Major merge with Classpath.
Removed many duplicate files. * HACKING: Updated.x * classpath: Imported new directory. * standard.omit: New file. * Makefile.in, aclocal.m4, configure: Rebuilt. * sources.am: New file. * configure.ac: Run Classpath configure script. Moved code around to support. Disable xlib AWT peers (temporarily). * Makefile.am (SUBDIRS): Added 'classpath' (JAVAC): Removed. (AM_CPPFLAGS): Added more -I options. (BOOTCLASSPATH): Simplified. Completely redid how sources are built. Include sources.am. * include/Makefile.am (tool_include__HEADERS): Removed jni.h. * include/jni.h: Removed (in Classpath). * scripts/classes.pl: Updated to look at built classes. * scripts/makemake.tcl: New file. * testsuite/libjava.jni/jni.exp (gcj_jni_compile_c_to_so): Added -I options. (gcj_jni_invocation_compile_c_to_binary): Likewise. From-SVN: r102082
This commit is contained in:
@@ -1,59 +0,0 @@
|
||||
/* GnuPKIExtension.java -- interface for GNU PKI extensions.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.x509.ext.Extension;
|
||||
|
||||
import java.security.cert.X509Extension;
|
||||
import java.util.Collection;
|
||||
|
||||
public interface GnuPKIExtension extends X509Extension
|
||||
{
|
||||
|
||||
/**
|
||||
* Returns the extension object for the given object identifier.
|
||||
*
|
||||
* @param oid The OID of the extension to get.
|
||||
* @return The extension, or null if there is no such extension.
|
||||
*/
|
||||
Extension getExtension(OID oid);
|
||||
|
||||
Collection getExtensions();
|
||||
}
|
||||
@@ -1,214 +0,0 @@
|
||||
/* PolicyNodeImpl.java -- An implementation of a policy tree node.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import java.security.cert.PolicyNode;
|
||||
import java.security.cert.PolicyQualifierInfo;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
public final class PolicyNodeImpl implements PolicyNode
|
||||
{
|
||||
|
||||
// Fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private String policy;
|
||||
private final Set expectedPolicies;
|
||||
private final Set qualifiers;
|
||||
private final Set children;
|
||||
private PolicyNodeImpl parent;
|
||||
private int depth;
|
||||
private boolean critical;
|
||||
private boolean readOnly;
|
||||
|
||||
// Constructors.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public PolicyNodeImpl()
|
||||
{
|
||||
expectedPolicies = new HashSet();
|
||||
qualifiers = new HashSet();
|
||||
children = new HashSet();
|
||||
readOnly = false;
|
||||
critical = false;
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public void addChild(PolicyNodeImpl node)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
if (node.getParent() != null)
|
||||
throw new IllegalStateException("already a child node");
|
||||
node.parent = this;
|
||||
node.setDepth(depth + 1);
|
||||
children.add(node);
|
||||
}
|
||||
|
||||
public Iterator getChildren()
|
||||
{
|
||||
return Collections.unmodifiableSet(children).iterator();
|
||||
}
|
||||
|
||||
public int getDepth()
|
||||
{
|
||||
return depth;
|
||||
}
|
||||
|
||||
public void setDepth(int depth)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
this.depth = depth;
|
||||
}
|
||||
|
||||
public void addAllExpectedPolicies(Set policies)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
expectedPolicies.addAll(policies);
|
||||
}
|
||||
|
||||
public void addExpectedPolicy(String policy)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
expectedPolicies.add(policy);
|
||||
}
|
||||
|
||||
public Set getExpectedPolicies()
|
||||
{
|
||||
return Collections.unmodifiableSet(expectedPolicies);
|
||||
}
|
||||
|
||||
public PolicyNode getParent()
|
||||
{
|
||||
return parent;
|
||||
}
|
||||
|
||||
public void addAllPolicyQualifiers (Collection qualifiers)
|
||||
{
|
||||
for (Iterator it = qualifiers.iterator(); it.hasNext(); )
|
||||
{
|
||||
if (!(it.next() instanceof PolicyQualifierInfo))
|
||||
throw new IllegalArgumentException ("can only add PolicyQualifierInfos");
|
||||
}
|
||||
qualifiers.addAll (qualifiers);
|
||||
}
|
||||
|
||||
public void addPolicyQualifier (PolicyQualifierInfo qualifier)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
qualifiers.add(qualifier);
|
||||
}
|
||||
|
||||
public Set getPolicyQualifiers()
|
||||
{
|
||||
return Collections.unmodifiableSet(qualifiers);
|
||||
}
|
||||
|
||||
public String getValidPolicy()
|
||||
{
|
||||
return policy;
|
||||
}
|
||||
|
||||
public void setValidPolicy(String policy)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
this.policy = policy;
|
||||
}
|
||||
|
||||
public boolean isCritical()
|
||||
{
|
||||
return critical;
|
||||
}
|
||||
|
||||
public void setCritical(boolean critical)
|
||||
{
|
||||
if (readOnly)
|
||||
throw new IllegalStateException("read only");
|
||||
this.critical = critical;
|
||||
}
|
||||
|
||||
public void setReadOnly()
|
||||
{
|
||||
if (readOnly)
|
||||
return;
|
||||
readOnly = true;
|
||||
for (Iterator it = getChildren(); it.hasNext(); )
|
||||
((PolicyNodeImpl) it.next()).setReadOnly();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
StringBuffer buf = new StringBuffer();
|
||||
for (int i = 0; i < depth; i++)
|
||||
buf.append(" ");
|
||||
buf.append("(");
|
||||
buf.append(PolicyNodeImpl.class.getName());
|
||||
buf.append(" (oid ");
|
||||
buf.append(policy);
|
||||
buf.append(") (depth ");
|
||||
buf.append(depth);
|
||||
buf.append(") (qualifiers ");
|
||||
buf.append(qualifiers);
|
||||
buf.append(") (critical ");
|
||||
buf.append(critical);
|
||||
buf.append(") (expectedPolicies ");
|
||||
buf.append(expectedPolicies);
|
||||
buf.append(") (children (");
|
||||
final String nl = System.getProperty("line.separator");
|
||||
for (Iterator it = getChildren(); it.hasNext(); )
|
||||
{
|
||||
buf.append(nl);
|
||||
buf.append(it.next().toString());
|
||||
}
|
||||
buf.append(")))");
|
||||
return buf.toString();
|
||||
}
|
||||
}
|
||||
@@ -1,202 +0,0 @@
|
||||
/* Util.java -- Miscellaneous utility methods.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
/**
|
||||
* A collection of useful class methods.
|
||||
*
|
||||
* @author Casey Marshall (rsdio@metastatic.org)
|
||||
*/
|
||||
public final class Util
|
||||
{
|
||||
|
||||
// Constants.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final String HEX = "0123456789abcdef";
|
||||
|
||||
// Class methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Convert a byte array to a hexadecimal string, as though it were a
|
||||
* big-endian arbitrarily-sized integer.
|
||||
*
|
||||
* @param buf The bytes to format.
|
||||
* @param off The offset to start at.
|
||||
* @param len The number of bytes to format.
|
||||
* @return A hexadecimal representation of the specified bytes.
|
||||
*/
|
||||
public static String toHexString(byte[] buf, int off, int len)
|
||||
{
|
||||
StringBuffer str = new StringBuffer();
|
||||
for (int i = 0; i < len; i++)
|
||||
{
|
||||
str.append(HEX.charAt(buf[i+off] >>> 4 & 0x0F));
|
||||
str.append(HEX.charAt(buf[i+off] & 0x0F));
|
||||
}
|
||||
return str.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* See {@link #toHexString(byte[],int,int)}.
|
||||
*/
|
||||
public static String toHexString(byte[] buf)
|
||||
{
|
||||
return Util.toHexString(buf, 0, buf.length);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a byte array to a hexadecimal string, separating octets
|
||||
* with the given character.
|
||||
*
|
||||
* @param buf The bytes to format.
|
||||
* @param off The offset to start at.
|
||||
* @param len The number of bytes to format.
|
||||
* @param sep The character to insert between octets.
|
||||
* @return A hexadecimal representation of the specified bytes.
|
||||
*/
|
||||
public static String toHexString(byte[] buf, int off, int len, char sep)
|
||||
{
|
||||
StringBuffer str = new StringBuffer();
|
||||
for (int i = 0; i < len; i++)
|
||||
{
|
||||
str.append(HEX.charAt(buf[i+off] >>> 4 & 0x0F));
|
||||
str.append(HEX.charAt(buf[i+off] & 0x0F));
|
||||
if (i < len - 1)
|
||||
str.append(sep);
|
||||
}
|
||||
return str.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* See {@link #toHexString(byte[],int,int,char)}.
|
||||
*/
|
||||
public static String toHexString(byte[] buf, char sep)
|
||||
{
|
||||
return Util.toHexString(buf, 0, buf.length, sep);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a representation of the given byte array similar to the
|
||||
* output of `hexdump -C', which is
|
||||
*
|
||||
* <p><pre>OFFSET SIXTEEN-BYTES-IN-HEX PRINTABLE-BYTES</pre>
|
||||
*
|
||||
* <p>The printable bytes show up as-is if they are printable and
|
||||
* not a newline character, otherwise showing as '.'.
|
||||
*
|
||||
* @param buf The bytes to format.
|
||||
* @param off The offset to start at.
|
||||
* @param len The number of bytes to encode.
|
||||
* @return The formatted string.
|
||||
*/
|
||||
public static String hexDump(byte[] buf, int off, int len, String prefix)
|
||||
{
|
||||
String nl = System.getProperty("line.separator");
|
||||
StringBuffer str = new StringBuffer();
|
||||
int i = 0;
|
||||
while (i < len)
|
||||
{
|
||||
str.append(prefix);
|
||||
str.append(Util.formatInt(i+off, 16, 8));
|
||||
str.append(" ");
|
||||
String s = Util.toHexString(buf, i+off, Math.min(16, len-i), ' ');
|
||||
str.append(s);
|
||||
for (int j = 56 - (56 - s.length()); j < 56; j++)
|
||||
str.append(" ");
|
||||
for (int j = 0; j < Math.min(16, len - i); j++)
|
||||
{
|
||||
if ((buf[i+off+j] & 0xFF) < 0x20 || (buf[i+off+j] & 0xFF) > 0x7E)
|
||||
str.append('.');
|
||||
else
|
||||
str.append((char) (buf[i+off+j] & 0xFF));
|
||||
}
|
||||
str.append(nl);
|
||||
i += 16;
|
||||
}
|
||||
return str.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* See {@link #hexDump(byte[],int,int)}.
|
||||
*/
|
||||
public static String hexDump(byte[] buf, String prefix)
|
||||
{
|
||||
return hexDump(buf, 0, buf.length, prefix);
|
||||
}
|
||||
|
||||
/**
|
||||
* Format an integer into the specified radix, zero-filled.
|
||||
*
|
||||
* @param i The integer to format.
|
||||
* @param radix The radix to encode to.
|
||||
* @param len The target length of the string. The string is
|
||||
* zero-padded to this length, but may be longer.
|
||||
* @return The formatted integer.
|
||||
*/
|
||||
public static String formatInt(int i, int radix, int len)
|
||||
{
|
||||
String s = Integer.toString(i, radix);
|
||||
StringBuffer buf = new StringBuffer();
|
||||
for (int j = 0; j < len - s.length(); j++)
|
||||
buf.append("0");
|
||||
buf.append(s);
|
||||
return buf.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a hexadecimal string into its byte representation.
|
||||
*
|
||||
* @param hex The hexadecimal string.
|
||||
* @return The converted bytes.
|
||||
*/
|
||||
public static byte[] toByteArray(String hex)
|
||||
{
|
||||
hex = hex.toLowerCase();
|
||||
byte[] buf = new byte[hex.length() / 2];
|
||||
int j = 0;
|
||||
for (int i = 0; i < buf.length; i++)
|
||||
{
|
||||
buf[i] = (byte) ((Character.digit(hex.charAt(j++), 16) << 4) |
|
||||
Character.digit(hex.charAt(j++), 16));
|
||||
}
|
||||
return buf;
|
||||
}
|
||||
}
|
||||
@@ -1,548 +0,0 @@
|
||||
/* X500DistinguishedName.java -- X.500 distinguished name.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.Reader;
|
||||
import java.io.StringReader;
|
||||
import java.security.Principal;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
public class X500DistinguishedName implements Principal
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID CN = new OID("2.5.4.3");
|
||||
public static final OID C = new OID("2.5.4.6");
|
||||
public static final OID L = new OID("2.5.4.7");
|
||||
public static final OID ST = new OID("2.5.4.8");
|
||||
public static final OID STREET = new OID("2.5.4.9");
|
||||
public static final OID O = new OID("2.5.4.10");
|
||||
public static final OID OU = new OID("2.5.4.11");
|
||||
public static final OID T = new OID("2.5.4.12");
|
||||
public static final OID DNQ = new OID("2.5.4.46");
|
||||
public static final OID NAME = new OID("2.5.4.41");
|
||||
public static final OID GIVENNAME = new OID("2.5.4.42");
|
||||
public static final OID INITIALS = new OID("2.5.4.43");
|
||||
public static final OID GENERATION = new OID("2.5.4.44");
|
||||
public static final OID EMAIL = new OID("1.2.840.113549.1.9.1");
|
||||
public static final OID DC = new OID("0.9.2342.19200300.100.1.25");
|
||||
public static final OID UID = new OID("0.9.2342.19200300.100.1.1");
|
||||
|
||||
private List components;
|
||||
private Map currentRdn;
|
||||
private boolean fixed;
|
||||
private String stringRep;
|
||||
private byte[] encoded;
|
||||
|
||||
// Constructors.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public X500DistinguishedName()
|
||||
{
|
||||
components = new LinkedList();
|
||||
currentRdn = new LinkedHashMap();
|
||||
components.add(currentRdn);
|
||||
}
|
||||
|
||||
public X500DistinguishedName(String name)
|
||||
{
|
||||
this();
|
||||
try
|
||||
{
|
||||
parseString(name);
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
throw new IllegalArgumentException(ioe.toString());
|
||||
}
|
||||
}
|
||||
|
||||
public X500DistinguishedName(byte[] encoded) throws IOException
|
||||
{
|
||||
this();
|
||||
parseDer(new DERReader(encoded));
|
||||
}
|
||||
|
||||
public X500DistinguishedName(InputStream encoded) throws IOException
|
||||
{
|
||||
this();
|
||||
parseDer(new DERReader(encoded));
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public String getName()
|
||||
{
|
||||
return toString();
|
||||
}
|
||||
|
||||
public void newRelativeDistinguishedName()
|
||||
{
|
||||
if (fixed || currentRdn.isEmpty()) return;
|
||||
currentRdn = new LinkedHashMap();
|
||||
components.add(currentRdn);
|
||||
}
|
||||
|
||||
public int size()
|
||||
{
|
||||
return components.size();
|
||||
}
|
||||
|
||||
public int countComponents()
|
||||
{
|
||||
int count = 0;
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
count += ((Map) it.next()).size();
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
public boolean containsComponent(OID oid, String value)
|
||||
{
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
Map rdn = (Map) it.next();
|
||||
String s = (String) rdn.get(oid);
|
||||
if (s == null)
|
||||
continue;
|
||||
if (compressWS(value).equalsIgnoreCase(compressWS(s)))
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public String getComponent(OID oid)
|
||||
{
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
Map rdn = (Map) it.next();
|
||||
if (rdn.containsKey(oid))
|
||||
return (String) rdn.get(oid);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public String getComponent(OID oid, int rdn)
|
||||
{
|
||||
if (rdn >= size())
|
||||
return null;
|
||||
return (String) ((Map) components.get(rdn)).get(oid);
|
||||
}
|
||||
|
||||
public void putComponent(OID oid, String value)
|
||||
{
|
||||
currentRdn.put(oid, value);
|
||||
}
|
||||
|
||||
public void putComponent(String name, String value)
|
||||
{
|
||||
name = name.trim().toLowerCase();
|
||||
if (name.equals("cn"))
|
||||
putComponent(CN, value);
|
||||
else if (name.equals("c"))
|
||||
putComponent(C, value);
|
||||
else if (name.equals("l"))
|
||||
putComponent(L, value);
|
||||
else if (name.equals("street"))
|
||||
putComponent(STREET, value);
|
||||
else if (name.equals("st"))
|
||||
putComponent(ST, value);
|
||||
else if (name.equals("t"))
|
||||
putComponent(T, value);
|
||||
else if (name.equals("dnq"))
|
||||
putComponent(DNQ, value);
|
||||
else if (name.equals("name"))
|
||||
putComponent(NAME, value);
|
||||
else if (name.equals("givenname"))
|
||||
putComponent(GIVENNAME, value);
|
||||
else if (name.equals("initials"))
|
||||
putComponent(INITIALS, value);
|
||||
else if (name.equals("generation"))
|
||||
putComponent(GENERATION, value);
|
||||
else if (name.equals("email"))
|
||||
putComponent(EMAIL, value);
|
||||
else if (name.equals("dc"))
|
||||
putComponent(DC, value);
|
||||
else if (name.equals("uid"))
|
||||
putComponent(UID, value);
|
||||
else
|
||||
putComponent(new OID(name), value);
|
||||
}
|
||||
|
||||
public void setUnmodifiable()
|
||||
{
|
||||
if (fixed) return;
|
||||
fixed = true;
|
||||
List newComps = new ArrayList(components.size());
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
Map rdn = (Map) it.next();
|
||||
rdn = Collections.unmodifiableMap(rdn);
|
||||
newComps.add(rdn);
|
||||
}
|
||||
components = Collections.unmodifiableList(newComps);
|
||||
currentRdn = Collections.EMPTY_MAP;
|
||||
}
|
||||
|
||||
public int hashCode()
|
||||
{
|
||||
int sum = 0;
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
Map m = (Map) it.next();
|
||||
for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
|
||||
{
|
||||
Map.Entry e = (Map.Entry) it2.next();
|
||||
sum += e.getKey().hashCode();
|
||||
sum += e.getValue().hashCode();
|
||||
}
|
||||
}
|
||||
return sum;
|
||||
}
|
||||
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if (!(o instanceof X500DistinguishedName))
|
||||
return false;
|
||||
if (size() != ((X500DistinguishedName) o).size())
|
||||
return false;
|
||||
for (int i = 0; i < size(); i++)
|
||||
{
|
||||
Map m = (Map) components.get(i);
|
||||
for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
|
||||
{
|
||||
Map.Entry e = (Map.Entry) it2.next();
|
||||
OID oid = (OID) e.getKey();
|
||||
String v1 = (String) e.getValue();
|
||||
String v2 = ((X500DistinguishedName) o).getComponent(oid, i);
|
||||
if (!compressWS(v1).equalsIgnoreCase(compressWS(v2)))
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
if (fixed && stringRep != null)
|
||||
return stringRep;
|
||||
StringBuffer str = new StringBuffer();
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
Map m = (Map) it.next();
|
||||
for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
|
||||
{
|
||||
Map.Entry entry = (Map.Entry) it2.next();
|
||||
OID oid = (OID) entry.getKey();
|
||||
String value = (String) entry.getValue();
|
||||
if (oid.equals(CN))
|
||||
str.append("CN");
|
||||
else if (oid.equals(C))
|
||||
str.append("C");
|
||||
else if (oid.equals(L))
|
||||
str.append("L");
|
||||
else if (oid.equals(ST))
|
||||
str.append("ST");
|
||||
else if (oid.equals(STREET))
|
||||
str.append("STREET");
|
||||
else if (oid.equals(O))
|
||||
str.append("O");
|
||||
else if (oid.equals(OU))
|
||||
str.append("OU");
|
||||
else if (oid.equals(T))
|
||||
str.append("T");
|
||||
else if (oid.equals(DNQ))
|
||||
str.append("DNQ");
|
||||
else if (oid.equals(NAME))
|
||||
str.append("NAME");
|
||||
else
|
||||
str.append(oid.toString());
|
||||
str.append('=');
|
||||
str.append(value);
|
||||
if (it2.hasNext())
|
||||
str.append("+");
|
||||
}
|
||||
if (it.hasNext())
|
||||
str.append(',');
|
||||
}
|
||||
return (stringRep = str.toString());
|
||||
}
|
||||
|
||||
public byte[] getDer()
|
||||
{
|
||||
if (fixed && encoded != null)
|
||||
return (byte[]) encoded.clone();
|
||||
ArrayList name = new ArrayList(components.size());
|
||||
for (Iterator it = components.iterator(); it.hasNext(); )
|
||||
{
|
||||
Map m = (Map) it.next();
|
||||
if (m.isEmpty())
|
||||
continue;
|
||||
Set rdn = new HashSet();
|
||||
for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
|
||||
{
|
||||
Map.Entry e = (Map.Entry) it.next();
|
||||
ArrayList atav = new ArrayList(2);
|
||||
atav.add(new DERValue(DER.OBJECT_IDENTIFIER, e.getKey()));
|
||||
atav.add(new DERValue(DER.UTF8_STRING, e.getValue()));
|
||||
rdn.add(new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, atav));
|
||||
}
|
||||
name.add(new DERValue(DER.SET|DER.CONSTRUCTED, rdn));
|
||||
}
|
||||
DERValue val = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, name);
|
||||
return (byte[]) (encoded = val.getEncoded()).clone();
|
||||
}
|
||||
|
||||
// Own methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private int sep;
|
||||
|
||||
private void parseString(String str) throws IOException
|
||||
{
|
||||
Reader in = new StringReader(str);
|
||||
while (true)
|
||||
{
|
||||
String key = readAttributeType(in);
|
||||
if (key == null)
|
||||
break;
|
||||
String value = readAttributeValue(in);
|
||||
putComponent(key, value);
|
||||
if (sep == ',')
|
||||
newRelativeDistinguishedName();
|
||||
}
|
||||
setUnmodifiable();
|
||||
}
|
||||
|
||||
private String readAttributeType(Reader in) throws IOException
|
||||
{
|
||||
StringBuffer buf = new StringBuffer();
|
||||
int ch;
|
||||
while ((ch = in.read()) != '=')
|
||||
{
|
||||
if (ch == -1)
|
||||
{
|
||||
if (buf.length() > 0)
|
||||
throw new EOFException();
|
||||
return null;
|
||||
}
|
||||
if (ch > 127)
|
||||
throw new IOException("Invalid char: " + (char) ch);
|
||||
if (Character.isLetterOrDigit((char) ch) || ch == '-' || ch == '.')
|
||||
buf.append((char) ch);
|
||||
else
|
||||
throw new IOException("Invalid char: " + (char) ch);
|
||||
}
|
||||
return buf.toString();
|
||||
}
|
||||
|
||||
private String readAttributeValue(Reader in) throws IOException
|
||||
{
|
||||
StringBuffer buf = new StringBuffer();
|
||||
int ch = in.read();
|
||||
if (ch == '#')
|
||||
{
|
||||
while (true)
|
||||
{
|
||||
ch = in.read();
|
||||
if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
|
||||
|| Character.isDigit((char) ch))
|
||||
buf.append((char) ch);
|
||||
else if (ch == '+' || ch == ',')
|
||||
{
|
||||
sep = ch;
|
||||
String hex = buf.toString();
|
||||
return new String(Util.toByteArray(hex));
|
||||
}
|
||||
else
|
||||
throw new IOException("illegal character: " + (char) ch);
|
||||
}
|
||||
}
|
||||
else if (ch == '"')
|
||||
{
|
||||
while (true)
|
||||
{
|
||||
ch = in.read();
|
||||
if (ch == '"')
|
||||
break;
|
||||
else if (ch == '\\')
|
||||
{
|
||||
ch = in.read();
|
||||
if (ch == -1)
|
||||
throw new EOFException();
|
||||
if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
|
||||
|| Character.isDigit((char) ch))
|
||||
{
|
||||
int i = Character.digit((char) ch, 16) << 4;
|
||||
ch = in.read();
|
||||
if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
|
||||
|| Character.isDigit((char) ch)))
|
||||
throw new IOException("illegal hex char");
|
||||
i |= Character.digit((char) ch, 16);
|
||||
buf.append((char) i);
|
||||
}
|
||||
else
|
||||
buf.append((char) ch);
|
||||
}
|
||||
else
|
||||
buf.append((char) ch);
|
||||
}
|
||||
sep = in.read();
|
||||
if (sep != '+' || sep != ',')
|
||||
throw new IOException("illegal character: " + (char) ch);
|
||||
return buf.toString();
|
||||
}
|
||||
else
|
||||
{
|
||||
while (true)
|
||||
{
|
||||
switch (ch)
|
||||
{
|
||||
case '+':
|
||||
case ',':
|
||||
sep = ch;
|
||||
return buf.toString();
|
||||
case '\\':
|
||||
ch = in.read();
|
||||
if (ch == -1)
|
||||
throw new EOFException();
|
||||
if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
|
||||
|| Character.isDigit((char) ch))
|
||||
{
|
||||
int i = Character.digit((char) ch, 16) << 4;
|
||||
ch = in.read();
|
||||
if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
|
||||
|| Character.isDigit((char) ch)))
|
||||
throw new IOException("illegal hex char");
|
||||
i |= Character.digit((char) ch, 16);
|
||||
buf.append((char) i);
|
||||
}
|
||||
else
|
||||
buf.append((char) ch);
|
||||
break;
|
||||
case '=':
|
||||
case '<':
|
||||
case '>':
|
||||
case '#':
|
||||
case ';':
|
||||
throw new IOException("illegal character: " + (char) ch);
|
||||
case -1:
|
||||
throw new EOFException();
|
||||
default:
|
||||
buf.append((char) ch);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void parseDer(DERReader der) throws IOException
|
||||
{
|
||||
DERValue name = der.read();
|
||||
if (!name.isConstructed())
|
||||
throw new IOException("malformed Name");
|
||||
encoded = name.getEncoded();
|
||||
int len = 0;
|
||||
while (len < name.getLength())
|
||||
{
|
||||
DERValue rdn = der.read();
|
||||
if (!rdn.isConstructed())
|
||||
throw new IOException("badly formed RDNSequence");
|
||||
int len2 = 0;
|
||||
while (len2 < rdn.getLength())
|
||||
{
|
||||
DERValue atav = der.read();
|
||||
if (!atav.isConstructed())
|
||||
throw new IOException("badly formed AttributeTypeAndValue");
|
||||
DERValue val = der.read();
|
||||
if (val.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("badly formed AttributeTypeAndValue");
|
||||
OID oid = (OID) val.getValue();
|
||||
val = der.read();
|
||||
if (!(val.getValue() instanceof String))
|
||||
throw new IOException("badly formed AttributeTypeAndValue");
|
||||
String value = (String) val.getValue();
|
||||
putComponent(oid, value);
|
||||
len2 += atav.getEncodedLength();
|
||||
}
|
||||
len += rdn.getEncodedLength();
|
||||
if (len < name.getLength())
|
||||
newRelativeDistinguishedName();
|
||||
}
|
||||
setUnmodifiable();
|
||||
}
|
||||
|
||||
private static String compressWS(String str)
|
||||
{
|
||||
StringBuffer buf = new StringBuffer();
|
||||
char lastChar = 0;
|
||||
for (int i = 0; i < str.length(); i++)
|
||||
{
|
||||
char c = str.charAt(i);
|
||||
if (Character.isWhitespace(c))
|
||||
{
|
||||
if (!Character.isWhitespace(lastChar))
|
||||
buf.append(' ');
|
||||
}
|
||||
else
|
||||
buf.append(c);
|
||||
lastChar = c;
|
||||
}
|
||||
return buf.toString().trim();
|
||||
}
|
||||
}
|
||||
@@ -1,476 +0,0 @@
|
||||
/* X509CRL.java -- X.509 certificate revocation list.
|
||||
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.BitString;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.ext.Extension;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.math.BigInteger;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.Principal;
|
||||
import java.security.PublicKey;
|
||||
import java.security.Signature;
|
||||
import java.security.SignatureException;
|
||||
import java.security.cert.CRLException;
|
||||
import java.security.cert.Certificate;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
/**
|
||||
* X.509 certificate revocation lists.
|
||||
*
|
||||
* @author Casey Marshall (rsdio@metastatic.org)
|
||||
*/
|
||||
public class X509CRL extends java.security.cert.X509CRL
|
||||
implements GnuPKIExtension
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
private static void debug(String msg)
|
||||
{
|
||||
if (DEBUG)
|
||||
{
|
||||
System.err.print(">> X509CRL: ");
|
||||
System.err.println(msg);
|
||||
}
|
||||
}
|
||||
|
||||
private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
|
||||
private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");
|
||||
private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
|
||||
private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2");
|
||||
private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4");
|
||||
private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5");
|
||||
|
||||
private byte[] encoded;
|
||||
|
||||
private byte[] tbsCRLBytes;
|
||||
private int version;
|
||||
private OID algId;
|
||||
private byte[] algParams;
|
||||
private Date thisUpdate;
|
||||
private Date nextUpdate;
|
||||
private X500DistinguishedName issuerDN;
|
||||
private HashMap revokedCerts;
|
||||
private HashMap extensions;
|
||||
|
||||
private OID sigAlg;
|
||||
private byte[] sigAlgParams;
|
||||
private byte[] rawSig;
|
||||
private byte[] signature;
|
||||
|
||||
// Constructors.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Create a new X.509 CRL.
|
||||
*
|
||||
* @param encoded The DER encoded CRL.
|
||||
* @throws CRLException If the input bytes are incorrect.
|
||||
* @throws IOException If the input bytes cannot be read.
|
||||
*/
|
||||
public X509CRL(InputStream encoded) throws CRLException, IOException
|
||||
{
|
||||
super();
|
||||
revokedCerts = new HashMap();
|
||||
extensions = new HashMap();
|
||||
try
|
||||
{
|
||||
parse(encoded);
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
ioe.printStackTrace();
|
||||
throw ioe;
|
||||
}
|
||||
catch (Exception x)
|
||||
{
|
||||
x.printStackTrace();
|
||||
throw new CRLException(x.toString());
|
||||
}
|
||||
}
|
||||
|
||||
// X509CRL methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if (!(o instanceof X509CRL))
|
||||
return false;
|
||||
return ((X509CRL) o).getRevokedCertificates().equals(revokedCerts.values());
|
||||
}
|
||||
|
||||
public int hashCode()
|
||||
{
|
||||
return revokedCerts.hashCode();
|
||||
}
|
||||
|
||||
public byte[] getEncoded() throws CRLException
|
||||
{
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public void verify(PublicKey key)
|
||||
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
|
||||
NoSuchProviderException, SignatureException
|
||||
{
|
||||
Signature sig = Signature.getInstance(sigAlg.toString());
|
||||
doVerify(sig, key);
|
||||
}
|
||||
|
||||
public void verify(PublicKey key, String provider)
|
||||
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
|
||||
NoSuchProviderException, SignatureException
|
||||
{
|
||||
Signature sig = Signature.getInstance(sigAlg.toString(), provider);
|
||||
doVerify(sig, key);
|
||||
}
|
||||
|
||||
public int getVersion()
|
||||
{
|
||||
return version;
|
||||
}
|
||||
|
||||
public Principal getIssuerDN()
|
||||
{
|
||||
return issuerDN;
|
||||
}
|
||||
|
||||
public X500Principal getIssuerX500Principal()
|
||||
{
|
||||
return new X500Principal(issuerDN.getDer());
|
||||
}
|
||||
|
||||
public Date getThisUpdate()
|
||||
{
|
||||
return (Date) thisUpdate.clone();
|
||||
}
|
||||
|
||||
public Date getNextUpdate()
|
||||
{
|
||||
if (nextUpdate != null)
|
||||
return (Date) nextUpdate.clone();
|
||||
return null;
|
||||
}
|
||||
|
||||
public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger serialNo)
|
||||
{
|
||||
return (java.security.cert.X509CRLEntry) revokedCerts.get(serialNo);
|
||||
}
|
||||
|
||||
public Set getRevokedCertificates()
|
||||
{
|
||||
return Collections.unmodifiableSet(new HashSet(revokedCerts.values()));
|
||||
}
|
||||
|
||||
public byte[] getTBSCertList() throws CRLException
|
||||
{
|
||||
return (byte[]) tbsCRLBytes.clone();
|
||||
}
|
||||
|
||||
public byte[] getSignature()
|
||||
{
|
||||
return (byte[]) rawSig.clone();
|
||||
}
|
||||
|
||||
public String getSigAlgName()
|
||||
{
|
||||
if (sigAlg.equals(ID_DSA_WITH_SHA1))
|
||||
return "SHA1withDSA";
|
||||
if (sigAlg.equals(ID_RSA_WITH_MD2))
|
||||
return "MD2withRSA";
|
||||
if (sigAlg.equals(ID_RSA_WITH_MD5))
|
||||
return "MD5withRSA";
|
||||
if (sigAlg.equals(ID_RSA_WITH_SHA1))
|
||||
return "SHA1withRSA";
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
public String getSigAlgOID()
|
||||
{
|
||||
return sigAlg.toString();
|
||||
}
|
||||
|
||||
public byte[] getSigAlgParams()
|
||||
{
|
||||
if (sigAlgParams != null)
|
||||
return (byte[]) sigAlgParams.clone();
|
||||
return null;
|
||||
}
|
||||
|
||||
// X509Extension methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
public boolean hasUnsupportedCriticalExtension()
|
||||
{
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (e.isCritical() && !e.isSupported())
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public Set getCriticalExtensionOIDs()
|
||||
{
|
||||
HashSet s = new HashSet();
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (e.isCritical())
|
||||
s.add(e.getOid().toString());
|
||||
}
|
||||
return Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
public Set getNonCriticalExtensionOIDs()
|
||||
{
|
||||
HashSet s = new HashSet();
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (!e.isCritical())
|
||||
s.add(e.getOid().toString());
|
||||
}
|
||||
return Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
public byte[] getExtensionValue(String oid)
|
||||
{
|
||||
Extension e = getExtension(new OID(oid));
|
||||
if (e != null)
|
||||
{
|
||||
return e.getValue().getEncoded();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// GnuPKIExtension method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public Extension getExtension(OID oid)
|
||||
{
|
||||
return (Extension) extensions.get(oid);
|
||||
}
|
||||
|
||||
public Collection getExtensions()
|
||||
{
|
||||
return extensions.values();
|
||||
}
|
||||
|
||||
// CRL methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return X509CRL.class.getName();
|
||||
}
|
||||
|
||||
public boolean isRevoked(Certificate cert)
|
||||
{
|
||||
if (!(cert instanceof java.security.cert.X509Certificate))
|
||||
throw new IllegalArgumentException("not a X.509 certificate");
|
||||
BigInteger certSerial =
|
||||
((java.security.cert.X509Certificate) cert).getSerialNumber();
|
||||
X509CRLEntry ent = (X509CRLEntry) revokedCerts.get(certSerial);
|
||||
if (ent == null)
|
||||
return false;
|
||||
return ent.getRevocationDate().compareTo(new Date()) < 0;
|
||||
}
|
||||
|
||||
// Own methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
private void doVerify(Signature sig, PublicKey key)
|
||||
throws CRLException, InvalidKeyException, SignatureException
|
||||
{
|
||||
sig.initVerify(key);
|
||||
sig.update(tbsCRLBytes);
|
||||
if (!sig.verify(signature))
|
||||
throw new CRLException("signature not verified");
|
||||
}
|
||||
|
||||
private void parse(InputStream in) throws Exception
|
||||
{
|
||||
// CertificateList ::= SEQUENCE {
|
||||
DERReader der = new DERReader(in);
|
||||
DERValue val = der.read();
|
||||
debug("start CertificateList len == " + val.getLength());
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed CertificateList");
|
||||
encoded = val.getEncoded();
|
||||
|
||||
// tbsCertList ::= SEQUENCE { -- TBSCertList
|
||||
val = der.read();
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed TBSCertList");
|
||||
debug("start tbsCertList len == " + val.getLength());
|
||||
tbsCRLBytes = val.getEncoded();
|
||||
|
||||
// version Version OPTIONAL,
|
||||
// -- If present must be v2
|
||||
val = der.read();
|
||||
if (val.getValue() instanceof BigInteger)
|
||||
{
|
||||
version = ((BigInteger) val.getValue()).intValue() + 1;
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
version = 1;
|
||||
debug("read version == " + version);
|
||||
|
||||
// signature AlgorithmIdentifier,
|
||||
debug("start AlgorithmIdentifier len == " + val.getLength());
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed AlgorithmIdentifier");
|
||||
DERValue algIdVal = der.read();
|
||||
algId = (OID) algIdVal.getValue();
|
||||
debug("read object identifier == " + algId);
|
||||
if (val.getLength() > algIdVal.getEncodedLength())
|
||||
{
|
||||
val = der.read();
|
||||
debug("read parameters len == " + val.getEncodedLength());
|
||||
algParams = val.getEncoded();
|
||||
if (val.isConstructed())
|
||||
in.skip(val.getLength());
|
||||
}
|
||||
|
||||
// issuer Name,
|
||||
val = der.read();
|
||||
issuerDN = new X500DistinguishedName(val.getEncoded());
|
||||
der.skip(val.getLength());
|
||||
debug("read issuer == " + issuerDN);
|
||||
|
||||
// thisUpdate Time,
|
||||
thisUpdate = (Date) der.read().getValue();
|
||||
debug("read thisUpdate == " + thisUpdate);
|
||||
|
||||
// nextUpdate Time OPTIONAL,
|
||||
val = der.read();
|
||||
if (val.getValue() instanceof Date)
|
||||
{
|
||||
nextUpdate = (Date) val.getValue();
|
||||
debug("read nextUpdate == " + nextUpdate);
|
||||
val = der.read();
|
||||
}
|
||||
|
||||
// revokedCertificates SEQUENCE OF SEQUENCE {
|
||||
// -- X509CRLEntry objects...
|
||||
// } OPTIONAL,
|
||||
if (val.getTag() != 0)
|
||||
{
|
||||
int len = 0;
|
||||
while (len < val.getLength())
|
||||
{
|
||||
X509CRLEntry entry = new X509CRLEntry(version, der);
|
||||
revokedCerts.put(entry.getSerialNumber(), entry);
|
||||
len += entry.getEncoded().length;
|
||||
}
|
||||
val = der.read();
|
||||
}
|
||||
|
||||
// crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
||||
// -- if present MUST be v2
|
||||
if (val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)
|
||||
{
|
||||
if (version < 2)
|
||||
throw new IOException("extra data in CRL");
|
||||
DERValue exts = der.read();
|
||||
if (!exts.isConstructed())
|
||||
throw new IOException("malformed Extensions");
|
||||
debug("start Extensions len == " + exts.getLength());
|
||||
int len = 0;
|
||||
while (len < exts.getLength())
|
||||
{
|
||||
DERValue ext = der.read();
|
||||
if (!ext.isConstructed())
|
||||
throw new IOException("malformed Extension");
|
||||
Extension e = new Extension(ext.getEncoded());
|
||||
extensions.put(e.getOid(), e);
|
||||
der.skip(ext.getLength());
|
||||
len += ext.getEncodedLength();
|
||||
debug("current count == " + len);
|
||||
}
|
||||
val = der.read();
|
||||
}
|
||||
|
||||
debug("read tag == " + val.getTag());
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed AlgorithmIdentifier");
|
||||
debug("start AlgorithmIdentifier len == " + val.getLength());
|
||||
DERValue sigAlgVal = der.read();
|
||||
debug("read tag == " + sigAlgVal.getTag());
|
||||
if (sigAlgVal.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("malformed AlgorithmIdentifier");
|
||||
sigAlg = (OID) sigAlgVal.getValue();
|
||||
debug("signature id == " + sigAlg);
|
||||
debug("sigAlgVal length == " + sigAlgVal.getEncodedLength());
|
||||
if (val.getLength() > sigAlgVal.getEncodedLength())
|
||||
{
|
||||
val = der.read();
|
||||
debug("sig params tag = " + val.getTag() + " len == " + val.getEncodedLength());
|
||||
sigAlgParams = (byte[]) val.getEncoded();
|
||||
if (val.isConstructed())
|
||||
in.skip(val.getLength());
|
||||
}
|
||||
val = der.read();
|
||||
debug("read tag = " + val.getTag());
|
||||
rawSig = val.getEncoded();
|
||||
signature = ((BitString) val.getValue()).toByteArray();
|
||||
}
|
||||
}
|
||||
@@ -1,278 +0,0 @@
|
||||
/* X509CRLEntry.java -- an entry in a X.509 CRL.
|
||||
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.ext.Extension;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.cert.CRLException;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* A single entry in a X.509 certificate revocation list.
|
||||
*
|
||||
* @see X509CRL
|
||||
* @author Casey Marshall
|
||||
*/
|
||||
class X509CRLEntry extends java.security.cert.X509CRLEntry
|
||||
implements GnuPKIExtension
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
private static void debug(String msg)
|
||||
{
|
||||
if (DEBUG)
|
||||
{
|
||||
System.err.print(">> X509CRLEntry: ");
|
||||
System.err.println(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/** The DER encoded form of this CRL entry. */
|
||||
private byte[] encoded;
|
||||
|
||||
/** The revoked certificate's serial number. */
|
||||
private BigInteger serialNo;
|
||||
|
||||
/** The date the certificate was revoked. */
|
||||
private Date revocationDate;
|
||||
|
||||
/** The CRL entry extensions. */
|
||||
private HashMap extensions;
|
||||
|
||||
// Constructor.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Create a new X.509 certificate revocation list entry from the given
|
||||
* input stream and CRL version number.
|
||||
*
|
||||
* @param version The CRL version.
|
||||
* @param encoded The stream of DER bytes.
|
||||
* @throws CRLException If the ASN.1 structure is invalid.
|
||||
* @throws IOException If the bytes cannot be read.
|
||||
*/
|
||||
X509CRLEntry(int version, DERReader encoded)
|
||||
throws CRLException, IOException
|
||||
{
|
||||
super();
|
||||
extensions = new HashMap();
|
||||
try
|
||||
{
|
||||
parse(version, encoded);
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
throw ioe;
|
||||
}
|
||||
catch (Exception x)
|
||||
{
|
||||
throw new CRLException(x.toString());
|
||||
}
|
||||
}
|
||||
|
||||
// X509CRLEntry methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if (!(o instanceof X509CRLEntry))
|
||||
return false;
|
||||
return ((X509CRLEntry) o).getSerialNumber().equals(serialNo) &&
|
||||
((X509CRLEntry) o).getRevocationDate().equals(revocationDate);
|
||||
}
|
||||
|
||||
public int hashCode()
|
||||
{
|
||||
return serialNo.hashCode();
|
||||
}
|
||||
|
||||
public byte[] getEncoded() throws CRLException
|
||||
{
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public BigInteger getSerialNumber()
|
||||
{
|
||||
return serialNo;
|
||||
}
|
||||
|
||||
public Date getRevocationDate()
|
||||
{
|
||||
return (Date) revocationDate.clone();
|
||||
}
|
||||
|
||||
public boolean hasExtensions()
|
||||
{
|
||||
return ! extensions.isEmpty();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return "X509CRLEntry serial=" + serialNo + " revocation date="
|
||||
+ revocationDate + " ext=" + extensions;
|
||||
}
|
||||
|
||||
// X509Extension methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public boolean hasUnsupportedCriticalExtension()
|
||||
{
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (e.isCritical() && !e.isSupported())
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public Set getCriticalExtensionOIDs()
|
||||
{
|
||||
HashSet s = new HashSet();
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (e.isCritical())
|
||||
s.add(e.getOid().toString());
|
||||
}
|
||||
return Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
public Set getNonCriticalExtensionOIDs()
|
||||
{
|
||||
HashSet s = new HashSet();
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (!e.isCritical())
|
||||
s.add(e.getOid().toString());
|
||||
}
|
||||
return Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
public byte[] getExtensionValue(String oid)
|
||||
{
|
||||
Extension e = getExtension(new OID(oid));
|
||||
if (e != null)
|
||||
{
|
||||
return e.getValue().getEncoded();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// GnuPKIExtension method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public Extension getExtension(OID oid)
|
||||
{
|
||||
return (Extension) extensions.get(oid);
|
||||
}
|
||||
|
||||
public Collection getExtensions()
|
||||
{
|
||||
return extensions.values();
|
||||
}
|
||||
|
||||
// Own methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private void parse(int version, DERReader der) throws Exception
|
||||
{
|
||||
// RevokedCertificate ::= SEQUENCE {
|
||||
DERValue entry = der.read();
|
||||
debug("start CRL entry len == " + entry.getLength());
|
||||
if (!entry.isConstructed())
|
||||
throw new IOException("malformed revokedCertificate");
|
||||
encoded = entry.getEncoded();
|
||||
int len = 0;
|
||||
|
||||
debug("encoded entry:\n" + Util.hexDump(encoded, ">>>> "));
|
||||
|
||||
// userCertificate CertificateSerialNumber,
|
||||
DERValue val = der.read();
|
||||
serialNo = (BigInteger) val.getValue();
|
||||
len += val.getEncodedLength();
|
||||
debug("userCertificate == " + serialNo + " current count == " + len);
|
||||
|
||||
// revocationDate Time,
|
||||
val = der.read();
|
||||
revocationDate = (Date) val.getValue();
|
||||
len += val.getEncodedLength();
|
||||
debug("revocationDate == " + revocationDate + " current count == " + len);
|
||||
|
||||
// crlEntryExtensions Extensions OPTIONAL
|
||||
// -- if present MUST be v2
|
||||
if (len < entry.getLength())
|
||||
{
|
||||
if (version < 2)
|
||||
throw new IOException("extra data in CRL entry");
|
||||
DERValue exts = der.read();
|
||||
if (!exts.isConstructed())
|
||||
throw new IOException("malformed Extensions");
|
||||
debug("start Extensions len == " + exts.getLength());
|
||||
len = 0;
|
||||
while (len < exts.getLength())
|
||||
{
|
||||
val = der.read();
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed Extension");
|
||||
debug("start Extension len == " + val.getLength());
|
||||
Extension e = new Extension(val.getEncoded());
|
||||
extensions.put(e.getOid(), e);
|
||||
der.skip(val.getLength());
|
||||
len += val.getEncodedLength();
|
||||
debug("current count == " + len);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,138 +0,0 @@
|
||||
/* X509CRLSelectorImpl.java -- implementation of an X509CRLSelector.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.security.cert.CRL;
|
||||
import java.security.cert.CRLSelector;
|
||||
import java.security.cert.X509CRL;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
/**
|
||||
* Sun's implementation of X509CRLSelector sucks. This one tries to work
|
||||
* better.
|
||||
*/
|
||||
public class X509CRLSelectorImpl implements CRLSelector
|
||||
{
|
||||
|
||||
// Fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private Set issuerNames;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public X509CRLSelectorImpl()
|
||||
{
|
||||
issuerNames = new HashSet();
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public void addIssuerName(byte[] issuerName) throws IOException
|
||||
{
|
||||
issuerNames.add(new X500DistinguishedName(issuerName));
|
||||
}
|
||||
|
||||
public void addIssuerName(String issuerName)
|
||||
{
|
||||
issuerNames.add(new X500DistinguishedName(issuerName));
|
||||
}
|
||||
|
||||
public void addIssuerName(Principal issuerName) throws IOException
|
||||
{
|
||||
if (issuerName instanceof X500DistinguishedName)
|
||||
issuerNames.add(issuerName);
|
||||
else if (issuerName instanceof X500Principal)
|
||||
issuerNames.add(new X500DistinguishedName(((X500Principal) issuerName).getEncoded()));
|
||||
else
|
||||
issuerNames.add(new X500DistinguishedName(issuerName.getName()));
|
||||
}
|
||||
|
||||
public Collection getIssuerNames()
|
||||
{
|
||||
return Collections.unmodifiableSet(issuerNames);
|
||||
}
|
||||
|
||||
public Object clone()
|
||||
{
|
||||
X509CRLSelectorImpl copy = new X509CRLSelectorImpl();
|
||||
copy.issuerNames.addAll(issuerNames);
|
||||
return copy;
|
||||
}
|
||||
|
||||
public boolean match(CRL crl)
|
||||
{
|
||||
if (!(crl instanceof X509CRL))
|
||||
return false;
|
||||
try
|
||||
{
|
||||
Principal p = ((X509CRL) crl).getIssuerDN();
|
||||
X500DistinguishedName thisName = null;
|
||||
if (p instanceof X500DistinguishedName)
|
||||
thisName = (X500DistinguishedName) p;
|
||||
else if (p instanceof X500Principal)
|
||||
thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
|
||||
else
|
||||
thisName = new X500DistinguishedName(p.getName());
|
||||
for (Iterator it = issuerNames.iterator(); it.hasNext(); )
|
||||
{
|
||||
X500DistinguishedName name = (X500DistinguishedName) it.next();
|
||||
if (thisName.equals(name))
|
||||
return true;
|
||||
}
|
||||
}
|
||||
catch (Exception x)
|
||||
{
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,303 +0,0 @@
|
||||
/* X509CertPath.java -- an X.509 certificate path.
|
||||
Copyright (C) 2004 Free Software Fonudation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DEREncodingException;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.math.BigInteger;
|
||||
import java.security.cert.CertPath;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateEncodingException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* A certificate path (or certificate chain) of X509Certificates.
|
||||
*
|
||||
* @author Casey Marshall (rsdio@metastatic.org)
|
||||
*/
|
||||
public class X509CertPath extends CertPath
|
||||
{
|
||||
|
||||
// Fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final List ENCODINGS = Collections.unmodifiableList(
|
||||
Arrays.asList(new String[] { "PkiPath", "PKCS7" }));
|
||||
|
||||
private static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2");
|
||||
private static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
|
||||
|
||||
/** The certificate path. */
|
||||
private List path;
|
||||
|
||||
/** The cached PKCS #7 encoded bytes. */
|
||||
private byte[] pkcs_encoded;
|
||||
|
||||
/** The cached PkiPath encoded bytes. */
|
||||
private byte[] pki_encoded;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public X509CertPath(List path)
|
||||
{
|
||||
super("X.509");
|
||||
this.path = Collections.unmodifiableList(path);
|
||||
}
|
||||
|
||||
public X509CertPath(InputStream in) throws CertificateEncodingException
|
||||
{
|
||||
this(in, (String) ENCODINGS.get(0));
|
||||
}
|
||||
|
||||
public X509CertPath(InputStream in, String encoding)
|
||||
throws CertificateEncodingException
|
||||
{
|
||||
super("X.509");
|
||||
try
|
||||
{
|
||||
parse(in, encoding);
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
throw new CertificateEncodingException();
|
||||
}
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public List getCertificates()
|
||||
{
|
||||
return path; // already unmodifiable
|
||||
}
|
||||
|
||||
public byte[] getEncoded() throws CertificateEncodingException
|
||||
{
|
||||
return getEncoded((String) ENCODINGS.get(0));
|
||||
}
|
||||
|
||||
public byte[] getEncoded(String encoding) throws CertificateEncodingException
|
||||
{
|
||||
if (encoding.equalsIgnoreCase("PkiPath"))
|
||||
{
|
||||
if (pki_encoded == null)
|
||||
{
|
||||
try
|
||||
{
|
||||
pki_encoded = encodePki();
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
throw new CertificateEncodingException();
|
||||
}
|
||||
}
|
||||
return (byte[]) pki_encoded.clone();
|
||||
}
|
||||
else if (encoding.equalsIgnoreCase("PKCS7"))
|
||||
{
|
||||
if (pkcs_encoded == null)
|
||||
{
|
||||
try
|
||||
{
|
||||
pkcs_encoded = encodePKCS();
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
throw new CertificateEncodingException();
|
||||
}
|
||||
}
|
||||
return (byte[]) pkcs_encoded.clone();
|
||||
}
|
||||
else
|
||||
throw new CertificateEncodingException("unknown encoding: " + encoding);
|
||||
}
|
||||
|
||||
public Iterator getEncodings()
|
||||
{
|
||||
return ENCODINGS.iterator(); // already unmodifiable
|
||||
}
|
||||
|
||||
// Own methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private void parse(InputStream in, String encoding)
|
||||
throws CertificateEncodingException, IOException
|
||||
{
|
||||
DERReader der = new DERReader(in);
|
||||
DERValue path = null;
|
||||
if (encoding.equalsIgnoreCase("PkiPath"))
|
||||
{
|
||||
// PKI encoding is just a SEQUENCE of X.509 certificates.
|
||||
path = der.read();
|
||||
if (!path.isConstructed())
|
||||
throw new DEREncodingException("malformed PkiPath");
|
||||
}
|
||||
else if (encoding.equalsIgnoreCase("PKCS7"))
|
||||
{
|
||||
// PKCS #7 encoding means that the certificates are contained in a
|
||||
// SignedData PKCS #7 type.
|
||||
//
|
||||
// ContentInfo ::= SEQUENCE {
|
||||
// contentType ::= ContentType,
|
||||
// content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
|
||||
//
|
||||
// ContentType ::= OBJECT IDENTIFIER
|
||||
//
|
||||
// SignedData ::= SEQUENCE {
|
||||
// version Version,
|
||||
// digestAlgorithms DigestAlgorithmIdentifiers,
|
||||
// contentInfo ContentInfo,
|
||||
// certificates [0] IMPLICIT ExtendedCertificatesAndCertificates
|
||||
// OPTIONAL,
|
||||
// crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
||||
// signerInfos SignerInfos }
|
||||
//
|
||||
// Version ::= INTEGER
|
||||
//
|
||||
DERValue value = der.read();
|
||||
if (!value.isConstructed())
|
||||
throw new DEREncodingException("malformed ContentInfo");
|
||||
value = der.read();
|
||||
if (!(value.getValue() instanceof OID) ||
|
||||
((OID) value.getValue()).equals(PKCS7_SIGNED_DATA))
|
||||
throw new DEREncodingException("not a SignedData");
|
||||
value = der.read();
|
||||
if (!value.isConstructed() || value.getTag() != 0)
|
||||
throw new DEREncodingException("malformed content");
|
||||
value = der.read();
|
||||
if (value.getTag() != DER.INTEGER)
|
||||
throw new DEREncodingException("malformed Version");
|
||||
value = der.read();
|
||||
if (!value.isConstructed() || value.getTag() != DER.SET)
|
||||
throw new DEREncodingException("malformed DigestAlgorithmIdentifiers");
|
||||
der.skip(value.getLength());
|
||||
value = der.read();
|
||||
if (!value.isConstructed())
|
||||
throw new DEREncodingException("malformed ContentInfo");
|
||||
der.skip(value.getLength());
|
||||
path = der.read();
|
||||
if (!path.isConstructed() || path.getTag() != 0)
|
||||
throw new DEREncodingException("no certificates");
|
||||
}
|
||||
else
|
||||
throw new CertificateEncodingException("unknown encoding: " + encoding);
|
||||
|
||||
LinkedList certs = new LinkedList();
|
||||
int len = 0;
|
||||
while (len < path.getLength())
|
||||
{
|
||||
DERValue cert = der.read();
|
||||
try
|
||||
{
|
||||
certs.add(new X509Certificate(new ByteArrayInputStream(cert.getEncoded())));
|
||||
}
|
||||
catch (CertificateException ce)
|
||||
{
|
||||
throw new CertificateEncodingException(ce.getMessage());
|
||||
}
|
||||
len += cert.getEncodedLength();
|
||||
der.skip(cert.getLength());
|
||||
}
|
||||
|
||||
this.path = Collections.unmodifiableList(certs);
|
||||
}
|
||||
|
||||
private byte[] encodePki()
|
||||
throws CertificateEncodingException, IOException
|
||||
{
|
||||
synchronized (path)
|
||||
{
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
for (Iterator i = path.iterator(); i.hasNext(); )
|
||||
{
|
||||
out.write(((Certificate) i.next()).getEncoded());
|
||||
}
|
||||
byte[] b = out.toByteArray();
|
||||
DERValue val = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
|
||||
b.length, b, null);
|
||||
return val.getEncoded();
|
||||
}
|
||||
}
|
||||
|
||||
private byte[] encodePKCS()
|
||||
throws CertificateEncodingException, IOException
|
||||
{
|
||||
synchronized (path)
|
||||
{
|
||||
ArrayList signedData = new ArrayList(5);
|
||||
signedData.add(new DERValue(DER.INTEGER, BigInteger.ONE));
|
||||
signedData.add(new DERValue(DER.CONSTRUCTED | DER.SET,
|
||||
Collections.EMPTY_SET));
|
||||
signedData.add(new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
|
||||
Collections.singletonList(
|
||||
new DERValue(DER.OBJECT_IDENTIFIER, PKCS7_DATA))));
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
for (Iterator i = path.iterator(); i.hasNext(); )
|
||||
{
|
||||
out.write(((Certificate) i.next()).getEncoded());
|
||||
}
|
||||
byte[] b = out.toByteArray();
|
||||
signedData.add(new DERValue(DER.CONSTRUCTED | DER.CONTEXT,
|
||||
b.length, b, null));
|
||||
DERValue sdValue = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
|
||||
signedData);
|
||||
|
||||
ArrayList contentInfo = new ArrayList(2);
|
||||
contentInfo.add(new DERValue(DER.OBJECT_IDENTIFIER, PKCS7_SIGNED_DATA));
|
||||
contentInfo.add(new DERValue(DER.CONSTRUCTED | DER.CONTEXT, sdValue));
|
||||
return new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
|
||||
contentInfo).getEncoded();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,197 +0,0 @@
|
||||
/* X509CertSelectorImpl.java -- implementation of an X509CertSelector.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.Principal;
|
||||
import java.security.cert.CertSelector;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
/**
|
||||
* Sun's implementation of X509CertSelector sucks. This one tries to work
|
||||
* better.
|
||||
*/
|
||||
public class X509CertSelectorImpl implements CertSelector
|
||||
{
|
||||
|
||||
// Fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private Set issuerNames;
|
||||
private Set subjectNames;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public X509CertSelectorImpl()
|
||||
{
|
||||
issuerNames = new HashSet();
|
||||
subjectNames = new HashSet();
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public void addIssuerName(byte[] issuerName) throws IOException
|
||||
{
|
||||
issuerNames.add(new X500DistinguishedName(issuerName));
|
||||
}
|
||||
|
||||
public void addIssuerName(String issuerName)
|
||||
{
|
||||
issuerNames.add(new X500DistinguishedName(issuerName));
|
||||
}
|
||||
|
||||
public void addIssuerName(Principal issuerName) throws IOException
|
||||
{
|
||||
if (issuerName instanceof X500DistinguishedName)
|
||||
issuerNames.add(issuerName);
|
||||
else if (issuerName instanceof X500Principal)
|
||||
issuerNames.add(new X500DistinguishedName(((X500Principal) issuerName).getEncoded()));
|
||||
else
|
||||
issuerNames.add(new X500DistinguishedName(issuerName.getName()));
|
||||
}
|
||||
|
||||
public Collection getIssuerNames()
|
||||
{
|
||||
return Collections.unmodifiableSet(issuerNames);
|
||||
}
|
||||
|
||||
public void addSubjectName(byte[] subjectName) throws IOException
|
||||
{
|
||||
subjectNames.add(new X500DistinguishedName(subjectName));
|
||||
}
|
||||
|
||||
public void addSubjectName(String subjectName) throws IOException
|
||||
{
|
||||
subjectNames.add(new X500DistinguishedName(subjectName));
|
||||
}
|
||||
|
||||
public void addSubjectName(Principal subjectName) throws IOException
|
||||
{
|
||||
if (subjectName instanceof X500DistinguishedName)
|
||||
subjectNames.add(subjectName);
|
||||
else if (subjectName instanceof X500Principal)
|
||||
subjectNames.add(new X500DistinguishedName(((X500Principal) subjectName).getEncoded()));
|
||||
else
|
||||
subjectNames.add(new X500DistinguishedName(subjectName.getName()));
|
||||
}
|
||||
|
||||
public Collection getSubjectNames()
|
||||
{
|
||||
return Collections.unmodifiableSet(subjectNames);
|
||||
}
|
||||
|
||||
public Object clone()
|
||||
{
|
||||
X509CertSelectorImpl copy = new X509CertSelectorImpl();
|
||||
copy.issuerNames.addAll(issuerNames);
|
||||
copy.subjectNames.addAll(subjectNames);
|
||||
return copy;
|
||||
}
|
||||
|
||||
public boolean match(Certificate cert)
|
||||
{
|
||||
if (!(cert instanceof X509Certificate))
|
||||
return false;
|
||||
boolean matchIssuer = false;
|
||||
boolean matchSubject = false;
|
||||
try
|
||||
{
|
||||
Principal p = ((X509Certificate) cert).getIssuerDN();
|
||||
X500DistinguishedName thisName = null;
|
||||
if (p instanceof X500DistinguishedName)
|
||||
thisName = (X500DistinguishedName) p;
|
||||
else if (p instanceof X500Principal)
|
||||
thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
|
||||
else
|
||||
thisName = new X500DistinguishedName(p.getName());
|
||||
if (issuerNames.isEmpty())
|
||||
matchIssuer = true;
|
||||
else
|
||||
{
|
||||
for (Iterator it = issuerNames.iterator(); it.hasNext(); )
|
||||
{
|
||||
X500DistinguishedName name = (X500DistinguishedName) it.next();
|
||||
if (thisName.equals(name))
|
||||
{
|
||||
matchIssuer = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
p = ((X509Certificate) cert).getSubjectDN();
|
||||
thisName = null;
|
||||
if (p instanceof X500DistinguishedName)
|
||||
thisName = (X500DistinguishedName) p;
|
||||
else if (p instanceof X500Principal)
|
||||
thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
|
||||
else
|
||||
thisName = new X500DistinguishedName(p.getName());
|
||||
if (subjectNames.isEmpty())
|
||||
matchSubject = true;
|
||||
else
|
||||
{
|
||||
for (Iterator it = subjectNames.iterator(); it.hasNext(); )
|
||||
{
|
||||
X500DistinguishedName name = (X500DistinguishedName) it.next();
|
||||
if (thisName.equals(name))
|
||||
{
|
||||
matchSubject = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception x)
|
||||
{
|
||||
}
|
||||
return matchIssuer && matchSubject;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,743 +0,0 @@
|
||||
/* X509Certificate.java -- X.509 certificate.
|
||||
Copyright (C) 2003, 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.BitString;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.ext.BasicConstraints;
|
||||
import gnu.java.security.x509.ext.ExtendedKeyUsage;
|
||||
import gnu.java.security.x509.ext.Extension;
|
||||
import gnu.java.security.x509.ext.IssuerAlternativeNames;
|
||||
import gnu.java.security.x509.ext.KeyUsage;
|
||||
import gnu.java.security.x509.ext.SubjectAlternativeNames;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.PrintWriter;
|
||||
import java.io.Serializable;
|
||||
import java.io.StringWriter;
|
||||
import java.math.BigInteger;
|
||||
import java.security.AlgorithmParameters;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.Principal;
|
||||
import java.security.PublicKey;
|
||||
import java.security.Signature;
|
||||
import java.security.SignatureException;
|
||||
import java.security.cert.CertificateEncodingException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
import java.security.cert.CertificateNotYetValidException;
|
||||
import java.security.cert.CertificateParsingException;
|
||||
import java.security.interfaces.DSAParams;
|
||||
import java.security.interfaces.DSAPublicKey;
|
||||
import java.security.spec.DSAParameterSpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
/**
|
||||
* An implementation of X.509 certificates.
|
||||
*
|
||||
* @author Casey Marshall (rsdio@metastatic.org)
|
||||
*/
|
||||
public class X509Certificate extends java.security.cert.X509Certificate
|
||||
implements Serializable, GnuPKIExtension
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
private static void debug(String msg)
|
||||
{
|
||||
if (DEBUG)
|
||||
{
|
||||
System.err.print(">> X509Certificate: ");
|
||||
System.err.println(msg);
|
||||
}
|
||||
}
|
||||
private static void debug(Throwable t)
|
||||
{
|
||||
if (DEBUG)
|
||||
{
|
||||
System.err.print(">> X509Certificate: ");
|
||||
t.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
protected static final OID ID_DSA = new OID ("1.2.840.10040.4.1");
|
||||
protected static final OID ID_DSA_WITH_SHA1 = new OID ("1.2.840.10040.4.3");
|
||||
protected static final OID ID_RSA = new OID ("1.2.840.113549.1.1.1");
|
||||
protected static final OID ID_RSA_WITH_MD2 = new OID ("1.2.840.113549.1.1.2");
|
||||
protected static final OID ID_RSA_WITH_MD5 = new OID ("1.2.840.113549.1.1.4");
|
||||
protected static final OID ID_RSA_WITH_SHA1 = new OID ("1.2.840.113549.1.1.5");
|
||||
protected static final OID ID_ECDSA_WITH_SHA1 = new OID ("1.2.840.10045.4.1");
|
||||
|
||||
// This object SHOULD be serialized with an instance of
|
||||
// java.security.cert.Certificate.CertificateRep, thus all fields are
|
||||
// transient.
|
||||
|
||||
// The encoded certificate.
|
||||
protected transient byte[] encoded;
|
||||
|
||||
// TBSCertificate part.
|
||||
protected transient byte[] tbsCertBytes;
|
||||
protected transient int version;
|
||||
protected transient BigInteger serialNo;
|
||||
protected transient OID algId;
|
||||
protected transient byte[] algVal;
|
||||
protected transient X500DistinguishedName issuer;
|
||||
protected transient Date notBefore;
|
||||
protected transient Date notAfter;
|
||||
protected transient X500DistinguishedName subject;
|
||||
protected transient PublicKey subjectKey;
|
||||
protected transient BitString issuerUniqueId;
|
||||
protected transient BitString subjectUniqueId;
|
||||
protected transient Map extensions;
|
||||
|
||||
// Signature.
|
||||
protected transient OID sigAlgId;
|
||||
protected transient byte[] sigAlgVal;
|
||||
protected transient byte[] signature;
|
||||
|
||||
// Constructors.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Create a new X.509 certificate from the encoded data. The input
|
||||
* data are expected to be the ASN.1 DER encoding of the certificate.
|
||||
*
|
||||
* @param encoded The encoded certificate data.
|
||||
* @throws IOException If the certificate cannot be read, possibly
|
||||
* from a formatting error.
|
||||
* @throws CertificateException If the data read is not an X.509
|
||||
* certificate.
|
||||
*/
|
||||
public X509Certificate(InputStream encoded)
|
||||
throws CertificateException, IOException
|
||||
{
|
||||
super();
|
||||
extensions = new HashMap();
|
||||
try
|
||||
{
|
||||
parse(encoded);
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
debug(ioe);
|
||||
throw ioe;
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
debug(e);
|
||||
CertificateException ce = new CertificateException(e.getMessage());
|
||||
ce.initCause (e);
|
||||
throw ce;
|
||||
}
|
||||
}
|
||||
|
||||
protected X509Certificate()
|
||||
{
|
||||
extensions = new HashMap();
|
||||
}
|
||||
|
||||
// X509Certificate methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
public void checkValidity()
|
||||
throws CertificateExpiredException, CertificateNotYetValidException
|
||||
{
|
||||
checkValidity(new Date());
|
||||
}
|
||||
|
||||
public void checkValidity(Date date)
|
||||
throws CertificateExpiredException, CertificateNotYetValidException
|
||||
{
|
||||
if (date.compareTo(notBefore) < 0)
|
||||
{
|
||||
throw new CertificateNotYetValidException();
|
||||
}
|
||||
if (date.compareTo(notAfter) > 0)
|
||||
{
|
||||
throw new CertificateExpiredException();
|
||||
}
|
||||
}
|
||||
|
||||
public int getVersion()
|
||||
{
|
||||
return version;
|
||||
}
|
||||
|
||||
public BigInteger getSerialNumber()
|
||||
{
|
||||
return serialNo;
|
||||
}
|
||||
|
||||
public Principal getIssuerDN()
|
||||
{
|
||||
return issuer;
|
||||
}
|
||||
|
||||
public X500Principal getIssuerX500Principal()
|
||||
{
|
||||
return new X500Principal(issuer.getDer());
|
||||
}
|
||||
|
||||
public Principal getSubjectDN()
|
||||
{
|
||||
return subject;
|
||||
}
|
||||
|
||||
public X500Principal getSubjectX500Principal()
|
||||
{
|
||||
return new X500Principal(subject.getDer());
|
||||
}
|
||||
|
||||
public Date getNotBefore()
|
||||
{
|
||||
return (Date) notBefore.clone();
|
||||
}
|
||||
|
||||
public Date getNotAfter()
|
||||
{
|
||||
return (Date) notAfter.clone();
|
||||
}
|
||||
|
||||
public byte[] getTBSCertificate() throws CertificateEncodingException
|
||||
{
|
||||
return (byte[]) tbsCertBytes.clone();
|
||||
}
|
||||
|
||||
public byte[] getSignature()
|
||||
{
|
||||
return (byte[]) signature.clone();
|
||||
}
|
||||
|
||||
public String getSigAlgName()
|
||||
{
|
||||
if (sigAlgId.equals(ID_DSA_WITH_SHA1))
|
||||
{
|
||||
return "SHA1withDSA";
|
||||
}
|
||||
if (sigAlgId.equals(ID_RSA_WITH_MD2))
|
||||
{
|
||||
return "MD2withRSA";
|
||||
}
|
||||
if (sigAlgId.equals(ID_RSA_WITH_MD5))
|
||||
{
|
||||
return "MD5withRSA";
|
||||
}
|
||||
if (sigAlgId.equals(ID_RSA_WITH_SHA1))
|
||||
{
|
||||
return "SHA1withRSA";
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
public String getSigAlgOID()
|
||||
{
|
||||
return sigAlgId.toString();
|
||||
}
|
||||
|
||||
public byte[] getSigAlgParams()
|
||||
{
|
||||
return (byte[]) sigAlgVal.clone();
|
||||
}
|
||||
|
||||
public boolean[] getIssuerUniqueID()
|
||||
{
|
||||
if (issuerUniqueId != null)
|
||||
{
|
||||
return issuerUniqueId.toBooleanArray();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean[] getSubjectUniqueID()
|
||||
{
|
||||
if (subjectUniqueId != null)
|
||||
{
|
||||
return subjectUniqueId.toBooleanArray();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean[] getKeyUsage()
|
||||
{
|
||||
Extension e = getExtension(KeyUsage.ID);
|
||||
if (e != null)
|
||||
{
|
||||
KeyUsage ku = (KeyUsage) e.getValue();
|
||||
boolean[] result = new boolean[9];
|
||||
boolean[] b = ku.getKeyUsage().toBooleanArray();
|
||||
System.arraycopy(b, 0, result, 0, b.length);
|
||||
return result;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public List getExtendedKeyUsage() throws CertificateParsingException
|
||||
{
|
||||
Extension e = getExtension(ExtendedKeyUsage.ID);
|
||||
if (e != null)
|
||||
{
|
||||
List a = ((ExtendedKeyUsage) e.getValue()).getPurposeIds();
|
||||
List b = new ArrayList(a.size());
|
||||
for (Iterator it = a.iterator(); it.hasNext(); )
|
||||
{
|
||||
b.add(it.next().toString());
|
||||
}
|
||||
return Collections.unmodifiableList(b);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public int getBasicConstraints()
|
||||
{
|
||||
Extension e = getExtension(BasicConstraints.ID);
|
||||
if (e != null)
|
||||
{
|
||||
return ((BasicConstraints) e.getValue()).getPathLengthConstraint();
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
public Collection getSubjectAlternativeNames()
|
||||
throws CertificateParsingException
|
||||
{
|
||||
Extension e = getExtension(SubjectAlternativeNames.ID);
|
||||
if (e != null)
|
||||
{
|
||||
return ((SubjectAlternativeNames) e.getValue()).getNames();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public Collection getIssuerAlternativeNames()
|
||||
throws CertificateParsingException
|
||||
{
|
||||
Extension e = getExtension(IssuerAlternativeNames.ID);
|
||||
if (e != null)
|
||||
{
|
||||
return ((IssuerAlternativeNames) e.getValue()).getNames();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// X509Extension methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
public boolean hasUnsupportedCriticalExtension()
|
||||
{
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (e.isCritical() && !e.isSupported())
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public Set getCriticalExtensionOIDs()
|
||||
{
|
||||
HashSet s = new HashSet();
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (e.isCritical())
|
||||
s.add(e.getOid().toString());
|
||||
}
|
||||
return Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
public Set getNonCriticalExtensionOIDs()
|
||||
{
|
||||
HashSet s = new HashSet();
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
Extension e = (Extension) it.next();
|
||||
if (!e.isCritical())
|
||||
s.add(e.getOid().toString());
|
||||
}
|
||||
return Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
public byte[] getExtensionValue(String oid)
|
||||
{
|
||||
Extension e = getExtension(new OID(oid));
|
||||
if (e != null)
|
||||
{
|
||||
return e.getValue().getEncoded();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// GnuPKIExtension method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public Extension getExtension(OID oid)
|
||||
{
|
||||
return (Extension) extensions.get(oid);
|
||||
}
|
||||
|
||||
public Collection getExtensions()
|
||||
{
|
||||
return extensions.values();
|
||||
}
|
||||
|
||||
// Certificate methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public byte[] getEncoded() throws CertificateEncodingException
|
||||
{
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public void verify(PublicKey key)
|
||||
throws CertificateException, NoSuchAlgorithmException,
|
||||
InvalidKeyException, NoSuchProviderException, SignatureException
|
||||
{
|
||||
Signature sig = Signature.getInstance(sigAlgId.toString());
|
||||
doVerify(sig, key);
|
||||
}
|
||||
|
||||
public void verify(PublicKey key, String provider)
|
||||
throws CertificateException, NoSuchAlgorithmException,
|
||||
InvalidKeyException, NoSuchProviderException, SignatureException
|
||||
{
|
||||
Signature sig = Signature.getInstance(sigAlgId.toString(), provider);
|
||||
doVerify(sig, key);
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
StringWriter str = new StringWriter();
|
||||
PrintWriter out = new PrintWriter(str);
|
||||
out.println(X509Certificate.class.getName() + " {");
|
||||
out.println(" TBSCertificate {");
|
||||
out.println(" version = " + version + ";");
|
||||
out.println(" serialNo = " + serialNo + ";");
|
||||
out.println(" signature = {");
|
||||
out.println(" algorithm = " + getSigAlgName() + ";");
|
||||
out.print(" parameters =");
|
||||
if (sigAlgVal != null)
|
||||
{
|
||||
out.println();
|
||||
out.print(Util.hexDump(sigAlgVal, " "));
|
||||
}
|
||||
else
|
||||
{
|
||||
out.println(" null;");
|
||||
}
|
||||
out.println(" }");
|
||||
out.println(" issuer = " + issuer.getName() + ";");
|
||||
out.println(" validity = {");
|
||||
out.println(" notBefore = " + notBefore + ";");
|
||||
out.println(" notAfter = " + notAfter + ";");
|
||||
out.println(" }");
|
||||
out.println(" subject = " + subject.getName() + ";");
|
||||
out.println(" subjectPublicKeyInfo = {");
|
||||
out.println(" algorithm = " + subjectKey.getAlgorithm());
|
||||
out.println(" key =");
|
||||
out.print(Util.hexDump(subjectKey.getEncoded(), " "));
|
||||
out.println(" };");
|
||||
out.println(" issuerUniqueId = " + issuerUniqueId + ";");
|
||||
out.println(" subjectUniqueId = " + subjectUniqueId + ";");
|
||||
out.println(" extensions = {");
|
||||
for (Iterator it = extensions.values().iterator(); it.hasNext(); )
|
||||
{
|
||||
out.println(" " + it.next());
|
||||
}
|
||||
out.println(" }");
|
||||
out.println(" }");
|
||||
out.println(" signatureAlgorithm = " + getSigAlgName() + ";");
|
||||
out.println(" signatureValue =");
|
||||
out.print(Util.hexDump(signature, " "));
|
||||
out.println("}");
|
||||
return str.toString();
|
||||
}
|
||||
|
||||
public PublicKey getPublicKey()
|
||||
{
|
||||
return subjectKey;
|
||||
}
|
||||
|
||||
public boolean equals(Object other)
|
||||
{
|
||||
if (!(other instanceof X509Certificate))
|
||||
return false;
|
||||
try
|
||||
{
|
||||
if (other instanceof X509Certificate)
|
||||
return Arrays.equals(encoded, ((X509Certificate) other).encoded);
|
||||
byte[] enc = ((X509Certificate) other).getEncoded();
|
||||
if (enc == null)
|
||||
return false;
|
||||
return Arrays.equals(encoded, enc);
|
||||
}
|
||||
catch (CertificateEncodingException cee)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Own methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Verify this certificate's signature.
|
||||
*/
|
||||
private void doVerify(Signature sig, PublicKey key)
|
||||
throws CertificateException, InvalidKeyException, SignatureException
|
||||
{
|
||||
debug("verifying sig=" + sig + " key=" + key);
|
||||
sig.initVerify(key);
|
||||
sig.update(tbsCertBytes);
|
||||
if (!sig.verify(signature))
|
||||
{
|
||||
throw new CertificateException("signature not validated");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse a DER stream into an X.509 certificate.
|
||||
*
|
||||
* @param encoded The encoded bytes.
|
||||
*/
|
||||
private void parse(InputStream encoded) throws Exception
|
||||
{
|
||||
DERReader der = new DERReader(encoded);
|
||||
|
||||
// Certificate ::= SEQUENCE {
|
||||
DERValue cert = der.read();
|
||||
debug("start Certificate len == " + cert.getLength());
|
||||
|
||||
this.encoded = cert.getEncoded();
|
||||
if (!cert.isConstructed())
|
||||
{
|
||||
throw new IOException("malformed Certificate");
|
||||
}
|
||||
|
||||
// TBSCertificate ::= SEQUENCE {
|
||||
DERValue tbsCert = der.read();
|
||||
if (tbsCert.getValue() != DER.CONSTRUCTED_VALUE)
|
||||
{
|
||||
throw new IOException("malformed TBSCertificate");
|
||||
}
|
||||
tbsCertBytes = tbsCert.getEncoded();
|
||||
debug("start TBSCertificate len == " + tbsCert.getLength());
|
||||
|
||||
// Version ::= INTEGER [0] { v1(0), v2(1), v3(2) }
|
||||
DERValue val = der.read();
|
||||
if (val.getTagClass() == DER.CONTEXT && val.getTag() == 0)
|
||||
{
|
||||
version = ((BigInteger) der.read().getValue()).intValue() + 1;
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
{
|
||||
version = 1;
|
||||
}
|
||||
debug("read version == " + version);
|
||||
|
||||
// SerialNumber ::= INTEGER
|
||||
serialNo = (BigInteger) val.getValue();
|
||||
debug("read serial number == " + serialNo);
|
||||
|
||||
// AlgorithmIdentifier ::= SEQUENCE {
|
||||
val = der.read();
|
||||
if (!val.isConstructed())
|
||||
{
|
||||
throw new IOException("malformed AlgorithmIdentifier");
|
||||
}
|
||||
int certAlgLen = val.getLength();
|
||||
debug("start AlgorithmIdentifier len == " + certAlgLen);
|
||||
val = der.read();
|
||||
|
||||
// algorithm OBJECT IDENTIFIER,
|
||||
algId = (OID) val.getValue();
|
||||
debug("read algorithm ID == " + algId);
|
||||
|
||||
// parameters ANY DEFINED BY algorithm OPTIONAL }
|
||||
if (certAlgLen > val.getEncodedLength())
|
||||
{
|
||||
val = der.read();
|
||||
if (val == null)
|
||||
{
|
||||
algVal = null;
|
||||
}
|
||||
else
|
||||
{
|
||||
algVal = val.getEncoded();
|
||||
|
||||
if (val.isConstructed())
|
||||
encoded.skip(val.getLength());
|
||||
}
|
||||
debug("read algorithm parameters == " + algVal);
|
||||
}
|
||||
|
||||
// issuer Name,
|
||||
val = der.read();
|
||||
issuer = new X500DistinguishedName(val.getEncoded());
|
||||
der.skip(val.getLength());
|
||||
debug("read issuer == " + issuer);
|
||||
|
||||
// Validity ::= SEQUENCE {
|
||||
// notBefore Time,
|
||||
// notAfter Time }
|
||||
if (!der.read().isConstructed())
|
||||
{
|
||||
throw new IOException("malformed Validity");
|
||||
}
|
||||
notBefore = (Date) der.read().getValue();
|
||||
notAfter = (Date) der.read().getValue();
|
||||
debug("read notBefore == " + notBefore);
|
||||
debug("read notAfter == " + notAfter);
|
||||
|
||||
// subject Name,
|
||||
val = der.read();
|
||||
subject = new X500DistinguishedName(val.getEncoded());
|
||||
der.skip(val.getLength());
|
||||
debug("read subject == " + subject);
|
||||
|
||||
// SubjectPublicKeyInfo ::= SEQUENCE {
|
||||
// algorithm AlgorithmIdentifier,
|
||||
// subjectPublicKey BIT STRING }
|
||||
DERValue spki = der.read();
|
||||
if (!spki.isConstructed())
|
||||
{
|
||||
throw new IOException("malformed SubjectPublicKeyInfo");
|
||||
}
|
||||
KeyFactory spkFac = KeyFactory.getInstance("X.509");
|
||||
subjectKey = spkFac.generatePublic(new X509EncodedKeySpec(spki.getEncoded()));
|
||||
der.skip(spki.getLength());
|
||||
debug("read subjectPublicKey == " + subjectKey);
|
||||
|
||||
if (version > 1)
|
||||
{
|
||||
val = der.read();
|
||||
}
|
||||
if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 1)
|
||||
{
|
||||
byte[] b = (byte[]) val.getValue();
|
||||
issuerUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF);
|
||||
debug("read issuerUniqueId == " + issuerUniqueId);
|
||||
val = der.read();
|
||||
}
|
||||
if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 2)
|
||||
{
|
||||
byte[] b = (byte[]) val.getValue();
|
||||
subjectUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF);
|
||||
debug("read subjectUniqueId == " + subjectUniqueId);
|
||||
val = der.read();
|
||||
}
|
||||
if (version >= 3 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 3)
|
||||
{
|
||||
val = der.read();
|
||||
debug("start Extensions len == " + val.getLength());
|
||||
int len = 0;
|
||||
while (len < val.getLength())
|
||||
{
|
||||
DERValue ext = der.read();
|
||||
debug("start extension len == " + ext.getLength());
|
||||
Extension e = new Extension(ext.getEncoded());
|
||||
extensions.put(e.getOid(), e);
|
||||
der.skip(ext.getLength());
|
||||
len += ext.getEncodedLength();
|
||||
debug("count == " + len);
|
||||
}
|
||||
}
|
||||
|
||||
val = der.read();
|
||||
if (!val.isConstructed())
|
||||
{
|
||||
throw new IOException("malformed AlgorithmIdentifier");
|
||||
}
|
||||
int sigAlgLen = val.getLength();
|
||||
debug("start AlgorithmIdentifier len == " + sigAlgLen);
|
||||
val = der.read();
|
||||
sigAlgId = (OID) val.getValue();
|
||||
debug("read algorithm id == " + sigAlgId);
|
||||
if (sigAlgLen > val.getEncodedLength())
|
||||
{
|
||||
val = der.read();
|
||||
if (val.getValue() == null)
|
||||
{
|
||||
if (subjectKey instanceof DSAPublicKey)
|
||||
{
|
||||
AlgorithmParameters params =
|
||||
AlgorithmParameters.getInstance("DSA");
|
||||
DSAParams dsap = ((DSAPublicKey) subjectKey).getParams();
|
||||
DSAParameterSpec spec =
|
||||
new DSAParameterSpec(dsap.getP(), dsap.getQ(), dsap.getG());
|
||||
params.init(spec);
|
||||
sigAlgVal = params.getEncoded();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
sigAlgVal = (byte[]) val.getEncoded();
|
||||
}
|
||||
if (val.isConstructed())
|
||||
{
|
||||
encoded.skip(val.getLength());
|
||||
}
|
||||
debug("read parameters == " + sigAlgVal);
|
||||
}
|
||||
signature = ((BitString) der.read().getValue()).toByteArray();
|
||||
debug("read signature ==\n" + Util.hexDump(signature, ">>>> "));
|
||||
}
|
||||
}
|
||||
@@ -1,133 +0,0 @@
|
||||
/* AuthorityKeyIdentifier.java -- Authority key identifier extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.Util;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
|
||||
public class AuthorityKeyIdentifier extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.35");
|
||||
|
||||
private final byte[] keyIdentifier;
|
||||
private final GeneralNames authorityCertIssuer;
|
||||
private final BigInteger authorityCertSerialNumber;
|
||||
|
||||
// Contstructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public AuthorityKeyIdentifier(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERReader der = new DERReader(encoded);
|
||||
|
||||
// AuthorityKeyIdentifier ::= SEQUENCE {
|
||||
DERValue val = der.read();
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed AuthorityKeyIdentifier");
|
||||
if (val.getLength() > 0)
|
||||
val = der.read();
|
||||
|
||||
// keyIdentifier [0] KeyIdentifier OPTIONAL,
|
||||
// KeyIdentifier ::= OCTET STRING
|
||||
if (val.getTagClass() == DER.APPLICATION && val.getTag() == 0)
|
||||
{
|
||||
keyIdentifier = (byte[]) val.getValue();
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
keyIdentifier = null;
|
||||
|
||||
// authorityCertIssuer [1] GeneralNames OPTIONAL,
|
||||
if (val.getTagClass() == DER.APPLICATION && val.getTag() == 1)
|
||||
{
|
||||
byte[] b = val.getEncoded();
|
||||
b[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE);
|
||||
authorityCertIssuer = new GeneralNames(b);
|
||||
der.skip(val.getLength());
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
authorityCertIssuer = null;
|
||||
|
||||
// authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
||||
if (val.getTagClass() == DER.APPLICATION && val.getTag() == 2)
|
||||
{
|
||||
authorityCertSerialNumber = new BigInteger((byte[]) val.getValue());
|
||||
}
|
||||
else
|
||||
authorityCertSerialNumber = null;
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public byte[] getKeyIdentifier()
|
||||
{
|
||||
return keyIdentifier != null ? (byte[]) keyIdentifier.clone() : null;
|
||||
}
|
||||
|
||||
public GeneralNames getAuthorityCertIssuer()
|
||||
{
|
||||
return authorityCertIssuer;
|
||||
}
|
||||
|
||||
public BigInteger getAuthorityCertSerialNumber()
|
||||
{
|
||||
return authorityCertSerialNumber;
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return AuthorityKeyIdentifier.class.getName() + " [ keyId=" +
|
||||
(keyIdentifier != null ? Util.toHexString (keyIdentifier, ':') : "nil") +
|
||||
" authorityCertIssuer=" + authorityCertIssuer +
|
||||
" authorityCertSerialNumbe=" + authorityCertSerialNumber + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,129 +0,0 @@
|
||||
/* BasicConstraints.java -- the basic constraints extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class BasicConstraints extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.19");
|
||||
|
||||
private final boolean ca;
|
||||
private final int pathLenConstraint;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public BasicConstraints(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue bc = der.read();
|
||||
if (!bc.isConstructed())
|
||||
throw new IOException("malformed BasicConstraints");
|
||||
DERValue val = bc;
|
||||
if (bc.getLength() > 0)
|
||||
val = der.read();
|
||||
if (val.getTag() == DER.BOOLEAN)
|
||||
{
|
||||
ca = ((Boolean) val.getValue()).booleanValue();
|
||||
if (val.getEncodedLength() < bc.getLength())
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
ca = false;
|
||||
if (val.getTag() == DER.INTEGER)
|
||||
{
|
||||
pathLenConstraint = ((BigInteger) val.getValue()).intValue();
|
||||
}
|
||||
else
|
||||
pathLenConstraint = -1;
|
||||
}
|
||||
|
||||
public BasicConstraints (final boolean ca, final int pathLenConstraint)
|
||||
{
|
||||
this.ca = ca;
|
||||
this.pathLenConstraint = pathLenConstraint;
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public boolean isCA()
|
||||
{
|
||||
return ca;
|
||||
}
|
||||
|
||||
public int getPathLengthConstraint()
|
||||
{
|
||||
return pathLenConstraint;
|
||||
}
|
||||
|
||||
public byte[] getEncoded()
|
||||
{
|
||||
if (encoded == null)
|
||||
{
|
||||
List bc = new ArrayList (2);
|
||||
bc.add (new DERValue (DER.BOOLEAN, new Boolean (ca)));
|
||||
if (pathLenConstraint >= 0)
|
||||
bc.add (new DERValue (DER.INTEGER,
|
||||
BigInteger.valueOf ((long) pathLenConstraint)));
|
||||
encoded = new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, bc).getEncoded();
|
||||
}
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return BasicConstraints.class.getName() + " [ isCA=" + ca +
|
||||
" pathLen=" + pathLenConstraint + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,97 +0,0 @@
|
||||
/* CRLNumber.java -- CRL number extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
|
||||
public class CRLNumber extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.20");
|
||||
|
||||
private final BigInteger number;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public CRLNumber(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERValue val = DERReader.read(encoded);
|
||||
if (val.getTag() != DER.INTEGER)
|
||||
throw new IOException("malformed CRLNumber");
|
||||
number = (BigInteger) val.getValue();
|
||||
}
|
||||
|
||||
public CRLNumber (final BigInteger number)
|
||||
{
|
||||
this.number = number;
|
||||
}
|
||||
|
||||
// Instance method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public BigInteger getNumber()
|
||||
{
|
||||
return number;
|
||||
}
|
||||
|
||||
public byte[] getEncoded()
|
||||
{
|
||||
if (encoded == null)
|
||||
{
|
||||
encoded = new DERValue (DER.INTEGER, number).getEncoded();
|
||||
}
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return CRLNumber.class.getName() + " [ " + number + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,189 +0,0 @@
|
||||
/* CertificatePolicies.java -- certificate policy extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.cert.PolicyQualifierInfo;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class CertificatePolicies extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.32");
|
||||
|
||||
private final List policies;
|
||||
private final Map policyQualifierInfos;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public CertificatePolicies(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue pol = der.read();
|
||||
if (!pol.isConstructed())
|
||||
throw new IOException("malformed CertificatePolicies");
|
||||
|
||||
int len = 0;
|
||||
LinkedList policyList = new LinkedList();
|
||||
HashMap qualifierMap = new HashMap();
|
||||
while (len < pol.getLength())
|
||||
{
|
||||
DERValue policyInfo = der.read();
|
||||
if (!policyInfo.isConstructed())
|
||||
throw new IOException("malformed PolicyInformation");
|
||||
DERValue val = der.read();
|
||||
if (val.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("malformed CertPolicyId");
|
||||
OID policyId = (OID) val.getValue();
|
||||
policyList.add(policyId);
|
||||
if (val.getEncodedLength() < policyInfo.getLength())
|
||||
{
|
||||
DERValue qual = der.read();
|
||||
int len2 = 0;
|
||||
LinkedList quals = new LinkedList();
|
||||
while (len2 < qual.getLength())
|
||||
{
|
||||
val = der.read();
|
||||
quals.add(new PolicyQualifierInfo(val.getEncoded()));
|
||||
der.skip(val.getLength());
|
||||
len2 += val.getEncodedLength();
|
||||
}
|
||||
qualifierMap.put(policyId, quals);
|
||||
}
|
||||
len += policyInfo.getEncodedLength();
|
||||
}
|
||||
|
||||
policies = Collections.unmodifiableList(policyList);
|
||||
policyQualifierInfos = Collections.unmodifiableMap(qualifierMap);
|
||||
}
|
||||
|
||||
public CertificatePolicies (final List policies,
|
||||
final Map policyQualifierInfos)
|
||||
{
|
||||
for (Iterator it = policies.iterator(); it.hasNext(); )
|
||||
if (!(it.next() instanceof OID))
|
||||
throw new IllegalArgumentException ("policies must be OIDs");
|
||||
for (Iterator it = policyQualifierInfos.entrySet().iterator(); it.hasNext();)
|
||||
{
|
||||
Map.Entry e = (Map.Entry) it.next();
|
||||
if (!(e.getKey() instanceof OID) || !policies.contains (e.getKey()))
|
||||
throw new IllegalArgumentException
|
||||
("policyQualifierInfos keys must be OIDs");
|
||||
if (!(e.getValue() instanceof List))
|
||||
throw new IllegalArgumentException
|
||||
("policyQualifierInfos values must be Lists of PolicyQualifierInfos");
|
||||
for (Iterator it2 = ((List) e.getValue()).iterator(); it.hasNext(); )
|
||||
if (!(it2.next() instanceof PolicyQualifierInfo))
|
||||
throw new IllegalArgumentException
|
||||
("policyQualifierInfos values must be Lists of PolicyQualifierInfos");
|
||||
}
|
||||
this.policies = Collections.unmodifiableList (new ArrayList (policies));
|
||||
this.policyQualifierInfos = Collections.unmodifiableMap
|
||||
(new HashMap (policyQualifierInfos));
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public List getPolicies()
|
||||
{
|
||||
return policies;
|
||||
}
|
||||
|
||||
public List getPolicyQualifierInfos(OID oid)
|
||||
{
|
||||
return (List) policyQualifierInfos.get(oid);
|
||||
}
|
||||
|
||||
public byte[] getEncoded()
|
||||
{
|
||||
if (encoded == null)
|
||||
{
|
||||
List pol = new ArrayList (policies.size());
|
||||
for (Iterator it = policies.iterator(); it.hasNext(); )
|
||||
{
|
||||
OID policy = (OID) it.next();
|
||||
List qualifiers = getPolicyQualifierInfos (policy);
|
||||
List l = new ArrayList (qualifiers == null ? 1 : 2);
|
||||
l.add (new DERValue (DER.OBJECT_IDENTIFIER, policy));
|
||||
if (qualifiers != null)
|
||||
{
|
||||
List ll = new ArrayList (qualifiers.size());
|
||||
for (Iterator it2 = qualifiers.iterator(); it.hasNext(); )
|
||||
{
|
||||
PolicyQualifierInfo info = (PolicyQualifierInfo) it2.next();
|
||||
try
|
||||
{
|
||||
ll.add (DERReader.read (info.getEncoded()));
|
||||
}
|
||||
catch (IOException ioe)
|
||||
{
|
||||
}
|
||||
}
|
||||
l.add (new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, ll));
|
||||
}
|
||||
pol.add (new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, l));
|
||||
}
|
||||
encoded = new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, pol).getEncoded();
|
||||
}
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return CertificatePolicies.class.getName() + " [ policies=" + policies +
|
||||
" policyQualifierInfos=" + policyQualifierInfos + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,95 +0,0 @@
|
||||
/* ExtendedKeyUsage.java -- the extended key usage extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
public class ExtendedKeyUsage extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.37");
|
||||
|
||||
private final List purposeIds;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public ExtendedKeyUsage(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue usageList = der.read();
|
||||
if (!usageList.isConstructed())
|
||||
throw new IOException("malformed ExtKeyUsageSyntax");
|
||||
int len = 0;
|
||||
purposeIds = new LinkedList();
|
||||
while (len < usageList.getLength())
|
||||
{
|
||||
DERValue val = der.read();
|
||||
if (val.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("malformed KeyPurposeId");
|
||||
purposeIds.add(val.getValue());
|
||||
len += val.getEncodedLength();
|
||||
}
|
||||
}
|
||||
|
||||
// Instance method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public List getPurposeIds()
|
||||
{
|
||||
return Collections.unmodifiableList(purposeIds);
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return ExtendedKeyUsage.class.getName() + " [ " + purposeIds + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,289 +0,0 @@
|
||||
/* Extension.java -- an X.509 certificate or CRL extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.Util;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
public class Extension
|
||||
{
|
||||
|
||||
// Fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private static final boolean DEBUG = false;
|
||||
private static void debug(String msg)
|
||||
{
|
||||
System.err.print(">> Extension: ");
|
||||
System.err.println(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
* This extension's object identifier.
|
||||
*/
|
||||
protected final OID oid;
|
||||
|
||||
/**
|
||||
* The criticality flag.
|
||||
*/
|
||||
protected final boolean critical;
|
||||
|
||||
/**
|
||||
* Whether or not this extension is locally supported.
|
||||
*/
|
||||
protected boolean isSupported;
|
||||
|
||||
/**
|
||||
* The extension value.
|
||||
*/
|
||||
protected final Value value;
|
||||
|
||||
/**
|
||||
* The DER encoded form.
|
||||
*/
|
||||
protected byte[] encoded;
|
||||
|
||||
// Constructors.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public Extension(byte[] encoded) throws IOException
|
||||
{
|
||||
this.encoded = (byte[]) encoded.clone();
|
||||
DERReader der = new DERReader(encoded);
|
||||
|
||||
// Extension ::= SEQUENCE {
|
||||
DERValue val = der.read();
|
||||
if (DEBUG) debug("read val tag == " + val.getTag() + " len == " + val.getLength());
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed Extension");
|
||||
|
||||
// extnID OBJECT IDENTIFIER,
|
||||
val = der.read();
|
||||
if (val.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("expecting OBJECT IDENTIFIER");
|
||||
oid = (OID) val.getValue();
|
||||
if (DEBUG) debug("read oid == " + oid);
|
||||
|
||||
// critical BOOLEAN DEFAULT FALSE,
|
||||
val = der.read();
|
||||
if (val.getTag() == DER.BOOLEAN)
|
||||
{
|
||||
critical = ((Boolean) val.getValue()).booleanValue();
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
critical = false;
|
||||
if (DEBUG) debug("is critical == " + critical);
|
||||
|
||||
// extnValue OCTET STRING }
|
||||
if (val.getTag() != DER.OCTET_STRING)
|
||||
throw new IOException("expecting OCTET STRING");
|
||||
byte[] encval = (byte[]) val.getValue();
|
||||
isSupported = true;
|
||||
if (oid.equals(AuthorityKeyIdentifier.ID))
|
||||
{
|
||||
value = new AuthorityKeyIdentifier(encval);
|
||||
}
|
||||
else if (oid.equals(SubjectKeyIdentifier.ID))
|
||||
{
|
||||
value = new SubjectKeyIdentifier(encval);
|
||||
}
|
||||
else if (oid.equals(KeyUsage.ID))
|
||||
{
|
||||
value = new KeyUsage(encval);
|
||||
}
|
||||
else if (oid.equals(PrivateKeyUsagePeriod.ID))
|
||||
{
|
||||
value = new PrivateKeyUsagePeriod(encval);
|
||||
}
|
||||
else if (oid.equals(CertificatePolicies.ID))
|
||||
{
|
||||
value = new CertificatePolicies(encval);
|
||||
}
|
||||
else if (oid.equals (PolicyConstraint.ID))
|
||||
{
|
||||
value = new PolicyConstraint (encval);
|
||||
}
|
||||
else if (oid.equals(PolicyMappings.ID))
|
||||
{
|
||||
value = new PolicyMappings(encval);
|
||||
}
|
||||
else if (oid.equals(SubjectAlternativeNames.ID))
|
||||
{
|
||||
value = new SubjectAlternativeNames(encval);
|
||||
}
|
||||
else if (oid.equals(IssuerAlternativeNames.ID))
|
||||
{
|
||||
value = new IssuerAlternativeNames(encval);
|
||||
}
|
||||
else if (oid.equals(BasicConstraints.ID))
|
||||
{
|
||||
value = new BasicConstraints(encval);
|
||||
}
|
||||
else if (oid.equals(ExtendedKeyUsage.ID))
|
||||
{
|
||||
value = new ExtendedKeyUsage(encval);
|
||||
}
|
||||
else if (oid.equals(CRLNumber.ID))
|
||||
{
|
||||
value = new CRLNumber(encval);
|
||||
}
|
||||
else if (oid.equals(ReasonCode.ID))
|
||||
{
|
||||
value = new ReasonCode(encval);
|
||||
}
|
||||
else
|
||||
{
|
||||
value = new Value(encval);
|
||||
isSupported = false;
|
||||
}
|
||||
if (DEBUG) debug("read value == " + value);
|
||||
}
|
||||
|
||||
public Extension (final OID oid, final Value value, final boolean critical)
|
||||
{
|
||||
this.oid = oid;
|
||||
this.value = value;
|
||||
this.critical = critical;
|
||||
isSupported = true;
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public OID getOid()
|
||||
{
|
||||
return oid;
|
||||
}
|
||||
|
||||
public boolean isCritical()
|
||||
{
|
||||
return critical;
|
||||
}
|
||||
|
||||
public boolean isSupported()
|
||||
{
|
||||
return isSupported;
|
||||
}
|
||||
|
||||
public Value getValue()
|
||||
{
|
||||
return value;
|
||||
}
|
||||
|
||||
public byte[] getEncoded()
|
||||
{
|
||||
if (encoded == null)
|
||||
encode();
|
||||
return (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return Extension.class.getName() + " [ id=" + oid + " critical=" +
|
||||
critical + " value=" + value + " ]";
|
||||
}
|
||||
|
||||
public DERValue getDerValue()
|
||||
{
|
||||
List ext = new ArrayList (3);
|
||||
ext.add (new DERValue (DER.OBJECT_IDENTIFIER, oid));
|
||||
ext.add (new DERValue (DER.BOOLEAN, new Boolean (critical)));
|
||||
ext.add (new DERValue (DER.OCTET_STRING, value.getEncoded()));
|
||||
return new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, ext);
|
||||
}
|
||||
|
||||
// Own methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
private void encode()
|
||||
{
|
||||
encoded = getDerValue().getEncoded();
|
||||
}
|
||||
|
||||
// Inner class.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static class Value
|
||||
{
|
||||
|
||||
// Fields.
|
||||
// -----------------------------------------------------------------------
|
||||
|
||||
protected byte[] encoded;
|
||||
|
||||
// Constructor.
|
||||
// -----------------------------------------------------------------------
|
||||
|
||||
public Value(byte[] encoded)
|
||||
{
|
||||
this.encoded = (byte[]) encoded.clone();
|
||||
}
|
||||
|
||||
protected Value() { }
|
||||
|
||||
// Instance methods.
|
||||
// -----------------------------------------------------------------------
|
||||
|
||||
public byte[] getEncoded()
|
||||
{
|
||||
return (byte[]) encoded;
|
||||
}
|
||||
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if (!(o instanceof Value))
|
||||
return false;
|
||||
return Arrays.equals(encoded, ((Value) o).encoded);
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return Util.toHexString(encoded, ':');
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,155 +0,0 @@
|
||||
/* GeneralNames.java -- the GeneralNames object
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.X500DistinguishedName;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
public class GeneralNames
|
||||
{
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final int OTHER_NAME = 0;
|
||||
public static final int RFC822_NAME = 1;
|
||||
public static final int DNS_NAME = 2;
|
||||
public static final int X400_ADDRESS = 3;
|
||||
public static final int DIRECTORY_NAME = 4;
|
||||
public static final int EDI_PARTY_NAME = 5;
|
||||
public static final int URI = 6;
|
||||
public static final int IP_ADDRESS = 7;
|
||||
public static final int REGISTERED_ID = 8;
|
||||
|
||||
private List names;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public GeneralNames(final byte[] encoded) throws IOException
|
||||
{
|
||||
names = new LinkedList();
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue nameList = der.read();
|
||||
if (!nameList.isConstructed())
|
||||
throw new IOException("malformed GeneralNames");
|
||||
int len = 0;
|
||||
while (len < nameList.getLength())
|
||||
{
|
||||
DERValue name = der.read();
|
||||
List namePair = new ArrayList(2);
|
||||
if (name.getTagClass() != DER.APPLICATION)
|
||||
throw new IOException("malformed GeneralName");
|
||||
namePair.add(new Integer(name.getTag()));
|
||||
DERValue val = null;
|
||||
switch (name.getTag())
|
||||
{
|
||||
case RFC822_NAME:
|
||||
case DNS_NAME:
|
||||
case X400_ADDRESS:
|
||||
case URI:
|
||||
namePair.add(new String((byte[]) name.getValue()));
|
||||
break;
|
||||
|
||||
case OTHER_NAME:
|
||||
case EDI_PARTY_NAME:
|
||||
namePair.add(name.getValue());
|
||||
break;
|
||||
|
||||
case DIRECTORY_NAME:
|
||||
byte[] b = name.getEncoded();
|
||||
b[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE);
|
||||
namePair.add(new X500DistinguishedName(b).toString());
|
||||
break;
|
||||
|
||||
case IP_ADDRESS:
|
||||
namePair.add(InetAddress.getByAddress((byte[]) name.getValue())
|
||||
.getHostAddress());
|
||||
break;
|
||||
|
||||
case REGISTERED_ID:
|
||||
byte[] bb = name.getEncoded();
|
||||
bb[0] = (byte) DER.OBJECT_IDENTIFIER;
|
||||
namePair.add(new OID(bb).toString());
|
||||
break;
|
||||
|
||||
default:
|
||||
throw new IOException("unknown tag " + name.getTag());
|
||||
}
|
||||
names.add(namePair);
|
||||
len += name.getEncodedLength();
|
||||
}
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public List getNames()
|
||||
{
|
||||
List l = new ArrayList(names.size());
|
||||
for (Iterator it = names.iterator(); it.hasNext(); )
|
||||
{
|
||||
List ll = (List) it.next();
|
||||
List pair = new ArrayList(2);
|
||||
pair.add(ll.get(0));
|
||||
if (ll.get(1) instanceof byte[])
|
||||
pair.add(((byte[]) ll.get(1)).clone());
|
||||
else
|
||||
pair.add(ll.get(1));
|
||||
l.add(Collections.unmodifiableList(pair));
|
||||
}
|
||||
return Collections.unmodifiableList(l);
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return GeneralNames.class.getName() + " [ " + names + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
/* IssuerAlternatuveNames.java -- issuer alternative names extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
public class IssuerAlternativeNames extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.18");
|
||||
|
||||
private final GeneralNames names;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public IssuerAlternativeNames(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
names = new GeneralNames(encoded);
|
||||
}
|
||||
|
||||
// Instance method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public List getNames()
|
||||
{
|
||||
return names.getNames();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return IssuerAlternativeNames.class.getName() + " [ " + names + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,92 +0,0 @@
|
||||
/* KeyUsage.java -- the key usage extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.BitString;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
public class KeyUsage extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.15");
|
||||
public static final int DIGITAL_SIGNATURE = 0;
|
||||
public static final int NON_REPUDIATION = 1;
|
||||
public static final int KEY_ENCIPHERMENT = 2;
|
||||
public static final int DATA_ENCIPHERMENT = 3;
|
||||
public static final int KEY_AGREEMENT = 4;
|
||||
public static final int KEY_CERT_SIGN = 5;
|
||||
public static final int CRL_SIGN = 6;
|
||||
public static final int ENCIPHER_ONLY = 7;
|
||||
public static final int DECIPHER_ONLY = 8;
|
||||
|
||||
private final BitString keyUsage;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public KeyUsage(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERValue val = DERReader.read(encoded);
|
||||
if (val.getTag() != DER.BIT_STRING)
|
||||
throw new IOException("malformed KeyUsage");
|
||||
keyUsage = (BitString) val.getValue();
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public BitString getKeyUsage()
|
||||
{
|
||||
return keyUsage;
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return KeyUsage.class.getName() + " [ " + keyUsage + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,107 +0,0 @@
|
||||
/* PolicyConstraint.java -- policyConstraint extension
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
|
||||
public class PolicyConstraint extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID ("2.5.29.36");
|
||||
|
||||
private final int requireExplicitPolicy;
|
||||
private final int inhibitPolicyMapping;
|
||||
|
||||
// Constructors.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public PolicyConstraint (final byte[] encoded) throws IOException
|
||||
{
|
||||
super (encoded);
|
||||
int rpc = -1, ipm = -1;
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue pc = der.read();
|
||||
if (!pc.isConstructed())
|
||||
throw new IOException("malformed PolicyConstraints");
|
||||
DERValue val;
|
||||
int len = pc.getLength();
|
||||
while (len > 0)
|
||||
{
|
||||
val = der.read();
|
||||
if (val.getTag() == 0)
|
||||
rpc = new BigInteger ((byte[]) val.getValue()).intValue();
|
||||
else if (val.getTag() == 1)
|
||||
ipm = new BigInteger ((byte[]) val.getValue()).intValue();
|
||||
else
|
||||
throw new IOException ("invalid policy constraint");
|
||||
len -= val.getEncodedLength();
|
||||
}
|
||||
|
||||
requireExplicitPolicy = rpc;
|
||||
inhibitPolicyMapping = ipm;
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public int getRequireExplicitPolicy()
|
||||
{
|
||||
return requireExplicitPolicy;
|
||||
}
|
||||
|
||||
public int getInhibitPolicyMapping()
|
||||
{
|
||||
return inhibitPolicyMapping;
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return PolicyConstraint.class.getName() + " [ requireExplicitPolicy=" +
|
||||
requireExplicitPolicy + " inhibitPolicyMapping=" + inhibitPolicyMapping
|
||||
+ " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,104 +0,0 @@
|
||||
/* PolicyMappings.java -- policy mappings extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public class PolicyMappings extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.33");
|
||||
|
||||
private final Map mappings;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public PolicyMappings(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue maps = der.read();
|
||||
if (!maps.isConstructed())
|
||||
throw new IOException("malformed PolicyMappings");
|
||||
int len = 0;
|
||||
HashMap _mappings = new HashMap();
|
||||
while (len < maps.getLength())
|
||||
{
|
||||
DERValue map = der.read();
|
||||
if (!map.isConstructed())
|
||||
throw new IOException("malformed PolicyMapping");
|
||||
DERValue val = der.read();
|
||||
if (val.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("malformed PolicyMapping");
|
||||
OID issuerPolicy = (OID) val.getValue();
|
||||
val = der.read();
|
||||
if (val.getTag() != DER.OBJECT_IDENTIFIER)
|
||||
throw new IOException("malformed PolicyMapping");
|
||||
OID subjectPolicy = (OID) val.getValue();
|
||||
_mappings.put(issuerPolicy, subjectPolicy);
|
||||
len += map.getEncodedLength();
|
||||
}
|
||||
mappings = Collections.unmodifiableMap(_mappings);
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public OID getSubjectDomainPolicy(OID issuerDomainPolicy)
|
||||
{
|
||||
return (OID) mappings.get(issuerDomainPolicy);
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return PolicyMappings.class.getName() + " [ " + mappings + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,105 +0,0 @@
|
||||
/* PrivateKeyUsagePeriod.java -- private key usage period extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Date;
|
||||
|
||||
public class PrivateKeyUsagePeriod extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.16");
|
||||
|
||||
private final Date notBefore;
|
||||
private final Date notAfter;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public PrivateKeyUsagePeriod(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERReader der = new DERReader(encoded);
|
||||
DERValue val = der.read();
|
||||
if (!val.isConstructed())
|
||||
throw new IOException("malformed PrivateKeyUsagePeriod");
|
||||
if (val.getLength() > 0)
|
||||
val = der.read();
|
||||
if (val.getTagClass() == DER.APPLICATION || val.getTag() == 0)
|
||||
{
|
||||
notBefore = (Date) val.getValueAs (DER.GENERALIZED_TIME);
|
||||
val = der.read();
|
||||
}
|
||||
else
|
||||
notBefore = null;
|
||||
if (val.getTagClass() == DER.APPLICATION || val.getTag() == 1)
|
||||
{
|
||||
notAfter = (Date) val.getValueAs (DER.GENERALIZED_TIME);
|
||||
}
|
||||
else
|
||||
notAfter = null;
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public Date getNotBefore()
|
||||
{
|
||||
return notBefore != null ? (Date) notBefore.clone() : null;
|
||||
}
|
||||
|
||||
public Date getNotAfter()
|
||||
{
|
||||
return notAfter != null ? (Date) notAfter.clone() : null;
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return PrivateKeyUsagePeriod.class.getName() + " [ notBefore=" + notBefore
|
||||
+ " notAfter=" + notAfter + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,85 +0,0 @@
|
||||
/* ReasonCode.java -- a reason code for a certificate revocation.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
|
||||
public class ReasonCode extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.21");
|
||||
|
||||
public final int reason;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public ReasonCode(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERValue val = DERReader.read(encoded);
|
||||
if (val.getTag() != DER.ENUMERATED)
|
||||
throw new IOException("malformed CRLReason");
|
||||
reason = ((BigInteger) val.getValue()).intValue();
|
||||
if (reason < 0 || reason == 7 || reason > 10)
|
||||
throw new IOException("illegal reason: " + reason);
|
||||
}
|
||||
|
||||
// Instance method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public int getReasonCode()
|
||||
{
|
||||
return reason;
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return ReasonCode.class.getName() + " [ " + reason + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
/* SubjectAlternatuveNames.java -- subject alternative names extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
public class SubjectAlternativeNames extends Extension.Value
|
||||
{
|
||||
|
||||
// Constants and fields.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.17");
|
||||
|
||||
private final GeneralNames names;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public SubjectAlternativeNames(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
names = new GeneralNames(encoded);
|
||||
}
|
||||
|
||||
// Instance method.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public List getNames()
|
||||
{
|
||||
return names.getNames();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return SubjectAlternativeNames.class.getName() + " [ " + names + " ]";
|
||||
}
|
||||
}
|
||||
@@ -1,84 +0,0 @@
|
||||
/* SubjectKeyIdentifier.java -- subject key identifier extension.
|
||||
Copyright (C) 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package gnu.java.security.x509.ext;
|
||||
|
||||
import gnu.java.security.OID;
|
||||
import gnu.java.security.der.DER;
|
||||
import gnu.java.security.der.DERReader;
|
||||
import gnu.java.security.der.DERValue;
|
||||
import gnu.java.security.x509.Util;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
public class SubjectKeyIdentifier extends Extension.Value
|
||||
{
|
||||
|
||||
// Constant.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public static final OID ID = new OID("2.5.29.14");
|
||||
|
||||
private final byte[] keyIdentifier;
|
||||
|
||||
// Constructor.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public SubjectKeyIdentifier(final byte[] encoded) throws IOException
|
||||
{
|
||||
super(encoded);
|
||||
DERValue val = DERReader.read(encoded);
|
||||
if (val.getTag() != DER.OCTET_STRING)
|
||||
throw new IOException("malformed SubjectKeyIdentifier");
|
||||
keyIdentifier = (byte[]) val.getValue();
|
||||
}
|
||||
|
||||
// Instance methods.
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public byte[] getKeyIdentifier()
|
||||
{
|
||||
return (byte[]) keyIdentifier.clone();
|
||||
}
|
||||
|
||||
public String toString()
|
||||
{
|
||||
return SubjectKeyIdentifier.class.getName() + " [ " +
|
||||
Util.toHexString (keyIdentifier, ':') + " ]";
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user