[multiple changes]

2004-09-21  Andreas Tobler  <a.tobler@schweiz.ch>

	Import the big Crypto/Jessie/Security merge from Classpath.

	* Makefile.am: Add imported files.
	* Makefile.in: Regenerate.

	2004-08-14  Casey Marshall <csm@gnu.org>

	The Big Crypto Merge of 2004.

	* javax/security/auth/x500/X500Principal.java: Replaced with GNU
	Crypto's version.

	Files imported from GNU Crypto.
	* javax/crypto/BadPaddingException.java
	* javax/crypto/Cipher.java
	* javax/crypto/CipherInputStream.java
	* javax/crypto/CipherOutputStream.java
	* javax/crypto/CipherSpi.java
	* javax/crypto/EncryptedPrivateKeyInfo.java
	* javax/crypto/ExemptionMechanism.java
	* javax/crypto/ExemptionMechanismException.java
	* javax/crypto/ExemptionMechanismSpi.java
	* javax/crypto/IllegalBlockSizeException.java
	* javax/crypto/KeyAgreement.java
	* javax/crypto/KeyAgreementSpi.java
	* javax/crypto/KeyGenerator.java
	* javax/crypto/KeyGeneratorSpi.java
	* javax/crypto/Mac.java
	* javax/crypto/MacSpi.java
	* javax/crypto/Makefile.am
	* javax/crypto/NoSuchPaddingException.java
	* javax/crypto/NullCipher.java
	* javax/crypto/NullCipherImpl.java
	* javax/crypto/SealedObject.java
	* javax/crypto/SecretKey.java
	* javax/crypto/SecretKeyFactory.java
	* javax/crypto/SecretKeyFactorySpi.java
	* javax/crypto/ShortBufferException.java
	* javax/crypto/interfaces/DHKey.java
	* javax/crypto/interfaces/DHPrivateKey.java
	* javax/crypto/interfaces/DHPublicKey.java
	* javax/crypto/interfaces/PBEKey.java
	* javax/crypto/spec/DESKeySpec.java
	* javax/crypto/spec/DESedeKeySpec.java
	* javax/crypto/spec/DHGenParameterSpec.java
	* javax/crypto/spec/DHParameterSpec.java
	* javax/crypto/spec/DHPrivateKeySpec.java
	* javax/crypto/spec/DHPublicKeySpec.java
	* javax/crypto/spec/IvParameterSpec.java
	* javax/crypto/spec/PBEKeySpec.java
	* javax/crypto/spec/PBEParameterSpec.java
	* javax/crypto/spec/RC2ParameterSpec.java
	* javax/crypto/spec/RC5ParameterSpec.java
	* javax/crypto/spec/SecretKeySpec.java
	* javax/security/auth/AuthPermission.java
	* javax/security/auth/DestroyFailedException.java
	* javax/security/auth/Destroyable.java
	* javax/security/auth/Policy.java
	* javax/security/auth/PrivateCredentialPermission.java
	* javax/security/auth/RefreshFailedException.java
	* javax/security/auth/Refreshable.java
	* javax/security/auth/Subject.java
	* javax/security/auth/SubjectDomainCombiner.java
	* javax/security/auth/callback/Callback.java
	* javax/security/auth/callback/CallbackHandler.java
	* javax/security/auth/callback/ChoiceCallback.java
	* javax/security/auth/callback/ConfirmationCallback.java
	* javax/security/auth/callback/LanguageCallback.java
	* javax/security/auth/callback/NameCallback.java
	* javax/security/auth/callback/PasswordCallback.java
	* javax/security/auth/callback/TextInputCallback.java
	* javax/security/auth/callback/TextOutputCallback.java
	* javax/security/auth/callback/UnsupportedCallbackException.java
	* javax/security/auth/login/AccountExpiredException.java
	* javax/security/auth/login/AppConfigurationEntry.java
	* javax/security/auth/login/Configuration.java
	* javax/security/auth/login/CredentialExpiredException.java
	* javax/security/auth/login/FailedLoginException.java
	* javax/security/auth/login/LoginContext.java
	* javax/security/auth/login/LoginException.java
	* javax/security/auth/login/NullConfiguration.java
	* javax/security/auth/x500/X500PrivateCredential.java
	* javax/security/sasl/AuthenticationException.java
	* javax/security/sasl/AuthorizeCallback.java
	* javax/security/sasl/RealmCallback.java
	* javax/security/sasl/RealmChoiceCallback.java
	* javax/security/sasl/Sasl.java
	* javax/security/sasl/SaslClient.java
	* javax/security/sasl/SaslClientFactory.java
	* javax/security/sasl/SaslException.java
	* javax/security/sasl/SaslServer.java
	* javax/security/sasl/SaslServerFactory.java
	* org/ietf/jgss/ChannelBinding.java
	* org/ietf/jgss/GSSContext.java
	* org/ietf/jgss/GSSCredential.java
	* org/ietf/jgss/GSSException.java
	* org/ietf/jgss/GSSManager.java
	* org/ietf/jgss/GSSName.java
	* org/ietf/jgss/MessageProp.java
	* org/ietf/jgss/Oid.java
	* org/ietf/jgss/MessagesBundle.properties

	Files imported from Jessie <http://www.nongnu.org/jessie/>
	* javax/net/ServerSocketFactory.java
	* javax/net/SocketFactory.java
	* javax/net/VanillaServerSocketFactory.java
	* javax/net/VanillaSocketFactory.java
	* javax/net/ssl/HandshakeCompletedEvent.java
	* javax/net/ssl/HandshakeCompletedListener.java
	* javax/net/ssl/HostnameVerifier.java
	* javax/net/ssl/HttpsURLConnection.java
	* javax/net/ssl/KeyManager.java
	* javax/net/ssl/KeyManagerFactory.java
	* javax/net/ssl/KeyManagerFactorySpi.java
	* javax/net/ssl/ManagerFactoryParameters.java
	* javax/net/ssl/SSLContext.java
	* javax/net/ssl/SSLContextSpi.java
	* javax/net/ssl/SSLException.java
	* javax/net/ssl/SSLHandshakeException.java
	* javax/net/ssl/SSLKeyException.java
	* javax/net/ssl/SSLPeerUnverifiedException.java
	* javax/net/ssl/SSLPermission.java
	* javax/net/ssl/SSLProtocolException.java
	* javax/net/ssl/SSLServerSocket.java
	* javax/net/ssl/SSLServerSocketFactory.java
	* javax/net/ssl/SSLSession.java
	* javax/net/ssl/SSLSessionBindingEvent.java
	* javax/net/ssl/SSLSessionBindingListener.java
	* javax/net/ssl/SSLSessionContext.java
	* javax/net/ssl/SSLSocket.java
	* javax/net/ssl/SSLSocketFactory.java
	* javax/net/ssl/TrivialHostnameVerifier.java
	* javax/net/ssl/TrustManager.java
	* javax/net/ssl/TrustManagerFactory.java
	* javax/net/ssl/TrustManagerFactorySpi.java
	* javax/net/ssl/X509KeyManager.java
	* javax/net/ssl/X509TrustManager.java
	* javax/security/cert/Certificate.java
	* javax/security/cert/CertificateEncodingException.java
	* javax/security/cert/CertificateException.java
	* javax/security/cert/CertificateExpiredException.java
	* javax/security/cert/CertificateNotYetValidException.java
	* javax/security/cert/CertificateParsingException.java
	* javax/security/cert/X509CertBridge.java
	* javax/security/cert/X509Certificate.java

	2004-08-20  Casey Marshall  <csm@gnu.org>

	* java/security/cert/X509CRLSelector.java: New file.
	* java/security/cert/X509CertSelector.java: New file.

From-SVN: r87795

1 files changed, 355 insertions, 0 deletions

diff --git a/libjava/javax/crypto/SealedObject.java b/libjava/javax/crypto/SealedObject.java
new file mode 100644
index 0000000..9bbbe29
--- /dev/null
+++ b/libjava/javax/crypto/SealedObject.java
@@ -0,0 +1,355 @@
+/* SealedObject.java -- An encrypted Serializable object.
+   Copyright (C) 2004  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
+/**
+ * This class allows any {@link java.io.Serializable} object to be
+ * stored in an encrypted form.
+ *
+ * <p>When the sealed object is ready to be unsealed (and deserialized)
+ * the caller may use either
+ *
+ * <ol>
+ * <li>{@link #getObject(javax.crypto.Cipher)}, which uses an
+ * already-initialized {@link javax.crypto.Cipher}.<br>
+ * <br>
+ * or,</li>
+ *
+ * <li>{@link #getObject(java.security.Key)} or {@link
+ * #getObject(java.security.Key,java.lang.String)}, which will
+ * initialize a new cipher instance with the {@link #encodedParams} that
+ * were stored with this sealed object (this is so parameters, such as
+ * the IV, don't need to be known by the one unsealing the object).</li>
+ * </ol>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class SealedObject implements Serializable
+{
+
+  // Constants and fields.
+  // ------------------------------------------------------------------------
+
+  /** The encoded algorithm parameters. */
+  protected byte[] encodedParams;
+
+  /** The serialized, encrypted object. */
+  private byte[] encryptedContent;
+
+  /** The algorithm used to seal the object. */
+  private String sealAlg;
+
+  /** The parameter type. */
+  private String paramsAlg;
+
+  /** The cipher that decrypts when this object is unsealed. */
+  private transient Cipher sealCipher;
+
+  /** Compatible with JDK1.4. */
+  private static final long serialVersionUID = 4482838265551344752L;
+
+  // Constructors.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Create a new sealed object from a {@link java.io.Serializable}
+   * object and a cipher.
+   *
+   * @param object The object to seal.
+   * @param cipher The cipher to encrypt with.
+   * @throws java.io.IOException If serializing the object fails.
+   * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+   *         padding and the size of the serialized representation of the
+   *         object is not a multiple of the cipher's block size.
+   */
+  public SealedObject(Serializable object, Cipher cipher)
+    throws IOException, IllegalBlockSizeException
+  {
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    ObjectOutputStream oos = new ObjectOutputStream(baos);
+    oos.writeObject(object);
+    oos.flush();
+    try
+      {
+        encryptedContent = cipher.doFinal(baos.toByteArray());
+      }
+    catch (IllegalStateException ise)
+      {
+        throw new IOException("cipher not in proper state");
+      }
+    catch (BadPaddingException bpe)
+      {
+        throw new IOException(
+          "encrypting but got javax.crypto.BadPaddingException");
+      }
+    sealAlg = cipher.getAlgorithm();
+    encodedParams = cipher.getParameters().getEncoded();
+    paramsAlg = cipher.getParameters().getAlgorithm();
+  }
+
+  /**
+   * Create a new sealed object from another sealed object.
+   *
+   * @param so The other sealed object.
+   */
+  protected SealedObject(SealedObject so)
+  {
+    this.encodedParams = (byte[]) so.encodedParams.clone();
+    this.encryptedContent = (byte[]) so.encryptedContent.clone();
+    this.sealAlg = so.sealAlg;
+    this.paramsAlg = so.paramsAlg;
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Get the name of the algorithm used to seal this object.
+   *
+   * @return The algorithm's name.
+   */
+  public final String getAlgorithm()
+  {
+    return sealAlg;
+  }
+
+  /**
+   * Unseal and deserialize this sealed object with a specified (already
+   * initialized) cipher.
+   *
+   * @param cipher The cipher to decrypt with.
+   * @return The original object.
+   * @throws java.io.IOException If reading fails.
+   * @throws java.lang.ClassNotFoundException If deserialization fails.
+   * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+   *         padding and the encrypted data is not a multiple of the
+   *         cipher's block size.
+   * @throws javax.crypto.BadPaddingException If the padding bytes are
+   *         incorrect.
+   */
+  public final Object getObject(Cipher cipher)
+    throws IOException, ClassNotFoundException, IllegalBlockSizeException,
+           BadPaddingException
+  {
+    sealCipher = cipher;
+    return unseal();
+  }
+
+  /**
+   * Unseal and deserialize this sealed object with the specified key.
+   *
+   * @param key The key to decrypt with.
+   * @return The original object.
+   * @throws java.io.IOException If reading fails.
+   * @throws java.lang.ClassNotFoundException If deserialization fails.
+   * @throws java.security.InvalidKeyException If the supplied key
+   *         cannot be used to unseal this object.
+   * @throws java.security.NoSuchAlgorithmException If the algorithm
+   *         used to originally seal this object is not available.
+   */
+  public final Object getObject(Key key)
+    throws IOException, ClassNotFoundException, InvalidKeyException,
+           NoSuchAlgorithmException
+  {
+    try
+      {
+        if (sealCipher == null)
+          sealCipher = Cipher.getInstance(sealAlg);
+      }
+    catch (NoSuchPaddingException nspe)
+      {
+        throw new NoSuchAlgorithmException(nspe.getMessage());
+      }
+    AlgorithmParameters params = null;
+    if (encodedParams != null)
+      {
+        params = AlgorithmParameters.getInstance(paramsAlg);
+        params.init(encodedParams);
+      }
+    try
+      {
+        sealCipher.init(Cipher.DECRYPT_MODE, key, params);
+        return unseal();
+      }
+    catch (InvalidAlgorithmParameterException iape)
+      {
+        throw new IOException("bad parameters");
+      }
+    catch (IllegalBlockSizeException ibse)
+      {
+        throw new IOException("illegal block size");
+      }
+    catch (BadPaddingException bpe)
+      {
+        throw new IOException("bad padding");
+      }
+  }
+
+  /**
+   * Unseal and deserialize this sealed object with the specified key,
+   * using a cipher from the named provider.
+   *
+   * @param key      The key to decrypt with.
+   * @param provider The name of the provider to use.
+   * @return The original object.
+   * @throws java.io.IOException If reading fails.
+   * @throws java.lang.ClassNotFoundException If deserialization fails.
+   * @throws java.security.InvalidKeyException If the supplied key
+   *         cannot be used to unseal this object.
+   * @throws java.security.NoSuchAlgorithmException If the algorithm
+   *         used to originally seal this object is not available from
+   *         the named provider.
+   * @throws java.security.NoSuchProviderException If the named provider
+   *         does not exist.
+   */
+  public final Object getObject(Key key, String provider)
+    throws IOException, ClassNotFoundException, InvalidKeyException,
+           NoSuchAlgorithmException, NoSuchProviderException
+  {
+    try
+      {
+        sealCipher = Cipher.getInstance(sealAlg, provider);
+      }
+    catch (NoSuchPaddingException nspe)
+      {
+        throw new NoSuchAlgorithmException(nspe.getMessage());
+      }
+    AlgorithmParameters params = null;
+    if (encodedParams != null)
+      {
+        params = AlgorithmParameters.getInstance(paramsAlg, provider);
+        params.init(encodedParams);
+      }
+    try
+      {
+        sealCipher.init(Cipher.DECRYPT_MODE, key, params);
+        return unseal();
+      }
+    catch (InvalidAlgorithmParameterException iape)
+      {
+        throw new IOException("bad parameters");
+      }
+    catch (IllegalBlockSizeException ibse)
+      {
+        throw new IOException("illegal block size");
+      }
+    catch (BadPaddingException bpe)
+      {
+        throw new IOException("bad padding");
+      }
+  }
+
+  // Own methods.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Deserialize this object.
+   *
+   * @param ois The input stream.
+   * @throws java.io.IOException If reading fails.
+   * @throws java.lang.ClassNotFoundException If reading fails.
+   */
+  private void readObject(ObjectInputStream ois)
+    throws IOException, ClassNotFoundException
+  {
+    encodedParams = (byte[]) ois.readObject();
+    encryptedContent = (byte[]) ois.readObject();
+    sealAlg = (String) ois.readObject();
+    paramsAlg = (String) ois.readObject();
+  }
+
+  /**
+   * Serialize this object.
+   *
+   * @param oos The output stream.
+   * @throws java.io.IOException If writing fails.
+   */
+  private void writeObject(ObjectOutputStream oos)
+    throws IOException
+  {
+    oos.writeObject(encodedParams);
+    oos.writeObject(encryptedContent);
+    oos.writeObject(sealAlg);
+    oos.writeObject(paramsAlg);
+  }
+
+  /**
+   * Unseal this object, returning it.
+   *
+   * @return The unsealed, deserialized Object.
+   * @throws java.io.IOException If reading fails.
+   * @throws java.io.ClassNotFoundException If reading fails.
+   * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+   *         padding and the encrypted data is not a multiple of the
+   *         cipher's block size.
+   * @throws javax.crypto.BadPaddingException If the padding bytes are
+   *         incorrect.
+   */
+  private Object unseal()
+    throws IOException, ClassNotFoundException, IllegalBlockSizeException,
+           BadPaddingException
+  {
+    ByteArrayInputStream bais = null;
+    try
+      {
+        bais = new ByteArrayInputStream(sealCipher.doFinal(encryptedContent));
+      }
+    catch (IllegalStateException ise)
+      {
+        throw new IOException("cipher not initialized");
+      }
+    ObjectInputStream ois = new ObjectInputStream(bais);
+    return ois.readObject();
+  }
+}