract byte[] getSignature();
/**
Returns the signature algorithm used to sign the CRL.
An examples is "SHA-1/DSA".
The ASN.1 DER encoding is:
signatureAlgorithm AlgorithmIdentifier,
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Consult rfc2459 for more information.
The algorithm name is determined from the OID.
@return a string with the signature algorithm name
*/
public abstract String getSigAlgName();
/**
Returns the OID for the signature algorithm used.
Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
The ASN.1 DER encoding for the example is:
id-dsa-with-sha1 ID ::= {
iso(1) member-body(2) us(840) x9-57 (10040)
x9cm(4) 3 }
Consult rfc2459 for more information.
@return a string containing the OID.
*/
public abstract String getSigAlgOID();
/**
Returns the AlgorithmParameters in the encoded form
for the signature algorithm used.
If access to the parameters is need, create an
instance of AlgorithmParameters.
@return byte array containing algorithm parameters, null
if no parameters are present in certificate
*/
public abstract byte[] getSigAlgParams();
/**
Returns the issuer unique ID for this certificate.
The ASN.1 DER encoding is:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
UniqueIdentifier ::= BIT STRING
Consult rfc2459 for more information.
@return bit representation of <I>issuerUniqueID</I>
*/
public abstract boolean[] getIssuerUniqueID();
/**
Returns the subject unique ID for this certificate.
The ASN.1 DER encoding is:
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
UniqueIdentifier ::= BIT STRING
Consult rfc2459 for more information.
@return bit representation of <I>subjectUniqueID</I>
*/
public abstract boolean[] getSubjectUniqueID();
/**
Returns a boolean array representing the <I>KeyUsage</I>
extension for the certificate. The KeyUsage (OID = 2.5.29.15)
defines the purpose of the key in the certificate.
The ASN.1 DER encoding is:
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
Consult rfc2459 for more information.
@return bit representation of <I>KeyUsage</I>
*/
public abstract boolean[] getKeyUsage();
/**
Returns the certificate constraints path length from the
critical BasicConstraints extension, (OID = 2.5.29.19).
The basic constraints extensions is used to determine if
the subject of the certificate is a Certificate Authority (CA)
and how deep the certification path may exist. The
<I>pathLenConstraint</I> only takes affect if <I>cA</I>
is set to true. "A value of zero indicates that only an
end-entity certificate may follow in the path." (rfc2459)
The ASN.1 DER encoding is:
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
Consult rfc2459 for more information.
@return the length of the path constraint if BasicConstraints
is present and cA is TRUE. Otherwise returns -1.
*/
public abstract int getBasicConstraints();
// 1.4 instance methods.
// ------------------------------------------------------------------------
/**
* Returns the <code>ExtendedKeyUsage</code> extension of this
* certificate, or null if there is no extension present. The returned
* value is a {@link java.util.List} strings representing the object
* identifiers of the extended key usages. This extension has the OID
* 2.5.29.37.
*
* <p>The ASN.1 definition for this extension is:
*
* <blockquote><pre>
* ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
*
* KeyPurposeId ::= OBJECT IDENTIFIER
* </pre></blockquote>
*
* @return The list of extension OIDs, or null if there are none
* present in this certificate.
* @throws CertificateParsingException If this extension cannot be
* parsed from its encoded form.
*/
public java.util.List getExtendedKeyUsage()
throws CertificateParsingException
{
throw new UnsupportedOperationException();
}
/**
* Returns the alternative names for this certificate's subject (the
* owner), or null if there are none.
*
* <p>This is an X.509 extension with OID 2.5.29.17 and is defined by
* the ASN.1 construction:
*
* <blockquote><pre>
* SubjectAltNames ::= GeneralNames
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
* GeneralName ::= CHOICE {
* otherName [0] OtherName,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
* }
* </pre></blockquote>
*
* <p>The returned collection contains one or more two-element Lists,
* with the first object being an Integer representing the choice
* above (with value 0 through 8) and the second being an (a) String
* if the <code>GeneralName</code> is a rfc822Name, dNSName,
* uniformResourceIdentifier, iPAddress, or registeredID, or (b) a
* byte array of the DER encoded form for any others.
*
* @return The collection of alternative names, or null if there are
* none.
* @throws CertificateParsingException If the encoded extension cannot
* be parsed.
* @since JDK 1.4
*/
public java.util.Collection getSubjectAlternativeNames()
throws CertificateParsingException
{
throw new UnsupportedOperationException();
}
/**
* Returns the alternative names for this certificate's issuer, or
* null if there are none.
*
* <p>This is an X.509 extension with OID 2.5.29.18, and is defined by
* the ASN.1 construction:
*
* <blockquote><pre>
* IssuerAltNames ::= GeneralNames
* </pre></blockquote>
*
* <p>The <code>GeneralNames</code> construct and the form of the
* returned collection are the same as with {@link
* #getSubjectAlternativeNames()}.
*
* @return The collection of alternative names, or null if there are
* none.
* @throws CertificateParsingException If the encoded extension cannot
* be parsed.
* @since JDK 1.4
*/
public java.util.Collection getIssuerAlternativeNames()
throws CertificateParsingException
{
throw new UnsupportedOperationException();
}
/**
* Returns the X.500 distinguished name of this certificate's subject.
*
* @return The subject's X.500 distinguished name.
* @since JDK 1.4
*/
public javax.security.auth.x500.X500Principal getSubjectX500Principal()
{
throw new UnsupportedOperationException();
}
/**
* Returns the X.500 distinguished name of this certificate's issuer.
*
* @return The issuer's X.500 distinguished name.
* @since JDK 1.4
*/
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
{
throw new UnsupportedOperationException();
}
}

113
libjava/classpath/java/security/cert/X509Extension.java Normal file
View file

@ -0,0 +1,113 @@
/* X509Extension.java --- X.509 Extension
Copyright (C) 1999 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package java.security.cert;
import java.util.Set;
/**
Public interface for the X.509 Extension.
This is used for X.509 v3 Certificates and CRL v2 (Certificate
Revocation Lists) for managing attributes assoicated with
Certificates, for managing the hierarchy of certificates,
and for managing the distribution of CRL. This extension
format is used to define private extensions.
Each extensions for a certificate or CRL must be marked
either critical or non-critical. If the certificate/CRL
system encounters a critical extension not recognized then
it must reject the certificate. A non-critical extension
may be just ignored if not recognized.
The ASN.1 definition for this class is:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
}
@author Mark Benvenuto
@since JDK 1.2
*/
public interface X509Extension
{
/**
Returns true if the certificate contains a critical extension
that is not supported.
@return true if has unsupported extension, false otherwise
*/
boolean hasUnsupportedCriticalExtension();
/**
Returns a set of the CRITICAL extension OIDs from the
certificate/CRL that the object implementing this interface
manages.
@return A Set containing the OIDs. If there are no CRITICAL
extensions or extensions at all this returns null.
*/
Set getCriticalExtensionOIDs();
/**
Returns a set of the NON-CRITICAL extension OIDs from the
certificate/CRL that the object implementing this interface
manages.
@return A Set containing the OIDs. If there are no NON-CRITICAL
extensions or extensions at all this returns null.
*/
Set getNonCriticalExtensionOIDs();
/**
Returns the DER encoded OCTET string for the specified
extension value identified by a OID. The OID is a string
of number separated by periods. Ex: 12.23.45.67
*/
byte[] getExtensionValue(String oid);
}

46
libjava/classpath/java/security/cert/package.html Normal file
View file

@ -0,0 +1,46 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!-- package.html - describes classes in java.security.cert package.
Copyright (C) 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. -->
<html>
<head><title>GNU Classpath - java.security.cert</title></head>
<body>
<p></p>
</body>
</html>