[kaffe] CVS kaffe (dalibor): Resynced with GNU Classpath: Fixes for
AccessControler and certificates
Kaffe CVS
cvs-commits at kaffe.org
Sun Aug 22 13:10:21 PDT 2004
PatchSet 5093
Date: 2004/08/22 20:06:10
Author: dalibor
Branch: HEAD
Tag: (none)
Log:
Resynced with GNU Classpath: Fixes for AccessControler and certificates
2004-08-22 Dalibor Topic <robilad at kaffe.org>
* libraries/javalib/java/security/cert/X509CRLSelector.java (match):
Removed unnecessary throws clauses.
2004-08-22 Dalibor Topic <robilad at kaffe.org>
* libraries/javalib/java/security/cert/X509CRLSelector.java,
libraries/javalib/java/security/cert/X509CertSelector.java:
New files. Taken from GNU Classpath.
* libraries/javalib/Makefile.am,
libraries/javalib/Makefile.in,
libraries/javalib/all.files:
Regenerated.
* libraries/javalib/java/security/AccessController.java,
libraries/javalib/java/security/VMAccessController.java:
Resynced with GNU Classpath.
2004-08-21 Casey Marshall <csm at gnu.org>
* java/security/AccessController.java
Removed FIXME comment.
(doPriviliged(PrivilegedAction)): push and pop a null context.
(doPrivileged(PrivilegedExceptionAction)): likewise.
(doPrivileged(PrivilegedAction,AccessControlContext)): only pass
the context to VMAccessController.pushContext.
(doPrivileged(PrivilegedExceptionAction,AccessControlContext)):
likewise.
* vm/reference/java/security/VMAccessController.java
(contexts): use a ThreadLocal for this field.
(pushContext): only take the context as parameter; insert it
into a thread local stack.
(popContext): take no arguments. Handle new form of contexts
stack.
(getContext): set inGetContext as early as possible.
Include the call just prior to doPrivileged too.
Handle new form of contexts stack.
2004-08-20 Casey Marshall <csm at gnu.org>
* java/security/cert/X509CRLSelector.java: new file.
* java/security/cert/X509CertSelector.java: new file.
Members:
ChangeLog:1.2651->1.2652
libraries/javalib/Makefile.am:1.224->1.225
libraries/javalib/Makefile.in:1.301->1.302
libraries/javalib/all.files:1.18->1.19
libraries/javalib/java/security/AccessController.java:1.3->1.4
libraries/javalib/java/security/VMAccessController.java:1.3->1.4
libraries/javalib/java/security/cert/X509CRLSelector.java:INITIAL->1.1
libraries/javalib/java/security/cert/X509CertSelector.java:INITIAL->1.1
Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.2651 kaffe/ChangeLog:1.2652
--- kaffe/ChangeLog:1.2651 Sun Aug 22 18:30:36 2004
+++ kaffe/ChangeLog Sun Aug 22 20:06:10 2004
@@ -1,5 +1,50 @@
2004-08-22 Dalibor Topic <robilad at kaffe.org>
+ * libraries/javalib/java/security/cert/X509CRLSelector.java (match):
+ Removed unnecessary throws clauses.
+
+2004-08-22 Dalibor Topic <robilad at kaffe.org>
+
+ * libraries/javalib/java/security/cert/X509CRLSelector.java,
+ libraries/javalib/java/security/cert/X509CertSelector.java:
+ New files. Taken from GNU Classpath.
+
+ * libraries/javalib/Makefile.am,
+ libraries/javalib/Makefile.in,
+ libraries/javalib/all.files:
+ Regenerated.
+
+ * libraries/javalib/java/security/AccessController.java,
+ libraries/javalib/java/security/VMAccessController.java:
+ Resynced with GNU Classpath.
+
+ 2004-08-21 Casey Marshall <csm at gnu.org>
+
+ * java/security/AccessController.java
+ Removed FIXME comment.
+ (doPriviliged(PrivilegedAction)): push and pop a null context.
+ (doPrivileged(PrivilegedExceptionAction)): likewise.
+ (doPrivileged(PrivilegedAction,AccessControlContext)): only pass
+ the context to `VMAccessController.pushContext'.
+ (doPrivileged(PrivilegedExceptionAction,AccessControlContext)):
+ likewise.
+ * vm/reference/java/security/VMAccessController.java
+ (contexts): use a ThreadLocal for this field.
+ (pushContext): only take the context as parameter; insert it
+ into a thread local stack.
+ (popContext): take no arguments. Handle new form of `contexts'
+ stack.
+ (getContext): set `inGetContext' as early as possible.
+ Include the call just prior to `doPrivileged' too.
+ Handle new form of `contexts' stack.
+
+ 2004-08-20 Casey Marshall <csm at gnu.org>
+
+ * java/security/cert/X509CRLSelector.java: new file.
+ * java/security/cert/X509CertSelector.java: new file.
+
+2004-08-22 Dalibor Topic <robilad at kaffe.org>
+
* config/x86_64/sysdepCallMethod.h:
Add missing include.
Index: kaffe/libraries/javalib/Makefile.am
diff -u kaffe/libraries/javalib/Makefile.am:1.224 kaffe/libraries/javalib/Makefile.am:1.225
--- kaffe/libraries/javalib/Makefile.am:1.224 Thu Aug 19 00:14:15 2004
+++ kaffe/libraries/javalib/Makefile.am Sun Aug 22 20:06:13 2004
@@ -2273,6 +2273,8 @@
java/security/cert/TrustAnchor.java \
java/security/cert/X509CRL.java \
java/security/cert/X509CRLEntry.java \
+ java/security/cert/X509CRLSelector.java \
+ java/security/cert/X509CertSelector.java \
java/security/cert/X509Certificate.java \
java/security/cert/X509Extension.java
java_security_interfaces_SRCS = \
Index: kaffe/libraries/javalib/Makefile.in
diff -u kaffe/libraries/javalib/Makefile.in:1.301 kaffe/libraries/javalib/Makefile.in:1.302
--- kaffe/libraries/javalib/Makefile.in:1.301 Thu Aug 19 00:14:17 2004
+++ kaffe/libraries/javalib/Makefile.in Sun Aug 22 20:06:14 2004
@@ -2758,6 +2758,8 @@
java/security/cert/TrustAnchor.java \
java/security/cert/X509CRL.java \
java/security/cert/X509CRLEntry.java \
+ java/security/cert/X509CRLSelector.java \
+ java/security/cert/X509CertSelector.java \
java/security/cert/X509Certificate.java \
java/security/cert/X509Extension.java
Index: kaffe/libraries/javalib/all.files
diff -u kaffe/libraries/javalib/all.files:1.18 kaffe/libraries/javalib/all.files:1.19
--- kaffe/libraries/javalib/all.files:1.18 Thu Aug 19 00:14:17 2004
+++ kaffe/libraries/javalib/all.files Sun Aug 22 20:06:14 2004
@@ -1836,6 +1836,8 @@
java/security/cert/TrustAnchor.java
java/security/cert/X509CRL.java
java/security/cert/X509CRLEntry.java
+java/security/cert/X509CRLSelector.java
+java/security/cert/X509CertSelector.java
java/security/cert/X509Certificate.java
java/security/cert/X509Extension.java
java/security/interfaces/DSAKey.java
Index: kaffe/libraries/javalib/java/security/AccessController.java
diff -u kaffe/libraries/javalib/java/security/AccessController.java:1.3 kaffe/libraries/javalib/java/security/AccessController.java:1.4
--- kaffe/libraries/javalib/java/security/AccessController.java:1.3 Thu Jun 3 22:26:00 2004
+++ kaffe/libraries/javalib/java/security/AccessController.java Sun Aug 22 20:06:15 2004
@@ -47,11 +47,6 @@
* And provides a <code>getContext()</code> method which gives the access
* control context of the current thread that can be used for checking
* permissions at a later time and/or in another thread.
- * <p>
- * XXX - Mostly a stub implementation at the moment. Needs native support
- * from the VM to function correctly. XXX - Do not forget to think about
- * how to handle <code>java.lang.reflect.Method.invoke()</code> on the
- * <code>doPrivileged()</code> methods.
*
* @author Mark Wielaard (mark at klomp.org)
* @since 1.2
@@ -95,7 +90,15 @@
*/
public static Object doPrivileged(PrivilegedAction action)
{
- return action.run();
+ VMAccessController.pushContext(null);
+ try
+ {
+ return action.run();
+ }
+ finally
+ {
+ VMAccessController.popContext();
+ }
}
/**
@@ -113,16 +116,16 @@
* @return the result of the <code>action.run()</code> method.
*/
public static Object doPrivileged(PrivilegedAction action,
- AccessControlContext context)
+ AccessControlContext context)
{
- VMAccessController.pushContext (context, action.getClass());
+ VMAccessController.pushContext(context);
try
{
return action.run();
}
finally
{
- VMAccessController.popContext (action.getClass());
+ VMAccessController.popContext();
}
}
@@ -145,14 +148,18 @@
public static Object doPrivileged(PrivilegedExceptionAction action)
throws PrivilegedActionException
{
-
+ VMAccessController.pushContext(null);
try
{
- return action.run();
+ return action.run();
}
catch (Exception e)
{
- throw new PrivilegedActionException(e);
+ throw new PrivilegedActionException(e);
+ }
+ finally
+ {
+ VMAccessController.popContext();
}
}
@@ -175,22 +182,21 @@
* is thrown in the <code>run()</code> method.
*/
public static Object doPrivileged(PrivilegedExceptionAction action,
- AccessControlContext context)
+ AccessControlContext context)
throws PrivilegedActionException
{
- VMAccessController.pushContext (context, action.getClass());
-
+ VMAccessController.pushContext(context);
try
{
- return action.run();
+ return action.run();
}
catch (Exception e)
{
- throw new PrivilegedActionException(e);
+ throw new PrivilegedActionException(e);
}
finally
{
- VMAccessController.popContext (action.getClass());
+ VMAccessController.popContext();
}
}
Index: kaffe/libraries/javalib/java/security/VMAccessController.java
diff -u kaffe/libraries/javalib/java/security/VMAccessController.java:1.3 kaffe/libraries/javalib/java/security/VMAccessController.java:1.4
--- kaffe/libraries/javalib/java/security/VMAccessController.java:1.3 Mon Jul 12 04:52:39 2004
+++ kaffe/libraries/javalib/java/security/VMAccessController.java Sun Aug 22 20:06:15 2004
@@ -52,15 +52,24 @@
// -------------------------------------------------------------------------
/**
- * A mapping between pairs (<i>thread</i>, <i>classname</i>) to access
- * control contexts. The <i>thread</i> and <i>classname</i> are the thread
- * and <i>classname</i> current as of the last call to doPrivileged with
- * an AccessControlContext argument.
+ * This is a per-thread stack of AccessControlContext objects (which can
+ * be null) for each call to AccessController.doPrivileged in each thread's
+ * call stack. We use this to remember which context object corresponds to
+ * which call.
*/
- private static final Map contexts = Collections.synchronizedMap(new HashMap());
+ private static final ThreadLocal contexts = new ThreadLocal();
+ /**
+ * This is a Boolean that, if set, tells getContext that it has already
+ * been called once, allowing us to handle recursive permission checks
+ * caused by methods getContext calls.
+ */
private static final ThreadLocal inGetContext = new ThreadLocal();
+ /**
+ * And we return this all-permissive context to ensure that privileged
+ * methods called from getContext succeed.
+ */
private final static AccessControlContext DEFAULT_CONTEXT;
static
{
@@ -74,10 +83,10 @@
}
private static final boolean DEBUG = false;
- private static void debug (String msg)
+ private static void debug(String msg)
{
- System.err.print (">>> VMAccessController: ");
- System.err.println (msg);
+ System.err.print(">>> VMAccessController: ");
+ System.err.println(msg);
}
// Constructors.
@@ -97,15 +106,18 @@
* pushed from one thread will not be available to another.
*
* @param acc The access control context.
- * @param clazz The class that implements {@link PrivilegedAction}.
*/
- static void pushContext (AccessControlContext acc, Class clazz)
+ static void pushContext (AccessControlContext acc)
{
- ArrayList pair = new ArrayList (2);
- pair.add (Thread.currentThread());
- pair.add (clazz);
- if (DEBUG) debug ("pushing " + pair);
- contexts.put (pair, acc);
+ if (DEBUG)
+ debug("pushing " + acc);
+ LinkedList stack = (LinkedList) contexts.get();
+ if (stack == null)
+ {
+ stack = new LinkedList();
+ contexts.set(stack);
+ }
+ stack.addFirst(acc);
}
/**
@@ -113,16 +125,21 @@
* This method is used by {@link AccessController} when exiting from a
* call to {@link
* AccessController#doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)}.
- *
- * @param clazz The class that implements {@link PrivilegedAction}.
*/
- static void popContext (Class clazz)
+ static void popContext()
{
- ArrayList pair = new ArrayList (2);
- pair.add (Thread.currentThread());
- pair.add (clazz);
- if (DEBUG) debug ("popping " + pair);
- contexts.remove (pair);
+ if (DEBUG)
+ debug("popping context");
+
+ // Stack should never be null, nor should it be empty, if this method
+ // and its counterpart has been called properly.
+ LinkedList stack = (LinkedList) contexts.get();
+ if (stack != null)
+ {
+ stack.removeFirst();
+ if (stack.isEmpty())
+ contexts.set(null);
+ }
}
/**
@@ -143,80 +160,87 @@
Boolean inCall = (Boolean) inGetContext.get();
if (inCall != null && inCall.booleanValue())
{
- if (DEBUG) debug ("already in getContext");
+ if (DEBUG)
+ debug("already in getContext");
return DEFAULT_CONTEXT;
}
+ inGetContext.set(Boolean.TRUE);
+
Object[][] stack = getStack();
Class[] classes = (Class[]) stack[0];
String[] methods = (String[]) stack[1];
- inGetContext.set (Boolean.TRUE);
-
- if (DEBUG) debug (">>> got trace of length " + classes.length);
+ if (DEBUG)
+ debug(">>> got trace of length " + classes.length);
HashSet domains = new HashSet();
HashSet seenDomains = new HashSet();
AccessControlContext context = null;
+ int privileged = 0;
// We walk down the stack, adding each ProtectionDomain for each
// class in the call stack. If we reach a call to doPrivileged,
// we don't add any more stack frames. We skip the first three stack
// frames, since they comprise the calls to getStack, getContext,
// and AccessController.getContext.
- for (int i = 3; i < classes.length; i++)
+ for (int i = 3; i < classes.length && privileged < 2; i++)
{
Class clazz = classes[i];
String method = methods[i];
if (DEBUG)
{
- debug (">>> checking " + clazz + "." + method);
- debug (">>> loader = " + clazz.getClassLoader());
+ debug(">>> checking " + clazz + "." + method);
+ debug(">>> loader = " + clazz.getClassLoader());
}
+ // If the previous frame was a call to doPrivileged, then this is
+ // the last frame we look at.
+ if (privileged == 1)
+ privileged = 2;
+
if (clazz.equals (AccessController.class)
&& method.equals ("doPrivileged"))
{
// If there was a call to doPrivileged with a supplied context,
// return that context.
- List pair = new ArrayList(2);
- pair.add (Thread.currentThread());
- pair.add (classes[i-1]);
- if (contexts.containsKey (pair))
- context = (AccessControlContext) contexts.get (pair);
- break;
+ LinkedList l = (LinkedList) contexts.get();
+ if (l != null)
+ context = (AccessControlContext) l.getFirst();
+ privileged = 1;
}
ProtectionDomain domain = clazz.getProtectionDomain();
if (domain == null)
continue;
- if (seenDomains.contains (domain))
+ if (seenDomains.contains(domain))
continue;
- seenDomains.add (domain);
+ seenDomains.add(domain);
// Create a static snapshot of this domain, which may change over time
// if the current policy changes.
- domains.add (new ProtectionDomain (domain.getCodeSource(),
- domain.getPermissions()));
+ domains.add(new ProtectionDomain(domain.getCodeSource(),
+ domain.getPermissions()));
}
- if (DEBUG) debug ("created domains: " + domains);
+ if (DEBUG)
+ debug("created domains: " + domains);
ProtectionDomain[] result = (ProtectionDomain[])
- domains.toArray (new ProtectionDomain[domains.size()]);
+ domains.toArray(new ProtectionDomain[domains.size()]);
// Intersect the derived protection domain with the context supplied
// to doPrivileged.
if (context != null)
- context = new AccessControlContext (result, context,
- IntersectingDomainCombiner.SINGLETON);
+ context = new AccessControlContext(result, context,
+ IntersectingDomainCombiner.SINGLETON);
// No context was supplied. Return the derived one.
else
- context = new AccessControlContext (result);
+ context = new AccessControlContext(result);
- inGetContext.set (Boolean.FALSE);
+ inGetContext.set(Boolean.FALSE);
return context;
}
===================================================================
Checking out kaffe/libraries/javalib/java/security/cert/X509CRLSelector.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/java/security/cert/X509CRLSelector.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/java/security/cert/X509CRLSelector.java Sun Aug 22 20:10:21 2004
@@ -0,0 +1,445 @@
+/* X509CRLSelector.java -- selects X.509 CRLs by criteria.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.math.BigInteger;
+
+import java.security.AccessController;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+import gnu.java.security.action.GetPropertyAction;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+/**
+ * A class for matching X.509 certificate revocation lists by criteria.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm at gnu.org)
+ */
+public class X509CRLSelector implements CRLSelector, Cloneable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final String CRL_NUMBER_ID = "2.5.29.20";
+
+ private List issuerNames;
+ private BigInteger maxCrlNumber;
+ private BigInteger minCrlNumber;
+ private Date date;
+ private X509Certificate cert;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new CRL selector with no criteria enabled; i.e., every CRL
+ * will be matched.
+ */
+ public X509CRLSelector()
+ {
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as the DER
+ * encoded form.
+ *
+ * @param name The name to add, as DER bytes.
+ * @throws IOException If the argument is not a valid DER-encoding.
+ */
+ public void addIssuerName(byte[] name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as a
+ * String representation.
+ *
+ * @param name The name to add.
+ * @throws IOException If the argument is not a valid name.
+ */
+ public void addIssuerName(String name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + name);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Sets the issuer names criterion. Pass <code>null</code> to clear this
+ * value. CRLs matched by this selector must have an issuer name in this
+ * set.
+ *
+ * @param names The issuer names.
+ * @throws IOException If any of the elements in the collection is not
+ * a valid name.
+ */
+ public void setIssuerNames(Collection names) throws IOException
+ {
+ if (names == null)
+ {
+ issuerNames = null;
+ return;
+ }
+ List l = new ArrayList(names.size());
+ for (Iterator it = names.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o instanceof X500Principal)
+ l.add(o);
+ else if (o instanceof String)
+ {
+ try
+ {
+ l.add(new X500Principal((String) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof byte[])
+ {
+ try
+ {
+ l.add(new X500Principal((byte[]) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof InputStream)
+ {
+ try
+ {
+ l.add(new X500Principal((InputStream) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ throw new IOException("not a valid name: " +
+ (o != null ? o.getClass().getName() : "null"));
+
+ }
+ issuerNames = l;
+ }
+
+ /**
+ * Returns the set of issuer names that are matched by this selector,
+ * or <code>null</code> if this criteria is not set. The returned
+ * collection is not modifiable.
+ *
+ * @return The set of issuer names.
+ */
+ public Collection getIssuerNames()
+ {
+ if (issuerNames != null)
+ return Collections.unmodifiableList(issuerNames);
+ else
+ return null;
+ }
+
+ /**
+ * Returns the maximum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The maximum CRL number.
+ */
+ public BigInteger getMaxCRL()
+ {
+ return maxCrlNumber;
+ }
+
+ /**
+ * Returns the minimum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The minimum CRL number.
+ */
+ public BigInteger getMinCRL()
+ {
+ return minCrlNumber;
+ }
+
+ /**
+ * Sets the maximum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param maxCrlNumber The maximum CRL number.
+ */
+ public void setMaxCRLNumber(BigInteger maxCrlNumber)
+ {
+ this.maxCrlNumber = maxCrlNumber;
+ }
+
+ /**
+ * Sets the minimum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param minCrlNumber The minimum CRL number.
+ */
+ public void setMinCRLNumber(BigInteger minCrlNumber)
+ {
+ this.minCrlNumber = minCrlNumber;
+ }
+
+ /**
+ * Returns the date when this CRL must be valid; that is, the date
+ * must be after the thisUpdate date, but before the nextUpdate date.
+ * Returns <code>null</code> if this criterion is not set.
+ *
+ * @return The date.
+ */
+ public Date getDateAndTime()
+ {
+ return date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Sets the date at which this CRL must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param date The date.
+ */
+ public void setDateAndTime(Date date)
+ {
+ this.date = date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Returns the certificate being checked, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificateChecking()
+ {
+ return cert;
+ }
+
+ /**
+ * Sets the certificate being checked. This is not a criterion, but
+ * info used by certificate store implementations to aid in searching.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificateChecking(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Returns a string representation of this selector. The string will
+ * only describe the enabled criteria, so if none are enabled this will
+ * return a string that contains little else besides the class name.
+ *
+ * @return The string.
+ */
+ public String toString()
+ {
+ StringBuffer str = new StringBuffer(X509CRLSelector.class.getName());
+ GetPropertyAction getProp = new GetPropertyAction("line.separator");
+ String nl = (String) AccessController.doPrivileged(getProp);
+ String eol = ";" + nl;
+
+ str.append(" {").append(nl);
+ if (issuerNames != null)
+ str.append(" issuer names = ").append(issuerNames).append(eol);
+ if (maxCrlNumber != null)
+ str.append(" max CRL = ").append(maxCrlNumber).append(eol);
+ if (minCrlNumber != null)
+ str.append(" min CRL = ").append(minCrlNumber).append(eol);
+ if (date != null)
+ str.append(" date = ").append(date).append(eol);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+
+ /**
+ * Checks a CRL against the criteria of this selector, returning
+ * <code>true</code> if the given CRL matches all the criteria.
+ *
+ * @param _crl The CRL being checked.
+ * @return True if the CRL matches, false otherwise.
+ */
+ public boolean match(CRL _crl)
+ {
+ if (!(_crl instanceof X509CRL))
+ return false;
+ X509CRL crl = (X509CRL) _crl;
+ if (issuerNames != null)
+ {
+ if (!issuerNames.contains(crl.getIssuerX500Principal()))
+ return false;
+ }
+ BigInteger crlNumber = null;
+ if (maxCrlNumber != null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ if (maxCrlNumber.compareTo(crlNumber) < 0)
+ return false;
+ }
+ if (minCrlNumber != null)
+ {
+ if (crlNumber == null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ }
+ if (minCrlNumber.compareTo(crlNumber) > 0)
+ return false;
+ }
+ if (date != null)
+ {
+ if (date.compareTo(crl.getThisUpdate()) < 0 ||
+ date.compareTo(crl.getNextUpdate()) > 0)
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a copy of this object.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+}
===================================================================
Checking out kaffe/libraries/javalib/java/security/cert/X509CertSelector.java
RCS: /home/cvs/kaffe/kaffe/libraries/javalib/java/security/cert/X509CertSelector.java,v
VERS: 1.1
***************
--- /dev/null Sun Aug 4 19:57:58 2002
+++ kaffe/libraries/javalib/java/security/cert/X509CertSelector.java Sun Aug 22 20:10:21 2004
@@ -0,0 +1,1111 @@
+/* X509CertSelector.java -- selects X.509 certificates by criteria.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.AccessController;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import gnu.java.security.OID;
+import gnu.java.security.action.GetPropertyAction;
*** Patch too long, truncated ***
More information about the kaffe
mailing list