004-11-15 Andreas Tobler <a.tobler@schweiz.ch>

Import/Merge the X.509 certificate code from Classpath.

	* Makefile.am: Add imported files.
	* Makefile.in: Regenerate.

	2004-11-07  Casey Marshall  <csm@gnu.org>

	* gnu/java/security/provider/Gnu.java(<init>): Add entries in a
	priviliged action. Add new algorithms.
	* gnu/java/security/provider/X509CertificateFactory.java
	(engineGenerateCertificate): Chain exceptions.
	(engineGenerateCertificates): Likewise.
	(engineGenerateCRL): Likewise.
	(engineGenerateCRLs): Likewise.
	(engineGenerateCertPath): New methods.
	(generateCert): Throw exception if 'inStream' is null.
	(generateCRL): Likewise.
	* gnu/java/security/x509/X500DistinguishedName.java: Replaced with
	version from GNU Crypto CVS.
	* gnu/java/security/x509/X509CRL.java: Likewise.
	* gnu/java/security/x509/X509CRLEntry.java: Likewise.
	* gnu/java/security/x509/X509Certificate.java: Likewise.
	* java/security/cert/TrustAnchor.java: Call 'toString' and not
	toRFC2253.
	* gnu/java/security/provider/CollectionCertStoreImpl.java,
	* gnu/java/security/provider/EncodedKeyFactory.java,
	* gnu/java/security/provider/GnuDHPublicKey.java,
	* gnu/java/security/provider/GnuRSAPrivateKey.java,
	* gnu/java/security/provider/GnuRSAPublicKey.java,
	* gnu/java/security/provider/MD2withRSA.java,
	* gnu/java/security/provider/MD4withRSA.java,
	* gnu/java/security/provider/MD5withRSA.java,
	* gnu/java/security/provider/PKIXCertPathValidatorImpl.java,
	* gnu/java/security/provider/RSA.java,
	* gnu/java/security/provider/RSAKeyFactory.java,
	* gnu/java/security/provider/SHA1withRSA.java,
	* gnu/java/security/x509/GnuPKIExtension.java,
	* gnu/java/security/x509/PolicyNodeImpl.java,
	* gnu/java/security/x509/Util.java,
	* gnu/java/security/x509/X509CRLSelectorImpl.java,
	* gnu/java/security/x509/X509CertPath.java,
	* gnu/java/security/x509/X509CertSelectorImpl.java,
	* gnu/java/security/x509/ext/AuthorityKeyIdentifier.java,
	* gnu/java/security/x509/ext/BasicConstraints.java,
	* gnu/java/security/x509/ext/CRLNumber.java,
	* gnu/java/security/x509/ext/CertificatePolicies.java,
	* gnu/java/security/x509/ext/ExtendedKeyUsage.java,
	* gnu/java/security/x509/ext/Extension.java,
	* gnu/java/security/x509/ext/GeneralNames.java,
	* gnu/java/security/x509/ext/IssuerAlternativeNames.java,
	* gnu/java/security/x509/ext/KeyUsage.java,
	* gnu/java/security/x509/ext/PolicyConstraint.java,
	* gnu/java/security/x509/ext/PolicyMappings.java,
	* gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java,
	* gnu/java/security/x509/ext/ReasonCode.java,
	* gnu/java/security/x509/ext/SubjectAlternativeNames.java,
	* gnu/java/security/x509/ext/SubjectKeyIdentifier.java: New files.

	2004-11-07  Casey Marshall  <csm@gnu.org>

	* gnu/java/security/x509/X509CRL.java:
	Missed import statements in previous checkin.

	2004-11-07  Casey Marshall  <csm@gnu.org>

	* gnu/java/security/x509/X509CertPath.java (parse): Fixed reference
	to 'X509CertificateImpl' from previous checkin.

From-SVN: r90682
This commit is contained in:
Andreas Tobler
2004-11-15 21:02:08 +01:00
parent fcb94d103b
commit 507148866c
43 changed files with 6698 additions and 1138 deletions
@@ -1,5 +1,5 @@
/* X509CRLEntry.java -- entry in a X.509 CRL.
Copyright (C) 2003 Free Software Foundation, Inc.
/* X509CRLEntry.java -- an entry in a X.509 CRL.
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
@@ -45,17 +45,17 @@ import java.math.BigInteger;
import java.security.cert.CRLException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import gnu.java.io.ASN1ParsingException;
import gnu.java.security.OID;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import gnu.java.security.der.DERWriter;
import gnu.java.security.der.*;
import gnu.java.security.x509.ext.*;
/**
* A single entry in a X.509 certificate revocation list.
@@ -64,11 +64,22 @@ import gnu.java.security.der.DERWriter;
* @author Casey Marshall
*/
class X509CRLEntry extends java.security.cert.X509CRLEntry
implements GnuPKIExtension
{
// Constants and fields.
// ------------------------------------------------------------------------
private static final boolean DEBUG = false;
private static void debug(String msg)
{
if (DEBUG)
{
System.err.print(">> X509CRLEntry: ");
System.err.println(msg);
}
}
/** The DER encoded form of this CRL entry. */
private byte[] encoded;
@@ -78,15 +89,9 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
/** The date the certificate was revoked. */
private Date revocationDate;
/** The encoded extensions. */
/** The CRL entry extensions. */
private HashMap extensions;
/** The set of critical extension OIDs. */
private HashSet critOids;
/** the set of non-critical extension OIDs. */
private HashSet nonCritOids;
// Constructor.
// ------------------------------------------------------------------------
@@ -99,13 +104,11 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
* @throws CRLException If the ASN.1 structure is invalid.
* @throws IOException If the bytes cannot be read.
*/
X509CRLEntry(int version, InputStream encoded)
X509CRLEntry(int version, DERReader encoded)
throws CRLException, IOException
{
super();
extensions = new HashMap();
critOids = new HashSet();
nonCritOids = new HashSet();
try
{
parse(version, encoded);
@@ -125,8 +128,10 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
public boolean equals(Object o)
{
return ((X509CRLEntry) o).serialNo.equals(serialNo) &&
((X509CRLEntry) o).revocationDate.equals(revocationDate);
if (!(o instanceof X509CRLEntry))
return false;
return ((X509CRLEntry) o).getSerialNumber().equals(serialNo) &&
((X509CRLEntry) o).getRevocationDate().equals(revocationDate);
}
public int hashCode()
@@ -157,79 +162,119 @@ class X509CRLEntry extends java.security.cert.X509CRLEntry
public String toString()
{
return "X509CRLEntry serial=" + serialNo + " revocation date="
+ revocationDate + " critExt=" + critOids + " ext=" + nonCritOids;
+ revocationDate + " ext=" + extensions;
}
// X509Extension methods.
// ------------------------------------------------------------------------
// -------------------------------------------------------------------------
public boolean hasUnsupportedCriticalExtension()
{
return false; // XXX
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
{
Extension e = (Extension) it.next();
if (e.isCritical() && !e.isSupported())
return true;
}
return false;
}
public Set getCriticalExtensionOIDs()
{
return Collections.unmodifiableSet(critOids);
HashSet s = new HashSet();
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
{
Extension e = (Extension) it.next();
if (e.isCritical())
s.add(e.getOid().toString());
}
return Collections.unmodifiableSet(s);
}
public Set getNonCriticalExtensionOIDs()
{
return Collections.unmodifiableSet(nonCritOids);
HashSet s = new HashSet();
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
{
Extension e = (Extension) it.next();
if (!e.isCritical())
s.add(e.getOid().toString());
}
return Collections.unmodifiableSet(s);
}
public byte[] getExtensionValue(String oid)
{
byte[] ext = (byte[]) extensions.get(oid);
if (ext != null)
return (byte[]) ext.clone();
Extension e = getExtension(new OID(oid));
if (e != null)
{
return e.getValue().getEncoded();
}
return null;
}
// Own methods.
// ------------------------------------------------------------------------
// GnuPKIExtension method.
// -------------------------------------------------------------------------
private void parse(int version, InputStream in) throws Exception
public Extension getExtension(OID oid)
{
DERReader der = new DERReader(in);
return (Extension) extensions.get(oid);
}
public Collection getExtensions()
{
return extensions.values();
}
// Own methods.
// -------------------------------------------------------------------------
private void parse(int version, DERReader der) throws Exception
{
// RevokedCertificate ::= SEQUENCE {
DERValue entry = der.read();
debug("start CRL entry len == " + entry.getLength());
if (!entry.isConstructed())
throw new ASN1ParsingException("malformed revokedCertificate");
throw new IOException("malformed revokedCertificate");
encoded = entry.getEncoded();
int len = 0;
debug("encoded entry:\n" + Util.hexDump(encoded, ">>>> "));
// userCertificate CertificateSerialNumber,
DERValue val = der.read();
serialNo = (BigInteger) val.getValue();
len += DERWriter.definiteEncodingSize(val.getLength())
+ val.getLength() + 1;
len += val.getEncodedLength();
debug("userCertificate == " + serialNo + " current count == " + len);
// revocationDate Time,
val = der.read();
revocationDate = (Date) val.getValue();
len += DERWriter.definiteEncodingSize(val.getLength())
+ val.getLength() + 1;
len += val.getEncodedLength();
debug("revocationDate == " + revocationDate + " current count == " + len);
// crlEntryExtensions Extensions OPTIONAL
// -- if present MUST be v2
if (len < entry.getLength())
{
if (version < 2)
throw new ASN1ParsingException("extra data in CRL entry");
while (len < entry.getLength())
throw new IOException("extra data in CRL entry");
DERValue exts = der.read();
if (!exts.isConstructed())
throw new IOException("malformed Extensions");
debug("start Extensions len == " + exts.getLength());
len = 0;
while (len < exts.getLength())
{
val = der.read();
if (!val.isConstructed())
throw new ASN1ParsingException("malformed Extension");
OID extOid = (OID) der.read().getValue();
Boolean critical = Boolean.valueOf(false);
DERValue val2 = der.read();
if (val2.getValue() instanceof Boolean)
{
critical = (Boolean) val2.getValue();
val2 = der.read();
}
byte[] ext = (byte[]) val2.getValue();
extensions.put(extOid.toString(), ext);
if (critical.booleanValue())
critOids.add(extOid.toString());
else
nonCritOids.add(extOid.toString());
throw new IOException("malformed Extension");
debug("start Extension len == " + val.getLength());
Extension e = new Extension(val.getEncoded());
extensions.put(e.getOid(), e);
der.skip(val.getLength());
len += val.getEncodedLength();
debug("current count == " + len);
}
}
}