Imported GNU Classpath 0.90

Imported GNU Classpath 0.90
       * scripts/makemake.tcl: Set gnu/java/awt/peer/swing to ignore.
       * gnu/classpath/jdwp/VMFrame.java (SIZE): New constant.
       * java/lang/VMCompiler.java: Use gnu.java.security.hash.MD5.
       * java/lang/Math.java: New override file.
       * java/lang/Character.java: Merged from Classpath.
       (start, end): Now 'int's.
       (canonicalName): New field.
       (CANONICAL_NAME, NO_SPACES_NAME, CONSTANT_NAME): New constants.
       (UnicodeBlock): Added argument.
       (of): New overload.
       (forName): New method.
       Updated unicode blocks.
       (sets): Updated.
       * sources.am: Regenerated.
       * Makefile.in: Likewise.

From-SVN: r111942
This commit is contained in:
Mark Wielaard
2006-03-10 21:46:48 +00:00
parent 27079765d0
commit 8aa540d2f7
1367 changed files with 188789 additions and 22762 deletions
@@ -43,38 +43,15 @@ import gnu.java.security.Engine;
import java.security.spec.AlgorithmParameterSpec;
/**
* <p>The <code>AlgorithmParameterGenerator</code> class is used to generate a
* set of parameters to be used with a certain algorithm. Parameter generators
* are constructed using the <code>getInstance()</code> factory methods (static
* methods that return instances of a given class).</p>
*
* <p>The object that will generate the parameters can be initialized in two
* different ways: in an algorithm-independent manner, or in an
* algorithm-specific manner:</p>
*
* <ul>
* <li>The algorithm-independent approach uses the fact that all parameter
* generators share the concept of a <i>"size"</i> and a <i>source of
* randomness</i>. The measure of <i>size</i> is universally shared by all
* algorithm parameters, though it is interpreted differently for different
* algorithms. For example, in the case of parameters for the <i>DSA</i>
* algorithm, <i>"size"</i> corresponds to the size of the prime modulus (in
* bits). When using this approach, algorithm-specific parameter generation
* values - if any - default to some standard values, unless they can be
* derived from the specified size.</li>
* <li>The other approach initializes a parameter generator object using
* algorithm-specific semantics, which are represented by a set of
* algorithm-specific parameter generation values. To generate Diffie-Hellman
* system parameters, for example, the parameter generation values usually
* consist of the size of the prime modulus and the size of the random
* exponent, both specified in number of bits.</li>
* </ul>
*
* <code>AlgorithmParameterGenerator</code> is used to generate algorithm
* parameters for specified algorithms.
*
* <p>In case the client does not explicitly initialize the
* <code>AlgorithmParameterGenerator</code> (via a call to an <code>init()</code>
* method), each provider must supply (and document) a default initialization.
* For example, the <b>GNU</b> provider uses a default modulus prime size of
* <code>1024</code> bits for the generation of <i>DSA</i> parameters.
* <code>AlgorithmParameterGenerator</code> (via a call to an
* <code>init()</code> method), each provider must supply (and document) a
* default initialization. For example, the <b>GNU</b> provider uses a default
* modulus prime size of <code>1024</code> bits for the generation of <i>DSA</i>
* parameters.
*
* @author Mark Benvenuto
* @since 1.2
@@ -92,11 +69,14 @@ public class AlgorithmParameterGenerator
private String algorithm;
/**
* Creates an <code>AlgorithmParameterGenerator</code> object.
*
* @param paramGenSpi the delegate.
* @param provider the provider.
* @param algorithm the algorithm.
* Constructs a new instance of <code>AlgorithmParameterGenerator</code>.
*
* @param paramGenSpi
* the generator to use.
* @param provider
* the provider to use.
* @param algorithm
* the algorithm to use.
*/
protected AlgorithmParameterGenerator(AlgorithmParameterGeneratorSpi
paramGenSpi, Provider provider,
@@ -107,30 +87,21 @@ public class AlgorithmParameterGenerator
this.algorithm = algorithm;
}
/**
* Returns the standard name of the algorithm this parameter generator is
* associated with.
*
* @return the string name of the algorithm.
*/
/** @return the name of the algorithm. */
public final String getAlgorithm()
{
return algorithm;
}
/**
* Generates an <code>AlgorithmParameterGenerator</code> object that
* implements the specified digest algorithm. If the default provider package
* provides an implementation of the requested digest algorithm, an instance
* of <code>AlgorithmParameterGenerator</code> containing that implementation
* is returned. If the algorithm is not available in the default package,
* other packages are searched.
*
* @param algorithm the string name of the algorithm this parameter generator
* is associated with.
* @return the new <code>AlgorithmParameterGenerator</code> object.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* environment.
* Returns a new <code>AlgorithmParameterGenerator</code> instance which
* generates algorithm parameters for the specified algorithm.
*
* @param algorithm
* the name of algorithm to use.
* @return the new instance.
* @throws NoSuchAlgorithmException
* if <code>algorithm</code> is not implemented by any provider.
*/
public static AlgorithmParameterGenerator getInstance(String algorithm)
throws NoSuchAlgorithmException
@@ -150,20 +121,18 @@ public class AlgorithmParameterGenerator
}
/**
* Generates an <code>AlgorithmParameterGenerator</code> object for the
* requested algorithm, as supplied from the specified provider, if such a
* parameter generator is available from the provider.
*
* @param algorithm the string name of the algorithm.
* @param provider the string name of the provider.
* @return the new <code>AlgorithmParameterGenerator</code> object.
* @throws NoSuchAlgorithmException if the <code>algorithm</code> is not
* available from the <code>provider</code>.
* @throws NoSuchProviderException if the <code>provider</code> is not
* available in the environment.
* @throws IllegalArgumentException if the <code>provider</code> name is
* <code>null</code> or empty.
* @see Provider
* Returns a new <code>AlgorithmParameterGenerator</code> instance which
* generates algorithm parameters for the specified algorithm.
*
* @param algorithm
* the name of algorithm to use.
* @param provider
* the name of the {@link Provider} to use.
* @return the new instance.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the named provider.
* @throws NoSuchProviderException
* if the named provider was not found.
*/
public static AlgorithmParameterGenerator getInstance(String algorithm,
String provider)
@@ -180,17 +149,16 @@ public class AlgorithmParameterGenerator
}
/**
* Generates an AlgorithmParameterGenerator object for the requested
* algorithm, as supplied from the specified provider, if such a parameter
* generator is available from the provider. Note: the <code>provider</code>
* doesn't have to be registered.
*
* @param algorithm the string name of the algorithm.
* @param provider the provider.
* @return the new AlgorithmParameterGenerator object.
* @throws NoSuchAlgorithmException if the algorithm is not available from
* the provider.
* @throws IllegalArgumentException if the provider is null.
* Returns a new <code>AlgorithmParameterGenerator</code> instance which
* generates algorithm parameters for the specified algorithm.
*
* @param algorithm
* the name of algorithm to use.
* @param provider
* the {@link Provider} to use.
* @return the new instance.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by {@link Provider}.
* @since 1.4
* @see Provider
*/
@@ -218,24 +186,18 @@ public class AlgorithmParameterGenerator
}
}
/**
* Returns the provider of this algorithm parameter generator object.
*
* @return the provider of this algorithm parameter generator object.
*/
/** @return the {@link Provider} of this generator. */
public final Provider getProvider()
{
return provider;
}
/**
* Initializes this parameter generator for a certain <i>size</i>. To create
* the parameters, the {@link SecureRandom} implementation of the
* highest-priority installed provider is used as the source of randomness.
* (If none of the installed providers supply an implementation of
* {@link SecureRandom}, a system-provided source of randomness is used.)
*
* @param size the size (number of bits).
* Initializes this instance with the specified size. Since no source of
* randomness is supplied, a default one will be used.
*
* @param size
* size (in bits) to use.
*/
public final void init(int size)
{
@@ -243,11 +205,13 @@ public class AlgorithmParameterGenerator
}
/**
* Initializes this parameter generator for a certain size and source of
* Initializes this instance with the specified key-size and source of
* randomness.
*
* @param size the size (number of bits).
* @param random the source of randomness.
*
* @param size
* the size (in bits) to use.
* @param random
* the {@link SecureRandom} to use.
*/
public final void init(int size, SecureRandom random)
{
@@ -255,33 +219,30 @@ public class AlgorithmParameterGenerator
}
/**
* Initializes this parameter generator with a set of algorithm-specific
* parameter generation values. To generate the parameters, the {@link
* SecureRandom} implementation of the highest-priority installed provider is
* used as the source of randomness. (If none of the installed providers
* supply an implementation of {@link SecureRandom}, a system-provided source
* of randomness is used.)
*
* @param genParamSpec the set of algorithm-specific parameter generation
* values.
* @throws InvalidAlgorithmParameterException if the given parameter
* generation values are inappropriate for this parameter generator.
* Initializes this instance with the specified {@link AlgorithmParameterSpec}.
* Since no source of randomness is supplied, a default one will be used.
*
* @param genParamSpec
* the {@link AlgorithmParameterSpec} to use.
* @throws InvalidAlgorithmParameterException
* if <code>genParamSpec</code> is invalid.
*/
public final void init(AlgorithmParameterSpec genParamSpec)
throws InvalidAlgorithmParameterException
throws InvalidAlgorithmParameterException
{
init(genParamSpec, new SecureRandom());
}
/**
* Initializes this parameter generator with a set of algorithm-specific
* parameter generation values.
*
* @param genParamSpec the set of algorithm-specific parameter generation
* values.
* @param random the source of randomness.
* @throws InvalidAlgorithmParameterException if the given parameter
* generation values are inappropriate for this parameter generator.
* Initializes this instance with the specified {@link AlgorithmParameterSpec}
* and source of randomness.
*
* @param genParamSpec
* the {@link AlgorithmParameterSpec} to use.
* @param random
* the {@link SecureRandom} to use.
* @throws InvalidAlgorithmParameterException
* if <code>genParamSpec</code> is invalid.
*/
public final void init(AlgorithmParameterSpec genParamSpec,
SecureRandom random)
@@ -290,11 +251,7 @@ public class AlgorithmParameterGenerator
paramGenSpi.engineInit(genParamSpec, random);
}
/**
* Generates the parameters.
*
* @return the new {@link AlgorithmParameters} object.
*/
/** @return a new instance of {@link AlgorithmParameters}. */
public final AlgorithmParameters generateParameters()
{
return paramGenSpi.engineGenerateParameters();
@@ -45,36 +45,9 @@ import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
/**
* <p>This class is used as an opaque representation of cryptographic
* parameters.</p>
*
* <p>An <code>AlgorithmParameters</code> object for managing the parameters
* for a particular algorithm can be obtained by calling one of the
* <code>getInstance()</code> factory methods (static methods that return
* instances of a given class).</p>
*
* <p>There are two ways to request such an implementation: by specifying
* either just an algorithm name, or both an algorithm name and a package
* provider.</p>
*
* <ul>
* <li>If just an algorithm name is specified, the system will determine if
* there is an AlgorithmParameters implementation for the algorithm requested
* available in the environment, and if there is more than one, if there is
* a preferred one.</li>
* <li>If both an algorithm name and a package provider are specified, the
* system will determine if there is an implementation in the package
* requested, and throw an exception if there is not.</li>
* </ul>
*
* <p>Once an <code>AlgorithmParameters</code> object is returned, it must be
* initialized via a call to <code>init()</code>, using an appropriate
* parameter specification or parameter encoding.</p>
*
* <p>A transparent parameter specification is obtained from an
* <code>AlgorithmParameters</code> object via a call to
* <code>getParameterSpec()</code>, and a byte encoding of the parameters is
* obtained via a call to <code>getEncoded()</code>.</p>
* <code>AlgorithmParameters</code> is an Algorithm Parameters class which
* provides an interface through which the user can manage the parameters of an
* Algorithm.
*
* @author Mark Benvenuto
* @since 1.2
@@ -92,11 +65,14 @@ public class AlgorithmParameters
private String algorithm;
/**
* Creates an <code>AlgorithmParameters</code> object.
*
* @param paramSpi the delegate.
* @param provider the provider.
* @param algorithm the algorithm.
* Constructs a new instance of <code>AlgorithmParameters</code>.
*
* @param paramSpi
* the engine to use.
* @param provider
* the provider to use.
* @param algorithm
* the algorithm to use.
*/
protected AlgorithmParameters(AlgorithmParametersSpi paramSpi,
Provider provider, String algorithm)
@@ -106,32 +82,24 @@ public class AlgorithmParameters
this.algorithm = algorithm;
}
/**
* Returns the name of the algorithm associated with this parameter object.
*
* @return the algorithm name.
*/
/** @return A string with the name of the algorithm used. */
public final String getAlgorithm()
{
return algorithm;
}
/**
* <p>Generates a parameter object for the specified algorithm.</p>
*
* <p>If the default provider package provides an implementation of the
* requested algorithm, an instance of <code>AlgorithmParameters</code>
* containing that implementation is returned. If the algorithm is not
* available in the default package, other packages are searched.</p>
*
* <p>The returned parameter object must be initialized via a call to
* <code>init()</code>, using an appropriate parameter specification or
* parameter encoding.</p>
*
* @param algorithm the name of the algorithm requested.
* @return the new parameter object.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* environment.
* Returns a new instance of <code>AlgorithmParameters</code> representing
* the specified algorithm parameters.
*
* <p>The returned <code>AlgorithmParameters</code> must still be initialized
* with an <code>init()</code> method.</p>
*
* @param algorithm
* the algorithm to use.
* @return the new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by any provider.
*/
public static AlgorithmParameters getInstance(String algorithm)
throws NoSuchAlgorithmException
@@ -152,23 +120,24 @@ public class AlgorithmParameters
}
/**
* <p>Generates a parameter object for the specified algorithm, as supplied
* by the specified provider, if such an algorithm is available from the
* provider.</p>
*
* <p>The returned parameter object must be initialized via a call to
* <code>init()</code>, using an appropriate parameter specification or
* parameter encoding.</p>
*
* @param algorithm the name of the algorithm requested.
* @param provider the name of the provider.
* @return the new parameter object.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* package supplied by the requested provider.
* @throws NoSuchProviderException if the provider is not available in the
* environment.
* @throws IllegalArgumentException if the provider name is null or empty.
* @see Provider
* Returns a new instance of <code>AlgorithmParameters</code> representing
* the specified algorithm parameters from a named provider.
*
* <p>The returned <code>AlgorithmParameters</code> must still be intialized
* with an <code>init()</code> method.</p>
*
* @param algorithm
* the algorithm to use.
* @param provider
* the name of the {@link Provider} to use.
* @return the new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the named provider.
* @throws NoSuchProviderException
* if the named provider was not found.
* @throws IllegalArgumentException
* if <code>provider</code> is <code>null</code> or is an empty
* string.
*/
public static AlgorithmParameters getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
@@ -184,18 +153,21 @@ public class AlgorithmParameters
}
/**
* Generates an <code>AlgorithmParameterGenerator</code> object for the
* requested algorithm, as supplied from the specified provider, if such a
* parameter generator is available from the provider. Note: the
* <code>provider</code> doesn't have to be registered.
*
* @param algorithm the string name of the algorithm.
* @param provider the provider.
* @return the new <code>AlgorithmParameterGenerator</code> object.
* @throws NoSuchAlgorithmException if the <code>algorithm</code> is not
* available from the <code>provider</code>.
* @throws IllegalArgumentException if the <code>provider</code> is
* <code>null</code>.
* Returns a new instance of <code>AlgorithmParameters</code> representing
* the specified algorithm parameters from the specified {@link Provider}.
*
* <p>The returned <code>AlgorithmParameters</code> must still be intialized
* with an <code>init()</code> method.</p>
*
* @param algorithm
* the algorithm to use.
* @param provider
* the {@link Provider} to use.
* @return the new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the {@link Provider}.
* @throws IllegalArgumentException
* if <code>provider</code> is <code>null</code>.
* @since 1.4
*/
public static AlgorithmParameters getInstance(String algorithm,
@@ -221,24 +193,19 @@ public class AlgorithmParameters
}
}
/**
* Returns the provider of this parameter object.
*
* @return the provider of this parameter object.
*/
/** @return the provider of this parameter object. */
public final Provider getProvider()
{
return provider;
}
/**
* Initializes this parameter object using the parameters specified in
* <code>paramSpec</code>.
*
* @param paramSpec the parameter specification.
* @throws InvalidParameterSpecException if the given parameter specification
* is inappropriate for the initialization of this parameter object, or if
* this parameter object has already been initialized.
* Initializes the engine with the specified {@link AlgorithmParameterSpec}.
*
* @param paramSpec
* A {@link AlgorithmParameterSpec} to use.
* @throws InvalidParameterSpecException
* if <code>paramSpec</code> is invalid.
*/
public final void init(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException
@@ -247,13 +214,15 @@ public class AlgorithmParameters
}
/**
* Imports the specified parameters and decodes them according to the primary
* decoding format for parameters. The primary decoding format for parameters
* is ASN.1, if an ASN.1 specification for this type of parameters exists.
*
* @param params the encoded parameters.
* @throws IOException on decoding errors, or if this parameter object has
* already been initialized.
* Initializes the engine with the specified parameters stored in the byte
* array and decodes them according to the ASN.1 specification. If the ASN.1
* specification exists then it succeeds otherwise an {@link IOException} is
* thrown.
*
* @param params
* the parameters to use.
* @throws IOException
* if a decoding error occurs.
*/
public final void init(byte[]params) throws IOException
{
@@ -261,15 +230,18 @@ public class AlgorithmParameters
}
/**
* Imports the parameters from params and decodes them according to the
* specified decoding scheme. If <code>format</code> is <code>null</code>,
* the primary decoding format for parameters is used. The primary decoding
* format is ASN.1, if an ASN.1 specification for these parameters exists.
*
* @param params the encoded parameters.
* @param format the name of the decoding scheme.
* @throws IOException on decoding errors, or if this parameter object has
* already been initialized.
* Initializes the engine with the specified parameters stored in the byte
* array and decodes them according to the specified decoding specification.
* If <code>format</code> is <code>null</code>, then this method decodes the
* byte array using the ASN.1 specification if it exists, otherwise it throws
* an {@link IOException}.
*
* @param params
* the parameters to use.
* @param format
* the name of decoding format to use.
* @throws IOException
* if a decoding error occurs.
*/
public final void init(byte[]params, String format) throws IOException
{
@@ -277,19 +249,14 @@ public class AlgorithmParameters
}
/**
* Returns a (transparent) specification of this parameter object.
* <code>paramSpec</code> identifies the specification class in which the
* parameters should be returned. It could, for example, be
* <code>DSAParameterSpec.class</code>, to indicate that the parameters should
* be returned in an instance of the {@link java.security.spec.DSAParameterSpec}
* class.
*
* @param paramSpec the specification class in which the parameters should be
* returned.
* Returns a new instance of <code>AlgorithmParameters</code> as a
* designated parameter specification {@link Class}.
*
* @param paramSpec
* the {@link Class} to use.
* @return the parameter specification.
* @throws InvalidParameterSpecException if the requested parameter
* specification is inappropriate for this parameter object, or if this
* parameter object has not been initialized.
* @throws InvalidParameterSpecException
* if <code>paramSpec</code> is invalid.
*/
public final AlgorithmParameterSpec getParameterSpec(Class paramSpec)
throws InvalidParameterSpecException
@@ -298,13 +265,10 @@ public class AlgorithmParameters
}
/**
* Returns the parameters in their primary encoding format. The primary
* encoding format for parameters is ASN.1, if an ASN.1 specification for
* this type of parameters exists.
*
* @return the parameters encoded using their primary encoding format.
* @throws IOException on encoding errors, or if this parameter object has not
* been initialized.
* Returns the parameters in the default encoding format. The primary encoding
* format is ASN.1 if it exists for the specified type.
*
* @return byte array representing the parameters.
*/
public final byte[] getEncoded() throws IOException
{
@@ -312,15 +276,16 @@ public class AlgorithmParameters
}
/**
* Returns the parameters encoded in the specified scheme. If format is
* <code>null</code>, the primary encoding format for parameters is used. The
* primary encoding format is ASN.1, if an ASN.1 specification for these
* parameters exists.
*
* @param format the name of the encoding format.
* Returns the parameters in the specified encoding format. If
* <code>format</code> is <code>null</code> then the ASN.1 encoding
* format is used if it exists for the specified type.
*
* @param format
* the name of the encoding format to use.
* @return the parameters encoded using the specified encoding scheme.
* @throws IOException on encoding errors, or if this parameter object has
* not been initialized.
* @throws IOException
* if an encoding exception occurs, or if this parameter object has
* not been initialized.
*/
public final byte[] getEncoded(String format) throws IOException
{
@@ -328,10 +293,9 @@ public class AlgorithmParameters
}
/**
* Returns a formatted string describing the parameters.
*
* @return a formatted string describing the parameters, or <code>null</code>
* if this parameter object has not been initialized.
* Returns a string representation of the encoded form.
*
* @return a string representation of the encoded form.
*/
public final String toString()
{
@@ -1,5 +1,5 @@
/* DigestException.java -- A generic message digest exception
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -67,4 +67,26 @@ public class DigestException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public DigestException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public DigestException(Throwable cause)
{
super(cause);
}
}
@@ -1,5 +1,5 @@
/* GeneralSecurityException.java -- Common superclass of security exceptions
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -72,4 +72,26 @@ public class GeneralSecurityException extends Exception
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public GeneralSecurityException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public GeneralSecurityException(Throwable cause)
{
super(cause);
}
}
+101 -162
View File
@@ -41,31 +41,27 @@ import java.io.Serializable;
import java.util.Vector;
/**
* <p>This class represents identities: real-world objects such as people,
* companies or organizations whose identities can be authenticated using their
* public keys. Identities may also be more abstract (or concrete) constructs,
* such as daemon threads or smart cards.</p>
*
* <p>All Identity objects have a <i>name</i> and a <i>public key</i>. Names
* are immutable. <i>Identities</i> may also be <b>scoped</b>. That is, if an
* <i>Identity</i> is specified to have a particular <i>scope</i>, then the
* <i>name</i> and <i>public key</i> of the <i>Identity</i> are unique within
* that <i>scope</i>.</p>
*
* <p>An <i>Identity</i> also has a <i>set of certificates</i> (all certifying
* its own <i>public key</i>). The <i>Principal</i> names specified in these
* certificates need not be the same, only the key.</p>
*
* <p>An <i>Identity</i> can be subclassed, to include postal and email
* addresses, telephone numbers, images of faces and logos, and so on.</p>
* The <code>Identity</code> class is used to represent people and companies
* that can be authenticated using public key encryption. The identities can
* also be abstract objects such as smart cards.
*
* <p><code>Identity</code> objects store a name and public key for each
* identity. The names cannot be changed and the identities can be scoped. Each
* identity (name and public key) within a scope are unique to that scope.</p>
*
* <p>Each identity has a set of ceritificates which all specify the same
* public key, but not necessarily the same name.</p>
*
* <p>The <code>Identity</code> class can be subclassed to allow additional
* information to be attached to it.</p>
*
* @author Mark Benvenuto
* @see IdentityScope
* @see Signer
* @see Principal
* @deprecated This class is no longer used. Its functionality has been replaced
* by <code>java.security.KeyStore</code>, the <code>java.security.cert</code>
* package, and <code>java.security.Principal</code>.
* @deprecated Replaced by <code>java.security.KeyStore</code>, the
* <code>java.security.cert</code> package, and
* <code>java.security.Principal</code>.
*/
public abstract class Identity implements Principal, Serializable
{
@@ -83,12 +79,15 @@ public abstract class Identity implements Principal, Serializable
}
/**
* Constructs an identity with the specified name and scope.
*
* @param name the identity name.
* @param scope the scope of the identity.
* @throws KeyManagementException if there is already an identity with the
* same name in the scope.
* Constructs a new instance of <code>Identity</code> with the specified
* name and scope.
*
* @param name
* the name to use.
* @param scope
* the scope to use.
* @throws KeyManagementException
* if the identity is already present.
*/
public Identity(String name, IdentityScope scope)
throws KeyManagementException
@@ -98,9 +97,11 @@ public abstract class Identity implements Principal, Serializable
}
/**
* Constructs an identity with the specified name and no scope.
*
* @param name the identity name.
* Constructs a new instance of <code>Identity</code> with the specified
* name and no scope.
*
* @param name
* the name to use.
*/
public Identity(String name)
{
@@ -108,30 +109,20 @@ public abstract class Identity implements Principal, Serializable
this.scope = null;
}
/**
* Returns this identity's name.
*
* @return the name of this identity.
*/
/** @return the name of this identity. */
public final String getName()
{
return name;
}
/**
* Returns this identity's scope.
*
* @return the scope of this identity.
*/
/** @return the scope of this identity. */
public final IdentityScope getScope()
{
return scope;
}
/**
* Returns this identity's public key.
*
* @return the public key for this identity.
* @return the public key of this identity.
* @see #setPublicKey(java.security.PublicKey)
*/
public PublicKey getPublicKey()
@@ -140,21 +131,17 @@ public abstract class Identity implements Principal, Serializable
}
/**
* <p>Sets this identity's public key. The old key and all of this identity's
* certificates are removed by this operation.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"setIdentityPublicKey"</code> as its
* argument to see if it's ok to set the public key.</p>
*
* @param key the public key for this identity.
* @throws KeyManagementException if another identity in the identity's scope
* has the same public key, or if another exception occurs.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow setting the public
* key.
* @see #getPublicKey()
* @see SecurityManager#checkSecurityAccess(String)
* Sets the public key for this identity. The old key and all certificates
* are removed.
*
* @param key
* the public key to use.
* @throws KeyManagementException
* if this public key is used by another identity in the current
* scope.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public void setPublicKey(PublicKey key) throws KeyManagementException
{
@@ -166,18 +153,13 @@ public abstract class Identity implements Principal, Serializable
}
/**
* <p>Specifies a general information string for this identity.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"setIdentityInfo"</code> as its
* argument to see if it's ok to specify the information string.</p>
*
* @param info the information string.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow setting the
* information string.
* @see #getInfo()
* @see SecurityManager#checkSecurityAccess(String)
* Sets the general information string.
*
* @param info
* the general information string.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public void setInfo(String info)
{
@@ -189,9 +171,7 @@ public abstract class Identity implements Principal, Serializable
}
/**
* Returns general information previously specified for this identity.
*
* @return general information about this identity.
* @return the general information string of this identity.
* @see #setInfo(String)
*/
public String getInfo()
@@ -200,23 +180,17 @@ public abstract class Identity implements Principal, Serializable
}
/**
* <p>Adds a certificate for this identity. If the identity has a public key,
* the public key in the certificate must be the same, and if the identity
* does not have a public key, the identity's public key is set to be that
* specified in the certificate.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"addIdentityCertificate"</code> as its
* argument to see if it's ok to add a certificate.</p>
*
* @param certificate the certificate to be added.
* @throws KeyManagementException if the certificate is not valid, if the
* public key in the certificate being added conflicts with this identity's
* public key, or if another exception occurs.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow adding a
* certificate.
* @see SecurityManager#checkSecurityAccess(String)
* Adds a certificate to the list of ceritificates for this identity. The
* public key in this certificate must match the existing public key if it
* exists.
*
* @param certificate
* the certificate to add.
* @throws KeyManagementException
* if the certificate is invalid, or the public key conflicts.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public void addCertificate(Certificate certificate)
throws KeyManagementException
@@ -235,19 +209,15 @@ public abstract class Identity implements Principal, Serializable
}
/**
* <p>Removes a certificate from this identity.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"removeIdentityCertificate"</code> as
* its argument to see if it's ok to remove a certificate.</p>
*
* @param certificate the certificate to be removed.
* @throws KeyManagementException if the certificate is missing, or if
* another exception occurs.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow removing a
* certificate.
* @see SecurityManager#checkSecurityAccess(String)
* Removes a certificate from the list of ceritificates for this identity.
*
* @param certificate
* the certificate to remove.
* @throws KeyManagementException
* if the certificate is invalid.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public void removeCertificate(Certificate certificate)
throws KeyManagementException
@@ -262,11 +232,7 @@ public abstract class Identity implements Principal, Serializable
certificates.removeElement(certificate);
}
/**
* Returns a copy of all the certificates for this identity.
*
* @return a copy of all the certificates for this identity.
*/
/** @return an array of {@link Certificate}s for this identity. */
public Certificate[] certificates()
{
Certificate[] certs = new Certificate[certificates.size()];
@@ -278,17 +244,13 @@ public abstract class Identity implements Principal, Serializable
}
/**
* Tests for equality between the specified object and this identity. This
* first tests to see if the entities actually refer to the same object, in
* which case it returns <code>true</code>. Next, it checks to see if the
* entities have the same <i>name</i> and the same <i>scope</i>. If they do,
* the method returns <code>true</code>. Otherwise, it calls
* <code>identityEquals()</code>, which subclasses should override.
*
* @param identity the object to test for equality with this identity.
* @return <code>true</code> if the objects are considered equal, <code>false
* </code>otherwise.
* @see #identityEquals(Identity)
* Checks for equality between this Identity and a specified object. It first
* checks if they are the same object, then if the name and scope match and
* returns <code>true</code> if successful. If these tests fail, the
* {@link #identityEquals(Identity)} method is called.
*
* @return <code>true</code> if they are equal, <code>false</code>
* otherwise.
*/
public final boolean equals(Object identity)
{
@@ -307,15 +269,12 @@ public abstract class Identity implements Principal, Serializable
}
/**
* Tests for equality between the specified <code>identity</code> and this
* <i>identity</i>. This method should be overriden by subclasses to test for
* equality. The default behavior is to return <code>true</code> if the names
* and public keys are equal.
*
* @param identity the identity to test for equality with this identity.
* @return <code>true</code> if the identities are considered equal,
* <code>false</code> otherwise.
* @see #equals(Object)
* Checks for equality between this Identity and a specified object. A
* subclass should override this method. The default behavior is to return
* <code>true</code> if the public key and names match.
*
* @return <code>true</code> if they are equal, <code>false</code>
* otherwise.
*/
protected boolean identityEquals(Identity identity)
{
@@ -324,19 +283,12 @@ public abstract class Identity implements Principal, Serializable
}
/**
* <p>Returns a short string describing this identity, telling its name and
* its scope (if any).</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"printIdentity"</code> as its argument
* to see if it's ok to return the string.</p>
*
* @return information about this identity, such as its name and the name of
* its scope (if any).
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow returning a string
* describing this identity.
* @see SecurityManager#checkSecurityAccess(String)
* Returns a string representation of this Identity.
*
* @return a string representation of this Identity.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public String toString()
{
@@ -349,23 +301,14 @@ public abstract class Identity implements Principal, Serializable
}
/**
* <p>Returns a string representation of this identity, with optionally more
* details than that provided by the <code>toString()</code> method without
* any arguments.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"printIdentity"</code> as its argument
* to see if it's ok to return the string.</p>
*
* @param detailed whether or not to provide detailed information.
* @return information about this identity. If detailed is <code>true</code>,
* then this method returns more information than that provided by the
* <code>toString()</code> method without any arguments.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow returning a string
* describing this identity.
* @see #toString()
* @see SecurityManager#checkSecurityAccess(String)
* Returns a detailed string representation of this Identity.
*
* @param detailed
* indicates whether or detailed information is desired.
* @return a string representation of this Identity.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public String toString(boolean detailed)
{
@@ -385,11 +328,7 @@ public abstract class Identity implements Principal, Serializable
}
}
/**
* Returns a hashcode for this identity.
*
* @return a hashcode for this identity.
*/
/** @return a hashcode of this identity. */
public int hashCode()
{
int ret = name.hashCode();
@@ -40,52 +40,42 @@ package java.security;
import java.util.Enumeration;
/**
* <p>This class represents a scope for identities. It is an Identity itself,
* and therefore has a name and can have a scope. It can also optionally have a
* public key and associated certificates.</p>
*
* <p>An <code>IdentityScope</code> can contain {@link Identity} objects of all
* kinds, including {@link Signer}s. All types of <code>Identity</code> objects
* can be retrieved, added, and removed using the same methods. Note that it is
* possible, and in fact expected, that different types of identity scopes will
* apply different policies for their various operations on the various types of
* <code>IdentityScope</code> represents a scope of an identity.
* <code>IdentityScope</code> is also an {@link Identity} and can have a name
* and scope along with the other qualitites identities possess.
*
* <p>An <code>IdentityScope</code> contains other {@link Identity} objects.
* All {@link Identity} objects are manipulated in the scope the same way. The
* scope is supposed to apply different scope to different type of
* Identities.</p>
*
* <p>There is a one-to-one mapping between keys and identities, and there can
* only be one copy of one key per scope. For example, suppose Acme Software,
* Inc is a software publisher known to a user. Suppose it is an <i>Identity</i>,
* that is, it has a public key, and a set of associated certificates. It is
* named in the scope using the name "Acme Software". No other named <i>Identity
* </i> in the scope has the same public key. Of course, none has the same name
* as well.</p>
*
*
* <p>No identity within the same scope can have the same public key.</p>
*
* @author Mark Benvenuto
* @see Identity
* @see Signer
* @see Principal
* @see Key
* @deprecated This class is no longer used. Its functionality has been replaced
* by <code>java.security.KeyStore</code>, the <code>java.security.cert</code>
* package, and <code>java.security.Principal</code>.
* @deprecated Use java.security.KeyStore, the java.security.cert package, and
* java.security.Principal.
*/
public abstract class IdentityScope extends Identity
{
private static final long serialVersionUID = -2337346281189773310L;
private static IdentityScope systemScope;
/**
* This constructor is used for serialization only and should not be used by
* subclasses.
*/
/** Constructor for serialization purposes. */
protected IdentityScope()
{
super();
}
/**
* Constructs a new identity scope with the specified name.
*
* @param name the scope name.
* Constructs a new instance of <code>IdentityScope</code> with the
* specified name and no scope.
*
* @param name
* the name to use.
*/
public IdentityScope(String name)
{
@@ -93,12 +83,15 @@ public abstract class IdentityScope extends Identity
}
/**
* Constructs a new identity scope with the specified name and scope.
*
* @param name the scope name.
* @param scope the scope for the new identity scope.
* @throws KeyManagementException if there is already an identity with the
* same name in the scope.
* Constructs a new instance of <code>IdentityScope</code> with the
* specified name and {@link IdentityScope}.
*
* @param name
* the name to use.
* @param scope
* the scope to use.
* @throws KeyManagementException
* if the identity scope is already present.
*/
public IdentityScope(String name, IdentityScope scope)
throws KeyManagementException
@@ -107,10 +100,9 @@ public abstract class IdentityScope extends Identity
}
/**
* Returns the system's identity scope.
*
* @return the system's identity scope.
* @see #setSystemScope(IdentityScope)
* Returns the system's Scope.
*
* @return the system's Scope.
*/
public static IdentityScope getSystemScope()
{
@@ -123,18 +115,13 @@ public abstract class IdentityScope extends Identity
}
/**
* Sets the system's identity scope.
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"setSystemScope"</code> as its argument
* to see if it's ok to set the identity scope.</p>
*
* @param scope the scope to set.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow setting the
* identity scope.
* @see #getSystemScope()
* @see SecurityManager#checkSecurityAccess(String)
* Sets the scope of the system.
*
* @param scope
* the new system scope.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
protected static void setSystemScope(IdentityScope scope)
{
@@ -146,29 +133,30 @@ public abstract class IdentityScope extends Identity
}
/**
* Returns the number of identities within this identity scope.
*
* @return the number of identities within this identity scope.
* Returns the number of entries within this <code>IdentityScope</code>.
*
* @return the number of entries within this <code>IdentityScope</code>.
*/
public abstract int size();
/**
* Returns the identity in this scope with the specified name (if any).
*
* @param name the name of the identity to be retrieved.
* @return the identity named name, or <code>null</code> if there are no
* identities named name in this scope.
* Returns the specified {@link Identity}, by name, within this scope.
*
* @param name
* name of {@link Identity} to get.
* @return an {@link Identity} representing the name or <code>null</code> if
* it cannot be found.
*/
public abstract Identity getIdentity(String name);
/**
* Retrieves the identity whose name is the same as that of the specified
* principal. (Note: <code>Identity</code> implements <code>Principal</code>.)
*
* @param principal the principal corresponding to the identity to be
* retrieved.
* @return the identity whose name is the same as that of the principal, or
* <code>null</code> if there are no identities of the same name in this scope.
* Returns the specified {@link Identity}, by {@link Principal}, within this
* scope.
*
* @param principal
* the {@link Principal} to use.
* @return an identity representing the {@link Principal} or <code>null</code>
* if it cannot be found.
*/
public Identity getIdentity(Principal principal)
{
@@ -176,48 +164,50 @@ public abstract class IdentityScope extends Identity
}
/**
* Retrieves the identity with the specified public key.
*
* @param key the public key for the identity to be returned.
* @return the identity with the given key, or <code>null</code> if there are
* no identities in this scope with that key.
* Returns the specified {@link Identity}, by public key, within this scope.
*
* @param key
* the {@link PublicKey} to use.
* @return an identity representing the public key or <code>null</code> if
* it cannot be found.
*/
public abstract Identity getIdentity(PublicKey key);
/**
* Adds an identity to this identity scope.
*
* @param identity the identity to be added.
* @throws KeyManagementException if the identity is not valid, a name
* conflict occurs, another identity has the same public key as the identity
* being added, or another exception occurs.
* Adds an identity to his scope.
*
* @param identity
* the {@link Identity} to add.
* @throws KeyManagementException
* if it is an invalid identity, an identity with the same key
* exists, or if another error occurs.
*/
public abstract void addIdentity(Identity identity)
throws KeyManagementException;
/**
* Removes an identity from this identity scope.
*
* @param identity the identity to be removed.
* @throws KeyManagementException if the identity is missing, or another
* exception occurs.
* Removes an identity in this scope.
*
* @param identity
* the {@link Identity} to remove.
* @throws KeyManagementException
* if it is a missing identity, or if another error occurs.
*/
public abstract void removeIdentity(Identity identity)
throws KeyManagementException;
/**
* Returns an enumeration of all identities in this identity scope.
*
* @return an enumeration of all identities in this identity scope.
* Returns an {@link Enumeration} of identities in this scope.
*
* @return an {@link Enumeration} of the identities in this scope.
*/
public abstract Enumeration identities();
/**
* Returns a string representation of this identity scope, including its name,
* its scope name, and the number of identities in this identity scope.
*
* @return a string representation of this identity scope.
* @see SecurityManager#checkSecurityAccess(String)
* Returns a string representing this instance. It includes the name, the
* scope name, and number of identities.
*
* @return a string representation of this instance.
*/
public String toString()
{
@@ -1,6 +1,6 @@
/* InvalidAlgorithmParameterException.java -- an invalid parameter to a
security algorithm
Copyright (C) 2000, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 2000, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -70,4 +70,26 @@ public class InvalidAlgorithmParameterException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public InvalidAlgorithmParameterException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public InvalidAlgorithmParameterException(Throwable cause)
{
super(cause);
}
}
@@ -1,5 +1,5 @@
/* InvalidKeyException -- thrown for an invalid key
Copyright (C) 2000, 2002 Free Software Foundation
Copyright (C) 2000, 2002, 2006 Free Software Foundation
This file is part of GNU Classpath.
@@ -66,4 +66,26 @@ public class InvalidKeyException extends KeyException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public InvalidKeyException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public InvalidKeyException(Throwable cause)
{
super(cause);
}
}
@@ -1,5 +1,5 @@
/* KeyException.java -- Thrown when there is a problem with a key
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -69,4 +69,26 @@ public class KeyException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public KeyException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public KeyException(Throwable cause)
{
super(cause);
}
}
+89 -115
View File
@@ -44,40 +44,18 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
/**
* <p>Key factories are used to convert keys (opaque cryptographic keys of type
* Key factories are used to convert keys (opaque cryptographic keys of type
* {@link Key}) into key specifications (transparent representations of the
* underlying key material), and vice versa.</p>
*
* <p>Key factories are bi-directional. That is, they allow you to build an
* opaque key object from a given key specification (key material), or to
* retrieve the underlying key material of a key object in a suitable format.</p>
*
* <p>Multiple compatible key specifications may exist for the same key. For
* example, a <i>DSA</i> public key may be specified using {@link
* java.security.spec.DSAPublicKeySpec} or {@link
* java.security.spec.X509EncodedKeySpec}. A key factory can be used to
* translate between compatible key specifications.</p>
*
* <p>The following is an example of how to use a key factory in order to
* instantiate a <i>DSA</i> public key from its encoding. Assume Alice has
* received a digital signature from Bob. Bob also sent her his public key (in
* encoded format) to verify his signature. Alice then performs the following
* actions:
*
* <pre>
* X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(bobEncodedPubKey);
* KeyFactory keyFactory = KeyFactory.getInstance("DSA");
* PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec);
* Signature sig = Signature.getInstance("DSA");
* sig.initVerify(bobPubKey);
* sig.update(data);
* sig.verify(signature);
* </pre>
* underlying key material).
*
* <p>Key factories are bi-directional. They allow a key class to be converted
* into a key specification (key material) and back again. For example DSA
* public keys can be specified as <code>DSAPublicKeySpec</code> or
* <code>X509EncodedKeySpec</code>. A key factory translates these key
* specifications.</p>
*
* @since 1.2
* @see Key
* @see PublicKey
* @see PrivateKey
* @see KeySpec
* @see java.security.spec.DSAPublicKeySpec
* @see java.security.spec.X509EncodedKeySpec
@@ -93,12 +71,15 @@ public class KeyFactory
private String algorithm;
/**
* Creates a <code>KeyFactory</code> object.
*
* @param keyFacSpi the delegate.
* @param provider the provider.
* @param algorithm the name of the algorithm to associate with this
* <code>KeyFactory</code>.
* Constructs a new instance of <code>KeyFactory</code> with the specified
* parameters.
*
* @param keyFacSpi
* the key factory to use.
* @param provider
* the provider to use.
* @param algorithm
* the name of the key algorithm to use.
*/
protected KeyFactory(KeyFactorySpi keyFacSpi, Provider provider,
String algorithm)
@@ -109,19 +90,14 @@ public class KeyFactory
}
/**
* Generates a <code>KeyFactory</code> object that implements the specified
* algorithm. If the default provider package provides an implementation of
* the requested algorithm, an instance of <code>KeyFactory</code> containing
* that implementation is returned. If the algorithm is not available in the
* default package, other packages are searched.
*
* @param algorithm the name of the requested key algorithm. See Appendix A
* in the Java Cryptography Architecture API Specification &amp; Reference
* for information about standard algorithm names.
* @return a <code>KeyFactory</code> object for the specified algorithm.
* @throws NoSuchAlgorithmException if the requested algorithm is not
* available in the default provider package or any of the other provider
* packages that were searched.
* Returns a new instance of <code>KeyFactory</code> representing the
* specified key factory.
*
* @param algorithm
* the name of algorithm to use.
* @return a new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by any provider.
*/
public static KeyFactory getInstance(String algorithm)
throws NoSuchAlgorithmException
@@ -141,19 +117,21 @@ public class KeyFactory
}
/**
* Generates a <code>KeyFactory</code> object for the specified algorithm
* from the specified provider.
*
* @param algorithm the name of the requested key algorithm. See Appendix A
* in the Java Cryptography Architecture API Specification &amp; Reference
* for information about standard algorithm names.
* @param provider the name of the provider.
* @return a <code>KeyFactory</code> object for the specified algorithm.
* @throws NoSuchAlgorithmException if the algorithm is not available from
* the specified provider.
* @throws NoSuchProviderException if the provider has not been configured.
* @throws IllegalArgumentException if the provider name is null or empty.
* @see Provider
* Returns a new instance of <code>KeyFactory</code> representing the
* specified key factory from the specified provider.
*
* @param algorithm
* the name of algorithm to use.
* @param provider
* the name of the provider to use.
* @return a new instance repesenting the desired algorithm.
* @throws IllegalArgumentException
* if <code>provider</code> is <code>null</code> or is an empty
* string.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the named provider.
* @throws NoSuchProviderException
* if the named provider was not found.
*/
public static KeyFactory getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
@@ -169,19 +147,18 @@ public class KeyFactory
}
/**
* Generates a <code>KeyFactory</code> object for the specified algorithm from
* the specified provider. Note: the <code>provider</code> doesn't have to be
* registered.
*
* @param algorithm the name of the requested key algorithm. See Appendix A
* in the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @param provider the provider.
* @return a <code>KeyFactory</code> object for the specified algorithm.
* @throws NoSuchAlgorithmException if the algorithm is not available from
* the specified provider.
* @throws IllegalArgumentException if the <code>provider</code> is
* <code>null</code>.
* Returns a new instance of <code>KeyFactory</code> representing the
* specified key factory from the designated {@link Provider}.
*
* @param algorithm
* the name of algorithm to use.
* @param provider
* the {@link Provider} to use.
* @return a new instance repesenting the desired algorithm.
* @throws IllegalArgumentException
* if <code>provider</code> is <code>null</code>.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by {@link Provider}.
* @since 1.4
* @see Provider
*/
@@ -208,9 +185,9 @@ public class KeyFactory
}
/**
* Returns the provider of this key factory object.
*
* @return the provider of this key factory object.
* Returns the {@link Provider} of this instance.
*
* @return the {@link Provider} of this instance.
*/
public final Provider getProvider()
{
@@ -218,10 +195,9 @@ public class KeyFactory
}
/**
* Gets the name of the algorithm associated with this <code>KeyFactory</code>.
*
* @return the name of the algorithm associated with this
* <code>KeyFactory</code>.
* Returns the name of the algorithm used.
*
* @return the name of the algorithm used.
*/
public final String getAlgorithm()
{
@@ -229,13 +205,13 @@ public class KeyFactory
}
/**
* Generates a public key object from the provided key specification (key
* material).
*
* @param keySpec the specification (key material) of the public key.
* Generates a public key from the provided key specification.
*
* @param keySpec
* the key specification.
* @return the public key.
* @throws InvalidKeySpecException if the given key specification is
* inappropriate for this key factory to produce a public key.
* @throws InvalidKeySpecException
* if the key specification is invalid.
*/
public final PublicKey generatePublic(KeySpec keySpec)
throws InvalidKeySpecException
@@ -244,13 +220,13 @@ public class KeyFactory
}
/**
* Generates a private key object from the provided key specification (key
* material).
*
* @param keySpec the specification (key material) of the private key.
* Generates a private key from the provided key specification.
*
* @param keySpec
* the key specification.
* @return the private key.
* @throws InvalidKeySpecException if the given key specification is
* inappropriate for this key factory to produce a private key.
* @throws InvalidKeySpecException
* if the key specification is invalid.
*/
public final PrivateKey generatePrivate(KeySpec keySpec)
throws InvalidKeySpecException
@@ -259,21 +235,18 @@ public class KeyFactory
}
/**
* Returns a specification (key material) of the given key object.
* <code>keySpec</code> identifies the specification class in which the key
* material should be returned. It could, for example, be
* <code>DSAPublicKeySpec.class</code>, to indicate that the key material
* should be returned in an instance of the {@link
* java.security.spec.DSAPublicKeySpec} class.
*
* @param key the key.
* @param keySpec the specification class in which the key material should be
* returned.
* @return the underlying key specification (key material) in an instance of
* the requested specification class.
* @throws InvalidKeySpecException if the requested key specification is
* inappropriate for the given key, or the given key cannot be processed
* (e.g., the given key has an unrecognized algorithm or format).
* Returns a key specification for the given key. <code>keySpec</code>
* identifies the specification class to return the key material in.
*
* @param key
* the key to use.
* @param keySpec
* the specification class to use.
* @return the key specification in an instance of the requested specification
* class.
* @throws InvalidKeySpecException
* the requested key specification is inappropriate for this key or
* the key is unrecognized.
*/
public final KeySpec getKeySpec(Key key, Class keySpec)
throws InvalidKeySpecException
@@ -282,13 +255,14 @@ public class KeyFactory
}
/**
* Translates a key object, whose provider may be unknown or potentially
* untrusted, into a corresponding key object of this key factory.
*
* @param key the key whose provider is unknown or untrusted.
* Translates the key from an unknown or untrusted provider into a key from
* this key factory.
*
* @param key
* the key to translate from.
* @return the translated key.
* @throws InvalidKeyException if the given key cannot be processed by this
* key factory.
* @throws InvalidKeyException
* if the key cannot be processed by this key factory.
*/
public final Key translateKey(Key key) throws InvalidKeyException
{
@@ -1,5 +1,5 @@
/* KeyManagementException.java -- an exception in key management
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -68,4 +68,26 @@ public class KeyManagementException extends KeyException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public KeyManagementException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public KeyManagementException(Throwable cause)
{
super(cause);
}
}
@@ -43,72 +43,14 @@ import gnu.java.security.Engine;
import java.security.spec.AlgorithmParameterSpec;
/**
* <p>The <code>KeyPairGenerator</code> class is used to generate pairs of
* public and private keys. Key pair generators are constructed using the
* <code>getInstance()</code> factory methods (static methods that return
* instances of a given class).</p>
* <code>KeyPairGenerator</code> is a class used to generate key-pairs for a
* security algorithm.
*
* <p>The <code>KeyPairGenerator</code> is created with the
* <code>getInstance()</code> Factory methods. It is used to generate a pair of
* public and private keys for a specific algorithm and associate this key-pair
* with the algorithm parameters it was initialized with.</p>
*
* <p>A Key pair generator for a particular algorithm creates a public/private
* key pair that can be used with this algorithm. It also associates
* algorithm-specific parameters with each of the generated keys.</p>
*
* <p>There are two ways to generate a key pair: in an algorithm-independent
* manner, and in an algorithm-specific manner. The only difference between the
* two is the initialization of the object:</p>
*
* <ul>
* <li><b>Algorithm-Independent Initialization</b><br/>
* All key pair generators share the concepts of a <i>keysize</i> and a
* <i>source of randomness</i>. The <i>keysize</i> is interpreted differently
* for different algorithms (e.g., in the case of the <i>DSA</i> algorithm,
* the <i>keysize</i> corresponds to the length of the modulus). There is an
* <code>initialize()</code> method in this <code>KeyPairGenerator</code>
* class that takes these two universally shared types of arguments. There
* is also one that takes just a <i>keysize</i> argument, and uses the
* {@link SecureRandom} implementation of the highest-priority installed
* provider as the <i>source of randomness</i>. (If none of the installed
* providers supply an implementation of {@link SecureRandom}, a
* system-provided source of randomness is used.)
*
* <p>Since no other parameters are specified when you call the above
* algorithm-independent initialize methods, it is up to the provider what
* to do about the algorithm-specific parameters (if any) to be associated
* with each of the keys.</p>
*
* <p>If the algorithm is the <i>DSA</i> algorithm, and the <i>keysize</i>
* (modulus size) is <code>512</code>, <code>768</code>, or <code>1024</code>,
* then the <b>GNU</b> provider uses a set of precomputed values for the
* <code>p</code>, <code>q</code>, and <code>g</code> parameters. If the
* <i>modulus size</i> is not one of the above values, the <b>GNU</b>
* provider creates a new set of parameters. Other providers might have
* precomputed parameter sets for more than just the three modulus sizes
* mentioned above. Still others might not have a list of precomputed
* parameters at all and instead always create new parameter sets.</p></li>
* <li><b>Algorithm-Specific Initialization</b><br/>
* For situations where a set of algorithm-specific parameters already
* exists (e.g., so-called <i>community parameters</i> in <i>DSA</i>), there
* are two initialize methods that have an {@link AlgorithmParameterSpec}
* argument. One also has a {@link SecureRandom} argument, while the the
* other uses the {@link SecureRandom} implementation of the highest-priority
* installed provider as the source of randomness. (If none of the installed
* providers supply an implementation of {@link SecureRandom}, a
* system-provided source of randomness is used.)</li>
* </ul>
*
* <p>In case the client does not explicitly initialize the
* <code>KeyPairGenerator</code> (via a call to an initialize method), each
* provider must supply (and document) a default initialization. For example,
* the <b>GNU</b> provider uses a default modulus size (keysize) of
* <code>1024</code> bits.</p>
*
* <p>Note that this class is abstract and extends from {@link
* KeyPairGeneratorSpi} for historical reasons. Application developers should
* only take notice of the methods defined in this <code>KeyPairGenerator</code>
* class; all the methods in the superclass are intended for cryptographic
* service providers who wish to supply their own implementations of key pair
* generators.</p>
*
* @see Signature
* @see KeyPair
* @see AlgorithmParameterSpec
* @author Mark Benvenuto
@@ -123,13 +65,10 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
private String algorithm;
/**
* Creates a <code>KeyPairGenerator</code> object for the specified
* algorithm.
*
* @param algorithm the standard string name of the algorithm.
* See Appendix A in the Java Cryptography Architecture API
* Specification &amp; Reference for information about standard
* algorithm names.
* Constructs a new instance of <code>KeyPairGenerator</code>.
*
* @param algorithm
* the algorithm to use.
*/
protected KeyPairGenerator(String algorithm)
{
@@ -138,11 +77,9 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* Returns the standard name of the algorithm for this key pair generator.
* See Appendix A in the Java Cryptography Architecture API Specification
* &amp; Reference for information about standard algorithm names.
*
* @return the standard string name of the algorithm.
* Returns the name of the algorithm used.
*
* @return the name of the algorithm used.
*/
public String getAlgorithm()
{
@@ -150,19 +87,14 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* Generates a <code>KeyPairGenerator</code> object that implements the
* specified digest algorithm. If the default provider package provides an
* implementation of the requested digest algorithm, an instance of
* <code>KeyPairGenerator</code> containing that implementation is returned.
* If the algorithm is not available in the default package, other packages
* are searched.
*
* @param algorithm the standard string name of the algorithm. See Appendix A
* in the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @return the new <code>KeyPairGenerator</code> object.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* environment.
* Returns a new instance of <code>KeyPairGenerator</code> which generates
* key-pairs for the specified algorithm.
*
* @param algorithm
* the name of the algorithm to use.
* @return a new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by any provider.
*/
public static KeyPairGenerator getInstance(String algorithm)
throws NoSuchAlgorithmException
@@ -184,22 +116,18 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* Generates a <code>KeyPairGenerator</code> object implementing the
* specified algorithm, as supplied from the specified provider, if
* such an algorithm is available from the provider.
*
* @param algorithm the standard string name of the algorithm. See
* Appendix A in the Java Cryptography Architecture API Specification
* &amp; Reference for information about standard algorithm names.
* @param provider the string name of the provider.
* @return the new <code>KeyPairGenerator</code> object.
* @throws NoSuchAlgorithmException if the algorithm is not available
* from the provider.
* @throws NoSuchProviderException if the provider is not available in the
* environment.
* @throws IllegalArgumentException if the provider name is <code>null</code>
* or empty.
* @see Provider
* Returns a new instance of <code>KeyPairGenerator</code> which generates
* key-pairs for the specified algorithm from a named provider.
*
* @param algorithm
* the name of the algorithm to use.
* @param provider
* the name of a {@link Provider} to use.
* @return a new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the named provider.
* @throws NoSuchProviderException
* if the named provider was not found.
*/
public static KeyPairGenerator getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
@@ -212,20 +140,18 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* Generates a <code>KeyPairGenerator</code> object implementing the specified
* algorithm, as supplied from the specified provider, if such an algorithm is
* available from the provider. Note: the provider doesn't have to be
* registered.
*
* @param algorithm the standard string name of the algorithm. See Appendix A
* in the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @param provider the provider.
* @return the new <code>KeyPairGenerator</code> object.
* @throws NoSuchAlgorithmException if the <code>algorithm</code> is not
* available from the <code>provider</code>.
* @throws IllegalArgumentException if the <code>provider</code> is
* <code>null</code>.
* Returns a new instance of <code>KeyPairGenerator</code> which generates
* key-pairs for the specified algorithm from a designated {@link Provider}.
*
* @param algorithm
* the name of the algorithm to use.
* @param provider
* the {@link Provider} to use.
* @return a new insatnce repesenting the desired algorithm.
* @throws IllegalArgumentException
* if <code>provider</code> is <code>null</code>.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the {@link Provider}.
* @since 1.4
* @see Provider
*/
@@ -247,23 +173,22 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
KeyPairGenerator result = null;
if (o instanceof KeyPairGeneratorSpi)
{
result = new DummyKeyPairGenerator((KeyPairGeneratorSpi) o, algorithm);
}
else if (o instanceof KeyPairGenerator)
if (o instanceof KeyPairGenerator)
{
result = (KeyPairGenerator) o;
result.algorithm = algorithm;
}
else if (o instanceof KeyPairGeneratorSpi)
result = new DummyKeyPairGenerator((KeyPairGeneratorSpi) o, algorithm);
result.provider = provider;
return result;
}
/**
* Returns the provider of this key pair generator object.
*
* @return the provider of this key pair generator object.
* Returns the {@link Provider} of this instance.
*
* @return the {@link Provider} of this instance.
*/
public final Provider getProvider()
{
@@ -271,16 +196,11 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* Initializes the key pair generator for a certain keysize using a default
* parameter set and the {@link SecureRandom} implementation of the
* highest-priority installed provider as the source of randomness. (If none
* of the installed providers supply an implementation of {@link SecureRandom},
* a system-provided source of randomness is used.)
*
* @param keysize the keysize. This is an algorithm-specific metric, such as
* modulus length, specified in number of bits.
* @throws InvalidParameterException if the keysize is not supported by this
* <code>KeyPairGenerator</code> object.
* Initializes this instance for the specified key size. Since no source of
* randomness is specified, a default one will be used.
*
* @param keysize
* the size of keys to use.
*/
public void initialize(int keysize)
{
@@ -288,14 +208,13 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* Initializes the key pair generator for a certain keysize with the given
* source of randomness (and a default parameter set).
*
* @param keysize the keysize. This is an algorithm-specific metric, such as
* modulus length, specified in number of bits.
* @param random the source of randomness.
* @throws InvalidParameterException if the <code>keysize</code> is not
* supported by this <code>KeyPairGenerator</code> object.
* Initializes this instance for the specified key size and
* {@link SecureRandom}.
*
* @param keysize
* the size of keys to use.
* @param random
* the {@link SecureRandom} to use.
* @since 1.2
*/
public void initialize(int keysize, SecureRandom random)
@@ -303,24 +222,14 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* <p>Initializes the key pair generator using the specified parameter set and
* the {@link SecureRandom} implementation of the highest-priority installed
* provider as the source of randomness. (If none of the installed providers
* supply an implementation of {@link SecureRandom}, a system-provided source
* of randomness is used.)</p>
*
* <p>This concrete method has been added to this previously-defined abstract
* class. This method calls the
* {@link KeyPairGeneratorSpi#initialize(AlgorithmParameterSpec, SecureRandom)}
* initialize method, passing it <code>params</code> and a source of
* randomness (obtained from the highest-priority installed provider or
* system-provided if none of the installed providers supply one). That
* initialize method always throws an {@link UnsupportedOperationException}
* if it is not overridden by the provider.</p>
*
* @param params the parameter set used to generate the keys.
* @throws InvalidAlgorithmParameterException if the given parameters are
* inappropriate for this key pair generator.
* Initializes this instance with the specified
* {@link AlgorithmParameterSpec}. Since no source of randomness is specified,
* a default one will be used.
*
* @param params
* the {@link AlgorithmParameterSpec} to use.
* @throws InvalidAlgorithmParameterException
* if the designated specifications are invalid.
* @since 1.2
*/
public void initialize(AlgorithmParameterSpec params)
@@ -330,20 +239,15 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* <p>Initializes the key pair generator with the given parameter set and
* source of randomness.</p>
*
* <p>This concrete method has been added to this previously-defined abstract
* class. This method calls the
* {@link KeyPairGeneratorSpi#initialize(AlgorithmParameterSpec, SecureRandom)}
* initialize method, passing it <code>params</code> and <code>random</code>.
* That initialize method always throws an {@link UnsupportedOperationException}
* if it is not overridden by the provider.</p>
*
* @param params the parameter set used to generate the keys.
* @param random the source of randomness.
* @throws InvalidAlgorithmParameterException if the given parameters are
* inappropriate for this key pair generator.
* Initializes this instance with the specified {@link AlgorithmParameterSpec}
* and {@link SecureRandom}.
*
* @param params
* the {@link AlgorithmParameterSpec} to use.
* @param random
* the {@link SecureRandom} to use.
* @throws InvalidAlgorithmParameterException
* if the designated specifications are invalid.
* @since 1.2
*/
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
@@ -353,17 +257,12 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* <p>Generates a key pair.</p>
*
* <p>If this <code>KeyPairGenerator</code> has not been initialized
* explicitly, provider-specific defaults will be used for the size and other
* (algorithm-specific) values of the generated keys.</p>
*
* <p>This will generate a new key pair every time it is called.</p>
*
* <p>This method is functionally equivalent to {@link #generateKeyPair()}.</p>
*
* @return the generated key pair.
* Generates a new "DSA" {@link KeyPair} from the "GNU" security provider.
*
* <p>This method generates a unique key-pair each time it is called.</p>
*
* @return a new unique {@link KeyPair}.
* @see #generateKeyPair()
* @since 1.2
*/
public final KeyPair genKeyPair()
@@ -381,17 +280,12 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
}
/**
* <p>Generates a key pair.</p>
*
* <p>If this <code>KeyPairGenerator</code> has not been initialized
* explicitly, provider-specific defaults will be used for the size and other
* (algorithm-specific) values of the generated keys.</p>
*
* <p>This will generate a new key pair every time it is called.</p>
*
* <p>This method is functionally equivalent to {@link #genKeyPair()}.</p>
*
* @return the generated key pair.
* Generates a new "DSA" {@link KeyPair} from the "GNU" security provider.
*
* <p>This method generates a unique key pair each time it is called.</p>
*
* @return a new unique {@link KeyPair}.
* @see #genKeyPair()
*/
public KeyPair generateKeyPair()
{
@@ -1,5 +1,5 @@
/* KeyStoreException.java -- Indicates a problem with the key store
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -67,4 +67,26 @@ public class KeyStoreException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public KeyStoreException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public KeyStoreException(Throwable cause)
{
super(cause);
}
}
+102 -155
View File
@@ -40,54 +40,10 @@ package java.security;
import gnu.java.security.Engine;
/**
* <p>This <code>MessageDigest</code> class provides applications the
* functionality of a message digest algorithm, such as <i>MD5</i> or <i>SHA</i>.
* Message digests are secure one-way hash functions that take arbitrary-sized
* data and output a fixed-length hash value.</p>
*
* <p>A <code>MessageDigest</code> object starts out initialized. The data is
* processed through it using the <code>update()</code> methods. At any point
* <code>reset()</code> can be called to reset the digest. Once all the data to
* be updated has been updated, one of the <code>digest()</code> methods should
* be called to complete the hash computation.</p>
*
* <p>The <code>digest()</code> method can be called <b>once</b> for a given
* number of updates. After <code>digest()</code> has been called, the
* <code>MessageDigest</code> object is <b>reset</b> to its initialized state.
* </p>
*
* <p>Implementations are free to implement the {@link Cloneable} interface.
* Client applications can test cloneability by attempting cloning and catching
* the {@link CloneNotSupportedException}:
*
* <pre>
* MessageDigest md = MessageDigest.getInstance("SHA");
* try
* {
* md.update(toChapter1);
* MessageDigest tc1 = md.clone();
* byte[] toChapter1Digest = tc1.digest();
* md.update(toChapter2);
* // ...
* }
* catch (CloneNotSupportedException x)
* {
* throw new DigestException("couldn't make digest of partial content");
* }
* </pre>
*
* <p>Note that if a given implementation is not cloneable, it is still possible
* to compute intermediate digests by instantiating several instances, if the
* number of digests is known in advance.</p>
*
* <p>Note that this class is abstract and extends from {@link MessageDigestSpi}
* for historical reasons. Application developers should only take notice of the
* methods defined in this <code>MessageDigest</code> class; all the methods in
* the superclass are intended for cryptographic service providers who wish to
* supply their own implementations of message digest algorithms.</p>
* data and output a fixed-length hash value.
*
* @see MessageDigestSpi
* @see Provider
* @since JDK 1.1
*/
public abstract class MessageDigest extends MessageDigestSpi
@@ -100,12 +56,11 @@ public abstract class MessageDigest extends MessageDigestSpi
private byte[] lastDigest;
/**
* Creates a message digest with the specified algorithm name.
*
* @param algorithm the standard name of the digest algorithm.
* See Appendix A in the Java Cryptography Architecture API
* Specification &amp; Reference for information about standard
* algorithm names.
* Constructs a new instance of <code>MessageDigest</code> representing the
* specified algorithm.
*
* @param algorithm
* the name of the digest algorithm to use.
*/
protected MessageDigest(String algorithm)
{
@@ -114,19 +69,14 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Generates a <code>MessageDigest</code> object that implements the specified
* digest algorithm. If the default provider package provides an
* implementation of the requested digest algorithm, an instance of
* <code>MessageDigest</code> containing that implementation is returned. If
* the algorithm is not available in the default package, other packages are
* searched.
*
* @param algorithm the name of the algorithm requested. See Appendix A in the
* Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @return a Message Digest object implementing the specified algorithm.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* caller's environment.
* Returns a new instance of <code>MessageDigest</code> representing the
* specified algorithm.
*
* @param algorithm
* the name of the digest algorithm to use.
* @return a new instance representing the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by any provider.
*/
public static MessageDigest getInstance(String algorithm)
throws NoSuchAlgorithmException
@@ -148,21 +98,18 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Generates a <code>MessageDigest</code> object implementing the specified
* algorithm, as supplied from the specified provider, if such an algorithm is
* available from the provider.
*
* @param algorithm the name of the algorithm requested. See Appendix A in the
* Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @param provider the name of the provider.
* @return a Message Digest object implementing the specified algorithm.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* package supplied by the requested provider.
* @throws NoSuchProviderException if the provider is not available in the
* environment.
* @throws IllegalArgumentException if the provider name is null or empty.
* @see Provider
* Returns a new instance of <code>MessageDigest</code> representing the
* specified algorithm from a named provider.
*
* @param algorithm
* the name of the digest algorithm to use.
* @param provider
* the name of the provider to use.
* @return a new instance representing the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the named provider.
* @throws NoSuchProviderException
* if the named provider was not found.
*/
public static MessageDigest getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
@@ -181,20 +128,18 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Generates a <code>MessageDigest</code> object implementing the specified
* algorithm, as supplied from the specified provider, if such an algorithm
* is available from the provider. Note: the provider doesn't have to be
* registered.
*
* @param algorithm the name of the algorithm requested. See Appendix A in
* the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @param provider the provider.
* @return a Message Digest object implementing the specified algorithm.
* @throws NoSuchAlgorithmException if the <code>algorithm</code> is not
* available in the package supplied by the requested <code>provider</code>.
* @throws IllegalArgumentException if the <code>provider</code> is
* <code>null</code>.
* Returns a new instance of <code>MessageDigest</code> representing the
* specified algorithm from a designated {@link Provider}.
*
* @param algorithm
* the name of the digest algorithm to use.
* @param provider
* the {@link Provider} to use.
* @return a new instance representing the desired algorithm.
* @throws IllegalArgumentException
* if <code>provider</code> is <code>null</code>.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by {@link Provider}.
* @since 1.4
* @see Provider
*/
@@ -233,9 +178,9 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Returns the provider of this message digest object.
*
* @return the provider of this message digest object.
* Returns the {@link Provider} of this instance.
*
* @return the {@link Provider} of this instance.
*/
public final Provider getProvider()
{
@@ -243,9 +188,9 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Updates the digest using the specified byte.
*
* @param input the byte with which to update the digest.
* Updates the digest with the byte.
*
* @param input byte to update the digest with.
*/
public void update(byte input)
{
@@ -253,12 +198,15 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Updates the digest using the specified array of bytes, starting at the
* specified offset.
*
* @param input the array of bytes.
* @param offset the offset to start from in the array of bytes.
* @param len the number of bytes to use, starting at offset.
* Updates the digest with the bytes from the array starting from the
* specified offset and using the specified length of bytes.
*
* @param input
* bytes to update the digest with.
* @param offset
* the offset to start at.
* @param len
* length of the data to update with.
*/
public void update(byte[] input, int offset, int len)
{
@@ -266,9 +214,9 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Updates the digest using the specified array of bytes.
*
* @param input the array of bytes.
* Updates the digest with the bytes of an array.
*
* @param input bytes to update the digest with.
*/
public void update(byte[] input)
{
@@ -276,10 +224,9 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Completes the hash computation by performing final operations such as
* padding. The digest is reset after this call is made.
*
* @return the array of bytes for the resulting hash value.
* Computes the final digest of the stored data.
*
* @return a byte array representing the message digest.
*/
public byte[] digest()
{
@@ -287,14 +234,15 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Completes the hash computation by performing final operations such as
* padding. The digest is reset after this call is made.
*
* @param buf An output buffer for the computed digest.
* @param offset The offset into the output buffer to begin storing the digest.
* @param len The number of bytes within buf allotted for the digest.
* @return The number of bytes placed into buf.
* @throws DigestException if an error occurs.
* Computes the final digest of the stored bytes and returns the result.
*
* @param buf
* an array of bytes to store the result in.
* @param offset
* an offset to start storing the result at.
* @param len
* the length of the buffer.
* @return Returns the length of the buffer.
*/
public int digest(byte[] buf, int offset, int len) throws DigestException
{
@@ -302,13 +250,13 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Performs a final update on the digest using the specified array of bytes,
* then completes the digest computation. That is, this method first calls
* <code>update(input)</code>, passing the input array to the <code>update()
* </code> method, then calls <code>digest()</code>.
*
* @param input the input to be updated before the digest is completed.
* @return the array of bytes for the resulting hash value.
* Computes a final update using the input array of bytes, then computes a
* final digest and returns it. It calls {@link #update(byte[])} and then
* {@link #digest(byte[])}.
*
* @param input
* an array of bytes to perform final update with.
* @return a byte array representing the message digest.
*/
public byte[] digest(byte[] input)
{
@@ -317,9 +265,9 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Returns a string representation of this message digest object.
*
* @return a string representation of the object.
* Returns a string representation of this instance.
*
* @return a string representation of this instance.
*/
public String toString()
{
@@ -327,12 +275,14 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Compares two digests for equality. Does a simple byte compare.
*
* @param digesta one of the digests to compare.
* @param digestb the other digest to compare.
* @return <code>true</code> if the digests are equal, <code>false</code>
* otherwise.
* Does a simple byte comparison of the two digests.
*
* @param digesta
* first digest to compare.
* @param digestb
* second digest to compare.
* @return <code>true</code> if both are equal, <code>false</code>
* otherwise.
*/
public static boolean isEqual(byte[] digesta, byte[] digestb)
{
@@ -346,20 +296,16 @@ public abstract class MessageDigest extends MessageDigestSpi
return true;
}
/** Resets the digest for further use. */
/** Resets this instance. */
public void reset()
{
engineReset();
}
/**
* Returns a string that identifies the algorithm, independent of
* implementation details. The name should be a standard Java Security name
* (such as <code>"SHA"</code>, <code>"MD5"</code>, and so on). See Appendix
* A in the Java Cryptography Architecture API Specification &amp; Reference
* for information about standard algorithm names.
*
* @return the name of the algorithm.
* Returns the name of message digest algorithm.
*
* @return the name of message digest algorithm.
*/
public final String getAlgorithm()
{
@@ -367,12 +313,10 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Returns the length of the digest in bytes, or <code>0</code> if this
* operation is not supported by the provider and the implementation is not
* cloneable.
*
* @return the digest length in bytes, or <code>0</code> if this operation is
* not supported by the provider and the implementation is not cloneable.
* Returns the length of the message digest. The default is zero which means
* that the concrete implementation does not implement this method.
*
* @return length of the message digest.
* @since 1.2
*/
public final int getDigestLength()
@@ -381,11 +325,14 @@ public abstract class MessageDigest extends MessageDigestSpi
}
/**
* Returns a clone if the implementation is cloneable.
*
* @return a clone if the implementation is cloneable.
* @throws CloneNotSupportedException if this is called on an implementation
* that does not support {@link Cloneable}.
* Returns a clone of this instance if cloning is supported. If it does not
* then a {@link CloneNotSupportedException} is thrown. Cloning depends on
* whether the subclass {@link MessageDigestSpi} implements {@link Cloneable}
* which contains the actual implementation of the appropriate algorithm.
*
* @return a clone of this instance.
* @throws CloneNotSupportedException
* the implementation does not support cloning.
*/
public Object clone() throws CloneNotSupportedException
{
@@ -1,5 +1,5 @@
/* NoSuchAlgorithmException.java -- an algorithm was not available
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -67,4 +67,26 @@ public class NoSuchAlgorithmException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public NoSuchAlgorithmException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public NoSuchAlgorithmException(Throwable cause)
{
super(cause);
}
}
+81 -94
View File
@@ -43,49 +43,43 @@ import java.util.LinkedHashMap;
import java.util.Map;
/**
* <p>This is an abstract class for representing the system security policy for
* a Java application environment (specifying which permissions are available
* for code from various sources). That is, the security policy is represented
* by a <code>Policy</code> subclass providing an implementation of the abstract
* methods in this <code>Policy</code> class.</p>
*
* <p>There is only one <code>Policy</code> object in effect at any given time.
* </p>
*
* <p>The source location for the policy information utilized by the
* <code>Policy</code> object is up to the <code>Policy</code> implementation.
* The policy configuration may be stored, for example, as a flat ASCII file, as
* a serialized binary file of the <code>Policy</code> class, or as a database.
* </p>
*
* <p>The currently-installed <code>Policy</code> object can be obtained by
* calling the <code>getPolicy()</code> method, and it can be changed by a call
* to the <code>setPolicy()</code> method (by code with permission to reset the
* <code>Policy</code>).</p>
*
* <p>The <code>refresh()</code> method causes the policy object to refresh /
* reload its current configuration.</p>
*
* <p>This is implementation-dependent. For example, if the policy object stores
* its policy in configuration files, calling <code>refresh()</code> will cause
* it to re-read the configuration policy files. The refreshed policy may not
* have an effect on classes in a particular {@link ProtectionDomain}. This is
* dependent on the <code>Policy</code> provider's implementation of the
* <code>implies()</code> method and the {@link PermissionCollection} caching
* strategy.</p>
*
* <code>Policy</code> is an abstract class for managing the system security
* policy for the Java application environment. It specifies which permissions
* are available for code from various sources. The security policy is
* represented through a subclass of <code>Policy</code>.
*
* <p>Only one <code>Policy</code> is in effect at any time. A
* {@link ProtectionDomain} initializes itself with information from this class
* on the set of permssions to grant.</p>
*
* <p>The location for the actual <code>Policy</code> could be anywhere in any
* form because it depends on the Policy implementation. The default system is
* in a flat ASCII file or it could be in a database.</p>
*
* <p>The current installed <code>Policy</code> can be accessed with
* {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code
* has the correct permissions.</p>
*
* <p>The {@link #refresh()} method causes the <code>Policy</code> instance to
* refresh/reload its configuration. The method used to refresh depends on the
* <code>Policy</code> implementation.</p>
*
* <p>When a protection domain initializes its permissions, it uses code like
* the following:</p>
*
* <code>
* policy = Policy.getPolicy();
* PermissionCollection perms = policy.getPermissions(myCodeSource);
* </code>
*
* <p>The protection domain passes the <code>Policy</code> handler a
* {@link CodeSource} instance which contains the codebase URL and a public key.
* The <code>Policy</code> implementation then returns the proper set of
* permissions for that {@link CodeSource}.</p>
*
* <p>The default <code>Policy</code> implementation can be changed by setting
* the value of the <code>"policy.provider"</code> security property (in the
* Java security properties file) to the fully qualified name of the desired
* <code>Policy</code> implementation class. The Java security properties file
* is located in the file named <code>&lt;JAVA_HOME>/lib/security/java.security
* </code>, where <code>&lt;JAVA_HOME></code> refers to the directory where the
* SDK was installed.</p>
*
* <p><b>IMPLEMENTATION NOTE:</b> This implementation attempts to read the
* System property named <code>policy.provider</code> to find the concrete
* implementation of the <code>Policy</code>. If/when this fails, it falls back
* to a default implementation, which <b>allows everything</b>.
* the "policy.provider" security provider in the "java.security" file to the
* correct <code>Policy</code> implementation class.</p>
*
* @author Mark Benvenuto
* @see CodeSource
@@ -106,18 +100,14 @@ public abstract class Policy
}
/**
* Returns the installed <code>Policy</code> object. This value should not be
* cached, as it may be changed by a call to <code>setPolicy()</code>. This
* method first calls {@link SecurityManager#checkPermission(Permission)} with
* a <code>SecurityPermission("getPolicy")</code> permission to ensure it's ok
* to get the <code>Policy</code> object.
*
* @return the installed <code>Policy</code>.
* @throws SecurityException if a security manager exists and its
* <code>checkPermission()</code> method doesn't allow getting the
* <code>Policy</code> object.
* @see SecurityManager#checkPermission(Permission)
* @see #setPolicy(Policy)
* Returns the currently installed <code>Policy</code> handler. The value
* should not be cached as it can be changed any time by
* {@link #setPolicy(Policy)}.
*
* @return the current <code>Policy</code>.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public static Policy getPolicy()
{
@@ -129,17 +119,13 @@ public abstract class Policy
}
/**
* Sets the system-wide <code>Policy</code> object. This method first calls
* {@link SecurityManager#checkPermission(Permission)} with a
* <code>SecurityPermission("setPolicy")</code> permission to ensure it's ok
* to set the <code>Policy</code>.
*
* @param policy the new system <code>Policy</code> object.
* @throws SecurityException if a security manager exists and its
* <code>checkPermission()</code> method doesn't allow setting the
* <code>Policy</code>.
* @see SecurityManager#checkPermission(Permission)
* @see #getPolicy()
* Sets the <code>Policy</code> handler to a new value.
*
* @param policy
* the new <code>Policy</code> to use.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public static void setPolicy(Policy policy)
{
@@ -213,28 +199,27 @@ public abstract class Policy
}
/**
* Evaluates the global policy and returns a {@link PermissionCollection}
* object specifying the set of permissions allowed for code from the
* specified code source.
*
* @param codesource the {@link CodeSource} associated with the caller. This
* encapsulates the original location of the code (where the code came from)
* and the public key(s) of its signer.
* @return the set of permissions allowed for code from codesource according
* to the policy. The returned set of permissions must be a new mutable
* instance and it must support heterogeneous {@link Permission} types.
* Returns the set of Permissions allowed for a given {@link CodeSource}.
*
* @param codesource
* the {@link CodeSource} for which, the caller needs to find the
* set of granted permissions.
* @return a set of permissions for {@link CodeSource} specified by the
* current <code>Policy</code>.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public abstract PermissionCollection getPermissions(CodeSource codesource);
/**
* Evaluates the global policy and returns a {@link PermissionCollection}
* object specifying the set of permissions allowed given the characteristics
* of the protection domain.
*
* @param domain the {@link ProtectionDomain} associated with the caller.
* @return the set of permissions allowed for the domain according to the
* policy. The returned set of permissions must be a new mutable instance and
* it must support heterogeneous {@link Permission} types.
* Returns the set of Permissions allowed for a given {@link ProtectionDomain}.
*
* @param domain
* the {@link ProtectionDomain} for which, the caller needs to find
* the set of granted permissions.
* @return a set of permissions for {@link ProtectionDomain} specified by the
* current <code>Policy.</code>.
* @since 1.4
* @see ProtectionDomain
* @see SecureClassLoader
@@ -270,14 +255,16 @@ public abstract class Policy
}
/**
* Evaluates the global policy for the permissions granted to the {@link
* ProtectionDomain} and tests whether the <code>permission</code> is granted.
*
* @param domain the {@link ProtectionDomain} to test.
* @param permission the {@link Permission} object to be tested for
* implication.
* @return <code>true</code> if <code>permission</code> is a proper subset of
* a permission granted to this {@link ProtectionDomain}.
* Checks if the designated {@link Permission} is granted to a designated
* {@link ProtectionDomain}.
*
* @param domain
* the {@link ProtectionDomain} to test.
* @param permission
* the {@link Permission} to check.
* @return <code>true</code> if <code>permission</code> is implied by a
* permission granted to this {@link ProtectionDomain}. Returns
* <code>false</code> otherwise.
* @since 1.4
* @see ProtectionDomain
*/
@@ -302,9 +289,9 @@ public abstract class Policy
}
/**
* Refreshes/reloads the policy configuration. The behavior of this method
* depends on the implementation. For example, calling refresh on a file-based
* policy will cause the file to be re-read.
* Causes this <code>Policy</code> instance to refresh / reload its
* configuration. The method used to refresh depends on the concrete
* implementation.
*/
public abstract void refresh();
}
@@ -40,17 +40,14 @@ package java.security;
import gnu.classpath.SystemProperties;
/**
* <p>This <code>ProtectionDomain</code> class encapsulates the characteristics
* of a domain, which encloses a set of classes whose instances are granted a
* set of permissions when being executed on behalf of a given set of
* <i>Principals</i>.
*
* <p>A static set of permissions can be bound to a <code>ProtectionDomain</code>
* when it is constructed; such permissions are granted to the domain regardless
* of the {@link Policy} in force. However, to support dynamic security
* policies, a <code>ProtectionDomain</code> can also be constructed such that
* it is dynamically mapped to a set of permissions by the current {@link
* Policy} whenever a permission is checked.</p>
* This class represents a group of classes, along with their granted
* permissions. The classes are identified by a {@link CodeSource}. Thus, any
* class loaded from the specified {@link CodeSource} is treated as part of
* this domain. The set of permissions is represented by an instance of
* {@link PermissionCollection}.
*
* <p>Every class in the system will belong to one and only one
* <code>ProtectionDomain</code>.</p>
*
* @author Aaron M. Renn (arenn@urbanophile.com)
* @version 0.0
@@ -73,15 +70,17 @@ public class ProtectionDomain
private boolean staticBinding;
/**
* Creates a new <code>ProtectionDomain</code> with the given {@link
* CodeSource} and {@link Permissions}. If the permissions object is not
* <code>null</code>, then <code>setReadOnly()</code> will be called on the
* passed in {@link Permissions} object. The only permissions granted to this
* domain are the ones specified; the current {@link Policy} will not be
* consulted.
*
* @param codesource the codesource associated with this domain.
* @param permissions the permissions granted to this domain
* Initializes a new instance of <code>ProtectionDomain</code> representing
* the specified {@link CodeSource} and set of permissions. No permissions
* can be added later to the {@link PermissionCollection} and this contructor
* will call the <code>setReadOnly</code> method on the specified set of
* permissions.
*
* @param codesource
* The {@link CodeSource} for this domain.
* @param permissions
* The set of permissions for this domain.
* @see PermissionCollection#setReadOnly()
*/
public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
{
@@ -89,28 +88,25 @@ public class ProtectionDomain
}
/**
* <p>Creates a new ProtectionDomain qualified by the given CodeSource,
* Permissions, ClassLoader and array of Principals. If the permissions
* object is not null, then <code>setReadOnly()</code> will be called on the
* passed in Permissions object. The permissions granted to this domain are
* dynamic; they include both the static permissions passed to this
* constructor, and any permissions granted to this domain by the current
* Policy at the time a permission is checked.</p>
*
* <p>This constructor is typically used by {@link ClassLoader}s and {@link
* DomainCombiner}s which delegate to <code>Policy</code> to actively
* associate the permissions granted to this domain. This constructor affords
* the Policy provider the opportunity to augment the supplied
* PermissionCollection to reflect policy changes.</p>
*
* @param codesource the CodeSource associated with this domain.
* @param permissions the permissions granted to this domain.
* @param classloader the ClassLoader associated with this domain.
* @param principals the array of Principals associated with this domain.
* This method initializes a new instance of <code>ProtectionDomain</code>
* given its {@link CodeSource}, granted permissions, associated
* {@link ClassLoader} and {@link Principal}s.
*
* <p>Similar to the previous constructor, if the designated set of
* permissions is not <code>null</code>, the <code>setReadOnly</code> method
* is called on that set.</p>
*
* @param codesource
* The {@link CodeSource} for this domain.
* @param permissions
* The permission set for this domain.
* @param classloader
* the ClassLoader associated with this domain.
* @param principals
* the array of {@link Principal}s associated with this domain.
* @since 1.4
* @see Policy#refresh()
* @see Policy#getPermissions(ProtectionDomain)
*/
* @see PermissionCollection#setReadOnly()
*/
public ProtectionDomain(CodeSource codesource,
PermissionCollection permissions,
ClassLoader classloader, Principal[] principals)
@@ -140,8 +136,8 @@ public class ProtectionDomain
/**
* Returns the {@link CodeSource} of this domain.
*
* @return the {@link CodeSource} of this domain which may be <code>null</code>.
*
* @return the {@link CodeSource} of this domain.
* @since 1.2
*/
public final CodeSource getCodeSource()
@@ -151,9 +147,8 @@ public class ProtectionDomain
/**
* Returns the {@link ClassLoader} of this domain.
*
* @return the {@link ClassLoader} of this domain which may be
* <code>null</code>.
*
* @return the {@link ClassLoader} of this domain.
* @since 1.4
*/
public final ClassLoader getClassLoader()
@@ -162,10 +157,9 @@ public class ProtectionDomain
}
/**
* Returns an array of principals for this domain.
*
* @return returns a non-null array of principals for this domain. Changes to
* this array will have no impact on the <code>ProtectionDomain</code>.
* Returns a clone of the {@link Principal}s of this domain.
*
* @return a clone of the {@link Principal}s of this domain.
* @since 1.4
*/
public final Principal[] getPrincipals()
@@ -174,12 +168,9 @@ public class ProtectionDomain
}
/**
* Returns the static permissions granted to this domain.
*
* @return the static set of permissions for this domain which may be
* <code>null</code>.
* @see Policy#refresh()
* @see Policy#getPermissions(ProtectionDomain)
* Returns the {@link PermissionCollection} of this domain.
*
* @return The {@link PermissionCollection} of this domain.
*/
public final PermissionCollection getPermissions()
{
@@ -187,26 +178,13 @@ public class ProtectionDomain
}
/**
* <p>Check and see if this <code>ProtectionDomain</code> implies the
* permissions expressed in the <code>Permission</code> object.</p>
*
* <p>The set of permissions evaluated is a function of whether the
* <code>ProtectionDomain</code> was constructed with a static set of
* permissions or it was bound to a dynamically mapped set of permissions.</p>
*
* <p>If the <code>ProtectionDomain</code> was constructed to a statically
* bound {@link PermissionCollection} then the permission will only be checked
* against the {@link PermissionCollection} supplied at construction.</p>
*
* <p>However, if the <code>ProtectionDomain</code> was constructed with the
* constructor variant which supports dynamically binding permissions, then
* the permission will be checked against the combination of the
* {@link PermissionCollection} supplied at construction and the current
* {@link Policy} binding.
*
* @param permission the {@link Permission} object to check.
* @return <code>true</code> if <code>permission</code> is implicit to this
* <code>ProtectionDomain</code>.
* Tests whether or not the specified {@link Permission} is implied by the
* set of permissions granted to this domain.
*
* @param permission
* the {@link Permission} to test.
* @return <code>true</code> if the specified {@link Permission} is implied
* for this domain, <code>false</code> otherwise.
*/
public boolean implies(Permission permission)
{
@@ -218,9 +196,10 @@ public class ProtectionDomain
}
/**
* Convert a <code>ProtectionDomain</code> to a String.
*
* @return a string representation of the object.
* Returns a string representation of this object. It will include the
* {@link CodeSource} and set of permissions associated with this domain.
*
* @return A string representation of this object.
*/
public String toString()
{
@@ -1,5 +1,5 @@
/* ProviderException.java -- Generic security provider runtime exception
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -67,4 +67,26 @@ public class ProviderException extends RuntimeException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public ProviderException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public ProviderException(Throwable cause)
{
super(cause);
}
}
@@ -38,6 +38,7 @@ exception statement from your version. */
package java.security;
import gnu.java.security.Engine;
import gnu.java.security.jce.prng.Sha160RandomSpi;
import java.util.Enumeration;
import java.util.Random;
@@ -126,7 +127,7 @@ public class SecureRandom extends Random
}
// Nothing found. Fall back to SHA1PRNG
secureRandomSpi = new gnu.java.security.provider.SHA1PRNG();
secureRandomSpi = new Sha160RandomSpi();
}
/**
+172 -222
View File
@@ -60,7 +60,7 @@ import java.util.Vector;
/**
* This class centralizes all security properties and common security methods.
* One of its primary uses is to manage providers.
* One of its primary uses is to manage security providers.
*
* @author Mark Benvenuto (ivymccough@worldnet.att.net)
*/
@@ -110,9 +110,9 @@ public final class Security
}
/**
* Tries to load the vender specific security providers from the given
* base URL. Returns true if the resource could be read and completely
* parsed successfully, false otherwise.
* Tries to load the vender specific security providers from the given base
* URL. Returns true if the resource could be read and completely parsed
* successfully, false otherwise.
*/
private static boolean loadProviders(String baseUrl, String vendor)
{
@@ -133,7 +133,8 @@ public final class Security
Exception exception = null;
try
{
providers.addElement(Class.forName(name).newInstance());
ClassLoader sys = ClassLoader.getSystemClassLoader();
providers.addElement(Class.forName(name, true, sys).newInstance());
}
catch (ClassNotFoundException x)
{
@@ -166,22 +167,18 @@ public final class Security
}
/**
* Gets a specified property for an algorithm. The algorithm name should be a
* standard name. See Appendix A in the Java Cryptography Architecture API
* Specification &amp; Reference for information about standard algorithm
* names. One possible use is by specialized algorithm parsers, which may map
* classes to algorithms which they understand (much like {@link Key} parsers
* do).
*
* @param algName the algorithm name.
* @param propName the name of the property to get.
* @return the value of the specified property.
* @deprecated This method used to return the value of a proprietary property
* in the master file of the "SUN" Cryptographic Service Provider in order to
* determine how to parse algorithm-specific parameters. Use the new
* provider-based and algorithm-independent {@link AlgorithmParameters} and
* {@link KeyFactory} engine classes (introduced in the Java 2 platform)
* instead.
* Returns the value associated to a designated property name for a given
* algorithm.
*
* @param algName
* the algorithm name.
* @param propName
* the name of the property to return.
* @return the value of the specified property or <code>null</code> if none
* found.
* @deprecated Use the provider-based and algorithm-independent
* {@link AlgorithmParameters} and {@link KeyFactory} engine
* classes instead.
*/
public static String getAlgorithmProperty(String algName, String propName)
{
@@ -204,37 +201,21 @@ public final class Security
}
/**
* <p>Adds a new provider, at a specified position. The position is the
* preference order in which providers are searched for requested algorithms.
* Note that it is not guaranteed that this preference will be respected. The
* position is 1-based, that is, <code>1</code> is most preferred, followed by
* <code>2</code>, and so on.</p>
*
* <p>If the given provider is installed at the requested position, the
* provider that used to be at that position, and all providers with a
* position greater than position, are shifted up one position (towards the
* end of the list of installed providers).</p>
*
* <p>A provider cannot be added if it is already installed.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with the string <code>"insertProvider."+provider.
* getName()</code> to see if it's ok to add a new provider. If the default
* implementation of <code>checkSecurityAccess()</code> is used (i.e., that
* method is not overriden), then this will result in a call to the security
* manager's <code>checkPermission()</code> method with a
* <code>SecurityPermission("insertProvider."+provider.getName())</code>
* permission.</p>
*
* @param provider the provider to be added.
* @param position the preference position that the caller would like for
* this provider.
* @return the actual preference position in which the provider was added, or
* <code>-1</code> if the provider was not added because it is already
* installed.
* @throws SecurityException if a security manager exists and its
* {@link SecurityManager#checkSecurityAccess(String)} method denies access
* to add a new provider.
* Inserts a new designated {@link Provider} at a designated (1-based)
* position in the current list of installed {@link Provider}s,
*
* @param provider
* the new {@link Provider} to add.
* @param position
* the position (starting from 1) of where to install
* <code>provider</code>.
* @return the actual position, in the list of installed Providers. Returns
* <code>-1</code> if <code>provider</code> was laready in the
* list. The actual position may be different than the desired
* <code>position</code>.
* @throws SecurityException
* if a {@link SecurityManager} is installed and it disallows this
* operation.
* @see #getProvider(String)
* @see #removeProvider(String)
* @see SecurityPermission
@@ -264,24 +245,17 @@ public final class Security
}
/**
* <p>Adds a provider to the next position available.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with the string <code>"insertProvider."+provider.
* getName()</code> to see if it's ok to add a new provider. If the default
* implementation of <code>checkSecurityAccess()</code> is used (i.e., that
* method is not overriden), then this will result in a call to the security
* manager's <code>checkPermission()</code> method with a
* <code>SecurityPermission("insertProvider."+provider.getName())</code>
* permission.</p>
*
* @param provider the provider to be added.
* @return the preference position in which the provider was added, or
* <code>-1</code> if the provider was not added because it is already
* installed.
* @throws SecurityException if a security manager exists and its
* {@link SecurityManager#checkSecurityAccess(String)} method denies access
* to add a new provider.
* Appends the designated new {@link Provider} to the current list of
* installed {@link Provider}s.
*
* @param provider
* the new {@link Provider} to append.
* @return the position (starting from 1) of <code>provider</code> in the
* current list of {@link Provider}s, or <code>-1</code> if
* <code>provider</code> was already there.
* @throws SecurityException
* if a {@link SecurityManager} is installed and it disallows this
* operation.
* @see #getProvider(String)
* @see #removeProvider(String)
* @see SecurityPermission
@@ -292,26 +266,14 @@ public final class Security
}
/**
* <p>Removes the provider with the specified name.</p>
*
* <p>When the specified provider is removed, all providers located at a
* position greater than where the specified provider was are shifted down
* one position (towards the head of the list of installed providers).</p>
*
* <p>This method returns silently if the provider is not installed.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with the string <code>"removeProvider."+name</code>
* to see if it's ok to remove the provider. If the default implementation of
* <code>checkSecurityAccess()</code> is used (i.e., that method is not
* overriden), then this will result in a call to the security manager's
* <code>checkPermission()</code> method with a <code>SecurityPermission(
* "removeProvider."+name)</code> permission.</p>
*
* @param name the name of the provider to remove.
* @throws SecurityException if a security manager exists and its
* {@link SecurityManager#checkSecurityAccess(String)} method denies access
* to remove the provider.
* Removes an already installed {@link Provider}, given its name, from the
* current list of installed {@link Provider}s.
*
* @param name
* the name of an already installed {@link Provider} to remove.
* @throws SecurityException
* if a {@link SecurityManager} is installed and it disallows this
* operation.
* @see #getProvider(String)
* @see #addProvider(Provider)
*/
@@ -333,9 +295,9 @@ public final class Security
}
/**
* Returns an array containing all the installed providers. The order of the
* providers in the array is their preference order.
*
* Returns the current list of installed {@link Provider}s as an array
* ordered according to their installation preference order.
*
* @return an array of all the installed providers.
*/
public static Provider[] getProviders()
@@ -346,11 +308,13 @@ public final class Security
}
/**
* Returns the provider installed with the specified name, if any. Returns
* <code>null</code> if no provider with the specified name is installed.
*
* @param name the name of the provider to get.
* @return the provider of the specified name.
* Returns an already installed {@link Provider} given its name.
*
* @param name
* the name of an already installed {@link Provider}.
* @return the {@link Provider} known by <code>name</code>. Returns
* <code>null</code> if the current list of {@link Provider}s does
* not include one named <code>name</code>.
* @see #removeProvider(String)
* @see #addProvider(Provider)
*/
@@ -376,18 +340,16 @@ public final class Security
}
/**
* <p>Gets a security property value.</p>
*
* <p>First, if there is a security manager, its <code>checkPermission()</code>
* method is called with a <code>SecurityPermission("getProperty."+key)</code>
* permission to see if it's ok to retrieve the specified security property
* value.</p>
*
* @param key the key of the property being retrieved.
* @return the value of the security property corresponding to key.
* @throws SecurityException if a security manager exists and its
* {@link SecurityManager#checkPermission(Permission)} method denies access
* to retrieve the specified security property value.
* Returns the value associated with a Security propery.
*
* @param key
* the key of the property to fetch.
* @return the value of the Security property associated with
* <code>key</code>. Returns <code>null</code> if no such property
* was found.
* @throws SecurityException
* if a {@link SecurityManager} is installed and it disallows this
* operation.
* @see #setProperty(String, String)
* @see SecurityPermission
*/
@@ -404,18 +366,15 @@ public final class Security
}
/**
* <p>Sets a security property value.</p>
*
* <p>First, if there is a security manager, its <code>checkPermission()</code>
* method is called with a <code>SecurityPermission("setProperty."+key)</code>
* permission to see if it's ok to set the specified security property value.
* </p>
*
* @param key the name of the property to be set.
* @param datum the value of the property to be set.
* @throws SecurityException if a security manager exists and its
* {@link SecurityManager#checkPermission(Permission)} method denies access
* to set the specified security property value.
* Sets or changes a designated Security property to a designated value.
*
* @param key
* the name of the property to set.
* @param datum
* the new value of the property.
* @throws SecurityException
* if a {@link SecurityManager} is installed and it disallows this
* operation.
* @see #getProperty(String)
* @see SecurityPermission
*/
@@ -432,19 +391,16 @@ public final class Security
}
/**
* Returns a Set of Strings containing the names of all available algorithms
* or types for the specified Java cryptographic service (e.g., Signature,
* MessageDigest, Cipher, Mac, KeyStore). Returns an empty Set if there is no
* provider that supports the specified service. For a complete list of Java
* cryptographic services, please see the Java Cryptography Architecture API
* Specification &amp; Reference. Note: the returned set is immutable.
*
* @param serviceName the name of the Java cryptographic service (e.g.,
* Signature, MessageDigest, Cipher, Mac, KeyStore). Note: this parameter is
* case-insensitive.
* @return a Set of Strings containing the names of all available algorithms
* or types for the specified Java cryptographic service or an empty set if
* no provider supports the specified service.
* For a given <i>service</i> (e.g. Signature, MessageDigest, etc...) this
* method returns the {@link Set} of all available algorithm names (instances
* of {@link String}, from all currently installed {@link Provider}s.
*
* @param serviceName
* the case-insensitive name of a service (e.g. Signature,
* MessageDigest, etc).
* @return a {@link Set} of {@link String}s containing the names of all
* algorithm names provided by all of the currently installed
* {@link Provider}s.
* @since 1.4
*/
public static Set getAlgorithms(String serviceName)
@@ -477,53 +433,48 @@ public final class Security
}
/**
* <p>Returns an array containing all installed providers that satisfy the
* specified selection criterion, or <code>null</code> if no such providers
* have been installed. The returned providers are ordered according to their
* preference order.</p>
*
* <p>A cryptographic service is always associated with a particular
* algorithm or type. For example, a digital signature service is always
* associated with a particular algorithm (e.g., <i>DSA</i>), and a
* CertificateFactory service is always associated with a particular
* certificate type (e.g., <i>X.509</i>).</p>
*
* <p>The selection criterion must be specified in one of the following two
* formats:</p>
*
* Returns an array of currently installed {@link Provider}s, ordered
* according to their installation preference order, which satisfy a given
* <i>selection</i> criterion.
*
* <p>This implementation recognizes a <i>selection</i> criterion written in
* one of two following forms:</p>
*
* <ul>
* <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;</p>
* <p>The cryptographic service name must not contain any dots.</p>
* <p>A provider satisfies the specified selection criterion iff the
* provider implements the specified algorithm or type for the specified
* cryptographic service.</p>
* <p>For example, "CertificateFactory.X.509" would be satisfied by any
* provider that supplied a CertificateFactory implementation for X.509
* certificates.</p></li>
*
* <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;:&lt;attribute_value&gt;</p>
* <p>The cryptographic service name must not contain any dots. There must
* be one or more space charaters between the the &lt;algorithm_or_type&gt;
* and the &lt;attribute_name&gt;.</p>
* <p>A provider satisfies this selection criterion iff the provider
* implements the specified algorithm or type for the specified
* cryptographic service and its implementation meets the constraint
* expressed by the specified attribute name/value pair.</p>
* <p>For example, "Signature.SHA1withDSA KeySize:1024" would be satisfied
* by any provider that implemented the SHA1withDSA signature algorithm
* with a keysize of 1024 (or larger).</p></li>
* <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;: Where
* <i>crypto_service</i> is a case-insensitive string, similar to what has
* been described in the {@link #getAlgorithms(String)} method, and
* <i>algorithm_or_type</i> is a known case-insensitive name of an
* Algorithm, or one of its aliases.
*
* <p>For example, "CertificateFactory.X.509" would return all the installed
* {@link Provider}s which provide a <i>CertificateFactory</i>
* implementation of <i>X.509</i>.</p></li>
*
* <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;:&lt;value&gt;:
* Where <i>crypto_service</i> is a case-insensitive string, similar to what
* has been described in the {@link #getAlgorithms(String)} method,
* <i>algorithm_or_type</i> is a case-insensitive known name of an Algorithm
* or one of its aliases, <i>attribute_name</i> is a case-insensitive
* property name with no whitespace characters, and no dots, in-between, and
* <i>value</i> is a {@link String} with no whitespace characters in-between.
*
* <p>For example, "Signature.Sha1WithDSS KeySize:1024" would return all the
* installed {@link Provider}s which declared their ability to provide
* <i>Signature</i> services, using the <i>Sha1WithDSS</i> algorithm with
* key sizes of <i>1024</i>.</p></li>
* </ul>
*
* <p>See Appendix A in the Java Cryptogaphy Architecture API Specification
* &amp; Reference for information about standard cryptographic service names,
* standard algorithm names and standard attribute names.</p>
*
* @param filter the criterion for selecting providers. The filter is case-
* insensitive.
* @return all the installed providers that satisfy the selection criterion,
* or null if no such providers have been installed.
* @throws InvalidParameterException if the filter is not in the required
* format.
*
* @param filter
* the <i>selection</i> criterion for selecting among the installed
* {@link Provider}s.
* @return all the installed {@link Provider}s which satisfy the <i>selection</i>
* criterion. Returns <code>null</code> if no installed
* {@link Provider}s were found which satisfy the <i>selection</i>
* criterion. Returns ALL installed {@link Provider}s if
* <code>filter</code> is <code>null</code> or is an empty string.
* @throws InvalidParameterException
* if an exception occurs while parsing the <code>filter</code>.
* @see #getProviders(Map)
*/
public static Provider[] getProviders(String filter)
@@ -544,48 +495,47 @@ public final class Security
return getProviders(map);
}
/**
* <p>Returns an array containing all installed providers that satisfy the
* specified selection criteria, or <code>null</code> if no such providers
* have been installed. The returned providers are ordered according to their
* preference order.</p>
*
* <p>The selection criteria are represented by a map. Each map entry
* represents a selection criterion. A provider is selected iff it satisfies
* all selection criteria. The key for any entry in such a map must be in one
* of the following two formats:</p>
*
* <ul>
* <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;</p>
* <p>The cryptographic service name must not contain any dots.</p>
* <p>The value associated with the key must be an empty string.</p>
* <p>A provider satisfies this selection criterion iff the provider
* implements the specified algorithm or type for the specified
* cryptographic service.</p></li>
*
* <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;</p>
* <p>The cryptographic service name must not contain any dots. There must
* be one or more space charaters between the &lt;algorithm_or_type&gt; and
* the &lt;attribute_name&gt;.</p>
* <p>The value associated with the key must be a non-empty string. A
* provider satisfies this selection criterion iff the provider implements
* the specified algorithm or type for the specified cryptographic service
* and its implementation meets the constraint expressed by the specified
* attribute name/value pair.</p></li>
* </ul>
*
* <p>See Appendix A in the Java Cryptogaphy Architecture API Specification
* &amp; Reference for information about standard cryptographic service names,
* standard algorithm names and standard attribute names.</p>
*
* @param filter the criteria for selecting providers. The filter is case-
* insensitive.
* @return all the installed providers that satisfy the selection criteria,
* or <code>null</code> if no such providers have been installed.
* @throws InvalidParameterException if the filter is not in the required
* format.
* @see #getProviders(String)
*/
/**
* Returns an array of currently installed {@link Provider}s which satisfy a
* set of <i>selection</i> criteria.
*
* <p>The <i>selection</i> criteria are defined in a {@link Map} where each
* element specifies a <i>selection</i> querry. The <i>Keys</i> in this
* {@link Map} must be in one of the two following forms:</p>
*
* <ul>
* <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;: Where
* <i>crypto_service</i> is a case-insensitive string, similar to what has
* been described in the {@link #getAlgorithms(String)} method, and
* <i>algorithm_or_type</i> is a case-insensitive known name of an
* Algorithm, or one of its aliases. The <i>value</i> of the entry in the
* {@link Map} for such a <i>Key</i> MUST be the empty string.
* {@link Provider}s which provide an implementation for the designated
* <i>service algorithm</i> are included in the result.</li>
*
* <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;:
* Where <i>crypto_service</i> is a case-insensitive string, similar to what
* has been described in the {@link #getAlgorithms(String)} method,
* <i>algorithm_or_type</i> is a case-insensitive known name of an Algorithm
* or one of its aliases, and <i>attribute_name</i> is a case-insensitive
* property name with no whitespace characters, and no dots, in-between. The
* <i>value</i> of the entry in this {@link Map} for such a <i>Key</i> MUST
* NOT be <code>null</code> or an empty string. {@link Provider}s which
* declare the designated <i>attribute_name</i> and <i>value</i> for the
* designated <i>service algorithm</i> are included in the result.</li>
* </ul>
*
* @param filter
* a {@link Map} of <i>selection querries</i>.
* @return all currently installed {@link Provider}s which satisfy ALL the
* <i>selection</i> criteria defined in <code>filter</code>.
* Returns ALL installed {@link Provider}s if <code>filter</code>
* is <code>null</code> or empty.
* @throws InvalidParameterException
* if an exception is encountered while parsing the syntax of the
* {@link Map}'s <i>keys</i>.
* @see #getProviders(String)
*/
public static Provider[] getProviders(Map filter)
{
if (providers == null || providers.isEmpty())
+229 -298
View File
@@ -45,66 +45,36 @@ import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
/**
* <p>This <code>Signature</code> class is used to provide applications the
* functionality of a digital signature algorithm. Digital signatures are used
* for authentication and integrity assurance of digital data.</p>
*
* <p>The signature algorithm can be, among others, the NIST standard <i>DSS</i>,
* using <i>DSA</i> and <i>SHA-1</i>. The <i>DSA</i> algorithm using the
* <i>SHA-1</i> message digest algorithm can be specified as <code>SHA1withDSA
* </code>. In the case of <i>RSA</i>, there are multiple choices for the
* message digest algorithm, so the signing algorithm could be specified as, for
* example, <code>MD2withRSA</code>, <code>MD5withRSA</code>, or
* <code>SHA1withRSA</code>. The algorithm name must be specified, as there is
* no default.</p>
*
* <p>Like other algorithm-based classes in Java Security, <code>Signature</code>
* provides implementation-independent algorithms, whereby a caller (application
* code) requests a particular signature algorithm and is handed back a properly
* initialized <code>Signature</code> object. It is also possible, if desired,
* to request a particular algorithm from a particular provider. See the
* <code>getInstance()</code> methods.</p>
*
* <p>Thus, there are two ways to request a <code>Signature</code> algorithm
* object: by specifying either just an algorithm name, or both an algorithm
* name and a package provider.</p>
*
* <p>If just an algorithm name is specified, the system will determine if there
* is an implementation of the algorithm requested available in the environment,
* and if there is more than one, if there is a preferred one.</p>
*
* <p>If both an algorithm name and a package provider are specified, the system
* will determine if there is an implementation of the algorithm in the package
* requested, and throw an exception if there is not.</p>
*
* <p>A <code>Signature</code> object can be used to generate and verify digital
* signatures.</p>
*
* <p>There are three phases to the use of a <code>Signature</code> object for
* either signing data or verifying a signature:</p>
*
* <code>Signature</code> is used to provide an interface to digital signature
* algorithms. Digital signatures provide authentication and data integrity of
* digital data.
*
* <p>The GNU provider provides the NIST standard DSA which uses DSA and SHA-1.
* It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature
* algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The
* algorithm must be specified because there is no default.</p>
*
* <p>Signature provides implementation-independent algorithms which are
* requested by the user through the <code>getInstance()<?code> methods. It can
* be requested by specifying just the algorithm name or by specifying both the
* algorithm name and provider name.</p>
*
* <p>The three phases of using <code>Signature</code> are:</p>
*
* <ol>
* <li>Initialization, with either
* <li>Initializing:
* <ul>
* <li>a public key, which initializes the signature for verification
* (see <code>initVerify()</code>), or</li>
* <li>a private key (and optionally a Secure Random Number Generator),
* which initializes the signature for signing (see
* {@link #initSign(PrivateKey)} and {@link #initSign(PrivateKey, SecureRandom)}
* ).</li>
* </ul></li>
* <li>Updating<br/>
* Depending on the type of initialization, this will update the bytes to
* be signed or verified. See the update methods.<br/></li>
* <li>Signing or Verifying a signature on all updated bytes. See the
* <code>sign()</code> methods and the <code>verify()</code> method.</li>
* </ol>
*
* <p>Note that this class is abstract and extends from {@link SignatureSpi} for
* historical reasons. Application developers should only take notice of the
* methods defined in this <code>Signature</code> class; all the methods in the
* superclass are intended for cryptographic service providers who wish to
* supply their own implementations of digital signature algorithms.
* <li>It must be initialized with a private key for signing.</li>
* <li>It must be initialized with a public key for verifying.</li>
* </li>
*
* <li>Updating:
* <p>Update the bytes for signing or verifying with calls to update.</p>
* </li>
*
* <li>Signing or Verify the signature on the currently stored bytes by
* calling sign or verify.</li>
* </ol>
*
* @author Mark Benvenuto (ivymccough@worldnet.att.net)
*/
@@ -114,38 +84,38 @@ public abstract class Signature extends SignatureSpi
private static final String SIGNATURE = "Signature";
/**
* Possible <code>state</code> value, signifying that this signature object
* has not yet been initialized.
* Possible state value which signifies that this instance has not yet been
* initialized.
*/
protected static final int UNINITIALIZED = 0;
// Constructor.
// ------------------------------------------------------------------------
/**
* Possible <code>state</code> value, signifying that this signature object
* has been initialized for signing.
* Possible state value which signifies that this instance has been
* initialized for signing purposes.
*/
protected static final int SIGN = 2;
/**
* Possible <code>state</code> value, signifying that this signature object
* has been initialized for verification.
* Possible state value which signifies that this instance has been
* initialized for verification purposes.
*/
protected static final int VERIFY = 3;
/** Current state of this signature object. */
/** Current sate of this instance. */
protected int state = UNINITIALIZED;
private String algorithm;
Provider provider;
// Constructor.
// ------------------------------------------------------------------------
/**
* Creates a <code>Signature</code> object for the specified algorithm.
*
* @param algorithm the standard string name of the algorithm. See Appendix A
* in the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* Constructs a new <code>Signature</code> instance for a designated digital
* signature algorithm.
*
* @param algorithm
* the algorithm to use.
*/
protected Signature(String algorithm)
{
@@ -154,19 +124,14 @@ public abstract class Signature extends SignatureSpi
}
/**
* Generates a <code>Signature</code> object that implements the specified
* digest algorithm. If the default provider package provides an
* implementation of the requested digest algorithm, an instance of
* <code>Signature</code> containing that implementation is returned. If the
* algorithm is not available in the default package, other packages are
* searched.
*
* @param algorithm the standard name of the algorithm requested. See Appendix
* A in the Java Cryptography Architecture API Specification &amp; Reference
* for information about standard algorithm names.
* @return the new Signature object.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* environment.
* Returns an instance of <code>Signature</code> representing the specified
* signature.
*
* @param algorithm
* the algorithm to use.
* @return a new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by any provider.
*/
public static Signature getInstance(String algorithm)
throws NoSuchAlgorithmException
@@ -188,22 +153,20 @@ public abstract class Signature extends SignatureSpi
}
/**
* Generates a <code>Signature</code> object implementing the specified
* algorithm, as supplied from the specified provider, if such an algorithm
* is available from the provider.
*
* @param algorithm the name of the algorithm requested. See Appendix A in
* the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @param provider the name of the provider.
* @return the new <code>Signature</code> object.
* @throws NoSuchAlgorithmException if the algorithm is not available in the
* package supplied by the requested provider.
* @throws NoSuchProviderException if the provider is not available in the
* environment.
* @throws IllegalArgumentException if the provider name is <code>null</code>
* or empty.
* @see Provider
* Returns an instance of <code>Signature</code> representing the specified
* signature from the named provider.
*
* @param algorithm
* the algorithm to use.
* @param provider
* the name of the provider to use.
* @return a new instance repesenting the desired algorithm.
* @throws IllegalArgumentException if <code>provider</code> is
* <code>null</code> or is an empty string.
* @throws NoSuchProviderException
* if the named provider was not found.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the named provider.
*/
public static Signature getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
@@ -219,22 +182,16 @@ public abstract class Signature extends SignatureSpi
}
/**
* Generates a <code>Signature</code> object implementing the specified
* algorithm, as supplied from the specified provider, if such an algorithm
* is available from the provider. Note: the provider doesn't have to be
* registered.
*
* @param algorithm the name of the algorithm requested. See Appendix A in
* the Java Cryptography Architecture API Specification &amp; Reference for
* information about standard algorithm names.
* @param provider the provider.
* @return the new <code>Signature</code> object.
* @throws NoSuchAlgorithmException if the <code>algorithm</code> is not
* available in the package supplied by the requested <code>provider</code>.
* @throws IllegalArgumentException if the <code>provider</code> is
* <code>null</code>.
* @since 1.4
* @see Provider
* Returns an instance of <code>Signature</code> representing the specified
* signature from the specified {@link Provider}.
*
* @param algorithm
* the algorithm to use.
* @param provider
* the {@link Provider} to use.
* @return a new instance repesenting the desired algorithm.
* @throws NoSuchAlgorithmException
* if the algorithm is not implemented by the {@link Provider}.
*/
public static Signature getInstance(String algorithm, Provider provider)
throws NoSuchAlgorithmException
@@ -271,9 +228,9 @@ public abstract class Signature extends SignatureSpi
}
/**
* Returns the provider of this signature object.
*
* @return the provider of this signature object.
* Returns the {@link Provider} of this instance.
*
* @return the {@link Provider} of this instance.
*/
public final Provider getProvider()
{
@@ -281,12 +238,12 @@ public abstract class Signature extends SignatureSpi
}
/**
* Initializes this object for verification. If this method is called again
* with a different argument, it negates the effect of this call.
*
* @param publicKey the public key of the identity whose signature is going
* to be verified.
* @throws InvalidKeyException if the key is invalid.
* Initializes this instance with the public key for verification purposes.
*
* @param publicKey
* the public key to verify with.
* @throws InvalidKeyException
* if the key is invalid.
*/
public final void initVerify(PublicKey publicKey) throws InvalidKeyException
{
@@ -295,20 +252,16 @@ public abstract class Signature extends SignatureSpi
}
/**
* <p>Initializes this object for verification, using the public key from the
* given certificate.</p>
*
* <p>If the certificate is of type <i>X.509</i> and has a <i>key usage</i>
* extension field marked as <i>critical</i>, and the value of the <i>key
* usage</i> extension field implies that the public key in the certificate
* and its corresponding private key are not supposed to be used for digital
* signatures, an {@link InvalidKeyException} is thrown.</p>
*
* @param certificate the certificate of the identity whose signature is
* going to be verified.
* @throws InvalidKeyException if the public key in the certificate is not
* encoded properly or does not include required parameter information or
* cannot be used for digital signature purposes.
* Verify a signature with a designated {@link Certificate}. This is a FIPS
* 140-1 compatible method since it verifies a signature with a certificate.
*
* <p>If the {@link Certificate} is an X.509 one, has a <i>KeyUsage</i>
* parameter and that parameter indicates this key is not to be used for
* signing then an exception is thrown.</p>
*
* @param certificate
* a {@link Certificate} containing a public key to verify with.
* @throws InvalidKeyException if the key is invalid.
*/
public final void initVerify(Certificate certificate)
throws InvalidKeyException
@@ -326,12 +279,12 @@ public abstract class Signature extends SignatureSpi
}
/**
* Initialize this object for signing. If this method is called again with a
* different argument, it negates the effect of this call.
*
* @param privateKey the private key of the identity whose signature is going
* to be generated.
* @throws InvalidKeyException if the key is invalid.
* Initializes this class with the private key for signing purposes.
*
* @param privateKey
* the private key to sign with.
* @throws InvalidKeyException
* if the key is invalid.
*/
public final void initSign(PrivateKey privateKey) throws InvalidKeyException
{
@@ -340,13 +293,15 @@ public abstract class Signature extends SignatureSpi
}
/**
* Initialize this object for signing. If this method is called again with a
* different argument, it negates the effect of this call.
*
* @param privateKey the private key of the identity whose signature is going
* to be generated.
* @param random the source of randomness for this signature.
* @throws InvalidKeyException if the key is invalid.
* Initializes this class with the private key and source of randomness for
* signing purposes.
*
* @param privateKey
* the private key to sign with.
* @param random
* the {@link SecureRandom} to use.
* @throws InvalidKeyException
* if the key is invalid.
*/
public final void initSign(PrivateKey privateKey, SecureRandom random)
throws InvalidKeyException
@@ -356,18 +311,12 @@ public abstract class Signature extends SignatureSpi
}
/**
* <p>Returns the signature bytes of all the data updated. The format of the
* signature depends on the underlying signature scheme.</p>
*
* <p>A call to this method resets this signature object to the state it was
* in when previously initialized for signing via a call to
* <code>initSign(PrivateKey)</code>. That is, the object is reset and
* available to generate another signature from the same signer, if desired,
* via new calls to <code>update()</code> and <code>sign()</code>.</p>
*
* @return the signature bytes of the signing operation's result.
* @throws SignatureException if this signature object is not initialized
* properly.
* Returns the signature bytes of all the data fed to this instance. The
* format of the output depends on the underlying signature algorithm.
*
* @return the signature bytes.
* @throws SignatureException
* if the engine is not properly initialized.
*/
public final byte[] sign() throws SignatureException
{
@@ -378,21 +327,27 @@ public abstract class Signature extends SignatureSpi
}
/**
* <p>Finishes the signature operation and stores the resulting signature
* bytes in the provided buffer <code>outbuf</code>, starting at <code>offset
* </code>. The format of the signature depends on the underlying signature
* scheme.</p>
*
* <p>This signature object is reset to its initial state (the state it was
* in after a call to one of the <code>initSign()</code> methods) and can be
* reused to generate further signatures with the same private key.</p>
*
* @param outbuf buffer for the signature result.
* @param offset offset into outbuf where the signature is stored.
* @param len number of bytes within outbuf allotted for the signature.
* @return the number of bytes placed into outbuf.
* @throws SignatureException if an error occurs or len is less than the
* actual signature length.
* Generates signature bytes of all the data fed to this instance and stores
* it in the designated array. The format of the result depends on the
* underlying signature algorithm.
*
* <p>After calling this method, the instance is reset to its initial state
* and can then be used to generate additional signatures.</p>
*
* <p><b>IMPLEMENTATION NOTE:</b> Neither this method nor the GNU provider
* will return partial digests. If <code>len</code> is less than the
* signature length, this method will throw a {@link SignatureException}. If
* it is greater than or equal then it is ignored.</p>
*
* @param outbuf
* array of bytes of where to store the resulting signature bytes.
* @param offset
* the offset to start at in the array.
* @param len
* the number of the bytes to use in the array.
* @return the real number of bytes used.
* @throws SignatureException
* if the engine is not properly initialized.
* @since 1.2
*/
public final int sign(byte[] outbuf, int offset, int len)
@@ -405,20 +360,14 @@ public abstract class Signature extends SignatureSpi
}
/**
* <p>Verifies the passed-in signature.</p>
*
* <p>A call to this method resets this signature object to the state it was
* in when previously initialized for verification via a call to
* <code>initVerify(PublicKey)</code>. That is, the object is reset and
* available to verify another signature from the identity whose public key
* was specified in the call to <code>initVerify()</code>.</p>
*
* @param signature the signature bytes to be verified.
* @return <code>true</code> if the signature was verified, <code>false</code>
* if not.
* @throws SignatureException if this signature object is not initialized
* properly, or the passed-in signature is improperly encoded or of the wrong
* type, etc.
* Verifies a designated signature.
*
* @param signature
* the signature bytes to verify.
* @return <code>true</code> if verified, <code>false</code> otherwise.
* @throws SignatureException
* if the engine is not properly initialized or the signature does
* not check.
*/
public final boolean verify(byte[]signature) throws SignatureException
{
@@ -429,28 +378,24 @@ public abstract class Signature extends SignatureSpi
}
/**
* <p>Verifies the passed-in <code>signature</code> in the specified array of
* bytes, starting at the specified <code>offset</code>.</p>
*
* <p>A call to this method resets this signature object to the state it was
* in when previously initialized for verification via a call to
* <code>initVerify(PublicKey)</code>. That is, the object is reset and
* available to verify another signature from the identity whose public key
* was specified in the call to <code>initVerify()</code>.</p>
*
* @param signature the signature bytes to be verified.
* @param offset the offset to start from in the array of bytes.
* @param length the number of bytes to use, starting at offset.
* @return <code>true</code> if the signature was verified, <code>false</code>
* if not.
* @throws SignatureException if this signature object is not initialized
* properly, or the passed-in <code>signature</code> is improperly encoded or
* of the wrong type, etc.
* @throws IllegalArgumentException if the <code>signature</code> byte array
* is <code>null</code>, or the <code>offset</code> or <code>length</code> is
* less than <code>0</code>, or the sum of the <code>offset</code> and
* <code>length</code> is greater than the length of the <code>signature</code>
* byte array.
* Verifies a designated signature.
*
* @param signature
* the signature bytes to verify.
* @param offset
* the offset to start at in the array.
* @param length
* the number of the bytes to use from the array.
* @return <code>true</code> if verified, <code>false</code> otherwise.
* @throws IllegalArgumentException
* if the <code>signature</code> byte array is <code>null</code>,
* or the <code>offset</code> or <code>length</code> is less
* than <code>0</code>, or the sum of the <code>offset</code>
* and <code>length</code> is greater than the length of the
* <code>signature</code> byte array.
* @throws SignatureException
* if the engine is not properly initialized or the signature does
* not check.
*/
public final boolean verify(byte[] signature, int offset, int length)
throws SignatureException
@@ -471,11 +416,12 @@ public abstract class Signature extends SignatureSpi
}
/**
* Updates the data to be signed or verified by a byte.
*
* @param b the byte to use for the update.
* @throws SignatureException if this signature object is not initialized
* properly.
* Updates the data to be signed or verified with the specified byte.
*
* @param b
* the byte to update with.
* @throws SignatureException
* if the engine is not properly initialized.
*/
public final void update(byte b) throws SignatureException
{
@@ -486,12 +432,12 @@ public abstract class Signature extends SignatureSpi
}
/**
* Updates the data to be signed or verified, using the specified array of
* bytes.
*
* @param data the byte array to use for the update.
* @throws SignatureException if this signature object is not initialized
* properly.
* Updates the data to be signed or verified with the specified bytes.
*
* @param data
* the array of bytes to use.
* @throws SignatureException
* if the engine is not properly initialized.
*/
public final void update(byte[]data) throws SignatureException
{
@@ -502,14 +448,16 @@ public abstract class Signature extends SignatureSpi
}
/**
* Updates the data to be signed or verified, using the specified array of
* bytes, starting at the specified offset.
*
* @param data the array of bytes.
* @param off the offset to start from in the array of bytes.
* @param len the number of bytes to use, starting at offset.
* @throws SignatureException if this signature object is not initialized
* properly.
* Updates the data to be signed or verified with the specified bytes.
*
* @param data
* an array of bytes to use.
* @param off
* the offset to start at in the array.
* @param len
* the number of bytes to use from the array.
* @throws SignatureException
* if the engine is not properly initialized.
*/
public final void update(byte[]data, int off, int len)
throws SignatureException
@@ -521,9 +469,10 @@ public abstract class Signature extends SignatureSpi
}
/**
* Returns the name of the algorithm for this signature object.
*
* @return the name of the algorithm for this signature object.
* Returns the name of the algorithm currently used. The names of algorithms
* are usually SHA/DSA or SHA/RSA.
*
* @return name of algorithm.
*/
public final String getAlgorithm()
{
@@ -531,11 +480,9 @@ public abstract class Signature extends SignatureSpi
}
/**
* Returns a string representation of this signature object, providing
* information that includes the state of the object and the name of the
* algorithm used.
*
* @return a string representation of this signature object.
* Returns a rstring representation of this instance.
*
* @return a rstring representation of this instance.
*/
public String toString()
{
@@ -543,22 +490,16 @@ public abstract class Signature extends SignatureSpi
}
/**
* Sets the specified algorithm parameter to the specified value. This method
* supplies a general-purpose mechanism through which it is possible to set
* the various parameters of this object. A parameter may be any settable
* parameter for the algorithm, such as a parameter size, or a source of
* random bits for signature generation (if appropriate), or an indication of
* whether or not to perform a specific but optional computation. A uniform
* algorithm-specific naming scheme for each parameter is desirable but left
* unspecified at this time.
*
* @param param the string identifier of the parameter.
* @param value the parameter value.
* @throws InvalidParameterException if param is an invalid parameter for this
* signature algorithm engine, the parameter is already set and cannot be set
* again, a security exception occurs, and so on.
* @see #getParameter(String)
* @deprecated Use setParameter(AlgorithmParameterSpec).
* Sets the specified algorithm parameter to the specified value.
*
* @param param
* the parameter name.
* @param value
* the parameter value.
* @throws InvalidParameterException
* if the parameter is invalid, the parameter is already set and
* can not be changed, a security exception occured, etc.
* @deprecated use the other setParameter
*/
public final void setParameter(String param, Object value)
throws InvalidParameterException
@@ -567,12 +508,16 @@ public abstract class Signature extends SignatureSpi
}
/**
* Initializes this signature engine with the specified parameter set.
*
* @param params the parameters.
* @throws InvalidAlgorithmParameterException if the given parameters are
* inappropriate for this signature engine.
* @see #getParameters()
* Sets the signature engine with the specified {@link AlgorithmParameterSpec}.
*
* <p>By default, and unless overriden by the concrete SPI, this method always
* throws an {@link UnsupportedOperationException}.</p>
*
* @param params
* the parameters to use for intializing this instance.
* @throws InvalidParameterException
* if the parameter is invalid, the parameter is already set and
* cannot be changed, a security exception occured, etc.
*/
public final void setParameter(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
@@ -581,17 +526,11 @@ public abstract class Signature extends SignatureSpi
}
/**
* <p>Returns the parameters used with this signature object.</p>
*
* <p>The returned parameters may be the same that were used to initialize
* this signature, or may contain a combination of default and randomly
* generated parameter values used by the underlying signature implementation
* if this signature requires algorithm parameters but was not initialized
* with any.
*
* @return the parameters used with this signature, or <code>null</code> if
* this signature does not use any parameters.
* @see #setParameter(AlgorithmParameterSpec)
* Return the parameters of the algorithm used in this instance as an
* {@link AlgorithmParameters}.
*
* @return the parameters used with this instance, or <code>null</code> if
* this instance does not use any parameters.
*/
public final AlgorithmParameters getParameters()
{
@@ -599,22 +538,14 @@ public abstract class Signature extends SignatureSpi
}
/**
* Gets the value of the specified algorithm parameter. This method supplies
* a general-purpose mechanism through which it is possible to get the various
* parameters of this object. A parameter may be any settable parameter for
* the algorithm, such as a parameter size, or a source of random bits for
* signature generation (if appropriate), or an indication of whether or not
* to perform a specific but optional computation. A uniform
* algorithm-specific naming scheme for each parameter is desirable but left
* unspecified at this time.
*
* @param param the string name of the parameter.
* @return the object that represents the parameter value, or null if there
* is none.
* @throws InvalidParameterException if param is an invalid parameter for this
* engine, or another exception occurs while trying to get this parameter.
* @see #setParameter(String, Object)
* @deprecated
* Returns the value for the specified algorithm parameter.
*
* @param param
* the parameter name.
* @return the parameter value.
* @throws InvalidParameterException
* if the parameter is invalid.
* @deprecated use the other getParameter
*/
public final Object getParameter(String param)
throws InvalidParameterException
@@ -623,11 +554,11 @@ public abstract class Signature extends SignatureSpi
}
/**
* Returns a clone if the implementation is cloneable.
*
* @return a clone if the implementation is cloneable.
* @throws CloneNotSupportedException if this is called on an implementation
* that does not support {@link Cloneable}.
* Returns a clone of this instance.
*
* @return a clone of this instace.
* @throws CloneNotSupportedException
* if the implementation does not support cloning.
*/
public Object clone() throws CloneNotSupportedException
{
@@ -1,5 +1,5 @@
/* SignatureException.java -- Generic error in signature
Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -67,4 +67,26 @@ public class SignatureException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public SignatureException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public SignatureException(Throwable cause)
{
super(cause);
}
}
+139 -151
View File
@@ -40,14 +40,10 @@ package java.security;
import java.security.spec.AlgorithmParameterSpec;
/**
* <p>This class defines the <i>Service Provider Interface (SPI)</i> for the
* {@link Signature} class, which is used to provide the functionality of a
* <code>SignatureSpi</code> defines the Service Provider Interface (SPI) for
* the {@link Signature} class. The signature class provides an interface to a
* digital signature algorithm. Digital signatures are used for authentication
* and integrity assurance of digital data.</p>
*
* <p>All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation of a
* particular signature algorithm.
* and integrity of data.
*
* @author Mark Benvenuto (ivymccough@worldnet.att.net)
* @since 1.2
@@ -55,50 +51,51 @@ import java.security.spec.AlgorithmParameterSpec;
*/
public abstract class SignatureSpi
{
/** Application-specified source of randomness. */
/** Source of randomness. */
protected SecureRandom appRandom;
/**
* Creates a new instance of <code>SignatureSpi</code>.
*/
public SignatureSpi()
{
appRandom = null;
}
/**
* Initializes this signature object with the specified public key for
* verification operations.
*
* @param publicKey the public key of the identity whose signature is going
* to be verified.
* @throws InvalidKeyException if the key is improperly encoded, parameters
* are missing, and so on.
* Initializes this instance with the public key for verification purposes.
*
* @param publicKey
* the public key to verify with.
* @throws InvalidKeyException
* if the key is invalid.
*/
protected abstract void engineInitVerify(PublicKey publicKey)
throws InvalidKeyException;
/**
* Initializes this signature object with the specified private key for
* signing operations.
*
* @param privateKey the private key of the identity whose signature will be
* generated.
* @throws InvalidKeyException if the key is improperly encoded, parameters
* are missing, and so on.
* Initializes this instance with the private key for signing purposes.
*
* @param privateKey
* the private key to sign with.
* @throws InvalidKeyException
* if the key is invalid.
*/
protected abstract void engineInitSign(PrivateKey privateKey)
throws InvalidKeyException;
/**
* <p>Initializes this signature object with the specified private key and
* source of randomness for signing operations.</p>
*
* <p>This concrete method has been added to this previously-defined abstract
* class. (For backwards compatibility, it cannot be abstract.)</p>
*
* @param privateKey the private key of the identity whose signature will be
* generated.
* @param random the source of randomness.
* @throws InvalidKeyException if the key is improperly encoded, parameters
* are missing, and so on.
* Initializes this instance with the private key and source of randomness for
* signing purposes.
*
* <p>This method cannot be abstract for backward compatibility reasons.</p>
*
* @param privateKey
* the private key to sign with.
* @param random
* the {@link SecureRandom} to use.
* @throws InvalidKeyException
* if the key is invalid.
* @since 1.2
*/
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
@@ -109,57 +106,63 @@ public abstract class SignatureSpi
}
/**
* Updates the data to be signed or verified using the specified byte.
*
* @param b the byte to use for the update.
* @throws SignatureException if the engine is not initialized properly.
* Updates the data to be signed or verified with the specified byte.
*
* @param b
* byte to update with.
* @throws SignatureException
* if the engine is not properly initialized.
*/
protected abstract void engineUpdate(byte b) throws SignatureException;
/**
* Updates the data to be signed or verified, using the specified array of
* bytes, starting at the specified offset.
*
* @param b the array of bytes.
* @param off the offset to start from in the array of bytes.
* @param len the number of bytes to use, starting at offset.
* @throws SignatureException if the engine is not initialized properly.
* Updates the data to be signed or verified with the specified bytes.
*
* @param b
* the array of bytes to use.
* @param off
* the offset to start at in the array.
* @param len
* the number of the bytes to use from the array.
* @throws SignatureException
* if the engine is not properly initialized.
*/
protected abstract void engineUpdate(byte[] b, int off, int len)
throws SignatureException;
/**
* Returns the signature bytes of all the data updated so far. The format of
* the signature depends on the underlying signature scheme.
*
* @return the signature bytes of the signing operation's result.
* @throws SignatureException if the engine is not initialized properly.
* Returns the signature bytes of all the data fed to this instance. The
* format of the output depends on the underlying signature algorithm.
*
* @return the signature bytes.
* @throws SignatureException
* if the engine is not properly initialized.
*/
protected abstract byte[] engineSign() throws SignatureException;
/**
* <p>Finishes this signature operation and stores the resulting signature
* bytes in the provided buffer <code>outbuf</code>, starting at <code>offset
* </code>. The format of the signature depends on the underlying signature
* scheme.</p>
*
* <p>The signature implementation is reset to its initial state (the state it
* was in after a call to one of the <code>engineInitSign()</code> methods)
* and can be reused to generate further signatures with the same private key.
* This method should be abstract, but we leave it concrete for binary
* compatibility. Knowledgeable providers should override this method.</p>
*
* @param outbuf buffer for the signature result.
* @param offset offset into outbuf where the signature is stored.
* @param len number of bytes within outbuf allotted for the signature. Both
* this default implementation and the <b>GNU</b> provider do not return
* partial digests. If the value of this parameter is less than the actual
* signature length, this method will throw a {@link SignatureException}. This
* parameter is ignored if its value is greater than or equal to the actual
* signature length.
* @return the number of bytes placed into <code>outbuf</code>.
* @throws SignatureException if an error occurs or len is less than the
* actual signature length.
* Generates signature bytes of all the data fed to this instance and stores
* the result in the designated array. The format of the output depends on
* the underlying signature algorithm.
*
* <p>This method cannot be abstract for backward compatibility reasons.
* After calling this method, the signature is reset to its initial state and
* can be used to generate additional signatures.</p>
*
* <p><b>IMPLEMENTATION NOTE:</b>: Neither this method nor the GNU provider
* will return partial digests. If <code>len</code> is less than the
* signature length, this method will throw a {@link SignatureException}. If
* it is greater than or equal then it is ignored.</p>
*
* @param outbuf
* the array of bytes to store the result in.
* @param offset
* the offset to start at in the array.
* @param len
* the number of the bytes to use in the array.
* @return the real number of bytes used.
* @throws SignatureException
* if the engine is not properly initialized.
* @since 1.2
*/
protected int engineSign(byte[] outbuf, int offset, int len)
@@ -174,31 +177,32 @@ public abstract class SignatureSpi
}
/**
* Verifies the passed-in signature.
*
* @param sigBytes the signature bytes to be verified.
* @return <code>true</code> if the signature was verified, <code>false</code>
* if not.
* @throws SignatureException if the engine is not initialized properly, or
* the passed-in signature is improperly encoded or of the wrong type, etc.
* Verifies a designated signature.
*
* @param sigBytes
* the signature bytes to verify.
* @return <code>true</code> if verified, <code>false</code> otherwise.
* @throws SignatureException
* if the engine is not properly initialized or if it is the wrong
* signature.
*/
protected abstract boolean engineVerify(byte[] sigBytes)
throws SignatureException;
/**
* <p>Verifies the passed-in <code>signature</code> in the specified array of
* bytes, starting at the specified <code>offset</code>.</p>
*
* <p>Note: Subclasses should overwrite the default implementation.</p>
*
* @param sigBytes the signature bytes to be verified.
* @param offset the offset to start from in the array of bytes.
* @param length the number of bytes to use, starting at offset.
* @return <code>true</code> if the signature was verified, <code>false</code>
* if not.
* @throws SignatureException if the engine is not initialized properly, or
* the passed-in <code>signature</code> is improperly encoded or of the wrong
* type, etc.
* Convenience method which calls the method with the same name and one
* argument after copying the designated bytes into a temporary byte array.
* Subclasses may override this method for performance reasons.
*
* @param sigBytes
* the array of bytes to use.
* @param offset
* the offset to start from in the array of bytes.
* @param length
* the number of bytes to use, starting at offset.
* @return <code>true</code> if verified, <code>false</code> otherwise.
* @throws SignatureException
* if the engine is not properly initialized.
*/
protected boolean engineVerify(byte[] sigBytes, int offset, int length)
throws SignatureException
@@ -209,35 +213,32 @@ public abstract class SignatureSpi
}
/**
* Sets the specified algorithm parameter to the specified value. This method
* supplies a general-purpose mechanism through which it is possible to set
* the various parameters of this object. A parameter may be any settable
* parameter for the algorithm, such as a parameter size, or a source of
* random bits for signature generation (if appropriate), or an indication of
* whether or not to perform a specific but optional computation. A uniform
* algorithm-specific naming scheme for each parameter is desirable but left
* unspecified at this time.
*
* @param param the string identifier of the parameter.
* @param value the parameter value.
* @throws InvalidParameterException if <code>param</code> is an invalid
* parameter for this signature algorithm engine, the parameter is already set
* and cannot be set again, a security exception occurs, and so on.
* @deprecated Replaced by engineSetParameter(AlgorithmParameterSpec).
* Sets the specified algorithm parameter to the specified value.
*
* @param param
* the parameter name.
* @param value
* the parameter value.
* @throws InvalidParameterException
* if the parameter invalid, the parameter is already set and
* cannot be changed, a security exception occured, etc.
* @deprecated use the other setParameter.
*/
protected abstract void engineSetParameter(String param, Object value)
throws InvalidParameterException;
/**
* This method is overridden by providers to initialize this signature engine
* with the specified parameter set.
*
* @param params the parameters.
* @throws UnsupportedOperationException if this method is not overridden by
* a provider.
* @throws InvalidAlgorithmParameterException if this method is overridden by
* a provider and the the given parameters are inappropriate for this
* signature engine.
* Sets the signature engine with the specified {@link AlgorithmParameterSpec}.
*
* <p>This method cannot be abstract for backward compatibility reasons. By
* default it always throws {@link UnsupportedOperationException} unless
* overridden.</p>
*
* @param params
* the parameters.
* @throws InvalidParameterException
* if the parameter is invalid, the parameter is already set and
* cannot be changed, a security exception occured, etc.
*/
protected void engineSetParameter(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
@@ -246,20 +247,16 @@ public abstract class SignatureSpi
}
/**
* <p>This method is overridden by providers to return the parameters used
* with this signature engine, or <code>null</code> if this signature engine
* does not use any parameters.</p>
*
* <p>The returned parameters may be the same that were used to initialize
* this signature engine, or may contain a combination of default and randomly
* generated parameter values used by the underlying signature implementation
* if this signature engine requires algorithm parameters but was not
* initialized with any.</p>
*
* @return the parameters used with this signature engine, or <code>null</code>
* if this signature engine does not use any parameters.
* @throws UnsupportedOperationException if this method is not overridden by
* a provider.
* The default implementaion of this method always throws a
* {@link UnsupportedOperationException}. It MUST be overridden by concrete
* implementations to return the appropriate {@link AlgorithmParameters} for
* this signature engine (or <code>null</code> when that engine does not use
* any parameters.
*
* @return the parameters used with this signature engine, or
* <code>null</code> if it does not use any parameters.
* @throws UnsupportedOperationException
* always.
*/
protected AlgorithmParameters engineGetParameters()
{
@@ -267,33 +264,24 @@ public abstract class SignatureSpi
}
/**
* Gets the value of the specified algorithm parameter. This method supplies
* a general-purpose mechanism through which it is possible to get the various
* parameters of this object. A parameter may be any settable parameter for
* the algorithm, such as a parameter size, or a source of random bits for
* signature generation (if appropriate), or an indication of whether or not
* to perform a specific but optional computation. A uniform algorithm-specific
* naming scheme for each parameter is desirable but left unspecified at this
* time.
*
* @param param the string name of the parameter.
* @return the object that represents the parameter value, or <code>null</code>
* if there is none.
* @throws InvalidParameterException if <code>param</code> is an invalid
* parameter for this engine, or another exception occurs while trying to get
* this parameter.
* @deprecated
* Returns the value for the specified algorithm parameter.
*
* @param param
* the parameter name.
* @return the parameter value.
* @throws InvalidParameterException
* if the parameter is invalid.
* @deprecated use the other getParameter
*/
protected abstract Object engineGetParameter(String param)
throws InvalidParameterException;
/**
* Returns a clone if the implementation is cloneable.
*
* @return a clone if the implementation is cloneable.
* @throws CloneNotSupportedException if this is called on an implementation
* that does not support {@link Cloneable}.
* @see Cloneable
* Returns a clone of this instance.
*
* @return a clone of this instance.
* @throws CloneNotSupportedException
* if the implementation does not support cloning.
*/
public Object clone() throws CloneNotSupportedException
{
+70 -107
View File
@@ -46,82 +46,34 @@ import java.io.ObjectOutputStream;
import java.io.Serializable;
/**
* <p><code>SignedObject</code> is a class for the purpose of creating authentic
* runtime objects whose integrity cannot be compromised without being detected.
* </p>
*
* <p>More specifically, a <code>SignedObject</code> contains another
* {@link Serializable} object, the (to-be-)signed object and its signature.</p>
*
* <p>The signed object is a <i>"deep copy"</i> (in serialized form) of an
* original object. Once the copy is made, further manipulation of the original
* object has no side effect on the copy.</p>
*
* <p>The underlying signing algorithm is designated by the {@link Signature}
* object passed to the constructor and the <code>verify()</code> method. A
* typical usage for signing is the following:</p>
*
* <pre>
* Signature signingEngine = Signature.getInstance(algorithm, provider);
* SignedObject so = new SignedObject(myobject, signingKey, signingEngine);
* </pre>
*
* <p>A typical usage for verification is the following (having received
* <code>SignedObject</code> so):</p>
*
* <pre>
* Signature verificationEngine = Signature.getInstance(algorithm, provider);
* if (so.verify(publickey, verificationEngine))
* try
* {
* Object myobj = so.getObject();
* }
* catch (ClassNotFoundException ignored) {};
* </pre>
*
* <p>Several points are worth noting. First, there is no need to initialize the
* signing or verification engine, as it will be re-initialized inside the
* constructor and the <code>verify()</code> method. Secondly, for verification
* to succeed, the specified public key must be the public key corresponding to
* the private key used to generate the <code>SignedObject</code>.</p>
*
* <p>More importantly, for flexibility reasons, the <code>constructor</code>
* and <code>verify()</code> method allow for customized signature engines,
* which can implement signature algorithms that are not installed formally as
* part of a crypto provider. However, it is crucial that the programmer writing
* the verifier code be aware what {@link Signature} engine is being used, as
* its own implementation of the <code>verify()</code> method is invoked to
* verify a signature. In other words, a malicious {@link Signature} may choose
* to always return <code>true</code> on verification in an attempt to bypass a
* security check.</p>
*
* <p>The signature algorithm can be, among others, the NIST standard <i>DSS</i>,
* using <i>DSA</i> and <i>SHA-1</i>. The algorithm is specified using the same
* convention as that for signatures. The <i>DSA</i> algorithm using the
* <i>SHA-1</i> message digest algorithm can be specified, for example, as
* <code>"SHA/DSA"</code> or <code>"SHA-1/DSA"</code> (they are equivalent). In
* the case of <i>RSA</i>, there are multiple choices for the message digest
* algorithm, so the signing algorithm could be specified as, for example,
* <code>"MD2/RSA"</code>, <code>"MD5/RSA"</code> or <code>"SHA-1/RSA"</code>.
* The algorithm name must be specified, as there is no default.</p>
*
* <p>The name of the Cryptography Package Provider is designated also by the
* {@link Signature} parameter to the <code>constructor</code> and the <code>
* verify()</code> method. If the provider is not specified, the default
* provider is used. Each installation can be configured to use a particular
* provider as default.</p>
*
* <p>Potential applications of <code>SignedObject</code> include:</p>
*
* <ul>
* <li>It can be used internally to any Java runtime as an unforgeable
* authorization token -- one that can be passed around without the fear that
* the token can be maliciously modified without being detected.</li>
* <li>It can be used to sign and serialize data/object for storage outside the
* Java runtime (e.g., storing critical access control data on disk).</li>
* <li>Nested <i>SignedObjects</i> can be used to construct a logical sequence
* of signatures, resembling a chain of authorization and delegation.</li>
* </ul>
* <code>SignedObject</code> is used for storing runtime objects whose
* integrity cannot be compromised without being detected.
*
* <p><code>SignedObject</code> contains a {@link Serializable} object which is
* yet to be signed and a digital signature of that object.</p>
*
* <p>The signed copy is a "deep copy" (in serialized form) of an original
* object. Any changes to that original instance are not reflected in the
* enclosed copy inside this <code>SignedObject</code>.</p>
*
* <p>Several things to note are that, first there is no need to initialize the
* signature engine as this class will handle that automatically. Second,
* verification will only succeed if the public key corresponds to the private
* key used to generate the digital signature inside this
* <code>SignedObject</code>.</p>
*
* <p>For fexibility, the signature engine can be specified in the constructor
* or the <code>verify()</code> method. Programmers wishing to verify
* <code>SignedObject</code>s should be aware of the {@link Signature} engine
* they use. A malicious or flawed {@link Signature} implementation may always
* return true on verification thus circumventing the intended secrity check
* provided by the <code>SignedObject</code>.</p>
*
* <p>The GNU security provider offers an implementation of the standard NIST
* DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA",
* "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it
* could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be
* specified because there is no default.</p>
*
* @author Mark Benvenuto (ivymccough@worldnet.att.net)
* @since 1.2
@@ -139,16 +91,22 @@ public final class SignedObject implements Serializable
private String thealgorithm;
/**
* Constructs a <code>SignedObject</code> from any {@link Serializable}
* object. The given object is signed with the given signing key, using the
* designated signature engine.
*
* @param object the object to be signed.
* @param signingKey the private key for signing.
* @param signingEngine the signature signing engine.
* @throws IOException if an error occurs during serialization.
* @throws InvalidKeyException if the key is invalid.
* @throws SignatureException if signing fails.
* Constructs a new instance of <code>SignedObject</code> from a
* {@link Serializable} object. The object is signed with a designated
* private key and a signature engine.
*
* @param object
* the object to sign.
* @param signingKey
* the key to use.
* @param signingEngine
* the signature engine to use.
* @throws IOException
* if a serialization error occurred.
* @throws InvalidKeyException
* if the key is invalid.
* @throws SignatureException
* if a signing error occurs.
*/
public SignedObject(Serializable object, PrivateKey signingKey,
Signature signingEngine)
@@ -170,12 +128,14 @@ public final class SignedObject implements Serializable
}
/**
* Retrieves the encapsulated object. The encapsulated object is de-serialized
* before it is returned.
*
* Returns the encapsulated object. The object is de-serialized before being
* returned.
*
* @return the encapsulated object.
* @throws IOException if an error occurs during de-serialization.
* @throws ClassNotFoundException if an error occurs during de-serialization.
* @throws IOException
* if a de-serialization error occurs.
* @throws ClassNotFoundException
* if the encapsulated object's class was not found.
*/
public Object getObject() throws IOException, ClassNotFoundException
{
@@ -189,9 +149,9 @@ public final class SignedObject implements Serializable
}
/**
* Retrieves the signature on the signed object, in the form of a byte array.
*
* @return a copy of the signature.
* Returns the signature bytes of the encapsulated object.
*
* @return the signature bytes of the encapsulated object.
*/
public byte[] getSignature()
{
@@ -200,9 +160,9 @@ public final class SignedObject implements Serializable
}
/**
* Retrieves the name of the signature algorithm.
*
* @return the signature algorithm name.
* Returns the name of the signature algorithm.
*
* @return the name of the signature algorithm.
*/
public String getAlgorithm()
{
@@ -210,16 +170,19 @@ public final class SignedObject implements Serializable
}
/**
* Verifies that the signature in this <code>SignedObject</code> is the valid
* signature for the object stored inside, with the given verification key,
* using the designated verification engine.
*
* @param verificationKey the public key for verification.
* @param verificationEngine the signature verification engine.
* @return <code>true</code> if the signature is valid, <code>false</code>
* otherwise.
* @throws SignatureException if signature verification failed.
* @throws InvalidKeyException if the verification key is invalid.
* Verifies the encapsulated digital signature by checking that it was
* generated by the owner of a designated public key.
*
* @param verificationKey
* the public key to use.
* @param verificationEngine
* the signature engine to use.
* @return <code>true</code> if signature is correct, <code>false</code>
* otherwise.
* @throws InvalidKeyException
* if the key is invalid.
* @throws SignatureException
* if verification fails.
*/
public boolean verify(PublicKey verificationKey, Signature verificationEngine)
throws InvalidKeyException, SignatureException
+38 -54
View File
@@ -38,35 +38,29 @@ exception statement from your version. */
package java.security;
/**
* <p>This class is used to represent an {@link Identity} that can also
* digitally sign data.</p>
*
* <p>The management of a signer's private keys is an important and sensitive
* issue that should be handled by subclasses as appropriate to their intended
* use.</p>
* <code>Signer</code> is a subclass of {@link Identity}. It is used to store a
* digital signature key with an <i>Identity</i>.
*
* @author Mark Benvenuto (ivymccough@worldnet.att.net)
* @deprecated This class is no longer used. Its functionality has been replaced
* by <code>java.security.KeyStore</code>, the <code>java.security.cert</code>
* package, and <code>java.security.Principal</code>.
* @deprecated Replaced by <code>java.security.KeyStore</code>, the
* <code>java.security.cert</code> package, and <code>java.security.Principal</code>.
*/
public abstract class Signer extends Identity
{
private static final long serialVersionUID = -1763464102261361480L;
private PrivateKey privateKey = null;
/**
* Creates a <code>Signer</code>. This constructor should only be used for
* serialization.
*/
/** Trivial constructor for serialization purposes. */
protected Signer()
{
}
/**
* Creates a <code>Signer</code> with the specified identity name.
*
* @param name the identity name.
* Constructs a new instance of <code>Signer</code> with the specified
* identity name.
*
* @param name
* the name of the identity to use.
*/
public Signer(String name)
{
@@ -74,12 +68,16 @@ public abstract class Signer extends Identity
}
/**
* Creates a <code>Signer</code> with the specified identity name and scope.
*
* @param name the identity name.
* @param scope the scope of the identity.
* @throws KeyManagementException if there is already an identity with the
* same name in the scope.
* Constructs a new instance of <code>Signer</code> with the specified
* identity name and {@link IdentityScope}.
*
* @param name
* the name of the the identity to use.
* @param scope
* the {@link IdentityScope} to use.
* @throws KeyManagementException
* if a duplicate identity <code>name</code> exists within
* <code>scope</code>.
*/
public Signer(String name, IdentityScope scope) throws KeyManagementException
{
@@ -87,18 +85,12 @@ public abstract class Signer extends Identity
}
/**
* <p>Returns this signer's private key.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"getSignerPrivateKey"</code> as its
* argument to see if it's ok to return the private key.</p>
*
* @return this signer's private key, or <code>null</code> if the private key
* has not yet been set.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow returning the
* private key.
* @see SecurityManager#checkSecurityAccess(String)
* Returns the private key of this <code>Signer</code>.
*
* @returns the private key of this <code>Signer</code>.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public PrivateKey getPrivateKey()
{
@@ -110,20 +102,17 @@ public abstract class Signer extends Identity
}
/**
* <p>Sets the key pair (public key and private key) for this signer.</p>
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess()
* </code> method is called with <code>"setSignerKeyPair"</code> as its
* argument to see if it's ok to set the key pair.</p>
*
* @param pair an initialized key pair.
* @throws InvalidParameterException if the key pair is not properly
* initialized.
* @throws KeyException if the key pair cannot be set for any other reason.
* @throws SecurityException if a security manager exists and its
* <code>checkSecurityAccess()</code> method doesn't allow setting the key
* pair.
* @see SecurityManager#checkSecurityAccess(String)
* Specifies the {@link KeyPair} associated with this <code>Signer</code>.
*
* @param pair
* the {@link KeyPair} to use.
* @throws InvalidParameterException
* if the key-pair is invalid.
* @throws KeyException
* if any another key-related error occurs.
* @throws SecurityException
* if a {@link SecurityManager} is installed which disallows this
* operation.
*/
public final void setKeyPair(KeyPair pair)
throws InvalidParameterException, KeyException
@@ -151,12 +140,7 @@ public abstract class Signer extends Identity
throw new InvalidParameterException();
}
/**
* Returns a string of information about the signer.
*
* @return a string of information about the signer.
* @see SecurityManager#checkSecurityAccess(String)
*/
/** @returns a string representing this <code>Signer</code>. */
public String toString()
{
return (getName() + ": " + privateKey);
@@ -1,5 +1,5 @@
/* CRLException.java -- Certificate Revocation List Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -45,7 +45,7 @@ import java.security.GeneralSecurityException;
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
* @status updated to 1.5
*/
public class CRLException extends GeneralSecurityException
{
@@ -70,4 +70,26 @@ public class CRLException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public CRLException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public CRLException(Throwable cause)
{
super(cause);
}
}
@@ -1,5 +1,5 @@
/* CertificateEncodingException.java -- Certificate Encoding Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -43,7 +43,7 @@ package java.security.cert;
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
* @status updated to 1.5
*/
public class CertificateEncodingException extends CertificateException
{
@@ -68,4 +68,26 @@ public class CertificateEncodingException extends CertificateException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public CertificateEncodingException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public CertificateEncodingException(Throwable cause)
{
super(cause);
}
}
@@ -1,5 +1,5 @@
/* CertificateException.java -- Certificate Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -46,7 +46,7 @@ import java.security.GeneralSecurityException;
* @author Mark Benvenuto
* @see Certificate
* @since 1.2
* @status updated to 1.4
* @status updated to 1.5
*/
public class CertificateException extends GeneralSecurityException
{
@@ -71,4 +71,26 @@ public class CertificateException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public CertificateException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public CertificateException(Throwable cause)
{
super(cause);
}
}
@@ -1,5 +1,5 @@
/* CertificateParsingException.java -- Certificate Parsing Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -43,7 +43,7 @@ package java.security.cert;
*
* @author Mark Benvenuto
* @since 1.2
* @status updated to 1.4
* @status updated to 1.5
*/
public class CertificateParsingException extends CertificateException
{
@@ -68,4 +68,26 @@ public class CertificateParsingException extends CertificateException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public CertificateParsingException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public CertificateParsingException(Throwable cause)
{
super(cause);
}
}
@@ -54,6 +54,7 @@ public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey
{
// Constants
// --------------------------------------------------------------------------
long serialVersionUID = 618058533534628008L;
// Methods
@@ -67,45 +68,45 @@ public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey
BigInteger getPublicExponent();
/**
* Returns the primeP.
* Returns the prime p.
*
* @return the primeP.
* @return the prime p.
*/
BigInteger getPrimeP();
/**
* Returns the primeQ.
* Returns the prime q.
*
* @return the primeQ.
* @return the prime q.
*/
BigInteger getPrimeQ();
/**
* Returns the primeExponentP.
* Returns the prime's exponent p.
*
* @return the primeExponentP.
* @return the prime's exponent p.
*/
BigInteger getPrimeExponentP();
/**
* Returns the primeExponentQ.
* Returns the prime's exponent q.
*
* @return the primeExponentQ.
* @return the prime's exponent q.
*/
BigInteger getPrimeExponentQ();
/**
* Returns the crtCoefficient.
* Returns the CRT Coefficient.
*
* @return the crtCoefficient.
* @return the CRT Coefficient.
*/
BigInteger getCrtCoefficient();
/**
* Returns the otherPrimeInfo or <code>null</code> if there are only two
* prime factors (p and q).
* Returns the <i>OtherPrimeInfo</i> triplet MPIs or <code>null</code> if
* there are only two known prime factors (p and q).
*
* @return the otherPrimeInfo.
* @return the <i>OtherPrimeInfo</i> INTEGERs.
*/
RSAOtherPrimeInfo[] getOtherPrimeInfo();
}
@@ -1,5 +1,5 @@
/* InvalidKeySpecException.java -- invalid KeySpec Exception
Copyright (C) 1999, 2002 Free Software Foundation, Inc.
Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -46,7 +46,7 @@ import java.security.GeneralSecurityException;
* @author Mark Benvenuto
* @see KeySpec
* @since 1.2
* @status updated to 1.4
* @status updated to 1.5
*/
public class InvalidKeySpecException extends GeneralSecurityException
{
@@ -71,4 +71,26 @@ public class InvalidKeySpecException extends GeneralSecurityException
{
super(msg);
}
/**
* Create a new instance with a descriptive error message and
* a cause.
* @param s the descriptive error message
* @param cause the cause
* @since 1.5
*/
public InvalidKeySpecException(String s, Throwable cause)
{
super(s, cause);
}
/**
* Create a new instance with a cause.
* @param cause the cause
* @since 1.5
*/
public InvalidKeySpecException(Throwable cause)
{
super(cause);
}
}
@@ -38,9 +38,9 @@ exception statement from your version. */
package java.security.spec;
/**
* This class specifies a parameter spec for RSA PSS encoding scheme, as
* defined in the PKCS#1 v2.1.
*
* An implementation of {@link AlgorithmParameterSpec} for the RSA PSS encoding
* scheme.
*
* @since 1.4
* @see AlgorithmParameterSpec
* @see java.security.Signature
@@ -56,12 +56,13 @@ public class PSSParameterSpec implements AlgorithmParameterSpec
// --------------------------------------------------------------------------
/**
* Creates a new <code>PSSParameterSpec</code> given the salt length as
* defined in PKCS#1.
*
* @param saltLen the length of salt in bits to be used in PKCS#1 PSS encoding.
* @throws IllegalArgumentException if <code>saltLen</code> is less than
* <code>0</code>.
* Construct a new instance of <code>PSSParameterSpec</code> given a salt
* length.
*
* @param saltLen
* the length in bits of the salt.
* @throws IllegalArgumentException
* if <code>saltLen</code> is less than <code>0</code>.
*/
public PSSParameterSpec(int saltLen)
{
@@ -78,11 +79,7 @@ public class PSSParameterSpec implements AlgorithmParameterSpec
// Instance methods
// --------------------------------------------------------------------------
/**
* Returns the salt length in bits.
*
* @return the salt length.
*/
/** @return the length (in bits) of the salt. */
public int getSaltLength()
{
return this.saltLen;
@@ -40,9 +40,9 @@ package java.security.spec;
import java.math.BigInteger;
/**
* This class specifies an RSA multi-prime private key, as defined in the
* This class represents an RSA multi-prime private key, as defined in the
* PKCS#1 v2.1, using the <i>Chinese Remainder Theorem</i> (CRT) information
* values for efficiency.
* values.
*
* @since 1.4
* @see java.security.Key
@@ -70,29 +70,35 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
// --------------------------------------------------------------------------
/**
* <p>Creates a new <code>RSAMultiPrimePrivateCrtKeySpec</code> given the
* modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP,
* primeExponentQ, crtCoefficient, and otherPrimeInfo as defined in PKCS#1
* v2.1.</p>
*
* Constructs a new instance of <code>RSAMultiPrimePrivateCrtKeySpec</code>
* given the various PKCS#1 v2.1 parameters.
*
* <p>Note that <code>otherPrimeInfo</code> is cloned when constructing this
* object.</p>
*
* @param modulus the modulus n.
* @param publicExponent the public exponent e.
* @param privateExponent the private exponent d.
* @param primeP the prime factor p of n.
* @param primeQ the prime factor q of n.
* @param primeExponentP this is d mod (p-1).
* @param primeExponentQ this is d mod (q-1).
* @param crtCoefficient the Chinese Remainder Theorem coefficient q-1 mod p.
* @param otherPrimeInfo triplets of the rest of primes, <code>null</code>
* can be specified if there are only two prime factors (p and q).
* @throws NullPointerException if any of the parameters, i.e. modulus,
* publicExponent, privateExponent, primeP, primeQ, primeExponentP,
* primeExponentQ, crtCoefficient, is <code>null</code>.
* @throws IllegalArgumentException if an empty, i.e. 0-length,
* otherPrimeInfo is specified.
*
* @param modulus
* the modulus n.
* @param publicExponent
* the public exponent e.
* @param privateExponent
* the private exponent d.
* @param primeP
* the prime factor p of n.
* @param primeQ
* the prime factor q of n.
* @param primeExponentP
* this is d mod (p-1).
* @param primeExponentQ
* this is d mod (q-1).
* @param crtCoefficient
* the Chinese Remainder Theorem coefficient q-1 mod p.
* @param otherPrimeInfo
* triplets of the rest of primes, <code>null</code> can be
* specified if there are only two prime factors (p and q).
* @throws NullPointerException
* if any of the parameters is <code>null</code>.
* @throws IllegalArgumentException
* if an empty <code>otherPrimeInfo</code> is specified.
*/
public RSAMultiPrimePrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
@@ -153,9 +159,9 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
}
/**
* Returns the primeP.
* Returns the prime p.
*
* @return the primeP.
* @return the prime p.
*/
public BigInteger getPrimeP()
{
@@ -163,9 +169,9 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
}
/**
* Returns the primeQ.
* Returns the prime q.
*
* @return the primeQ.
* @return the prime q.
*/
public BigInteger getPrimeQ()
{
@@ -173,9 +179,9 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
}
/**
* Returns the primeExponentP.
* Returns d mod (p-1).
*
* @return the primeExponentP.
* @return d mod (p-1).
*/
public BigInteger getPrimeExponentP()
{
@@ -183,9 +189,9 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
}
/**
* Returns the primeExponentQ.
* Returns d mod (q-1).
*
* @return the primeExponentQ.
* @return d mod (q-1).
*/
public BigInteger getPrimeExponentQ()
{
@@ -193,9 +199,9 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
}
/**
* Returns the crtCoefficient.
* Returns the CRT Coefficient q-1 mod p.
*
* @return the crtCoefficient.
* @return the CRT Coefficient q-1 mod p.
*/
public BigInteger getCrtCoefficient()
{
@@ -203,10 +209,10 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
}
/**
* Returns a copy of the otherPrimeInfo or <code>null</code> if there are
* only two prime factors (p and q).
* Returns a clone of <code>otherPrimeInfo</code> or <code>null</code> if
* it was <code>null</code> at construction time.
*
* @return the otherPrimeInfo.
* @return a cloned copy of <code>otherPrimeInfo</code>.
*/
public RSAOtherPrimeInfo[] getOtherPrimeInfo()
{
@@ -40,17 +40,8 @@ package java.security.spec;
import java.math.BigInteger;
/**
* This class represents the triplet (prime, exponent, and coefficient) inside
* RSA's OtherPrimeInfo structure, as defined in the PKCS#1 v2.1. The ASN.1
* syntax of RSA's OtherPrimeInfo is as follows:
*
* <pre>
* OtherPrimeInfo ::= SEQUENCE {
* prime INTEGER,
* exponent INTEGER,
* coefficient INTEGER
* }
* </pre>
* An in-memory representation of the RSA triplet (prime, exponent, and
* coefficient) inside a PKCS#1 v2.1 <i>OtherPrimeInfo</i> structure.
*
* @since 1.4
* @see RSAPrivateCrtKeySpec
@@ -69,14 +60,16 @@ public class RSAOtherPrimeInfo
// --------------------------------------------------------------------------
/**
* Creates a new <code>RSAOtherPrimeInfo</code> given the prime,
* primeExponent, and crtCoefficient as defined in PKCS#1.
*
* @param prime the prime factor of n.
* @param primeExponent the exponent.
* @param crtCoefficient the Chinese Remainder Theorem coefficient.
* @throws NullPointerException if any of the parameters, i.e. prime,
* primeExponent, crtCoefficient, is <code>null</code>.
* Constructs a new <code>RSAOtherPrimeInfo</code> given the PKCS#1 MPIs.
*
* @param prime
* the prime factor of n.
* @param primeExponent
* the exponent.
* @param crtCoefficient
* the Chinese Remainder Theorem coefficient.
* @throws NullPointerException
* if any of the parameters is <code>null</code>.
*/
public RSAOtherPrimeInfo(BigInteger prime, BigInteger primeExponent,
BigInteger crtCoefficient)
@@ -122,9 +115,9 @@ public class RSAOtherPrimeInfo
}
/**
* Returns the prime's crtCoefficient.
* Returns the CRT Coefficient.
*
* @return the crtCoefficient.
* @return the CRT Coefficient.
*/
public final BigInteger getCrtCoefficient()
{