Attributes.java, [...]: Imported from Classpath.

Sat Aug 19 11:00:53 2000  Anthony Green  <green@redhat.com>

	* java/util/jar/Attributes.java, java/util/jar/JarEntry.java,
	java/util/jar/JarException.java, java/util/jar/JarFile.java,
	java/util/jar/JarInputStream.java,
	java/util/jar/JarOutputStream.java, java/util/jar/Manifest.java,
	java/util/Set.java, java/util/Map.java, java/util/Bucket.java,
	java/util/AbstractSet.java, java/util/BasicMapEntry.java,
	java/security/cert/CRL.java, java/security/cert/CRLException.java,
	java/security/cert/Certificate.java,
	java/security/cert/CertificateEncodingException.java,
	java/security/cert/CertificateException.java,
	java/security/cert/CertificateExpiredException.java,
	java/security/cert/CertificateFactory.java,
	java/security/cert/CertificateFactorySpi.java,
	java/security/cert/CertificateNotYetValidException.java,
	java/security/cert/CertificateParsingException.java,
	java/security/cert/X509CRL.java,
	java/security/cert/X509CRLEntry.java,
	java/security/cert/X509Certificate.java,
	java/security/cert/X509Extension.java: Imported from Classpath.
	* java/util/Hashtable.java: Imported from Classpath.

	* java/util/zip/ZipInputStream.java: Create stub for
	createZipEntry.

	* gcj/javaprims.h: Updated class list.

	* Makefile.in, gcj/Makefile.in: Rebuilt.
	* Makefile.am (ordinary_java_source_files): Add these new classes.

From-SVN: r35809

14 files changed, 2148 insertions, 0 deletions

diff --git a/libjava/java/security/cert/CRL.java b/libjava/java/security/cert/CRL.java
new file mode 100644
index 0000000..f5cde15
--- /dev/null
+++ b/libjava/java/security/cert/CRL.java
@@ -0,0 +1,87 @@
+/* CRL.java --- Certificate Revocation List
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+
+/**
+   Certificate Revocation List class for managing CRLs that
+   have different formats but the same general use. They
+   all serve as lists of revoked certificates and can
+   be queried for a given certificate.
+   
+   Specialized CRLs extend this class.
+   
+   @author Mark Benvenuto
+   
+   @since JDK 1.2
+*/
+public abstract class CRL
+{
+
+  private String type;
+
+  /**
+     Creates a new CRL for the specified type. An example
+     is "X.509".
+
+     @param type the standard name for the CRL type. 
+  */
+  protected CRL(String type)
+  {
+    this.type = type;
+  }
+
+  /**
+     Returns the CRL type.
+
+     @return a string representing the CRL type
+  */
+  public final String getType()
+  {
+    return type;
+  }
+
+  /**
+     Returns a string representing the CRL.
+
+     @return a string representing the CRL.
+  */
+  public abstract String toString();
+
+  /**
+     Determines whether or not the specified Certificate
+     is revoked.
+
+     @param cert A certificate to check if it is revoked
+
+     @return true if the certificate is revoked,
+     false otherwise.	
+  */
+  public abstract boolean isRevoked(Certificate cert);
+
+
+}
diff --git a/libjava/java/security/cert/CRLException.java b/libjava/java/security/cert/CRLException.java
new file mode 100644
index 0000000..376e25a
--- /dev/null
+++ b/libjava/java/security/cert/CRLException.java
@@ -0,0 +1,59 @@
+/* CRLException.java --- Certificate Revocation List Exception
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.security.GeneralSecurityException;
+
+/**
+   Exception for a Certificate Revocation List.
+
+   @since JDK 1.2
+
+   @author Mark Benvenuto
+*/
+public class CRLException extends GeneralSecurityException
+{
+
+  /**
+     Constructs an CRLExceptionwithout a message string.
+  */
+  public CRLException()
+  {
+    super();
+  }
+
+  /**
+     Constructs an CRLException with a message string.
+
+     @param msg A message to display with exception
+  */
+  public CRLException(String msg)
+  {
+    super( msg );
+  }
+
+}
diff --git a/libjava/java/security/cert/Certificate.java b/libjava/java/security/cert/Certificate.java
new file mode 100644
index 0000000..2fb2a20
--- /dev/null
+++ b/libjava/java/security/cert/Certificate.java
@@ -0,0 +1,237 @@
+/* Certificate.java --- Certificate class
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.io.ObjectInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ObjectStreamException;
+
+/**
+   The Certificate class is an abstract class used to manage 
+   identity certificates. An identity certificate is a
+   combination of a principal and a public key which is 
+   certified by another principal. This is the puprose of 
+   Certificate Authorities (CA).
+   
+   This class is used to manage different types of certificates
+   but have important common puposes. Different types of 
+   certificates like X.509 and OpenPGP share general certificate
+   functions (like encoding and verifying) and information like
+   public keys.
+   
+   X.509, OpenPGP, and SDSI can be implemented by subclassing this
+   class even though they differ in storage methods and information
+   stored.
+   
+   @since JDK 1.2
+   
+   @author Mark Benvenuto
+*/
+public abstract class Certificate
+{
+
+  private String type;
+  /**
+     Constructs a new certificate of the specified type. An example
+     is "X.509".
+
+     @param type a valid standard name for a certificate.
+  */
+  protected Certificate(String type)
+  {
+    this.type = type;
+  }
+
+  /**
+     Returns the Certificate type.
+
+     @return a string representing the Certificate type
+  */
+  public final String getType()
+  {
+    return type;
+  }
+
+  /**
+     Compares this Certificate to other. It checks if the
+     object if instanceOf Certificate and then checks if
+     the encoded form matches.
+
+     @param other An Object to test for equality
+
+     @return true if equal, false otherwise
+  */
+  public boolean equals(Object other)
+  {
+    if( other instanceof Certificate ) {
+      try {
+	Certificate x = (Certificate) other;
+	if( getEncoded().length != x.getEncoded().length )
+	  return false;
+
+	byte b1[] = getEncoded();
+	byte b2[] = x.getEncoded();
+
+	for( int i = 0; i < b1.length; i++ )
+	  if( b1[i] != b2[i] )
+	    return false;
+
+      } catch( CertificateEncodingException cee ) { 
+	return false;
+      }
+      return true;
+    }
+    return false;
+  }
+
+  /**
+     Returns a hash code for this Certificate in its encoded
+     form.
+
+     @return A hash code of this class
+  */
+  public int hashCode()
+  {
+    return super.hashCode();
+  }
+
+  /**
+     Gets the DER ASN.1 encoded format for this Certificate.
+     It assumes each certificate has only one encoding format.
+     Ex: X.509 is encoded as ASN.1 DER
+
+     @return byte array containg encoded form
+
+     @throws CertificateEncodingException if an error occurs
+  */
+  public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+  /**
+     Verifies that this Certificate was properly signed with the
+     PublicKey that corresponds to its private key. 
+
+     @param key PublicKey to verify with
+
+     @throws CertificateException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException no provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key)
+    throws CertificateException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Verifies that this Certificate was properly signed with the
+     PublicKey that corresponds to its private key and uses
+     the signature engine provided by the provider. 
+
+     @param key PublicKey to verify with
+     @param sigProvider Provider to use for signature algorithm
+
+     @throws CertificateException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException incorrect provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key,
+			      String sigProvider)
+    throws CertificateException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Returns a string representing the Certificate.
+
+     @return a string representing the Certificate.
+  */
+  public abstract String toString();
+
+
+  /**
+     Returns the public key stored in the Certificate.
+
+     @return The public key
+  */
+  public abstract PublicKey getPublicKey();
+
+
+  /* INNER CLASS */
+  /**
+     Certificate.CertificateRep is an inner class used to provide an alternate
+     storage mechanism for serialized Certificates.
+  */
+  protected static class CertificateRep implements java.io.Serializable
+  {
+    private String type;
+    private byte[] data;
+
+    /**
+       Create an alternate Certificate class to store a serialized Certificate
+
+       @param type the name of certificate type
+       @param data the certificate data
+    */
+    protected CertificateRep(String type,
+			     byte[] data)
+    {
+      this.type = type;
+      this.data = data;
+    }
+
+    /**
+       Return the stored Certificate
+
+       @return the stored certificate
+
+       @throws ObjectStreamException if certificate cannot be resolved
+    */
+    protected Object readResolve()
+      throws ObjectStreamException
+    {
+      try {
+	return new ObjectInputStream( new ByteArrayInputStream( data ) ).readObject();
+      } catch ( Exception e ) {
+	e.printStackTrace();
+	throw new RuntimeException ( e.toString() );
+      }
+    }
+  }
+
+}
diff --git a/libjava/java/security/cert/CertificateEncodingException.java b/libjava/java/security/cert/CertificateEncodingException.java
new file mode 100644
index 0000000..ab8843fe
--- /dev/null
+++ b/libjava/java/security/cert/CertificateEncodingException.java
@@ -0,0 +1,58 @@
+/* CertificateEncodingException.java --- Certificate Encoding Exception
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+
+/**
+	Exception for a Certificate Encoding.
+
+	@since JDK 1.2
+
+	@author Mark Benvenuto
+*/
+public class CertificateEncodingException extends CertificateException
+{
+
+  /**
+     Constructs an CertificateEncodingException without a message string.
+  */
+  public CertificateEncodingException()
+  {
+    super();
+  }
+
+  /**
+     Constructs an CertificateEncodingException with a message string.
+
+     @param msg A message to display with exception
+  */
+  public CertificateEncodingException(String msg)
+  {
+    super( msg );
+  }
+
+}
diff --git a/libjava/java/security/cert/CertificateException.java b/libjava/java/security/cert/CertificateException.java
new file mode 100644
index 0000000..ab584d2
--- /dev/null
+++ b/libjava/java/security/cert/CertificateException.java
@@ -0,0 +1,59 @@
+/* CertificateException.java --- Certificate Exception
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.security.GeneralSecurityException;
+
+/**
+	Exception for a Certificate.
+
+	@since JDK 1.2
+
+	@author Mark Benvenuto
+*/
+public class CertificateException extends GeneralSecurityException
+{
+
+  /**
+     Constructs an CertificateException without a message string.
+  */
+  public CertificateException()
+  {
+    super();
+  }
+
+  /**
+     Constructs an CertificateException with a message string.
+
+     @param msg A message to display with exception
+  */
+  public CertificateException(String msg)
+  {
+    super( msg );
+  }
+
+}
diff --git a/libjava/java/security/cert/CertificateExpiredException.java b/libjava/java/security/cert/CertificateExpiredException.java
new file mode 100644
index 0000000..c5b67f3
--- /dev/null
+++ b/libjava/java/security/cert/CertificateExpiredException.java
@@ -0,0 +1,58 @@
+/* CertificateExpiredException.java --- Certificate Expired Exception
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+
+/**
+   Exception for a Certificate Expiring.
+   
+   @since JDK 1.2
+   
+   @author Mark Benvenuto
+*/
+public class CertificateExpiredException extends CertificateException
+{
+
+  /**
+     Constructs an CertificateExpiredException without a message string.
+  */
+  public CertificateExpiredException()
+  {
+    super();
+  }
+
+  /**
+     Constructs an CertificateExpiredException with a message string.
+
+     @param msg A message to display with exception
+  */
+  public CertificateExpiredException(String msg)
+  {
+    super( msg );
+  }
+
+}
diff --git a/libjava/java/security/cert/CertificateFactory.java b/libjava/java/security/cert/CertificateFactory.java
new file mode 100644
index 0000000..b5fe2e35
--- /dev/null
+++ b/libjava/java/security/cert/CertificateFactory.java
@@ -0,0 +1,259 @@
+/* CertificateFactory.java --- Certificate Factory Class
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.io.InputStream;
+import java.util.Collection;
+
+/**
+   This class implments the CertificateFactory class interface
+   used to generate certificates and certificate revocation
+   list (CRL) objects from their encodings.
+   
+   A certifcate factory for X.509 returns certificates of the 
+   java.security.cert.X509Certificate class, and CRLs of the 
+   java.security.cert.X509CRL class. 
+   
+   @since JDK 1.2
+
+   @author Mark Benvenuto
+*/
+public class CertificateFactory
+{
+
+  private CertificateFactorySpi certFacSpi;
+  private Provider provider;
+  private String type;
+
+  /**
+     Creates an instance of CertificateFactory
+
+     @param certFacSpi A CertificateFactory engine to use
+     @param provider A provider to use
+     @param type The type of Certificate
+  */
+  protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type)
+  {
+    this.certFacSpi = certFacSpi;
+    this.provider = provider;
+    this.type = type;
+  }
+
+
+  /** 
+      Gets an instance of the CertificateFactory class representing
+      the specified certificate factory. If the type is not 
+      found then, it throws CertificateException.
+
+      @param type the type of certificate to choose
+
+      @return a CertificateFactory repesenting the desired type
+
+      @throws CertificateException if the type of certificate is not implemented by providers
+  */
+  public static final CertificateFactory getInstance(String type) throws CertificateException
+  {
+    Provider[] p = Security.getProviders ();
+
+    for (int i = 0; i < p.length; i++)
+      {
+	String classname = p[i].getProperty ("CertificateFactory." + type);
+	if (classname != null)
+	  return getInstance (classname, type, p[i]);
+      }
+
+    throw new CertificateException(type);
+  }
+
+
+
+  /** 
+      Gets an instance of the CertificateFactory class representing
+      the specified certificate factory from the specified provider. 
+      If the type is not found then, it throws CertificateException. 
+      If the provider is not found, then it throws 
+      NoSuchProviderException.
+
+      @param type the type of certificate to choose
+
+      @return a CertificateFactory repesenting the desired type
+
+      @throws CertificateException if the type of certificate is not implemented by providers
+      @throws NoSuchProviderException if the provider is not found
+  */
+  public static final CertificateFactory getInstance(String type, String provider) 
+    throws CertificateException, NoSuchProviderException
+  {
+    Provider p = Security.getProvider(provider);
+    if( p == null)
+      throw new NoSuchProviderException();
+
+    return getInstance (p.getProperty ("CertificateFactory." + type),
+			type, p);
+  }
+
+  private static CertificateFactory getInstance (String classname,
+						 String type,
+						 Provider provider)
+    throws CertificateException
+  {
+    try {
+      return new CertificateFactory( (CertificateFactorySpi)Class.forName( classname ).newInstance(), provider, type );
+    } catch( ClassNotFoundException cnfe) {
+      throw new CertificateException("Class not found");
+    } catch( InstantiationException ie) {
+      throw new CertificateException("Class instantiation failed");
+    } catch( IllegalAccessException iae) {
+      throw new CertificateException("Illegal Access");
+    }
+  }
+
+
+  /**
+     Gets the provider that the class is from.
+
+     @return the provider of this class
+  */
+  public final Provider getProvider()
+  {
+    return provider;
+  }
+
+  /**
+     Returns the type of the certificate supported
+
+     @return A string with the type of certificate
+  */
+  public final String getType()
+  {
+    return type;
+  }
+
+  /**
+     Generates a Certificate based on the encoded data read
+     from the InputStream.
+
+     The input stream must contain only one certificate.
+
+     If there exists a specialized certificate class for the
+     certificate format handled by the certificate factory
+     then the return Ceritificate should be a typecast of it.
+     Ex: A X.509 CertificateFactory should return X509Certificate.
+
+     For X.509 certificates, the certificate in inStream must be
+     DER encoded and supplied in binary or printable (Base64) 
+     encoding. If the certificate is in Base64 encoding, it must be 
+     bounded by -----BEGINCERTIFICATE-----, and 
+     -----END CERTIFICATE-----. 
+
+     @param inStream an input stream containing the certificate data
+
+     @return a certificate initialized with InputStream data.
+
+     @throws CertificateException Certificate parsing error
+  */
+  public final Certificate generateCertificate(InputStream inStream)
+    throws CertificateException
+  {
+    return certFacSpi.engineGenerateCertificate( inStream );
+  }
+
+  /**
+     Returns a collection of certificates that were read from the 
+     input stream. It may be empty, have only one, or have 
+     multiple certificates.
+
+     For a X.509 certificate factory, the stream may contain a
+     single DER encoded certificate or a PKCS#7 certificate 
+     chain. This is a PKCS#7 <I>SignedData</I> object with the 
+     most significant field being <I>certificates</I>. If no 
+     CRLs are present, then an empty collection is returned.
+	
+     @param inStream an input stream containing the certificates
+
+     @return a collection of certificates initialized with 
+     the InputStream data.
+
+     @throws CertificateException Certificate parsing error
+  */
+  public final Collection generateCertificates(InputStream inStream)
+    throws CertificateException
+  {
+    return certFacSpi.engineGenerateCertificates( inStream );
+  }
+
+  /**
+     Generates a CRL based on the encoded data read
+     from the InputStream.
+
+     The input stream must contain only one CRL.
+
+     If there exists a specialized CRL class for the
+     CRL format handled by the certificate factory
+     then the return CRL should be a typecast of it.
+     Ex: A X.509 CertificateFactory should return X509CRL.
+
+     @param inStream an input stream containing the CRL data
+
+     @return a CRL initialized with InputStream data.
+
+     @throws CRLException CRL parsing error
+  */
+  public final CRL generateCRL(InputStream inStream)
+    throws CRLException
+  {
+    return certFacSpi.engineGenerateCRL( inStream );
+  }
+
+
+  /**
+     Generates CRLs based on the encoded data read
+     from the InputStream.
+
+     For a X.509 certificate factory, the stream may contain a
+     single DER encoded CRL or a PKCS#7 CRL set. This is a 
+     PKCS#7 <I>SignedData</I> object with the most significant 
+     field being <I>crls</I>. If no CRLs are present, then an
+     empty collection is returned.
+
+     @param inStream an input stream containing the CRLs
+
+     @return a collection of CRLs initialized with 
+     the InputStream data.
+
+     @throws CRLException CRL parsing error
+  */
+  public final Collection generateCRLs(InputStream inStream)
+    throws CRLException
+  {
+    return certFacSpi.engineGenerateCRLs( inStream );
+  }
+
+}
diff --git a/libjava/java/security/cert/CertificateFactorySpi.java b/libjava/java/security/cert/CertificateFactorySpi.java
new file mode 100644
index 0000000..5fb5b96
--- /dev/null
+++ b/libjava/java/security/cert/CertificateFactorySpi.java
@@ -0,0 +1,142 @@
+/* CertificateFactorySpi.java --- Certificate Factory Class
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.io.InputStream;
+import java.util.Collection;
+
+/**
+   CertificateFactorySpi is the abstract class Service Provider
+   Interface (SPI) for the CertificateFactory class. A provider
+   must implment all the abstract methods if they wish to 
+   supply a certificate factory for a particular certificate
+   type. Ex: X.509
+   
+   Certificate factories are used to generate certificates and
+   certificate revocation lists (CRL) from their encoding.
+   
+   @since JDK 1.2
+   
+   @author Mark Benvenuto
+*/
+public abstract class CertificateFactorySpi
+{
+
+  /**
+     Constructs a new CertificateFactorySpi
+  */
+  public CertificateFactorySpi()
+  {}
+
+  /**
+     Generates a Certificate based on the encoded data read
+     from the InputStream.
+
+     The input stream must contain only one certificate.
+
+     If there exists a specialized certificate class for the
+     certificate format handled by the certificate factory
+     then the return Ceritificate should be a typecast of it.
+     Ex: A X.509 CertificateFactory should return X509Certificate.
+
+     For X.509 certificates, the certificate in inStream must be
+     DER encoded and supplied in binary or printable (Base64) 
+     encoding. If the certificate is in Base64 encoding, it must be 
+     bounded by -----BEGINCERTIFICATE-----, and 
+     -----END CERTIFICATE-----. 
+
+     @param inStream an input stream containing the certificate data
+
+     @return a certificate initialized with InputStream data.
+
+     @throws CertificateException Certificate parsing error
+  */
+  public abstract Certificate engineGenerateCertificate(InputStream inStream)
+    throws CertificateException;
+
+  /**
+     Returns a collection of certificates that were read from the 
+     input stream. It may be empty, have only one, or have 
+     multiple certificates.
+
+     For a X.509 certificate factory, the stream may contain a
+     single DER encoded certificate or a PKCS#7 certificate 
+     chain. This is a PKCS#7 <I>SignedData</I> object with the 
+     most significant field being <I>certificates</I>. If no 
+     CRLs are present, then an empty collection is returned.
+	
+     @param inStream an input stream containing the certificates
+
+     @return a collection of certificates initialized with 
+     the InputStream data.
+
+     @throws CertificateException Certificate parsing error
+  */
+  public abstract Collection engineGenerateCertificates(InputStream inStream)
+    throws CertificateException;
+
+  /**
+     Generates a CRL based on the encoded data read
+     from the InputStream.
+
+     The input stream must contain only one CRL.
+
+     If there exists a specialized CRL class for the
+     CRL format handled by the certificate factory
+     then the return CRL should be a typecast of it.
+     Ex: A X.509 CertificateFactory should return X509CRL.
+
+     @param inStream an input stream containing the CRL data
+
+     @return a CRL initialized with InputStream data.
+
+     @throws CRLException CRL parsing error
+  */
+  public abstract CRL engineGenerateCRL(InputStream inStream)
+    throws CRLException;
+
+  /**
+     Generates CRLs based on the encoded data read
+     from the InputStream.
+
+     For a X.509 certificate factory, the stream may contain a
+     single DER encoded CRL or a PKCS#7 CRL set. This is a 
+     PKCS#7 <I>SignedData</I> object with the most significant 
+     field being <I>crls</I>. If no CRLs are present, then an
+     empty collection is returned.
+
+     @param inStream an input stream containing the CRLs
+
+     @return a collection of CRLs initialized with 
+     the InputStream data.
+
+     @throws CRLException CRL parsing error
+  */
+  public abstract Collection engineGenerateCRLs(InputStream inStream)
+    throws CRLException;
+}
+
diff --git a/libjava/java/security/cert/CertificateNotYetValidException.java b/libjava/java/security/cert/CertificateNotYetValidException.java
new file mode 100644
index 0000000..ec2cc21
--- /dev/null
+++ b/libjava/java/security/cert/CertificateNotYetValidException.java
@@ -0,0 +1,58 @@
+/* CertificateNotYetValidException.java --- Certificate Not Yet Valid Exception
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+
+/**
+   Exception for a Certificate being not yet valid.
+   
+   @since JDK 1.2
+   
+   @author Mark Benvenuto
+*/
+public class CertificateNotYetValidException extends CertificateException
+{
+
+  /**
+     Constructs an CertificateNotYetValidException without a message string.
+  */
+  public CertificateNotYetValidException()
+  {
+    super();
+  }
+
+  /**
+     Constructs an CertificateNotYetValidException with a message string.
+
+     @param msg A message to display with exception
+  */
+  public CertificateNotYetValidException(String msg)
+  {
+    super( msg );
+  }
+
+}
diff --git a/libjava/java/security/cert/CertificateParsingException.java b/libjava/java/security/cert/CertificateParsingException.java
new file mode 100644
index 0000000..6184e01
--- /dev/null
+++ b/libjava/java/security/cert/CertificateParsingException.java
@@ -0,0 +1,58 @@
+/* CertificateParsingException.java --- Certificate Parsing Exception
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+
+/**
+   Exception for a Certificate Parsing.
+   
+   @since JDK 1.2
+   
+   @author Mark Benvenuto
+*/
+public class CertificateParsingException extends CertificateException
+{
+
+  /**
+     Constructs an CertificateParsingException without a message string.
+  */
+  public CertificateParsingException()
+  {
+    super();
+  }
+
+  /**
+     Constructs an CertificateParsingException with a message string.
+
+     @param msg A message to display with exception
+  */
+  public CertificateParsingException(String msg)
+  {
+    super( msg );
+  }
+
+}
diff --git a/libjava/java/security/cert/X509CRL.java b/libjava/java/security/cert/X509CRL.java
new file mode 100644
index 0000000..c3b71535
--- /dev/null
+++ b/libjava/java/security/cert/X509CRL.java
@@ -0,0 +1,370 @@
+/* X509CRL.java --- X.509 Certificate Revocation List
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.util.Date;
+import java.util.Set;
+
+/**
+   The X509CRL class is the abstract class used to manage
+   X.509 Certificate Revocation Lists. The CRL is a list of
+   time stamped entries which indicate which lists have been
+   revoked. The list is signed by a Certificate Authority (CA)
+   and made publically available in a repository.
+   
+   Each revoked certificate in the CRL is identified by its 
+   certificate serial number. When a piece of code uses a 
+   certificate, the certificates validity is checked by 
+   validating its signature and determing that it is not
+   only a recently acquired CRL. The recently aquired CRL
+   is depends on the local policy in affect. The CA issues
+   a new CRL periodically and entries are removed as the 
+   certificate expiration date is reached
+   
+   
+   A description of the X.509 v2 CRL follows below from rfc2459.
+   
+   "The X.509 v2 CRL syntax is as follows.  For signature calculation,
+   the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
+   encoding is a tag, length, value encoding system for each element.
+   
+	   CertificateList  ::=  SEQUENCE  {
+        	tbsCertList          TBSCertList,
+	        signatureAlgorithm   AlgorithmIdentifier,
+        	signatureValue       BIT STRING  }
+	
+	   TBSCertList  ::=  SEQUENCE  {
+        	version                 Version OPTIONAL,
+                                     -- if present, shall be v2
+	        signature               AlgorithmIdentifier,
+        	issuer                  Name,
+	        thisUpdate              Time,
+	        nextUpdate              Time OPTIONAL,
+	        revokedCertificates     SEQUENCE OF SEQUENCE  {
+	             userCertificate         CertificateSerialNumber,
+	             revocationDate          Time,
+	             crlEntryExtensions      Extensions OPTIONAL
+	                                           -- if present, shall be v2
+	                                  }  OPTIONAL,
+	        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+	                                           -- if present, shall be v2
+	                                  }"
+
+	@author Mark Benvenuto
+
+	@since JDK 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
+{
+
+  /**
+     Constructs a new X509CRL.
+  */
+  protected X509CRL()
+  {
+    super("X.509");
+  }
+
+  /**
+     Compares this X509CRL to other. It checks if the
+     object if instanceOf X509CRL and then checks if
+     the encoded form matches.
+
+     @param other An Object to test for equality
+
+     @return true if equal, false otherwise
+  */
+  public boolean equals(Object other)
+  {
+    if( other instanceof X509CRL ) {
+      try {
+	X509CRL x = (X509CRL) other;
+	if( getEncoded().length != x.getEncoded().length )
+	  return false;
+
+	byte b1[] = getEncoded();
+	byte b2[] = x.getEncoded();
+
+	for( int i = 0; i < b1.length; i++ )
+	  if( b1[i] != b2[i] )
+	    return false;
+
+      } catch( CRLException crle ) { 
+	return false;
+      }
+      return true;
+    }
+    return false;
+  }
+
+  /**
+     Returns a hash code for this X509CRL in its encoded
+     form.
+
+     @return A hash code of this class
+  */
+  public int hashCode()
+  {
+    return super.hashCode();
+  }
+
+  /**
+     Gets the DER ASN.1 encoded format for this X.509 CRL.
+
+     @return byte array containg encoded form
+
+     @throws CRLException if an error occurs
+  */
+  public abstract byte[] getEncoded() throws CRLException;
+
+  /**
+     Verifies that this CRL was properly signed with the
+     PublicKey that corresponds to its private key. 
+
+     @param key PublicKey to verify with
+
+     @throws CRLException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException no provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key)
+    throws CRLException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Verifies that this CRL was properly signed with the
+     PublicKey that corresponds to its private key and uses
+     the signature engine provided by the provider. 
+
+     @param key PublicKey to verify with
+     @param sigProvider Provider to use for signature algorithm
+
+     @throws CRLException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException incorrect provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key,
+			      String sigProvider)
+    throws CRLException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Gets the version of this CRL.
+
+     The ASN.1 encoding is:
+
+     version                 Version OPTIONAL,
+     -- if present, shall be v2
+
+     Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+     Consult rfc2459 for more information.
+
+     @return the version number, Ex: 1 or 2
+  */
+  public abstract int getVersion();
+
+  /**
+     Returns the issuer (issuer distinguished name) of the CRL.
+     The issuer is the entity who signed and issued the 
+     Certificate Revocation List.
+
+     The ASN.1 DER encoding is:
+
+     issuer                  Name,
+
+     Name ::= CHOICE {
+     RDNSequence }
+
+     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+     RelativeDistinguishedName ::=
+     SET OF AttributeTypeAndValue
+
+     AttributeTypeAndValue ::= SEQUENCE {
+     type     AttributeType,
+     value    AttributeValue }
+
+     AttributeType ::= OBJECT IDENTIFIER
+
+     AttributeValue ::= ANY DEFINED BY AttributeType
+
+     DirectoryString ::= CHOICE {
+     teletexString           TeletexString (SIZE (1..MAX)),
+     printableString         PrintableString (SIZE (1..MAX)),
+     universalString         UniversalString (SIZE (1..MAX)),
+     utf8String              UTF8String (SIZE (1.. MAX)),
+     bmpString               BMPString (SIZE (1..MAX)) }
+
+     Consult rfc2459 for more information.
+
+     @return the issuer in the Principal class
+  */
+  public abstract Principal getIssuerDN();
+
+  /**
+     Returns the thisUpdate date of the CRL.
+
+     The ASN.1 DER encoding is:
+
+     thisUpdate              Time,
+
+     Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+     Consult rfc2459 for more information.
+
+     @return the thisUpdate date
+  */
+  public abstract Date getThisUpdate();
+
+  /*
+    Gets the nextUpdate field
+
+    The ASN.1 DER encoding is:
+
+    nextUpdate              Time OPTIONAL,
+
+    Time ::= CHOICE {
+    utcTime        UTCTime,
+    generalTime    GeneralizedTime }
+
+    Consult rfc2459 for more information.
+
+    @return the nextUpdate date
+  */
+  public abstract Date getNextUpdate();
+
+  /**
+     Gets the requeste dX509Entry for the specified
+     certificate serial number.
+
+     @return a X509CRLEntry representing the X.509 CRL entry
+  */
+  public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
+
+  /**
+     Returns a Set of revoked certificates.
+
+     @return a set of revoked certificates.
+  */
+  public abstract Set getRevokedCertificates();
+
+  /**
+     Returns the DER ASN.1 encoded tbsCertList which is 
+     the basic information of the list and associated certificates
+     in the encoded state. See top for more information.
+
+     The ASN.1 DER encoding is:
+
+     tbsCertList          TBSCertList,
+
+     Consult rfc2459 for more information.
+
+     @return byte array representing tbsCertList
+  */
+  public abstract byte[] getTBSCertList() throws CRLException;
+
+
+  /**
+     Returns the signature for the CRL. 
+
+     The ASN.1 DER encoding is:
+
+     signatureValue       BIT STRING
+
+     Consult rfc2459 for more information.
+  */
+  public abstract byte[] getSignature();
+
+  /**
+     Returns the signature algorithm used to sign the CRL. 
+     An examples is "SHA-1/DSA".
+
+     The ASN.1 DER encoding is:
+
+     signatureAlgorithm   AlgorithmIdentifier,
+
+     AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+
+     Consult rfc2459 for more information.
+
+     The algorithm name is determined from the OID.
+
+     @return a string with the signature algorithm name
+  */
+  public abstract String getSigAlgName();
+
+  /**
+     Returns the OID for the signature algorithm used.
+     Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+     The ASN.1 DER encoding for the example is:
+
+     id-dsa-with-sha1 ID  ::=  {
+     iso(1) member-body(2) us(840) x9-57 (10040)
+     x9cm(4) 3 }
+
+     Consult rfc2459 for more information.
+
+     @return a string containing the OID.
+  */
+  public abstract String getSigAlgOID();
+
+  /**
+     Returns the AlgorithmParameters in the encoded form
+     for the signature algorithm used. 
+
+     If access to the parameters is need, create an 
+     instance of AlgorithmParameters.
+
+     @return byte array containing algorithm parameters, null
+     if no parameters are present in CRL
+  */
+  public abstract byte[] getSigAlgParams();
+
+}
diff --git a/libjava/java/security/cert/X509CRLEntry.java b/libjava/java/security/cert/X509CRLEntry.java
new file mode 100644
index 0000000..2fbe641
--- /dev/null
+++ b/libjava/java/security/cert/X509CRLEntry.java
@@ -0,0 +1,157 @@
+/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.math.BigInteger;
+import java.util.Date;
+
+/**
+	Abstract class for entries in the CRL (Certificate Revocation 
+	List). The ASN.1 definition for <I>revokedCertificates</I> is
+
+        revokedCertificates     SEQUENCE OF SEQUENCE  {
+             userCertificate         CertificateSerialNumber,
+             revocationDate          Time,
+             crlEntryExtensions      Extensions OPTIONAL
+                                           -- if present, shall be v2
+                                  }  OPTIONAL,
+
+	CertificateSerialNumber  ::=  INTEGER
+
+	Time ::= CHOICE {
+             utcTime        UTCTime,
+	     generalTime    GeneralizedTime }
+
+	Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+	Extension  ::=  SEQUENCE  {
+	     extnID      OBJECT IDENTIFIER,
+             critical    BOOLEAN DEFAULT FALSE,
+             extnValue   OCTET STRING  }
+ 
+	For more information consult rfc2459.
+
+	@author Mark Benvenuto
+
+	@since JDK 1.2
+*/
+public abstract class X509CRLEntry implements X509Extension
+{
+
+  /**
+     Creates a new X509CRLEntry
+  */
+  public X509CRLEntry()
+  {}
+
+  /**
+     Compares this X509CRLEntry to other. It checks if the
+     object if instanceOf X509CRLEntry and then checks if
+     the encoded form( the inner SEQUENCE) matches.
+
+     @param other An Object to test for equality
+
+     @return true if equal, false otherwise
+  */
+  public boolean equals(Object other)
+  {
+    if( other instanceof X509CRLEntry ) {
+      try {
+	X509CRLEntry xe = (X509CRLEntry) other;
+	if( getEncoded().length != xe.getEncoded().length )
+	  return false;
+
+	byte b1[] = getEncoded();
+	byte b2[] = xe.getEncoded();
+
+	for( int i = 0; i < b1.length; i++ )
+	  if( b1[i] != b2[i] )
+	    return false;
+
+      } catch( CRLException crle ) { 
+	return false;
+      }
+      return true;
+    }
+    return false;
+  }
+
+  /**
+     Returns a hash code for this X509CRLEntry in its encoded
+     form.
+
+     @return A hash code of this class
+  */
+  public int hashCode()
+  {
+    return super.hashCode();
+  }
+
+  /**
+     Gets the DER ASN.1 encoded format for this CRL Entry,
+     the inner SEQUENCE.
+
+     @return byte array containg encoded form
+
+     @throws CRLException if an error occurs
+  */
+  public abstract byte[] getEncoded() throws CRLException;
+
+  /**
+     Gets the serial number for <I>userCertificate</I> in
+     this X509CRLEntry.
+
+     @return the serial number for this X509CRLEntry.
+  */
+  public abstract BigInteger getSerialNumber();
+
+
+  /**
+     Gets the revocation date in <I>revocationDate</I> for
+     this X509CRLEntry.
+
+     @return the revocation date for this X509CRLEntry.
+  */
+  public abstract Date getRevocationDate();
+
+
+  /**
+     Checks if this X509CRLEntry has extensions.
+
+     @return true if it has extensions, false otherwise
+  */
+  public abstract boolean hasExtensions();
+
+
+  /**
+     Returns a string that represents this X509CRLEntry.
+
+     @return a string representing this X509CRLEntry.
+  */
+  public abstract String toString();
+
+}
diff --git a/libjava/java/security/cert/X509Certificate.java b/libjava/java/security/cert/X509Certificate.java
new file mode 100644
index 0000000..46f47f6
--- /dev/null
+++ b/libjava/java/security/cert/X509Certificate.java
@@ -0,0 +1,444 @@
+/* X509Certificate.java --- X.509 Certificate class
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.util.Date;
+
+/**
+	X509Certificate is the abstract class for X.509 certificates.
+	This provides a stanard class interface for accessing all 
+	the attributes of X.509 certificates.
+
+	In June 1996, the basic X.509 v3 format was finished by 
+	ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
+
+	   Certificate  ::=  SEQUENCE  {
+        	tbsCertificate       TBSCertificate,
+	        signatureAlgorithm   AlgorithmIdentifier,
+        	signatureValue       BIT STRING  }
+
+	These certificates are widely used in various Internet 
+	protocols to support authentication. It is used in 
+	Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
+	Secure Sockets Layer (SSL), code signing for trusted software
+	distribution, and Secure Electronic Transactions (SET).
+
+	The certificates are managed and vouched for by 
+	<I>Certificate Authorities</I> (CAs). CAs are companies or 
+	groups that create certificates by placing the data in the 
+	X.509 certificate format and signing it with their private
+	key. CAs serve as trusted third parties by certifying that
+	the person or group specified in the certificate is who
+	they say they are. 
+
+	The ASN.1 defintion for <I>tbsCertificate</I> is
+	
+   TBSCertificate  ::=  SEQUENCE  {
+        version         [0]  EXPLICIT Version DEFAULT v1,
+        serialNumber         CertificateSerialNumber,
+        signature            AlgorithmIdentifier,
+        issuer               Name,
+        validity             Validity,
+        subject              Name,
+        subjectPublicKeyInfo SubjectPublicKeyInfo,
+        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+                             -- If present, version shall be v2 or v3
+        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+                             -- If present, version shall be v2 or v3
+        extensions      [3]  EXPLICIT Extensions OPTIONAL
+                             -- If present, version shall be v3
+        }
+
+   Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+   CertificateSerialNumber  ::=  INTEGER
+
+   Validity ::= SEQUENCE {
+        notBefore      Time,
+        notAfter       Time }
+
+   Time ::= CHOICE {
+        utcTime        UTCTime,
+        generalTime    GeneralizedTime }
+
+   UniqueIdentifier  ::=  BIT STRING
+
+   SubjectPublicKeyInfo  ::=  SEQUENCE  {
+        algorithm            AlgorithmIdentifier,
+        subjectPublicKey     BIT STRING  }
+
+   Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+   Extension  ::=  SEQUENCE  {
+        extnID      OBJECT IDENTIFIER,
+        critical    BOOLEAN DEFAULT FALSE,
+        extnValue   OCTET STRING  }
+
+
+	Certificates are created with the CertificateFactory.
+	For more information about X.509 certificates, consult
+	rfc2459.
+
+	@since JDK 1.2
+
+	@author Mark Benvenuto
+*/
+public abstract class X509Certificate extends Certificate implements X509Extension
+{
+
+  /**
+     Constructs a new certificate of the specified type.
+  */
+  protected X509Certificate()
+  {
+    super( "X.509" );
+  }
+
+  /**
+     Checks the validity of the X.509 certificate. It is valid
+     if the current date and time are within the period specified
+     by the certificate.
+
+     The ASN.1 DER encoding is:
+
+     validity             Validity,
+
+     Validity ::= SEQUENCE {
+     notBefore      Time,
+     notAfter       Time }
+
+     Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+     Consult rfc2459 for more information.
+
+     @throws CertificateExpiredException if the certificate expired
+     @throws CertificateNotYetValidException if the certificate is 
+     not yet valid
+  */
+  public abstract void checkValidity()
+    throws CertificateExpiredException,
+    CertificateNotYetValidException;
+
+  /**
+     Checks the validity of the X.509 certificate for the 
+     specified time and date. It is valid if the specified 
+     date and time are within the period specified by 
+     the certificate.
+
+     @throws CertificateExpiredException if the certificate expired 
+     based on the date
+     @throws CertificateNotYetValidException if the certificate is 
+     not yet valid based on the date
+  */
+  public abstract void checkValidity(Date date)
+    throws CertificateExpiredException,
+    CertificateNotYetValidException;
+
+  /**
+     Returns the version of this certificate.
+
+     The ASN.1 DER encoding is:
+
+     version         [0]  EXPLICIT Version DEFAULT v1,
+
+     Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+     Consult rfc2459 for more information.
+
+     @return version number of certificate	
+  */
+  public abstract int getVersion();
+
+  /**
+     Gets the serial number for serial Number in
+     this Certifcate. It must be a unique number 
+     unique other serial numbers from the granting CA.
+
+     The ASN.1 DER encoding is:
+
+     serialNumber         CertificateSerialNumber,
+
+     CertificateSerialNumber  ::=  INTEGER
+
+     Consult rfc2459 for more information.
+
+     @return the serial number for this X509CRLEntry.
+  */
+  public abstract BigInteger getSerialNumber();
+
+  /**
+     Returns the issuer (issuer distinguished name) of the 
+     Certificate. The issuer is the entity who signed 
+     and issued the Certificate.
+
+     The ASN.1 DER encoding is:
+
+     issuer                  Name,
+
+     Name ::= CHOICE {
+     RDNSequence }
+
+     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+     RelativeDistinguishedName ::=
+     SET OF AttributeTypeAndValue
+
+     AttributeTypeAndValue ::= SEQUENCE {
+     type     AttributeType,
+     value    AttributeValue }
+
+     AttributeType ::= OBJECT IDENTIFIER
+
+     AttributeValue ::= ANY DEFINED BY AttributeType
+
+     DirectoryString ::= CHOICE {
+     teletexString           TeletexString (SIZE (1..MAX)),
+     printableString         PrintableString (SIZE (1..MAX)),
+     universalString         UniversalString (SIZE (1..MAX)),
+     utf8String              UTF8String (SIZE (1.. MAX)),
+     bmpString               BMPString (SIZE (1..MAX)) }
+
+     Consult rfc2459 for more information.
+
+     @return the issuer in the Principal class
+  */
+  public abstract Principal getIssuerDN();
+
+  /**
+     Returns the subject (subject distinguished name) of the 
+     Certificate. The subject is the entity who the Certificate
+     identifies.
+
+     The ASN.1 DER encoding is:
+
+     subject              Name,
+
+     Consult rfc2459 for more information.
+
+     @return the issuer in the Principal class
+  */
+  public abstract Principal getSubjectDN();
+
+  /**
+     Returns the date that this certificate is not to be used
+     before, <I>notBefore</I>.
+
+     The ASN.1 DER encoding is:
+
+     validity             Validity,
+
+     Validity ::= SEQUENCE {
+     notBefore      Time,
+     notAfter       Time }
+
+     Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+     Consult rfc2459 for more information.
+
+     @return the date <I>notBefore</I>
+  */
+  public abstract Date getNotBefore();
+
+  /**
+     Returns the date that this certificate is not to be used
+     after, <I>notAfter</I>.
+
+     @return the date <I>notAfter</I>
+  */
+  public abstract Date getNotAfter();
+
+
+  /**
+     Returns the <I>tbsCertificate</I> from the certificate.
+
+     @return the DER encoded tbsCertificate
+
+     @throws CertificateEncodingException if encoding error occured
+  */
+  public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
+
+  /**
+     Returns the signature in its raw DER encoded format.
+
+     The ASN.1 DER encoding is:
+
+     signatureValue       BIT STRING
+
+     Consult rfc2459 for more information.
+
+     @return byte array representing signature
+  */
+  public abstract byte[] getSignature();
+
+  /**
+     Returns the signature algorithm used to sign the CRL. 
+     An examples is "SHA-1/DSA".
+
+     The ASN.1 DER encoding is:
+
+     signatureAlgorithm   AlgorithmIdentifier,
+
+     AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+
+     Consult rfc2459 for more information.
+
+     The algorithm name is determined from the OID.
+
+     @return a string with the signature algorithm name
+  */
+  public abstract String getSigAlgName();
+
+
+  /**
+     Returns the OID for the signature algorithm used.
+     Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+     The ASN.1 DER encoding for the example is:
+
+     id-dsa-with-sha1 ID  ::=  {
+     iso(1) member-body(2) us(840) x9-57 (10040)
+     x9cm(4) 3 }
+
+     Consult rfc2459 for more information.
+
+     @return a string containing the OID.
+  */
+  public abstract String getSigAlgOID();
+
+
+  /**
+     Returns the AlgorithmParameters in the encoded form
+     for the signature algorithm used. 
+
+     If access to the parameters is need, create an 
+     instance of AlgorithmParameters.
+
+     @return byte array containing algorithm parameters, null
+     if no parameters are present in certificate
+  */
+  public abstract byte[] getSigAlgParams();
+
+
+  /**
+     Returns the issuer unique ID for this certificate.
+
+     The ASN.1 DER encoding is:
+
+     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+     -- If present, version shall be v2 or v3
+
+     UniqueIdentifier  ::=  BIT STRING
+	
+     Consult rfc2459 for more information.
+
+     @return bit representation of <I>issuerUniqueID</I>
+  */
+  public abstract boolean[] getIssuerUniqueID();
+
+  /**
+     Returns the subject unique ID for this certificate.
+
+     The ASN.1 DER encoding is:
+
+     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+     -- If present, version shall be v2 or v3
+
+     UniqueIdentifier  ::=  BIT STRING
+	
+     Consult rfc2459 for more information.
+
+     @return bit representation of <I>subjectUniqueID</I>
+  */
+  public abstract boolean[] getSubjectUniqueID();
+
+  /**
+     Returns a boolean array representing the <I>KeyUsage</I> 
+     extension for the certificate. The KeyUsage (OID = 2.5.29.15)
+     defines the purpose of the key in the certificate.
+
+     The ASN.1 DER encoding is:
+
+     id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+     KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),
+     keyEncipherment         (2),
+     dataEncipherment        (3),
+     keyAgreement            (4),
+     keyCertSign             (5),
+     cRLSign                 (6),
+     encipherOnly            (7),
+     decipherOnly            (8) }
+
+     Consult rfc2459 for more information.
+
+     @return bit representation of <I>KeyUsage</I>
+  */
+  public abstract boolean[] getKeyUsage();
+
+  /**
+     Returns the certificate constraints path length from the
+     critical BasicConstraints extension, (OID = 2.5.29.19).	
+
+     The basic constraints extensions is used to determine if 
+     the subject of the certificate is a Certificate Authority (CA) 
+     and how deep the certification path may exist. The 
+     <I>pathLenConstraint</I> only takes affect if <I>cA</I>
+     is set to true. "A value of zero indicates that only an 
+     end-entity certificate may follow in the path." (rfc2459)
+	
+     The ASN.1 DER encoding is:
+
+     id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+     BasicConstraints ::= SEQUENCE {
+     cA                      BOOLEAN DEFAULT FALSE,
+     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+
+     Consult rfc2459 for more information.
+
+     @return the length of the path constraint if BasicConstraints
+     is present and cA is TRUE. Otherwise returns -1.
+  */
+  public abstract int getBasicConstraints();
+
+
+}
diff --git a/libjava/java/security/cert/X509Extension.java b/libjava/java/security/cert/X509Extension.java
new file mode 100644
index 0000000..bba72c0
--- /dev/null
+++ b/libjava/java/security/cert/X509Extension.java
@@ -0,0 +1,102 @@
+/* X509Extension.java --- X.509 Extension
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License. */
+
+
+package java.security.cert;
+import java.util.Set;
+
+/**
+	Public abstract interface for the X.509 Extension.
+
+	This is used for X.509 v3 Certificates and CRL v2 (Certificate
+	Revocation Lists) for managing attributes assoicated with
+	Certificates, for managing the hierarchy of certificates,
+	and for managing the distribution of CRL. This extension
+	format is used to define private extensions.
+
+	Each extensions for a certificate or CRL must be marked
+	either critical or non-critical. If the certificate/CRL 
+	system encounters a critical extension not recognized then 
+	it must reject the certificate. A non-critical extension
+	may be just ignored if not recognized.
+
+
+	The ASN.1 definition for this class is: 
+
+	 Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+	 Extension  ::=  SEQUENCE  {
+	     extnId        OBJECT IDENTIFIER,
+	     critical      BOOLEAN DEFAULT FALSE,
+	     extnValue     OCTET STRING
+	                   -- contains a DER encoding of a value
+	                   -- of the type registered for use with
+	                   -- the extnId object identifier value
+	 }
+ 	
+	@author Mark Benvenuto
+
+	@since JDK 1.2
+*/
+public abstract interface X509Extension
+{
+
+  /**
+     Returns true if the certificate contains a critical extension
+     that is not supported.
+
+     @return true if has unsupported extension, false otherwise	
+  */
+  public boolean hasUnsupportedCriticalExtension();
+
+  /**
+     Returns a set of the CRITICAL extension OIDs from the 
+     certificate/CRL that the object implementing this interface
+     manages.
+
+     @return A Set containing the OIDs. If there are no CRITICAL
+     extensions or extensions at all this returns null.
+  */
+  public Set getCriticalExtensionOIDs();
+
+  /**
+     Returns a set of the NON-CRITICAL extension OIDs from the 
+     certificate/CRL that the object implementing this interface
+     manages.
+
+     @return A Set containing the OIDs. If there are no NON-CRITICAL
+     extensions or extensions at all this returns null.
+  */
+  public Set getNonCriticalExtensionOIDs();
+
+  /**
+     Returns the DER encoded OCTET string for the specified
+     extension value identified by a OID. The OID is a string
+     of number seperated by periods. Ex: 12.23.45.67
+  */
+  public byte[] getExtensionValue(String oid);
+
+}