diff options
Diffstat (limited to 'libjava/classpath/java/security/cert')
28 files changed, 252 insertions, 253 deletions
diff --git a/libjava/classpath/java/security/cert/CRL.java b/libjava/classpath/java/security/cert/CRL.java index e763663..1eaa70f 100644 --- a/libjava/classpath/java/security/cert/CRL.java +++ b/libjava/classpath/java/security/cert/CRL.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -43,11 +43,11 @@ package java.security.cert; have different formats but the same general use. They all serve as lists of revoked certificates and can be queried for a given certificate. - + Specialized CRLs extend this class. - + @author Mark Benvenuto - + @since JDK 1.2 */ public abstract class CRL @@ -59,7 +59,7 @@ public abstract class CRL Creates a new CRL for the specified type. An example is "X.509". - @param type the standard name for the CRL type. + @param type the standard name for the CRL type. */ protected CRL(String type) { @@ -90,7 +90,7 @@ public abstract class CRL @param cert A certificate to check if it is revoked @return true if the certificate is revoked, - false otherwise. + false otherwise. */ public abstract boolean isRevoked(Certificate cert); diff --git a/libjava/classpath/java/security/cert/CRLSelector.java b/libjava/classpath/java/security/cert/CRLSelector.java index 1fa5a20..6cd657c 100644 --- a/libjava/classpath/java/security/cert/CRLSelector.java +++ b/libjava/classpath/java/security/cert/CRLSelector.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/CertPathBuilder.java b/libjava/classpath/java/security/cert/CertPathBuilder.java index 99f7c97..47bae6d 100644 --- a/libjava/classpath/java/security/cert/CertPathBuilder.java +++ b/libjava/classpath/java/security/cert/CertPathBuilder.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -116,7 +116,7 @@ public class CertPathBuilder /** * Returns an instance of a named <code>CertPathBuilder</code> from the * first provider that implements it. - * + * * @param algorithm The name of the <code>CertPathBuilder</code> to create. * @return The new instance. * @throws NoSuchAlgorithmException If no installed provider implements the @@ -146,7 +146,7 @@ public class CertPathBuilder /** * Returns an instance of a named <code>CertPathBuilder</code> from a named * provider. - * + * * @param algorithm The name of the <code>CertPathBuilder</code> to create. * @param provider The name of the provider to use. * @return The new instance. @@ -171,7 +171,7 @@ public class CertPathBuilder /** * Returns an instance of a named <code>CertPathBuilder</code> from the * specified provider. - * + * * @param algorithm The name of the <code>CertPathBuilder</code> to create. * @param provider The provider to use. * @return The new instance. diff --git a/libjava/classpath/java/security/cert/CertPathBuilderResult.java b/libjava/classpath/java/security/cert/CertPathBuilderResult.java index 737ba94..edae88f6 100644 --- a/libjava/classpath/java/security/cert/CertPathBuilderResult.java +++ b/libjava/classpath/java/security/cert/CertPathBuilderResult.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -47,17 +47,17 @@ package java.security.cert; */ public interface CertPathBuilderResult extends Cloneable { - /** + /** * Creates a copy of this builder result. * * @return The copy. */ - Object clone(); + Object clone(); /** * Get the certificate path that was built. * * @retrn The certificate path. */ - CertPath getCertPath(); + CertPath getCertPath(); } diff --git a/libjava/classpath/java/security/cert/CertPathValidator.java b/libjava/classpath/java/security/cert/CertPathValidator.java index af08b54..8bd7b58 100644 --- a/libjava/classpath/java/security/cert/CertPathValidator.java +++ b/libjava/classpath/java/security/cert/CertPathValidator.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -129,7 +129,7 @@ public class CertPathValidator { /** * Returns an instance of the given validator from the first provider that * implements it. - * + * * @param algorithm The name of the algorithm to get. * @return The new instance. * @throws NoSuchAlgorithmException If no installed provider implements the @@ -158,7 +158,7 @@ public class CertPathValidator { /** * Returns an instance of the given validator from the named provider. - * + * * @param algorithm The name of the algorithm to get. * @param provider The name of the provider from which to get the * implementation. @@ -184,7 +184,7 @@ public class CertPathValidator { /** * Returns an instance of the given validator from the given provider. - * + * * @param algorithm The name of the algorithm to get. * @param provider The provider from which to get the implementation. * @return The new instance. diff --git a/libjava/classpath/java/security/cert/CertPathValidatorResult.java b/libjava/classpath/java/security/cert/CertPathValidatorResult.java index 71aaf89..0ccd1be 100644 --- a/libjava/classpath/java/security/cert/CertPathValidatorResult.java +++ b/libjava/classpath/java/security/cert/CertPathValidatorResult.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/CertPathValidatorSpi.java b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java index 282b7a6..d4531e7 100644 --- a/libjava/classpath/java/security/cert/CertPathValidatorSpi.java +++ b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/CertSelector.java b/libjava/classpath/java/security/cert/CertSelector.java index aea614a..4a2e7d9 100644 --- a/libjava/classpath/java/security/cert/CertSelector.java +++ b/libjava/classpath/java/security/cert/CertSelector.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/CertStore.java b/libjava/classpath/java/security/cert/CertStore.java index 1ebdb50..630e967 100644 --- a/libjava/classpath/java/security/cert/CertStore.java +++ b/libjava/classpath/java/security/cert/CertStore.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -128,7 +128,7 @@ public class CertStore /** * Returns an instance of the given certificate store type from the first * installed provider. - * + * * @param type The type of <code>CertStore</code> to create. * @param params The parameters to initialize this cert store with. * @return The new instance. @@ -161,7 +161,7 @@ public class CertStore /** * Returns an instance of the given certificate store type from a named * provider. - * + * * @param type The type of <code>CertStore</code> to create. * @param params The parameters to initialize this cert store with. * @param provider The name of the provider to use. diff --git a/libjava/classpath/java/security/cert/CertStoreParameters.java b/libjava/classpath/java/security/cert/CertStoreParameters.java index aab22f0..71bcd61 100644 --- a/libjava/classpath/java/security/cert/CertStoreParameters.java +++ b/libjava/classpath/java/security/cert/CertStoreParameters.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/CertStoreSpi.java b/libjava/classpath/java/security/cert/CertStoreSpi.java index 976d65c..a47978a 100644 --- a/libjava/classpath/java/security/cert/CertStoreSpi.java +++ b/libjava/classpath/java/security/cert/CertStoreSpi.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/Certificate.java b/libjava/classpath/java/security/cert/Certificate.java index 33a14a4..be1713c 100644 --- a/libjava/classpath/java/security/cert/Certificate.java +++ b/libjava/classpath/java/security/cert/Certificate.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -49,18 +49,18 @@ import java.security.PublicKey; import java.security.SignatureException; /** - * The Certificate class is an abstract class used to manage + * The Certificate class is an abstract class used to manage * identity certificates. An identity certificate is a - * combination of a principal and a public key which is - * certified by another principal. This is the puprose of + * combination of a principal and a public key which is + * certified by another principal. This is the puprose of * Certificate Authorities (CA). - * + * * <p>This class is used to manage different types of certificates - * but have important common puposes. Different types of + * but have important common puposes. Different types of * certificates like X.509 and OpenPGP share general certificate * functions (like encoding and verifying) and information like * public keys. - * + * * <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this * class even though they differ in storage methods and information * stored. @@ -74,7 +74,7 @@ import java.security.SignatureException; public abstract class Certificate implements Serializable { private static final long serialVersionUID = -3585440601605666277L; - + private String type; /** @@ -111,19 +111,19 @@ public abstract class Certificate implements Serializable { if( other instanceof Certificate ) { try { - Certificate x = (Certificate) other; - if( getEncoded().length != x.getEncoded().length ) - return false; + Certificate x = (Certificate) other; + if( getEncoded().length != x.getEncoded().length ) + return false; - byte[] b1 = getEncoded(); - byte[] b2 = x.getEncoded(); + byte[] b1 = getEncoded(); + byte[] b2 = x.getEncoded(); - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; - } catch( CertificateEncodingException cee ) { - return false; + } catch( CertificateEncodingException cee ) { + return false; } return true; } @@ -154,7 +154,7 @@ public abstract class Certificate implements Serializable /** Verifies that this Certificate was properly signed with the - PublicKey that corresponds to its private key. + PublicKey that corresponds to its private key. @param key PublicKey to verify with @@ -174,7 +174,7 @@ public abstract class Certificate implements Serializable /** Verifies that this Certificate was properly signed with the PublicKey that corresponds to its private key and uses - the signature engine provided by the provider. + the signature engine provided by the provider. @param key PublicKey to verify with @param sigProvider Provider to use for signature algorithm @@ -186,7 +186,7 @@ public abstract class Certificate implements Serializable @throws SignatureException signature error */ public abstract void verify(PublicKey key, - String sigProvider) + String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, @@ -251,7 +251,7 @@ public abstract class Certificate implements Serializable /** From JDK1.4. */ private static final long serialVersionUID = -8563758940495660020L; - + /** The certificate type, e.g. "X.509". */ private String type; diff --git a/libjava/classpath/java/security/cert/CertificateFactory.java b/libjava/classpath/java/security/cert/CertificateFactory.java index d83b816..4fd5b39 100644 --- a/libjava/classpath/java/security/cert/CertificateFactory.java +++ b/libjava/classpath/java/security/cert/CertificateFactory.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -88,7 +88,7 @@ public class CertificateFactory /** * Returns an instance of a <code>CertificateFactory</code> representing the * specified certificate factory type. - * + * * @param type The type of certificate factory to create. * @return A <code>CertificateFactory</code> of the desired type. * @throws CertificateException If the type of certificate factory is not @@ -118,7 +118,7 @@ public class CertificateFactory /** * Returns an instance of a <code>CertificateFactory</code> representing the * specified certificate factory type from the named provider. - * + * * @param type The type of certificate factory to create. * @param provider The name of the provider to use. * @return A <code>CertificateFactory</code> for the desired type. @@ -130,7 +130,7 @@ public class CertificateFactory * <code>type</code> is an empty string. */ public static final CertificateFactory getInstance(String type, - String provider) + String provider) throws CertificateException, NoSuchProviderException { if (provider == null) @@ -144,7 +144,7 @@ public class CertificateFactory /** * Returns an instance of a <code>CertificateFactory</code> representing the * specified certificate factory type from the designated provider. - * + * * @param type The type of certificate factory to create. * @param provider The provider from which to get the implementation. * @return A <code>CertificateFactory</code> for the desired type. @@ -213,10 +213,10 @@ public class CertificateFactory * Ex: A X.509 CertificateFactory should return X509Certificate. * * <p>For X.509 certificates, the certificate in inStream must be - * DER encoded and supplied in binary or printable (Base64) - * encoding. If the certificate is in Base64 encoding, it must be - * bounded by -----BEGINCERTIFICATE-----, and - * -----END CERTIFICATE-----. + * DER encoded and supplied in binary or printable (Base64) + * encoding. If the certificate is in Base64 encoding, it must be + * bounded by -----BEGINCERTIFICATE-----, and + * -----END CERTIFICATE-----. * * @param inStream An input stream containing the certificate data. * @return A certificate initialized from the decoded InputStream data. @@ -230,16 +230,16 @@ public class CertificateFactory } /** - * Returns a collection of certificates that were read from the - * input stream. It may be empty, have only one, or have + * Returns a collection of certificates that were read from the + * input stream. It may be empty, have only one, or have * multiple certificates. * * For a X.509 certificate factory, the stream may contain a - * single DER encoded certificate or a PKCS#7 certificate - * chain. This is a PKCS#7 <I>SignedData</I> object with the - * most significant field being <I>certificates</I>. If no + * single DER encoded certificate or a PKCS#7 certificate + * chain. This is a PKCS#7 <I>SignedData</I> object with the + * most significant field being <I>certificates</I>. If no * CRLs are present, then an empty collection is returned. - * + * * @param inStream An input stream containing the certificate data. * @return A collection of certificates initialized from the decoded * InputStream data. @@ -278,8 +278,8 @@ public class CertificateFactory * from the InputStream. * * <p>For a X.509 certificate factory, the stream may contain a - * single DER encoded CRL or a PKCS#7 CRL set. This is a - * PKCS#7 <I>SignedData</I> object with the most significant + * single DER encoded CRL or a PKCS#7 CRL set. This is a + * PKCS#7 <I>SignedData</I> object with the most significant * field being <I>crls</I>. If no CRLs are present, then an * empty collection is returned. * diff --git a/libjava/classpath/java/security/cert/CertificateFactorySpi.java b/libjava/classpath/java/security/cert/CertificateFactorySpi.java index e6a22b4..2c9ca5d 100644 --- a/libjava/classpath/java/security/cert/CertificateFactorySpi.java +++ b/libjava/classpath/java/security/cert/CertificateFactorySpi.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -47,15 +47,15 @@ import java.util.List; /** CertificateFactorySpi is the abstract class Service Provider Interface (SPI) for the CertificateFactory class. A provider - must implement all the abstract methods if they wish to + must implement all the abstract methods if they wish to supply a certificate factory for a particular certificate type. Ex: X.509 - + Certificate factories are used to generate certificates and certificate revocation lists (CRL) from their encoding. - + @since 1.2 - + @author Mark Benvenuto */ public abstract class CertificateFactorySpi @@ -85,10 +85,10 @@ public abstract class CertificateFactorySpi Ex: A X.509 CertificateFactory should return X509Certificate. For X.509 certificates, the certificate in inStream must be - DER encoded and supplied in binary or printable (Base64) - encoding. If the certificate is in Base64 encoding, it must be - bounded by -----BEGIN CERTIFICATE-----, and - -----END CERTIFICATE-----. + DER encoded and supplied in binary or printable (Base64) + encoding. If the certificate is in Base64 encoding, it must be + bounded by -----BEGIN CERTIFICATE-----, and + -----END CERTIFICATE-----. @param inStream an input stream containing the certificate data @@ -100,19 +100,19 @@ public abstract class CertificateFactorySpi throws CertificateException; /** - Returns a collection of certificates that were read from the - input stream. It may be empty, have only one, or have + Returns a collection of certificates that were read from the + input stream. It may be empty, have only one, or have multiple certificates. For a X.509 certificate factory, the stream may contain a - single DER encoded certificate or a PKCS#7 certificate - chain. This is a PKCS#7 <I>SignedData</I> object with the - most significant field being <I>certificates</I>. If no + single DER encoded certificate or a PKCS#7 certificate + chain. This is a PKCS#7 <I>SignedData</I> object with the + most significant field being <I>certificates</I>. If no CRLs are present, then an empty collection is returned. - + @param inStream an input stream containing the certificates - @return a collection of certificates initialized with + @return a collection of certificates initialized with the InputStream data. @throws CertificateException Certificate parsing error @@ -145,14 +145,14 @@ public abstract class CertificateFactorySpi from the InputStream. For a X.509 certificate factory, the stream may contain a - single DER encoded CRL or a PKCS#7 CRL set. This is a - PKCS#7 <I>SignedData</I> object with the most significant + single DER encoded CRL or a PKCS#7 CRL set. This is a + PKCS#7 <I>SignedData</I> object with the most significant field being <I>crls</I>. If no CRLs are present, then an empty collection is returned. @param inStream an input stream containing the CRLs - @return a collection of CRLs initialized with + @return a collection of CRLs initialized with the InputStream data. @throws CRLException CRL parsing error @@ -222,4 +222,3 @@ public abstract class CertificateFactorySpi throw new UnsupportedOperationException("not implemented"); } } - diff --git a/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java index b3ee932..3898748 100644 --- a/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java +++ b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java index 4414e65..f2dff76 100644 --- a/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java +++ b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PKIXBuilderParameters.java b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java index fd5f1f8..3a29b52 100644 --- a/libjava/classpath/java/security/cert/PKIXBuilderParameters.java +++ b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java index fa16091..52984b5 100644 --- a/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java +++ b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PKIXCertPathChecker.java b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java index a69347f..0bedf40 100644 --- a/libjava/classpath/java/security/cert/PKIXCertPathChecker.java +++ b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java index 5a1660c..17b5c86 100644 --- a/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java +++ b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PKIXParameters.java b/libjava/classpath/java/security/cert/PKIXParameters.java index bb68cb9..bbb7557 100644 --- a/libjava/classpath/java/security/cert/PKIXParameters.java +++ b/libjava/classpath/java/security/cert/PKIXParameters.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PolicyNode.java b/libjava/classpath/java/security/cert/PolicyNode.java index b119603..5da78c1 100644 --- a/libjava/classpath/java/security/cert/PolicyNode.java +++ b/libjava/classpath/java/security/cert/PolicyNode.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/PolicyQualifierInfo.java b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java index d4d9f99..b53faa9 100644 --- a/libjava/classpath/java/security/cert/PolicyQualifierInfo.java +++ b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU diff --git a/libjava/classpath/java/security/cert/X509CRL.java b/libjava/classpath/java/security/cert/X509CRL.java index a00706e..895ba33 100644 --- a/libjava/classpath/java/security/cert/X509CRL.java +++ b/libjava/classpath/java/security/cert/X509CRL.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -56,48 +56,48 @@ import javax.security.auth.x500.X500Principal; time stamped entries which indicate which lists have been revoked. The list is signed by a Certificate Authority (CA) and made publically available in a repository. - - Each revoked certificate in the CRL is identified by its - certificate serial number. When a piece of code uses a - certificate, the certificates validity is checked by + + Each revoked certificate in the CRL is identified by its + certificate serial number. When a piece of code uses a + certificate, the certificates validity is checked by validating its signature and determing that it is not only a recently acquired CRL. The recently aquired CRL is depends on the local policy in affect. The CA issues - a new CRL periodically and entries are removed as the + a new CRL periodically and entries are removed as the certificate expiration date is reached - - + + A description of the X.509 v2 CRL follows below from rfc2459. - + "The X.509 v2 CRL syntax is as follows. For signature calculation, the data that is to be signed is ASN.1 DER encoded. ASN.1 DER encoding is a tag, length, value encoding system for each element. - - CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } - - TBSCertList ::= SEQUENCE { - version Version OPTIONAL, + + CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING } + + TBSCertList ::= SEQUENCE { + version Version OPTIONAL, -- if present, shall be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL - -- if present, shall be v2 - }" - - @author Mark Benvenuto - - @since 1.2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, shall be v2 + } OPTIONAL, + crlExtensions [0] EXPLICIT Extensions OPTIONAL + -- if present, shall be v2 + }" + + @author Mark Benvenuto + + @since 1.2 */ public abstract class X509CRL extends CRL implements X509Extension { @@ -123,19 +123,19 @@ public abstract class X509CRL extends CRL implements X509Extension { if( other instanceof X509CRL ) { try { - X509CRL x = (X509CRL) other; - if( getEncoded().length != x.getEncoded().length ) - return false; + X509CRL x = (X509CRL) other; + if( getEncoded().length != x.getEncoded().length ) + return false; - byte[] b1 = getEncoded(); - byte[] b2 = x.getEncoded(); + byte[] b1 = getEncoded(); + byte[] b2 = x.getEncoded(); - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; - } catch( CRLException crle ) { - return false; + } catch( CRLException crle ) { + return false; } return true; } @@ -164,7 +164,7 @@ public abstract class X509CRL extends CRL implements X509Extension /** Verifies that this CRL was properly signed with the - PublicKey that corresponds to its private key. + PublicKey that corresponds to its private key. @param key PublicKey to verify with @@ -184,7 +184,7 @@ public abstract class X509CRL extends CRL implements X509Extension /** Verifies that this CRL was properly signed with the PublicKey that corresponds to its private key and uses - the signature engine provided by the provider. + the signature engine provided by the provider. @param key PublicKey to verify with @param sigProvider Provider to use for signature algorithm @@ -196,7 +196,7 @@ public abstract class X509CRL extends CRL implements X509Extension @throws SignatureException signature error */ public abstract void verify(PublicKey key, - String sigProvider) + String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, @@ -221,7 +221,7 @@ public abstract class X509CRL extends CRL implements X509Extension /** Returns the issuer (issuer distinguished name) of the CRL. - The issuer is the entity who signed and issued the + The issuer is the entity who signed and issued the Certificate Revocation List. The ASN.1 DER encoding is: @@ -307,7 +307,7 @@ public abstract class X509CRL extends CRL implements X509Extension public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); /** - Returns the DER ASN.1 encoded tbsCertList which is + Returns the DER ASN.1 encoded tbsCertList which is the basic information of the list and associated certificates in the encoded state. See top for more information. @@ -323,7 +323,7 @@ public abstract class X509CRL extends CRL implements X509Extension /** - Returns the signature for the CRL. + Returns the signature for the CRL. The ASN.1 DER encoding is: @@ -334,7 +334,7 @@ public abstract class X509CRL extends CRL implements X509Extension public abstract byte[] getSignature(); /** - Returns the signature algorithm used to sign the CRL. + Returns the signature algorithm used to sign the CRL. An examples is "SHA-1/DSA". The ASN.1 DER encoding is: @@ -371,9 +371,9 @@ public abstract class X509CRL extends CRL implements X509Extension /** Returns the AlgorithmParameters in the encoded form - for the signature algorithm used. + for the signature algorithm used. - If access to the parameters is need, create an + If access to the parameters is need, create an instance of AlgorithmParameters. @return byte array containing algorithm parameters, null diff --git a/libjava/classpath/java/security/cert/X509CRLEntry.java b/libjava/classpath/java/security/cert/X509CRLEntry.java index 4c9cada..ac5ef47 100644 --- a/libjava/classpath/java/security/cert/X509CRLEntry.java +++ b/libjava/classpath/java/security/cert/X509CRLEntry.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -42,8 +42,8 @@ import java.math.BigInteger; import java.util.Date; /** - Abstract class for entries in the CRL (Certificate Revocation - List). The ASN.1 definition for <I>revokedCertificates</I> is + Abstract class for entries in the CRL (Certificate Revocation + List). The ASN.1 definition for <I>revokedCertificates</I> is revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, @@ -52,24 +52,24 @@ import java.util.Date; -- if present, shall be v2 } OPTIONAL, - CertificateSerialNumber ::= INTEGER + CertificateSerialNumber ::= INTEGER - Time ::= CHOICE { + Time ::= CHOICE { utcTime UTCTime, - generalTime GeneralizedTime } + generalTime GeneralizedTime } - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, + Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING } - - For more information consult rfc2459. - @author Mark Benvenuto + For more information consult rfc2459. + + @author Mark Benvenuto - @since JDK 1.2 + @since JDK 1.2 */ public abstract class X509CRLEntry implements X509Extension { @@ -93,19 +93,19 @@ public abstract class X509CRLEntry implements X509Extension { if( other instanceof X509CRLEntry ) { try { - X509CRLEntry xe = (X509CRLEntry) other; - if( getEncoded().length != xe.getEncoded().length ) - return false; + X509CRLEntry xe = (X509CRLEntry) other; + if( getEncoded().length != xe.getEncoded().length ) + return false; - byte[] b1 = getEncoded(); - byte[] b2 = xe.getEncoded(); + byte[] b1 = getEncoded(); + byte[] b2 = xe.getEncoded(); - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; - } catch( CRLException crle ) { - return false; + } catch( CRLException crle ) { + return false; } return true; } diff --git a/libjava/classpath/java/security/cert/X509CertSelector.java b/libjava/classpath/java/security/cert/X509CertSelector.java index 4115fff..8c1230a 100644 --- a/libjava/classpath/java/security/cert/X509CertSelector.java +++ b/libjava/classpath/java/security/cert/X509CertSelector.java @@ -102,7 +102,7 @@ public class X509CertSelector implements CertSelector, Cloneable return (oid != null && oid.length > 2 && (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39)); } - + private static GeneralName makeName(int id, String name) throws IOException { byte[] nameBytes = null; @@ -114,22 +114,22 @@ public class X509CertSelector implements CertSelector, Cloneable case uniformResourceIdentifier: nameBytes = name.getBytes("ASCII"); break; - + case iPAddress: InetAddress addr = InetAddress.getByName(name); nameBytes = addr.getAddress(); break; - + case registeredId: OID oid = new OID(name); nameBytes = oid.getDER(); break; - + case directoryName: X500Principal xname = new X500Principal(name); nameBytes = xname.getEncoded(); break; - + case ediPartyName: case x400Address: case otherName: @@ -138,7 +138,7 @@ public class X509CertSelector implements CertSelector, Cloneable } return new GeneralName(kind, nameBytes); } - + private int basicConstraints; private X509Certificate cert; private BigInteger serialNo; @@ -171,7 +171,7 @@ public class X509CertSelector implements CertSelector, Cloneable /** * Add a name to match in the NameConstraints extension. The argument is * the DER-encoded bytes of a GeneralName structure. - * + * * See the method {@link #addSubjectAlternativeName(int, byte[])} for the * format of the GeneralName structure. * @@ -208,9 +208,9 @@ public class X509CertSelector implements CertSelector, Cloneable /** * Add a name, as DER-encoded bytes, to the subject alternative names * criterion. - * + * * The name is a GeneralName structure, which has the ASN.1 format: - * + * * <pre> GeneralName ::= CHOICE { otherName [0] OtherName, @@ -242,7 +242,7 @@ public class X509CertSelector implements CertSelector, Cloneable * only recognize certain types of name that have convenient string * encodings. For robustness, you should use the {@link * #addSubjectAlternativeName(int, byte[])} method whenever possible. - * + * * This method can only decode certain name kinds of names as strings. * * @param id The type of name this is. Must be in the range [0,8]. @@ -417,7 +417,7 @@ public class X509CertSelector implements CertSelector, Cloneable n.add(name.name()); names.add(n); } - + return names; } return null; @@ -735,7 +735,7 @@ public class X509CertSelector implements CertSelector, Cloneable // ignored } } - + if (policies == null) return false; if (!policies.getPolicies().containsAll(policy)) @@ -766,7 +766,7 @@ public class X509CertSelector implements CertSelector, Cloneable } } } - + if (nc == null) return false; @@ -956,18 +956,18 @@ public class X509CertSelector implements CertSelector, Cloneable { // Check if the input is well-formed... new NameConstraints(nameConstraints); - + // But we just compare raw byte arrays. this.nameConstraints = nameConstraints != null ? (byte[]) nameConstraints.clone() : null; } - + /** - * Sets the pathToNames criterion. The argument is a collection of + * Sets the pathToNames criterion. The argument is a collection of * pairs, the first element of which is an {@link Integer} giving * the ID of the name, and the second element is either a {@link String} * or a byte array. - * + * * See {@link #addPathToName(int, byte[])} and {@link #addPathToName(int, String)} * for how these arguments are handled. * @@ -1249,7 +1249,7 @@ public class X509CertSelector implements CertSelector, Cloneable else this.sigId = null; } - + public String toString() { CPStringBuilder str = new CPStringBuilder(X509CertSelector.class.getName()); diff --git a/libjava/classpath/java/security/cert/X509Certificate.java b/libjava/classpath/java/security/cert/X509Certificate.java index b398e09..ab9e1be 100644 --- a/libjava/classpath/java/security/cert/X509Certificate.java +++ b/libjava/classpath/java/security/cert/X509Certificate.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -45,10 +45,10 @@ import java.util.List; /** * X509Certificate is the abstract class for X.509 certificates. - * This provides a stanard class interface for accessing all + * This provides a stanard class interface for accessing all * the attributes of X.509 certificates. * - * <p>In June 1996, the basic X.509 v3 format was finished by + * <p>In June 1996, the basic X.509 v3 format was finished by * ISO/IEC and ANSI X.9. The ASN.1 DER format is below: * * <blockquote><pre> @@ -58,22 +58,22 @@ import java.util.List; * signatureValue BIT STRING } * </pre></blockquote> * - * <p>These certificates are widely used in various Internet - * protocols to support authentication. It is used in + * <p>These certificates are widely used in various Internet + * protocols to support authentication. It is used in * Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), * Secure Sockets Layer (SSL), code signing for trusted software * distribution, and Secure Electronic Transactions (SET). * - * <p>The certificates are managed and vouched for by - * <I>Certificate Authorities</I> (CAs). CAs are companies or - * groups that create certificates by placing the data in the + * <p>The certificates are managed and vouched for by + * <I>Certificate Authorities</I> (CAs). CAs are companies or + * groups that create certificates by placing the data in the * X.509 certificate format and signing it with their private * key. CAs serve as trusted third parties by certifying that * the person or group specified in the certificate is who - * they say they are. + * they say they are. * * <p>The ASN.1 defintion for <I>tbsCertificate</I> is - * + * * <blockquote><pre> * TBSCertificate ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, @@ -116,7 +116,7 @@ import java.util.List; * critical BOOLEAN DEFAULT FALSE, * extnValue OCTET STRING } * </pre></blockquote> - * + * * Certificates are created with the CertificateFactory. * * <p>References: @@ -170,7 +170,7 @@ public abstract class X509Certificate Consult rfc2459 for more information. @throws CertificateExpiredException if the certificate expired - @throws CertificateNotYetValidException if the certificate is + @throws CertificateNotYetValidException if the certificate is not yet valid */ public abstract void checkValidity() @@ -178,14 +178,14 @@ public abstract class X509Certificate CertificateNotYetValidException; /** - Checks the validity of the X.509 certificate for the - specified time and date. It is valid if the specified - date and time are within the period specified by + Checks the validity of the X.509 certificate for the + specified time and date. It is valid if the specified + date and time are within the period specified by the certificate. - @throws CertificateExpiredException if the certificate expired + @throws CertificateExpiredException if the certificate expired based on the date - @throws CertificateNotYetValidException if the certificate is + @throws CertificateNotYetValidException if the certificate is not yet valid based on the date */ public abstract void checkValidity(Date date) @@ -203,13 +203,13 @@ public abstract class X509Certificate Consult rfc2459 for more information. - @return version number of certificate + @return version number of certificate */ public abstract int getVersion(); /** Gets the serial number for serial Number in - this Certifcate. It must be a unique number + this Certifcate. It must be a unique number unique other serial numbers from the granting CA. The ASN.1 DER encoding is: @@ -225,8 +225,8 @@ public abstract class X509Certificate public abstract BigInteger getSerialNumber(); /** - Returns the issuer (issuer distinguished name) of the - Certificate. The issuer is the entity who signed + Returns the issuer (issuer distinguished name) of the + Certificate. The issuer is the entity who signed and issued the Certificate. The ASN.1 DER encoding is: @@ -263,7 +263,7 @@ public abstract class X509Certificate public abstract Principal getIssuerDN(); /** - Returns the subject (subject distinguished name) of the + Returns the subject (subject distinguished name) of the Certificate. The subject is the entity who the Certificate identifies. @@ -331,7 +331,7 @@ public abstract class X509Certificate public abstract byte[] getSignature(); /** - Returns the signature algorithm used to sign the CRL. + Returns the signature algorithm used to sign the CRL. An examples is "SHA-1/DSA". The ASN.1 DER encoding is: @@ -370,9 +370,9 @@ public abstract class X509Certificate /** Returns the AlgorithmParameters in the encoded form - for the signature algorithm used. + for the signature algorithm used. - If access to the parameters is need, create an + If access to the parameters is need, create an instance of AlgorithmParameters. @return byte array containing algorithm parameters, null @@ -390,7 +390,7 @@ public abstract class X509Certificate -- If present, version shall be v2 or v3 UniqueIdentifier ::= BIT STRING - + Consult rfc2459 for more information. @return bit representation of <I>issuerUniqueID</I> @@ -406,7 +406,7 @@ public abstract class X509Certificate -- If present, version shall be v2 or v3 UniqueIdentifier ::= BIT STRING - + Consult rfc2459 for more information. @return bit representation of <I>subjectUniqueID</I> @@ -414,7 +414,7 @@ public abstract class X509Certificate public abstract boolean[] getSubjectUniqueID(); /** - Returns a boolean array representing the <I>KeyUsage</I> + Returns a boolean array representing the <I>KeyUsage</I> extension for the certificate. The KeyUsage (OID = 2.5.29.15) defines the purpose of the key in the certificate. @@ -441,15 +441,15 @@ public abstract class X509Certificate /** Returns the certificate constraints path length from the - critical BasicConstraints extension, (OID = 2.5.29.19). + critical BasicConstraints extension, (OID = 2.5.29.19). - The basic constraints extensions is used to determine if - the subject of the certificate is a Certificate Authority (CA) - and how deep the certification path may exist. The + The basic constraints extensions is used to determine if + the subject of the certificate is a Certificate Authority (CA) + and how deep the certification path may exist. The <I>pathLenConstraint</I> only takes affect if <I>cA</I> - is set to true. "A value of zero indicates that only an + is set to true. "A value of zero indicates that only an end-entity certificate may follow in the path." (rfc2459) - + The ASN.1 DER encoding is: id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } @@ -477,7 +477,7 @@ public abstract class X509Certificate * * <p>The ASN.1 definition for this extension is: * - * <blockquote><pre> + * <blockquote><pre> * ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId * * KeyPurposeId ::= OBJECT IDENTIFIER @@ -575,7 +575,7 @@ public abstract class X509Certificate { throw new UnsupportedOperationException(); } - + /** * Returns the X.500 distinguished name of this certificate's issuer. * diff --git a/libjava/classpath/java/security/cert/X509Extension.java b/libjava/classpath/java/security/cert/X509Extension.java index bd94737..a0c24f4 100644 --- a/libjava/classpath/java/security/cert/X509Extension.java +++ b/libjava/classpath/java/security/cert/X509Extension.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -40,37 +40,37 @@ package java.security.cert; import java.util.Set; /** - Public interface for the X.509 Extension. + Public interface for the X.509 Extension. + + This is used for X.509 v3 Certificates and CRL v2 (Certificate + Revocation Lists) for managing attributes assoicated with + Certificates, for managing the hierarchy of certificates, + and for managing the distribution of CRL. This extension + format is used to define private extensions. - This is used for X.509 v3 Certificates and CRL v2 (Certificate - Revocation Lists) for managing attributes assoicated with - Certificates, for managing the hierarchy of certificates, - and for managing the distribution of CRL. This extension - format is used to define private extensions. + Each extensions for a certificate or CRL must be marked + either critical or non-critical. If the certificate/CRL + system encounters a critical extension not recognized then + it must reject the certificate. A non-critical extension + may be just ignored if not recognized. - Each extensions for a certificate or CRL must be marked - either critical or non-critical. If the certificate/CRL - system encounters a critical extension not recognized then - it must reject the certificate. A non-critical extension - may be just ignored if not recognized. + The ASN.1 definition for this class is: - The ASN.1 definition for this class is: + Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + Extension ::= SEQUENCE { + extnId OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING + -- contains a DER encoding of a value + -- of the type registered for use with + -- the extnId object identifier value + } - Extension ::= SEQUENCE { - extnId OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING - -- contains a DER encoding of a value - -- of the type registered for use with - -- the extnId object identifier value - } - - @author Mark Benvenuto + @author Mark Benvenuto - @since 1.2 + @since 1.2 */ public interface X509Extension { @@ -79,12 +79,12 @@ public interface X509Extension Returns true if the certificate contains a critical extension that is not supported. - @return true if has unsupported extension, false otherwise + @return true if has unsupported extension, false otherwise */ boolean hasUnsupportedCriticalExtension(); /** - Returns a set of the CRITICAL extension OIDs from the + Returns a set of the CRITICAL extension OIDs from the certificate/CRL that the object implementing this interface manages. @@ -94,7 +94,7 @@ public interface X509Extension Set<String> getCriticalExtensionOIDs(); /** - Returns a set of the NON-CRITICAL extension OIDs from the + Returns a set of the NON-CRITICAL extension OIDs from the certificate/CRL that the object implementing this interface manages. |