[kaffe] CVS kaffe (dalibor): Replaced java/security/cert/ with implementation from GNU Classpath

Kaffe CVS Kaffe Mailing List <kaffe@kaffe.org>
Mon Mar 22 10:18:02 2004


PatchSet 4561 
Date: 2004/03/22 18:14:24
Author: dalibor
Branch: HEAD
Tag: (none) 
Log:
Replaced java/security/cert/ with implementation from GNU Classpath

2004-03-22  Dalibor Topic <robilad@kaffe.org>

        * libraries/javalib/java/security/cert/CRL.java,
        libraries/javalib/java/security/cert/CertPathBuilder.java,
        libraries/javalib/java/security/cert/CertPathValidator.java,
        libraries/javalib/java/security/cert/CertStore.java,
        libraries/javalib/java/security/cert/Certificate.java,
        libraries/javalib/java/security/cert/CertificateFactory.java,
        libraries/javalib/java/security/cert/CertificateFactorySpi.java,
        libraries/javalib/java/security/cert/PKIXBuilderParameters.java,
        libraries/javalib/java/security/cert/PKIXParameters.java,
        libraries/javalib/java/security/cert/PolicyQualifierInfo.java,
        libraries/javalib/java/security/cert/TrustAnchor.java,
        libraries/javalib/java/security/cert/X509CRL.java,
        libraries/javalib/java/security/cert/X509CRLEntry.java,
        libraries/javalib/java/security/cert/X509Certificate.java:
        Replaced by implementation from GNU Classpath.

Members: 
	ChangeLog:1.2139->1.2140 
	libraries/javalib/java/security/cert/CRL.java:1.1->1.2 
	libraries/javalib/java/security/cert/CertPathBuilder.java:1.2->1.3 
	libraries/javalib/java/security/cert/CertPathValidator.java:1.2->1.3 
	libraries/javalib/java/security/cert/CertStore.java:1.3->1.4 
	libraries/javalib/java/security/cert/Certificate.java:1.2->1.3 
	libraries/javalib/java/security/cert/CertificateFactory.java:1.3->1.4 
	libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.3->1.4 
	libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.2->1.3 
	libraries/javalib/java/security/cert/PKIXParameters.java:1.2->1.3 
	libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.2->1.3 
	libraries/javalib/java/security/cert/TrustAnchor.java:1.2->1.3 
	libraries/javalib/java/security/cert/X509CRL.java:1.2->1.3 
	libraries/javalib/java/security/cert/X509CRLEntry.java:1.2->1.3 
	libraries/javalib/java/security/cert/X509Certificate.java:1.3->1.4 

Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.2139 kaffe/ChangeLog:1.2140
--- kaffe/ChangeLog:1.2139	Mon Mar 22 17:00:54 2004
+++ kaffe/ChangeLog	Mon Mar 22 18:14:24 2004
@@ -1,5 +1,23 @@
 2004-03-22  Dalibor Topic <robilad@kaffe.org>
 
+        * libraries/javalib/java/security/cert/CRL.java,
+        libraries/javalib/java/security/cert/CertPathBuilder.java,
+        libraries/javalib/java/security/cert/CertPathValidator.java,
+        libraries/javalib/java/security/cert/CertStore.java,
+        libraries/javalib/java/security/cert/Certificate.java,
+        libraries/javalib/java/security/cert/CertificateFactory.java,
+        libraries/javalib/java/security/cert/CertificateFactorySpi.java,
+        libraries/javalib/java/security/cert/PKIXBuilderParameters.java,
+        libraries/javalib/java/security/cert/PKIXParameters.java,
+        libraries/javalib/java/security/cert/PolicyQualifierInfo.java,
+        libraries/javalib/java/security/cert/TrustAnchor.java,
+        libraries/javalib/java/security/cert/X509CRL.java,
+        libraries/javalib/java/security/cert/X509CRLEntry.java,
+        libraries/javalib/java/security/cert/X509Certificate.java:
+	Replaced by implementation from GNU Classpath.
+
+2004-03-22  Dalibor Topic <robilad@kaffe.org>
+
         * libraries/javalib/java/security/spec/DSAParameterSpec.java,
         libraries/javalib/java/security/spec/DSAPrivateKeySpec.java,
         libraries/javalib/java/security/spec/DSAPublicKeySpec.java,
Index: kaffe/libraries/javalib/java/security/cert/CRL.java
diff -u kaffe/libraries/javalib/java/security/cert/CRL.java:1.1 kaffe/libraries/javalib/java/security/cert/CRL.java:1.2
--- kaffe/libraries/javalib/java/security/cert/CRL.java:1.1	Sun May 12 15:08:45 2002
+++ kaffe/libraries/javalib/java/security/cert/CRL.java	Mon Mar 22 18:14:27 2004
@@ -1,36 +1,98 @@
-/*
- * CRL.java
- *
- * Copyright (c) 2001 University of Utah and the Flux Group.
- * All rights reserved.
- *
- * This file is licensed under the terms of the GNU Public License.
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * Contributed by the Flux Research Group, Department of Computer Science,
- * University of Utah, http://www.cs.utah.edu/flux/
- */
+/* CRL.java --- Certificate Revocation List
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
 
 package java.security.cert;
 
+/**
+   Certificate Revocation List class for managing CRLs that
+   have different formats but the same general use. They
+   all serve as lists of revoked certificates and can
+   be queried for a given certificate.
+   
+   Specialized CRLs extend this class.
+   
+   @author Mark Benvenuto
+   
+   @since JDK 1.2
+*/
 public abstract class CRL
 {
 
-    private String type;
-    
-    protected CRL(String type)
-    {
-	this.type = type;
-    }
-
-    public String getType()
-    {
-	return this.type;
-    }
-    
-    public abstract String toString();
+  private String type;
+
+  /**
+     Creates a new CRL for the specified type. An example
+     is "X.509".
+
+     @param type the standard name for the CRL type. 
+  */
+  protected CRL(String type)
+  {
+    this.type = type;
+  }
+
+  /**
+     Returns the CRL type.
+
+     @return a string representing the CRL type
+  */
+  public final String getType()
+  {
+    return type;
+  }
+
+  /**
+     Returns a string representing the CRL.
+
+     @return a string representing the CRL.
+  */
+  public abstract String toString();
+
+  /**
+     Determines whether or not the specified Certificate
+     is revoked.
+
+     @param cert A certificate to check if it is revoked
+
+     @return true if the certificate is revoked,
+     false otherwise.	
+  */
+  public abstract boolean isRevoked(Certificate cert);
+
 
-    public abstract boolean isRevoked(Certificate cert);
-    
 }
Index: kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java
diff -u kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java:1.2 kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java:1.3
--- kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java	Mon Mar 22 18:14:27 2004
@@ -38,13 +38,13 @@
 
 package java.security.cert;
 
-import gnu.java.security.Engine;
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.Provider;
 import java.security.Security;
+
+import gnu.java.security.Engine;
 
 /**
  * This class builds certificate paths (also called certificate chains),
Index: kaffe/libraries/javalib/java/security/cert/CertPathValidator.java
diff -u kaffe/libraries/javalib/java/security/cert/CertPathValidator.java:1.2 kaffe/libraries/javalib/java/security/cert/CertPathValidator.java:1.3
--- kaffe/libraries/javalib/java/security/cert/CertPathValidator.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertPathValidator.java	Mon Mar 22 18:14:27 2004
@@ -38,8 +38,6 @@
 
 package java.security.cert;
 
-import gnu.java.security.Engine;
-
 import java.security.AccessController;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
@@ -47,6 +45,8 @@
 import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.Security;
+
+import gnu.java.security.Engine;
 
 /**
  * Generic interface to classes that validate certificate paths.
Index: kaffe/libraries/javalib/java/security/cert/CertStore.java
diff -u kaffe/libraries/javalib/java/security/cert/CertStore.java:1.3 kaffe/libraries/javalib/java/security/cert/CertStore.java:1.4
--- kaffe/libraries/javalib/java/security/cert/CertStore.java:1.3	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertStore.java	Mon Mar 22 18:14:27 2004
@@ -38,15 +38,16 @@
 
 package java.security.cert;
 
-import gnu.java.security.Engine;
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.Security;
+
 import java.util.Collection;
+
+import gnu.java.security.Engine;
 
 /**
  * A CertStore is a read-only repository for certificates and
Index: kaffe/libraries/javalib/java/security/cert/Certificate.java
diff -u kaffe/libraries/javalib/java/security/cert/Certificate.java:1.2 kaffe/libraries/javalib/java/security/cert/Certificate.java:1.3
--- kaffe/libraries/javalib/java/security/cert/Certificate.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/Certificate.java	Mon Mar 22 18:14:27 2004
@@ -1,164 +1,307 @@
-/*
- * Certificate.java
- *
- * Copyright (c) 2001 University of Utah and the Flux Group.
- * All rights reserved.
- *
- * This file is licensed under the terms of the GNU Public License.
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * Contributed by the Flux Research Group, Department of Computer Science,
- * University of Utah, http://www.cs.utah.edu/flux/
- */
+/* Certificate.java --- Certificate class
+   Copyright (C) 1999,2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
 
 package java.security.cert;
 
-import java.io.ObjectStreamException;
-import java.io.Serializable;
-import java.security.InvalidKeyException;
+import java.security.PublicKey;
 import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
 import java.security.NoSuchProviderException;
-import java.security.PublicKey;
 import java.security.SignatureException;
+import java.io.ObjectInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.InvalidObjectException;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
 
-public abstract class Certificate
-    implements Serializable
+/**
+ * The Certificate class is an abstract class used to manage 
+ * identity certificates. An identity certificate is a
+ * combination of a principal and a public key which is 
+ * certified by another principal. This is the puprose of 
+ * Certificate Authorities (CA).
+ * 
+ * <p>This class is used to manage different types of certificates
+ * but have important common puposes. Different types of 
+ * certificates like X.509 and OpenPGP share general certificate
+ * functions (like encoding and verifying) and information like
+ * public keys.
+ * 
+ * <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this
+ * class even though they differ in storage methods and information
+ * stored.
+ *
+ * @see CertificateFactory
+ * @see X509Certificate
+ * @since JDK 1.2
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ */
+public abstract class Certificate implements Serializable
 {
-    protected static class CertificateRep
-	implements Serializable
-    {
-	private String type;
-	private byte data[];
+  private static final long serialVersionUID = -6751606818319535583L;
 	
-	protected CertificateRep(String type, byte data[])
-	{
-	    this.type = type;
-	    this.data = data;
-	}
-
-	protected Object readResolve()
-	    throws ObjectStreamException
-	{
-	    return null; // XXX
-	}
-    }
-
-    private String type;
+  private String type;
 
-    protected Certificate(String type)
-    {
-	this.type = type;
+  /**
+     Constructs a new certificate of the specified type. An example
+     is "X.509".
+
+     @param type a valid standard name for a certificate.
+  */
+  protected Certificate(String type)
+  {
+    this.type = type;
+  }
+
+  /**
+     Returns the Certificate type.
+
+     @return a string representing the Certificate type
+  */
+  public final String getType()
+  {
+    return type;
+  }
+
+  /**
+     Compares this Certificate to other. It checks if the
+     object if instanceOf Certificate and then checks if
+     the encoded form matches.
+
+     @param other An Object to test for equality
+
+     @return true if equal, false otherwise
+  */
+  public boolean equals(Object other)
+  {
+    if( other instanceof Certificate ) {
+      try {
+	Certificate x = (Certificate) other;
+	if( getEncoded().length != x.getEncoded().length )
+	  return false;
+
+	byte b1[] = getEncoded();
+	byte b2[] = x.getEncoded();
+
+	for( int i = 0; i < b1.length; i++ )
+	  if( b1[i] != b2[i] )
+	    return false;
+
+      } catch( CertificateEncodingException cee ) { 
+	return false;
+      }
+      return true;
     }
+    return false;
+  }
 
-    public abstract byte[] getEncoded() throws CertificateEncodingException;
-
-    public abstract PublicKey getPublicKey();
-
-    public String getType()
-    {
-	return this.type;
-    }
-    
-    public boolean equals(Object obj)
-    {
-	boolean retval = false;
+  /**
+     Returns a hash code for this Certificate in its encoded
+     form.
+
+     @return A hash code of this class
+  */
+  public int hashCode()
+  {
+    return super.hashCode();
+  }
+
+  /**
+     Gets the DER ASN.1 encoded format for this Certificate.
+     It assumes each certificate has only one encoding format.
+     Ex: X.509 is encoded as ASN.1 DER
+
+     @return byte array containg encoded form
+
+     @throws CertificateEncodingException if an error occurs
+  */
+  public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+  /**
+     Verifies that this Certificate was properly signed with the
+     PublicKey that corresponds to its private key. 
+
+     @param key PublicKey to verify with
+
+     @throws CertificateException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException no provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key)
+    throws CertificateException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Verifies that this Certificate was properly signed with the
+     PublicKey that corresponds to its private key and uses
+     the signature engine provided by the provider. 
+
+     @param key PublicKey to verify with
+     @param sigProvider Provider to use for signature algorithm
+
+     @throws CertificateException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException incorrect provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key,
+			      String sigProvider)
+    throws CertificateException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Returns a string representing the Certificate.
+
+     @return a string representing the Certificate.
+  */
+  public abstract String toString();
+
+
+  /**
+     Returns the public key stored in the Certificate.
+
+     @return The public key
+  */
+  public abstract PublicKey getPublicKey();
+
+  // Protected methods.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Returns a replacement for this certificate to be serialized. This
+   * method returns the equivalent to the following for this class:
+   *
+   * <blockquote>
+   * <pre>new CertificateRep(getType(), getEncoded());</pre>
+   * </blockquote>
+   *
+   * <p>This thusly replaces the certificate with its name and its
+   * encoded form, which can be deserialized later with the {@link
+   * CertificateFactory} implementation for this certificate's type.
+   *
+   * @return The replacement object to be serialized.
+   * @throws ObjectStreamException If the replacement could not be
+   * created.
+   */
+  protected Object writeReplace() throws ObjectStreamException
+  {
+    try
+      {
+        return new CertificateRep(getType(), getEncoded());
+      }
+    catch (CertificateEncodingException cee)
+      {
+        throw new InvalidObjectException(cee.toString());
+      }
+  }
+
+  // Inner class.
+  // ------------------------------------------------------------------------
+
+  /**
+     Certificate.CertificateRep is an inner class used to provide an alternate
+     storage mechanism for serialized Certificates.
+  */
+  protected static class CertificateRep implements java.io.Serializable
+  {
+
+    /** From JDK1.4. */
+    private static final long serialVersionUID = -8563758940495660020L;
+  
+    /** The certificate type, e.g. "X.509". */
+    private String type;
 
-	if( obj instanceof Certificate )
-	{
-	    Certificate cert = (Certificate)obj;
-
-	    try
-	    {
-		byte objEncoding[] = cert.getEncoded();
-		byte myEncoding[] = this.getEncoded();
-		
-		if( (objEncoding != null) &&
-		    (myEncoding != null) &&
-		    (objEncoding.length == myEncoding.length) )
-		{
-		    int lpc;
-
-		    retval = true;
-		    for( lpc = 0; (lpc < objEncoding.length) && retval; lpc++ )
-		    {
-			if( objEncoding[lpc] != myEncoding[lpc] )
-			    retval = false;
-		    }
-		}
-	    }
-	    catch(CertificateEncodingException e)
-	    {
-	    }
-	}
-	return retval;
-    }
+    /** The encoded certificate data. */
+    private byte[] data;
 
-    public int hashCode()
+    /**
+     * Create an alternative representation of this certificate. The
+     * <code>(type, data)</code> pair is typically the certificate's
+     * type as returned by {@link Certificate#getType()} (i.e. the
+     * canonical name of the certificate type) and the encoded form as
+     * returned by {@link Certificate#getEncoded()}.
+     *
+     * <p>For example, X.509 certificates would create an instance of
+     * this class with the parameters "X.509" and the ASN.1
+     * representation of the certificate, encoded as DER bytes.
+     *
+     * @param type The certificate type.
+     * @param data The encoded certificate data.
+     */
+    protected CertificateRep(String type, byte[] data)
     {
-	int retval = 0;
-	
-	try
-	{
-	    byte enc[] = this.getEncoded();
-	    
-	    if( enc != null )
-	    {
-		switch( enc.length )
-		{
-		case 1:
-		    retval = enc[0];
-		    break;
-		case 2:
-		    retval = ((enc[0] << 8) |
-			      (enc[1]));
-		    break;
-		case 3:
-		    retval = ((enc[0] << 16) |
-			      (enc[1] <<  8) |
-			      (enc[2]));
-		    break;
-		default:
-		    retval = ((enc[0] << 24) |
-			      (enc[1] << 16) |
-			      (enc[2] <<  8) |
-			      (enc[3]));
-		    break;
-		}
-	    }
-	}
-	catch(CertificateEncodingException e)
-	{
-	}
-	return retval;
+      this.type = type;
+      this.data = data;
     }
 
-    public abstract String toString();
-
-    public abstract void verify(PublicKey key)
-	throws CertificateException,
-	       NoSuchAlgorithmException,
-	       InvalidKeyException,
-	       NoSuchProviderException,
-	       SignatureException;
-
-    public abstract void verify(PublicKey key, String sigProvider)
-	throws CertificateException,
-	       NoSuchAlgorithmException,
-	       InvalidKeyException,
-	       NoSuchProviderException,
-	       SignatureException;
-
-    protected Object writeReplace()
-	throws ObjectStreamException
+    /**
+     * Deserialize this certificate replacement into the appropriate
+     * certificate object. That is, this method attempts to create a
+     * {@link CertificateFactory} for this certificate's type, then
+     * attempts to parse the encoded data with that factory, returning
+     * the resulting certificate.
+     *
+     * @return The deserialized certificate.
+     * @throws ObjectStreamException If there is no appropriate
+     * certificate factory for the given type, or if the encoded form
+     * cannot be parsed.
+     */
+    protected Object readResolve() throws ObjectStreamException
     {
-	try
-	{
-	    return new CertificateRep(this.type, this.getEncoded());
-	}
-	catch(CertificateEncodingException e)
-	{
-	    return null;
-	}
+      try
+        {
+          CertificateFactory fact = CertificateFactory.getInstance(type);
+          return fact.generateCertificate(new ByteArrayInputStream(data));
+        }
+      catch (Exception e)
+        {
+          throw new InvalidObjectException(e.toString());
+        }
     }
+  }
 }
Index: kaffe/libraries/javalib/java/security/cert/CertificateFactory.java
diff -u kaffe/libraries/javalib/java/security/cert/CertificateFactory.java:1.3 kaffe/libraries/javalib/java/security/cert/CertificateFactory.java:1.4
--- kaffe/libraries/javalib/java/security/cert/CertificateFactory.java:1.3	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertificateFactory.java	Mon Mar 22 18:14:27 2004
@@ -38,16 +38,18 @@
 
 package java.security.cert;
 
-import gnu.java.security.Engine;
-
-import java.io.InputStream;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.Provider;
 import java.security.Security;
+
+import java.io.InputStream;
+
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
+
+import gnu.java.security.Engine;
 
 /**
  * This class implements the CertificateFactory class interface used to
Index: kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java
diff -u kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.3 kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.4
--- kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.3	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java	Mon Mar 22 18:14:27 2004
@@ -39,6 +39,7 @@
 package java.security.cert;
 
 import java.io.InputStream;
+
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
Index: kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java
diff -u kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.2 kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.3
--- kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java	Mon Mar 22 18:14:27 2004
@@ -41,6 +41,7 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+
 import java.util.Set;
 
 /**
Index: kaffe/libraries/javalib/java/security/cert/PKIXParameters.java
diff -u kaffe/libraries/javalib/java/security/cert/PKIXParameters.java:1.2 kaffe/libraries/javalib/java/security/cert/PKIXParameters.java:1.3
--- kaffe/libraries/javalib/java/security/cert/PKIXParameters.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/PKIXParameters.java	Mon Mar 22 18:14:27 2004
@@ -41,6 +41,7 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+
 import java.util.Collections;
 import java.util.Date;
 import java.util.Enumeration;
Index: kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java
diff -u kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.2 kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.3
--- kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java	Mon Mar 22 18:14:27 2004
@@ -38,13 +38,17 @@
 
 package java.security.cert;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
 import gnu.java.io.ASN1ParsingException;
 import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DEREncodingException;
 import gnu.java.security.der.DERReader;
 import gnu.java.security.der.DERValue;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
+import gnu.java.security.der.DERWriter;
 
 /**
  * The PolicyQualifierInfo X.509 certificate extension.
Index: kaffe/libraries/javalib/java/security/cert/TrustAnchor.java
diff -u kaffe/libraries/javalib/java/security/cert/TrustAnchor.java:1.2 kaffe/libraries/javalib/java/security/cert/TrustAnchor.java:1.3
--- kaffe/libraries/javalib/java/security/cert/TrustAnchor.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/TrustAnchor.java	Mon Mar 22 18:14:27 2004
@@ -38,9 +38,12 @@
 
 package java.security.cert;
 
-import gnu.java.security.x509.X500DistinguishedName;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
 
 import java.security.PublicKey;
+
+import gnu.java.security.x509.X500DistinguishedName;
 
 /**
  * An ultimately-trusted certificate to serve as the root of a
Index: kaffe/libraries/javalib/java/security/cert/X509CRL.java
diff -u kaffe/libraries/javalib/java/security/cert/X509CRL.java:1.2 kaffe/libraries/javalib/java/security/cert/X509CRL.java:1.3
--- kaffe/libraries/javalib/java/security/cert/X509CRL.java:1.2	Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/X509CRL.java	Mon Mar 22 18:14:27 2004
@@ -1,149 +1,396 @@
-/*
- * X509CRL.java
- *
- * Copyright (c) 2001 University of Utah and the Flux Group.
- * All rights reserved.
- *
- * This file is licensed under the terms of the GNU Public License.
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * Contributed by the Flux Research Group, Department of Computer Science,
- * University of Utah, http://www.cs.utah.edu/flux/
- */
+/* X509CRL.java --- X.509 Certificate Revocation List
+   Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
 
-package java.security.cert;
 
+package java.security.cert;
 import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.Principal;
 import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
 import java.security.SignatureException;
 import java.util.Date;
 import java.util.Set;
 
-public abstract class X509CRL
-    extends CRL
-    implements X509Extension
+import javax.security.auth.x500.X500Principal;
+
+/**
+   The X509CRL class is the abstract class used to manage
+   X.509 Certificate Revocation Lists. The CRL is a list of
+   time stamped entries which indicate which lists have been
+   revoked. The list is signed by a Certificate Authority (CA)
+   and made publically available in a repository.
+   
+   Each revoked certificate in the CRL is identified by its 
+   certificate serial number. When a piece of code uses a 
+   certificate, the certificates validity is checked by 
+   validating its signature and determing that it is not
+   only a recently acquired CRL. The recently aquired CRL
+   is depends on the local policy in affect. The CA issues
+   a new CRL periodically and entries are removed as the 
+   certificate expiration date is reached
+   
+   
+   A description of the X.509 v2 CRL follows below from rfc2459.
+   
+   "The X.509 v2 CRL syntax is as follows.  For signature calculation,
+   the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
+   encoding is a tag, length, value encoding system for each element.
+   
+	   CertificateList  ::=  SEQUENCE  {
+        	tbsCertList          TBSCertList,
+	        signatureAlgorithm   AlgorithmIdentifier,
+        	signatureValue       BIT STRING  }
+	
+	   TBSCertList  ::=  SEQUENCE  {
+        	version                 Version OPTIONAL,
+                                     -- if present, shall be v2
+	        signature               AlgorithmIdentifier,
+        	issuer                  Name,
+	        thisUpdate              Time,
+	        nextUpdate              Time OPTIONAL,
+	        revokedCertificates     SEQUENCE OF SEQUENCE  {
+	             userCertificate         CertificateSerialNumber,
+	             revocationDate          Time,
+	             crlEntryExtensions      Extensions OPTIONAL
+	                                           -- if present, shall be v2
+	                                  }  OPTIONAL,
+	        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+	                                           -- if present, shall be v2
+	                                  }"
+
+	@author Mark Benvenuto
+
+	@since JDK 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
 {
-    protected X509CRL()
-    {
-	super("X.509");
-    }
-    
-    public abstract byte[] getEncoded()
-	throws CRLException;
-    
-    public abstract void verify(PublicKey key)
-	throws CRLException,
-	       NoSuchAlgorithmException,
-	       InvalidKeyException,
-	       NoSuchProviderException,
-	       SignatureException;
-
-    public abstract void verify(PublicKey key,
-				String sigProvider)
-	throws CRLException,
-	       NoSuchAlgorithmException,
-	       InvalidKeyException,
-	       NoSuchProviderException,
-	       SignatureException;
-
-    public abstract int getVersion();
-
-    public abstract Principal getIssuerDN();
-
-    public abstract Date getThisUpdate();
-
-    public abstract Date getNextUpdate();
-
-    public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumbe);
-
-    public abstract Set getRevokedCertificates();
-
-    public abstract byte[] getTBSCertList()
-	throws CRLException;
-
-    public abstract byte[] getSignature();
-
-    public abstract String getSigAlgName();
-
-    public abstract String getSigAlgOID();
-
-    public abstract byte[] getSigAlgParams();

*** Patch too long, truncated ***