[kaffe] CVS kaffe (dalibor): Replaced java/security/cert/ with implementation from GNU Classpath
Kaffe CVS
Kaffe Mailing List <kaffe@kaffe.org>
Mon Mar 22 10:18:02 2004
PatchSet 4561
Date: 2004/03/22 18:14:24
Author: dalibor
Branch: HEAD
Tag: (none)
Log:
Replaced java/security/cert/ with implementation from GNU Classpath
2004-03-22 Dalibor Topic <robilad@kaffe.org>
* libraries/javalib/java/security/cert/CRL.java,
libraries/javalib/java/security/cert/CertPathBuilder.java,
libraries/javalib/java/security/cert/CertPathValidator.java,
libraries/javalib/java/security/cert/CertStore.java,
libraries/javalib/java/security/cert/Certificate.java,
libraries/javalib/java/security/cert/CertificateFactory.java,
libraries/javalib/java/security/cert/CertificateFactorySpi.java,
libraries/javalib/java/security/cert/PKIXBuilderParameters.java,
libraries/javalib/java/security/cert/PKIXParameters.java,
libraries/javalib/java/security/cert/PolicyQualifierInfo.java,
libraries/javalib/java/security/cert/TrustAnchor.java,
libraries/javalib/java/security/cert/X509CRL.java,
libraries/javalib/java/security/cert/X509CRLEntry.java,
libraries/javalib/java/security/cert/X509Certificate.java:
Replaced by implementation from GNU Classpath.
Members:
ChangeLog:1.2139->1.2140
libraries/javalib/java/security/cert/CRL.java:1.1->1.2
libraries/javalib/java/security/cert/CertPathBuilder.java:1.2->1.3
libraries/javalib/java/security/cert/CertPathValidator.java:1.2->1.3
libraries/javalib/java/security/cert/CertStore.java:1.3->1.4
libraries/javalib/java/security/cert/Certificate.java:1.2->1.3
libraries/javalib/java/security/cert/CertificateFactory.java:1.3->1.4
libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.3->1.4
libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.2->1.3
libraries/javalib/java/security/cert/PKIXParameters.java:1.2->1.3
libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.2->1.3
libraries/javalib/java/security/cert/TrustAnchor.java:1.2->1.3
libraries/javalib/java/security/cert/X509CRL.java:1.2->1.3
libraries/javalib/java/security/cert/X509CRLEntry.java:1.2->1.3
libraries/javalib/java/security/cert/X509Certificate.java:1.3->1.4
Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.2139 kaffe/ChangeLog:1.2140
--- kaffe/ChangeLog:1.2139 Mon Mar 22 17:00:54 2004
+++ kaffe/ChangeLog Mon Mar 22 18:14:24 2004
@@ -1,5 +1,23 @@
2004-03-22 Dalibor Topic <robilad@kaffe.org>
+ * libraries/javalib/java/security/cert/CRL.java,
+ libraries/javalib/java/security/cert/CertPathBuilder.java,
+ libraries/javalib/java/security/cert/CertPathValidator.java,
+ libraries/javalib/java/security/cert/CertStore.java,
+ libraries/javalib/java/security/cert/Certificate.java,
+ libraries/javalib/java/security/cert/CertificateFactory.java,
+ libraries/javalib/java/security/cert/CertificateFactorySpi.java,
+ libraries/javalib/java/security/cert/PKIXBuilderParameters.java,
+ libraries/javalib/java/security/cert/PKIXParameters.java,
+ libraries/javalib/java/security/cert/PolicyQualifierInfo.java,
+ libraries/javalib/java/security/cert/TrustAnchor.java,
+ libraries/javalib/java/security/cert/X509CRL.java,
+ libraries/javalib/java/security/cert/X509CRLEntry.java,
+ libraries/javalib/java/security/cert/X509Certificate.java:
+ Replaced by implementation from GNU Classpath.
+
+2004-03-22 Dalibor Topic <robilad@kaffe.org>
+
* libraries/javalib/java/security/spec/DSAParameterSpec.java,
libraries/javalib/java/security/spec/DSAPrivateKeySpec.java,
libraries/javalib/java/security/spec/DSAPublicKeySpec.java,
Index: kaffe/libraries/javalib/java/security/cert/CRL.java
diff -u kaffe/libraries/javalib/java/security/cert/CRL.java:1.1 kaffe/libraries/javalib/java/security/cert/CRL.java:1.2
--- kaffe/libraries/javalib/java/security/cert/CRL.java:1.1 Sun May 12 15:08:45 2002
+++ kaffe/libraries/javalib/java/security/cert/CRL.java Mon Mar 22 18:14:27 2004
@@ -1,36 +1,98 @@
-/*
- * CRL.java
- *
- * Copyright (c) 2001 University of Utah and the Flux Group.
- * All rights reserved.
- *
- * This file is licensed under the terms of the GNU Public License.
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * Contributed by the Flux Research Group, Department of Computer Science,
- * University of Utah, http://www.cs.utah.edu/flux/
- */
+/* CRL.java --- Certificate Revocation List
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
package java.security.cert;
+/**
+ Certificate Revocation List class for managing CRLs that
+ have different formats but the same general use. They
+ all serve as lists of revoked certificates and can
+ be queried for a given certificate.
+
+ Specialized CRLs extend this class.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
public abstract class CRL
{
- private String type;
-
- protected CRL(String type)
- {
- this.type = type;
- }
-
- public String getType()
- {
- return this.type;
- }
-
- public abstract String toString();
+ private String type;
+
+ /**
+ Creates a new CRL for the specified type. An example
+ is "X.509".
+
+ @param type the standard name for the CRL type.
+ */
+ protected CRL(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ Returns the CRL type.
+
+ @return a string representing the CRL type
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Returns a string representing the CRL.
+
+ @return a string representing the CRL.
+ */
+ public abstract String toString();
+
+ /**
+ Determines whether or not the specified Certificate
+ is revoked.
+
+ @param cert A certificate to check if it is revoked
+
+ @return true if the certificate is revoked,
+ false otherwise.
+ */
+ public abstract boolean isRevoked(Certificate cert);
+
- public abstract boolean isRevoked(Certificate cert);
-
}
Index: kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java
diff -u kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java:1.2 kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java:1.3
--- kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertPathBuilder.java Mon Mar 22 18:14:27 2004
@@ -38,13 +38,13 @@
package java.security.cert;
-import gnu.java.security.Engine;
-
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
+
+import gnu.java.security.Engine;
/**
* This class builds certificate paths (also called certificate chains),
Index: kaffe/libraries/javalib/java/security/cert/CertPathValidator.java
diff -u kaffe/libraries/javalib/java/security/cert/CertPathValidator.java:1.2 kaffe/libraries/javalib/java/security/cert/CertPathValidator.java:1.3
--- kaffe/libraries/javalib/java/security/cert/CertPathValidator.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertPathValidator.java Mon Mar 22 18:14:27 2004
@@ -38,8 +38,6 @@
package java.security.cert;
-import gnu.java.security.Engine;
-
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
@@ -47,6 +45,8 @@
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
+
+import gnu.java.security.Engine;
/**
* Generic interface to classes that validate certificate paths.
Index: kaffe/libraries/javalib/java/security/cert/CertStore.java
diff -u kaffe/libraries/javalib/java/security/cert/CertStore.java:1.3 kaffe/libraries/javalib/java/security/cert/CertStore.java:1.4
--- kaffe/libraries/javalib/java/security/cert/CertStore.java:1.3 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertStore.java Mon Mar 22 18:14:27 2004
@@ -38,15 +38,16 @@
package java.security.cert;
-import gnu.java.security.Engine;
-
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
+
import java.util.Collection;
+
+import gnu.java.security.Engine;
/**
* A CertStore is a read-only repository for certificates and
Index: kaffe/libraries/javalib/java/security/cert/Certificate.java
diff -u kaffe/libraries/javalib/java/security/cert/Certificate.java:1.2 kaffe/libraries/javalib/java/security/cert/Certificate.java:1.3
--- kaffe/libraries/javalib/java/security/cert/Certificate.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/Certificate.java Mon Mar 22 18:14:27 2004
@@ -1,164 +1,307 @@
-/*
- * Certificate.java
- *
- * Copyright (c) 2001 University of Utah and the Flux Group.
- * All rights reserved.
- *
- * This file is licensed under the terms of the GNU Public License.
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * Contributed by the Flux Research Group, Department of Computer Science,
- * University of Utah, http://www.cs.utah.edu/flux/
- */
+/* Certificate.java --- Certificate class
+ Copyright (C) 1999,2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
package java.security.cert;
-import java.io.ObjectStreamException;
-import java.io.Serializable;
-import java.security.InvalidKeyException;
+import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;
-import java.security.PublicKey;
import java.security.SignatureException;
+import java.io.ObjectInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.InvalidObjectException;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
-public abstract class Certificate
- implements Serializable
+/**
+ * The Certificate class is an abstract class used to manage
+ * identity certificates. An identity certificate is a
+ * combination of a principal and a public key which is
+ * certified by another principal. This is the puprose of
+ * Certificate Authorities (CA).
+ *
+ * <p>This class is used to manage different types of certificates
+ * but have important common puposes. Different types of
+ * certificates like X.509 and OpenPGP share general certificate
+ * functions (like encoding and verifying) and information like
+ * public keys.
+ *
+ * <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this
+ * class even though they differ in storage methods and information
+ * stored.
+ *
+ * @see CertificateFactory
+ * @see X509Certificate
+ * @since JDK 1.2
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ */
+public abstract class Certificate implements Serializable
{
- protected static class CertificateRep
- implements Serializable
- {
- private String type;
- private byte data[];
+ private static final long serialVersionUID = -6751606818319535583L;
- protected CertificateRep(String type, byte data[])
- {
- this.type = type;
- this.data = data;
- }
-
- protected Object readResolve()
- throws ObjectStreamException
- {
- return null; // XXX
- }
- }
-
- private String type;
+ private String type;
- protected Certificate(String type)
- {
- this.type = type;
+ /**
+ Constructs a new certificate of the specified type. An example
+ is "X.509".
+
+ @param type a valid standard name for a certificate.
+ */
+ protected Certificate(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ Returns the Certificate type.
+
+ @return a string representing the Certificate type
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Compares this Certificate to other. It checks if the
+ object if instanceOf Certificate and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof Certificate ) {
+ try {
+ Certificate x = (Certificate) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte b1[] = getEncoded();
+ byte b2[] = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CertificateEncodingException cee ) {
+ return false;
+ }
+ return true;
}
+ return false;
+ }
- public abstract byte[] getEncoded() throws CertificateEncodingException;
-
- public abstract PublicKey getPublicKey();
-
- public String getType()
- {
- return this.type;
- }
-
- public boolean equals(Object obj)
- {
- boolean retval = false;
+ /**
+ Returns a hash code for this Certificate in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this Certificate.
+ It assumes each certificate has only one encoding format.
+ Ex: X.509 is encoded as ASN.1 DER
+
+ @return byte array containg encoded form
+
+ @throws CertificateEncodingException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Returns a string representing the Certificate.
+
+ @return a string representing the Certificate.
+ */
+ public abstract String toString();
+
+
+ /**
+ Returns the public key stored in the Certificate.
+
+ @return The public key
+ */
+ public abstract PublicKey getPublicKey();
+
+ // Protected methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns a replacement for this certificate to be serialized. This
+ * method returns the equivalent to the following for this class:
+ *
+ * <blockquote>
+ * <pre>new CertificateRep(getType(), getEncoded());</pre>
+ * </blockquote>
+ *
+ * <p>This thusly replaces the certificate with its name and its
+ * encoded form, which can be deserialized later with the {@link
+ * CertificateFactory} implementation for this certificate's type.
+ *
+ * @return The replacement object to be serialized.
+ * @throws ObjectStreamException If the replacement could not be
+ * created.
+ */
+ protected Object writeReplace() throws ObjectStreamException
+ {
+ try
+ {
+ return new CertificateRep(getType(), getEncoded());
+ }
+ catch (CertificateEncodingException cee)
+ {
+ throw new InvalidObjectException(cee.toString());
+ }
+ }
+
+ // Inner class.
+ // ------------------------------------------------------------------------
+
+ /**
+ Certificate.CertificateRep is an inner class used to provide an alternate
+ storage mechanism for serialized Certificates.
+ */
+ protected static class CertificateRep implements java.io.Serializable
+ {
+
+ /** From JDK1.4. */
+ private static final long serialVersionUID = -8563758940495660020L;
+
+ /** The certificate type, e.g. "X.509". */
+ private String type;
- if( obj instanceof Certificate )
- {
- Certificate cert = (Certificate)obj;
-
- try
- {
- byte objEncoding[] = cert.getEncoded();
- byte myEncoding[] = this.getEncoded();
-
- if( (objEncoding != null) &&
- (myEncoding != null) &&
- (objEncoding.length == myEncoding.length) )
- {
- int lpc;
-
- retval = true;
- for( lpc = 0; (lpc < objEncoding.length) && retval; lpc++ )
- {
- if( objEncoding[lpc] != myEncoding[lpc] )
- retval = false;
- }
- }
- }
- catch(CertificateEncodingException e)
- {
- }
- }
- return retval;
- }
+ /** The encoded certificate data. */
+ private byte[] data;
- public int hashCode()
+ /**
+ * Create an alternative representation of this certificate. The
+ * <code>(type, data)</code> pair is typically the certificate's
+ * type as returned by {@link Certificate#getType()} (i.e. the
+ * canonical name of the certificate type) and the encoded form as
+ * returned by {@link Certificate#getEncoded()}.
+ *
+ * <p>For example, X.509 certificates would create an instance of
+ * this class with the parameters "X.509" and the ASN.1
+ * representation of the certificate, encoded as DER bytes.
+ *
+ * @param type The certificate type.
+ * @param data The encoded certificate data.
+ */
+ protected CertificateRep(String type, byte[] data)
{
- int retval = 0;
-
- try
- {
- byte enc[] = this.getEncoded();
-
- if( enc != null )
- {
- switch( enc.length )
- {
- case 1:
- retval = enc[0];
- break;
- case 2:
- retval = ((enc[0] << 8) |
- (enc[1]));
- break;
- case 3:
- retval = ((enc[0] << 16) |
- (enc[1] << 8) |
- (enc[2]));
- break;
- default:
- retval = ((enc[0] << 24) |
- (enc[1] << 16) |
- (enc[2] << 8) |
- (enc[3]));
- break;
- }
- }
- }
- catch(CertificateEncodingException e)
- {
- }
- return retval;
+ this.type = type;
+ this.data = data;
}
- public abstract String toString();
-
- public abstract void verify(PublicKey key)
- throws CertificateException,
- NoSuchAlgorithmException,
- InvalidKeyException,
- NoSuchProviderException,
- SignatureException;
-
- public abstract void verify(PublicKey key, String sigProvider)
- throws CertificateException,
- NoSuchAlgorithmException,
- InvalidKeyException,
- NoSuchProviderException,
- SignatureException;
-
- protected Object writeReplace()
- throws ObjectStreamException
+ /**
+ * Deserialize this certificate replacement into the appropriate
+ * certificate object. That is, this method attempts to create a
+ * {@link CertificateFactory} for this certificate's type, then
+ * attempts to parse the encoded data with that factory, returning
+ * the resulting certificate.
+ *
+ * @return The deserialized certificate.
+ * @throws ObjectStreamException If there is no appropriate
+ * certificate factory for the given type, or if the encoded form
+ * cannot be parsed.
+ */
+ protected Object readResolve() throws ObjectStreamException
{
- try
- {
- return new CertificateRep(this.type, this.getEncoded());
- }
- catch(CertificateEncodingException e)
- {
- return null;
- }
+ try
+ {
+ CertificateFactory fact = CertificateFactory.getInstance(type);
+ return fact.generateCertificate(new ByteArrayInputStream(data));
+ }
+ catch (Exception e)
+ {
+ throw new InvalidObjectException(e.toString());
+ }
}
+ }
}
Index: kaffe/libraries/javalib/java/security/cert/CertificateFactory.java
diff -u kaffe/libraries/javalib/java/security/cert/CertificateFactory.java:1.3 kaffe/libraries/javalib/java/security/cert/CertificateFactory.java:1.4
--- kaffe/libraries/javalib/java/security/cert/CertificateFactory.java:1.3 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertificateFactory.java Mon Mar 22 18:14:27 2004
@@ -38,16 +38,18 @@
package java.security.cert;
-import gnu.java.security.Engine;
-
-import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
+
+import java.io.InputStream;
+
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
+
+import gnu.java.security.Engine;
/**
* This class implements the CertificateFactory class interface used to
Index: kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java
diff -u kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.3 kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.4
--- kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java:1.3 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/CertificateFactorySpi.java Mon Mar 22 18:14:27 2004
@@ -39,6 +39,7 @@
package java.security.cert;
import java.io.InputStream;
+
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
Index: kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java
diff -u kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.2 kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.3
--- kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/PKIXBuilderParameters.java Mon Mar 22 18:14:27 2004
@@ -41,6 +41,7 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
+
import java.util.Set;
/**
Index: kaffe/libraries/javalib/java/security/cert/PKIXParameters.java
diff -u kaffe/libraries/javalib/java/security/cert/PKIXParameters.java:1.2 kaffe/libraries/javalib/java/security/cert/PKIXParameters.java:1.3
--- kaffe/libraries/javalib/java/security/cert/PKIXParameters.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/PKIXParameters.java Mon Mar 22 18:14:27 2004
@@ -41,6 +41,7 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
+
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
Index: kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java
diff -u kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.2 kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.3
--- kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/PolicyQualifierInfo.java Mon Mar 22 18:14:27 2004
@@ -38,13 +38,17 @@
package java.security.cert;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DEREncodingException;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
+import gnu.java.security.der.DERWriter;
/**
* The PolicyQualifierInfo X.509 certificate extension.
Index: kaffe/libraries/javalib/java/security/cert/TrustAnchor.java
diff -u kaffe/libraries/javalib/java/security/cert/TrustAnchor.java:1.2 kaffe/libraries/javalib/java/security/cert/TrustAnchor.java:1.3
--- kaffe/libraries/javalib/java/security/cert/TrustAnchor.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/TrustAnchor.java Mon Mar 22 18:14:27 2004
@@ -38,9 +38,12 @@
package java.security.cert;
-import gnu.java.security.x509.X500DistinguishedName;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.security.PublicKey;
+
+import gnu.java.security.x509.X500DistinguishedName;
/**
* An ultimately-trusted certificate to serve as the root of a
Index: kaffe/libraries/javalib/java/security/cert/X509CRL.java
diff -u kaffe/libraries/javalib/java/security/cert/X509CRL.java:1.2 kaffe/libraries/javalib/java/security/cert/X509CRL.java:1.3
--- kaffe/libraries/javalib/java/security/cert/X509CRL.java:1.2 Mon Mar 22 11:25:00 2004
+++ kaffe/libraries/javalib/java/security/cert/X509CRL.java Mon Mar 22 18:14:27 2004
@@ -1,149 +1,396 @@
-/*
- * X509CRL.java
- *
- * Copyright (c) 2001 University of Utah and the Flux Group.
- * All rights reserved.
- *
- * This file is licensed under the terms of the GNU Public License.
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * Contributed by the Flux Research Group, Department of Computer Science,
- * University of Utah, http://www.cs.utah.edu/flux/
- */
+/* X509CRL.java --- X.509 Certificate Revocation List
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
-package java.security.cert;
+package java.security.cert;
import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.util.Date;
import java.util.Set;
-public abstract class X509CRL
- extends CRL
- implements X509Extension
+import javax.security.auth.x500.X500Principal;
+
+/**
+ The X509CRL class is the abstract class used to manage
+ X.509 Certificate Revocation Lists. The CRL is a list of
+ time stamped entries which indicate which lists have been
+ revoked. The list is signed by a Certificate Authority (CA)
+ and made publically available in a repository.
+
+ Each revoked certificate in the CRL is identified by its
+ certificate serial number. When a piece of code uses a
+ certificate, the certificates validity is checked by
+ validating its signature and determing that it is not
+ only a recently acquired CRL. The recently aquired CRL
+ is depends on the local policy in affect. The CA issues
+ a new CRL periodically and entries are removed as the
+ certificate expiration date is reached
+
+
+ A description of the X.509 v2 CRL follows below from rfc2459.
+
+ "The X.509 v2 CRL syntax is as follows. For signature calculation,
+ the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
+ encoding is a tag, length, value encoding system for each element.
+
+ CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING }
+
+ TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, shall be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+ crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ -- if present, shall be v2
+ }"
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
{
- protected X509CRL()
- {
- super("X.509");
- }
-
- public abstract byte[] getEncoded()
- throws CRLException;
-
- public abstract void verify(PublicKey key)
- throws CRLException,
- NoSuchAlgorithmException,
- InvalidKeyException,
- NoSuchProviderException,
- SignatureException;
-
- public abstract void verify(PublicKey key,
- String sigProvider)
- throws CRLException,
- NoSuchAlgorithmException,
- InvalidKeyException,
- NoSuchProviderException,
- SignatureException;
-
- public abstract int getVersion();
-
- public abstract Principal getIssuerDN();
-
- public abstract Date getThisUpdate();
-
- public abstract Date getNextUpdate();
-
- public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumbe);
-
- public abstract Set getRevokedCertificates();
-
- public abstract byte[] getTBSCertList()
- throws CRLException;
-
- public abstract byte[] getSignature();
-
- public abstract String getSigAlgName();
-
- public abstract String getSigAlgOID();
-
- public abstract byte[] getSigAlgParams();
*** Patch too long, truncated ***