aboutsummaryrefslogtreecommitdiff
path: root/libjava
diff options
context:
space:
mode:
authorAndreas Tobler <andreast@gcc.gnu.org>2004-11-15 21:02:08 +0100
committerAndreas Tobler <andreast@gcc.gnu.org>2004-11-15 21:02:08 +0100
commit507148866c2116c2d15dadc4b1609eb21ce88a45 (patch)
tree397eb5fe893a7d4cba478362f2a48f749834452d /libjava
parentfcb94d103b1e287f95bb7de1c582a25223529654 (diff)
downloadgcc-507148866c2116c2d15dadc4b1609eb21ce88a45.zip
gcc-507148866c2116c2d15dadc4b1609eb21ce88a45.tar.gz
gcc-507148866c2116c2d15dadc4b1609eb21ce88a45.tar.bz2
004-11-15 Andreas Tobler <a.tobler@schweiz.ch>
Import/Merge the X.509 certificate code from Classpath. * Makefile.am: Add imported files. * Makefile.in: Regenerate. 2004-11-07 Casey Marshall <csm@gnu.org> * gnu/java/security/provider/Gnu.java(<init>): Add entries in a priviliged action. Add new algorithms. * gnu/java/security/provider/X509CertificateFactory.java (engineGenerateCertificate): Chain exceptions. (engineGenerateCertificates): Likewise. (engineGenerateCRL): Likewise. (engineGenerateCRLs): Likewise. (engineGenerateCertPath): New methods. (generateCert): Throw exception if 'inStream' is null. (generateCRL): Likewise. * gnu/java/security/x509/X500DistinguishedName.java: Replaced with version from GNU Crypto CVS. * gnu/java/security/x509/X509CRL.java: Likewise. * gnu/java/security/x509/X509CRLEntry.java: Likewise. * gnu/java/security/x509/X509Certificate.java: Likewise. * java/security/cert/TrustAnchor.java: Call 'toString' and not toRFC2253. * gnu/java/security/provider/CollectionCertStoreImpl.java, * gnu/java/security/provider/EncodedKeyFactory.java, * gnu/java/security/provider/GnuDHPublicKey.java, * gnu/java/security/provider/GnuRSAPrivateKey.java, * gnu/java/security/provider/GnuRSAPublicKey.java, * gnu/java/security/provider/MD2withRSA.java, * gnu/java/security/provider/MD4withRSA.java, * gnu/java/security/provider/MD5withRSA.java, * gnu/java/security/provider/PKIXCertPathValidatorImpl.java, * gnu/java/security/provider/RSA.java, * gnu/java/security/provider/RSAKeyFactory.java, * gnu/java/security/provider/SHA1withRSA.java, * gnu/java/security/x509/GnuPKIExtension.java, * gnu/java/security/x509/PolicyNodeImpl.java, * gnu/java/security/x509/Util.java, * gnu/java/security/x509/X509CRLSelectorImpl.java, * gnu/java/security/x509/X509CertPath.java, * gnu/java/security/x509/X509CertSelectorImpl.java, * gnu/java/security/x509/ext/AuthorityKeyIdentifier.java, * gnu/java/security/x509/ext/BasicConstraints.java, * gnu/java/security/x509/ext/CRLNumber.java, * gnu/java/security/x509/ext/CertificatePolicies.java, * gnu/java/security/x509/ext/ExtendedKeyUsage.java, * gnu/java/security/x509/ext/Extension.java, * gnu/java/security/x509/ext/GeneralNames.java, * gnu/java/security/x509/ext/IssuerAlternativeNames.java, * gnu/java/security/x509/ext/KeyUsage.java, * gnu/java/security/x509/ext/PolicyConstraint.java, * gnu/java/security/x509/ext/PolicyMappings.java, * gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java, * gnu/java/security/x509/ext/ReasonCode.java, * gnu/java/security/x509/ext/SubjectAlternativeNames.java, * gnu/java/security/x509/ext/SubjectKeyIdentifier.java: New files. 2004-11-07 Casey Marshall <csm@gnu.org> * gnu/java/security/x509/X509CRL.java: Missed import statements in previous checkin. 2004-11-07 Casey Marshall <csm@gnu.org> * gnu/java/security/x509/X509CertPath.java (parse): Fixed reference to 'X509CertificateImpl' from previous checkin. From-SVN: r90682
Diffstat (limited to 'libjava')
-rw-r--r--libjava/ChangeLog82
-rw-r--r--libjava/Makefile.am33
-rw-r--r--libjava/Makefile.in310
-rw-r--r--libjava/gnu/java/security/provider/CollectionCertStoreImpl.java103
-rw-r--r--libjava/gnu/java/security/provider/EncodedKeyFactory.java310
-rw-r--r--libjava/gnu/java/security/provider/Gnu.java186
-rw-r--r--libjava/gnu/java/security/provider/GnuDHPublicKey.java117
-rw-r--r--libjava/gnu/java/security/provider/GnuRSAPrivateKey.java166
-rw-r--r--libjava/gnu/java/security/provider/GnuRSAPublicKey.java109
-rw-r--r--libjava/gnu/java/security/provider/MD2withRSA.java54
-rw-r--r--libjava/gnu/java/security/provider/MD4withRSA.java54
-rw-r--r--libjava/gnu/java/security/provider/MD5withRSA.java54
-rw-r--r--libjava/gnu/java/security/provider/PKIXCertPathValidatorImpl.java689
-rw-r--r--libjava/gnu/java/security/provider/RSA.java314
-rw-r--r--libjava/gnu/java/security/provider/RSAKeyFactory.java181
-rw-r--r--libjava/gnu/java/security/provider/SHA1withRSA.java61
-rw-r--r--libjava/gnu/java/security/provider/X509CertificateFactory.java50
-rw-r--r--libjava/gnu/java/security/x509/GnuPKIExtension.java59
-rw-r--r--libjava/gnu/java/security/x509/PolicyNodeImpl.java214
-rw-r--r--libjava/gnu/java/security/x509/Util.java202
-rw-r--r--libjava/gnu/java/security/x509/X500DistinguishedName.java1036
-rw-r--r--libjava/gnu/java/security/x509/X509CRL.java168
-rw-r--r--libjava/gnu/java/security/x509/X509CRLEntry.java149
-rw-r--r--libjava/gnu/java/security/x509/X509CRLSelectorImpl.java138
-rw-r--r--libjava/gnu/java/security/x509/X509CertPath.java306
-rw-r--r--libjava/gnu/java/security/x509/X509CertSelectorImpl.java199
-rw-r--r--libjava/gnu/java/security/x509/X509Certificate.java604
-rw-r--r--libjava/gnu/java/security/x509/ext/AuthorityKeyIdentifier.java134
-rw-r--r--libjava/gnu/java/security/x509/ext/BasicConstraints.java129
-rw-r--r--libjava/gnu/java/security/x509/ext/CRLNumber.java97
-rw-r--r--libjava/gnu/java/security/x509/ext/CertificatePolicies.java191
-rw-r--r--libjava/gnu/java/security/x509/ext/ExtendedKeyUsage.java95
-rw-r--r--libjava/gnu/java/security/x509/ext/Extension.java289
-rw-r--r--libjava/gnu/java/security/x509/ext/GeneralNames.java157
-rw-r--r--libjava/gnu/java/security/x509/ext/IssuerAlternativeNames.java76
-rw-r--r--libjava/gnu/java/security/x509/ext/KeyUsage.java92
-rw-r--r--libjava/gnu/java/security/x509/ext/PolicyConstraint.java109
-rw-r--r--libjava/gnu/java/security/x509/ext/PolicyMappings.java104
-rw-r--r--libjava/gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java105
-rw-r--r--libjava/gnu/java/security/x509/ext/ReasonCode.java85
-rw-r--r--libjava/gnu/java/security/x509/ext/SubjectAlternativeNames.java77
-rw-r--r--libjava/gnu/java/security/x509/ext/SubjectKeyIdentifier.java84
-rw-r--r--libjava/java/security/cert/TrustAnchor.java6
43 files changed, 6669 insertions, 1109 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog
index 1e9a691..a9a492f 100644
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,3 +1,73 @@
+2004-11-15 Andreas Tobler <a.tobler@schweiz.ch>
+
+ Import/Merge the X.509 certificate code from Classpath.
+
+ * Makefile.am: Add imported files.
+ * Makefile.in: Regenerate.
+
+ 2004-11-07 Casey Marshall <csm@gnu.org>
+
+ * gnu/java/security/provider/Gnu.java(<init>): Add entries in a
+ priviliged action. Add new algorithms.
+ * gnu/java/security/provider/X509CertificateFactory.java
+ (engineGenerateCertificate): Chain exceptions.
+ (engineGenerateCertificates): Likewise.
+ (engineGenerateCRL): Likewise.
+ (engineGenerateCRLs): Likewise.
+ (engineGenerateCertPath): New methods.
+ (generateCert): Throw exception if 'inStream' is null.
+ (generateCRL): Likewise.
+ * gnu/java/security/x509/X500DistinguishedName.java: Replaced with
+ version from GNU Crypto CVS.
+ * gnu/java/security/x509/X509CRL.java: Likewise.
+ * gnu/java/security/x509/X509CRLEntry.java: Likewise.
+ * gnu/java/security/x509/X509Certificate.java: Likewise.
+ * java/security/cert/TrustAnchor.java: Call 'toString' and not
+ toRFC2253.
+ * gnu/java/security/provider/CollectionCertStoreImpl.java,
+ * gnu/java/security/provider/EncodedKeyFactory.java,
+ * gnu/java/security/provider/GnuDHPublicKey.java,
+ * gnu/java/security/provider/GnuRSAPrivateKey.java,
+ * gnu/java/security/provider/GnuRSAPublicKey.java,
+ * gnu/java/security/provider/MD2withRSA.java,
+ * gnu/java/security/provider/MD4withRSA.java,
+ * gnu/java/security/provider/MD5withRSA.java,
+ * gnu/java/security/provider/PKIXCertPathValidatorImpl.java,
+ * gnu/java/security/provider/RSA.java,
+ * gnu/java/security/provider/RSAKeyFactory.java,
+ * gnu/java/security/provider/SHA1withRSA.java,
+ * gnu/java/security/x509/GnuPKIExtension.java,
+ * gnu/java/security/x509/PolicyNodeImpl.java,
+ * gnu/java/security/x509/Util.java,
+ * gnu/java/security/x509/X509CRLSelectorImpl.java,
+ * gnu/java/security/x509/X509CertPath.java,
+ * gnu/java/security/x509/X509CertSelectorImpl.java,
+ * gnu/java/security/x509/ext/AuthorityKeyIdentifier.java,
+ * gnu/java/security/x509/ext/BasicConstraints.java,
+ * gnu/java/security/x509/ext/CRLNumber.java,
+ * gnu/java/security/x509/ext/CertificatePolicies.java,
+ * gnu/java/security/x509/ext/ExtendedKeyUsage.java,
+ * gnu/java/security/x509/ext/Extension.java,
+ * gnu/java/security/x509/ext/GeneralNames.java,
+ * gnu/java/security/x509/ext/IssuerAlternativeNames.java,
+ * gnu/java/security/x509/ext/KeyUsage.java,
+ * gnu/java/security/x509/ext/PolicyConstraint.java,
+ * gnu/java/security/x509/ext/PolicyMappings.java,
+ * gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java,
+ * gnu/java/security/x509/ext/ReasonCode.java,
+ * gnu/java/security/x509/ext/SubjectAlternativeNames.java,
+ * gnu/java/security/x509/ext/SubjectKeyIdentifier.java: New files.
+
+ 2004-11-07 Casey Marshall <csm@gnu.org>
+
+ * gnu/java/security/x509/X509CRL.java:
+ Missed import statements in previous checkin.
+
+ 2004-11-07 Casey Marshall <csm@gnu.org>
+
+ * gnu/java/security/x509/X509CertPath.java (parse): Fixed reference
+ to 'X509CertificateImpl' from previous checkin.
+
2004-11-12 Andrew Pinski <pinskia@physics.uc.edu>
PR other/14264
@@ -11,12 +81,12 @@
'F_RDLCK' for shared locks, 'F_WRLCK' for exclusive locks.
2004-11-11 Robert Schuster <thebohemian@gmx.net>
-
- Fixed regression:
- * gnu/java/beans/IntrospectionIncubator.java:
- (addMethod): corrected classification of normal and property methods
- (capitalize): added documentation
- (DoubleKey): [class] added documentation
+
+ Fixed regression:
+ * gnu/java/beans/IntrospectionIncubator.java:
+ (addMethod): Corrected classification of normal and property methods.
+ (capitalize): Added documentation.
+ (DoubleKey): [class] Added documentation.
2004-11-09 Tom Tromey <tromey@redhat.com>
diff --git a/libjava/Makefile.am b/libjava/Makefile.am
index 9c39dec..9a439fa 100644
--- a/libjava/Makefile.am
+++ b/libjava/Makefile.am
@@ -2749,24 +2749,57 @@ gnu/java/security/der/DEREncodingException.java \
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java \
+gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
gnu/java/security/provider/DSAKeyPairGenerator.java \
gnu/java/security/provider/DSAParameterGenerator.java \
gnu/java/security/provider/DSAParameters.java \
gnu/java/security/provider/DSASignature.java \
gnu/java/security/provider/DefaultPolicy.java \
+gnu/java/security/provider/EncodedKeyFactory.java \
gnu/java/security/provider/Gnu.java \
+gnu/java/security/provider/GnuDHPublicKey.java \
gnu/java/security/provider/GnuDSAPrivateKey.java \
gnu/java/security/provider/GnuDSAPublicKey.java \
+gnu/java/security/provider/GnuRSAPrivateKey.java \
+gnu/java/security/provider/GnuRSAPublicKey.java \
+gnu/java/security/provider/MD2withRSA.java \
+gnu/java/security/provider/MD4withRSA.java \
gnu/java/security/provider/MD5.java \
+gnu/java/security/provider/MD5withRSA.java \
+gnu/java/security/provider/PKIXCertPathValidatorImpl.java \
+gnu/java/security/provider/RSA.java \
+gnu/java/security/provider/RSAKeyFactory.java \
gnu/java/security/provider/SHA.java \
gnu/java/security/provider/SHA1PRNG.java \
+gnu/java/security/provider/SHA1withRSA.java \
gnu/java/security/provider/X509CertificateFactory.java \
gnu/java/security/util/Prime.java \
+gnu/java/security/x509/GnuPKIExtension.java \
+gnu/java/security/x509/PolicyNodeImpl.java \
+gnu/java/security/x509/Util.java \
gnu/java/security/x509/X500DistinguishedName.java \
gnu/java/security/x509/X509CRL.java \
gnu/java/security/x509/X509CRLEntry.java \
+gnu/java/security/x509/X509CRLSelectorImpl.java \
gnu/java/security/x509/X509Certificate.java \
+gnu/java/security/x509/X509CertPath.java \
+gnu/java/security/x509/X509CertSelectorImpl.java \
+gnu/java/security/x509/ext/AuthorityKeyIdentifier.java \
+gnu/java/security/x509/ext/BasicConstraints.java \
+gnu/java/security/x509/ext/CRLNumber.java \
+gnu/java/security/x509/ext/CertificatePolicies.java \
+gnu/java/security/x509/ext/ExtendedKeyUsage.java \
+gnu/java/security/x509/ext/Extension.java \
+gnu/java/security/x509/ext/GeneralNames.java \
+gnu/java/security/x509/ext/IssuerAlternativeNames.java \
+gnu/java/security/x509/ext/KeyUsage.java \
+gnu/java/security/x509/ext/PolicyConstraint.java \
+gnu/java/security/x509/ext/PolicyMappings.java \
+gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java \
+gnu/java/security/x509/ext/ReasonCode.java \
+gnu/java/security/x509/ext/SubjectAlternativeNames.java \
+gnu/java/security/x509/ext/SubjectKeyIdentifier.java \
gnu/java/text/AttributedFormatBuffer.java \
gnu/java/text/BaseBreakIterator.java \
gnu/java/text/CharacterBreakIterator.java \
diff --git a/libjava/Makefile.in b/libjava/Makefile.in
index 8a23bcd..7227bc8c3 100644
--- a/libjava/Makefile.in
+++ b/libjava/Makefile.in
@@ -802,24 +802,57 @@ am__libgcj_la_SOURCES_DIST = prims.cc jni.cc exception.cc resolve.cc \
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java \
+ gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
gnu/java/security/provider/DSAKeyPairGenerator.java \
gnu/java/security/provider/DSAParameterGenerator.java \
gnu/java/security/provider/DSAParameters.java \
gnu/java/security/provider/DSASignature.java \
gnu/java/security/provider/DefaultPolicy.java \
+ gnu/java/security/provider/EncodedKeyFactory.java \
gnu/java/security/provider/Gnu.java \
+ gnu/java/security/provider/GnuDHPublicKey.java \
gnu/java/security/provider/GnuDSAPrivateKey.java \
gnu/java/security/provider/GnuDSAPublicKey.java \
+ gnu/java/security/provider/GnuRSAPrivateKey.java \
+ gnu/java/security/provider/GnuRSAPublicKey.java \
+ gnu/java/security/provider/MD2withRSA.java \
+ gnu/java/security/provider/MD4withRSA.java \
gnu/java/security/provider/MD5.java \
+ gnu/java/security/provider/MD5withRSA.java \
+ gnu/java/security/provider/PKIXCertPathValidatorImpl.java \
+ gnu/java/security/provider/RSA.java \
+ gnu/java/security/provider/RSAKeyFactory.java \
gnu/java/security/provider/SHA.java \
gnu/java/security/provider/SHA1PRNG.java \
+ gnu/java/security/provider/SHA1withRSA.java \
gnu/java/security/provider/X509CertificateFactory.java \
gnu/java/security/util/Prime.java \
+ gnu/java/security/x509/GnuPKIExtension.java \
+ gnu/java/security/x509/PolicyNodeImpl.java \
+ gnu/java/security/x509/Util.java \
gnu/java/security/x509/X500DistinguishedName.java \
gnu/java/security/x509/X509CRL.java \
gnu/java/security/x509/X509CRLEntry.java \
+ gnu/java/security/x509/X509CRLSelectorImpl.java \
gnu/java/security/x509/X509Certificate.java \
+ gnu/java/security/x509/X509CertPath.java \
+ gnu/java/security/x509/X509CertSelectorImpl.java \
+ gnu/java/security/x509/ext/AuthorityKeyIdentifier.java \
+ gnu/java/security/x509/ext/BasicConstraints.java \
+ gnu/java/security/x509/ext/CRLNumber.java \
+ gnu/java/security/x509/ext/CertificatePolicies.java \
+ gnu/java/security/x509/ext/ExtendedKeyUsage.java \
+ gnu/java/security/x509/ext/Extension.java \
+ gnu/java/security/x509/ext/GeneralNames.java \
+ gnu/java/security/x509/ext/IssuerAlternativeNames.java \
+ gnu/java/security/x509/ext/KeyUsage.java \
+ gnu/java/security/x509/ext/PolicyConstraint.java \
+ gnu/java/security/x509/ext/PolicyMappings.java \
+ gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java \
+ gnu/java/security/x509/ext/ReasonCode.java \
+ gnu/java/security/x509/ext/SubjectAlternativeNames.java \
+ gnu/java/security/x509/ext/SubjectKeyIdentifier.java \
gnu/java/text/AttributedFormatBuffer.java \
gnu/java/text/BaseBreakIterator.java \
gnu/java/text/CharacterBreakIterator.java \
@@ -3747,24 +3780,57 @@ am__objects_14 = $(am__objects_9) gnu/classpath/ServiceFactory.lo \
gnu/java/security/der/DERReader.lo \
gnu/java/security/der/DERValue.lo \
gnu/java/security/der/DERWriter.lo \
+ gnu/java/security/provider/CollectionCertStoreImpl.lo \
gnu/java/security/provider/DSAKeyFactory.lo \
gnu/java/security/provider/DSAKeyPairGenerator.lo \
gnu/java/security/provider/DSAParameterGenerator.lo \
gnu/java/security/provider/DSAParameters.lo \
gnu/java/security/provider/DSASignature.lo \
gnu/java/security/provider/DefaultPolicy.lo \
+ gnu/java/security/provider/EncodedKeyFactory.lo \
gnu/java/security/provider/Gnu.lo \
+ gnu/java/security/provider/GnuDHPublicKey.lo \
gnu/java/security/provider/GnuDSAPrivateKey.lo \
gnu/java/security/provider/GnuDSAPublicKey.lo \
+ gnu/java/security/provider/GnuRSAPrivateKey.lo \
+ gnu/java/security/provider/GnuRSAPublicKey.lo \
+ gnu/java/security/provider/MD2withRSA.lo \
+ gnu/java/security/provider/MD4withRSA.lo \
gnu/java/security/provider/MD5.lo \
+ gnu/java/security/provider/MD5withRSA.lo \
+ gnu/java/security/provider/PKIXCertPathValidatorImpl.lo \
+ gnu/java/security/provider/RSA.lo \
+ gnu/java/security/provider/RSAKeyFactory.lo \
gnu/java/security/provider/SHA.lo \
gnu/java/security/provider/SHA1PRNG.lo \
+ gnu/java/security/provider/SHA1withRSA.lo \
gnu/java/security/provider/X509CertificateFactory.lo \
gnu/java/security/util/Prime.lo \
+ gnu/java/security/x509/GnuPKIExtension.lo \
+ gnu/java/security/x509/PolicyNodeImpl.lo \
+ gnu/java/security/x509/Util.lo \
gnu/java/security/x509/X500DistinguishedName.lo \
gnu/java/security/x509/X509CRL.lo \
gnu/java/security/x509/X509CRLEntry.lo \
+ gnu/java/security/x509/X509CRLSelectorImpl.lo \
gnu/java/security/x509/X509Certificate.lo \
+ gnu/java/security/x509/X509CertPath.lo \
+ gnu/java/security/x509/X509CertSelectorImpl.lo \
+ gnu/java/security/x509/ext/AuthorityKeyIdentifier.lo \
+ gnu/java/security/x509/ext/BasicConstraints.lo \
+ gnu/java/security/x509/ext/CRLNumber.lo \
+ gnu/java/security/x509/ext/CertificatePolicies.lo \
+ gnu/java/security/x509/ext/ExtendedKeyUsage.lo \
+ gnu/java/security/x509/ext/Extension.lo \
+ gnu/java/security/x509/ext/GeneralNames.lo \
+ gnu/java/security/x509/ext/IssuerAlternativeNames.lo \
+ gnu/java/security/x509/ext/KeyUsage.lo \
+ gnu/java/security/x509/ext/PolicyConstraint.lo \
+ gnu/java/security/x509/ext/PolicyMappings.lo \
+ gnu/java/security/x509/ext/PrivateKeyUsagePeriod.lo \
+ gnu/java/security/x509/ext/ReasonCode.lo \
+ gnu/java/security/x509/ext/SubjectAlternativeNames.lo \
+ gnu/java/security/x509/ext/SubjectKeyIdentifier.lo \
gnu/java/text/AttributedFormatBuffer.lo \
gnu/java/text/BaseBreakIterator.lo \
gnu/java/text/CharacterBreakIterator.lo \
@@ -6573,24 +6639,57 @@ gnu/java/security/der/DEREncodingException.java \
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java \
+gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
gnu/java/security/provider/DSAKeyPairGenerator.java \
gnu/java/security/provider/DSAParameterGenerator.java \
gnu/java/security/provider/DSAParameters.java \
gnu/java/security/provider/DSASignature.java \
gnu/java/security/provider/DefaultPolicy.java \
+gnu/java/security/provider/EncodedKeyFactory.java \
gnu/java/security/provider/Gnu.java \
+gnu/java/security/provider/GnuDHPublicKey.java \
gnu/java/security/provider/GnuDSAPrivateKey.java \
gnu/java/security/provider/GnuDSAPublicKey.java \
+gnu/java/security/provider/GnuRSAPrivateKey.java \
+gnu/java/security/provider/GnuRSAPublicKey.java \
+gnu/java/security/provider/MD2withRSA.java \
+gnu/java/security/provider/MD4withRSA.java \
gnu/java/security/provider/MD5.java \
+gnu/java/security/provider/MD5withRSA.java \
+gnu/java/security/provider/PKIXCertPathValidatorImpl.java \
+gnu/java/security/provider/RSA.java \
+gnu/java/security/provider/RSAKeyFactory.java \
gnu/java/security/provider/SHA.java \
gnu/java/security/provider/SHA1PRNG.java \
+gnu/java/security/provider/SHA1withRSA.java \
gnu/java/security/provider/X509CertificateFactory.java \
gnu/java/security/util/Prime.java \
+gnu/java/security/x509/GnuPKIExtension.java \
+gnu/java/security/x509/PolicyNodeImpl.java \
+gnu/java/security/x509/Util.java \
gnu/java/security/x509/X500DistinguishedName.java \
gnu/java/security/x509/X509CRL.java \
gnu/java/security/x509/X509CRLEntry.java \
+gnu/java/security/x509/X509CRLSelectorImpl.java \
gnu/java/security/x509/X509Certificate.java \
+gnu/java/security/x509/X509CertPath.java \
+gnu/java/security/x509/X509CertSelectorImpl.java \
+gnu/java/security/x509/ext/AuthorityKeyIdentifier.java \
+gnu/java/security/x509/ext/BasicConstraints.java \
+gnu/java/security/x509/ext/CRLNumber.java \
+gnu/java/security/x509/ext/CertificatePolicies.java \
+gnu/java/security/x509/ext/ExtendedKeyUsage.java \
+gnu/java/security/x509/ext/Extension.java \
+gnu/java/security/x509/ext/GeneralNames.java \
+gnu/java/security/x509/ext/IssuerAlternativeNames.java \
+gnu/java/security/x509/ext/KeyUsage.java \
+gnu/java/security/x509/ext/PolicyConstraint.java \
+gnu/java/security/x509/ext/PolicyMappings.java \
+gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java \
+gnu/java/security/x509/ext/ReasonCode.java \
+gnu/java/security/x509/ext/SubjectAlternativeNames.java \
+gnu/java/security/x509/ext/SubjectKeyIdentifier.java \
gnu/java/text/AttributedFormatBuffer.java \
gnu/java/text/BaseBreakIterator.java \
gnu/java/text/CharacterBreakIterator.java \
@@ -9407,6 +9506,9 @@ gnu/java/security/provider/$(am__dirstamp):
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp):
@$(mkdir_p) gnu/java/security/provider/$(DEPDIR)
@: > gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/CollectionCertStoreImpl.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/DSAKeyFactory.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
@@ -9425,24 +9527,57 @@ gnu/java/security/provider/DSASignature.lo: \
gnu/java/security/provider/DefaultPolicy.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/EncodedKeyFactory.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/Gnu.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/GnuDHPublicKey.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/GnuDSAPrivateKey.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/GnuDSAPublicKey.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/GnuRSAPrivateKey.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/GnuRSAPublicKey.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/MD2withRSA.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/MD4withRSA.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/MD5.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/MD5withRSA.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/PKIXCertPathValidatorImpl.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/RSA.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/RSAKeyFactory.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/SHA.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/SHA1PRNG.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/provider/SHA1withRSA.lo: \
+ gnu/java/security/provider/$(am__dirstamp) \
+ gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/X509CertificateFactory.lo: \
gnu/java/security/provider/$(am__dirstamp) \
gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
@@ -9461,6 +9596,15 @@ gnu/java/security/x509/$(am__dirstamp):
gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp):
@$(mkdir_p) gnu/java/security/x509/$(DEPDIR)
@: > gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/GnuPKIExtension.lo: \
+ gnu/java/security/x509/$(am__dirstamp) \
+ gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/PolicyNodeImpl.lo: \
+ gnu/java/security/x509/$(am__dirstamp) \
+ gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/Util.lo: \
+ gnu/java/security/x509/$(am__dirstamp) \
+ gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/x509/X500DistinguishedName.lo: \
gnu/java/security/x509/$(am__dirstamp) \
gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
@@ -9470,9 +9614,69 @@ gnu/java/security/x509/X509CRL.lo: \
gnu/java/security/x509/X509CRLEntry.lo: \
gnu/java/security/x509/$(am__dirstamp) \
gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/X509CRLSelectorImpl.lo: \
+ gnu/java/security/x509/$(am__dirstamp) \
+ gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/x509/X509Certificate.lo: \
gnu/java/security/x509/$(am__dirstamp) \
gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/X509CertPath.lo: \
+ gnu/java/security/x509/$(am__dirstamp) \
+ gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/X509CertSelectorImpl.lo: \
+ gnu/java/security/x509/$(am__dirstamp) \
+ gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/$(am__dirstamp):
+ @$(mkdir_p) gnu/java/security/x509/ext
+ @: > gnu/java/security/x509/ext/$(am__dirstamp)
+gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) gnu/java/security/x509/ext/$(DEPDIR)
+ @: > gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/AuthorityKeyIdentifier.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/BasicConstraints.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/CRLNumber.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/CertificatePolicies.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/ExtendedKeyUsage.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/Extension.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/GeneralNames.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/IssuerAlternativeNames.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/KeyUsage.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/PolicyConstraint.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/PolicyMappings.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/PrivateKeyUsagePeriod.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/ReasonCode.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/SubjectAlternativeNames.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/x509/ext/SubjectKeyIdentifier.lo: \
+ gnu/java/security/x509/ext/$(am__dirstamp) \
+ gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
gnu/java/text/$(am__dirstamp):
@$(mkdir_p) gnu/java/text
@: > gnu/java/text/$(am__dirstamp)
@@ -15059,6 +15263,8 @@ mostlyclean-compile:
-rm -f gnu/java/security/der/DERValue.lo
-rm -f gnu/java/security/der/DERWriter.$(OBJEXT)
-rm -f gnu/java/security/der/DERWriter.lo
+ -rm -f gnu/java/security/provider/CollectionCertStoreImpl.$(OBJEXT)
+ -rm -f gnu/java/security/provider/CollectionCertStoreImpl.lo
-rm -f gnu/java/security/provider/DSAKeyFactory.$(OBJEXT)
-rm -f gnu/java/security/provider/DSAKeyFactory.lo
-rm -f gnu/java/security/provider/DSAKeyPairGenerator.$(OBJEXT)
@@ -15071,30 +15277,94 @@ mostlyclean-compile:
-rm -f gnu/java/security/provider/DSASignature.lo
-rm -f gnu/java/security/provider/DefaultPolicy.$(OBJEXT)
-rm -f gnu/java/security/provider/DefaultPolicy.lo
+ -rm -f gnu/java/security/provider/EncodedKeyFactory.$(OBJEXT)
+ -rm -f gnu/java/security/provider/EncodedKeyFactory.lo
-rm -f gnu/java/security/provider/Gnu.$(OBJEXT)
-rm -f gnu/java/security/provider/Gnu.lo
+ -rm -f gnu/java/security/provider/GnuDHPublicKey.$(OBJEXT)
+ -rm -f gnu/java/security/provider/GnuDHPublicKey.lo
-rm -f gnu/java/security/provider/GnuDSAPrivateKey.$(OBJEXT)
-rm -f gnu/java/security/provider/GnuDSAPrivateKey.lo
-rm -f gnu/java/security/provider/GnuDSAPublicKey.$(OBJEXT)
-rm -f gnu/java/security/provider/GnuDSAPublicKey.lo
+ -rm -f gnu/java/security/provider/GnuRSAPrivateKey.$(OBJEXT)
+ -rm -f gnu/java/security/provider/GnuRSAPrivateKey.lo
+ -rm -f gnu/java/security/provider/GnuRSAPublicKey.$(OBJEXT)
+ -rm -f gnu/java/security/provider/GnuRSAPublicKey.lo
+ -rm -f gnu/java/security/provider/MD2withRSA.$(OBJEXT)
+ -rm -f gnu/java/security/provider/MD2withRSA.lo
+ -rm -f gnu/java/security/provider/MD4withRSA.$(OBJEXT)
+ -rm -f gnu/java/security/provider/MD4withRSA.lo
-rm -f gnu/java/security/provider/MD5.$(OBJEXT)
-rm -f gnu/java/security/provider/MD5.lo
+ -rm -f gnu/java/security/provider/MD5withRSA.$(OBJEXT)
+ -rm -f gnu/java/security/provider/MD5withRSA.lo
+ -rm -f gnu/java/security/provider/PKIXCertPathValidatorImpl.$(OBJEXT)
+ -rm -f gnu/java/security/provider/PKIXCertPathValidatorImpl.lo
+ -rm -f gnu/java/security/provider/RSA.$(OBJEXT)
+ -rm -f gnu/java/security/provider/RSA.lo
+ -rm -f gnu/java/security/provider/RSAKeyFactory.$(OBJEXT)
+ -rm -f gnu/java/security/provider/RSAKeyFactory.lo
-rm -f gnu/java/security/provider/SHA.$(OBJEXT)
-rm -f gnu/java/security/provider/SHA.lo
-rm -f gnu/java/security/provider/SHA1PRNG.$(OBJEXT)
-rm -f gnu/java/security/provider/SHA1PRNG.lo
+ -rm -f gnu/java/security/provider/SHA1withRSA.$(OBJEXT)
+ -rm -f gnu/java/security/provider/SHA1withRSA.lo
-rm -f gnu/java/security/provider/X509CertificateFactory.$(OBJEXT)
-rm -f gnu/java/security/provider/X509CertificateFactory.lo
-rm -f gnu/java/security/util/Prime.$(OBJEXT)
-rm -f gnu/java/security/util/Prime.lo
+ -rm -f gnu/java/security/x509/GnuPKIExtension.$(OBJEXT)
+ -rm -f gnu/java/security/x509/GnuPKIExtension.lo
+ -rm -f gnu/java/security/x509/PolicyNodeImpl.$(OBJEXT)
+ -rm -f gnu/java/security/x509/PolicyNodeImpl.lo
+ -rm -f gnu/java/security/x509/Util.$(OBJEXT)
+ -rm -f gnu/java/security/x509/Util.lo
-rm -f gnu/java/security/x509/X500DistinguishedName.$(OBJEXT)
-rm -f gnu/java/security/x509/X500DistinguishedName.lo
-rm -f gnu/java/security/x509/X509CRL.$(OBJEXT)
-rm -f gnu/java/security/x509/X509CRL.lo
-rm -f gnu/java/security/x509/X509CRLEntry.$(OBJEXT)
-rm -f gnu/java/security/x509/X509CRLEntry.lo
+ -rm -f gnu/java/security/x509/X509CRLSelectorImpl.$(OBJEXT)
+ -rm -f gnu/java/security/x509/X509CRLSelectorImpl.lo
+ -rm -f gnu/java/security/x509/X509CertPath.$(OBJEXT)
+ -rm -f gnu/java/security/x509/X509CertPath.lo
+ -rm -f gnu/java/security/x509/X509CertSelectorImpl.$(OBJEXT)
+ -rm -f gnu/java/security/x509/X509CertSelectorImpl.lo
-rm -f gnu/java/security/x509/X509Certificate.$(OBJEXT)
-rm -f gnu/java/security/x509/X509Certificate.lo
+ -rm -f gnu/java/security/x509/ext/AuthorityKeyIdentifier.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/AuthorityKeyIdentifier.lo
+ -rm -f gnu/java/security/x509/ext/BasicConstraints.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/BasicConstraints.lo
+ -rm -f gnu/java/security/x509/ext/CRLNumber.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/CRLNumber.lo
+ -rm -f gnu/java/security/x509/ext/CertificatePolicies.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/CertificatePolicies.lo
+ -rm -f gnu/java/security/x509/ext/ExtendedKeyUsage.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/ExtendedKeyUsage.lo
+ -rm -f gnu/java/security/x509/ext/Extension.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/Extension.lo
+ -rm -f gnu/java/security/x509/ext/GeneralNames.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/GeneralNames.lo
+ -rm -f gnu/java/security/x509/ext/IssuerAlternativeNames.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/IssuerAlternativeNames.lo
+ -rm -f gnu/java/security/x509/ext/KeyUsage.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/KeyUsage.lo
+ -rm -f gnu/java/security/x509/ext/PolicyConstraint.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/PolicyConstraint.lo
+ -rm -f gnu/java/security/x509/ext/PolicyMappings.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/PolicyMappings.lo
+ -rm -f gnu/java/security/x509/ext/PrivateKeyUsagePeriod.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/PrivateKeyUsagePeriod.lo
+ -rm -f gnu/java/security/x509/ext/ReasonCode.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/ReasonCode.lo
+ -rm -f gnu/java/security/x509/ext/SubjectAlternativeNames.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/SubjectAlternativeNames.lo
+ -rm -f gnu/java/security/x509/ext/SubjectKeyIdentifier.$(OBJEXT)
+ -rm -f gnu/java/security/x509/ext/SubjectKeyIdentifier.lo
-rm -f gnu/java/text/AttributedFormatBuffer.$(OBJEXT)
-rm -f gnu/java/text/AttributedFormatBuffer.lo
-rm -f gnu/java/text/BaseBreakIterator.$(OBJEXT)
@@ -19629,24 +19899,57 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DERReader.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DERValue.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DERWriter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/CollectionCertStoreImpl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSAKeyFactory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSAKeyPairGenerator.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSAParameterGenerator.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSAParameters.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSASignature.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DefaultPolicy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/EncodedKeyFactory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/Gnu.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/GnuDHPublicKey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/GnuDSAPrivateKey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/GnuDSAPublicKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/GnuRSAPrivateKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/GnuRSAPublicKey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/MD2withRSA.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/MD4withRSA.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/MD5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/MD5withRSA.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/PKIXCertPathValidatorImpl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/RSA.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/RSAKeyFactory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/SHA.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/SHA1PRNG.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/SHA1withRSA.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/X509CertificateFactory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/util/$(DEPDIR)/Prime.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/GnuPKIExtension.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/PolicyNodeImpl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/Util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X500DistinguishedName.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X509CRL.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X509CRLEntry.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X509CRLSelectorImpl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X509CertPath.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X509CertSelectorImpl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/$(DEPDIR)/X509Certificate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/AuthorityKeyIdentifier.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/BasicConstraints.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/CRLNumber.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/CertificatePolicies.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/ExtendedKeyUsage.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/Extension.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/GeneralNames.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/IssuerAlternativeNames.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/KeyUsage.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/PolicyConstraint.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/PolicyMappings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/PrivateKeyUsagePeriod.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/ReasonCode.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/SubjectAlternativeNames.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/x509/ext/$(DEPDIR)/SubjectKeyIdentifier.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/text/$(DEPDIR)/AttributedFormatBuffer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/text/$(DEPDIR)/BaseBreakIterator.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/text/$(DEPDIR)/CharacterBreakIterator.Plo@am__quote@
@@ -22547,6 +22850,7 @@ clean-libtool:
-rm -rf gnu/java/security/provider/.libs gnu/java/security/provider/_libs
-rm -rf gnu/java/security/util/.libs gnu/java/security/util/_libs
-rm -rf gnu/java/security/x509/.libs gnu/java/security/x509/_libs
+ -rm -rf gnu/java/security/x509/ext/.libs gnu/java/security/x509/ext/_libs
-rm -rf gnu/java/text/.libs gnu/java/text/_libs
-rm -rf gnu/java/util/.libs gnu/java/util/_libs
-rm -rf gnu/java/util/prefs/.libs gnu/java/util/prefs/_libs
@@ -23079,6 +23383,8 @@ distclean-generic:
-rm -f gnu/java/security/util/$(am__dirstamp)
-rm -f gnu/java/security/x509/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/security/x509/$(am__dirstamp)
+ -rm -f gnu/java/security/x509/ext/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/x509/ext/$(am__dirstamp)
-rm -f gnu/java/text/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/text/$(am__dirstamp)
-rm -f gnu/java/util/$(DEPDIR)/$(am__dirstamp)
@@ -23297,7 +23603,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool clean-local \
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/security/x509/ext/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-libtool distclean-local distclean-tags
@@ -23327,7 +23633,7 @@ installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
- -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/security/x509/ext/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) org/w3c/dom/$(DEPDIR) org/w3c/dom/ranges/$(DEPDIR) org/w3c/dom/traversal/$(DEPDIR) org/xml/sax/$(DEPDIR) org/xml/sax/ext/$(DEPDIR) org/xml/sax/helpers/$(DEPDIR) sysdep/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/libjava/gnu/java/security/provider/CollectionCertStoreImpl.java b/libjava/gnu/java/security/provider/CollectionCertStoreImpl.java
new file mode 100644
index 0000000..1b22cc8
--- /dev/null
+++ b/libjava/gnu/java/security/provider/CollectionCertStoreImpl.java
@@ -0,0 +1,103 @@
+/* CollectionCertStore.java -- Collection-based cert store.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.cert.Certificate;
+import java.security.cert.CertSelector;
+import java.security.cert.CRL;
+import java.security.cert.CRLSelector;
+import java.security.cert.CertStoreException;
+import java.security.cert.CertStoreParameters;
+import java.security.cert.CertStoreSpi;
+import java.security.cert.CollectionCertStoreParameters;
+
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
+
+public final class CollectionCertStoreImpl extends CertStoreSpi
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private final Collection store;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public CollectionCertStoreImpl(CertStoreParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ super(params);
+ if (! (params instanceof CollectionCertStoreParameters))
+ throw new InvalidAlgorithmParameterException("not a CollectionCertStoreParameters object");
+ store = ((CollectionCertStoreParameters) params).getCollection();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public Collection engineGetCertificates(CertSelector selector)
+ throws CertStoreException
+ {
+ LinkedList result = new LinkedList();
+ for (Iterator it = store.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if ((o instanceof Certificate) && selector.match((Certificate) o))
+ result.add(o);
+ }
+ return result;
+ }
+
+ public Collection engineGetCRLs(CRLSelector selector)
+ throws CertStoreException
+ {
+ LinkedList result = new LinkedList();
+ for (Iterator it = store.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if ((o instanceof CRL) && selector.match((CRL) o))
+ result.add(o);
+ }
+ return result;
+ }
+}
diff --git a/libjava/gnu/java/security/provider/EncodedKeyFactory.java b/libjava/gnu/java/security/provider/EncodedKeyFactory.java
new file mode 100644
index 0000000..e308d44
--- /dev/null
+++ b/libjava/gnu/java/security/provider/EncodedKeyFactory.java
@@ -0,0 +1,310 @@
+/* EncodedKeyFactory.java -- encoded key factory.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyFactorySpi;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import java.security.spec.DSAParameterSpec;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.crypto.spec.DHParameterSpec;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+/**
+ * A factory for keys encoded in either the X.509 format (for public
+ * keys) or the PKCS#8 format (for private keys).
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class EncodedKeyFactory extends KeyFactorySpi
+{
+
+ // Constants.
+ // ------------------------------------------------------------------------
+
+ private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
+ private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
+ private static final OID ID_DH = new OID("1.2.840.10046.2.1");
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public PublicKey engineGeneratePublic(KeySpec spec)
+ throws InvalidKeySpecException
+ {
+ if (!(spec instanceof X509EncodedKeySpec))
+ throw new InvalidKeySpecException("only supports X.509 key specs");
+ DERReader der = new DERReader(((X509EncodedKeySpec) spec).getEncoded());
+ try
+ {
+ DERValue spki = der.read();
+ if (!spki.isConstructed())
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ DERValue alg = der.read();
+ if (!alg.isConstructed())
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ DERValue val = der.read();
+ if (!(val.getValue() instanceof OID))
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ OID algId = (OID) val.getValue();
+ byte[] algParams = null;
+ if (alg.getLength() > val.getEncodedLength())
+ {
+ val = der.read();
+ algParams = val.getEncoded();
+ if (val.isConstructed())
+ der.skip(val.getLength());
+ }
+ val = der.read();
+ if (!(val.getValue() instanceof BitString))
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ byte[] publicKey = ((BitString) val.getValue()).toByteArray();
+ if (algId.equals(ID_DSA))
+ {
+ BigInteger p = null, g = null, q = null, Y;
+ if (algParams != null)
+ {
+ DERReader dsaParams = new DERReader(algParams);
+ val = dsaParams.read();
+ if (!val.isConstructed())
+ throw new InvalidKeySpecException("malformed DSA parameters");
+ val = dsaParams.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DSA parameters");
+ p = (BigInteger) val.getValue();
+ val = dsaParams.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DSA parameters");
+ q = (BigInteger) val.getValue();
+ val = dsaParams.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DSA parameters");
+ g = (BigInteger) val.getValue();
+ }
+ DERReader dsaPub = new DERReader(publicKey);
+ val = dsaPub.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DSA parameters");
+ Y = (BigInteger) val.getValue();
+ return new GnuDSAPublicKey(Y, p, q, g);
+ }
+ else if (algId.equals(ID_RSA))
+ {
+ DERReader rsaParams = new DERReader(publicKey);
+ if (!rsaParams.read().isConstructed())
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ return new GnuRSAPublicKey(new RSAPublicKeySpec(
+ (BigInteger) rsaParams.read().getValue(),
+ (BigInteger) rsaParams.read().getValue()));
+ }
+ else if (algId.equals(ID_DH))
+ {
+ if (algParams == null)
+ throw new InvalidKeySpecException("missing DH parameters");
+ DERReader dhParams = new DERReader(algParams);
+ val = dhParams.read();
+ BigInteger p, g, q, Y;
+ if (!val.isConstructed())
+ throw new InvalidKeySpecException("malformed DH parameters");
+ val = dhParams.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DH parameters");
+ p = (BigInteger) val.getValue();
+ val = dhParams.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DH parameters");
+ g = (BigInteger) val.getValue();
+ val = dhParams.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DH parameters");
+ q = (BigInteger) val.getValue();
+ DERReader dhPub = new DERReader(publicKey);
+ val = dhPub.read();
+ if (!(val.getValue() instanceof BigInteger))
+ throw new InvalidKeySpecException("malformed DH parameters");
+ Y = (BigInteger) val.getValue();
+ return (PublicKey) new GnuDHPublicKey(new DHParameterSpec(p, g), Y, q);
+ }
+ else
+ throw new InvalidKeySpecException("unknown algorithm: " + algId);
+ }
+ catch (IOException ioe)
+ {
+ throw new InvalidKeySpecException(ioe.getMessage());
+ }
+ }
+
+ public PrivateKey engineGeneratePrivate(KeySpec spec)
+ throws InvalidKeySpecException
+ {
+ if (!(spec instanceof PKCS8EncodedKeySpec))
+ {
+ throw new InvalidKeySpecException("only supports PKCS8 key specs");
+ }
+ DERReader der = new DERReader(((PKCS8EncodedKeySpec) spec).getEncoded());
+ try
+ {
+ DERValue pki = der.read();
+ if (!pki.isConstructed())
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ DERValue val = der.read();
+ if (!(val.getValue() instanceof BigInteger))
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ DERValue alg = der.read();
+ if (!alg.isConstructed())
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ val = der.read();
+ if (!(val.getValue() instanceof OID))
+ {
+ throw new InvalidKeySpecException("malformed encoded key");
+ }
+ OID algId = (OID) val.getValue();
+ byte[] algParams = null;
+ if (alg.getLength() > val.getEncodedLength())
+ {
+ val = der.read();
+ algParams = val.getEncoded();
+ if (val.isConstructed())
+ der.skip(val.getLength());
+ }
+ byte[] privateKey = (byte[]) der.read().getValue();
+ if (algId.equals(ID_DSA))
+ {
+ if (algParams == null)
+ {
+ throw new InvalidKeySpecException("missing DSA parameters");
+ }
+ AlgorithmParameters params = AlgorithmParameters.getInstance("DSA");
+ params.init(algParams);
+ DSAParameterSpec dsaSpec = (DSAParameterSpec)
+ params.getParameterSpec(DSAParameterSpec.class);
+ DERReader dsaPriv = new DERReader(privateKey);
+ return new GnuDSAPrivateKey((BigInteger) dsaPriv.read().getValue(),
+ dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG());
+ }
+ else if (algId.equals(ID_RSA))
+ {
+ DERReader rsaParams = new DERReader(privateKey);
+ if (!rsaParams.read().isConstructed())
+ throw new InvalidKeySpecException("malformed encoded key");
+ return new GnuRSAPrivateKey(new RSAPrivateCrtKeySpec(
+ (BigInteger) rsaParams.read().getValue(), // n
+ (BigInteger) rsaParams.read().getValue(), // e
+ (BigInteger) rsaParams.read().getValue(), // d
+ (BigInteger) rsaParams.read().getValue(), // p
+ (BigInteger) rsaParams.read().getValue(), // q
+ (BigInteger) rsaParams.read().getValue(), // d mod (p - 1)
+ (BigInteger) rsaParams.read().getValue(), // d mod (q - 1)
+ (BigInteger) rsaParams.read().getValue())); // (inv q) mod p
+ }
+ else
+ throw new InvalidKeySpecException("unknown algorithm: " + algId);
+ }
+ catch (InvalidParameterSpecException iapse)
+ {
+ throw new InvalidKeySpecException(iapse.getMessage());
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ throw new InvalidKeySpecException(nsae.getMessage());
+ }
+ catch (IOException ioe)
+ {
+ throw new InvalidKeySpecException(ioe.getMessage());
+ }
+ }
+
+ public KeySpec engineGetKeySpec(Key key, Class speClass)
+ throws InvalidKeySpecException
+ {
+ if ((key instanceof PrivateKey) && key.getFormat().equals("PKCS#8")
+ && speClass.isAssignableFrom(PKCS8EncodedKeySpec.class))
+ return new PKCS8EncodedKeySpec(key.getEncoded());
+ else if ((key instanceof PublicKey) && key.getFormat().equals("X.509")
+ && speClass.isAssignableFrom(X509EncodedKeySpec.class))
+ return new X509EncodedKeySpec(key.getEncoded());
+ else
+ throw new InvalidKeySpecException();
+ }
+
+ public Key engineTranslateKey(Key key) throws InvalidKeyException
+ {
+ throw new InvalidKeyException("translating keys not supported");
+ }
+}
diff --git a/libjava/gnu/java/security/provider/Gnu.java b/libjava/gnu/java/security/provider/Gnu.java
index 70a7d1d..02f509d 100644
--- a/libjava/gnu/java/security/provider/Gnu.java
+++ b/libjava/gnu/java/security/provider/Gnu.java
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -37,75 +37,131 @@ exception statement from your version. */
package gnu.java.security.provider;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.security.Provider;
public final class Gnu extends Provider
{
public Gnu()
{
- super("GNU", 1.0, "GNU provider v1.0 implementing SHA-1, MD5, DSA, X.509 Certificates");
-
- // Note that all implementation class names are referenced by using
- // Class.getName(). That way when we staticly link the Gnu provider
- // we automatically get all the implementation classes.
-
- // Signature
- put("Signature.SHA1withDSA",
- gnu.java.security.provider.DSASignature.class.getName());
-
- put("Alg.Alias.Signature.DSS", "SHA1withDSA");
- put("Alg.Alias.Signature.DSA", "SHA1withDSA");
- put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
- put("Alg.Alias.Signature.DSAwithSHA", "SHA1withDSA");
- put("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA");
- put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
- put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
- put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
- put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "SHA1withDSA");
- put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
- put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
- put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
-
- // Key Pair Generator
- put("KeyPairGenerator.DSA",
- gnu.java.security.provider.DSAKeyPairGenerator.class.getName());
-
- put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
- put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
- put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
-
- // Key Factory
- put("KeyFactory.DSA",
- gnu.java.security.provider.DSAKeyFactory.class.getName());
-
- put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
- put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
- put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
-
- // Message Digests
- put("MessageDigest.SHA", gnu.java.security.provider.SHA.class.getName());
- put("MessageDigest.MD5", gnu.java.security.provider.MD5.class.getName());
-
- // Format "Alias", "Actual Name"
- put("Alg.Alias.MessageDigest.SHA1", "SHA");
- put("Alg.Alias.MessageDigest.SHA-1", "SHA");
-
- // Algorithm Parameters
- put("AlgorithmParameters.DSA",
- gnu.java.security.provider.DSAParameters.class.getName());
-
- // Algorithm Parameter Generator
- put("AlgorithmParameterGenerator.DSA",
- gnu.java.security.provider.DSAParameterGenerator.class.getName());
-
- // SecureRandom
- put("SecureRandom.SHA1PRNG",
- gnu.java.security.provider.SHA1PRNG.class.getName());
-
- // CertificateFactory
- put("CertificateFactory.X.509",
- gnu.java.security.provider.X509CertificateFactory.class.getName());
-
- put("Alg.Alias.CertificateFactory.X509", "X.509");
+ super("GNU", 1.0, "GNU provider v1.0 implementing SHA-1, MD5, DSA, RSA, X.509 Certificates and CRLs, PKIX certificate path validators, Collection cert stores");
+
+ AccessController.doPrivileged (new PrivilegedAction()
+ {
+ public Object run()
+ {
+ // Note that all implementation class names are referenced by using
+ // Class.getName(). That way when we staticly link the Gnu provider
+ // we automatically get all the implementation classes.
+
+ // Signature
+ put("Signature.SHA1withDSA",
+ gnu.java.security.provider.DSASignature.class.getName());
+
+ put("Alg.Alias.Signature.DSS", "SHA1withDSA");
+ put("Alg.Alias.Signature.DSA", "SHA1withDSA");
+ put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
+ put("Alg.Alias.Signature.DSAwithSHA", "SHA1withDSA");
+ put("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA");
+ put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
+ put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
+ put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
+ put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "SHA1withDSA");
+ put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
+ put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
+ put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
+
+ put("Signature.MD2withRSA", MD2withRSA.class.getName());
+ put("Signature.MD2withRSA ImplementedIn", "Software");
+ put("Alg.Alias.Signature.md2WithRSAEncryption", "MD2withRSA");
+ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
+ put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
+
+ put("Signature.MD4withRSA", MD4withRSA.class.getName());
+ put("Signature.MD4withRSA ImplementedIn", "Software");
+ put("Alg.Alias.Signature.md4WithRSAEncryption", "MD4withRSA");
+ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.3", "MD4withRSA");
+ put("Alg.Alias.Signature.1.2.840.113549.1.1.3", "MD4withRSA");
+
+ put("Signature.MD5withRSA", MD5withRSA.class.getName());
+ put("Signature.MD5withRSA ImplementedIn", "Software");
+ put("Alg.Alias.Signature.md5WithRSAEncryption", "MD5withRSA");
+ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
+ put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
+
+ put("Signature.SHA1withRSA", SHA1withRSA.class.getName());
+ put("Signature.SHA1withRSA ImplementedIn", "Software");
+ put("Alg.Alias.Signature.sha-1WithRSAEncryption", "SHA1withRSA");
+ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
+ put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
+
+ // Key Pair Generator
+ put("KeyPairGenerator.DSA",
+ gnu.java.security.provider.DSAKeyPairGenerator.class.getName());
+
+ put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
+ put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
+ put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
+
+ // Key Factory
+ put("KeyFactory.DSA",
+ gnu.java.security.provider.DSAKeyFactory.class.getName());
+
+ put("KeyFactory.Encoded", EncodedKeyFactory.class.getName());
+ put("KeyFactory.Encoded ImplementedIn", "Software");
+ put("Alg.Alias.KeyFactory.X.509", "Encoded");
+ put("Alg.Alias.KeyFactory.X509", "Encoded");
+ put("Alg.Alias.KeyFactory.PKCS#8", "Encoded");
+ put("Alg.Alias.KeyFactory.PKCS8", "Encoded");
+
+ put("KeyFactory.RSA", RSAKeyFactory.class.getName());
+
+ put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
+ put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
+ put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
+
+ // Message Digests
+ put("MessageDigest.SHA", gnu.java.security.provider.SHA.class.getName());
+ put("MessageDigest.MD5", gnu.java.security.provider.MD5.class.getName());
+
+ // Format "Alias", "Actual Name"
+ put("Alg.Alias.MessageDigest.SHA1", "SHA");
+ put("Alg.Alias.MessageDigest.SHA-1", "SHA");
+
+ // Algorithm Parameters
+ put("AlgorithmParameters.DSA",
+ gnu.java.security.provider.DSAParameters.class.getName());
+
+ put("Alg.Alias.AlgorithmParameters.DSS", "DSA");
+ put("Alg.Alias.AlgorithmParameters.SHAwithDSA", "DSA");
+ put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.3", "DSA");
+ put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.3", "DSA");
+
+ // Algorithm Parameter Generator
+ put("AlgorithmParameterGenerator.DSA",
+ gnu.java.security.provider.DSAParameterGenerator.class.getName());
+
+ // SecureRandom
+ put("SecureRandom.SHA1PRNG",
+ gnu.java.security.provider.SHA1PRNG.class.getName());
+
+ // CertificateFactory
+ put("CertificateFactory.X509", X509CertificateFactory.class.getName());
+
+ put("CertificateFactory.X509 ImplementedIn", "Software");
+ put("Alg.Alias.CertificateFactory.X.509", "X509");
+
+ // CertPathValidator
+ put("CertPathValidator.PKIX", PKIXCertPathValidatorImpl.class.getName());
+ put("CertPathValidator.PKIX ImplementedIn", "Software");
+
+ // CertStore
+ put("CertStore.Collection", CollectionCertStoreImpl.class.getName());
+
+ return null;
+ }
+ });
}
}
diff --git a/libjava/gnu/java/security/provider/GnuDHPublicKey.java b/libjava/gnu/java/security/provider/GnuDHPublicKey.java
new file mode 100644
index 0000000..a650761
--- /dev/null
+++ b/libjava/gnu/java/security/provider/GnuDHPublicKey.java
@@ -0,0 +1,117 @@
+/* GnuDHPublicKey.java -- A Diffie-Hellman public key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.math.BigInteger;
+
+import java.util.ArrayList;
+
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+
+public class GnuDHPublicKey implements DHPublicKey
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private byte[] encoded;
+ private final DHParameterSpec params;
+ private final BigInteger Y;
+ private final BigInteger q;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public GnuDHPublicKey(DHParameterSpec params, BigInteger Y, BigInteger q)
+ {
+ this.params = params;
+ this.Y = Y;
+ this.q = q;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public BigInteger getY()
+ {
+ return Y;
+ }
+
+ public DHParameterSpec getParams()
+ {
+ return params;
+ }
+
+ public String getAlgorithm()
+ {
+ return "DH";
+ }
+
+ public String getFormat()
+ {
+ return "X.509";
+ }
+
+ public byte[] getEncoded()
+ {
+ if (encoded != null)
+ return (byte[]) encoded.clone();
+ ArrayList spki = new ArrayList(2);
+ ArrayList alg = new ArrayList(2);
+ alg.add(new DERValue(DER.OBJECT_IDENTIFIER, new OID("1.2.840.10046.2.1")));
+ ArrayList param = new ArrayList(3);
+ param.add(new DERValue(DER.INTEGER, params.getP()));
+ param.add(new DERValue(DER.INTEGER, params.getG()));
+ param.add(new DERValue(DER.INTEGER, q));
+ alg.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, param));
+ spki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, alg));
+ spki.add(new DERValue(DER.BIT_STRING, new BitString(Y.toByteArray())));
+ encoded = new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, spki).getEncoded();
+ if (encoded != null)
+ return (byte[]) encoded.clone();
+ return null;
+ }
+}
diff --git a/libjava/gnu/java/security/provider/GnuRSAPrivateKey.java b/libjava/gnu/java/security/provider/GnuRSAPrivateKey.java
new file mode 100644
index 0000000..455326d
--- /dev/null
+++ b/libjava/gnu/java/security/provider/GnuRSAPrivateKey.java
@@ -0,0 +1,166 @@
+/* GnuRSAPrivateKey.java -- GNU RSA private key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.math.BigInteger;
+
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.spec.RSAPrivateCrtKeySpec;
+
+import java.util.ArrayList;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERValue;
+
+class GnuRSAPrivateKey implements RSAPrivateCrtKey
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private final RSAPrivateCrtKeySpec spec;
+ private byte[] encodedKey;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public GnuRSAPrivateKey(RSAPrivateCrtKeySpec spec)
+ {
+ this.spec = spec;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public BigInteger getModulus()
+ {
+ return spec.getModulus();
+ }
+
+ public BigInteger getPrivateExponent()
+ {
+ return spec.getPrivateExponent();
+ }
+
+ public BigInteger getCrtCoefficient()
+ {
+ return spec.getCrtCoefficient();
+ }
+
+ public BigInteger getPrimeExponentP()
+ {
+ return spec.getPrimeExponentP();
+ }
+
+ public BigInteger getPrimeExponentQ()
+ {
+ return spec.getPrimeExponentQ();
+ }
+
+ public BigInteger getPrimeP()
+ {
+ return spec.getPrimeP();
+ }
+
+ public BigInteger getPrimeQ()
+ {
+ return spec.getPrimeQ();
+ }
+
+ public BigInteger getPublicExponent()
+ {
+ return spec.getPublicExponent();
+ }
+
+ public String getAlgorithm()
+ {
+ return "RSA";
+ }
+
+ public String getFormat()
+ {
+ return "PKCS#8";
+ }
+
+ /**
+ * The encoded form is:
+ *
+ * <pre>
+ * RSAPrivateKey ::= SEQUENCE {
+ * version Version,
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER -- (inverse of q) mod p }
+ * </pre>
+ *
+ * <p>Which is in turn encoded in a PrivateKeyInfo structure from PKCS#8.
+ */
+ public byte[] getEncoded()
+ {
+ if (encodedKey != null)
+ return (byte[]) encodedKey.clone();
+ ArrayList key = new ArrayList(9);
+ key.add(new DERValue(DER.INTEGER, BigInteger.ZERO));
+ key.add(new DERValue(DER.INTEGER, getModulus()));
+ key.add(new DERValue(DER.INTEGER, getPublicExponent()));
+ key.add(new DERValue(DER.INTEGER, getPrivateExponent()));
+ key.add(new DERValue(DER.INTEGER, getPrimeP()));
+ key.add(new DERValue(DER.INTEGER, getPrimeQ()));
+ key.add(new DERValue(DER.INTEGER, getPrimeExponentP()));
+ key.add(new DERValue(DER.INTEGER, getPrimeExponentQ()));
+ key.add(new DERValue(DER.INTEGER, getCrtCoefficient()));
+ DERValue pk = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, key);
+ ArrayList pki = new ArrayList(3);
+ pki.add(new DERValue(DER.INTEGER, BigInteger.ZERO));
+ ArrayList alg = new ArrayList(2);
+ alg.add(new DERValue(DER.OBJECT_IDENTIFIER,
+ new OID("1.2.840.113549.1.1.1")));
+ alg.add(new DERValue(DER.NULL, null));
+ pki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, alg));
+ pki.add(new DERValue(DER.OCTET_STRING, pk.getEncoded()));
+ encodedKey = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, pki).getEncoded();
+ return (byte[]) encodedKey.clone();
+ }
+}
diff --git a/libjava/gnu/java/security/provider/GnuRSAPublicKey.java b/libjava/gnu/java/security/provider/GnuRSAPublicKey.java
new file mode 100644
index 0000000..502fccc
--- /dev/null
+++ b/libjava/gnu/java/security/provider/GnuRSAPublicKey.java
@@ -0,0 +1,109 @@
+/* GnuRSAPublicKey.java -- GNU RSA public key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.math.BigInteger;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.ArrayList;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERValue;
+
+class GnuRSAPublicKey implements RSAPublicKey
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private final RSAPublicKeySpec spec;
+ private byte[] encodedKey;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public GnuRSAPublicKey(RSAPublicKeySpec spec)
+ {
+ this.spec = spec;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public BigInteger getModulus()
+ {
+ return spec.getModulus();
+ }
+
+ public BigInteger getPublicExponent()
+ {
+ return spec.getPublicExponent();
+ }
+
+ public String getAlgorithm()
+ {
+ return "RSA";
+ }
+
+ public String getFormat()
+ {
+ return "X.509";
+ }
+
+ public byte[] getEncoded()
+ {
+ if (encodedKey != null)
+ return (byte[]) encodedKey.clone();
+ ArrayList key = new ArrayList(2);
+ key.add(new DERValue(DER.INTEGER, getModulus()));
+ key.add(new DERValue(DER.INTEGER, getPublicExponent()));
+ DERValue rsapk = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, key);
+ ArrayList alg = new ArrayList(2);
+ alg.add(new DERValue(DER.OBJECT_IDENTIFIER,
+ new OID("1.2.840.113549.1.1.1")));
+ alg.add(new DERValue(DER.NULL, null));
+ ArrayList spki = new ArrayList(2);
+ spki.add(new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, alg));
+ spki.add(new DERValue(DER.BIT_STRING, new BitString(rsapk.getEncoded())));
+ encodedKey = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, spki).getEncoded();
+ return (byte[]) encodedKey.clone();
+ }
+}
diff --git a/libjava/gnu/java/security/provider/MD2withRSA.java b/libjava/gnu/java/security/provider/MD2withRSA.java
new file mode 100644
index 0000000..c43d07a
--- /dev/null
+++ b/libjava/gnu/java/security/provider/MD2withRSA.java
@@ -0,0 +1,54 @@
+/* MD2withRSA.java -- MD2 with RSA encryption signatures.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class MD2withRSA extends RSA
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public MD2withRSA() throws NoSuchAlgorithmException
+ {
+ super(MessageDigest.getInstance("MD2"), DIGEST_ALGORITHM.getChild(2));
+ }
+}
diff --git a/libjava/gnu/java/security/provider/MD4withRSA.java b/libjava/gnu/java/security/provider/MD4withRSA.java
new file mode 100644
index 0000000..86cd2be
--- /dev/null
+++ b/libjava/gnu/java/security/provider/MD4withRSA.java
@@ -0,0 +1,54 @@
+/* MD4withRSA.java -- MD4 with RSA encryption signatures.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class MD4withRSA extends RSA
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public MD4withRSA() throws NoSuchAlgorithmException
+ {
+ super(MessageDigest.getInstance("MD4"), DIGEST_ALGORITHM.getChild(4));
+ }
+}
diff --git a/libjava/gnu/java/security/provider/MD5withRSA.java b/libjava/gnu/java/security/provider/MD5withRSA.java
new file mode 100644
index 0000000..ec8370d
--- /dev/null
+++ b/libjava/gnu/java/security/provider/MD5withRSA.java
@@ -0,0 +1,54 @@
+/* MD5withRSA.java -- MD5 with RSA encryption signatures.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class MD5withRSA extends RSA
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public MD5withRSA() throws NoSuchAlgorithmException
+ {
+ super(MessageDigest.getInstance("MD5"), DIGEST_ALGORITHM.getChild(5));
+ }
+}
diff --git a/libjava/gnu/java/security/provider/PKIXCertPathValidatorImpl.java b/libjava/gnu/java/security/provider/PKIXCertPathValidatorImpl.java
new file mode 100644
index 0000000..7d1d857
--- /dev/null
+++ b/libjava/gnu/java/security/provider/PKIXCertPathValidatorImpl.java
@@ -0,0 +1,689 @@
+/* PKIXCertPathValidatorImpl.java -- PKIX certificate path validator.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.io.IOException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Principal;
+import java.security.PublicKey;
+
+import java.security.cert.*;
+
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPublicKey;
+import java.security.spec.DSAParameterSpec;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import gnu.java.security.x509.GnuPKIExtension;
+import gnu.java.security.x509.PolicyNodeImpl;
+import gnu.java.security.x509.X509CertSelectorImpl;
+import gnu.java.security.x509.X509CRLSelectorImpl;
+import gnu.java.security.x509.ext.*;
+import gnu.java.security.OID;
+
+/**
+ * An implementation of the Public Key Infrastructure's X.509
+ * certificate path validation algorithm.
+ *
+ * <p>See <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * Internet X.509 Public Key Infrastructure Certificate and
+ * Certificate Revocation List (CRL) Profile</a>.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class PKIXCertPathValidatorImpl extends CertPathValidatorSpi
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ private static final boolean DEBUG = false;
+ private static void debug (String msg)
+ {
+ System.err.print (">> PKIXCertPathValidatorImpl: ");
+ System.err.println (msg);
+ }
+
+ public static final String ANY_POLICY = "2.5.29.32.0";
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public PKIXCertPathValidatorImpl()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public CertPathValidatorResult engineValidate(CertPath path,
+ CertPathParameters params)
+ throws CertPathValidatorException, InvalidAlgorithmParameterException
+ {
+ if (!(params instanceof PKIXParameters))
+ throw new InvalidAlgorithmParameterException("not a PKIXParameters object");
+
+ // First check if the certificate path is valid.
+ //
+ // This means that:
+ //
+ // (a) for all x in {1, ..., n-1}, the subject of certificate x is
+ // the issuer of certificate x+1;
+ //
+ // (b) for all x in {1, ..., n}, the certificate was valid at the
+ // time in question.
+ //
+ // Because this is the X.509 algorithm, we also check if all
+ // cerificates are of type X509Certificate.
+
+ PolicyNodeImpl rootNode = new PolicyNodeImpl();
+ Set initPolicies = ((PKIXParameters) params).getInitialPolicies();
+ rootNode.setValidPolicy(ANY_POLICY);
+ rootNode.setCritical(false);
+ rootNode.setDepth(0);
+ if (initPolicies != null)
+ rootNode.addAllExpectedPolicies(initPolicies);
+ else
+ rootNode.addExpectedPolicy(ANY_POLICY);
+ List checks = ((PKIXParameters) params).getCertPathCheckers();
+ List l = path.getCertificates();
+ if (l == null || l.size() == 0)
+ throw new CertPathValidatorException();
+ X509Certificate[] p = null;
+ try
+ {
+ p = (X509Certificate[]) l.toArray(new X509Certificate[l.size()]);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new CertPathValidatorException("invalid certificate path");
+ }
+
+ String sigProvider = ((PKIXParameters) params).getSigProvider();
+ PublicKey prevKey = null;
+ Date now = ((PKIXParameters) params).getDate();
+ if (now == null)
+ now = new Date();
+ LinkedList policyConstraints = new LinkedList();
+ for (int i = p.length - 1; i >= 0; i--)
+ {
+ try
+ {
+ p[i].checkValidity(now);
+ }
+ catch (CertificateException ce)
+ {
+ throw new CertPathValidatorException(ce.toString());
+ }
+ Set uce = getCritExts(p[i]);
+ for (Iterator check = checks.iterator(); check.hasNext(); )
+ {
+ try
+ {
+ ((PKIXCertPathChecker) check.next()).check(p[i], uce);
+ }
+ catch (Exception x)
+ {
+ }
+ }
+
+ PolicyConstraint constr = null;
+ if (p[i] instanceof GnuPKIExtension)
+ {
+ Extension pcx =
+ ((GnuPKIExtension) p[i]).getExtension (PolicyConstraint.ID);
+ if (pcx != null)
+ constr = (PolicyConstraint) pcx.getValue();
+ }
+ else
+ {
+ byte[] pcx = p[i].getExtensionValue (PolicyConstraint.ID.toString());
+ if (pcx != null)
+ {
+ try
+ {
+ constr = new PolicyConstraint (pcx);
+ }
+ catch (Exception x)
+ {
+ }
+ }
+ }
+ if (constr != null && constr.getRequireExplicitPolicy() >= 0)
+ {
+ policyConstraints.add (new int[]
+ { p.length-i, constr.getRequireExplicitPolicy() });
+ }
+
+ updatePolicyTree(p[i], rootNode, p.length-i, (PKIXParameters) params,
+ checkExplicitPolicy (p.length-i, policyConstraints));
+
+ // The rest of the tests involve this cert's relationship with the
+ // next in the path. If this cert is the end entity, we can stop.
+ if (i == 0)
+ break;
+
+ basicSanity(p, i);
+ PublicKey pubKey = null;
+ try
+ {
+ pubKey = p[i].getPublicKey();
+ if (pubKey instanceof DSAPublicKey)
+ {
+ DSAParams dsa = ((DSAPublicKey) pubKey).getParams();
+ // If the DSA public key is missing its parameters, use those
+ // from the previous cert's key.
+ if (dsa == null || dsa.getP() == null || dsa.getG() == null
+ || dsa.getQ() == null)
+ {
+ if (prevKey == null)
+ throw new InvalidKeyException("DSA keys not chainable");
+ if (!(prevKey instanceof DSAPublicKey))
+ throw new InvalidKeyException("DSA keys not chainable");
+ dsa = ((DSAPublicKey) prevKey).getParams();
+ pubKey = new GnuDSAPublicKey(((DSAPublicKey) pubKey).getY(),
+ dsa.getP(), dsa.getQ(), dsa.getG());
+ }
+ }
+ if (sigProvider == null)
+ p[i-1].verify(pubKey);
+ else
+ p[i-1].verify(pubKey, sigProvider);
+ prevKey = pubKey;
+ }
+ catch (Exception e)
+ {
+ throw new CertPathValidatorException(e.toString());
+ }
+ if (!p[i].getSubjectDN().equals(p[i-1].getIssuerDN()))
+ throw new CertPathValidatorException("issuer DN mismatch");
+ boolean[] issuerUid = p[i-1].getIssuerUniqueID();
+ boolean[] subjectUid = p[i].getSubjectUniqueID();
+ if (issuerUid != null && subjectUid != null)
+ if (!Arrays.equals(issuerUid, subjectUid))
+ throw new CertPathValidatorException("UID mismatch");
+
+ // Check the certificate against the revocation lists.
+ if (((PKIXParameters) params).isRevocationEnabled())
+ {
+ X509CRLSelectorImpl selector = new X509CRLSelectorImpl();
+ try
+ {
+ selector.addIssuerName(p[i].getSubjectDN());
+ }
+ catch (IOException ioe)
+ {
+ throw new CertPathValidatorException("error selecting CRLs");
+ }
+ List certStores = ((PKIXParameters) params).getCertStores();
+ List crls = new LinkedList();
+ for (Iterator it = certStores.iterator(); it.hasNext(); )
+ {
+ CertStore cs = (CertStore) it.next();
+ try
+ {
+ Collection c = cs.getCRLs(selector);
+ crls.addAll(c);
+ }
+ catch (CertStoreException cse)
+ {
+ }
+ }
+ if (crls.isEmpty())
+ throw new CertPathValidatorException("no CRLs for issuer");
+ boolean certOk = false;
+ for (Iterator it = crls.iterator(); it.hasNext(); )
+ {
+ CRL crl = (CRL) it.next();
+ if (!(crl instanceof X509CRL))
+ continue;
+ X509CRL xcrl = (X509CRL) crl;
+ if (!checkCRL(xcrl, p, now, p[i], pubKey, certStores))
+ continue;
+ if (xcrl.isRevoked(p[i-1]))
+ throw new CertPathValidatorException("certificate is revoked");
+ else
+ certOk = true;
+ }
+ if (!certOk)
+ throw new CertPathValidatorException("certificate's validity could not be determined");
+ }
+ }
+ rootNode.setReadOnly();
+
+ // Now ensure that the first certificate in the chain was issued
+ // by a trust anchor.
+ Exception cause = null;
+ Set anchors = ((PKIXParameters) params).getTrustAnchors();
+ for (Iterator i = anchors.iterator(); i.hasNext(); )
+ {
+ TrustAnchor anchor = (TrustAnchor) i.next();
+ X509Certificate anchorCert = null;
+ PublicKey anchorKey = null;
+ if (anchor.getTrustedCert() != null)
+ {
+ anchorCert = anchor.getTrustedCert();
+ anchorKey = anchorCert.getPublicKey();
+ }
+ else
+ anchorKey = anchor.getCAPublicKey();
+ if (anchorKey == null)
+ continue;
+ try
+ {
+ if (anchorCert == null)
+ anchorCert.checkValidity(now);
+ p[p.length-1].verify(anchorKey);
+ if (anchorCert != null && anchorCert.getBasicConstraints() >= 0
+ && anchorCert.getBasicConstraints() < p.length)
+ continue;
+
+ if (((PKIXParameters) params).isRevocationEnabled())
+ {
+ X509CRLSelectorImpl selector = new X509CRLSelectorImpl();
+ if (anchorCert != null)
+ try
+ {
+ selector.addIssuerName(anchorCert.getSubjectDN());
+ }
+ catch (IOException ioe)
+ {
+ }
+ else
+ selector.addIssuerName(anchor.getCAName());
+ List certStores = ((PKIXParameters) params).getCertStores();
+ List crls = new LinkedList();
+ for (Iterator it = certStores.iterator(); it.hasNext(); )
+ {
+ CertStore cs = (CertStore) it.next();
+ try
+ {
+ Collection c = cs.getCRLs(selector);
+ crls.addAll(c);
+ }
+ catch (CertStoreException cse)
+ {
+ }
+ }
+ if (crls.isEmpty())
+ continue;
+ for (Iterator it = crls.iterator(); it.hasNext(); )
+ {
+ CRL crl = (CRL) it.next();
+ if (!(crl instanceof X509CRL))
+ continue;
+ X509CRL xcrl = (X509CRL) crl;
+ try
+ {
+ xcrl.verify(anchorKey);
+ }
+ catch (Exception x)
+ {
+ continue;
+ }
+ Date nextUpdate = xcrl.getNextUpdate();
+ if (nextUpdate != null && nextUpdate.compareTo(now) < 0)
+ continue;
+ if (xcrl.isRevoked(p[p.length-1]))
+ throw new CertPathValidatorException("certificate is revoked");
+ }
+ }
+
+ // The chain is valid; return the result.
+ return new PKIXCertPathValidatorResult(anchor, rootNode,
+ p[0].getPublicKey());
+ }
+ catch (Exception ignored)
+ {
+ cause = ignored;
+ continue;
+ }
+ }
+
+ // The path is not valid.
+ CertPathValidatorException cpve =
+ new CertPathValidatorException("path validation failed");
+ if (cause != null)
+ cpve.initCause (cause);
+ throw cpve;
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Check if a given CRL is acceptable for checking the revocation status
+ * of certificates in the path being checked.
+ *
+ * <p>The CRL is accepted iff:</p>
+ *
+ * <ol>
+ * <li>The <i>nextUpdate</i> field (if present) is in the future.</li>
+ * <li>The CRL does not contain any unsupported critical extensions.</li>
+ * <li>The CRL is signed by one of the certificates in the path, or,</li>
+ * <li>The CRL is signed by the given public key and was issued by the
+ * public key's subject, or,</li>
+ * <li>The CRL is signed by a certificate in the given cert stores, and
+ * that cert is signed by one of the certificates in the path.</li>
+ * </ol>
+ *
+ * @param crl The CRL being checked.
+ * @param path The path this CRL is being checked against.
+ * @param now The value to use as 'now'.
+ * @param pubKeySubject The subject of the public key.
+ * @param pubKey The public key to check.
+ * @return True if the CRL is acceptable.
+ */
+ private static boolean checkCRL(X509CRL crl, X509Certificate[] path, Date now,
+ X509Certificate pubKeyCert, PublicKey pubKey,
+ List certStores)
+ {
+ Date nextUpdate = crl.getNextUpdate();
+ if (nextUpdate != null && nextUpdate.compareTo(now) < 0)
+ return false;
+ if (crl.hasUnsupportedCriticalExtension())
+ return false;
+ for (int i = 0; i < path.length; i++)
+ {
+ if (!path[i].getSubjectDN().equals(crl.getIssuerDN()))
+ continue;
+ boolean[] keyUsage = path[i].getKeyUsage();
+ if (keyUsage != null)
+ {
+ if (!keyUsage[KeyUsage.CRL_SIGN])
+ continue;
+ }
+ try
+ {
+ crl.verify(path[i].getPublicKey());
+ return true;
+ }
+ catch (Exception x)
+ {
+ }
+ }
+ if (crl.getIssuerDN().equals(pubKeyCert.getSubjectDN()))
+ {
+ try
+ {
+ boolean[] keyUsage = pubKeyCert.getKeyUsage();
+ if (keyUsage != null)
+ {
+ if (!keyUsage[KeyUsage.CRL_SIGN])
+ throw new Exception();
+ }
+ crl.verify(pubKey);
+ return true;
+ }
+ catch (Exception x)
+ {
+ }
+ }
+ try
+ {
+ X509CertSelectorImpl select = new X509CertSelectorImpl();
+ select.addSubjectName(crl.getIssuerDN());
+ List certs = new LinkedList();
+ for (Iterator it = certStores.iterator(); it.hasNext(); )
+ {
+ CertStore cs = (CertStore) it.next();
+ try
+ {
+ certs.addAll(cs.getCertificates(select));
+ }
+ catch (CertStoreException cse)
+ {
+ }
+ }
+ for (Iterator it = certs.iterator(); it.hasNext(); )
+ {
+ X509Certificate c = (X509Certificate) it.next();
+ for (int i = 0; i < path.length; i++)
+ {
+ if (!c.getIssuerDN().equals(path[i].getSubjectDN()))
+ continue;
+ boolean[] keyUsage = c.getKeyUsage();
+ if (keyUsage != null)
+ {
+ if (!keyUsage[KeyUsage.CRL_SIGN])
+ continue;
+ }
+ try
+ {
+ c.verify(path[i].getPublicKey());
+ crl.verify(c.getPublicKey());
+ return true;
+ }
+ catch (Exception x)
+ {
+ }
+ }
+ if (c.getIssuerDN().equals(pubKeyCert.getSubjectDN()))
+ {
+ c.verify(pubKey);
+ crl.verify(c.getPublicKey());
+ }
+ }
+ }
+ catch (Exception x)
+ {
+ }
+ return false;
+ }
+
+ private static Set getCritExts(X509Certificate cert)
+ {
+ HashSet s = new HashSet();
+ if (cert instanceof GnuPKIExtension)
+ {
+ Collection exts = ((GnuPKIExtension) cert).getExtensions();
+ for (Iterator it = exts.iterator(); it.hasNext(); )
+ {
+ Extension ext = (Extension) it.next();
+ if (ext.isCritical() && !ext.isSupported())
+ s.add(ext.getOid().toString());
+ }
+ }
+ else
+ s.addAll(cert.getCriticalExtensionOIDs());
+ return s;
+ }
+
+ /**
+ * Perform a basic sanity check on the CA certificate at <code>index</code>.
+ */
+ private static void basicSanity(X509Certificate[] path, int index)
+ throws CertPathValidatorException
+ {
+ X509Certificate cert = path[index];
+ int pathLen = 0;
+ for (int i = index - 1; i > 0; i--)
+ {
+ if (!path[i].getIssuerDN().equals(path[i].getSubjectDN()))
+ pathLen++;
+ }
+ Extension e = null;
+ if (cert instanceof GnuPKIExtension)
+ {
+ e = ((GnuPKIExtension) cert).getExtension(BasicConstraints.ID);
+ }
+ else
+ {
+ try
+ {
+ e = new Extension(cert.getExtensionValue(BasicConstraints.ID.toString()));
+ }
+ catch (Exception x)
+ {
+ }
+ }
+ if (e == null)
+ throw new CertPathValidatorException("no basicConstraints");
+ BasicConstraints bc = (BasicConstraints) e.getValue();
+ if (!bc.isCA())
+ throw new CertPathValidatorException("certificate cannot be used to verify signatures");
+ if (bc.getPathLengthConstraint() >= 0 && bc.getPathLengthConstraint() < pathLen)
+ throw new CertPathValidatorException("path is too long");
+
+ boolean[] keyUsage = cert.getKeyUsage();
+ if (keyUsage != null)
+ {
+ if (!keyUsage[KeyUsage.KEY_CERT_SIGN])
+ throw new CertPathValidatorException("certificate cannot be used to sign certificates");
+ }
+ }
+
+ private static void updatePolicyTree(X509Certificate cert, PolicyNodeImpl root,
+ int depth, PKIXParameters params,
+ boolean explicitPolicy)
+ throws CertPathValidatorException
+ {
+ if (DEBUG) debug("updatePolicyTree depth == " + depth);
+ Set nodes = new HashSet();
+ LinkedList stack = new LinkedList();
+ Iterator current = null;
+ stack.addLast(Collections.singleton(root).iterator());
+ do
+ {
+ current = (Iterator) stack.removeLast();
+ while (current.hasNext())
+ {
+ PolicyNodeImpl p = (PolicyNodeImpl) current.next();
+ if (DEBUG) debug("visiting node == " + p);
+ if (p.getDepth() == depth - 1)
+ {
+ if (DEBUG) debug("added node");
+ nodes.add(p);
+ }
+ else
+ {
+ if (DEBUG) debug("skipped node");
+ stack.addLast(current);
+ current = p.getChildren();
+ }
+ }
+ }
+ while (!stack.isEmpty());
+
+ Extension e = null;
+ CertificatePolicies policies = null;
+ List qualifierInfos = null;
+ if (cert instanceof GnuPKIExtension)
+ {
+ e = ((GnuPKIExtension) cert).getExtension(CertificatePolicies.ID);
+ if (e != null)
+ policies = (CertificatePolicies) e.getValue();
+ }
+
+ List cp = null;
+ if (policies != null)
+ cp = policies.getPolicies();
+ else
+ cp = Collections.EMPTY_LIST;
+ boolean match = false;
+ if (DEBUG) debug("nodes are == " + nodes);
+ if (DEBUG) debug("cert policies are == " + cp);
+ for (Iterator it = nodes.iterator(); it.hasNext(); )
+ {
+ PolicyNodeImpl parent = (PolicyNodeImpl) it.next();
+ if (DEBUG) debug("adding policies to " + parent);
+ for (Iterator it2 = cp.iterator(); it2.hasNext(); )
+ {
+ OID policy = (OID) it2.next();
+ if (DEBUG) debug("trying to add policy == " + policy);
+ if (policy.toString().equals(ANY_POLICY) &&
+ params.isAnyPolicyInhibited())
+ continue;
+ PolicyNodeImpl child = new PolicyNodeImpl();
+ child.setValidPolicy(policy.toString());
+ child.addExpectedPolicy(policy.toString());
+ if (parent.getExpectedPolicies().contains(policy.toString()))
+ {
+ parent.addChild(child);
+ match = true;
+ }
+ else if (parent.getExpectedPolicies().contains(ANY_POLICY))
+ {
+ parent.addChild(child);
+ match = true;
+ }
+ else if (ANY_POLICY.equals (policy.toString()))
+ {
+ parent.addChild (child);
+ match = true;
+ }
+ if (match && policies != null)
+ {
+ List qualifiers = policies.getPolicyQualifierInfos (policy);
+ if (qualifiers != null)
+ child.addAllPolicyQualifiers (qualifiers);
+ }
+ }
+ }
+ if (!match && (params.isExplicitPolicyRequired() || explicitPolicy))
+ throw new CertPathValidatorException("policy tree building failed");
+ }
+
+ private boolean checkExplicitPolicy (int depth, List explicitPolicies)
+ {
+ if (DEBUG) debug ("checkExplicitPolicy depth=" + depth);
+ for (Iterator it = explicitPolicies.iterator(); it.hasNext(); )
+ {
+ int[] i = (int[]) it.next();
+ int caDepth = i[0];
+ int limit = i[1];
+ if (DEBUG) debug (" caDepth=" + caDepth + " limit=" + limit);
+ if (depth - caDepth >= limit)
+ return true;
+ }
+ return false;
+ }
+}
diff --git a/libjava/gnu/java/security/provider/RSA.java b/libjava/gnu/java/security/provider/RSA.java
new file mode 100644
index 0000000..5afa8b7
--- /dev/null
+++ b/libjava/gnu/java/security/provider/RSA.java
@@ -0,0 +1,314 @@
+/* RSA.java -- RSA PKCS#1 signatures.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.InvalidKeyException;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import java.util.ArrayList;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+
+public abstract class RSA extends SignatureSpi implements Cloneable
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ /**
+ * digestAlgorithm OBJECT IDENTIFIER ::=
+ * { iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) }
+ */
+ protected static final OID DIGEST_ALGORITHM = new OID("1.2.840.113549.2");
+
+ protected final OID digestAlgorithm;
+ protected final MessageDigest md;
+ protected RSAPrivateKey signerKey;
+ protected RSAPublicKey verifierKey;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ protected RSA(MessageDigest md, OID digestAlgorithm)
+ {
+ super();
+ this.md = md;
+ this.digestAlgorithm = digestAlgorithm;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
+
+ protected Object engineGetParameter(String param)
+ {
+ throw new UnsupportedOperationException("deprecated");
+ }
+
+ protected void engineSetParameter(String param, Object value)
+ {
+ throw new UnsupportedOperationException("deprecated");
+ }
+
+ protected void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException
+ {
+ if (!(privateKey instanceof RSAPrivateKey))
+ throw new InvalidKeyException();
+ verifierKey = null;
+ signerKey = (RSAPrivateKey) privateKey;
+ }
+
+ protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
+ throws InvalidKeyException
+ {
+ // This class does not need random bytes.
+ engineInitSign(privateKey);
+ }
+
+ protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException
+ {
+ if (!(publicKey instanceof RSAPublicKey))
+ throw new InvalidKeyException();
+ signerKey = null;
+ verifierKey = (RSAPublicKey) publicKey;
+ }
+
+ protected void engineUpdate(byte b) throws SignatureException
+ {
+ if (signerKey == null && verifierKey == null)
+ throw new SignatureException("not initialized");
+ md.update(b);
+ }
+
+ protected void engineUpdate(byte[] buf, int off, int len)
+ throws SignatureException
+ {
+ if (signerKey == null && verifierKey == null)
+ throw new SignatureException("not initialized");
+ md.update(buf, off, len);
+ }
+
+ protected byte[] engineSign() throws SignatureException
+ {
+ if (signerKey == null)
+ throw new SignatureException("not initialized for signing");
+ //
+ // The signature will be the RSA encrypted BER representation of
+ // the following:
+ //
+ // DigestInfo ::= SEQUENCE {
+ // digestAlgorithm DigestAlgorithmIdentifier,
+ // digest Digest }
+ //
+ // DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ //
+ // Digest ::= OCTET STRING
+ //
+ ArrayList digestAlg = new ArrayList(2);
+ digestAlg.add(new DERValue(DER.OBJECT_IDENTIFIER, digestAlgorithm));
+ digestAlg.add(new DERValue(DER.NULL, null));
+ ArrayList digestInfo = new ArrayList(2);
+ digestInfo.add(new DERValue(DER.SEQUENCE, digestAlg));
+ digestInfo.add(new DERValue(DER.OCTET_STRING, md.digest()));
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ try
+ {
+ DERWriter.write(out, new DERValue(DER.SEQUENCE, digestInfo));
+ }
+ catch (IOException ioe)
+ {
+ throw new SignatureException(ioe.toString());
+ }
+ byte[] buf = out.toByteArray();
+ md.reset();
+
+ // k = octect length of the modulus.
+ int k = signerKey.getModulus().bitLength();
+ k = (k >>> 3) + ((k & 7) == 0 ? 0 : 1);
+ if (buf.length < k - 3)
+ {
+ throw new SignatureException("RSA modulus too small");
+ }
+ byte[] d = new byte[k];
+
+ // Padding type 1:
+ // 00 | 01 | FF | ... | FF | 00 | D
+ d[1] = 0x01;
+ for (int i = 2; i < k - buf.length - 1; i++)
+ d[i] = (byte) 0xFF;
+ System.arraycopy(buf, 0, d, k - buf.length, buf.length);
+
+ BigInteger eb = new BigInteger(d);
+
+ byte[] ed = eb.modPow(signerKey.getPrivateExponent(),
+ signerKey.getModulus()).toByteArray();
+
+ // Ensure output is k octets long.
+ if (ed.length < k)
+ {
+ byte[] b = new byte[k];
+ System.arraycopy(eb, 0, b, k - ed.length, ed.length);
+ ed = b;
+ }
+ else if (ed.length > k)
+ {
+ if (ed.length != k + 1)
+ {
+ throw new SignatureException("modPow result is larger than the modulus");
+ }
+ // Maybe an extra 00 octect.
+ byte[] b = new byte[k];
+ System.arraycopy(ed, 1, b, 0, k);
+ ed = b;
+ }
+
+ return ed;
+ }
+
+ protected int engineSign(byte[] out, int off, int len)
+ throws SignatureException
+ {
+ if (out == null || off < 0 || len < 0 || off+len > out.length)
+ throw new SignatureException("illegal output argument");
+ byte[] result = engineSign();
+ if (result.length > len)
+ throw new SignatureException("not enough space for signature");
+ System.arraycopy(result, 0, out, off, result.length);
+ return result.length;
+ }
+
+ protected boolean engineVerify(byte[] sig) throws SignatureException
+ {
+ if (verifierKey == null)
+ throw new SignatureException("not initialized for verifying");
+ if (sig == null)
+ throw new SignatureException("no signature specified");
+ int k = verifierKey.getModulus().bitLength();
+ k = (k >>> 3) + ((k & 7) == 0 ? 0 : 1);
+ if (sig.length != k)
+ throw new SignatureException("signature is the wrong size (expecting "
+ + k + " bytes, got " + sig.length + ")");
+ BigInteger ed = new BigInteger(1, sig);
+ byte[] eb = ed.modPow(verifierKey.getPublicExponent(),
+ verifierKey.getModulus()).toByteArray();
+
+ int i = 0;
+ if (eb[0] == 0x00)
+ {
+ for (i = 1; i < eb.length && eb[i] == 0x00; i++);
+ if (i == 1)
+ throw new SignatureException("wrong RSA padding");
+ i--;
+ }
+ else if (eb[0] == 0x01)
+ {
+ for (i = 1; i < eb.length && eb[i] != 0x00; i++)
+ if (eb[i] != (byte) 0xFF)
+ throw new IllegalArgumentException("wrong RSA padding");
+ }
+ else
+ throw new SignatureException("wrong RSA padding type");
+
+ byte[] d = new byte[eb.length-i-1];
+ System.arraycopy(eb, i+1, d, 0, eb.length-i-1);
+
+ DERReader der = new DERReader(d);
+ try
+ {
+ DERValue val = der.read();
+ if (val.getTag() != DER.SEQUENCE)
+ throw new SignatureException("failed to parse DigestInfo");
+ val = der.read();
+ if (val.getTag() != DER.SEQUENCE)
+ throw new SignatureException("failed to parse DigestAlgorithmIdentifier");
+ boolean sequenceIsBer = val.getLength() == 0;
+ val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new SignatureException("failed to parse object identifier");
+ if (!val.getValue().equals(digestAlgorithm))
+ throw new SignatureException("digest algorithms do not match");
+ val = der.read();
+ // We should never see parameters here, since they are never used.
+ if (val.getTag() != DER.NULL)
+ throw new SignatureException("cannot handle digest parameters");
+ if (sequenceIsBer)
+ der.skip(1); // end-of-sequence byte.
+ val = der.read();
+ if (val.getTag() != DER.OCTET_STRING)
+ throw new SignatureException("failed to parse Digest");
+ return MessageDigest.isEqual(md.digest(), (byte[]) val.getValue());
+ }
+ catch (IOException ioe)
+ {
+ throw new SignatureException(ioe.toString());
+ }
+ }
+
+ protected boolean engineVerify(byte[] sig, int off, int len)
+ throws SignatureException
+ {
+ if (sig == null || off < 0 || len < 0 || off+len > sig.length)
+ throw new SignatureException("illegal parameter");
+ byte[] buf = new byte[len];
+ System.arraycopy(sig, off, buf, 0, len);
+ return engineVerify(buf);
+ }
+}
diff --git a/libjava/gnu/java/security/provider/RSAKeyFactory.java b/libjava/gnu/java/security/provider/RSAKeyFactory.java
new file mode 100644
index 0000000..33c8c22
--- /dev/null
+++ b/libjava/gnu/java/security/provider/RSAKeyFactory.java
@@ -0,0 +1,181 @@
+/* RSAKeyFactory.java -- RSA key factory.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactorySpi;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+public class RSAKeyFactory extends KeyFactorySpi
+{
+
+ // Default constructor.
+ // -------------------------------------------------------------------------
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ protected PrivateKey engineGeneratePrivate(KeySpec spec)
+ throws InvalidKeySpecException
+ {
+ if (spec instanceof RSAPrivateCrtKeySpec)
+ {
+ return new GnuRSAPrivateKey((RSAPrivateCrtKeySpec) spec);
+ }
+ if (spec instanceof RSAPrivateKeySpec)
+ {
+ return new GnuRSAPrivateKey(new RSAPrivateCrtKeySpec(
+ ((RSAPrivateKeySpec) spec).getModulus(), null,
+ ((RSAPrivateKeySpec) spec).getPrivateExponent(), null,
+ null, null, null, null));
+ }
+ if (spec instanceof PKCS8EncodedKeySpec)
+ {
+ EncodedKeyFactory ekf = new EncodedKeyFactory();
+ PrivateKey pk = ekf.engineGeneratePrivate(spec);
+ if (pk instanceof RSAPrivateKey)
+ return pk;
+ }
+ throw new InvalidKeySpecException();
+ }
+
+ protected PublicKey engineGeneratePublic(KeySpec spec)
+ throws InvalidKeySpecException
+ {
+ if (spec instanceof RSAPublicKeySpec)
+ {
+ return new GnuRSAPublicKey((RSAPublicKeySpec) spec);
+ }
+ if (spec instanceof X509EncodedKeySpec)
+ {
+ EncodedKeyFactory ekf = new EncodedKeyFactory();
+ PublicKey pk = ekf.engineGeneratePublic(spec);
+ if (pk instanceof RSAPublicKey)
+ return pk;
+ }
+ throw new InvalidKeySpecException();
+ }
+
+ protected KeySpec engineGetKeySpec(Key key, Class keySpec)
+ throws InvalidKeySpecException
+ {
+ if (keySpec.isAssignableFrom(RSAPrivateCrtKeySpec.class)
+ && (key instanceof RSAPrivateCrtKey))
+ {
+ return new RSAPrivateCrtKeySpec(
+ ((RSAPrivateCrtKey) key).getModulus(),
+ ((RSAPrivateCrtKey) key).getPublicExponent(),
+ ((RSAPrivateCrtKey) key).getPrivateExponent(),
+ ((RSAPrivateCrtKey) key).getPrimeP(),
+ ((RSAPrivateCrtKey) key).getPrimeQ(),
+ ((RSAPrivateCrtKey) key).getPrimeExponentP(),
+ ((RSAPrivateCrtKey) key).getPrimeExponentQ(),
+ ((RSAPrivateCrtKey) key).getCrtCoefficient());
+ }
+ if (keySpec.isAssignableFrom(RSAPrivateKeySpec.class)
+ && (key instanceof RSAPrivateKey))
+ {
+ return new RSAPrivateKeySpec(
+ ((RSAPrivateCrtKey) key).getModulus(),
+ ((RSAPrivateCrtKey) key).getPrivateExponent());
+ }
+ if (keySpec.isAssignableFrom(RSAPublicKeySpec.class)
+ && (key instanceof RSAPublicKey))
+ {
+ return new RSAPublicKeySpec(
+ ((RSAPrivateCrtKey) key).getModulus(),
+ ((RSAPrivateCrtKey) key).getPublicExponent());
+ }
+ if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)
+ && key.getFormat().equalsIgnoreCase("PKCS#8"))
+ {
+ return new PKCS8EncodedKeySpec(key.getEncoded());
+ }
+ if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)
+ && key.getFormat().equalsIgnoreCase("X.509"))
+ {
+ return new X509EncodedKeySpec(key.getEncoded());
+ }
+ throw new InvalidKeySpecException();
+ }
+
+ protected Key engineTranslateKey(Key key) throws InvalidKeyException
+ {
+ if (key instanceof RSAPrivateCrtKey)
+ {
+ return new GnuRSAPrivateKey(new RSAPrivateCrtKeySpec(
+ ((RSAPrivateCrtKey) key).getModulus(),
+ ((RSAPrivateCrtKey) key).getPublicExponent(),
+ ((RSAPrivateCrtKey) key).getPrivateExponent(),
+ ((RSAPrivateCrtKey) key).getPrimeP(),
+ ((RSAPrivateCrtKey) key).getPrimeQ(),
+ ((RSAPrivateCrtKey) key).getPrimeExponentP(),
+ ((RSAPrivateCrtKey) key).getPrimeExponentQ(),
+ ((RSAPrivateCrtKey) key).getCrtCoefficient()));
+ }
+ if (key instanceof RSAPrivateKey)
+ {
+ return new GnuRSAPrivateKey(new RSAPrivateCrtKeySpec(
+ ((RSAPrivateKey) key).getModulus(), null,
+ ((RSAPrivateKey) key).getPrivateExponent(), null,
+ null, null, null, null));
+ }
+ if (key instanceof RSAPublicKey)
+ {
+ return new GnuRSAPublicKey(new RSAPublicKeySpec(
+ ((RSAPrivateCrtKey) key).getModulus(),
+ ((RSAPrivateCrtKey) key).getPublicExponent()));
+ }
+ throw new InvalidKeyException();
+ }
+}
diff --git a/libjava/gnu/java/security/provider/SHA1withRSA.java b/libjava/gnu/java/security/provider/SHA1withRSA.java
new file mode 100644
index 0000000..64e93f9
--- /dev/null
+++ b/libjava/gnu/java/security/provider/SHA1withRSA.java
@@ -0,0 +1,61 @@
+/* SHA1withRSA.java -- SHA-1 with RSA encryption signatures.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.provider;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import gnu.java.security.OID;
+
+public class SHA1withRSA extends RSA
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final OID SHA1 = new OID("1.3.14.3.2.26");
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SHA1withRSA() throws NoSuchAlgorithmException
+ {
+ super(MessageDigest.getInstance("SHA-160"), SHA1);
+ }
+}
diff --git a/libjava/gnu/java/security/provider/X509CertificateFactory.java b/libjava/gnu/java/security/provider/X509CertificateFactory.java
index 62d3d38..7533006 100644
--- a/libjava/gnu/java/security/provider/X509CertificateFactory.java
+++ b/libjava/gnu/java/security/provider/X509CertificateFactory.java
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -44,16 +44,21 @@ import java.io.InputStream;
import java.io.IOException;
import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactorySpi;
+import java.security.cert.CertPath;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.util.Collection;
+import java.util.Iterator;
import java.util.LinkedList;
+import java.util.List;
import gnu.java.io.Base64InputStream;
import gnu.java.security.x509.X509Certificate;
+import gnu.java.security.x509.X509CertPath;
import gnu.java.security.x509.X509CRL;
public class X509CertificateFactory extends CertificateFactorySpi
@@ -87,7 +92,9 @@ public class X509CertificateFactory extends CertificateFactorySpi
}
catch (IOException ioe)
{
- throw new CertificateException(ioe.toString());
+ CertificateException ce = new CertificateException(ioe.getMessage());
+ ce.initCause (ioe);
+ throw ce;
}
}
@@ -107,7 +114,9 @@ public class X509CertificateFactory extends CertificateFactorySpi
}
catch (IOException ioe)
{
- throw new CertificateException(ioe.toString());
+ CertificateException ce = new CertificateException(ioe.getMessage());
+ ce.initCause (ioe);
+ throw ce;
}
}
return certs;
@@ -121,7 +130,9 @@ public class X509CertificateFactory extends CertificateFactorySpi
}
catch (IOException ioe)
{
- throw new CRLException(ioe.toString());
+ CRLException crle = new CRLException(ioe.getMessage());
+ crle.initCause (ioe);
+ throw crle;
}
}
@@ -141,18 +152,44 @@ public class X509CertificateFactory extends CertificateFactorySpi
}
catch (IOException ioe)
{
- throw new CRLException(ioe.toString());
+ CRLException crle = new CRLException(ioe.getMessage());
+ crle.initCause (ioe);
+ throw crle;
}
}
return crls;
}
+ public CertPath engineGenerateCertPath(List certs)
+ {
+ return new X509CertPath(certs);
+ }
+
+ public CertPath engineGenerateCertPath(InputStream in)
+ throws CertificateEncodingException
+ {
+ return new X509CertPath(in);
+ }
+
+ public CertPath engineGenerateCertPath(InputStream in, String encoding)
+ throws CertificateEncodingException
+ {
+ return new X509CertPath(in, encoding);
+ }
+
+ public Iterator engineGetCertPathEncodings()
+ {
+ return X509CertPath.ENCODINGS.iterator();
+ }
+
// Own methods.
// ------------------------------------------------------------------------
private X509Certificate generateCert(InputStream inStream)
throws IOException, CertificateException
{
+ if (inStream == null)
+ throw new CertificateException("missing input stream");
if (!inStream.markSupported())
inStream = new BufferedInputStream(inStream, 8192);
inStream.mark(20);
@@ -211,6 +248,8 @@ public class X509CertificateFactory extends CertificateFactorySpi
private X509CRL generateCRL(InputStream inStream)
throws IOException, CRLException
{
+ if (inStream == null)
+ throw new CRLException("missing input stream");
if (!inStream.markSupported())
inStream = new BufferedInputStream(inStream, 8192);
inStream.mark(20);
@@ -265,5 +304,4 @@ public class X509CertificateFactory extends CertificateFactorySpi
return new X509CRL(inStream);
}
}
-
}
diff --git a/libjava/gnu/java/security/x509/GnuPKIExtension.java b/libjava/gnu/java/security/x509/GnuPKIExtension.java
new file mode 100644
index 0000000..8294e65
--- /dev/null
+++ b/libjava/gnu/java/security/x509/GnuPKIExtension.java
@@ -0,0 +1,59 @@
+/* GnuPKIExtension.java -- interface for GNU PKI extensions.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509;
+
+import java.security.cert.X509Extension;
+import java.util.Collection;
+
+import gnu.java.security.OID;
+import gnu.java.security.x509.ext.Extension;
+
+public interface GnuPKIExtension extends X509Extension
+{
+
+ /**
+ * Returns the extension object for the given object identifier.
+ *
+ * @param oid The OID of the extension to get.
+ * @return The extension, or null if there is no such extension.
+ */
+ Extension getExtension(OID oid);
+
+ Collection getExtensions();
+}
diff --git a/libjava/gnu/java/security/x509/PolicyNodeImpl.java b/libjava/gnu/java/security/x509/PolicyNodeImpl.java
new file mode 100644
index 0000000..d3d4bd9
--- /dev/null
+++ b/libjava/gnu/java/security/x509/PolicyNodeImpl.java
@@ -0,0 +1,214 @@
+/* PolicyNodeImpl.java -- An implementation of a policy tree node.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509;
+
+import java.security.cert.PolicyNode;
+import java.security.cert.PolicyQualifierInfo;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+public final class PolicyNodeImpl implements PolicyNode
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private String policy;
+ private final Set expectedPolicies;
+ private final Set qualifiers;
+ private final Set children;
+ private PolicyNodeImpl parent;
+ private int depth;
+ private boolean critical;
+ private boolean readOnly;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public PolicyNodeImpl()
+ {
+ expectedPolicies = new HashSet();
+ qualifiers = new HashSet();
+ children = new HashSet();
+ readOnly = false;
+ critical = false;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public void addChild(PolicyNodeImpl node)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ if (node.getParent() != null)
+ throw new IllegalStateException("already a child node");
+ node.parent = this;
+ node.setDepth(depth + 1);
+ children.add(node);
+ }
+
+ public Iterator getChildren()
+ {
+ return Collections.unmodifiableSet(children).iterator();
+ }
+
+ public int getDepth()
+ {
+ return depth;
+ }
+
+ public void setDepth(int depth)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ this.depth = depth;
+ }
+
+ public void addAllExpectedPolicies(Set policies)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ expectedPolicies.addAll(policies);
+ }
+
+ public void addExpectedPolicy(String policy)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ expectedPolicies.add(policy);
+ }
+
+ public Set getExpectedPolicies()
+ {
+ return Collections.unmodifiableSet(expectedPolicies);
+ }
+
+ public PolicyNode getParent()
+ {
+ return parent;
+ }
+
+ public void addAllPolicyQualifiers (Collection qualifiers)
+ {
+ for (Iterator it = qualifiers.iterator(); it.hasNext(); )
+ {
+ if (!(it.next() instanceof PolicyQualifierInfo))
+ throw new IllegalArgumentException ("can only add PolicyQualifierInfos");
+ }
+ qualifiers.addAll (qualifiers);
+ }
+
+ public void addPolicyQualifier (PolicyQualifierInfo qualifier)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ qualifiers.add(qualifier);
+ }
+
+ public Set getPolicyQualifiers()
+ {
+ return Collections.unmodifiableSet(qualifiers);
+ }
+
+ public String getValidPolicy()
+ {
+ return policy;
+ }
+
+ public void setValidPolicy(String policy)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ this.policy = policy;
+ }
+
+ public boolean isCritical()
+ {
+ return critical;
+ }
+
+ public void setCritical(boolean critical)
+ {
+ if (readOnly)
+ throw new IllegalStateException("read only");
+ this.critical = critical;
+ }
+
+ public void setReadOnly()
+ {
+ if (readOnly)
+ return;
+ readOnly = true;
+ for (Iterator it = getChildren(); it.hasNext(); )
+ ((PolicyNodeImpl) it.next()).setReadOnly();
+ }
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer();
+ for (int i = 0; i < depth; i++)
+ buf.append(" ");
+ buf.append("(");
+ buf.append(PolicyNodeImpl.class.getName());
+ buf.append(" (oid ");
+ buf.append(policy);
+ buf.append(") (depth ");
+ buf.append(depth);
+ buf.append(") (qualifiers ");
+ buf.append(qualifiers);
+ buf.append(") (critical ");
+ buf.append(critical);
+ buf.append(") (expectedPolicies ");
+ buf.append(expectedPolicies);
+ buf.append(") (children (");
+ final String nl = System.getProperty("line.separator");
+ for (Iterator it = getChildren(); it.hasNext(); )
+ {
+ buf.append(nl);
+ buf.append(it.next().toString());
+ }
+ buf.append(")))");
+ return buf.toString();
+ }
+}
diff --git a/libjava/gnu/java/security/x509/Util.java b/libjava/gnu/java/security/x509/Util.java
new file mode 100644
index 0000000..3bbbff2
--- /dev/null
+++ b/libjava/gnu/java/security/x509/Util.java
@@ -0,0 +1,202 @@
+/* Util.java -- Miscellaneous utility methods.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509;
+
+/**
+ * A collection of useful class methods.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public final class Util
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ public static final String HEX = "0123456789abcdef";
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Convert a byte array to a hexadecimal string, as though it were a
+ * big-endian arbitrarily-sized integer.
+ *
+ * @param buf The bytes to format.
+ * @param off The offset to start at.
+ * @param len The number of bytes to format.
+ * @return A hexadecimal representation of the specified bytes.
+ */
+ public static String toHexString(byte[] buf, int off, int len)
+ {
+ StringBuffer str = new StringBuffer();
+ for (int i = 0; i < len; i++)
+ {
+ str.append(HEX.charAt(buf[i+off] >>> 4 & 0x0F));
+ str.append(HEX.charAt(buf[i+off] & 0x0F));
+ }
+ return str.toString();
+ }
+
+ /**
+ * See {@link #toHexString(byte[],int,int)}.
+ */
+ public static String toHexString(byte[] buf)
+ {
+ return Util.toHexString(buf, 0, buf.length);
+ }
+
+ /**
+ * Convert a byte array to a hexadecimal string, separating octets
+ * with the given character.
+ *
+ * @param buf The bytes to format.
+ * @param off The offset to start at.
+ * @param len The number of bytes to format.
+ * @param sep The character to insert between octets.
+ * @return A hexadecimal representation of the specified bytes.
+ */
+ public static String toHexString(byte[] buf, int off, int len, char sep)
+ {
+ StringBuffer str = new StringBuffer();
+ for (int i = 0; i < len; i++)
+ {
+ str.append(HEX.charAt(buf[i+off] >>> 4 & 0x0F));
+ str.append(HEX.charAt(buf[i+off] & 0x0F));
+ if (i < len - 1)
+ str.append(sep);
+ }
+ return str.toString();
+ }
+
+ /**
+ * See {@link #toHexString(byte[],int,int,char)}.
+ */
+ public static String toHexString(byte[] buf, char sep)
+ {
+ return Util.toHexString(buf, 0, buf.length, sep);
+ }
+
+ /**
+ * Create a representation of the given byte array similar to the
+ * output of `hexdump -C', which is
+ *
+ * <p><pre>OFFSET SIXTEEN-BYTES-IN-HEX PRINTABLE-BYTES</pre>
+ *
+ * <p>The printable bytes show up as-is if they are printable and
+ * not a newline character, otherwise showing as '.'.
+ *
+ * @param buf The bytes to format.
+ * @param off The offset to start at.
+ * @param len The number of bytes to encode.
+ * @return The formatted string.
+ */
+ public static String hexDump(byte[] buf, int off, int len, String prefix)
+ {
+ String nl = System.getProperty("line.separator");
+ StringBuffer str = new StringBuffer();
+ int i = 0;
+ while (i < len)
+ {
+ str.append(prefix);
+ str.append(Util.formatInt(i+off, 16, 8));
+ str.append(" ");
+ String s = Util.toHexString(buf, i+off, Math.min(16, len-i), ' ');
+ str.append(s);
+ for (int j = 56 - (56 - s.length()); j < 56; j++)
+ str.append(" ");
+ for (int j = 0; j < Math.min(16, len - i); j++)
+ {
+ if ((buf[i+off+j] & 0xFF) < 0x20 || (buf[i+off+j] & 0xFF) > 0x7E)
+ str.append('.');
+ else
+ str.append((char) (buf[i+off+j] & 0xFF));
+ }
+ str.append(nl);
+ i += 16;
+ }
+ return str.toString();
+ }
+
+ /**
+ * See {@link #hexDump(byte[],int,int)}.
+ */
+ public static String hexDump(byte[] buf, String prefix)
+ {
+ return hexDump(buf, 0, buf.length, prefix);
+ }
+
+ /**
+ * Format an integer into the specified radix, zero-filled.
+ *
+ * @param i The integer to format.
+ * @param radix The radix to encode to.
+ * @param len The target length of the string. The string is
+ * zero-padded to this length, but may be longer.
+ * @return The formatted integer.
+ */
+ public static String formatInt(int i, int radix, int len)
+ {
+ String s = Integer.toString(i, radix);
+ StringBuffer buf = new StringBuffer();
+ for (int j = 0; j < len - s.length(); j++)
+ buf.append("0");
+ buf.append(s);
+ return buf.toString();
+ }
+
+ /**
+ * Convert a hexadecimal string into its byte representation.
+ *
+ * @param hex The hexadecimal string.
+ * @return The converted bytes.
+ */
+ public static byte[] toByteArray(String hex)
+ {
+ hex = hex.toLowerCase();
+ byte[] buf = new byte[hex.length() / 2];
+ int j = 0;
+ for (int i = 0; i < buf.length; i++)
+ {
+ buf[i] = (byte) ((Character.digit(hex.charAt(j++), 16) << 4) |
+ Character.digit(hex.charAt(j++), 16));
+ }
+ return buf;
+ }
+}
diff --git a/libjava/gnu/java/security/x509/X500DistinguishedName.java b/libjava/gnu/java/security/x509/X500DistinguishedName.java
index 8a71567..64e320b 100644
--- a/libjava/gnu/java/security/x509/X500DistinguishedName.java
+++ b/libjava/gnu/java/security/x509/X500DistinguishedName.java
@@ -1,5 +1,5 @@
-/* X500DistinguishedName.java -- X.500 name.
- Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+/* X500DistinguishedName.java -- X.500 distinguished name.
+ Copyright (C) 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -38,121 +38,35 @@ exception statement from your version. */
package gnu.java.security.x509;
-import gnu.java.io.ASN1ParsingException;
-import gnu.java.security.OID;
-import gnu.java.security.der.DER;
-import gnu.java.security.der.DERReader;
-import gnu.java.security.der.DERValue;
-import gnu.java.security.der.DERWriter;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
+import java.io.EOFException;
import java.io.InputStream;
import java.io.IOException;
-import java.io.StreamTokenizer;
+import java.io.Reader;
import java.io.StringReader;
+
+import java.security.Principal;
+
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
-/**
- * A X.500 distinguished name. Distinguished names are sequences of
- * ATTRIB=VALUE pairs, where ATTRIB is one of the following:
- *
- * <table cellpadding="0" cellspacing="0" border="0">
- * <tr>
- * <th bgcolor="#CCCCFF" align="left">Name</th>
- * <th bgcolor="#CCCCFF" align="left">X.500 AttributeType</th>
- * <th bgcolor="#CCCCFF" align="left">ObjectIdentifier</th>
- * </tr>
- * <tr>
- * <td align="left">CN</td>
- * <td align="left">commonName</td>
- * <td align="left">2.5.4.3</td>
- * </tr>
- * <tr>
- * <td align="left">C</td>
- * <td align="left">countryName</td>
- * <td align="left">2.5.4.6</td>
- * </tr>
- * <tr>
- * <td align="left">L</td>
- * <td align="left">localityName</td>
- * <td align="left">2.5.4.7</td>
- * </tr>
- * <tr>
- * <td align="left">ST</td>
- * <td align="left">stateOrProvinceName</td>
- * <td align="left">2.5.4.8</td>
- * </tr>
- * <tr>
- * <td align="left">STREET</td>
- * <td align="left">streetAddress</td>
- * <td align="left">2.5.4.9</td>
- * </tr>
- * <tr>
- * <td align="left">O</td>
- * <td align="left">organizationName</td>
- * <td align="left">2.5.4.10</td>
- * </tr>
- * <tr>
- * <td align="left">OU</td>
- * <td align="left">organizationUnitName</td>
- * <td align="left">2.5.4.11</td>
- * </tr>
- * <tr>
- * <td align="left">DC</td>
- * <td align="left">domainComponent</td>
- * <td align="left">0.9.2342.19200300.100.1.25</td>
- * </tr>
- * <tr>
- * <td align="left">UID</td>
- * <td align="left">userid</td>
- * <td align="left"0.9.2342.19200300.100.1.1></td>
- * </tr>
- * <tr>
- * <td align="left">DNQ or DNQUALIFIER(*)</td>
- * <td align="left">domainNameQualifier</td>
- * <td align="left">2.5.4.46</td>
- * </tr>
- * <tr>
- * <td align="left">SURNAME(*)</td>
- * <td align="left">name</td>
- * <td align="left">2.5.4.41</td>
- * </tr>
- * <tr>
- * <td align="left">GIVENNAME(*)</td>
- * <td align="left">givenName</td>
- * <td align="left">2.5.4.42</td>
- * </tr>
- * <tr>
- * <td align="left">INITIALS(*)</td>
- * <td align="left">initials</td>
- * <td align="left">2.5.4.43</td>
- * </tr>
- * <tr>
- * <td align="left">EMAILADDRESS(*)</td>
- * <td align="left">emailAddress</td>
- * <td align="left">2.5.4.44</td>
- * </tr>
- * </table>
- *
- * <p><i>(*) = attributes not specified in RFC1779 or RFC2253, but
- * recognized anyway.</i>
- *
- * <p>Distinguished names of this form are used in the lightweight
- * directory access protocol (LDAP) and in the issuer and subject fields
- * of X.509 certificates.
- *
- * @author Casey Marshall (rsdio@metastatic.org)
- * @see javax.security.auth.x500.X500Principal
- * @status DER decoding/encoding works, RFC1779 and RFC2253 need to be
- * made more robust.
- */
-public class X500DistinguishedName
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.OID;
+
+public class X500DistinguishedName implements Principal
{
// Constants and fields.
- // ------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
public static final OID CN = new OID("2.5.4.3");
public static final OID C = new OID("2.5.4.6");
@@ -171,651 +85,467 @@ public class X500DistinguishedName
public static final OID DC = new OID("0.9.2342.19200300.100.1.25");
public static final OID UID = new OID("0.9.2342.19200300.100.1.1");
- private String commonName;
- private String country;
- private String locality;
- private String orgUnit;
- private String organization;
- private String street;
- private String state;
- private String title;
- private String dnQualifier;
- private String surname;
- private String givenName;
- private String initials;
- private String generation;
- private String email;
- private String domainComponent;
- private String userid;
-
- private String nameRFC1779;
- private String nameRFC2253;
- private String nameCanonical;
-
- private transient byte[] encoded;
+ private List components;
+ private Map currentRdn;
+ private boolean fixed;
+ private String stringRep;
+ private byte[] encoded;
// Constructors.
- // ------------------------------------------------------------------------
-
- /**
- * Create a new X500DistinguishedName from the RFC1779 or RFC2253
- * encoded form.
- *
- * @param name The encoded name.
- * @throws IllegalArgumentException If the name cannot be parsed.
- */
+ // -------------------------------------------------------------------------
+
+ public X500DistinguishedName()
+ {
+ components = new LinkedList();
+ currentRdn = new LinkedHashMap();
+ components.add(currentRdn);
+ }
+
public X500DistinguishedName(String name)
{
- if (name == null)
- throw new NullPointerException();
+ this();
try
{
- parseDN(name, true);
+ parseString(name);
}
- catch (Exception e)
+ catch (IOException ioe)
{
- parseDN(name, false);
+ throw new IllegalArgumentException(ioe.toString());
}
}
- /**
- * Create a new X500DistinguishedName from the DER encoded bytes.
- *
- * @param encoded The encoded form.
- * @throws IOException If the bytes are not a valid DER construct.
- */
public X500DistinguishedName(byte[] encoded) throws IOException
{
- this(new ByteArrayInputStream(encoded));
+ this();
+ parseDer(new DERReader(encoded));
}
- /**
- * Create a new X500DistinguishedName from the DER encoded bytes.
- *
- * @param encoded The encoded form.
- * @throws IOException If the bytes are not a valid DER construct.
- */
public X500DistinguishedName(InputStream encoded) throws IOException
{
- parseDER(encoded);
+ this();
+ parseDer(new DERReader(encoded));
}
// Instance methods.
- // ------------------------------------------------------------------------
-
- public boolean equals(Object o)
- {
- return
- (commonName != null &&
- commonName.equals(((X500DistinguishedName) o).commonName)) &&
- (country != null &&
- country.equals(((X500DistinguishedName) o).country)) &&
- (locality != null &&
- locality.equals(((X500DistinguishedName) o).locality)) &&
- (orgUnit != null &&
- orgUnit.equals(((X500DistinguishedName) o).orgUnit)) &&
- (organization != null &&
- organization.equals(((X500DistinguishedName) o).organization)) &&
- (street != null &&
- street.equals(((X500DistinguishedName) o).street)) &&
- (state != null &&
- state.equals(((X500DistinguishedName) o).state)) &&
- (domainComponent != null &&
- domainComponent.equals(((X500DistinguishedName) o).domainComponent)) &&
- (title != null &&
- title.equals(((X500DistinguishedName) o).title)) &&
- (dnQualifier != null &&
- dnQualifier.equals(((X500DistinguishedName) o).dnQualifier)) &&
- (surname != null &&
- surname.equals(((X500DistinguishedName) o).surname)) &&
- (givenName != null &&
- givenName.equals(((X500DistinguishedName) o).givenName)) &&
- (initials != null &&
- initials.equals(((X500DistinguishedName) o).initials)) &&
- (generation != null &&
- generation.equals(((X500DistinguishedName) o).generation)) &&
- (email != null &&
- email.equals(((X500DistinguishedName) o).email)) &&
- (userid != null &&
- userid.equals(((X500DistinguishedName) o).userid));
- }
-
- public byte[] getEncoded()
- {
- if (encoded == null)
- encoded = encodeDER();
- return (byte[]) encoded.clone();
- }
-
- private static String quote(String str)
- {
- if (str.indexOf(" ") > 0 || str.indexOf("\f") > 0 ||
- str.indexOf("\n") > 0 || str.indexOf("\r") > 0 ||
- str.indexOf("\t") > 0)
- str = '"' + str + '"';
- // XXX needs regex
- //return str.replaceAll("([,+\"\\<>;])", "\\\1");
- return str;
- }
-
- public String toRFC1779()
- {
- if (nameRFC1779 != null)
- return nameRFC1779;
- StringBuffer buf = new StringBuffer();
- if (commonName != null)
- buf.append("CN=").append(quote(commonName)).append(", ");
- if (country != null)
- buf.append("C=").append(quote(country)).append(", ");
- if (locality != null)
- buf.append("L=").append(quote(locality)).append(", ");
- if (orgUnit != null)
- buf.append("OU=").append(quote(orgUnit)).append(", ");
- if (organization != null)
- buf.append("O=").append(quote(organization)).append(", ");
- if (street != null)
- buf.append("STREET=").append(quote(street)).append(", ");
- if (state != null)
- buf.append("ST=").append(quote(state)).append(", ");
- if (title != null)
- buf.append(T).append("=").append(quote(title)).append(", ");
- if (dnQualifier != null)
- buf.append(DNQ).append("=").append(quote(dnQualifier)).append(", ");
- if (surname != null)
- buf.append(NAME).append("=").append(quote(surname)).append(", ");
- if (givenName != null)
- buf.append(GIVENNAME).append("=").append(quote(givenName)).append(", ");
- if (initials != null)
- buf.append(INITIALS).append("=").append(quote(initials)).append(", ");
- if (generation != null)
- buf.append(GENERATION).append("=").append(quote(generation)).append(", ");
- if (email != null)
- buf.append(EMAIL).append("=").append(quote(email)).append(", ");
- if (domainComponent != null)
- buf.append(DC).append("=").append(quote(domainComponent)).append(", ");
- if (userid != null)
- buf.append(UID).append("=").append(quote(userid)).append(", ");
- // XXX escapes
- return (nameRFC1779 = buf.substring(0, buf.length()-2));
- }
-
- public String toRFC2253()
- {
- if (nameRFC2253 != null)
- return nameRFC2253;
- StringBuffer buf = new StringBuffer();
- if (commonName != null)
- buf.append("CN=").append(quote(commonName)).append(",");
- if (country != null)
- buf.append("C=").append(quote(country)).append(",");
- if (locality != null)
- buf.append("L=").append(quote(locality)).append(",");
- if (orgUnit != null)
- buf.append("OU=").append(quote(orgUnit)).append(",");
- if (organization != null)
- buf.append("O=").append(quote(organization)).append(",");
- if (street != null)
- buf.append("STREET=").append(quote(street)).append(",");
- if (state != null)
- buf.append("ST=").append(quote(state)).append(",");
- if (title != null)
- buf.append(T).append("=").append(quote(title)).append(",");
- if (dnQualifier != null)
- buf.append(DNQ).append("=").append(quote(dnQualifier)).append(",");
- if (surname != null)
- buf.append(NAME).append("=").append(quote(surname)).append(",");
- if (givenName != null)
- buf.append(GIVENNAME).append("=").append(quote(givenName)).append(",");
- if (initials != null)
- buf.append(INITIALS).append("=").append(quote(initials)).append(",");
- if (generation != null)
- buf.append(GENERATION).append("=").append(quote(generation)).append(",");
- if (email != null)
- buf.append(EMAIL).append("=").append(quote(email)).append(",");
- if (domainComponent != null)
- buf.append(DC).append("=").append(quote(domainComponent)).append(",");
- if (userid != null)
- buf.append(UID).append("=").append(quote(userid)).append(",");
- // XXX escapes.
- return (nameRFC2253 = buf.substring(0, buf.length()-1));
- }
+ // -------------------------------------------------------------------------
- public String toCanonical()
+ public String getName()
{
- if (nameCanonical != null)
- return nameCanonical;
- nameCanonical = toRFC2253();
- return nameCanonical; // XXX canonicalize
+ return toString();
}
- public String getCommonName()
+ public void newRelativeDistinguishedName()
{
- return commonName;
+ if (fixed || currentRdn.isEmpty()) return;
+ currentRdn = new LinkedHashMap();
+ components.add(currentRdn);
}
- public String getCountry()
+ public int size()
{
- return country;
+ return components.size();
}
- public String getLocality()
+ public int countComponents()
{
- return locality;
+ int count = 0;
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ count += ((Map) it.next()).size();
+ }
+ return count;
}
- public String getOrganizationalUnit()
+ public boolean containsComponent(OID oid, String value)
{
- return orgUnit;
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ Map rdn = (Map) it.next();
+ String s = (String) rdn.get(oid);
+ if (s == null)
+ continue;
+ if (compressWS(value).equalsIgnoreCase(compressWS(s)))
+ return true;
+ }
+ return false;
}
- public String getOrganization()
+ public String getComponent(OID oid)
{
- return organization;
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ Map rdn = (Map) it.next();
+ if (rdn.containsKey(oid))
+ return (String) rdn.get(oid);
+ }
+ return null;
}
- public String getStreet()
+ public String getComponent(OID oid, int rdn)
{
- return street;
+ if (rdn >= size())
+ return null;
+ return (String) ((Map) components.get(rdn)).get(oid);
}
- public String getState()
+ public void putComponent(OID oid, String value)
{
- return state;
+ currentRdn.put(oid, value);
}
- public String getTitle()
+ public void putComponent(String name, String value)
{
- return title;
+ name = name.trim().toLowerCase();
+ if (name.equals("cn"))
+ putComponent(CN, value);
+ else if (name.equals("c"))
+ putComponent(C, value);
+ else if (name.equals("l"))
+ putComponent(L, value);
+ else if (name.equals("street"))
+ putComponent(STREET, value);
+ else if (name.equals("st"))
+ putComponent(ST, value);
+ else if (name.equals("t"))
+ putComponent(T, value);
+ else if (name.equals("dnq"))
+ putComponent(DNQ, value);
+ else if (name.equals("name"))
+ putComponent(NAME, value);
+ else if (name.equals("givenname"))
+ putComponent(GIVENNAME, value);
+ else if (name.equals("initials"))
+ putComponent(INITIALS, value);
+ else if (name.equals("generation"))
+ putComponent(GENERATION, value);
+ else if (name.equals("email"))
+ putComponent(EMAIL, value);
+ else if (name.equals("dc"))
+ putComponent(DC, value);
+ else if (name.equals("uid"))
+ putComponent(UID, value);
+ else
+ putComponent(new OID(name), value);
}
- public String getDNQualifier()
+ public void setUnmodifiable()
{
- return dnQualifier;
+ if (fixed) return;
+ fixed = true;
+ List newComps = new ArrayList(components.size());
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ Map rdn = (Map) it.next();
+ rdn = Collections.unmodifiableMap(rdn);
+ newComps.add(rdn);
+ }
+ components = Collections.unmodifiableList(newComps);
+ currentRdn = Collections.EMPTY_MAP;
}
- public String getSurname()
+ public int hashCode()
{
- return surname;
+ int sum = 0;
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ Map m = (Map) it.next();
+ for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+ {
+ Map.Entry e = (Map.Entry) it2.next();
+ sum += e.getKey().hashCode();
+ sum += e.getValue().hashCode();
+ }
+ }
+ return sum;
}
- public String getGivenName()
+ public boolean equals(Object o)
{
- return givenName;
+ if (!(o instanceof X500DistinguishedName))
+ return false;
+ if (size() != ((X500DistinguishedName) o).size())
+ return false;
+ for (int i = 0; i < size(); i++)
+ {
+ Map m = (Map) components.get(i);
+ for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+ {
+ Map.Entry e = (Map.Entry) it2.next();
+ OID oid = (OID) e.getKey();
+ String v1 = (String) e.getValue();
+ String v2 = ((X500DistinguishedName) o).getComponent(oid, i);
+ if (!compressWS(v1).equalsIgnoreCase(compressWS(v2)))
+ return false;
+ }
+ }
+ return true;
}
- public String getInitials()
+ public String toString()
{
- return initials;
+ if (fixed && stringRep != null)
+ return stringRep;
+ StringBuffer str = new StringBuffer();
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ Map m = (Map) it.next();
+ for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+ {
+ Map.Entry entry = (Map.Entry) it2.next();
+ OID oid = (OID) entry.getKey();
+ String value = (String) entry.getValue();
+ if (oid.equals(CN))
+ str.append("CN");
+ else if (oid.equals(C))
+ str.append("C");
+ else if (oid.equals(L))
+ str.append("L");
+ else if (oid.equals(ST))
+ str.append("ST");
+ else if (oid.equals(STREET))
+ str.append("STREET");
+ else if (oid.equals(O))
+ str.append("O");
+ else if (oid.equals(OU))
+ str.append("OU");
+ else if (oid.equals(T))
+ str.append("T");
+ else if (oid.equals(DNQ))
+ str.append("DNQ");
+ else if (oid.equals(NAME))
+ str.append("NAME");
+ else
+ str.append(oid.toString());
+ str.append('=');
+ str.append(value);
+ if (it2.hasNext())
+ str.append("+");
+ }
+ if (it.hasNext())
+ str.append(',');
+ }
+ return (stringRep = str.toString());
}
- public String getGeneration()
+ public byte[] getDer()
{
- return generation;
+ if (fixed && encoded != null)
+ return (byte[]) encoded.clone();
+ ArrayList name = new ArrayList(components.size());
+ for (Iterator it = components.iterator(); it.hasNext(); )
+ {
+ Map m = (Map) it.next();
+ if (m.isEmpty())
+ continue;
+ Set rdn = new HashSet();
+ for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+ {
+ Map.Entry e = (Map.Entry) it.next();
+ ArrayList atav = new ArrayList(2);
+ atav.add(new DERValue(DER.OBJECT_IDENTIFIER, e.getKey()));
+ atav.add(new DERValue(DER.UTF8_STRING, e.getValue()));
+ rdn.add(new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, atav));
+ }
+ name.add(new DERValue(DER.SET|DER.CONSTRUCTED, rdn));
+ }
+ DERValue val = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, name);
+ return (byte[]) (encoded = val.getEncoded()).clone();
}
- public String getEmail()
- {
- return email;
- }
+ // Own methods.
+ // -------------------------------------------------------------------------
- public String getDomain()
- {
- return domainComponent;
- }
+ private int sep;
- public String getUserID()
+ private void parseString(String str) throws IOException
{
- return userid;
+ Reader in = new StringReader(str);
+ while (true)
+ {
+ String key = readAttributeType(in);
+ if (key == null)
+ break;
+ String value = readAttributeValue(in);
+ putComponent(key, value);
+ if (sep == ',')
+ newRelativeDistinguishedName();
+ }
+ setUnmodifiable();
}
- // Own methods.
- // ------------------------------------------------------------------------
-
- private static String unquote(String str)
+ private String readAttributeType(Reader in) throws IOException
{
- if (str.startsWith("\"") && str.endsWith("\""))
- str = str.substring(1, str.length()-1);
- // XXX needs regex
- //return str.replaceAll("\\([,+\"\\<>;])", "\1");
- return str;
+ StringBuffer buf = new StringBuffer();
+ int ch;
+ while ((ch = in.read()) != '=')
+ {
+ if (ch == -1)
+ {
+ if (buf.length() > 0)
+ throw new EOFException();
+ return null;
+ }
+ if (ch > 127)
+ throw new IOException("Invalid char: " + (char) ch);
+ if (Character.isLetterOrDigit((char) ch) || ch == '-' || ch == '.')
+ buf.append((char) ch);
+ else
+ throw new IOException("Invalid char: " + (char) ch);
+ }
+ return buf.toString();
}
- private void parseDN(String name, boolean rfc2253)
+ private String readAttributeValue(Reader in) throws IOException
{
- if (name.length() == 0)
- throw new IllegalArgumentException("zero-length distinguished name");
- StreamTokenizer parse = new StreamTokenizer(new StringReader(name));
- parse.resetSyntax();
- parse.wordChars('\000', '~');
- parse.ordinaryChar('#');
- parse.ordinaryChar(',');
- parse.ordinaryChar('=');
- parse.ordinaryChar('<');
- parse.ordinaryChar('>');
- parse.ordinaryChar(';');
- parse.ordinaryChar('\\');
- parse.quoteChar('"');
- String attrib = null;
- String value = null;
- int token, lastToken = ',';
- while (true)
+ StringBuffer buf = new StringBuffer();
+ int ch = in.read();
+ if (ch == '#')
{
- try
+ while (true)
{
- token = parse.nextToken();
+ ch = in.read();
+ if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+ || Character.isDigit((char) ch))
+ buf.append((char) ch);
+ else if (ch == '+' || ch == ',')
+ {
+ sep = ch;
+ String hex = buf.toString();
+ return new String(Util.toByteArray(hex));
+ }
+ else
+ throw new IOException("illegal character: " + (char) ch);
}
- catch (IOException ioe)
+ }
+ else if (ch == '"')
+ {
+ while (true)
{
- throw new IllegalArgumentException();
+ ch = in.read();
+ if (ch == '"')
+ break;
+ else if (ch == '\\')
+ {
+ ch = in.read();
+ if (ch == -1)
+ throw new EOFException();
+ if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+ || Character.isDigit((char) ch))
+ {
+ int i = Character.digit((char) ch, 16) << 4;
+ ch = in.read();
+ if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+ || Character.isDigit((char) ch)))
+ throw new IOException("illegal hex char");
+ i |= Character.digit((char) ch, 16);
+ buf.append((char) i);
+ }
+ else
+ buf.append((char) ch);
+ }
+ else
+ buf.append((char) ch);
}
- switch (token)
+ sep = in.read();
+ if (sep != '+' || sep != ',')
+ throw new IOException("illegal character: " + (char) ch);
+ return buf.toString();
+ }
+ else
+ {
+ while (true)
{
- case StreamTokenizer.TT_WORD:
- if (lastToken == ',' || lastToken == '+' ||
- (!rfc2253 && lastToken == ';'))
- attrib = parse.sval.trim();
- else if (lastToken == '=')
- value = unquote(parse.sval.trim());
- else
- throw new IllegalArgumentException();
- break;
- case '"':
- if (lastToken == '=')
- value = parse.sval;
- else
- throw new IllegalArgumentException();
- break;
- case ';':
- if (rfc2253)
- throw new IllegalArgumentException();
- case ',':
- case '+':
- if (attrib == null || value == null)
- throw new IllegalArgumentException("extraneous separator");
- try
- {
- setAttribute(new OID(attrib), value);
- }
- catch (Exception x)
- {
- setAttribute(attrib, value);
- }
- attrib = null;
- value = null;
- break;
- case '=':
- break;
- case StreamTokenizer.TT_EOF:
- return;
- default:
- throw new IllegalArgumentException("unknown token " + (char)token
- + " (" + token + ")");
+ switch (ch)
+ {
+ case '+':
+ case ',':
+ sep = ch;
+ return buf.toString();
+ case '\\':
+ ch = in.read();
+ if (ch == -1)
+ throw new EOFException();
+ if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+ || Character.isDigit((char) ch))
+ {
+ int i = Character.digit((char) ch, 16) << 4;
+ ch = in.read();
+ if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+ || Character.isDigit((char) ch)))
+ throw new IOException("illegal hex char");
+ i |= Character.digit((char) ch, 16);
+ buf.append((char) i);
+ }
+ else
+ buf.append((char) ch);
+ break;
+ case '=':
+ case '<':
+ case '>':
+ case '#':
+ case ';':
+ throw new IOException("illegal character: " + (char) ch);
+ case -1:
+ throw new EOFException();
+ default:
+ buf.append((char) ch);
+ }
}
- lastToken = token;
}
}
- private void parseDER(InputStream in) throws IOException
+ private void parseDer(DERReader der) throws IOException
{
- DERReader der = new DERReader(in);
DERValue name = der.read();
if (!name.isConstructed())
- throw new ASN1ParsingException("badly formed Name");
+ throw new IOException("malformed Name");
+ encoded = name.getEncoded();
int len = 0;
while (len < name.getLength())
{
DERValue rdn = der.read();
- if (rdn.getValue() != DER.CONSTRUCTED_VALUE)
- throw new ASN1ParsingException("badly formed RDNSequence");
+ if (!rdn.isConstructed())
+ throw new IOException("badly formed RDNSequence");
int len2 = 0;
while (len2 < rdn.getLength())
{
DERValue atav = der.read();
- if (atav.getValue() != DER.CONSTRUCTED_VALUE)
- throw new ASN1ParsingException(
- "badly formed AttributeTypeAndValue");
- OID atype = (OID) der.read().getValue();
- String aval = (String) der.read().getValue();
- setAttribute(atype, aval);
- len2 += 1 + atav.getLength()
- + DERWriter.definiteEncodingSize(atav.getLength());
+ if (!atav.isConstructed())
+ throw new IOException("badly formed AttributeTypeAndValue");
+ DERValue val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("badly formed AttributeTypeAndValue");
+ OID oid = (OID) val.getValue();
+ val = der.read();
+ if (!(val.getValue() instanceof String))
+ throw new IOException("badly formed AttributeTypeAndValue");
+ String value = (String) val.getValue();
+ putComponent(oid, value);
+ len2 += atav.getEncodedLength();
}
- len += len2 + 1 + DERWriter.definiteEncodingSize(name.getLength());
+ len += rdn.getEncodedLength();
+ if (len < name.getLength())
+ newRelativeDistinguishedName();
}
+ setUnmodifiable();
}
- private byte[] encodeDER()
+ private static String compressWS(String str)
{
- try
+ StringBuffer buf = new StringBuffer();
+ char lastChar = 0;
+ for (int i = 0; i < str.length(); i++)
{
- LinkedList name = new LinkedList();
- if (commonName != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, CN));
- atav.add(new DERValue(DER.PRINTABLE_STRING, commonName));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (country != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, C));
- atav.add(new DERValue(DER.PRINTABLE_STRING, country));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (locality != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, L));
- atav.add(new DERValue(DER.PRINTABLE_STRING, locality));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (orgUnit != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, OU));
- atav.add(new DERValue(DER.PRINTABLE_STRING, orgUnit));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (organization != null)
+ char c = str.charAt(i);
+ if (Character.isWhitespace(c))
{
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, O));
- atav.add(new DERValue(DER.PRINTABLE_STRING, organization));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
+ if (!Character.isWhitespace(lastChar))
+ buf.append(' ');
}
- if (street != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, STREET));
- atav.add(new DERValue(DER.PRINTABLE_STRING, street));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (state != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, ST));
- atav.add(new DERValue(DER.PRINTABLE_STRING, state));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (title != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, T));
- atav.add(new DERValue(DER.PRINTABLE_STRING, title));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (dnQualifier != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, DNQ));
- atav.add(new DERValue(DER.PRINTABLE_STRING, dnQualifier));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (surname != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, NAME));
- atav.add(new DERValue(DER.PRINTABLE_STRING, surname));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (givenName != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, GIVENNAME));
- atav.add(new DERValue(DER.PRINTABLE_STRING, givenName));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (initials != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, INITIALS));
- atav.add(new DERValue(DER.PRINTABLE_STRING, initials));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (generation != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, GENERATION));
- atav.add(new DERValue(DER.PRINTABLE_STRING, generation));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (email != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, EMAIL));
- atav.add(new DERValue(DER.PRINTABLE_STRING, email));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (domainComponent != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, DC));
- atav.add(new DERValue(DER.PRINTABLE_STRING, domainComponent));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- if (userid != null)
- {
- HashSet rdn = new HashSet();
- LinkedList atav = new LinkedList();
- atav.add(new DERValue(DER.OBJECT_IDENTIFIER, UID));
- atav.add(new DERValue(DER.PRINTABLE_STRING, userid));
- rdn.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, atav));
- name.add(new DERValue(DER.CONSTRUCTED | DER.SET, rdn));
- }
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- DERWriter.write(out, new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, name));
- return out.toByteArray();
- }
- catch (IOException ioe)
- {
- throw new Error(ioe);
+ else
+ buf.append(c);
+ lastChar = c;
}
- }
-
- private void setAttribute(String atype, String aval)
- {
- if (atype.equals("CN"))
- commonName = aval;
- else if (atype.equals("C"))
- country = aval;
- else if (atype.equals("L"))
- locality = aval;
- else if (atype.equals("ST"))
- state = aval;
- else if (atype.equals("STREET"))
- street = aval;
- else if (atype.equals("O"))
- organization = aval;
- else if (atype.equals("OU"))
- orgUnit = aval;
- else if (atype.equals("T"))
- title = aval;
- else if (atype.equals("DNQ") || atype.equals("DNQUALIFIER"))
- dnQualifier = aval;
- else if (atype.equals("SURNAME"))
- surname = aval;
- else if (atype.equals("GIVENNAME"))
- givenName = aval;
- else if (atype.equals("INITIALS"))
- initials = aval;
- else if (atype.equals("GENERATION"))
- generation = aval;
- else if (atype.equals("EMAILADDRESS"))
- email = aval;
- else if (atype.equals("DC"))
- domainComponent = aval;
- else if (atype.equals("UID"))
- userid = aval;
- else
- throw new IllegalArgumentException("unknown attribute " + atype);
- }
-
- private void setAttribute(OID atype, String aval)
- {
- if (atype.equals(CN))
- commonName = aval;
- else if (atype.equals(C))
- country = aval;
- else if (atype.equals(L))
- locality = aval;
- else if (atype.equals(ST))
- state = aval;
- else if (atype.equals(STREET))
- street = aval;
- else if (atype.equals(O))
- organization = aval;
- else if (atype.equals(OU))
- orgUnit = aval;
- else if (atype.equals(T))
- title = aval;
- else if (atype.equals(DNQ))
- dnQualifier = aval;
- else if (atype.equals(NAME))
- surname = aval;
- else if (atype.equals(GIVENNAME))
- givenName = aval;
- else if (atype.equals(INITIALS))
- initials = aval;
- else if (atype.equals(GENERATION))
- generation = aval;
- else if (atype.equals(EMAIL))
- email = aval;
- else if (atype.equals(DC))
- domainComponent = aval;
- else if (atype.equals(UID))
- userid = aval;
- else
- throw new IllegalArgumentException("unknown attribute " + atype);
+ return buf.toString().trim();
}
}
diff --git a/libjava/gnu/java/security/x509/X509CRL.java b/libjava/gnu/java/security/x509/X509CRL.java
index e31a85d..adaa003 100644
--- a/libjava/gnu/java/security/x509/X509CRL.java
+++ b/libjava/gnu/java/security/x509/X509CRL.java
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -44,6 +44,7 @@ import gnu.java.security.der.BitString;
import gnu.java.security.der.DER;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
+import gnu.java.security.x509.ext.Extension;
import java.io.InputStream;
import java.io.IOException;
@@ -57,11 +58,12 @@ import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CRLException;
-import java.security.cert.X509CRLEntry;
+import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
@@ -72,11 +74,22 @@ import javax.security.auth.x500.X500Principal;
* @author Casey Marshall (rsdio@metastatic.org)
*/
public class X509CRL extends java.security.cert.X509CRL
+ implements GnuPKIExtension
{
// Constants and fields.
// ------------------------------------------------------------------------
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ if (DEBUG)
+ {
+ System.err.print(">> X509CRL: ");
+ System.err.println(msg);
+ }
+ }
+
private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");
private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
@@ -92,12 +105,10 @@ public class X509CRL extends java.security.cert.X509CRL
private byte[] algParams;
private Date thisUpdate;
private Date nextUpdate;
- private X500Principal issuerDN;
+ private X500DistinguishedName issuerDN;
private HashMap revokedCerts;
private HashMap extensions;
- private HashSet critOids;
- private HashSet nonCritOids;
-
+
private OID sigAlg;
private byte[] sigAlgParams;
private byte[] rawSig;
@@ -118,8 +129,6 @@ public class X509CRL extends java.security.cert.X509CRL
super();
revokedCerts = new HashMap();
extensions = new HashMap();
- critOids = new HashSet();
- nonCritOids = new HashSet();
try
{
parse(encoded);
@@ -141,7 +150,9 @@ public class X509CRL extends java.security.cert.X509CRL
public boolean equals(Object o)
{
- return ((X509CRL) o).revokedCerts.equals(revokedCerts);
+ if (!(o instanceof X509CRL))
+ return false;
+ return ((X509CRL) o).getRevokedCertificates().equals(revokedCerts.values());
}
public int hashCode()
@@ -182,7 +193,7 @@ public class X509CRL extends java.security.cert.X509CRL
public X500Principal getIssuerX500Principal()
{
- return issuerDN;
+ return new X500Principal(issuerDN.getDer());
}
public Date getThisUpdate()
@@ -197,9 +208,9 @@ public class X509CRL extends java.security.cert.X509CRL
return null;
}
- public X509CRLEntry getRevokedCertificate(BigInteger serialNo)
+ public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger serialNo)
{
- return (X509CRLEntry) revokedCerts.get(serialNo);
+ return (java.security.cert.X509CRLEntry) revokedCerts.get(serialNo);
}
public Set getRevokedCertificates()
@@ -247,33 +258,68 @@ public class X509CRL extends java.security.cert.X509CRL
public boolean hasUnsupportedCriticalExtension()
{
- return false; // XXX
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (e.isCritical() && !e.isSupported())
+ return true;
+ }
+ return false;
}
public Set getCriticalExtensionOIDs()
{
- return Collections.unmodifiableSet(critOids);
+ HashSet s = new HashSet();
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (e.isCritical())
+ s.add(e.getOid().toString());
+ }
+ return Collections.unmodifiableSet(s);
}
public Set getNonCriticalExtensionOIDs()
{
- return Collections.unmodifiableSet(nonCritOids);
+ HashSet s = new HashSet();
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (!e.isCritical())
+ s.add(e.getOid().toString());
+ }
+ return Collections.unmodifiableSet(s);
}
public byte[] getExtensionValue(String oid)
{
- byte[] ext = (byte[]) extensions.get(oid);
- if (ext != null)
- return (byte[]) ext.clone();
+ Extension e = getExtension(new OID(oid));
+ if (e != null)
+ {
+ return e.getValue().getEncoded();
+ }
return null;
}
+ // GnuPKIExtension method.
+ // -------------------------------------------------------------------------
+
+ public Extension getExtension(OID oid)
+ {
+ return (Extension) extensions.get(oid);
+ }
+
+ public Collection getExtensions()
+ {
+ return extensions.values();
+ }
+
// CRL methods.
- // ------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
public String toString()
{
- return gnu.java.security.x509.X509CRL.class.getName();
+ return X509CRL.class.getName();
}
public boolean isRevoked(Certificate cert)
@@ -302,17 +348,23 @@ public class X509CRL extends java.security.cert.X509CRL
private void parse(InputStream in) throws Exception
{
+ // CertificateList ::= SEQUENCE {
DERReader der = new DERReader(in);
DERValue val = der.read();
+ debug("start CertificateList len == " + val.getLength());
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed CertificateList");
+ throw new IOException("malformed CertificateList");
encoded = val.getEncoded();
+ // tbsCertList ::= SEQUENCE { -- TBSCertList
val = der.read();
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed TBSCertList");
+ throw new IOException("malformed TBSCertList");
+ debug("start tbsCertList len == " + val.getLength());
tbsCRLBytes = val.getEncoded();
+ // version Version OPTIONAL,
+ // -- If present must be v2
val = der.read();
if (val.getValue() instanceof BigInteger)
{
@@ -321,78 +373,104 @@ public class X509CRL extends java.security.cert.X509CRL
}
else
version = 1;
+ debug("read version == " + version);
+ // signature AlgorithmIdentifier,
+ debug("start AlgorithmIdentifier len == " + val.getLength());
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed AlgorithmIdentifier");
+ throw new IOException("malformed AlgorithmIdentifier");
DERValue algIdVal = der.read();
algId = (OID) algIdVal.getValue();
+ debug("read object identifier == " + algId);
if (val.getLength() > algIdVal.getEncodedLength())
{
val = der.read();
+ debug("read parameters len == " + val.getEncodedLength());
algParams = val.getEncoded();
if (val.isConstructed())
in.skip(val.getLength());
}
- issuerDN = new X500Principal(in);
+ // issuer Name,
+ val = der.read();
+ issuerDN = new X500DistinguishedName(val.getEncoded());
+ der.skip(val.getLength());
+ debug("read issuer == " + issuerDN);
+ // thisUpdate Time,
thisUpdate = (Date) der.read().getValue();
+ debug("read thisUpdate == " + thisUpdate);
+ // nextUpdate Time OPTIONAL,
val = der.read();
if (val.getValue() instanceof Date)
{
nextUpdate = (Date) val.getValue();
+ debug("read nextUpdate == " + nextUpdate);
val = der.read();
}
+
+ // revokedCertificates SEQUENCE OF SEQUENCE {
+ // -- X509CRLEntry objects...
+ // } OPTIONAL,
if (val.getTag() != 0)
{
int len = 0;
while (len < val.getLength())
{
- X509CRLEntry entry =
- new gnu.java.security.x509.X509CRLEntry(version, in);
+ X509CRLEntry entry = new X509CRLEntry(version, der);
revokedCerts.put(entry.getSerialNumber(), entry);
len += entry.getEncoded().length;
}
+ val = der.read();
}
- if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)
+
+ // crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ // -- if present MUST be v2
+ if (val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)
{
- val = der.read();
+ if (version < 2)
+ throw new IOException("extra data in CRL");
+ DERValue exts = der.read();
+ if (!exts.isConstructed())
+ throw new IOException("malformed Extensions");
+ debug("start Extensions len == " + exts.getLength());
int len = 0;
- while (len < val.getLength())
+ while (len < exts.getLength())
{
DERValue ext = der.read();
- OID extId = (OID) der.read().getValue();
- DERValue val2 = der.read();
- Boolean crit = Boolean.valueOf(false);
- if (val2.getValue() instanceof Boolean)
- {
- crit = (Boolean) val2.getValue();
- val2 = der.read();
- }
- byte[] extVal = (byte[]) val2.getValue();
- extensions.put(extId.toString(), extVal);
- if (crit.booleanValue())
- critOids.add(extId.toString());
- else
- nonCritOids.add(extId.toString());
+ if (!ext.isConstructed())
+ throw new IOException("malformed Extension");
+ Extension e = new Extension(ext.getEncoded());
+ extensions.put(e.getOid(), e);
+ der.skip(ext.getLength());
len += ext.getEncodedLength();
+ debug("current count == " + len);
}
+ val = der.read();
}
- val = der.read();
+ debug("read tag == " + val.getTag());
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed AlgorithmIdentifier");
+ throw new IOException("malformed AlgorithmIdentifier");
+ debug("start AlgorithmIdentifier len == " + val.getLength());
DERValue sigAlgVal = der.read();
+ debug("read tag == " + sigAlgVal.getTag());
+ if (sigAlgVal.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed AlgorithmIdentifier");
sigAlg = (OID) sigAlgVal.getValue();
+ debug("signature id == " + sigAlg);
+ debug("sigAlgVal length == " + sigAlgVal.getEncodedLength());
if (val.getLength() > sigAlgVal.getEncodedLength())
{
val = der.read();
+ debug("sig params tag = " + val.getTag() + " len == " + val.getEncodedLength());
sigAlgParams = (byte[]) val.getEncoded();
if (val.isConstructed())
in.skip(val.getLength());
}
val = der.read();
+ debug("read tag = " + val.getTag());
rawSig = val.getEncoded();
signature = ((BitString) val.getValue()).toByteArray();
}
diff --git a/libjava/gnu/java/security/x509/X509CRLEntry.java b/libjava/gnu/java/security/x509/X509CRLEntry.java
index 4057c60..252737c 100644
--- a/libjava/gnu/java/security/x509/X509CRLEntry.java
+++ b/libjava/gnu/java/security/x509/X509CRLEntry.java
@@ -1,5 +1,5 @@
-/* X509CRLEntry.java -- entry in a X.509 CRL.
- Copyright (C) 2003 Free Software Foundation, Inc.
+/* X509CRLEntry.java -- an entry in a X.509 CRL.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -45,17 +45,17 @@ import java.math.BigInteger;
import java.security.cert.CRLException;
+import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Set;
-import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
-import gnu.java.security.der.DERReader;
-import gnu.java.security.der.DERValue;
-import gnu.java.security.der.DERWriter;
+import gnu.java.security.der.*;
+import gnu.java.security.x509.ext.*;
/**
* A single entry in a X.509 certificate revocation list.
@@ -64,11 +64,22 @@ import gnu.java.security.der.DERWriter;
* @author Casey Marshall
*/
class X509CRLEntry extends java.security.cert.X509CRLEntry
+ implements GnuPKIExtension
{
// Constants and fields.
// ------------------------------------------------------------------------
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ if (DEBUG)
+ {
+ System.err.print(">> X509CRLEntry: ");
+ System.err.println(msg);
+ }
+ }
+
/** The DER encoded form of this CRL entry. */
private byte[] encoded;
@@ -78,15 +89,9 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
/** The date the certificate was revoked. */
private Date revocationDate;
- /** The encoded extensions. */
+ /** The CRL entry extensions. */
private HashMap extensions;
- /** The set of critical extension OIDs. */
- private HashSet critOids;
-
- /** the set of non-critical extension OIDs. */
- private HashSet nonCritOids;
-
// Constructor.
// ------------------------------------------------------------------------
@@ -99,13 +104,11 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
* @throws CRLException If the ASN.1 structure is invalid.
* @throws IOException If the bytes cannot be read.
*/
- X509CRLEntry(int version, InputStream encoded)
+ X509CRLEntry(int version, DERReader encoded)
throws CRLException, IOException
{
super();
extensions = new HashMap();
- critOids = new HashSet();
- nonCritOids = new HashSet();
try
{
parse(version, encoded);
@@ -125,8 +128,10 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
public boolean equals(Object o)
{
- return ((X509CRLEntry) o).serialNo.equals(serialNo) &&
- ((X509CRLEntry) o).revocationDate.equals(revocationDate);
+ if (!(o instanceof X509CRLEntry))
+ return false;
+ return ((X509CRLEntry) o).getSerialNumber().equals(serialNo) &&
+ ((X509CRLEntry) o).getRevocationDate().equals(revocationDate);
}
public int hashCode()
@@ -157,79 +162,119 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
public String toString()
{
return "X509CRLEntry serial=" + serialNo + " revocation date="
- + revocationDate + " critExt=" + critOids + " ext=" + nonCritOids;
+ + revocationDate + " ext=" + extensions;
}
// X509Extension methods.
- // ------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
public boolean hasUnsupportedCriticalExtension()
{
- return false; // XXX
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (e.isCritical() && !e.isSupported())
+ return true;
+ }
+ return false;
}
public Set getCriticalExtensionOIDs()
{
- return Collections.unmodifiableSet(critOids);
+ HashSet s = new HashSet();
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (e.isCritical())
+ s.add(e.getOid().toString());
+ }
+ return Collections.unmodifiableSet(s);
}
public Set getNonCriticalExtensionOIDs()
{
- return Collections.unmodifiableSet(nonCritOids);
+ HashSet s = new HashSet();
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (!e.isCritical())
+ s.add(e.getOid().toString());
+ }
+ return Collections.unmodifiableSet(s);
}
public byte[] getExtensionValue(String oid)
{
- byte[] ext = (byte[]) extensions.get(oid);
- if (ext != null)
- return (byte[]) ext.clone();
+ Extension e = getExtension(new OID(oid));
+ if (e != null)
+ {
+ return e.getValue().getEncoded();
+ }
return null;
}
+ // GnuPKIExtension method.
+ // -------------------------------------------------------------------------
+
+ public Extension getExtension(OID oid)
+ {
+ return (Extension) extensions.get(oid);
+ }
+
+ public Collection getExtensions()
+ {
+ return extensions.values();
+ }
+
// Own methods.
- // ------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
- private void parse(int version, InputStream in) throws Exception
+ private void parse(int version, DERReader der) throws Exception
{
- DERReader der = new DERReader(in);
+ // RevokedCertificate ::= SEQUENCE {
DERValue entry = der.read();
+ debug("start CRL entry len == " + entry.getLength());
if (!entry.isConstructed())
- throw new ASN1ParsingException("malformed revokedCertificate");
+ throw new IOException("malformed revokedCertificate");
encoded = entry.getEncoded();
int len = 0;
+
+ debug("encoded entry:\n" + Util.hexDump(encoded, ">>>> "));
+
+ // userCertificate CertificateSerialNumber,
DERValue val = der.read();
serialNo = (BigInteger) val.getValue();
- len += DERWriter.definiteEncodingSize(val.getLength())
- + val.getLength() + 1;
+ len += val.getEncodedLength();
+ debug("userCertificate == " + serialNo + " current count == " + len);
+
+ // revocationDate Time,
val = der.read();
revocationDate = (Date) val.getValue();
- len += DERWriter.definiteEncodingSize(val.getLength())
- + val.getLength() + 1;
+ len += val.getEncodedLength();
+ debug("revocationDate == " + revocationDate + " current count == " + len);
+ // crlEntryExtensions Extensions OPTIONAL
+ // -- if present MUST be v2
if (len < entry.getLength())
{
if (version < 2)
- throw new ASN1ParsingException("extra data in CRL entry");
- while (len < entry.getLength())
+ throw new IOException("extra data in CRL entry");
+ DERValue exts = der.read();
+ if (!exts.isConstructed())
+ throw new IOException("malformed Extensions");
+ debug("start Extensions len == " + exts.getLength());
+ len = 0;
+ while (len < exts.getLength())
{
val = der.read();
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed Extension");
- OID extOid = (OID) der.read().getValue();
- Boolean critical = Boolean.valueOf(false);
- DERValue val2 = der.read();
- if (val2.getValue() instanceof Boolean)
- {
- critical = (Boolean) val2.getValue();
- val2 = der.read();
- }
- byte[] ext = (byte[]) val2.getValue();
- extensions.put(extOid.toString(), ext);
- if (critical.booleanValue())
- critOids.add(extOid.toString());
- else
- nonCritOids.add(extOid.toString());
+ throw new IOException("malformed Extension");
+ debug("start Extension len == " + val.getLength());
+ Extension e = new Extension(val.getEncoded());
+ extensions.put(e.getOid(), e);
+ der.skip(val.getLength());
len += val.getEncodedLength();
+ debug("current count == " + len);
}
}
}
diff --git a/libjava/gnu/java/security/x509/X509CRLSelectorImpl.java b/libjava/gnu/java/security/x509/X509CRLSelectorImpl.java
new file mode 100644
index 0000000..c409779
--- /dev/null
+++ b/libjava/gnu/java/security/x509/X509CRLSelectorImpl.java
@@ -0,0 +1,138 @@
+/* X509CRLSelectorImpl.java -- implementation of an X509CRLSelector.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509;
+
+import java.io.IOException;
+
+import java.security.Principal;
+import java.security.cert.CRL;
+import java.security.cert.CRLSelector;
+import java.security.cert.X509CRL;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * Sun's implementation of X509CRLSelector sucks. This one tries to work
+ * better.
+ */
+public class X509CRLSelectorImpl implements CRLSelector
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private Set issuerNames;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public X509CRLSelectorImpl()
+ {
+ issuerNames = new HashSet();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public void addIssuerName(byte[] issuerName) throws IOException
+ {
+ issuerNames.add(new X500DistinguishedName(issuerName));
+ }
+
+ public void addIssuerName(String issuerName)
+ {
+ issuerNames.add(new X500DistinguishedName(issuerName));
+ }
+
+ public void addIssuerName(Principal issuerName) throws IOException
+ {
+ if (issuerName instanceof X500DistinguishedName)
+ issuerNames.add(issuerName);
+ else if (issuerName instanceof X500Principal)
+ issuerNames.add(new X500DistinguishedName(((X500Principal) issuerName).getEncoded()));
+ else
+ issuerNames.add(new X500DistinguishedName(issuerName.getName()));
+ }
+
+ public Collection getIssuerNames()
+ {
+ return Collections.unmodifiableSet(issuerNames);
+ }
+
+ public Object clone()
+ {
+ X509CRLSelectorImpl copy = new X509CRLSelectorImpl();
+ copy.issuerNames.addAll(issuerNames);
+ return copy;
+ }
+
+ public boolean match(CRL crl)
+ {
+ if (!(crl instanceof X509CRL))
+ return false;
+ try
+ {
+ Principal p = ((X509CRL) crl).getIssuerDN();
+ X500DistinguishedName thisName = null;
+ if (p instanceof X500DistinguishedName)
+ thisName = (X500DistinguishedName) p;
+ else if (p instanceof X500Principal)
+ thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
+ else
+ thisName = new X500DistinguishedName(p.getName());
+ for (Iterator it = issuerNames.iterator(); it.hasNext(); )
+ {
+ X500DistinguishedName name = (X500DistinguishedName) it.next();
+ if (thisName.equals(name))
+ return true;
+ }
+ }
+ catch (Exception x)
+ {
+ }
+ return false;
+ }
+}
+
diff --git a/libjava/gnu/java/security/x509/X509CertPath.java b/libjava/gnu/java/security/x509/X509CertPath.java
new file mode 100644
index 0000000..0990abd
--- /dev/null
+++ b/libjava/gnu/java/security/x509/X509CertPath.java
@@ -0,0 +1,306 @@
+/* X509CertPath.java -- an X.509 certificate path.
+ Copyright (C) 2004 Free Software Fonudation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertPath;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DEREncodingException;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+/**
+ * A certificate path (or certificate chain) of X509Certificates.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class X509CertPath extends CertPath
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ public static final List ENCODINGS = Collections.unmodifiableList(
+ Arrays.asList(new String[] { "PkiPath", "PKCS7" }));
+
+ private static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2");
+ private static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
+
+ /** The certificate path. */
+ private List path;
+
+ /** The cached PKCS #7 encoded bytes. */
+ private byte[] pkcs_encoded;
+
+ /** The cached PkiPath encoded bytes. */
+ private byte[] pki_encoded;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public X509CertPath(List path)
+ {
+ super("X.509");
+ this.path = Collections.unmodifiableList(path);
+ }
+
+ public X509CertPath(InputStream in) throws CertificateEncodingException
+ {
+ this(in, (String) ENCODINGS.get(0));
+ }
+
+ public X509CertPath(InputStream in, String encoding)
+ throws CertificateEncodingException
+ {
+ super("X.509");
+ try
+ {
+ parse(in, encoding);
+ }
+ catch (IOException ioe)
+ {
+ throw new CertificateEncodingException();
+ }
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public List getCertificates()
+ {
+ return path; // already unmodifiable
+ }
+
+ public byte[] getEncoded() throws CertificateEncodingException
+ {
+ return getEncoded((String) ENCODINGS.get(0));
+ }
+
+ public byte[] getEncoded(String encoding) throws CertificateEncodingException
+ {
+ if (encoding.equalsIgnoreCase("PkiPath"))
+ {
+ if (pki_encoded == null)
+ {
+ try
+ {
+ pki_encoded = encodePki();
+ }
+ catch (IOException ioe)
+ {
+ throw new CertificateEncodingException();
+ }
+ }
+ return (byte[]) pki_encoded.clone();
+ }
+ else if (encoding.equalsIgnoreCase("PKCS7"))
+ {
+ if (pkcs_encoded == null)
+ {
+ try
+ {
+ pkcs_encoded = encodePKCS();
+ }
+ catch (IOException ioe)
+ {
+ throw new CertificateEncodingException();
+ }
+ }
+ return (byte[]) pkcs_encoded.clone();
+ }
+ else
+ throw new CertificateEncodingException("unknown encoding: " + encoding);
+ }
+
+ public Iterator getEncodings()
+ {
+ return ENCODINGS.iterator(); // already unmodifiable
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private void parse(InputStream in, String encoding)
+ throws CertificateEncodingException, IOException
+ {
+ DERReader der = new DERReader(in);
+ DERValue path = null;
+ if (encoding.equalsIgnoreCase("PkiPath"))
+ {
+ // PKI encoding is just a SEQUENCE of X.509 certificates.
+ path = der.read();
+ if (!path.isConstructed())
+ throw new DEREncodingException("malformed PkiPath");
+ }
+ else if (encoding.equalsIgnoreCase("PKCS7"))
+ {
+ // PKCS #7 encoding means that the certificates are contained in a
+ // SignedData PKCS #7 type.
+ //
+ // ContentInfo ::= SEQUENCE {
+ // contentType ::= ContentType,
+ // content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
+ //
+ // ContentType ::= OBJECT IDENTIFIER
+ //
+ // SignedData ::= SEQUENCE {
+ // version Version,
+ // digestAlgorithms DigestAlgorithmIdentifiers,
+ // contentInfo ContentInfo,
+ // certificates [0] IMPLICIT ExtendedCertificatesAndCertificates
+ // OPTIONAL,
+ // crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+ // signerInfos SignerInfos }
+ //
+ // Version ::= INTEGER
+ //
+ DERValue value = der.read();
+ if (!value.isConstructed())
+ throw new DEREncodingException("malformed ContentInfo");
+ value = der.read();
+ if (!(value.getValue() instanceof OID) ||
+ ((OID) value.getValue()).equals(PKCS7_SIGNED_DATA))
+ throw new DEREncodingException("not a SignedData");
+ value = der.read();
+ if (!value.isConstructed() || value.getTag() != 0)
+ throw new DEREncodingException("malformed content");
+ value = der.read();
+ if (value.getTag() != DER.INTEGER)
+ throw new DEREncodingException("malformed Version");
+ value = der.read();
+ if (!value.isConstructed() || value.getTag() != DER.SET)
+ throw new DEREncodingException("malformed DigestAlgorithmIdentifiers");
+ der.skip(value.getLength());
+ value = der.read();
+ if (!value.isConstructed())
+ throw new DEREncodingException("malformed ContentInfo");
+ der.skip(value.getLength());
+ path = der.read();
+ if (!path.isConstructed() || path.getTag() != 0)
+ throw new DEREncodingException("no certificates");
+ }
+ else
+ throw new CertificateEncodingException("unknown encoding: " + encoding);
+
+ LinkedList certs = new LinkedList();
+ int len = 0;
+ while (len < path.getLength())
+ {
+ DERValue cert = der.read();
+ try
+ {
+ certs.add(new X509Certificate(new ByteArrayInputStream(cert.getEncoded())));
+ }
+ catch (CertificateException ce)
+ {
+ throw new CertificateEncodingException(ce.getMessage());
+ }
+ len += cert.getEncodedLength();
+ der.skip(cert.getLength());
+ }
+
+ this.path = Collections.unmodifiableList(certs);
+ }
+
+ private byte[] encodePki()
+ throws CertificateEncodingException, IOException
+ {
+ synchronized (path)
+ {
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ for (Iterator i = path.iterator(); i.hasNext(); )
+ {
+ out.write(((Certificate) i.next()).getEncoded());
+ }
+ byte[] b = out.toByteArray();
+ DERValue val = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ b.length, b, null);
+ return val.getEncoded();
+ }
+ }
+
+ private byte[] encodePKCS()
+ throws CertificateEncodingException, IOException
+ {
+ synchronized (path)
+ {
+ ArrayList signedData = new ArrayList(5);
+ signedData.add(new DERValue(DER.INTEGER, BigInteger.ONE));
+ signedData.add(new DERValue(DER.CONSTRUCTED | DER.SET,
+ Collections.EMPTY_SET));
+ signedData.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ Collections.singletonList(
+ new DERValue(DER.OBJECT_IDENTIFIER, PKCS7_DATA))));
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ for (Iterator i = path.iterator(); i.hasNext(); )
+ {
+ out.write(((Certificate) i.next()).getEncoded());
+ }
+ byte[] b = out.toByteArray();
+ signedData.add(new DERValue(DER.CONSTRUCTED | DER.CONTEXT,
+ b.length, b, null));
+ DERValue sdValue = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ signedData);
+
+ ArrayList contentInfo = new ArrayList(2);
+ contentInfo.add(new DERValue(DER.OBJECT_IDENTIFIER, PKCS7_SIGNED_DATA));
+ contentInfo.add(new DERValue(DER.CONSTRUCTED | DER.CONTEXT, sdValue));
+ return new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ contentInfo).getEncoded();
+ }
+ }
+}
diff --git a/libjava/gnu/java/security/x509/X509CertSelectorImpl.java b/libjava/gnu/java/security/x509/X509CertSelectorImpl.java
new file mode 100644
index 0000000..4535cce
--- /dev/null
+++ b/libjava/gnu/java/security/x509/X509CertSelectorImpl.java
@@ -0,0 +1,199 @@
+/* X509CertSelectorImpl.java -- implementation of an X509CertSelector.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509;
+
+import java.io.IOException;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.security.cert.CertSelector;
+import java.security.cert.X509Certificate;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * Sun's implementation of X509CertSelector sucks. This one tries to work
+ * better.
+ */
+public class X509CertSelectorImpl implements CertSelector
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private Set issuerNames;
+ private Set subjectNames;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public X509CertSelectorImpl()
+ {
+ issuerNames = new HashSet();
+ subjectNames = new HashSet();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public void addIssuerName(byte[] issuerName) throws IOException
+ {
+ issuerNames.add(new X500DistinguishedName(issuerName));
+ }
+
+ public void addIssuerName(String issuerName)
+ {
+ issuerNames.add(new X500DistinguishedName(issuerName));
+ }
+
+ public void addIssuerName(Principal issuerName) throws IOException
+ {
+ if (issuerName instanceof X500DistinguishedName)
+ issuerNames.add(issuerName);
+ else if (issuerName instanceof X500Principal)
+ issuerNames.add(new X500DistinguishedName(((X500Principal) issuerName).getEncoded()));
+ else
+ issuerNames.add(new X500DistinguishedName(issuerName.getName()));
+ }
+
+ public Collection getIssuerNames()
+ {
+ return Collections.unmodifiableSet(issuerNames);
+ }
+
+ public void addSubjectName(byte[] subjectName) throws IOException
+ {
+ subjectNames.add(new X500DistinguishedName(subjectName));
+ }
+
+ public void addSubjectName(String subjectName) throws IOException
+ {
+ subjectNames.add(new X500DistinguishedName(subjectName));
+ }
+
+ public void addSubjectName(Principal subjectName) throws IOException
+ {
+ if (subjectName instanceof X500DistinguishedName)
+ subjectNames.add(subjectName);
+ else if (subjectName instanceof X500Principal)
+ subjectNames.add(new X500DistinguishedName(((X500Principal) subjectName).getEncoded()));
+ else
+ subjectNames.add(new X500DistinguishedName(subjectName.getName()));
+ }
+
+ public Collection getSubjectNames()
+ {
+ return Collections.unmodifiableSet(subjectNames);
+ }
+
+ public Object clone()
+ {
+ X509CertSelectorImpl copy = new X509CertSelectorImpl();
+ copy.issuerNames.addAll(issuerNames);
+ copy.subjectNames.addAll(subjectNames);
+ return copy;
+ }
+
+ public boolean match(Certificate cert)
+ {
+ if (!(cert instanceof X509Certificate))
+ return false;
+ boolean matchIssuer = false;
+ boolean matchSubject = false;
+ try
+ {
+ Principal p = ((X509Certificate) cert).getIssuerDN();
+ X500DistinguishedName thisName = null;
+ if (p instanceof X500DistinguishedName)
+ thisName = (X500DistinguishedName) p;
+ else if (p instanceof X500Principal)
+ thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
+ else
+ thisName = new X500DistinguishedName(p.getName());
+ if (issuerNames.isEmpty())
+ matchIssuer = true;
+ else
+ {
+ for (Iterator it = issuerNames.iterator(); it.hasNext(); )
+ {
+ X500DistinguishedName name = (X500DistinguishedName) it.next();
+ if (thisName.equals(name))
+ {
+ matchIssuer = true;
+ break;
+ }
+ }
+ }
+
+ p = ((X509Certificate) cert).getSubjectDN();
+ thisName = null;
+ if (p instanceof X500DistinguishedName)
+ thisName = (X500DistinguishedName) p;
+ else if (p instanceof X500Principal)
+ thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
+ else
+ thisName = new X500DistinguishedName(p.getName());
+ if (subjectNames.isEmpty())
+ matchSubject = true;
+ else
+ {
+ for (Iterator it = subjectNames.iterator(); it.hasNext(); )
+ {
+ X500DistinguishedName name = (X500DistinguishedName) it.next();
+ if (thisName.equals(name))
+ {
+ matchSubject = true;
+ break;
+ }
+ }
+ }
+ }
+ catch (Exception x)
+ {
+ }
+ return matchIssuer && matchSubject;
+ }
+}
+
diff --git a/libjava/gnu/java/security/x509/X509Certificate.java b/libjava/gnu/java/security/x509/X509Certificate.java
index 1ec2e87..25a56d4 100644
--- a/libjava/gnu/java/security/x509/X509Certificate.java
+++ b/libjava/gnu/java/security/x509/X509Certificate.java
@@ -1,5 +1,5 @@
/* X509Certificate.java -- X.509 certificate.
- Copyright (C) 2003 Free Software Foundation, Inc.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -42,7 +42,9 @@ import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.IOException;
import java.io.ObjectStreamException;
+import java.io.PrintWriter;
import java.io.Serializable;
+import java.io.StringWriter;
import java.math.BigInteger;
@@ -64,10 +66,12 @@ import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAParameterSpec;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -77,17 +81,14 @@ import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
-import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
-import gnu.java.security.der.BitString;
-import gnu.java.security.der.DER;
-import gnu.java.security.der.DERReader;
-import gnu.java.security.der.DERValue;
-import gnu.java.security.der.DERWriter;
+import gnu.java.security.der.*;
+import gnu.java.security.x509.ext.*;
/**
* An implementation of X.509 certificates.
@@ -95,65 +96,64 @@ import gnu.java.security.der.DERWriter;
* @author Casey Marshall (rsdio@metastatic.org)
*/
public class X509Certificate extends java.security.cert.X509Certificate
- implements Serializable
+ implements Serializable, GnuPKIExtension
{
// Constants and fields.
// ------------------------------------------------------------------------
- private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
- private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");
- private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
- private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2");
- private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4");
- private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5");
-
- private static final OID ID_EXTENSION = new OID("2.5.29");
- private static final OID ID_KEY_USAGE = ID_EXTENSION.getChild(15);
- private static final OID ID_BASIC_CONSTRAINTS = ID_EXTENSION.getChild(19);
- private static final OID ID_EXT_KEY_USAGE = ID_EXTENSION.getChild(37);
-
- private static final int OTHER_NAME = 0;
- private static final int RFC882_NAME = 1;
- private static final int DNS_NAME = 2;
- private static final int X400_ADDRESS = 3;
- private static final int DIRECTORY_NAME = 4;
- private static final int EDI_PARTY_NAME = 5;
- private static final int URI = 6;
- private static final int IP_ADDRESS = 7;
- private static final int REGISTERED_ID = 8;
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ if (DEBUG)
+ {
+ System.err.print(">> X509Certificate: ");
+ System.err.println(msg);
+ }
+ }
+ private static void debug(Throwable t)
+ {
+ if (DEBUG)
+ {
+ System.err.print(">> X509Certificate: ");
+ t.printStackTrace();
+ }
+ }
+
+ protected static final OID ID_DSA = new OID ("1.2.840.10040.4.1");
+ protected static final OID ID_DSA_WITH_SHA1 = new OID ("1.2.840.10040.4.3");
+ protected static final OID ID_RSA = new OID ("1.2.840.113549.1.1.1");
+ protected static final OID ID_RSA_WITH_MD2 = new OID ("1.2.840.113549.1.1.2");
+ protected static final OID ID_RSA_WITH_MD5 = new OID ("1.2.840.113549.1.1.4");
+ protected static final OID ID_RSA_WITH_SHA1 = new OID ("1.2.840.113549.1.1.5");
+ protected static final OID ID_ECDSA_WITH_SHA1 = new OID ("1.2.840.10045.4.1");
// This object SHOULD be serialized with an instance of
// java.security.cert.Certificate.CertificateRep, thus all fields are
// transient.
// The encoded certificate.
- private transient byte[] encoded;
+ protected transient byte[] encoded;
// TBSCertificate part.
- private transient byte[] tbsCertBytes;
- private transient int version;
- private transient BigInteger serialNo;
- private transient OID algId;
- private transient byte[] algVal;
- private transient X500Principal issuer;
- private transient Date notBefore;
- private transient Date notAfter;
- private transient X500Principal subject;
- private transient PublicKey subjectKey;
- private transient BitString issuerUniqueId;
- private transient BitString subjectUniqueId;
- private transient HashMap extensions;
- private transient HashSet critOids;
- private transient HashSet nonCritOids;
-
- private transient BitString keyUsage;
- private transient int basicConstraints = -1;
+ protected transient byte[] tbsCertBytes;
+ protected transient int version;
+ protected transient BigInteger serialNo;
+ protected transient OID algId;
+ protected transient byte[] algVal;
+ protected transient X500DistinguishedName issuer;
+ protected transient Date notBefore;
+ protected transient Date notAfter;
+ protected transient X500DistinguishedName subject;
+ protected transient PublicKey subjectKey;
+ protected transient BitString issuerUniqueId;
+ protected transient BitString subjectUniqueId;
+ protected transient Map extensions;
// Signature.
- private transient OID sigAlgId;
- private transient byte[] sigAlgVal;
- private transient byte[] signature;
+ protected transient OID sigAlgId;
+ protected transient byte[] sigAlgVal;
+ protected transient byte[] signature;
// Constructors.
// ------------------------------------------------------------------------
@@ -173,22 +173,29 @@ public class X509Certificate extends java.security.cert.X509Certificate
{
super();
extensions = new HashMap();
- critOids = new HashSet();
- nonCritOids = new HashSet();
try
{
parse(encoded);
}
catch (IOException ioe)
{
+ debug(ioe);
throw ioe;
}
catch (Exception e)
{
- throw new CertificateException(e.toString());
+ debug(e);
+ CertificateException ce = new CertificateException(e.getMessage());
+ ce.initCause (e);
+ throw ce;
}
}
+ protected X509Certificate()
+ {
+ extensions = new HashMap();
+ }
+
// X509Certificate methods.
// ------------------------------------------------------------------------
@@ -202,9 +209,13 @@ public class X509Certificate extends java.security.cert.X509Certificate
throws CertificateExpiredException, CertificateNotYetValidException
{
if (date.compareTo(notBefore) < 0)
- throw new CertificateNotYetValidException();
+ {
+ throw new CertificateNotYetValidException();
+ }
if (date.compareTo(notAfter) > 0)
- throw new CertificateExpiredException();
+ {
+ throw new CertificateExpiredException();
+ }
}
public int getVersion()
@@ -219,22 +230,22 @@ public class X509Certificate extends java.security.cert.X509Certificate
public Principal getIssuerDN()
{
- return getIssuerX500Principal();
+ return issuer;
}
public X500Principal getIssuerX500Principal()
{
- return issuer;
+ return new X500Principal(issuer.getDer());
}
public Principal getSubjectDN()
{
- return getSubjectX500Principal();
+ return subject;
}
public X500Principal getSubjectX500Principal()
{
- return subject;
+ return new X500Principal(subject.getDer());
}
public Date getNotBefore()
@@ -260,15 +271,22 @@ public class X509Certificate extends java.security.cert.X509Certificate
public String getSigAlgName()
{
if (sigAlgId.equals(ID_DSA_WITH_SHA1))
- return "SHA1withDSA";
- if (sigAlgId.equals(ID_RSA_WITH_MD2 ))
- return "MD2withRSA";
- if (sigAlgId.equals(ID_RSA_WITH_MD5 ))
- return "MD5withRSA";
- if (sigAlgId.equals(ID_RSA_WITH_SHA1 ))
- return "SHA1withRSA";
+ {
+ return "SHA1withDSA";
+ }
+ if (sigAlgId.equals(ID_RSA_WITH_MD2))
+ {
+ return "MD2withRSA";
+ }
+ if (sigAlgId.equals(ID_RSA_WITH_MD5))
+ {
+ return "MD5withRSA";
+ }
+ if (sigAlgId.equals(ID_RSA_WITH_SHA1))
+ {
+ return "SHA1withRSA";
+ }
return "unknown";
- // return sigAlgId.getShortName();
}
public String getSigAlgOID()
@@ -284,75 +302,81 @@ public class X509Certificate extends java.security.cert.X509Certificate
public boolean[] getIssuerUniqueID()
{
if (issuerUniqueId != null)
- return issuerUniqueId.toBooleanArray();
+ {
+ return issuerUniqueId.toBooleanArray();
+ }
return null;
}
public boolean[] getSubjectUniqueID()
{
if (subjectUniqueId != null)
- return subjectUniqueId.toBooleanArray();
+ {
+ return subjectUniqueId.toBooleanArray();
+ }
return null;
}
public boolean[] getKeyUsage()
{
- if (keyUsage != null)
- return keyUsage.toBooleanArray();
+ Extension e = getExtension(KeyUsage.ID);
+ if (e != null)
+ {
+ KeyUsage ku = (KeyUsage) e.getValue();
+ boolean[] result = new boolean[9];
+ boolean[] b = ku.getKeyUsage().toBooleanArray();
+ System.arraycopy(b, 0, result, 0, b.length);
+ return result;
+ }
return null;
}
public List getExtendedKeyUsage() throws CertificateParsingException
{
- byte[] ext = (byte[]) extensions.get("2.5.29.37");
- if (ext == null)
- return null;
- LinkedList usages = new LinkedList();
- try
+ Extension e = getExtension(ExtendedKeyUsage.ID);
+ if (e != null)
{
- DERReader der = new DERReader(new ByteArrayInputStream(ext));
- DERValue seq = der.read();
- if (!seq.isConstructed())
- throw new CertificateParsingException();
- int len = 0;
- while (len < seq.getLength())
+ List a = ((ExtendedKeyUsage) e.getValue()).getPurposeIds();
+ List b = new ArrayList(a.size());
+ for (Iterator it = a.iterator(); it.hasNext(); )
{
- DERValue oid = der.read();
- if (!(oid.getValue() instanceof OID))
- throw new CertificateParsingException();
- usages.add(oid.getValue().toString());
- len += DERWriter.definiteEncodingSize(oid.getLength())
- + oid.getLength() + 1;
+ b.add(it.next().toString());
}
+ return Collections.unmodifiableList(b);
}
- catch (IOException ioe)
- {
- throw new CertificateParsingException();
- }
- return usages;
+ return null;
}
public int getBasicConstraints()
{
- return basicConstraints;
+ Extension e = getExtension(BasicConstraints.ID);
+ if (e != null)
+ {
+ return ((BasicConstraints) e.getValue()).getPathLengthConstraint();
+ }
+ return -1;
}
public Collection getSubjectAlternativeNames()
throws CertificateParsingException
{
- byte[] ext = getExtensionValue("2.5.29.17");
- if (ext == null)
- return null;
- return getAltNames(ext);
+ Extension e = getExtension(SubjectAlternativeNames.ID);
+ if (e != null)
+ {
+ return ((SubjectAlternativeNames) e.getValue()).getNames();
+ }
+ return null;
}
public Collection getIssuerAlternativeNames()
throws CertificateParsingException
{
- byte[] ext = getExtensionValue("2.5.29.18");
- if (ext == null)
- return null;
- return getAltNames(ext);
+ Extension e = getExtension(IssuerAlternativeNames.ID);
+ if (e != null)
+ {
+ return ((IssuerAlternativeNames) e.getValue()).getNames();
+ }
+ return null;
}
// X509Extension methods.
@@ -360,12 +384,10 @@ public class X509Certificate extends java.security.cert.X509Certificate
public boolean hasUnsupportedCriticalExtension()
{
- for (Iterator it = critOids.iterator(); it.hasNext(); )
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
{
- String oid = (String) it.next();
- if (!oid.equals("2.5.29.15") && !oid.equals("2.5.29.17") &&
- !oid.equals("2.5.29.18") && !oid.equals("2.5.29.19") &&
- !oid.equals("2.5.29.37"))
+ Extension e = (Extension) it.next();
+ if (e.isCritical() && !e.isSupported())
return true;
}
return false;
@@ -373,24 +395,53 @@ public class X509Certificate extends java.security.cert.X509Certificate
public Set getCriticalExtensionOIDs()
{
- return Collections.unmodifiableSet(critOids);
+ HashSet s = new HashSet();
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (e.isCritical())
+ s.add(e.getOid().toString());
+ }
+ return Collections.unmodifiableSet(s);
}
public Set getNonCriticalExtensionOIDs()
{
- return Collections.unmodifiableSet(nonCritOids);
+ HashSet s = new HashSet();
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ Extension e = (Extension) it.next();
+ if (!e.isCritical())
+ s.add(e.getOid().toString());
+ }
+ return Collections.unmodifiableSet(s);
}
public byte[] getExtensionValue(String oid)
{
- byte[] ext = (byte[]) extensions.get(oid);
- if (ext != null)
- return (byte[]) ext.clone();
+ Extension e = getExtension(new OID(oid));
+ if (e != null)
+ {
+ return e.getValue().getEncoded();
+ }
return null;
}
+ // GnuPKIExtension method.
+ // -------------------------------------------------------------------------
+
+ public Extension getExtension(OID oid)
+ {
+ return (Extension) extensions.get(oid);
+ }
+
+ public Collection getExtensions()
+ {
+ return extensions.values();
+ }
+
// Certificate methods.
- // ------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
public byte[] getEncoded() throws CertificateEncodingException
{
@@ -398,7 +449,7 @@ public class X509Certificate extends java.security.cert.X509Certificate
}
public void verify(PublicKey key)
- throws CertificateException, NoSuchAlgorithmException,
+ throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException
{
Signature sig = Signature.getInstance(sigAlgId.toString());
@@ -415,8 +466,50 @@ public class X509Certificate extends java.security.cert.X509Certificate
public String toString()
{
- // XXX say more than this.
- return gnu.java.security.x509.X509Certificate.class.getName();
+ StringWriter str = new StringWriter();
+ PrintWriter out = new PrintWriter(str);
+ out.println(X509Certificate.class.getName() + " {");
+ out.println(" TBSCertificate {");
+ out.println(" version = " + version + ";");
+ out.println(" serialNo = " + serialNo + ";");
+ out.println(" signature = {");
+ out.println(" algorithm = " + getSigAlgName() + ";");
+ out.print(" parameters =");
+ if (sigAlgVal != null)
+ {
+ out.println();
+ out.print(Util.hexDump(sigAlgVal, " "));
+ }
+ else
+ {
+ out.println(" null;");
+ }
+ out.println(" }");
+ out.println(" issuer = " + issuer.getName() + ";");
+ out.println(" validity = {");
+ out.println(" notBefore = " + notBefore + ";");
+ out.println(" notAfter = " + notAfter + ";");
+ out.println(" }");
+ out.println(" subject = " + subject.getName() + ";");
+ out.println(" subjectPublicKeyInfo = {");
+ out.println(" algorithm = " + subjectKey.getAlgorithm());
+ out.println(" key =");
+ out.print(Util.hexDump(subjectKey.getEncoded(), " "));
+ out.println(" };");
+ out.println(" issuerUniqueId = " + issuerUniqueId + ";");
+ out.println(" subjectUniqueId = " + subjectUniqueId + ";");
+ out.println(" extensions = {");
+ for (Iterator it = extensions.values().iterator(); it.hasNext(); )
+ {
+ out.println(" " + it.next());
+ }
+ out.println(" }");
+ out.println(" }");
+ out.println(" signatureAlgorithm = " + getSigAlgName() + ";");
+ out.println(" signatureValue =");
+ out.print(Util.hexDump(signature, " "));
+ out.println("}");
+ return str.toString();
}
public PublicKey getPublicKey()
@@ -424,11 +517,25 @@ public class X509Certificate extends java.security.cert.X509Certificate
return subjectKey;
}
- protected Object writeReplace() throws ObjectStreamException
+ public boolean equals(Object other)
{
- return super.writeReplace();
+ if (!(other instanceof X509Certificate))
+ return false;
+ try
+ {
+ if (other instanceof X509Certificate)
+ return Arrays.equals(encoded, ((X509Certificate) other).encoded);
+ byte[] enc = ((X509Certificate) other).getEncoded();
+ if (enc == null)
+ return false;
+ return Arrays.equals(encoded, enc);
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return false;
+ }
}
-
+
// Own methods.
// ------------------------------------------------------------------------
@@ -438,68 +545,13 @@ public class X509Certificate extends java.security.cert.X509Certificate
private void doVerify(Signature sig, PublicKey key)
throws CertificateException, InvalidKeyException, SignatureException
{
+ debug("verifying sig=" + sig + " key=" + key);
sig.initVerify(key);
sig.update(tbsCertBytes);
if (!sig.verify(signature))
- throw new CertificateException("signature not validated");
- }
-
- /**
- * Read a GeneralNames structure.
- */
- private List getAltNames(byte[] encoded)
- throws CertificateParsingException
- {
- LinkedList names = new LinkedList();
- try
- {
- ByteArrayInputStream in = new ByteArrayInputStream(encoded);
- DERReader der = new DERReader(in);
- DERValue seq = der.read();
- if (!seq.isConstructed())
- throw new CertificateParsingException();
- int len = 0;
- while (len < seq.getLength())
- {
- DERValue name = der.read();
- ArrayList pair = new ArrayList(2);
- Object nameVal = null;
- switch (name.getTag())
- {
- case RFC882_NAME:
- case DNS_NAME:
- case URI:
- nameVal = new String((byte[]) name.getValue());
- break;
- case IP_ADDRESS:
- nameVal = InetAddress.getByAddress(
- (byte[]) name.getValue()).getHostAddress();
- break;
- case REGISTERED_ID:
- nameVal = new OID((byte[]) name.getValue());
- break;
- case OTHER_NAME:
- case X400_ADDRESS:
- case DIRECTORY_NAME:
- case EDI_PARTY_NAME:
- nameVal = name.getEncoded();
- break;
- default:
- throw new CertificateParsingException();
- }
- pair.add(new Integer(name.getTag()));
- pair.add(nameVal);
- names.add(pair);
- if (name.isConstructed())
- in.skip(name.getLength());
- len += name.getEncodedLength();
- }
- }
- catch (IOException ioe)
{
- throw new CertificateParsingException(ioe.toString());
+ throw new CertificateException("signature not validated");
}
- return Collections.unmodifiableList(names);
}
/**
@@ -513,20 +565,27 @@ public class X509Certificate extends java.security.cert.X509Certificate
// Certificate ::= SEQUENCE {
DERValue cert = der.read();
+ debug("start Certificate len == " + cert.getLength());
+
this.encoded = cert.getEncoded();
if (!cert.isConstructed())
- throw new ASN1ParsingException("malformed Certificate");
+ {
+ throw new IOException("malformed Certificate");
+ }
// TBSCertificate ::= SEQUENCE {
DERValue tbsCert = der.read();
if (tbsCert.getValue() != DER.CONSTRUCTED_VALUE)
- throw new ASN1ParsingException("malformed TBSCertificate");
+ {
+ throw new IOException("malformed TBSCertificate");
+ }
tbsCertBytes = tbsCert.getEncoded();
+ debug("start TBSCertificate len == " + tbsCert.getLength());
+ // Version ::= INTEGER [0] { v1(0), v2(1), v3(2) }
DERValue val = der.read();
if (val.getTagClass() == DER.CONTEXT && val.getTag() == 0)
{
- // Version ::= INTEGER [0] { v1(0), v2(1), v3(2) }
version = ((BigInteger) der.read().getValue()).intValue() + 1;
val = der.read();
}
@@ -534,163 +593,154 @@ public class X509Certificate extends java.security.cert.X509Certificate
{
version = 1;
}
+ debug("read version == " + version);
+
// SerialNumber ::= INTEGER
serialNo = (BigInteger) val.getValue();
+ debug("read serial number == " + serialNo);
// AlgorithmIdentifier ::= SEQUENCE {
val = der.read();
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed AlgorithmIdentifier");
+ {
+ throw new IOException("malformed AlgorithmIdentifier");
+ }
int certAlgLen = val.getLength();
+ debug("start AlgorithmIdentifier len == " + certAlgLen);
val = der.read();
+
+ // algorithm OBJECT IDENTIFIER,
algId = (OID) val.getValue();
+ debug("read algorithm ID == " + algId);
+
+ // parameters ANY DEFINED BY algorithm OPTIONAL }
if (certAlgLen > val.getEncodedLength())
{
val = der.read();
if (val == null)
- algVal = null;
+ {
+ algVal = null;
+ }
else
- algVal = val.getEncoded();
+ {
+ algVal = val.getEncoded();
+ }
if (val.isConstructed())
- encoded.skip(val.getLength());
+ {
+ encoded.skip(val.getLength());
+ }
+ debug("read algorithm parameters == " + algVal);
}
- issuer = new X500Principal(encoded);
+ // issuer Name,
+ val = der.read();
+ issuer = new X500DistinguishedName(val.getEncoded());
+ der.skip(val.getLength());
+ debug("read issuer == " + issuer);
+ // Validity ::= SEQUENCE {
+ // notBefore Time,
+ // notAfter Time }
if (!der.read().isConstructed())
- throw new ASN1ParsingException("malformed Validity");
+ {
+ throw new IOException("malformed Validity");
+ }
notBefore = (Date) der.read().getValue();
notAfter = (Date) der.read().getValue();
+ debug("read notBefore == " + notBefore);
+ debug("read notAfter == " + notAfter);
- subject = new X500Principal(encoded);
-
- if (!der.read().isConstructed())
- throw new ASN1ParsingException("malformed SubjectPublicKeyInfo");
-
- val = der.read();
- if (!val.isConstructed())
- throw new ASN1ParsingException("malformed AlgorithmIdentifier");
- int keyAlgLen = val.getLength();
+ // subject Name,
val = der.read();
- OID keyID = (OID) val.getValue();
- byte[] keyParams = null;
- if (keyAlgLen > val.getEncodedLength())
+ subject = new X500DistinguishedName(val.getEncoded());
+ der.skip(val.getLength());
+ debug("read subject == " + subject);
+
+ // SubjectPublicKeyInfo ::= SEQUENCE {
+ // algorithm AlgorithmIdentifier,
+ // subjectPublicKey BIT STRING }
+ DERValue spki = der.read();
+ if (!spki.isConstructed())
{
- val = der.read();
- keyParams = val.getEncoded();
- if (algVal == null)
- algVal = keyParams;
- if (val.isConstructed())
- encoded.skip(val.getLength());
+ throw new IOException("malformed SubjectPublicKeyInfo");
}
- val = der.read();
- byte[] keyVal = ((BitString) val.getValue()).toByteArray();
+ KeyFactory spkFac = KeyFactory.getInstance("X.509");
+ subjectKey = spkFac.generatePublic(new X509EncodedKeySpec(spki.getEncoded()));
+ der.skip(spki.getLength());
+ debug("read subjectPublicKey == " + subjectKey);
- if (keyID.equals(ID_DSA))
- {
- AlgorithmParameters params = AlgorithmParameters.getInstance("DSA");
- params.init(keyParams, "ASN.1");
- KeyFactory keyFac = KeyFactory.getInstance("DSA");
- DSAParameterSpec spec = (DSAParameterSpec)
- params.getParameterSpec(DSAParameterSpec.class);
- subjectKey = keyFac.generatePublic(new DSAPublicKeySpec(
- (BigInteger) new DERReader(keyVal).read().getValue(),
- spec.getP(), spec.getQ(), spec.getG()));
- }
- else if (keyID.equals(ID_RSA))
+ if (version > 1)
{
- KeyFactory keyFac = KeyFactory.getInstance("RSA");
- DERReader rsaKey = new DERReader(keyVal);
- if (!rsaKey.read().isConstructed())
- throw new ASN1ParsingException("malformed RSAPublicKey");
- subjectKey = keyFac.generatePublic(new RSAPublicKeySpec(
- (BigInteger) rsaKey.read().getValue(),
- (BigInteger) rsaKey.read().getValue()));
+ val = der.read();
}
- else
- throw new ASN1ParsingException("unknown key algorithm " + keyID);
-
- if (version > 1)
- val = der.read();
if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 1)
{
byte[] b = (byte[]) val.getValue();
issuerUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF);
+ debug("read issuerUniqueId == " + issuerUniqueId);
val = der.read();
}
if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 2)
{
byte[] b = (byte[]) val.getValue();
subjectUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF);
+ debug("read subjectUniqueId == " + subjectUniqueId);
val = der.read();
}
if (version >= 3 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 3)
{
val = der.read();
+ debug("start Extensions len == " + val.getLength());
int len = 0;
while (len < val.getLength())
{
DERValue ext = der.read();
- OID extId = (OID) der.read().getValue();
- DERValue val2 = der.read();
- Boolean crit = Boolean.valueOf(false);
- if (val2.getValue() instanceof Boolean)
- {
- crit = (Boolean) val2.getValue();
- val2 = der.read();
- }
- byte[] extVal = (byte[]) val2.getValue();
- extensions.put(extId.toString(), extVal);
- if (crit.booleanValue())
- critOids.add(extId.toString());
- else
- nonCritOids.add(extId.toString());
- if (extId.equals(ID_KEY_USAGE))
- {
- keyUsage = (BitString) DERReader.read(extVal).getValue();
- }
- else if (extId.equals(ID_BASIC_CONSTRAINTS))
- {
- DERReader bc = new DERReader(extVal);
- DERValue constraints = bc.read();
- if (!constraints.isConstructed())
- throw new ASN1ParsingException("malformed BasicConstraints");
- if (constraints.getLength() > 0)
- {
- boolean ca = false;
- int constr = -1;
- val2 = bc.read();
- if (val2.getValue() instanceof Boolean)
- {
- ca = ((Boolean) val2.getValue()).booleanValue();
- if (constraints.getLength() > val2.getEncodedLength())
- val2 = bc.read();
- }
- if (val2.getValue() instanceof BigInteger)
- constr = ((BigInteger) val2.getValue()).intValue();
- basicConstraints = constr;
- }
- }
+ debug("start extension len == " + ext.getLength());
+ Extension e = new Extension(ext.getEncoded());
+ extensions.put(e.getOid(), e);
+ der.skip(ext.getLength());
len += ext.getEncodedLength();
+ debug("count == " + len);
}
}
val = der.read();
if (!val.isConstructed())
- throw new ASN1ParsingException("malformed AlgorithmIdentifier");
+ {
+ throw new IOException("malformed AlgorithmIdentifier");
+ }
int sigAlgLen = val.getLength();
+ debug("start AlgorithmIdentifier len == " + sigAlgLen);
val = der.read();
sigAlgId = (OID) val.getValue();
+ debug("read algorithm id == " + sigAlgId);
if (sigAlgLen > val.getEncodedLength())
{
val = der.read();
if (val.getValue() == null)
- sigAlgVal = keyParams;
+ {
+ if (subjectKey instanceof DSAPublicKey)
+ {
+ AlgorithmParameters params =
+ AlgorithmParameters.getInstance("DSA");
+ DSAParams dsap = ((DSAPublicKey) subjectKey).getParams();
+ DSAParameterSpec spec =
+ new DSAParameterSpec(dsap.getP(), dsap.getQ(), dsap.getG());
+ params.init(spec);
+ sigAlgVal = params.getEncoded();
+ }
+ }
else
- sigAlgVal = (byte[]) val.getEncoded();
+ {
+ sigAlgVal = (byte[]) val.getEncoded();
+ }
if (val.isConstructed())
- encoded.skip(val.getLength());
+ {
+ encoded.skip(val.getLength());
+ }
+ debug("read parameters == " + sigAlgVal);
}
signature = ((BitString) der.read().getValue()).toByteArray();
+ debug("read signature ==\n" + Util.hexDump(signature, ">>>> "));
}
}
diff --git a/libjava/gnu/java/security/x509/ext/AuthorityKeyIdentifier.java b/libjava/gnu/java/security/x509/ext/AuthorityKeyIdentifier.java
new file mode 100644
index 0000000..6f4e00b
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/AuthorityKeyIdentifier.java
@@ -0,0 +1,134 @@
+/* AuthorityKeyIdentifier.java -- Authority key identifier extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.List;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.x509.Util;
+
+public class AuthorityKeyIdentifier extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.35");
+
+ private final byte[] keyIdentifier;
+ private final GeneralNames authorityCertIssuer;
+ private final BigInteger authorityCertSerialNumber;
+
+ // Contstructor.
+ // -------------------------------------------------------------------------
+
+ public AuthorityKeyIdentifier(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERReader der = new DERReader(encoded);
+
+ // AuthorityKeyIdentifier ::= SEQUENCE {
+ DERValue val = der.read();
+ if (!val.isConstructed())
+ throw new IOException("malformed AuthorityKeyIdentifier");
+ if (val.getLength() > 0)
+ val = der.read();
+
+ // keyIdentifier [0] KeyIdentifier OPTIONAL,
+ // KeyIdentifier ::= OCTET STRING
+ if (val.getTagClass() == DER.APPLICATION && val.getTag() == 0)
+ {
+ keyIdentifier = (byte[]) val.getValue();
+ val = der.read();
+ }
+ else
+ keyIdentifier = null;
+
+ // authorityCertIssuer [1] GeneralNames OPTIONAL,
+ if (val.getTagClass() == DER.APPLICATION && val.getTag() == 1)
+ {
+ byte[] b = val.getEncoded();
+ b[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE);
+ authorityCertIssuer = new GeneralNames(b);
+ der.skip(val.getLength());
+ val = der.read();
+ }
+ else
+ authorityCertIssuer = null;
+
+ // authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
+ if (val.getTagClass() == DER.APPLICATION && val.getTag() == 2)
+ {
+ authorityCertSerialNumber = new BigInteger((byte[]) val.getValue());
+ }
+ else
+ authorityCertSerialNumber = null;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public byte[] getKeyIdentifier()
+ {
+ return keyIdentifier != null ? (byte[]) keyIdentifier.clone() : null;
+ }
+
+ public GeneralNames getAuthorityCertIssuer()
+ {
+ return authorityCertIssuer;
+ }
+
+ public BigInteger getAuthorityCertSerialNumber()
+ {
+ return authorityCertSerialNumber;
+ }
+
+ public String toString()
+ {
+ return AuthorityKeyIdentifier.class.getName() + " [ keyId=" +
+ (keyIdentifier != null ? Util.toHexString (keyIdentifier, ':') : "nil") +
+ " authorityCertIssuer=" + authorityCertIssuer +
+ " authorityCertSerialNumbe=" + authorityCertSerialNumber + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/BasicConstraints.java b/libjava/gnu/java/security/x509/ext/BasicConstraints.java
new file mode 100644
index 0000000..f720d22
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/BasicConstraints.java
@@ -0,0 +1,129 @@
+/* BasicConstraints.java -- the basic constraints extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.List;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class BasicConstraints extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.19");
+
+ private final boolean ca;
+ private final int pathLenConstraint;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public BasicConstraints(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERReader der = new DERReader(encoded);
+ DERValue bc = der.read();
+ if (!bc.isConstructed())
+ throw new IOException("malformed BasicConstraints");
+ DERValue val = bc;
+ if (bc.getLength() > 0)
+ val = der.read();
+ if (val.getTag() == DER.BOOLEAN)
+ {
+ ca = ((Boolean) val.getValue()).booleanValue();
+ if (val.getEncodedLength() < bc.getLength())
+ val = der.read();
+ }
+ else
+ ca = false;
+ if (val.getTag() == DER.INTEGER)
+ {
+ pathLenConstraint = ((BigInteger) val.getValue()).intValue();
+ }
+ else
+ pathLenConstraint = -1;
+ }
+
+ public BasicConstraints (final boolean ca, final int pathLenConstraint)
+ {
+ this.ca = ca;
+ this.pathLenConstraint = pathLenConstraint;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public boolean isCA()
+ {
+ return ca;
+ }
+
+ public int getPathLengthConstraint()
+ {
+ return pathLenConstraint;
+ }
+
+ public byte[] getEncoded()
+ {
+ if (encoded == null)
+ {
+ List bc = new ArrayList (2);
+ bc.add (new DERValue (DER.BOOLEAN, new Boolean (ca)));
+ if (pathLenConstraint >= 0)
+ bc.add (new DERValue (DER.INTEGER,
+ BigInteger.valueOf ((long) pathLenConstraint)));
+ encoded = new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, bc).getEncoded();
+ }
+ return (byte[]) encoded.clone();
+ }
+
+ public String toString()
+ {
+ return BasicConstraints.class.getName() + " [ isCA=" + ca +
+ " pathLen=" + pathLenConstraint + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/CRLNumber.java b/libjava/gnu/java/security/x509/ext/CRLNumber.java
new file mode 100644
index 0000000..556aa30
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/CRLNumber.java
@@ -0,0 +1,97 @@
+/* CRLNumber.java -- CRL number extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class CRLNumber extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.20");
+
+ private final BigInteger number;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public CRLNumber(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERValue val = DERReader.read(encoded);
+ if (val.getTag() != DER.INTEGER)
+ throw new IOException("malformed CRLNumber");
+ number = (BigInteger) val.getValue();
+ }
+
+ public CRLNumber (final BigInteger number)
+ {
+ this.number = number;
+ }
+
+ // Instance method.
+ // -------------------------------------------------------------------------
+
+ public BigInteger getNumber()
+ {
+ return number;
+ }
+
+ public byte[] getEncoded()
+ {
+ if (encoded == null)
+ {
+ encoded = new DERValue (DER.INTEGER, number).getEncoded();
+ }
+ return (byte[]) encoded.clone();
+ }
+
+ public String toString()
+ {
+ return CRLNumber.class.getName() + " [ " + number + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/CertificatePolicies.java b/libjava/gnu/java/security/x509/ext/CertificatePolicies.java
new file mode 100644
index 0000000..206fa7e
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/CertificatePolicies.java
@@ -0,0 +1,191 @@
+/* CertificatePolicies.java -- certificate policy extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.cert.PolicyQualifierInfo;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class CertificatePolicies extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.32");
+
+ private final List policies;
+ private final Map policyQualifierInfos;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public CertificatePolicies(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERReader der = new DERReader(encoded);
+ DERValue pol = der.read();
+ if (!pol.isConstructed())
+ throw new IOException("malformed CertificatePolicies");
+
+ int len = 0;
+ LinkedList policyList = new LinkedList();
+ HashMap qualifierMap = new HashMap();
+ while (len < pol.getLength())
+ {
+ DERValue policyInfo = der.read();
+ if (!policyInfo.isConstructed())
+ throw new IOException("malformed PolicyInformation");
+ DERValue val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed CertPolicyId");
+ OID policyId = (OID) val.getValue();
+ policyList.add(policyId);
+ if (val.getEncodedLength() < policyInfo.getLength())
+ {
+ DERValue qual = der.read();
+ int len2 = 0;
+ LinkedList quals = new LinkedList();
+ while (len2 < qual.getLength())
+ {
+ val = der.read();
+ quals.add(new PolicyQualifierInfo(val.getEncoded()));
+ der.skip(val.getLength());
+ len2 += val.getEncodedLength();
+ }
+ qualifierMap.put(policyId, quals);
+ }
+ len += policyInfo.getEncodedLength();
+ }
+
+ policies = Collections.unmodifiableList(policyList);
+ policyQualifierInfos = Collections.unmodifiableMap(qualifierMap);
+ }
+
+ public CertificatePolicies (final List policies,
+ final Map policyQualifierInfos)
+ {
+ for (Iterator it = policies.iterator(); it.hasNext(); )
+ if (!(it.next() instanceof OID))
+ throw new IllegalArgumentException ("policies must be OIDs");
+ for (Iterator it = policyQualifierInfos.entrySet().iterator(); it.hasNext();)
+ {
+ Map.Entry e = (Map.Entry) it.next();
+ if (!(e.getKey() instanceof OID) || !policies.contains (e.getKey()))
+ throw new IllegalArgumentException
+ ("policyQualifierInfos keys must be OIDs");
+ if (!(e.getValue() instanceof List))
+ throw new IllegalArgumentException
+ ("policyQualifierInfos values must be Lists of PolicyQualifierInfos");
+ for (Iterator it2 = ((List) e.getValue()).iterator(); it.hasNext(); )
+ if (!(it2.next() instanceof PolicyQualifierInfo))
+ throw new IllegalArgumentException
+ ("policyQualifierInfos values must be Lists of PolicyQualifierInfos");
+ }
+ this.policies = Collections.unmodifiableList (new ArrayList (policies));
+ this.policyQualifierInfos = Collections.unmodifiableMap
+ (new HashMap (policyQualifierInfos));
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public List getPolicies()
+ {
+ return policies;
+ }
+
+ public List getPolicyQualifierInfos(OID oid)
+ {
+ return (List) policyQualifierInfos.get(oid);
+ }
+
+ public byte[] getEncoded()
+ {
+ if (encoded == null)
+ {
+ List pol = new ArrayList (policies.size());
+ for (Iterator it = policies.iterator(); it.hasNext(); )
+ {
+ OID policy = (OID) it.next();
+ List qualifiers = getPolicyQualifierInfos (policy);
+ List l = new ArrayList (qualifiers == null ? 1 : 2);
+ l.add (new DERValue (DER.OBJECT_IDENTIFIER, policy));
+ if (qualifiers != null)
+ {
+ List ll = new ArrayList (qualifiers.size());
+ for (Iterator it2 = qualifiers.iterator(); it.hasNext(); )
+ {
+ PolicyQualifierInfo info = (PolicyQualifierInfo) it2.next();
+ try
+ {
+ ll.add (DERReader.read (info.getEncoded()));
+ }
+ catch (IOException ioe)
+ {
+ }
+ }
+ l.add (new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, ll));
+ }
+ pol.add (new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, l));
+ }
+ encoded = new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, pol).getEncoded();
+ }
+ return (byte[]) encoded.clone();
+ }
+
+ public String toString()
+ {
+ return CertificatePolicies.class.getName() + " [ policies=" + policies +
+ " policyQualifierInfos=" + policyQualifierInfos + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/ExtendedKeyUsage.java b/libjava/gnu/java/security/x509/ext/ExtendedKeyUsage.java
new file mode 100644
index 0000000..e2a98e0
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/ExtendedKeyUsage.java
@@ -0,0 +1,95 @@
+/* ExtendedKeyUsage.java -- the extended key usage extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class ExtendedKeyUsage extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.37");
+
+ private final List purposeIds;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public ExtendedKeyUsage(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERReader der = new DERReader(encoded);
+ DERValue usageList = der.read();
+ if (!usageList.isConstructed())
+ throw new IOException("malformed ExtKeyUsageSyntax");
+ int len = 0;
+ purposeIds = new LinkedList();
+ while (len < usageList.getLength())
+ {
+ DERValue val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed KeyPurposeId");
+ purposeIds.add(val.getValue());
+ len += val.getEncodedLength();
+ }
+ }
+
+ // Instance method.
+ // -------------------------------------------------------------------------
+
+ public List getPurposeIds()
+ {
+ return Collections.unmodifiableList(purposeIds);
+ }
+
+ public String toString()
+ {
+ return ExtendedKeyUsage.class.getName() + " [ " + purposeIds + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/Extension.java b/libjava/gnu/java/security/x509/ext/Extension.java
new file mode 100644
index 0000000..ccbd60c
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/Extension.java
@@ -0,0 +1,289 @@
+/* Extension.java -- an X.509 certificate or CRL extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.x509.Util;
+
+public class Extension
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ System.err.print(">> Extension: ");
+ System.err.println(msg);
+ }
+
+ /**
+ * This extension's object identifier.
+ */
+ protected final OID oid;
+
+ /**
+ * The criticality flag.
+ */
+ protected final boolean critical;
+
+ /**
+ * Whether or not this extension is locally supported.
+ */
+ protected boolean isSupported;
+
+ /**
+ * The extension value.
+ */
+ protected final Value value;
+
+ /**
+ * The DER encoded form.
+ */
+ protected byte[] encoded;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public Extension(byte[] encoded) throws IOException
+ {
+ this.encoded = (byte[]) encoded.clone();
+ DERReader der = new DERReader(encoded);
+
+ // Extension ::= SEQUENCE {
+ DERValue val = der.read();
+ if (DEBUG) debug("read val tag == " + val.getTag() + " len == " + val.getLength());
+ if (!val.isConstructed())
+ throw new IOException("malformed Extension");
+
+ // extnID OBJECT IDENTIFIER,
+ val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("expecting OBJECT IDENTIFIER");
+ oid = (OID) val.getValue();
+ if (DEBUG) debug("read oid == " + oid);
+
+ // critical BOOLEAN DEFAULT FALSE,
+ val = der.read();
+ if (val.getTag() == DER.BOOLEAN)
+ {
+ critical = ((Boolean) val.getValue()).booleanValue();
+ val = der.read();
+ }
+ else
+ critical = false;
+ if (DEBUG) debug("is critical == " + critical);
+
+ // extnValue OCTET STRING }
+ if (val.getTag() != DER.OCTET_STRING)
+ throw new IOException("expecting OCTET STRING");
+ byte[] encval = (byte[]) val.getValue();
+ isSupported = true;
+ if (oid.equals(AuthorityKeyIdentifier.ID))
+ {
+ value = new AuthorityKeyIdentifier(encval);
+ }
+ else if (oid.equals(SubjectKeyIdentifier.ID))
+ {
+ value = new SubjectKeyIdentifier(encval);
+ }
+ else if (oid.equals(KeyUsage.ID))
+ {
+ value = new KeyUsage(encval);
+ }
+ else if (oid.equals(PrivateKeyUsagePeriod.ID))
+ {
+ value = new PrivateKeyUsagePeriod(encval);
+ }
+ else if (oid.equals(CertificatePolicies.ID))
+ {
+ value = new CertificatePolicies(encval);
+ }
+ else if (oid.equals (PolicyConstraint.ID))
+ {
+ value = new PolicyConstraint (encval);
+ }
+ else if (oid.equals(PolicyMappings.ID))
+ {
+ value = new PolicyMappings(encval);
+ }
+ else if (oid.equals(SubjectAlternativeNames.ID))
+ {
+ value = new SubjectAlternativeNames(encval);
+ }
+ else if (oid.equals(IssuerAlternativeNames.ID))
+ {
+ value = new IssuerAlternativeNames(encval);
+ }
+ else if (oid.equals(BasicConstraints.ID))
+ {
+ value = new BasicConstraints(encval);
+ }
+ else if (oid.equals(ExtendedKeyUsage.ID))
+ {
+ value = new ExtendedKeyUsage(encval);
+ }
+ else if (oid.equals(CRLNumber.ID))
+ {
+ value = new CRLNumber(encval);
+ }
+ else if (oid.equals(ReasonCode.ID))
+ {
+ value = new ReasonCode(encval);
+ }
+ else
+ {
+ value = new Value(encval);
+ isSupported = false;
+ }
+ if (DEBUG) debug("read value == " + value);
+ }
+
+ public Extension (final OID oid, final Value value, final boolean critical)
+ {
+ this.oid = oid;
+ this.value = value;
+ this.critical = critical;
+ isSupported = true;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public OID getOid()
+ {
+ return oid;
+ }
+
+ public boolean isCritical()
+ {
+ return critical;
+ }
+
+ public boolean isSupported()
+ {
+ return isSupported;
+ }
+
+ public Value getValue()
+ {
+ return value;
+ }
+
+ public byte[] getEncoded()
+ {
+ if (encoded == null)
+ encode();
+ return (byte[]) encoded.clone();
+ }
+
+ public String toString()
+ {
+ return Extension.class.getName() + " [ id=" + oid + " critical=" +
+ critical + " value=" + value + " ]";
+ }
+
+ public DERValue getDerValue()
+ {
+ List ext = new ArrayList (3);
+ ext.add (new DERValue (DER.OBJECT_IDENTIFIER, oid));
+ ext.add (new DERValue (DER.BOOLEAN, new Boolean (critical)));
+ ext.add (new DERValue (DER.OCTET_STRING, value.getEncoded()));
+ return new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, ext);
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private void encode()
+ {
+ encoded = getDerValue().getEncoded();
+ }
+
+ // Inner class.
+ // -------------------------------------------------------------------------
+
+ public static class Value
+ {
+
+ // Fields.
+ // -----------------------------------------------------------------------
+
+ protected byte[] encoded;
+
+ // Constructor.
+ // -----------------------------------------------------------------------
+
+ public Value(byte[] encoded)
+ {
+ this.encoded = (byte[]) encoded.clone();
+ }
+
+ protected Value() { }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public byte[] getEncoded()
+ {
+ return (byte[]) encoded;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof Value))
+ return false;
+ return Arrays.equals(encoded, ((Value) o).encoded);
+ }
+
+ public String toString()
+ {
+ return Util.toHexString(encoded, ':');
+ }
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/GeneralNames.java b/libjava/gnu/java/security/x509/ext/GeneralNames.java
new file mode 100644
index 0000000..fc9a73b
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/GeneralNames.java
@@ -0,0 +1,157 @@
+/* GeneralNames.java -- the GeneralNames object.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import gnu.java.security.OID;
+import gnu.java.security.x509.X500DistinguishedName;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class GeneralNames
+{
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public static final int OTHER_NAME = 0;
+ public static final int RFC822_NAME = 1;
+ public static final int DNS_NAME = 2;
+ public static final int X400_ADDRESS = 3;
+ public static final int DIRECTORY_NAME = 4;
+ public static final int EDI_PARTY_NAME = 5;
+ public static final int URI = 6;
+ public static final int IP_ADDRESS = 7;
+ public static final int REGISTERED_ID = 8;
+
+ private List names;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public GeneralNames(final byte[] encoded) throws IOException
+ {
+ names = new LinkedList();
+ DERReader der = new DERReader(encoded);
+ DERValue nameList = der.read();
+ if (!nameList.isConstructed())
+ throw new IOException("malformed GeneralNames");
+ int len = 0;
+ while (len < nameList.getLength())
+ {
+ DERValue name = der.read();
+ List namePair = new ArrayList(2);
+ if (name.getTagClass() != DER.APPLICATION)
+ throw new IOException("malformed GeneralName");
+ namePair.add(new Integer(name.getTag()));
+ DERValue val = null;
+ switch (name.getTag())
+ {
+ case RFC822_NAME:
+ case DNS_NAME:
+ case X400_ADDRESS:
+ case URI:
+ namePair.add(new String((byte[]) name.getValue()));
+ break;
+
+ case OTHER_NAME:
+ case EDI_PARTY_NAME:
+ namePair.add(name.getValue());
+ break;
+
+ case DIRECTORY_NAME:
+ byte[] b = name.getEncoded();
+ b[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE);
+ namePair.add(new X500DistinguishedName(b).toString());
+ break;
+
+ case IP_ADDRESS:
+ namePair.add(InetAddress.getByAddress((byte[]) name.getValue())
+ .getHostAddress());
+ break;
+
+ case REGISTERED_ID:
+ byte[] bb = name.getEncoded();
+ bb[0] = (byte) DER.OBJECT_IDENTIFIER;
+ namePair.add(new OID(bb).toString());
+ break;
+
+ default:
+ throw new IOException("unknown tag " + name.getTag());
+ }
+ names.add(namePair);
+ len += name.getEncodedLength();
+ }
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public List getNames()
+ {
+ List l = new ArrayList(names.size());
+ for (Iterator it = names.iterator(); it.hasNext(); )
+ {
+ List ll = (List) it.next();
+ List pair = new ArrayList(2);
+ pair.add(ll.get(0));
+ if (ll.get(1) instanceof byte[])
+ pair.add(((byte[]) ll.get(1)).clone());
+ else
+ pair.add(ll.get(1));
+ l.add(Collections.unmodifiableList(pair));
+ }
+ return Collections.unmodifiableList(l);
+ }
+
+ public String toString()
+ {
+ return GeneralNames.class.getName() + " [ " + names + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/IssuerAlternativeNames.java b/libjava/gnu/java/security/x509/ext/IssuerAlternativeNames.java
new file mode 100644
index 0000000..0d0beb0
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/IssuerAlternativeNames.java
@@ -0,0 +1,76 @@
+/* IssuerAlternatuveNames.java -- issuer alternative names extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.util.List;
+import gnu.java.security.OID;
+
+public class IssuerAlternativeNames extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.18");
+
+ private final GeneralNames names;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public IssuerAlternativeNames(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ names = new GeneralNames(encoded);
+ }
+
+ // Instance method.
+ // -------------------------------------------------------------------------
+
+ public List getNames()
+ {
+ return names.getNames();
+ }
+
+ public String toString()
+ {
+ return IssuerAlternativeNames.class.getName() + " [ " + names + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/KeyUsage.java b/libjava/gnu/java/security/x509/ext/KeyUsage.java
new file mode 100644
index 0000000..7d5d7c6
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/KeyUsage.java
@@ -0,0 +1,92 @@
+/* KeyUsage.java -- the key usage extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class KeyUsage extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.15");
+ public static final int DIGITAL_SIGNATURE = 0;
+ public static final int NON_REPUDIATION = 1;
+ public static final int KEY_ENCIPHERMENT = 2;
+ public static final int DATA_ENCIPHERMENT = 3;
+ public static final int KEY_AGREEMENT = 4;
+ public static final int KEY_CERT_SIGN = 5;
+ public static final int CRL_SIGN = 6;
+ public static final int ENCIPHER_ONLY = 7;
+ public static final int DECIPHER_ONLY = 8;
+
+ private final BitString keyUsage;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public KeyUsage(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERValue val = DERReader.read(encoded);
+ if (val.getTag() != DER.BIT_STRING)
+ throw new IOException("malformed KeyUsage");
+ keyUsage = (BitString) val.getValue();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public BitString getKeyUsage()
+ {
+ return keyUsage;
+ }
+
+ public String toString()
+ {
+ return KeyUsage.class.getName() + " [ " + keyUsage + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/PolicyConstraint.java b/libjava/gnu/java/security/x509/ext/PolicyConstraint.java
new file mode 100644
index 0000000..0949b50
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/PolicyConstraint.java
@@ -0,0 +1,109 @@
+/* PolicyConstraint.java -- policyConstraint extension
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.x509.Util;
+
+public class PolicyConstraint extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID ("2.5.29.36");
+
+ private final int requireExplicitPolicy;
+ private final int inhibitPolicyMapping;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public PolicyConstraint (final byte[] encoded) throws IOException
+ {
+ super (encoded);
+ int rpc = -1, ipm = -1;
+ DERReader der = new DERReader(encoded);
+ DERValue pc = der.read();
+ if (!pc.isConstructed())
+ throw new IOException("malformed PolicyConstraints");
+ DERValue val;
+ int len = pc.getLength();
+ while (len > 0)
+ {
+ val = der.read();
+ if (val.getTag() == 0)
+ rpc = new BigInteger ((byte[]) val.getValue()).intValue();
+ else if (val.getTag() == 1)
+ ipm = new BigInteger ((byte[]) val.getValue()).intValue();
+ else
+ throw new IOException ("invalid policy constraint");
+ len -= val.getEncodedLength();
+ }
+
+ requireExplicitPolicy = rpc;
+ inhibitPolicyMapping = ipm;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public int getRequireExplicitPolicy()
+ {
+ return requireExplicitPolicy;
+ }
+
+ public int getInhibitPolicyMapping()
+ {
+ return inhibitPolicyMapping;
+ }
+
+ public String toString()
+ {
+ return PolicyConstraint.class.getName() + " [ requireExplicitPolicy=" +
+ requireExplicitPolicy + " inhibitPolicyMapping=" + inhibitPolicyMapping
+ + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/PolicyMappings.java b/libjava/gnu/java/security/x509/ext/PolicyMappings.java
new file mode 100644
index 0000000..827e83f
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/PolicyMappings.java
@@ -0,0 +1,104 @@
+/* PolicyMappings.java -- policy mappings extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class PolicyMappings extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.33");
+
+ private final Map mappings;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public PolicyMappings(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERReader der = new DERReader(encoded);
+ DERValue maps = der.read();
+ if (!maps.isConstructed())
+ throw new IOException("malformed PolicyMappings");
+ int len = 0;
+ HashMap _mappings = new HashMap();
+ while (len < maps.getLength())
+ {
+ DERValue map = der.read();
+ if (!map.isConstructed())
+ throw new IOException("malformed PolicyMapping");
+ DERValue val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed PolicyMapping");
+ OID issuerPolicy = (OID) val.getValue();
+ val = der.read();
+ if (val.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed PolicyMapping");
+ OID subjectPolicy = (OID) val.getValue();
+ _mappings.put(issuerPolicy, subjectPolicy);
+ len += map.getEncodedLength();
+ }
+ mappings = Collections.unmodifiableMap(_mappings);
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public OID getSubjectDomainPolicy(OID issuerDomainPolicy)
+ {
+ return (OID) mappings.get(issuerDomainPolicy);
+ }
+
+ public String toString()
+ {
+ return PolicyMappings.class.getName() + " [ " + mappings + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java b/libjava/gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java
new file mode 100644
index 0000000..108af4b
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java
@@ -0,0 +1,105 @@
+/* PrivateKeyUsagePeriod.java -- private key usage period extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.util.Date;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class PrivateKeyUsagePeriod extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.16");
+
+ private final Date notBefore;
+ private final Date notAfter;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public PrivateKeyUsagePeriod(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERReader der = new DERReader(encoded);
+ DERValue val = der.read();
+ if (!val.isConstructed())
+ throw new IOException("malformed PrivateKeyUsagePeriod");
+ if (val.getLength() > 0)
+ val = der.read();
+ if (val.getTagClass() == DER.APPLICATION || val.getTag() == 0)
+ {
+ notBefore = (Date) val.getValue();
+ val = der.read();
+ }
+ else
+ notBefore = null;
+ if (val.getTagClass() == DER.APPLICATION || val.getTag() == 1)
+ {
+ notAfter = (Date) val.getValue();
+ }
+ else
+ notAfter = null;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public Date getNotBefore()
+ {
+ return notBefore != null ? (Date) notBefore.clone() : null;
+ }
+
+ public Date getNotAfter()
+ {
+ return notAfter != null ? (Date) notAfter.clone() : null;
+ }
+
+ public String toString()
+ {
+ return PrivateKeyUsagePeriod.class.getName() + " [ notBefore=" + notBefore
+ + " notAfter=" + notAfter + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/ReasonCode.java b/libjava/gnu/java/security/x509/ext/ReasonCode.java
new file mode 100644
index 0000000..779611d
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/ReasonCode.java
@@ -0,0 +1,85 @@
+/* ReasonCode.java -- a reason code for a certificate revocation.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+public class ReasonCode extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.21");
+
+ public final int reason;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public ReasonCode(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERValue val = DERReader.read(encoded);
+ if (val.getTag() != DER.ENUMERATED)
+ throw new IOException("malformed CRLReason");
+ reason = ((BigInteger) val.getValue()).intValue();
+ if (reason < 0 || reason == 7 || reason > 10)
+ throw new IOException("illegal reason: " + reason);
+ }
+
+ // Instance method.
+ // -------------------------------------------------------------------------
+
+ public int getReasonCode()
+ {
+ return reason;
+ }
+
+ public String toString()
+ {
+ return ReasonCode.class.getName() + " [ " + reason + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/SubjectAlternativeNames.java b/libjava/gnu/java/security/x509/ext/SubjectAlternativeNames.java
new file mode 100644
index 0000000..19c0bde
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/SubjectAlternativeNames.java
@@ -0,0 +1,77 @@
+/* SubjectAlternatuveNames.java -- subject alternative names extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+import java.util.List;
+
+import gnu.java.security.OID;
+
+public class SubjectAlternativeNames extends Extension.Value
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.17");
+
+ private final GeneralNames names;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SubjectAlternativeNames(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ names = new GeneralNames(encoded);
+ }
+
+ // Instance method.
+ // -------------------------------------------------------------------------
+
+ public List getNames()
+ {
+ return names.getNames();
+ }
+
+ public String toString()
+ {
+ return SubjectAlternativeNames.class.getName() + " [ " + names + " ]";
+ }
+}
diff --git a/libjava/gnu/java/security/x509/ext/SubjectKeyIdentifier.java b/libjava/gnu/java/security/x509/ext/SubjectKeyIdentifier.java
new file mode 100644
index 0000000..2d48f7c
--- /dev/null
+++ b/libjava/gnu/java/security/x509/ext/SubjectKeyIdentifier.java
@@ -0,0 +1,84 @@
+/* SubjectKeyIdentifier.java -- subject key identifier extension.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.x509.ext;
+
+import java.io.IOException;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.x509.Util;
+
+public class SubjectKeyIdentifier extends Extension.Value
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ public static final OID ID = new OID("2.5.29.14");
+
+ private final byte[] keyIdentifier;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SubjectKeyIdentifier(final byte[] encoded) throws IOException
+ {
+ super(encoded);
+ DERValue val = DERReader.read(encoded);
+ if (val.getTag() != DER.OCTET_STRING)
+ throw new IOException("malformed SubjectKeyIdentifier");
+ keyIdentifier = (byte[]) val.getValue();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public byte[] getKeyIdentifier()
+ {
+ return (byte[]) keyIdentifier.clone();
+ }
+
+ public String toString()
+ {
+ return SubjectKeyIdentifier.class.getName() + " [ " +
+ Util.toHexString (keyIdentifier, ':') + " ]";
+ }
+}
diff --git a/libjava/java/security/cert/TrustAnchor.java b/libjava/java/security/cert/TrustAnchor.java
index 4758cf7..448b855b 100644
--- a/libjava/java/security/cert/TrustAnchor.java
+++ b/libjava/java/security/cert/TrustAnchor.java
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
-
+
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -140,7 +140,7 @@ public class TrustAnchor
public final String getCAName()
{
if (caName != null)
- return caName.toRFC2253();
+ return caName.toString();
return null;
}
@@ -179,7 +179,7 @@ public class TrustAnchor
{
if (trustedCert == null)
return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name="
- + caName.toRFC2253() + " ]";
+ + caName.toString() + " ]";
return "[ Trusted CA Certificate=" + trustedCert + " ]";
}
}
generated by cgit v1.1 at 2024-07-18 12:31:22 +0000