[kaffe] CVS kaffe (dalibor): Resynced with GNU Classpath: Fixes for AccessControler and certificates

Kaffe CVS cvs-commits at kaffe.org
Sun Aug 22 13:10:21 PDT 2004


PatchSet 5093 
Date: 2004/08/22 20:06:10
Author: dalibor
Branch: HEAD
Tag: (none) 
Log:
Resynced with GNU Classpath: Fixes for AccessControler and certificates

2004-08-22  Dalibor Topic  <robilad at kaffe.org>

        * libraries/javalib/java/security/cert/X509CRLSelector.java (match):
        Removed unnecessary throws clauses.

2004-08-22  Dalibor Topic  <robilad at kaffe.org>

        * libraries/javalib/java/security/cert/X509CRLSelector.java,
        libraries/javalib/java/security/cert/X509CertSelector.java:
        New files. Taken from GNU Classpath.

        * libraries/javalib/Makefile.am,
        libraries/javalib/Makefile.in,
        libraries/javalib/all.files:
        Regenerated.

        * libraries/javalib/java/security/AccessController.java,
        libraries/javalib/java/security/VMAccessController.java:
        Resynced with GNU Classpath.

        2004-08-21  Casey Marshall  <csm at gnu.org>

        * java/security/AccessController.java
        Removed FIXME comment.
        (doPriviliged(PrivilegedAction)): push and pop a null context.
        (doPrivileged(PrivilegedExceptionAction)): likewise.
        (doPrivileged(PrivilegedAction,AccessControlContext)): only pass
        the context to VMAccessController.pushContext.
        (doPrivileged(PrivilegedExceptionAction,AccessControlContext)):
        likewise.
        * vm/reference/java/security/VMAccessController.java
        (contexts): use a ThreadLocal for this field.
        (pushContext): only take the context as parameter; insert it
        into a thread local stack.
        (popContext): take no arguments. Handle new form of contexts
        stack.
        (getContext): set inGetContext as early as possible.
        Include the call just prior to doPrivileged too.
        Handle new form of contexts stack.

        2004-08-20  Casey Marshall  <csm at gnu.org>

        * java/security/cert/X509CRLSelector.java: new file.
        * java/security/cert/X509CertSelector.java: new file.

Members: 
	ChangeLog:1.2651->1.2652 
	libraries/javalib/Makefile.am:1.224->1.225 
	libraries/javalib/Makefile.in:1.301->1.302 
	libraries/javalib/all.files:1.18->1.19 
	libraries/javalib/java/security/AccessController.java:1.3->1.4 
	libraries/javalib/java/security/VMAccessController.java:1.3->1.4 
	libraries/javalib/java/security/cert/X509CRLSelector.java:INITIAL->1.1 
	libraries/javalib/java/security/cert/X509CertSelector.java:INITIAL->1.1 

Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.2651 kaffe/ChangeLog:1.2652
--- kaffe/ChangeLog:1.2651	Sun Aug 22 18:30:36 2004
+++ kaffe/ChangeLog	Sun Aug 22 20:06:10 2004
@@ -1,5 +1,50 @@
 2004-08-22  Dalibor Topic  <robilad at kaffe.org>
 
+	* libraries/javalib/java/security/cert/X509CRLSelector.java (match): 
+	Removed unnecessary throws clauses.
+
+2004-08-22  Dalibor Topic  <robilad at kaffe.org>
+
+        * libraries/javalib/java/security/cert/X509CRLSelector.java,
+        libraries/javalib/java/security/cert/X509CertSelector.java:
+	New files. Taken from GNU Classpath.
+
+        * libraries/javalib/Makefile.am,
+        libraries/javalib/Makefile.in,
+        libraries/javalib/all.files:
+	Regenerated.
+
+        * libraries/javalib/java/security/AccessController.java,
+        libraries/javalib/java/security/VMAccessController.java:
+	Resynced with GNU Classpath.
+
+	2004-08-21  Casey Marshall  <csm at gnu.org>
+
+        * java/security/AccessController.java
+        Removed FIXME comment.
+        (doPriviliged(PrivilegedAction)): push and pop a null context.
+        (doPrivileged(PrivilegedExceptionAction)): likewise.
+        (doPrivileged(PrivilegedAction,AccessControlContext)): only pass
+        the context to `VMAccessController.pushContext'.
+        (doPrivileged(PrivilegedExceptionAction,AccessControlContext)):
+        likewise.
+        * vm/reference/java/security/VMAccessController.java
+        (contexts): use a ThreadLocal for this field.
+        (pushContext): only take the context as parameter; insert it
+        into a thread local stack.
+        (popContext): take no arguments. Handle new form of `contexts'
+        stack.
+        (getContext): set `inGetContext' as early as possible.
+        Include the call just prior to `doPrivileged' too.
+        Handle new form of `contexts' stack.
+
+	2004-08-20  Casey Marshall  <csm at gnu.org>
+
+        * java/security/cert/X509CRLSelector.java: new file.
+        * java/security/cert/X509CertSelector.java: new file.
+
+2004-08-22  Dalibor Topic  <robilad at kaffe.org>
+
 	* config/x86_64/sysdepCallMethod.h:
         Add missing include.
 
Index: kaffe/libraries/javalib/Makefile.am
diff -u kaffe/libraries/javalib/Makefile.am:1.224 kaffe/libraries/javalib/Makefile.am:1.225
--- kaffe/libraries/javalib/Makefile.am:1.224	Thu Aug 19 00:14:15 2004
+++ kaffe/libraries/javalib/Makefile.am	Sun Aug 22 20:06:13 2004
@@ -2273,6 +2273,8 @@
 	java/security/cert/TrustAnchor.java \
 	java/security/cert/X509CRL.java \
 	java/security/cert/X509CRLEntry.java \
+	java/security/cert/X509CRLSelector.java \
+	java/security/cert/X509CertSelector.java \
 	java/security/cert/X509Certificate.java \
 	java/security/cert/X509Extension.java
 java_security_interfaces_SRCS = \
Index: kaffe/libraries/javalib/Makefile.in
diff -u kaffe/libraries/javalib/Makefile.in:1.301 kaffe/libraries/javalib/Makefile.in:1.302
--- kaffe/libraries/javalib/Makefile.in:1.301	Thu Aug 19 00:14:17 2004
+++ kaffe/libraries/javalib/Makefile.in	Sun Aug 22 20:06:14 2004
@@ -2758,6 +2758,8 @@
 	java/security/cert/TrustAnchor.java \
 	java/security/cert/X509CRL.java \
 	java/security/cert/X509CRLEntry.java \
+	java/security/cert/X509CRLSelector.java \
+	java/security/cert/X509CertSelector.java \
 	java/security/cert/X509Certificate.java \
 	java/security/cert/X509Extension.java
 
Index: kaffe/libraries/javalib/all.files
diff -u kaffe/libraries/javalib/all.files:1.18 kaffe/libraries/javalib/all.files:1.19
--- kaffe/libraries/javalib/all.files:1.18	Thu Aug 19 00:14:17 2004
+++ kaffe/libraries/javalib/all.files	Sun Aug 22 20:06:14 2004
@@ -1836,6 +1836,8 @@
 java/security/cert/TrustAnchor.java
 java/security/cert/X509CRL.java
 java/security/cert/X509CRLEntry.java
+java/security/cert/X509CRLSelector.java
+java/security/cert/X509CertSelector.java
 java/security/cert/X509Certificate.java
 java/security/cert/X509Extension.java
 java/security/interfaces/DSAKey.java
Index: kaffe/libraries/javalib/java/security/AccessController.java
diff -u kaffe/libraries/javalib/java/security/AccessController.java:1.3 kaffe/libraries/javalib/java/security/AccessController.java:1.4
--- kaffe/libraries/javalib/java/security/AccessController.java:1.3	Thu Jun  3 22:26:00 2004
+++ kaffe/libraries/javalib/java/security/AccessController.java	Sun Aug 22 20:06:15 2004
@@ -47,11 +47,6 @@
  * And provides a <code>getContext()</code> method which gives the access
  * control context of the current thread that can be used for checking
  * permissions at a later time and/or in another thread.
- * <p>
- * XXX - Mostly a stub implementation at the moment. Needs native support
- * from the VM to function correctly. XXX - Do not forget to think about
- * how to handle <code>java.lang.reflect.Method.invoke()</code> on the
- * <code>doPrivileged()</code> methods.
  *
  * @author Mark Wielaard (mark at klomp.org)
  * @since 1.2
@@ -95,7 +90,15 @@
    */
   public static Object doPrivileged(PrivilegedAction action)
   {
-    return action.run();
+    VMAccessController.pushContext(null);
+    try
+      {
+        return action.run();
+      }
+    finally
+      {
+        VMAccessController.popContext();
+      }
   }
 
   /**
@@ -113,16 +116,16 @@
    * @return the result of the <code>action.run()</code> method.
    */
   public static Object doPrivileged(PrivilegedAction action,
-				    AccessControlContext context)
+                                    AccessControlContext context)
   {
-    VMAccessController.pushContext (context, action.getClass());
+    VMAccessController.pushContext(context);
     try
       {
         return action.run();
       }
     finally
       {
-        VMAccessController.popContext (action.getClass());
+        VMAccessController.popContext();
       }
   }
 
@@ -145,14 +148,18 @@
   public static Object doPrivileged(PrivilegedExceptionAction action)
     throws PrivilegedActionException
   {
-
+    VMAccessController.pushContext(null);
     try
       {
-	return action.run();
+        return action.run();
       }
     catch (Exception e)
       {
-	throw new PrivilegedActionException(e);
+        throw new PrivilegedActionException(e);
+      }
+    finally
+      {
+        VMAccessController.popContext();
       }
   }
 
@@ -175,22 +182,21 @@
    * is thrown in the <code>run()</code> method.
    */
   public static Object doPrivileged(PrivilegedExceptionAction action,
-				    AccessControlContext context)
+                                    AccessControlContext context)
     throws PrivilegedActionException
   {
-    VMAccessController.pushContext (context, action.getClass());
-
+    VMAccessController.pushContext(context);
     try
       {
-	return action.run();
+        return action.run();
       }
     catch (Exception e)
       {
-	throw new PrivilegedActionException(e);
+        throw new PrivilegedActionException(e);
       }
     finally
       {
-        VMAccessController.popContext (action.getClass());
+        VMAccessController.popContext();
       }
   }
 
Index: kaffe/libraries/javalib/java/security/VMAccessController.java
diff -u kaffe/libraries/javalib/java/security/VMAccessController.java:1.3 kaffe/libraries/javalib/java/security/VMAccessController.java:1.4
--- kaffe/libraries/javalib/java/security/VMAccessController.java:1.3	Mon Jul 12 04:52:39 2004
+++ kaffe/libraries/javalib/java/security/VMAccessController.java	Sun Aug 22 20:06:15 2004
@@ -52,15 +52,24 @@
   // -------------------------------------------------------------------------
 
   /**
-   * A mapping between pairs (<i>thread</i>, <i>classname</i>) to access
-   * control contexts. The <i>thread</i> and <i>classname</i> are the thread
-   * and <i>classname</i> current as of the last call to doPrivileged with
-   * an AccessControlContext argument.
+   * This is a per-thread stack of AccessControlContext objects (which can
+   * be null) for each call to AccessController.doPrivileged in each thread's
+   * call stack. We use this to remember which context object corresponds to
+   * which call.
    */
-  private static final Map contexts = Collections.synchronizedMap(new HashMap());
+  private static final ThreadLocal contexts = new ThreadLocal();
 
+  /**
+   * This is a Boolean that, if set, tells getContext that it has already
+   * been called once, allowing us to handle recursive permission checks
+   * caused by methods getContext calls.
+   */
   private static final ThreadLocal inGetContext = new ThreadLocal();
 
+  /**
+   * And we return this all-permissive context to ensure that privileged
+   * methods called from getContext succeed.
+   */
   private final static AccessControlContext DEFAULT_CONTEXT;
   static
   {
@@ -74,10 +83,10 @@
   }
 
   private static final boolean DEBUG = false;
-  private static void debug (String msg)
+  private static void debug(String msg)
   {
-    System.err.print (">>> VMAccessController: ");
-    System.err.println (msg);
+    System.err.print(">>> VMAccessController: ");
+    System.err.println(msg);
   }
 
   // Constructors.
@@ -97,15 +106,18 @@
    * pushed from one thread will not be available to another.
    *
    * @param acc The access control context.
-   * @param clazz The class that implements {@link PrivilegedAction}.
    */
-  static void pushContext (AccessControlContext acc, Class clazz)
+  static void pushContext (AccessControlContext acc)
   {
-    ArrayList pair = new ArrayList (2);
-    pair.add (Thread.currentThread());
-    pair.add (clazz);
-    if (DEBUG) debug ("pushing " + pair);
-    contexts.put (pair, acc);
+    if (DEBUG)
+      debug("pushing " + acc);
+    LinkedList stack = (LinkedList) contexts.get();
+    if (stack == null)
+      {
+        stack = new LinkedList();
+        contexts.set(stack);
+      }
+    stack.addFirst(acc);
   }
 
   /**
@@ -113,16 +125,21 @@
    * This method is used by {@link AccessController} when exiting from a
    * call to {@link
    * AccessController#doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)}.
-   *
-   * @param clazz The class that implements {@link PrivilegedAction}.
    */
-  static void popContext (Class clazz)
+  static void popContext()
   {
-    ArrayList pair = new ArrayList (2);
-    pair.add (Thread.currentThread());
-    pair.add (clazz);
-    if (DEBUG) debug ("popping " + pair);
-    contexts.remove (pair);
+    if (DEBUG)
+      debug("popping context");
+
+    // Stack should never be null, nor should it be empty, if this method
+    // and its counterpart has been called properly.
+    LinkedList stack = (LinkedList) contexts.get();
+    if (stack != null)
+      {
+        stack.removeFirst();
+        if (stack.isEmpty())
+          contexts.set(null);
+      }
   }
 
   /**
@@ -143,80 +160,87 @@
     Boolean inCall = (Boolean) inGetContext.get();
     if (inCall != null && inCall.booleanValue())
       {
-        if (DEBUG) debug ("already in getContext");
+        if (DEBUG)
+          debug("already in getContext");
         return DEFAULT_CONTEXT;
       }
 
+    inGetContext.set(Boolean.TRUE);
+
     Object[][] stack = getStack();
     Class[] classes = (Class[]) stack[0];
     String[] methods = (String[]) stack[1];
 
-    inGetContext.set (Boolean.TRUE);
-
-    if (DEBUG) debug (">>> got trace of length " + classes.length);
+    if (DEBUG)
+      debug(">>> got trace of length " + classes.length);
 
     HashSet domains = new HashSet();
     HashSet seenDomains = new HashSet();
     AccessControlContext context = null;
+    int privileged = 0;
 
     // We walk down the stack, adding each ProtectionDomain for each
     // class in the call stack. If we reach a call to doPrivileged,
     // we don't add any more stack frames. We skip the first three stack
     // frames, since they comprise the calls to getStack, getContext,
     // and AccessController.getContext.
-    for (int i = 3; i < classes.length; i++)
+    for (int i = 3; i < classes.length && privileged < 2; i++)
       {
         Class clazz = classes[i];
         String method = methods[i];
 
         if (DEBUG)
           {
-            debug (">>> checking " + clazz + "." + method);
-            debug (">>> loader = " + clazz.getClassLoader());
+            debug(">>> checking " + clazz + "." + method);
+            debug(">>> loader = " + clazz.getClassLoader());
           }
 
+        // If the previous frame was a call to doPrivileged, then this is
+        // the last frame we look at.
+        if (privileged == 1)
+          privileged = 2;
+
         if (clazz.equals (AccessController.class)
             && method.equals ("doPrivileged"))
           {
             // If there was a call to doPrivileged with a supplied context,
             // return that context.
-            List pair = new ArrayList(2);
-            pair.add (Thread.currentThread());
-            pair.add (classes[i-1]);
-            if (contexts.containsKey (pair))
-              context = (AccessControlContext) contexts.get (pair);
-            break;
+            LinkedList l = (LinkedList) contexts.get();
+            if (l != null)
+              context = (AccessControlContext) l.getFirst();
+            privileged = 1;
           }
 
         ProtectionDomain domain = clazz.getProtectionDomain();
 
         if (domain == null)
           continue;
-        if (seenDomains.contains (domain))
+        if (seenDomains.contains(domain))
           continue;
-        seenDomains.add (domain);
+        seenDomains.add(domain);
 
         // Create a static snapshot of this domain, which may change over time
         // if the current policy changes.
-        domains.add (new ProtectionDomain (domain.getCodeSource(),
-                                           domain.getPermissions()));
+        domains.add(new ProtectionDomain(domain.getCodeSource(),
+                                         domain.getPermissions()));
       }
 
-    if (DEBUG) debug ("created domains: " + domains);
+    if (DEBUG)
+      debug("created domains: " + domains);
 
     ProtectionDomain[] result = (ProtectionDomain[])
-      domains.toArray (new ProtectionDomain[domains.size()]);
+      domains.toArray(new ProtectionDomain[domains.size()]);
 
     // Intersect the derived protection domain with the context supplied
     // to doPrivileged.
     if (context != null)
-      context = new AccessControlContext (result, context,
-                                          IntersectingDomainCombiner.SINGLETON);
+      context = new AccessControlContext(result, context,
+                                         IntersectingDomainCombiner.SINGLETON);
     // No context was supplied. Return the derived one.
     else
-      context = new AccessControlContext (result);
+      context = new AccessControlContext(result);
 
-    inGetContext.set (Boolean.FALSE);
+    inGetContext.set(Boolean.FALSE);
     return context;
   }
 
===================================================================
Checking out kaffe/libraries/javalib/java/security/cert/X509CRLSelector.java
RCS:  /home/cvs/kaffe/kaffe/libraries/javalib/java/security/cert/X509CRLSelector.java,v
VERS: 1.1
***************
--- /dev/null	Sun Aug  4 19:57:58 2002
+++ kaffe/libraries/javalib/java/security/cert/X509CRLSelector.java	Sun Aug 22 20:10:21 2004
@@ -0,0 +1,445 @@
+/* X509CRLSelector.java -- selects X.509 CRLs by criteria.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.math.BigInteger;
+
+import java.security.AccessController;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+import gnu.java.security.action.GetPropertyAction;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+/**
+ * A class for matching X.509 certificate revocation lists by criteria.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm at gnu.org)
+ */
+public class X509CRLSelector implements CRLSelector, Cloneable
+{
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private static final String CRL_NUMBER_ID = "2.5.29.20";
+
+  private List issuerNames;
+  private BigInteger maxCrlNumber;
+  private BigInteger minCrlNumber;
+  private Date date;
+  private X509Certificate cert;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Creates a new CRL selector with no criteria enabled; i.e., every CRL
+   * will be matched.
+   */
+  public X509CRLSelector()
+  {
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Add an issuer name to the set of issuer names criteria, as the DER
+   * encoded form.
+   *
+   * @param name The name to add, as DER bytes.
+   * @throws IOException If the argument is not a valid DER-encoding.
+   */
+  public void addIssuerName(byte[] name) throws IOException
+  {
+    X500Principal p = null;
+    try
+      {
+        p = new X500Principal(name);
+      }
+    catch (IllegalArgumentException iae)
+      {
+        IOException ioe = new IOException("malformed name");
+        ioe.initCause(iae);
+        throw ioe;
+      }
+    if (issuerNames == null)
+      issuerNames = new LinkedList();
+    issuerNames.add(p);
+  }
+
+  /**
+   * Add an issuer name to the set of issuer names criteria, as a
+   * String representation.
+   *
+   * @param name The name to add.
+   * @throws IOException If the argument is not a valid name.
+   */
+  public void addIssuerName(String name) throws IOException
+  {
+    X500Principal p = null;
+    try
+      {
+        p = new X500Principal(name);
+      }
+    catch (IllegalArgumentException iae)
+      {
+        IOException ioe = new IOException("malformed name: " + name);
+        ioe.initCause(iae);
+        throw ioe;
+      }
+    if (issuerNames == null)
+      issuerNames = new LinkedList();
+    issuerNames.add(p);
+  }
+
+  /**
+   * Sets the issuer names criterion. Pass <code>null</code> to clear this
+   * value. CRLs matched by this selector must have an issuer name in this
+   * set.
+   *
+   * @param names The issuer names.
+   * @throws IOException If any of the elements in the collection is not
+   *         a valid name.
+   */
+  public void setIssuerNames(Collection names) throws IOException
+  {
+    if (names == null)
+      {
+        issuerNames = null;
+        return;
+      }
+    List l = new ArrayList(names.size());
+    for (Iterator it = names.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o instanceof X500Principal)
+          l.add(o);
+        else if (o instanceof String)
+          {
+            try
+              {
+                l.add(new X500Principal((String) o));
+              }
+            catch (IllegalArgumentException iae)
+              {
+                IOException ioe = new IOException("malformed name: " + o);
+                ioe.initCause(iae);
+                throw ioe;
+              }
+          }
+        else if (o instanceof byte[])
+          {
+            try
+              {
+                l.add(new X500Principal((byte[]) o));
+              }
+            catch (IllegalArgumentException iae)
+              {
+                IOException ioe = new IOException("malformed name");
+                ioe.initCause(iae);
+                throw ioe;
+              }
+          }
+        else if (o instanceof InputStream)
+          {
+            try
+              {
+                l.add(new X500Principal((InputStream) o));
+              }
+            catch (IllegalArgumentException iae)
+              {
+                IOException ioe = new IOException("malformed name");
+                ioe.initCause(iae);
+                throw ioe;
+              }
+          }
+        else
+          throw new IOException("not a valid name: " +
+                                (o != null ? o.getClass().getName() : "null"));
+
+      }
+    issuerNames = l;
+  }
+
+  /**
+   * Returns the set of issuer names that are matched by this selector,
+   * or <code>null</code> if this criteria is not set. The returned
+   * collection is not modifiable.
+   *
+   * @return The set of issuer names.
+   */
+  public Collection getIssuerNames()
+  {
+    if (issuerNames != null)
+      return Collections.unmodifiableList(issuerNames);
+    else
+      return null;
+  }
+
+  /**
+   * Returns the maximum value of the CRLNumber extension present in
+   * CRLs matched by this selector, or <code>null</code> if this
+   * criteria is not set.
+   *
+   * @return The maximum CRL number.
+   */
+  public BigInteger getMaxCRL()
+  {
+    return maxCrlNumber;
+  }
+
+  /**
+   * Returns the minimum value of the CRLNumber extension present in
+   * CRLs matched by this selector, or <code>null</code> if this
+   * criteria is not set.
+   *
+   * @return The minimum CRL number.
+   */
+  public BigInteger getMinCRL()
+  {
+    return minCrlNumber;
+  }
+
+  /**
+   * Sets the maximum value of the CRLNumber extension present in CRLs
+   * matched by this selector. Specify <code>null</code> to clear this
+   * criterion.
+   *
+   * @param maxCrlNumber The maximum CRL number.
+   */
+  public void setMaxCRLNumber(BigInteger maxCrlNumber)
+  {
+    this.maxCrlNumber = maxCrlNumber;
+  }
+
+  /**
+   * Sets the minimum value of the CRLNumber extension present in CRLs
+   * matched by this selector. Specify <code>null</code> to clear this
+   * criterion.
+   *
+   * @param minCrlNumber The minimum CRL number.
+   */
+  public void setMinCRLNumber(BigInteger minCrlNumber)
+  {
+    this.minCrlNumber = minCrlNumber;
+  }
+
+  /**
+   * Returns the date when this CRL must be valid; that is, the date
+   * must be after the thisUpdate date, but before the nextUpdate date.
+   * Returns <code>null</code> if this criterion is not set.
+   *
+   * @return The date.
+   */
+  public Date getDateAndTime()
+  {
+    return date != null ? (Date) date.clone() : null;
+  }
+
+  /**
+   * Sets the date at which this CRL must be valid. Specify
+   * <code>null</code> to clear this criterion.
+   *
+   * @param date The date.
+   */
+  public void setDateAndTime(Date date)
+  {
+    this.date = date != null ? (Date) date.clone() : null;
+  }
+
+  /**
+   * Returns the certificate being checked, or <code>null</code> if this
+   * value is not set.
+   *
+   * @return The certificate.
+   */
+  public X509Certificate getCertificateChecking()
+  {
+    return cert;
+  }
+
+  /**
+   * Sets the certificate being checked. This is not a criterion, but
+   * info used by certificate store implementations to aid in searching.
+   *
+   * @param cert The certificate.
+   */
+  public void setCertificateChecking(X509Certificate cert)
+  {
+    this.cert = cert;
+  }
+
+  /**
+   * Returns a string representation of this selector. The string will
+   * only describe the enabled criteria, so if none are enabled this will
+   * return a string that contains little else besides the class name.
+   *
+   * @return The string.
+   */
+  public String toString()
+  {
+    StringBuffer str = new StringBuffer(X509CRLSelector.class.getName());
+    GetPropertyAction getProp = new GetPropertyAction("line.separator");
+    String nl = (String) AccessController.doPrivileged(getProp);
+    String eol = ";" + nl;
+
+    str.append(" {").append(nl);
+    if (issuerNames != null)
+      str.append("  issuer names = ").append(issuerNames).append(eol);
+    if (maxCrlNumber != null)
+      str.append("  max CRL = ").append(maxCrlNumber).append(eol);
+    if (minCrlNumber != null)
+      str.append("  min CRL = ").append(minCrlNumber).append(eol);
+    if (date != null)
+      str.append("  date = ").append(date).append(eol);
+    if (cert != null)
+      str.append("  certificate = ").append(cert).append(eol);
+    str.append("}").append(nl);
+    return str.toString();
+  }
+
+  /**
+   * Checks a CRL against the criteria of this selector, returning
+   * <code>true</code> if the given CRL matches all the criteria.
+   *
+   * @param _crl The CRL being checked.
+   * @return True if the CRL matches, false otherwise.
+   */
+  public boolean match(CRL _crl)
+  {
+    if (!(_crl instanceof X509CRL))
+      return false;
+    X509CRL crl = (X509CRL) _crl;
+    if (issuerNames != null)
+      {
+        if (!issuerNames.contains(crl.getIssuerX500Principal()))
+          return false;
+      }
+    BigInteger crlNumber = null;
+    if (maxCrlNumber != null)
+      {
+	byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+	if (b == null)
+	  return false;
+	try
+	  {
+	    DERValue val = DERReader.read(b);
+	    if (!(val.getValue() instanceof BigInteger))
+	      return false;
+	    crlNumber = (BigInteger) val.getValue();
+	  }
+	catch (IOException ioe)
+	  {
+	    return false;
+	  }
+	if (maxCrlNumber.compareTo(crlNumber) < 0)
+	  return false;
+      }
+    if (minCrlNumber != null)
+      {
+	if (crlNumber == null)
+	  {
+	    byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+	    if (b == null)
+	      return false;
+	    try
+	      {
+		DERValue val = DERReader.read(b);
+		if (!(val.getValue() instanceof BigInteger))
+		  return false;
+		crlNumber = (BigInteger) val.getValue();
+	      }
+	    catch (IOException ioe)
+	      {
+		return false;
+	      }
+	  }
+	if (minCrlNumber.compareTo(crlNumber) > 0)
+	  return false;
+      }
+    if (date != null)
+      {
+        if (date.compareTo(crl.getThisUpdate()) < 0 ||
+            date.compareTo(crl.getNextUpdate()) > 0)
+          return false;
+      }
+    return true;
+  }
+
+  /**
+   * Returns a copy of this object.
+   *
+   * @return The copy.
+   */
+  public Object clone()
+  {
+    try
+      {
+        return super.clone();
+      }
+    catch (CloneNotSupportedException shouldNotHappen)
+      {
+        throw new Error(shouldNotHappen);
+      }
+  }
+}
===================================================================
Checking out kaffe/libraries/javalib/java/security/cert/X509CertSelector.java
RCS:  /home/cvs/kaffe/kaffe/libraries/javalib/java/security/cert/X509CertSelector.java,v
VERS: 1.1
***************
--- /dev/null	Sun Aug  4 19:57:58 2002
+++ kaffe/libraries/javalib/java/security/cert/X509CertSelector.java	Sun Aug 22 20:10:21 2004
@@ -0,0 +1,1111 @@
+/* X509CertSelector.java -- selects X.509 certificates by criteria.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.AccessController;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import gnu.java.security.OID;
+import gnu.java.security.action.GetPropertyAction;

*** Patch too long, truncated ***




More information about the kaffe mailing list