diff options
| author | Mark Wielaard <mark@gcc.gnu.org> | 2005-02-16 23:11:06 +0000 |
|---|---|---|
| committer | Mark Wielaard <mark@gcc.gnu.org> | 2005-02-16 23:11:06 +0000 |
| commit | 2f6363f95e3124b5fe08279eeebe47c4a03dad71 (patch) | |
| tree | 3319a290dccac2cf50b974a8576c06ac7b98f424 /libjava/gnu | |
| parent | 4f2e0d5eccb106b4183ec00195dcf7a65d416692 (diff) | |
| download | gcc-2f6363f95e3124b5fe08279eeebe47c4a03dad71.zip gcc-2f6363f95e3124b5fe08279eeebe47c4a03dad71.tar.gz gcc-2f6363f95e3124b5fe08279eeebe47c4a03dad71.tar.bz2 | |
[multiple changes]
2005-02-16 Mark Wielaard <mark@klomp.org>
* Makefile.am (ordinary_java_source_files): Add new files
gnu/java/security/ber/BER.java,
gnu/java/security/ber/BEREncodingException.java,
gnu/java/security/ber/BERReader.java,
gnu/java/security/ber/BERValue.java,
gnu/java/security/pkcs/PKCS7SignedData.java and
gnu/java/security/pkcs/SignerInfo.java.
* Makefile.in: Regenerated.
2005-02-16 Casey Marshall <csm@gnu.org>
* gnu/java/security/provider/GnuDSAPrivateKey.java
(encodedKey): new field.
(getFormat): return "PKCS#8".
(getEncoded): implemented.
(toString): check for 'null' values.
* gnu/java/security/provider/GnuDSAPublicKey.java
(encodedKey): new field.
(getFormat): return "X.509".
(getEncoded): implemented.
(toString): check for 'null' values.
2005-02-16 Michael Koch <konqueror@gmx.de>
* java/util/jar/JarFile.java: Imports reworked.
2005-02-16 Mark Wielaard <mark@klomp.org>
* java/util/jar/JarFile.java (verify): Make package private.
(signaturesRead): Likewise.
(verified): Likewise.
(entryCerts): Likewise.
(DEBUG): Likewise.
(debug): Likewise.
(entries): Construct new JarEnumeration with reference to this.
(JarEnumeration): Make static.
(JarEnumeration.jarfile): New field.
(JarEnumeration.nextElement): Use and synchronize on jarfile.
Compare verified value to Boolean.TRUE or Boolean.False only
when verify is true.
(getEntry): Make synchronized. Compare value of verified to
Boolean.TRUE.
(getInputStream): Construct EntryInputStream with reference to this.
(getManifest): Make synchronized.
(EntryInputStream): Make static.
(EntryInputStream.jarfile): New field.
(EntryInputStream.EntryInputStream): Check if manifest exists,
before getting attributes.
(eof): Synchronize on jarfile.
2005-02-16 Casey Marshall <csm@gnu.org>
* java/util/jar/JarFile.java (verify): return if the jar is signed
with an unsupported algorithm.
2005-02-16 Mark Wielaard <mark@klomp.org>
* java/util/jar/JarFile.java (EntryInputStream): Add actual
InputStream as argument.
(getInputStream): Construct a new EntryInputStream with the result of
super.getInputStream(entry).
2005-02-16 Casey Marshall <csm@gnu.org>
Signed JAR file support.
* java/net/URLClassLoader.java
(JarURLResource.getCertificates): re-read jar entry to ensure
certificates are picked up.
(findClass): fill in class `signers' field, too.
* java/util/jar/JarFile.java (META_INF): new constant.
(PKCS7_DSA_SUFFIX): new constant.
(PKCS7_RSA_SUFFIX): new constant.
(DIGEST_KEY_SUFFIX): new constant.
(SF_SUFFIX): new constant.
(MD2_OID): new constant.
(MD4_OID): new constant.
(MD5_OID): new constant.
(SHA1_OID): new constant.
(DSA_ENCRYPTION_OID): new constant.
(RSA_ENCRYPTION_OID): new constant.
(signaturesRead): new field.
(verified): new field.
(entryCerts): new field.
(DEBUG): new constant.
(debug): new method.
(JarEnumeration.nextElement): fill in entry certificates, read
signatures if they haven't been read.
(getEntry): likewise.
(getInputStream): verify stream if it hasn't been verified yet.
(readSignatures): new method.
(verify): new method.
(verifyHashes): new method.
(readManifestEntry): new method.
(EntryInputStream): new class.
* gnu/java/io/Base64InputStream.java (decode): new class
method.
* gnu/java/security/der/DERReader.java don't make class
final.
(in): made protected.
(encBuf): likewise.
(readLength): likewise.
* gnu/java/security/ber/BER.java,
* gnu/java/security/ber/BEREncodingException.java,
* gnu/java/security/ber/BERReader.java,
* gnu/java/security/ber/BERValue.java,
* gnu/java/security/pkcs/PKCS7SignedData.java,
* gnu/java/security/pkcs/SignerInfo.java:
new files.
From-SVN: r95124
Diffstat (limited to 'libjava/gnu')
| -rw-r--r-- | libjava/gnu/java/io/Base64InputStream.java | 28 | ||||
| -rw-r--r-- | libjava/gnu/java/security/ber/BER.java | 46 | ||||
| -rw-r--r-- | libjava/gnu/java/security/ber/BEREncodingException.java | 54 | ||||
| -rw-r--r-- | libjava/gnu/java/security/ber/BERReader.java | 103 | ||||
| -rw-r--r-- | libjava/gnu/java/security/ber/BERValue.java | 82 | ||||
| -rw-r--r-- | libjava/gnu/java/security/der/DERReader.java | 46 | ||||
| -rw-r--r-- | libjava/gnu/java/security/pkcs/PKCS7SignedData.java | 363 | ||||
| -rw-r--r-- | libjava/gnu/java/security/pkcs/SignerInfo.java | 280 | ||||
| -rw-r--r-- | libjava/gnu/java/security/provider/GnuDSAPrivateKey.java | 67 | ||||
| -rw-r--r-- | libjava/gnu/java/security/provider/GnuDSAPublicKey.java | 57 |
10 files changed, 1094 insertions, 32 deletions
diff --git a/libjava/gnu/java/io/Base64InputStream.java b/libjava/gnu/java/io/Base64InputStream.java index 3780e95..617e831 100644 --- a/libjava/gnu/java/io/Base64InputStream.java +++ b/libjava/gnu/java/io/Base64InputStream.java @@ -1,5 +1,5 @@ /* Base64InputStream.java -- base-64 input stream. - Copyright (C) 2003 Free Software Foundation, Inc. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,6 +38,8 @@ exception statement from your version. */ package gnu.java.io; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.FilterInputStream; import java.io.IOException; import java.io.InputStream; @@ -90,6 +92,30 @@ public class Base64InputStream extends FilterInputStream eof = false; } + // Class method. + // ------------------------------------------------------------------------ + + /** + * Decode a single Base-64 string to a byte array. + * + * @param base64 The Base-64 encoded data. + * @return The decoded bytes. + * @throws IOException If the given data do not compose a valid Base-64 + * sequence. + */ + public static byte[] decode(String base64) throws IOException + { + Base64InputStream in = + new Base64InputStream(new ByteArrayInputStream(base64.getBytes())); + ByteArrayOutputStream out = + new ByteArrayOutputStream((int) (base64.length() / 0.666)); + byte[] buf = new byte[1024]; + int len; + while ((len = in.read(buf)) != -1) + out.write(buf, 0, len); + return out.toByteArray(); + } + // Instance methods. // ------------------------------------------------------------------------ diff --git a/libjava/gnu/java/security/ber/BER.java b/libjava/gnu/java/security/ber/BER.java new file mode 100644 index 0000000..ff666bf --- /dev/null +++ b/libjava/gnu/java/security/ber/BER.java @@ -0,0 +1,46 @@ +/* BER.java -- basic encoding rules (BER) constants. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.ber; + +import gnu.java.security.der.DER; + +public interface BER extends DER +{ + BERValue END_OF_SEQUENCE = new BERValue(0, null); +} diff --git a/libjava/gnu/java/security/ber/BEREncodingException.java b/libjava/gnu/java/security/ber/BEREncodingException.java new file mode 100644 index 0000000..5c3ed24 --- /dev/null +++ b/libjava/gnu/java/security/ber/BEREncodingException.java @@ -0,0 +1,54 @@ +/* BEREncodingException.java --- BER Encoding Exception + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.ber; + +import gnu.java.security.der.DEREncodingException; + +public class BEREncodingException extends DEREncodingException +{ + public BEREncodingException() + { + super (); + } + + public BEREncodingException (String msg) + { + super (msg); + } +} diff --git a/libjava/gnu/java/security/ber/BERReader.java b/libjava/gnu/java/security/ber/BERReader.java new file mode 100644 index 0000000..600d46b --- /dev/null +++ b/libjava/gnu/java/security/ber/BERReader.java @@ -0,0 +1,103 @@ +/* BERReader.java -- basic encoding rules (BER) reader. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.ber; + +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; + +public class BERReader extends DERReader implements BER +{ + + /** + * Create a new DER reader from a byte array. + * + * @param in The encoded bytes. + */ + public BERReader(byte[] in) + { + super(in); + } + + public BERReader (byte[] in, int off, int len) + { + super(in, off, len); + } + + /** + * Create a new DER readed from an input stream. + * + * @param in The encoded bytes. + */ + public BERReader(InputStream in) + { + super(in); + } + + public DERValue read() throws IOException + { + in.mark(2); + int tag = in.read(); + if (tag == -1) + throw new EOFException(); + int length = in.read(); + if (length == 0) + { + if (tag == 0) + return END_OF_SEQUENCE; + return new BERValue(tag, CONSTRUCTED_VALUE, new byte[] { (byte) tag, 0 }); + } + else + { + in.reset(); + return super.read(); + } + } + + public int peek() throws IOException + { + in.mark(1); + int ret = in.read(); + in.reset(); + return ret; + } +} diff --git a/libjava/gnu/java/security/ber/BERValue.java b/libjava/gnu/java/security/ber/BERValue.java new file mode 100644 index 0000000..dd4364a --- /dev/null +++ b/libjava/gnu/java/security/ber/BERValue.java @@ -0,0 +1,82 @@ +/* BERReader.java -- basic encoding rules (BER) value. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.ber; + +import gnu.java.security.der.DERValue; + +public class BERValue extends DERValue +{ + + private boolean indefinite; + + public BERValue(int tag, Object value, byte[] encoded) + { + super(tag, 0, value, encoded); + indefinite = true; + } + + public BERValue(int tag, int length, Object value, byte[] encoded) + { + super(tag, length, value, encoded); + } + + public BERValue(int tag, Object value) + { + super(tag, 0, value, null); + } + + public static boolean isIndefinite(DERValue value) + { + if (value instanceof BERValue) + return ((BERValue) value).getIndefinite(); + return false; + } + + public boolean getIndefinite() + { + return indefinite; + } + + public int getLength() + { + if (indefinite) + return 0; + return super.getLength(); + } +} diff --git a/libjava/gnu/java/security/der/DERReader.java b/libjava/gnu/java/security/der/DERReader.java index 7d7174d..688b509 100644 --- a/libjava/gnu/java/security/der/DERReader.java +++ b/libjava/gnu/java/security/der/DERReader.java @@ -62,15 +62,15 @@ import gnu.java.security.OID; * * @author Casey Marshall (csm@gnu.org) */ -public final class DERReader implements DER +public class DERReader implements DER { // Fields. // ------------------------------------------------------------------------ - private InputStream in; + protected InputStream in; - private final ByteArrayOutputStream encBuf; + protected final ByteArrayOutputStream encBuf; // Constructor. // ------------------------------------------------------------------------ @@ -185,6 +185,26 @@ public final class DERReader implements DER return value; } + protected int readLength() throws IOException + { + int i = in.read(); + if (i == -1) + throw new EOFException(); + encBuf.write(i); + if ((i & ~0x7F) == 0) + { + return i; + } + else if (i < 0xFF) + { + byte[] octets = new byte[i & 0x7F]; + in.read(octets); + encBuf.write(octets); + return new BigInteger(1, octets).intValue(); + } + throw new DEREncodingException(); + } + // Own methods. // ------------------------------------------------------------------------ @@ -236,26 +256,6 @@ public final class DERReader implements DER } } - private int readLength() throws IOException - { - int i = in.read(); - if (i == -1) - throw new EOFException(); - encBuf.write(i); - if ((i & ~0x7F) == 0) - { - return i; - } - else if (i < 0xFF) - { - byte[] octets = new byte[i & 0x7F]; - in.read(octets); - encBuf.write(octets); - return new BigInteger(1, octets).intValue(); - } - throw new DEREncodingException(); - } - private static String makeString(int tag, byte[] value) throws IOException { diff --git a/libjava/gnu/java/security/pkcs/PKCS7SignedData.java b/libjava/gnu/java/security/pkcs/PKCS7SignedData.java new file mode 100644 index 0000000..5c2a98a --- /dev/null +++ b/libjava/gnu/java/security/pkcs/PKCS7SignedData.java @@ -0,0 +1,363 @@ +/* PKCS7SignedData.java -- reader for PKCS#7 signedData objects. + Copyright (C) 2004 Free Software Foundation, Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.pkcs; + +import gnu.java.security.OID; +import gnu.java.security.ber.BER; +import gnu.java.security.ber.BEREncodingException; +import gnu.java.security.ber.BERReader; +import gnu.java.security.ber.BERValue; +import gnu.java.security.der.DERValue; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; + +import java.math.BigInteger; + +import java.security.cert.CRL; +import java.security.cert.CRLException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +/** + * The SignedData object in PKCS #7. This is a read-only implementation of + * this format, and is used to provide signed Jar file support. + * + * @author Casey Marshall (csm@gnu.org) + */ +public class PKCS7SignedData +{ + + public static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1"); + public static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2"); + + private BigInteger version; + private Set digestAlgorithms; + private OID contentType; + private byte[] content; + private Certificate[] certificates; + private CRL[] crls; + private Set signerInfos; + + private static final boolean DEBUG = false; + private static void debug(String msg) + { + System.err.print("PKCS7SignedData >> "); + System.err.println(msg); + } + + public PKCS7SignedData(InputStream in) + throws CRLException, CertificateException, IOException + { + this(new BERReader(in)); + } + + /** + * Parse an encoded PKCS#7 SignedData object. The ASN.1 format of this + * object is: + * + * <pre> + * SignedData ::= SEQUENCE { + * version Version, + * digestAlgorithms DigestAlgorithmIdentifiers, + * contentInfo ContentInfo, + * certificates + * [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, + * crls + * [1] IMPLICIT CertificateRevocationLists OPTIONAL, + * signerInfos SignerInfos } + * + * Version ::= INTEGER + * + * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + * + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * + * ContentInfo ::= SEQUENCE { + * contentType ContentType, + * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } + * + * ContentType ::= OBJECT IDENTIFIER + * + * ExtendedCertificatesAndCertificates ::= + * SET OF ExtendedCertificatesAndCertificate + * + * ExtendedCertificatesAndCertificate ::= CHOICE { + * certificate Certificate, -- from X.509 + * extendedCertificate [0] IMPLICIT ExtendedCertificate } + * + * CertificateRevocationLists ::= SET OF CertificateRevocationList + * -- from X.509 + * + * SignerInfos ::= SET OF SignerInfo + * + * SignerInfo ::= SEQUENCE { + * version Version, + * issuerAndSerialNumber IssuerAndSerialNumber, + * digestAlgorithm DigestAlgorithmIdentifier, + * authenticatedAttributes + * [0] IMPLICIT Attributes OPTIONAL, + * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + * encryptedDigest EncryptedDigest, + * unauthenticatedAttributes + * [1] IMPLICIT Attributes OPTIONAL } + * + * EncryptedDigest ::= OCTET STRING + * </pre> + * + * <p>(Readers who are confused as to why it takes 40 levels of indirection + * to specify "data with a signature", rest assured that the present author + * is as confused as you are).</p> + */ + public PKCS7SignedData(BERReader ber) + throws CRLException, CertificateException, IOException + { + CertificateFactory x509 = CertificateFactory.getInstance("X509"); + DERValue val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed ContentInfo"); + + val = ber.read(); + if (val.getTag() != BER.OBJECT_IDENTIFIER) + throw new BEREncodingException("malformed ContentType"); + + if (!PKCS7_SIGNED_DATA.equals(val.getValue())) + throw new BEREncodingException("content is not SignedData"); + + val = ber.read(); + if (val.getTag() != 0) + throw new BEREncodingException("malformed Content"); + + val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed SignedData"); + + if (DEBUG) + debug("SignedData: " + val); + + val = ber.read(); + if (val.getTag() != BER.INTEGER) + throw new BEREncodingException("expecting Version"); + version = (BigInteger) val.getValue(); + + if (DEBUG) + debug(" Version: " + version); + + digestAlgorithms = new HashSet(); + val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed DigestAlgorithmIdentifiers"); + if (DEBUG) + debug(" DigestAlgorithmIdentifiers: " + val); + int count = 0; + DERValue val2 = ber.read(); + while (val2 != BER.END_OF_SEQUENCE && + (val.getLength() > 0 && val.getLength() > count)) + { + if (!val2.isConstructed()) + throw new BEREncodingException("malformed AlgorithmIdentifier"); + if (DEBUG) + debug(" AlgorithmIdentifier: " + val2); + count += val2.getEncodedLength(); + val2 = ber.read(); + if (val2.getTag() != BER.OBJECT_IDENTIFIER) + throw new BEREncodingException("malformed AlgorithmIdentifier"); + if (DEBUG) + debug(" ID: " + val2.getValue()); + List algId = new ArrayList(2); + algId.add(val2.getValue()); + val2 = ber.read(); + if (val2 != BER.END_OF_SEQUENCE) + { + count += val2.getEncodedLength(); + if (val2.getTag() == BER.NULL) + algId.add(null); + else + algId.add(val2.getEncoded()); + if (DEBUG) + debug(" params: " + new BigInteger(1, val2.getEncoded()).toString(16)); + if (val2.isConstructed()) + ber.skip(val2.getLength()); + if (BERValue.isIndefinite(val)) + val2 = ber.read(); + } + else + algId.add(null); + digestAlgorithms.add(algId); + } + + val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed ContentInfo"); + if (DEBUG) + debug(" ContentInfo: " + val); + val2 = ber.read(); + if (val2.getTag() != BER.OBJECT_IDENTIFIER) + throw new BEREncodingException("malformed ContentType"); + contentType = (OID) val2.getValue(); + if (DEBUG) + debug(" ContentType: " + contentType); + if (BERValue.isIndefinite(val) + || (val.getLength() > 0 && val.getLength() > val2.getEncodedLength())) + { + val2 = ber.read(); + if (val2 != BER.END_OF_SEQUENCE) + { + content = val2.getEncoded(); + if (BERValue.isIndefinite(val)) + val2 = ber.read(); + if (DEBUG) + debug(" Content: " + new BigInteger(1, content).toString(16)); + } + } + + val = ber.read(); + if (val.getTag() == 0) + { + if (!val.isConstructed()) + throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates"); + if (DEBUG) + debug(" ExtendedCertificatesAndCertificates: " + val); + count = 0; + val2 = ber.read(); + List certs = new LinkedList(); + while (val2 != BER.END_OF_SEQUENCE && + (val.getLength() > 0 && val.getLength() > count)) + { + Certificate cert = + x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded())); + if (DEBUG) + debug(" Certificate: " + cert); + certs.add(cert); + count += val2.getEncodedLength(); + ber.skip(val2.getLength()); + if (BERValue.isIndefinite(val) || val.getLength() > count) + val2 = ber.read(); + } + certificates = (Certificate[]) certs.toArray(new Certificate[certs.size()]); + val = ber.read(); + } + + if (val.getTag() == 1) + { + if (!val.isConstructed()) + throw new BEREncodingException("malformed CertificateRevocationLists"); + if (DEBUG) + debug(" CertificateRevocationLists: " + val); + count = 0; + val2 = ber.read(); + List crls = new LinkedList(); + while (val2 != BER.END_OF_SEQUENCE && + (val.getLength() > 0 && val.getLength() > count)) + { + CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded())); + if (DEBUG) + debug (" CRL: " + crl); + crls.add(crl); + count += val2.getEncodedLength(); + ber.skip(val2.getLength()); + if (BERValue.isIndefinite(val) || val.getLength() > count) + val2 = ber.read(); + } + this.crls = (CRL[]) crls.toArray(new CRL[crls.size()]); + val = ber.read(); + } + + signerInfos = new HashSet(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed SignerInfos"); + + if (DEBUG) + debug(" SignerInfos: " + val); + + // FIXME read this more carefully. + // Since we are just reading a file (probably) we just read until we + // reach the end. + while (true) + { + int i = ber.peek(); + if (i == 0 || i == -1) + break; + signerInfos.add(new SignerInfo(ber)); + } + } + + public BigInteger getVersion() + { + return version; + } + + public Certificate[] getCertificates() + { + return (certificates != null ? (Certificate[]) certificates.clone() + : null); + } + + public OID getContentType() + { + return contentType; + } + + public byte[] getContent() + { + return (content != null ? (byte[]) content.clone() : null); + } + + public Set getDigestAlgorithms() + { + // FIXME copy contents too, they are mutable!!! + return Collections.unmodifiableSet(digestAlgorithms); + } + + public Set getSignerInfos() + { + Set copy = new HashSet(); + for (Iterator it = signerInfos.iterator(); it.hasNext(); ) + copy.add(it.next()); + return Collections.unmodifiableSet(copy); + } +} diff --git a/libjava/gnu/java/security/pkcs/SignerInfo.java b/libjava/gnu/java/security/pkcs/SignerInfo.java new file mode 100644 index 0000000..4444294 --- /dev/null +++ b/libjava/gnu/java/security/pkcs/SignerInfo.java @@ -0,0 +1,280 @@ +/* SignerInfo.java -- a SignerInfo object, from PKCS #7. + Copyright (C) 2004 Free Software Foundation, Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.pkcs; + +import gnu.java.security.OID; +import gnu.java.security.ber.BER; +import gnu.java.security.ber.BEREncodingException; +import gnu.java.security.ber.BERReader; +import gnu.java.security.ber.BERValue; +import gnu.java.security.der.BitString; +import gnu.java.security.der.DERValue; + +import java.io.IOException; +import java.io.InputStream; + +import java.math.BigInteger; + +import javax.security.auth.x500.X500Principal; + +public class SignerInfo +{ + private final BigInteger version; + private final BigInteger serialNumber; + private final X500Principal issuer; + private final OID digestAlgorithmId; + private final byte[] digestAlgorithmParams; + private final byte[] authenticatedAttributes; + private final OID digestEncryptionAlgorithmId; + private final byte[] digestEncryptionAlgorithmParams; + private final byte[] encryptedDigest; + private final byte[] unauthenticatedAttributes; + + private static final boolean DEBUG = false; + private static void debug(String msg) + { + System.err.print("SignerInfo >> "); + System.err.println(msg); + } + + /** + * Parse a SignerInfo object. + */ + public SignerInfo(BERReader ber) throws IOException + { + DERValue val = ber.read(); + if (DEBUG) + debug("SignerInfo: " + val); + if (!val.isConstructed()) + throw new BEREncodingException("malformed SignerInfo"); + + val = ber.read(); + if (val.getTag() != BER.INTEGER) + throw new BEREncodingException("malformed Version"); + version = (BigInteger) val.getValue(); + + if (DEBUG) + debug(" Version: " + version); + + val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed IssuerAndSerialNumber"); + + if (DEBUG) + debug(" IssuerAndSerialNumber: " + val); + + val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed Issuer"); + issuer = new X500Principal(val.getEncoded()); + ber.skip(val.getLength()); + if (DEBUG) + debug(" Issuer: " + issuer); + + val = ber.read(); + if (val.getTag() != BER.INTEGER) + throw new BEREncodingException("malformed SerialNumber"); + serialNumber = (BigInteger) val.getValue(); + if (DEBUG) + debug(" SerialNumber: " + serialNumber); + + val = ber.read(); + if (!val.isConstructed()) + throw new BEREncodingException("malformed DigestAlgorithmIdentifier"); + if (DEBUG) + debug(" DigestAlgorithmIdentifier: " + val); + + int count = 0; + DERValue val2 = ber.read(); + if (val2.getTag() != BER.OBJECT_IDENTIFIER) + throw new BEREncodingException("malformed AlgorithmIdentifier"); + digestAlgorithmId = (OID) val2.getValue(); + if (DEBUG) + debug(" OID: " + digestAlgorithmId); + + if (BERValue.isIndefinite(val)) + { + val2 = ber.read(); + if (val2 != BER.END_OF_SEQUENCE) + { + digestAlgorithmParams = val2.getEncoded(); + val2 = ber.read(); + if (val2 != BER.END_OF_SEQUENCE) + throw new BEREncodingException("expecting BER end-of-sequence"); + } + else + digestAlgorithmParams = null; + } + else if (val2.getEncodedLength() < val.getLength()) + { + val2 = ber.read(); + digestAlgorithmParams = val2.getEncoded(); + if (val2.isConstructed()) + ber.skip(val2.getLength()); + } + else + digestAlgorithmParams = null; + if(DEBUG) + debug(" params: " + (digestAlgorithmParams == null ? null + : new BigInteger(digestAlgorithmParams).toString(16))); + + val = ber.read(); + if (val.getTag() == 0) + { + authenticatedAttributes = val.getEncoded(); + val = ber.read(); + if (val.isConstructed()) + ber.skip(val.getLength()); + if (DEBUG) + debug(" AuthenticatedAttributes: " + val); + val = ber.read(); + } + else + authenticatedAttributes = null; + + if (!val.isConstructed()) + throw new BEREncodingException("malformed DigestEncryptionAlgorithmIdentifier"); + if (DEBUG) + debug(" DigestEncryptionAlgorithmIdentifier: " + val); + count = 0; + val2 = ber.read(); + if (val2.getTag() != BER.OBJECT_IDENTIFIER) + throw new BEREncodingException("malformed AlgorithmIdentifier"); + digestEncryptionAlgorithmId = (OID) val2.getValue(); + if (DEBUG) + debug(" OID: " + digestEncryptionAlgorithmId); + + if (BERValue.isIndefinite(val)) + { + val2 = ber.read(); + if (val2 != BER.END_OF_SEQUENCE) + { + digestEncryptionAlgorithmParams = val2.getEncoded(); + val2 = ber.read(); + if (val2 != BER.END_OF_SEQUENCE) + throw new BEREncodingException("expecting BER end-of-sequence"); + } + else + digestEncryptionAlgorithmParams = null; + } + else if (val2.getEncodedLength() < val.getLength()) + { + val2 = ber.read(); + digestEncryptionAlgorithmParams = val2.getEncoded(); + if (val2.isConstructed()) + ber.skip(val2.getLength()); + } + else + digestEncryptionAlgorithmParams = null; + if(DEBUG) + debug(" params: " + (digestEncryptionAlgorithmParams == null ? null + : new BigInteger(digestEncryptionAlgorithmParams).toString(16))); + + val = ber.read(); + if (val.getTag() != BER.OCTET_STRING) + throw new BEREncodingException("malformed EncryptedDigest"); + encryptedDigest = (byte[]) val.getValue(); + if (DEBUG) + debug(" EncryptedDigest: " + new BigInteger(1, encryptedDigest).toString(16)); + + if (ber.peek() == 1) + unauthenticatedAttributes = ber.read().getEncoded(); + else + unauthenticatedAttributes = null; + + if (ber.peek() == 0) + ber.read(); + } + + public BigInteger getVersion() + { + return version; + } + + public BigInteger getSerialNumber() + { + return serialNumber; + } + + public X500Principal getIssuer() + { + return issuer; + } + + public OID getDigestAlgorithmId() + { + return digestAlgorithmId; + } + + public byte[] getDigestAlgorithmParams() + { + return (digestAlgorithmParams != null + ? (byte[]) digestAlgorithmParams.clone() + : null); + } + + public byte[] getAuthenticatedAttributes() + { + return (authenticatedAttributes != null + ? (byte[]) authenticatedAttributes.clone() + : null); + } + + public OID getDigestEncryptionAlgorithmId() + { + return digestEncryptionAlgorithmId; + } + + public byte[] getDigestEncryptionAlgorithmParams() + { + return (digestEncryptionAlgorithmParams != null + ? (byte[]) digestEncryptionAlgorithmParams.clone() + : null); + } + + public byte[] getEncryptedDigest() + { + return (encryptedDigest != null ? (byte[]) encryptedDigest.clone() : null); + } + + public byte[] getUnauthenticatedAttributes() + { + return (unauthenticatedAttributes != null + ? (byte[]) unauthenticatedAttributes.clone() + : null); + } +} diff --git a/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java b/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java index 4eceb00..e82483c 100644 --- a/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java +++ b/libjava/gnu/java/security/provider/GnuDSAPrivateKey.java @@ -1,5 +1,5 @@ /* GnuDSAPrivateKey.java --- Gnu DSA Private Key - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2003,2004 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,13 +38,25 @@ exception statement from your version. */ package gnu.java.security.provider; +import gnu.java.security.OID; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; + import java.math.BigInteger; + import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAParams; import java.security.spec.DSAParameterSpec; +import java.util.ArrayList; + public class GnuDSAPrivateKey implements DSAPrivateKey { + private byte[] encodedKey; BigInteger x; BigInteger p; BigInteger q; @@ -65,13 +77,57 @@ public class GnuDSAPrivateKey implements DSAPrivateKey public String getFormat() { - return null; + return "PKCS#8"; } + /** + * Encodes this key as a <code>PrivateKeyInfo</code>, as described in + * PKCS #8. The ASN.1 specification for this structure is: + * + * <blockquote><pre> + * PrivateKeyInfo ::= SEQUENCE { + * version Version, + * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + * privateKey PrivateKey, + * attributes [0] IMPLICIT Attributes OPTIONAL } + * + * Version ::= INTEGER + * + * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier + * + * PrivateKey ::= OCTET STRING + * + * Attributes ::= SET OF Attribute + * </pre></blockquote> + * + * <p>DSA private keys (in Classpath at least) have no attributes. + */ public byte[] getEncoded() { + if (encodedKey != null) + return (byte[]) encodedKey.clone(); + try + { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ArrayList pki = new ArrayList(3); + pki.add(new DERValue(DER.INTEGER, BigInteger.ZERO)); + ArrayList algId = new ArrayList(2); + algId.add(new DERValue(DER.OBJECT_IDENTIFIER, + new OID("1.2.840.10040.4.1"))); + ArrayList algParams = new ArrayList(3); + algParams.add(new DERValue(DER.INTEGER, p)); + algParams.add(new DERValue(DER.INTEGER, q)); + algParams.add(new DERValue(DER.INTEGER, g)); + algId.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, algParams)); + pki.add(new DERValue(DER.OCTET_STRING, x.toByteArray())); + DERWriter.write(out, new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, pki)); + return (byte[]) (encodedKey = out.toByteArray()).clone(); + } + catch (IOException ioe) + { return null; } + } public DSAParams getParams() { @@ -85,7 +141,10 @@ public class GnuDSAPrivateKey implements DSAPrivateKey public String toString() { - return "GnuDSAPrivateKey: x=" + x.toString(16) + " p=" + p.toString(16) - + " q=" + q.toString(16) + " g=" + g.toString(16); + return "GnuDSAPrivateKey: x=" + + (x != null ? x.toString(16) : "null") + " p=" + + (p != null ? p.toString(16) : "null") + " q=" + + (q != null ? q.toString(16) : "null") + " g=" + + (g != null ? g.toString(16) : "null"); } } diff --git a/libjava/gnu/java/security/provider/GnuDSAPublicKey.java b/libjava/gnu/java/security/provider/GnuDSAPublicKey.java index 91d6b56..24600d6 100644 --- a/libjava/gnu/java/security/provider/GnuDSAPublicKey.java +++ b/libjava/gnu/java/security/provider/GnuDSAPublicKey.java @@ -1,5 +1,5 @@ /* GnuDSAPublicKey.java --- Gnu DSA Public Key - Copyright (C) 1999,2003 Free Software Foundation, Inc. + Copyright (C) 1999,2003,2004 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,13 +38,26 @@ exception statement from your version. */ package gnu.java.security.provider; +import gnu.java.security.OID; +import gnu.java.security.der.BitString; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; + import java.math.BigInteger; + import java.security.interfaces.DSAPublicKey; import java.security.interfaces.DSAParams; import java.security.spec.DSAParameterSpec; +import java.util.ArrayList; + public class GnuDSAPublicKey implements DSAPublicKey { + private byte[] encodedKey; BigInteger y; BigInteger p; BigInteger q; @@ -65,16 +78,49 @@ public class GnuDSAPublicKey implements DSAPublicKey public String getFormat() { - return null; + return "X.509"; } + /** + * The encoded form of DSA public keys is: + * + * <blockquote><pre> + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + * </pre></blockquote> + */ public byte[] getEncoded() { + if (encodedKey != null) + return (byte[]) encodedKey.clone(); + try + { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ArrayList spki = new ArrayList(2); + ArrayList alg = new ArrayList(2); + alg.add(new DERValue(DER.OBJECT_IDENTIFIER, + new OID("1.2.840.113549.1.1.1"))); + ArrayList params = new ArrayList(3); + params.add(new DERValue(DER.INTEGER, p)); + params.add(new DERValue(DER.INTEGER, q)); + params.add(new DERValue(DER.INTEGER, g)); + alg.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, params)); + spki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, alg)); + spki.add(new DERValue(DER.BIT_STRING, new BitString(y.toByteArray()))); + DERWriter.write(out, new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, spki)); + return (byte[]) (encodedKey = out.toByteArray()).clone(); + } + catch (IOException ioe) + { return null; } + } public DSAParams getParams() { + if (p == null || q == null || g == null) + return null; return (DSAParams)(new DSAParameterSpec(p,q,g)); } @@ -85,7 +131,10 @@ public class GnuDSAPublicKey implements DSAPublicKey public String toString() { - return "GnuDSAPublicKey: y=" + y.toString(16) + " p=" + p.toString(16) - + " q=" + q.toString(16) + " g=" + g.toString(16); + return + "GnuDSAPublicKey: y=" + (y != null ? y.toString(16) : "(null)") + + " p=" + (p != null ? p.toString(16) : "(null)") + + " q=" + (q != null ? q.toString(16) : "(null)") + + " g=" + (g != null ? g.toString(16) : "(null)"); } } |