diff options
| author | Andreas Tobler <andreast@gcc.gnu.org> | 2004-11-15 21:02:08 +0100 |
|---|---|---|
| committer | Andreas Tobler <andreast@gcc.gnu.org> | 2004-11-15 21:02:08 +0100 |
| commit | 507148866c2116c2d15dadc4b1609eb21ce88a45 (patch) | |
| tree | 397eb5fe893a7d4cba478362f2a48f749834452d /libjava/gnu/java/security/x509/X509CRLEntry.java | |
| parent | fcb94d103b1e287f95bb7de1c582a25223529654 (diff) | |
| download | gcc-507148866c2116c2d15dadc4b1609eb21ce88a45.zip gcc-507148866c2116c2d15dadc4b1609eb21ce88a45.tar.gz gcc-507148866c2116c2d15dadc4b1609eb21ce88a45.tar.bz2 | |
004-11-15 Andreas Tobler <a.tobler@schweiz.ch>
Import/Merge the X.509 certificate code from Classpath.
* Makefile.am: Add imported files.
* Makefile.in: Regenerate.
2004-11-07 Casey Marshall <csm@gnu.org>
* gnu/java/security/provider/Gnu.java(<init>): Add entries in a
priviliged action. Add new algorithms.
* gnu/java/security/provider/X509CertificateFactory.java
(engineGenerateCertificate): Chain exceptions.
(engineGenerateCertificates): Likewise.
(engineGenerateCRL): Likewise.
(engineGenerateCRLs): Likewise.
(engineGenerateCertPath): New methods.
(generateCert): Throw exception if 'inStream' is null.
(generateCRL): Likewise.
* gnu/java/security/x509/X500DistinguishedName.java: Replaced with
version from GNU Crypto CVS.
* gnu/java/security/x509/X509CRL.java: Likewise.
* gnu/java/security/x509/X509CRLEntry.java: Likewise.
* gnu/java/security/x509/X509Certificate.java: Likewise.
* java/security/cert/TrustAnchor.java: Call 'toString' and not
toRFC2253.
* gnu/java/security/provider/CollectionCertStoreImpl.java,
* gnu/java/security/provider/EncodedKeyFactory.java,
* gnu/java/security/provider/GnuDHPublicKey.java,
* gnu/java/security/provider/GnuRSAPrivateKey.java,
* gnu/java/security/provider/GnuRSAPublicKey.java,
* gnu/java/security/provider/MD2withRSA.java,
* gnu/java/security/provider/MD4withRSA.java,
* gnu/java/security/provider/MD5withRSA.java,
* gnu/java/security/provider/PKIXCertPathValidatorImpl.java,
* gnu/java/security/provider/RSA.java,
* gnu/java/security/provider/RSAKeyFactory.java,
* gnu/java/security/provider/SHA1withRSA.java,
* gnu/java/security/x509/GnuPKIExtension.java,
* gnu/java/security/x509/PolicyNodeImpl.java,
* gnu/java/security/x509/Util.java,
* gnu/java/security/x509/X509CRLSelectorImpl.java,
* gnu/java/security/x509/X509CertPath.java,
* gnu/java/security/x509/X509CertSelectorImpl.java,
* gnu/java/security/x509/ext/AuthorityKeyIdentifier.java,
* gnu/java/security/x509/ext/BasicConstraints.java,
* gnu/java/security/x509/ext/CRLNumber.java,
* gnu/java/security/x509/ext/CertificatePolicies.java,
* gnu/java/security/x509/ext/ExtendedKeyUsage.java,
* gnu/java/security/x509/ext/Extension.java,
* gnu/java/security/x509/ext/GeneralNames.java,
* gnu/java/security/x509/ext/IssuerAlternativeNames.java,
* gnu/java/security/x509/ext/KeyUsage.java,
* gnu/java/security/x509/ext/PolicyConstraint.java,
* gnu/java/security/x509/ext/PolicyMappings.java,
* gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java,
* gnu/java/security/x509/ext/ReasonCode.java,
* gnu/java/security/x509/ext/SubjectAlternativeNames.java,
* gnu/java/security/x509/ext/SubjectKeyIdentifier.java: New files.
2004-11-07 Casey Marshall <csm@gnu.org>
* gnu/java/security/x509/X509CRL.java:
Missed import statements in previous checkin.
2004-11-07 Casey Marshall <csm@gnu.org>
* gnu/java/security/x509/X509CertPath.java (parse): Fixed reference
to 'X509CertificateImpl' from previous checkin.
From-SVN: r90682
Diffstat (limited to 'libjava/gnu/java/security/x509/X509CRLEntry.java')
| -rw-r--r-- | libjava/gnu/java/security/x509/X509CRLEntry.java | 149 |
1 files changed, 97 insertions, 52 deletions
diff --git a/libjava/gnu/java/security/x509/X509CRLEntry.java b/libjava/gnu/java/security/x509/X509CRLEntry.java index 4057c60..252737c 100644 --- a/libjava/gnu/java/security/x509/X509CRLEntry.java +++ b/libjava/gnu/java/security/x509/X509CRLEntry.java @@ -1,5 +1,5 @@ -/* X509CRLEntry.java -- entry in a X.509 CRL. - Copyright (C) 2003 Free Software Foundation, Inc. +/* X509CRLEntry.java -- an entry in a X.509 CRL. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -45,17 +45,17 @@ import java.math.BigInteger; import java.security.cert.CRLException; +import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; +import java.util.Iterator; import java.util.Set; -import gnu.java.io.ASN1ParsingException; import gnu.java.security.OID; -import gnu.java.security.der.DERReader; -import gnu.java.security.der.DERValue; -import gnu.java.security.der.DERWriter; +import gnu.java.security.der.*; +import gnu.java.security.x509.ext.*; /** * A single entry in a X.509 certificate revocation list. @@ -64,11 +64,22 @@ import gnu.java.security.der.DERWriter; * @author Casey Marshall */ class X509CRLEntry extends java.security.cert.X509CRLEntry + implements GnuPKIExtension { // Constants and fields. // ------------------------------------------------------------------------ + private static final boolean DEBUG = false; + private static void debug(String msg) + { + if (DEBUG) + { + System.err.print(">> X509CRLEntry: "); + System.err.println(msg); + } + } + /** The DER encoded form of this CRL entry. */ private byte[] encoded; @@ -78,15 +89,9 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry /** The date the certificate was revoked. */ private Date revocationDate; - /** The encoded extensions. */ + /** The CRL entry extensions. */ private HashMap extensions; - /** The set of critical extension OIDs. */ - private HashSet critOids; - - /** the set of non-critical extension OIDs. */ - private HashSet nonCritOids; - // Constructor. // ------------------------------------------------------------------------ @@ -99,13 +104,11 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry * @throws CRLException If the ASN.1 structure is invalid. * @throws IOException If the bytes cannot be read. */ - X509CRLEntry(int version, InputStream encoded) + X509CRLEntry(int version, DERReader encoded) throws CRLException, IOException { super(); extensions = new HashMap(); - critOids = new HashSet(); - nonCritOids = new HashSet(); try { parse(version, encoded); @@ -125,8 +128,10 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry public boolean equals(Object o) { - return ((X509CRLEntry) o).serialNo.equals(serialNo) && - ((X509CRLEntry) o).revocationDate.equals(revocationDate); + if (!(o instanceof X509CRLEntry)) + return false; + return ((X509CRLEntry) o).getSerialNumber().equals(serialNo) && + ((X509CRLEntry) o).getRevocationDate().equals(revocationDate); } public int hashCode() @@ -157,79 +162,119 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry public String toString() { return "X509CRLEntry serial=" + serialNo + " revocation date=" - + revocationDate + " critExt=" + critOids + " ext=" + nonCritOids; + + revocationDate + " ext=" + extensions; } // X509Extension methods. - // ------------------------------------------------------------------------ + // ------------------------------------------------------------------------- public boolean hasUnsupportedCriticalExtension() { - return false; // XXX + for (Iterator it = extensions.values().iterator(); it.hasNext(); ) + { + Extension e = (Extension) it.next(); + if (e.isCritical() && !e.isSupported()) + return true; + } + return false; } public Set getCriticalExtensionOIDs() { - return Collections.unmodifiableSet(critOids); + HashSet s = new HashSet(); + for (Iterator it = extensions.values().iterator(); it.hasNext(); ) + { + Extension e = (Extension) it.next(); + if (e.isCritical()) + s.add(e.getOid().toString()); + } + return Collections.unmodifiableSet(s); } public Set getNonCriticalExtensionOIDs() { - return Collections.unmodifiableSet(nonCritOids); + HashSet s = new HashSet(); + for (Iterator it = extensions.values().iterator(); it.hasNext(); ) + { + Extension e = (Extension) it.next(); + if (!e.isCritical()) + s.add(e.getOid().toString()); + } + return Collections.unmodifiableSet(s); } public byte[] getExtensionValue(String oid) { - byte[] ext = (byte[]) extensions.get(oid); - if (ext != null) - return (byte[]) ext.clone(); + Extension e = getExtension(new OID(oid)); + if (e != null) + { + return e.getValue().getEncoded(); + } return null; } + // GnuPKIExtension method. + // ------------------------------------------------------------------------- + + public Extension getExtension(OID oid) + { + return (Extension) extensions.get(oid); + } + + public Collection getExtensions() + { + return extensions.values(); + } + // Own methods. - // ------------------------------------------------------------------------ + // ------------------------------------------------------------------------- - private void parse(int version, InputStream in) throws Exception + private void parse(int version, DERReader der) throws Exception { - DERReader der = new DERReader(in); + // RevokedCertificate ::= SEQUENCE { DERValue entry = der.read(); + debug("start CRL entry len == " + entry.getLength()); if (!entry.isConstructed()) - throw new ASN1ParsingException("malformed revokedCertificate"); + throw new IOException("malformed revokedCertificate"); encoded = entry.getEncoded(); int len = 0; + + debug("encoded entry:\n" + Util.hexDump(encoded, ">>>> ")); + + // userCertificate CertificateSerialNumber, DERValue val = der.read(); serialNo = (BigInteger) val.getValue(); - len += DERWriter.definiteEncodingSize(val.getLength()) - + val.getLength() + 1; + len += val.getEncodedLength(); + debug("userCertificate == " + serialNo + " current count == " + len); + + // revocationDate Time, val = der.read(); revocationDate = (Date) val.getValue(); - len += DERWriter.definiteEncodingSize(val.getLength()) - + val.getLength() + 1; + len += val.getEncodedLength(); + debug("revocationDate == " + revocationDate + " current count == " + len); + // crlEntryExtensions Extensions OPTIONAL + // -- if present MUST be v2 if (len < entry.getLength()) { if (version < 2) - throw new ASN1ParsingException("extra data in CRL entry"); - while (len < entry.getLength()) + throw new IOException("extra data in CRL entry"); + DERValue exts = der.read(); + if (!exts.isConstructed()) + throw new IOException("malformed Extensions"); + debug("start Extensions len == " + exts.getLength()); + len = 0; + while (len < exts.getLength()) { val = der.read(); if (!val.isConstructed()) - throw new ASN1ParsingException("malformed Extension"); - OID extOid = (OID) der.read().getValue(); - Boolean critical = Boolean.valueOf(false); - DERValue val2 = der.read(); - if (val2.getValue() instanceof Boolean) - { - critical = (Boolean) val2.getValue(); - val2 = der.read(); - } - byte[] ext = (byte[]) val2.getValue(); - extensions.put(extOid.toString(), ext); - if (critical.booleanValue()) - critOids.add(extOid.toString()); - else - nonCritOids.add(extOid.toString()); + throw new IOException("malformed Extension"); + debug("start Extension len == " + val.getLength()); + Extension e = new Extension(val.getEncoded()); + extensions.put(e.getOid(), e); + der.skip(val.getLength()); len += val.getEncodedLength(); + debug("current count == " + len); } } } |